Trang chủ Khám phá Trợ giúp
Đăng ký Đăng nhập
shixiong
/
okd
1
0
Fork 0
Các tập tin Các vấn đề 0 Yêu cầu khéo về 0 Wiki
Browse Source

[RHPAM-859] - Include RHPAM templates in OpenShift release

Filippe Spolti 6 năm trước cách đây
mục cha
5a7157fee2
commit
f84ef61fe3
12 tập tin đã thay đổi với 8138 bổ sung0 xóa
Split View Hiển thị tình trạng sai khác
  1. 5 0
      roles/openshift_examples/examples-sync.sh
  2. 123 0
      roles/openshift_examples/files/examples/v3.10/xpaas-streams/rhpam70-image-streams.yaml
  3. 1162 0
      roles/openshift_examples/files/examples/v3.10/xpaas-templates/rhpam70-authoring-ha.yaml
  4. 738 0
      roles/openshift_examples/files/examples/v3.10/xpaas-templates/rhpam70-authoring.yaml
  5. 502 0
      roles/openshift_examples/files/examples/v3.10/xpaas-templates/rhpam70-kieserver-externaldb.yaml
  6. 585 0
      roles/openshift_examples/files/examples/v3.10/xpaas-templates/rhpam70-kieserver-mysql.yaml
  7. 592 0
      roles/openshift_examples/files/examples/v3.10/xpaas-templates/rhpam70-kieserver-postgresql.yaml
  8. 651 0
      roles/openshift_examples/files/examples/v3.10/xpaas-templates/rhpam70-prod-immutable-kieserver.yaml
  9. 558 0
      roles/openshift_examples/files/examples/v3.10/xpaas-templates/rhpam70-prod-immutable-monitor.yaml
  10. 1374 0
      roles/openshift_examples/files/examples/v3.10/xpaas-templates/rhpam70-prod.yaml
  11. 1369 0
      roles/openshift_examples/files/examples/v3.10/xpaas-templates/rhpam70-sit.yaml
  12. 479 0
      roles/openshift_examples/files/examples/v3.10/xpaas-templates/rhpam70-trial-ephemeral.yaml

+ 5 - 0
roles/openshift_examples/examples-sync.sh
Xem Tập Tin 

@@ -7,6 +7,7 @@
 
 
 XPAAS_VERSION=ose-v1.4.12
 
 RHDM70_VERSION=ose-v1.4.8-1
 
+RHPAM70_VERSION=7.0.0.GA
 
 ORIGIN_VERSION=${1:-v3.9}
 
 ORIGIN_BRANCH=${2:-master}
 
 RHAMP_TAG=2.0.0.GA
 
@@ -22,10 +23,12 @@ wget https://github.com/openshift/origin/archive/${ORIGIN_BRANCH}.zip -O origin.
 
 wget https://github.com/jboss-fuse/application-templates/archive/GA.zip -O fis-GA.zip
 
 wget https://github.com/jboss-openshift/application-templates/archive/${XPAAS_VERSION}.zip -O application-templates-master.zip
 
 wget https://github.com/jboss-container-images/rhdm-7-openshift-image/archive/${RHDM70_VERSION}.zip -O rhdm-application-templates.zip
 
+wget https://github.com/jboss-container-images/rhpam-7-openshift-image/archive/${RHPAM70_VERSION}.zip -O rhpam-application-templates.zip
 
 wget https://github.com/3scale/rhamp-openshift-templates/archive/${RHAMP_TAG}.zip -O amp.zip
 
 unzip origin.zip
 
 unzip application-templates-master.zip
 
 unzip rhdm-application-templates.zip
 
+unzip rhpam-application-templates.zip
 
 unzip fis-GA.zip
 
 unzip amp.zip
 
 mv origin-${ORIGIN_BRANCH}/examples/db-templates/* ${EXAMPLES_BASE}/db-templates/
 
@@ -34,6 +37,7 @@ mv origin-${ORIGIN_BRANCH}/examples/jenkins/jenkins-*template.json ${EXAMPLES_BA
 
 mv origin-${ORIGIN_BRANCH}/examples/image-streams/* ${EXAMPLES_BASE}/image-streams/
 
 mv application-templates-${XPAAS_VERSION}/jboss-image-streams.json ${EXAMPLES_BASE}/xpaas-streams/
 
 mv rhdm-7-openshift-image-${RHDM70_VERSION}/rhdm70-image-streams.yaml ${EXAMPLES_BASE}/xpaas-streams/
 
+mv rhpam-7-openshift-image-${RHPAM70_VERSION}/rhpam70-image-streams.yaml ${EXAMPLES_BASE}/xpaas-streams/
 
 # fis content from jboss-fuse/application-templates-GA would collide with jboss-openshift/application-templates
 
 # as soon as they use the same branch/tag names
 
 mv application-templates-GA/fis-image-streams.json ${EXAMPLES_BASE}/xpaas-streams/fis-image-streams.json
 
@@ -41,6 +45,7 @@ mv application-templates-GA/quickstarts/* ${EXAMPLES_BASE}/xpaas-templates/
 
 find application-templates-${XPAAS_VERSION}/ -name '*.json' ! -wholename '*secret*' ! -wholename '*demo*' ! -wholename '*image-stream.json' -exec mv {} ${EXAMPLES_BASE}/xpaas-templates/ \;
 
 find application-templates-${XPAAS_VERSION}/ -name '*image-stream.json' -exec mv {} ${EXAMPLES_BASE}/xpaas-streams/ \;
 
 find rhdm-7-openshift-image-${RHDM70_VERSION}/templates -name '*.yaml' -exec mv {} ${EXAMPLES_BASE}/xpaas-templates/ \;
 
+find rhpam-7-openshift-image-${RHPAM70_VERSION}/templates -name '*.yaml' -exec mv {} ${EXAMPLES_BASE}/xpaas-templates/ \;
 
 find 3scale-amp-openshift-templates-${RHAMP_TAG}/ -name '*.yml' -exec mv {} ${EXAMPLES_BASE}/quickstart-templates/ \;
 
 popd

+ 123 - 0
roles/openshift_examples/files/examples/v3.10/xpaas-streams/rhpam70-image-streams.yaml
Xem Tập Tin 

@@ -0,0 +1,123 @@
 
+kind: List
 
+apiVersion: v1
 
+metadata:
 
+  name: rhpam70-image-streams
 
+  annotations:
 
+    description: ImageStream definitions for Red Hat Process Automation Manager 7.0
 
+    openshift.io/provider-display-name: Red Hat, Inc.
 
+items:
 
+- kind: ImageStream
 
+  apiVersion: v1
 
+  metadata:
 
+    name: rhpam70-businesscentral-openshift
 
+    annotations:
 
+      openshift.io/display-name: Red Hat Process Automation Manager Business Central 7.0
 
+      openshift.io/provider-display-name: Red Hat, Inc.
 
+  spec:
 
+    tags:
 
+    - name: '1.0'
 
+      annotations:
 
+        description: Red Hat Process Automation Manager 7.0 - Business Central image.
 
+        iconClass: icon-jboss
 
+        tags: rhpam,xpaas
 
+        supports: rhpam:7.0,xpaas:1.4
 
+        version: '1.0'
 
+      from:
 
+        kind: DockerImage
 
+        name: registry.access.redhat.com/rhpam-7/rhpam70-businesscentral-openshift:1.0
 
+- kind: ImageStream
 
+  apiVersion: v1
 
+  metadata:
 
+    name: rhpam70-businesscentral-monitoring-openshift
 
+    annotations:
 
+      openshift.io/display-name: Red Hat Process Automation Manager Business Central Monitoring 7.0
 
+      openshift.io/provider-display-name: Red Hat, Inc.
 
+  spec:
 
+    tags:
 
+    - name: '1.0'
 
+      annotations:
 
+        description: Red Hat Process Automation Manager 7.0 - Business Central Monitoring image.
 
+        iconClass: icon-jboss
 
+        tags: rhpam,xpaas
 
+        supports: rhpam:7.0,xpaas:1.4
 
+        version: '1.0'
 
+      from:
 
+        kind: DockerImage
 
+        name: registry.access.redhat.com/rhpam-7/rhpam70-businesscentral-monitoring-openshift:1.0
 
+- kind: ImageStream
 
+  apiVersion: v1
 
+  metadata:
 
+    name: rhpam70-controller-openshift
 
+    annotations:
 
+      openshift.io/display-name: Red Hat Process Automation Manager Standalone Controller 7.0
 
+      openshift.io/provider-display-name: Red Hat, Inc.
 
+  spec:
 
+    tags:
 
+    - name: '1.0'
 
+      annotations:
 
+        description: Red Hat Process Automation Manager 7.0 - Standalone Controller image.
 
+        iconClass: icon-jboss
 
+        tags: rhpam,xpaas
 
+        supports: rhpam:7.0,xpaas:1.4
 
+        version: '1.0'
 
+      from:
 
+        kind: DockerImage
 
+        name: registry.access.redhat.com/rhpam-7/rhpam70-controller-openshift:1.0
 
+- kind: ImageStream
 
+  apiVersion: v1
 
+  metadata:
 
+    name: rhpam70-kieserver-openshift
 
+    annotations:
 
+      openshift.io/display-name: Red Hat Process Automation Manager KIE Server 7.0
 
+      openshift.io/provider-display-name: Red Hat, Inc.
 
+  spec:
 
+    tags:
 
+    - name: '1.0'
 
+      annotations:
 
+        description: Red Hat Process Automation Manager 7.0 - KIE Server image.
 
+        iconClass: icon-jboss
 
+        tags: rhpam,xpaas
 
+        supports: rhpam:7.0,xpaas:1.4
 
+        version: '1.0'
 
+      from:
 
+        kind: DockerImage
 
+        name: registry.access.redhat.com/rhpam-7/rhpam70-kieserver-openshift:1.0
 
+- kind: ImageStream
 
+  apiVersion: v1
 
+  metadata:
 
+    name: rhpam70-smartrouter-openshift
 
+    annotations:
 
+      openshift.io/display-name: Red Hat Process Automation Manager Smart Router 7.0
 
+      openshift.io/provider-display-name: Red Hat, Inc.
 
+  spec:
 
+    tags:
 
+    - name: '1.0'
 
+      annotations:
 
+        description: Red Hat Process Automation Manager 7.0 - Smart Router image.
 
+        iconClass: icon-jboss
 
+        tags: rhpam,xpaas
 
+        supports: rhpam:7.0,xpaas:1.4
 
+        version: '1.0'
 
+      from:
 
+        kind: DockerImage
 
+        name: registry.access.redhat.com/rhpam-7/rhpam70-smartrouter-openshift:1.0
 
+- kind: ImageStream
 
+  apiVersion: v1
 
+  metadata:
 
+    name: rhpam70-businesscentral-indexing-openshift
 
+    annotations:
 
+      openshift.io/display-name: Red Hat Process Automation Manager Business Central Indexing 7.0
 
+      openshift.io/provider-display-name: Red Hat, Inc.
 
+  spec:
 
+    tags:
 
+    - name: '1.0'
 
+      annotations:
 
+        description: Red Hat Process Automation Manager 7.0 - Business Central Indexing image.
 
+        iconClass: icon-jboss
 
+        tags: rhpam,xpaas
 
+        supports: rhpam:7.0,xpaas:1.4
 
+        version: '1.0'
 
+      from:
 
+        kind: DockerImage
 
+        name: registry.access.redhat.com/rhpam-7/rhpam70-businesscentral-indexing-openshift:1.0
 
+

Những thai đổi đã bị hủy bỏ vì nó quá lớn
+ 1162 - 0
roles/openshift_examples/files/examples/v3.10/xpaas-templates/rhpam70-authoring-ha.yaml


+ 738 - 0
roles/openshift_examples/files/examples/v3.10/xpaas-templates/rhpam70-authoring.yaml
Xem Tập Tin 

@@ -0,0 +1,738 @@
 
+---
 
+kind: Template
 
+apiVersion: v1
 
+metadata:
 
+  annotations:
 
+    description: Application template for a non-HA persistent authoring environment, for Red Hat Process Automation Manager 7.0
 
+    iconClass: icon-jboss
 
+    tags: rhpam,jboss,xpaas
 
+    version: 1.4.0
 
+    openshift.io/display-name: Red Hat Process Automation Manager 7.0 authoring environment (non-HA, persistent, with https)
 
+  name: rhpam70-authoring
 
+labels:
 
+  template: rhpam70-authoring
 
+  xpaas: 1.4.0
 
+message: A new persistent Process Automation Manager application have been created in your project.
 
+  The username/password for accessing the KIE Server / Business Central interface is ${KIE_ADMIN_USER}/${KIE_ADMIN_PWD}.
 
+  Please be sure to create the secrets named "${BUSINESS_CENTRAL_HTTPS_SECRET}" and "${KIE_SERVER_HTTPS_SECRET}" containing the
 
+  ${BUSINESS_CENTRAL_HTTPS_KEYSTORE} and ${KIE_SERVER_HTTPS_KEYSTORE} files used for serving secure content.
 
+parameters:
 
+- displayName: Application Name
 
+  description: The name for the application.
 
+  name: APPLICATION_NAME
 
+  value: myapp
 
+  required: true
 
+- displayName: EAP Admin User
 
+  description: EAP administrator username
 
+  name: ADMIN_USERNAME
 
+  value: eapadmin
 
+  required: false
 
+- displayName: EAP Admin Password
 
+  description: EAP administrator password
 
+  name: ADMIN_PASSWORD
 
+  from: "[a-zA-Z]{6}[0-9]{1}!"
 
+  generate: expression
 
+  required: false
 
+- displayName: KIE Admin User
 
+  description: KIE administrator username
 
+  name: KIE_ADMIN_USER
 
+  value: adminUser
 
+  required: false
 
+- displayName: KIE Admin Password
 
+  description: KIE administrator password
 
+  name: KIE_ADMIN_PWD
 
+  from: "[a-zA-Z]{6}[0-9]{1}!"
 
+  generate: expression
 
+  required: false
 
+- displayName: KIE Server Controller User
 
+  description: KIE server controller username (Sets the org.kie.server.controller.user system property)
 
+  name: KIE_SERVER_CONTROLLER_USER
 
+  value: controllerUser
 
+  required: false
 
+- displayName: KIE Server Controller Password
 
+  description: KIE server controller password (Sets the org.kie.server.controller.pwd system property)
 
+  name: KIE_SERVER_CONTROLLER_PWD
 
+  from: "[a-zA-Z]{6}[0-9]{1}!"
 
+  generate: expression
 
+  required: false
 
+- displayName: KIE Server User
 
+  description: KIE execution server username (Sets the org.kie.server.user system property)
 
+  name: KIE_SERVER_USER
 
+  value: executionUser
 
+  required: false
 
+- displayName: KIE Server Password
 
+  description: KIE execution server password (Sets the org.kie.server.pwd system property)
 
+  name: KIE_SERVER_PWD
 
+  from: "[a-zA-Z]{6}[0-9]{1}!"
 
+  generate: expression
 
+  required: false
 
+- displayName: KIE Server ID
 
+  description: Business server identifier. Determines the template ID in Business Central or controller. If this parameter is left blank, it is set using the $HOSTNAME environment variable or a random value. (Sets the org.kie.server.id system property).
 
+  name: KIE_SERVER_ID
 
+  required: false
 
+- displayName: KIE Server Bypass Auth User
 
+  description: KIE execution server bypass auth user (Sets the org.kie.server.bypass.auth.user system property)
 
+  name: KIE_SERVER_BYPASS_AUTH_USER
 
+  value: 'false'
 
+  required: false
 
+- displayName: KIE Server Persistence DS
 
+  description: KIE execution server persistence datasource (Sets the org.kie.server.persistence.ds system property)
 
+  name: KIE_SERVER_PERSISTENCE_DS
 
+  value: java:/jboss/datasources/rhpam
 
+  required: false
 
+## H2 database parameters BEGIN
 
+- displayName: KIE Server H2 Database User
 
+  description: KIE execution server H2 database username
 
+  name: KIE_SERVER_H2_USER
 
+  value: sa
 
+  required: false
 
+- displayName: KIE Server H2 Database Password
 
+  description: KIE execution server H2 database password
 
+  name: KIE_SERVER_H2_PWD
 
+  from: "[a-zA-Z]{6}[0-9]{1}!"
 
+  generate: expression
 
+  required: false
 
+## H2 database parameters END
 
+- displayName: KIE MBeans
 
+  description: KIE execution server mbeans enabled/disabled (Sets the kie.mbeans and kie.scanner.mbeans system properties)
 
+  name: KIE_MBEANS
 
+  value: enabled
 
+  required: false
 
+- displayName: Drools Server Filter Classes
 
+  description: KIE execution server class filtering (Sets the org.drools.server.filter.classes system property)
 
+  name: DROOLS_SERVER_FILTER_CLASSES
 
+  value: 'true'
 
+  required: false
 
+- displayName: Business Central Custom http Route Hostname
 
+  description: 'Custom hostname for http service route.  Leave blank for default hostname,
 
+    e.g.: <application-name>-rhpamcentr-<project>.<default-domain-suffix>'
 
+  name: BUSINESS_CENTRAL_HOSTNAME_HTTP
 
+  value: ''
 
+  required: false
 
+- displayName: Business Central Custom https Route Hostname
 
+  description: 'Custom hostname for https service route.  Leave blank for default
 
+    hostname, e.g.: secure-<application-name>-rhpamcentr-<project>.<default-domain-suffix>'
 
+  name: BUSINESS_CENTRAL_HOSTNAME_HTTPS
 
+  value: ''
 
+  required: false
 
+- displayName: Execution Server Custom http Route Hostname
 
+  description: 'Custom hostname for http service route.  Leave blank for default hostname,
 
+    e.g.: <application-name>-kieserver-<project>.<default-domain-suffix>'
 
+  name: EXECUTION_SERVER_HOSTNAME_HTTP
 
+  value: ''
 
+  required: false
 
+- displayName: Execution Server Custom https Route Hostname
 
+  description: 'Custom hostname for https service route.  Leave blank for default
 
+    hostname, e.g.: secure-<application-name>-kieserver-<project>.<default-domain-suffix>'
 
+  name: EXECUTION_SERVER_HOSTNAME_HTTPS
 
+  value: ''
 
+  required: false
 
+- displayName: Business Central Server Keystore Secret Name
 
+  description: The name of the secret containing the keystore file
 
+  name: BUSINESS_CENTRAL_HTTPS_SECRET
 
+  example: businesscentral-app-secret
 
+  required: true
 
+- displayName: Business Central Server Keystore Filename
 
+  description: The name of the keystore file within the secret
 
+  name: BUSINESS_CENTRAL_HTTPS_KEYSTORE
 
+  value: keystore.jks
 
+  required: false
 
+- displayName: Business Central Server Certificate Name
 
+  description: The name associated with the server certificate
 
+  name: BUSINESS_CENTRAL_HTTPS_NAME
 
+  value: jboss
 
+  required: false
 
+- displayName: Business Central Server Keystore Password
 
+  description: The password for the keystore and certificate
 
+  name: BUSINESS_CENTRAL_HTTPS_PASSWORD
 
+  value: mykeystorepass
 
+  required: false
 
+- displayName: KIE Server Keystore Secret Name
 
+  description: The name of the secret containing the keystore file
 
+  name: KIE_SERVER_HTTPS_SECRET
 
+  example: kieserver-app-secret
 
+  required: true
 
+- displayName: KIE Server Keystore Filename
 
+  description: The name of the keystore file within the secret
 
+  name: KIE_SERVER_HTTPS_KEYSTORE
 
+  value: keystore.jks
 
+  required: false
 
+- displayName: KIE Server Certificate Name
 
+  description: The name associated with the server certificate
 
+  name: KIE_SERVER_HTTPS_NAME
 
+  value: jboss
 
+  required: false
 
+- displayName: KIE Server Keystore Password
 
+  description: The password for the keystore and certificate
 
+  name: KIE_SERVER_HTTPS_PASSWORD
 
+  value: mykeystorepass
 
+  required: false
 
+- displayName: Database Volume Capacity
 
+  description: Size of persistent storage for database volume.
 
+  name: DB_VOLUME_CAPACITY
 
+  value: 1Gi
 
+  required: true
 
+- displayName: ImageStream Namespace
 
+  description: Namespace in which the ImageStreams for Red Hat Middleware images are
 
+    installed. These ImageStreams are normally installed in the openshift namespace.
 
+    You should only need to modify this if you've installed the ImageStreams in a
 
+    different namespace/project.
 
+  name: IMAGE_STREAM_NAMESPACE
 
+  value: openshift
 
+  required: true
 
+- displayName: ImageStream Tag
 
+  description: A named pointer to an image in an image stream. Default is "1.0".
 
+  name: IMAGE_STREAM_TAG
 
+  value: "1.0"
 
+  required: false
 
+- displayName: Maven repository URL
 
+  description: Fully qualified URL to a Maven repository or service.
 
+  name: MAVEN_REPO_URL
 
+  example: http://nexus.nexus-project.svc.cluster.local:8081/nexus/content/groups/public/
 
+  required: false
 
+- displayName: Maven repository username
 
+  description: Username to access the Maven repository.
 
+  name: MAVEN_REPO_USERNAME
 
+  required: false
 
+- displayName: Maven repository password
 
+  description: Password to access the Maven repository.
 
+  name: MAVEN_REPO_PASSWORD
 
+  required: false
 
+- displayName: Username for the Maven service hosted by Business Central
 
+  description: Username to access the Maven service hosted by Business Central inside EAP.
 
+  name: BUSINESS_CENTRAL_MAVEN_USERNAME
 
+  required: true
 
+  value: mavenUser
 
+- displayName: Password for the Maven service hosted by Business Central
 
+  description: Password to access the Maven service hosted by Business Central inside EAP.
 
+  name: BUSINESS_CENTRAL_MAVEN_PASSWORD
 
+  from: "[a-zA-Z]{6}[0-9]{1}!"
 
+  generate: expression
 
+  required: true
 
+- displayName: Business Central Volume Capacity
 
+  description: Size of the persistent storage for Business Central's runtime data.
 
+  name: BUSINESS_CENTRAL_VOLUME_CAPACITY
 
+  value: 1Gi
 
+  required: true
 
+- displayName: Business Central Container Memory Limit
 
+  description: Business Central Container memory limit
 
+  name: BUSINESS_CENTRAL_MEMORY_LIMIT
 
+  value: 2Gi
 
+  required: false
 
+- displayName: Execution Server Container Memory Limit
 
+  description: Execution Server Container memory limit
 
+  name: EXCECUTION_SERVER_MEMORY_LIMIT
 
+  value: 1Gi
 
+  required: false
 
+- displayName: RH-SSO URL
 
+  description: RH-SSO URL
 
+  name: SSO_URL
 
+  example: https://rh-sso.example.com/auth
 
+  required: false
 
+- displayName: RH-SSO Realm name
 
+  description: RH-SSO Realm name
 
+  name: SSO_REALM
 
+  required: false
 
+- displayName: Business Central RH-SSO Client name
 
+  description: Business Central RH-SSO Client name
 
+  name: BUSINESS_CENTRAL_SSO_CLIENT
 
+  required: false
 
+- displayName: Business Central RH-SSO Client Secret
 
+  description: Business Central RH-SSO Client Secret
 
+  name: BUSINESS_CENTRAL_SSO_SECRET
 
+  example: "252793ed-7118-4ca8-8dab-5622fa97d892"
 
+  required: false
 
+- displayName: KIE Server RH-SSO Client name
 
+  description: KIE Server RH-SSO Client name
 
+  name: KIE_SERVER_SSO_CLIENT
 
+  required: false
 
+- displayName: KIE Server RH-SSO Client Secret
 
+  description: KIE Server RH-SSO Client Secret
 
+  name: KIE_SERVER_SSO_SECRET
 
+  example: "252793ed-7118-4ca8-8dab-5622fa97d892"
 
+  required: false
 
+- displayName: RH-SSO Realm Admin Username
 
+  description: RH-SSO Realm Admin Username used to create the Client if it doesn't exist
 
+  name: SSO_USERNAME
 
+  required: false
 
+- displayName: RH-SSO Realm Admin Password
 
+  description: RH-SSO Realm Admin Password used to create the Client
 
+  name: SSO_PASSWORD
 
+  required: false
 
+- displayName: RH-SSO Disable SSL Certificate Validation
 
+  description: RH-SSO Disable SSL Certificate Validation
 
+  name: SSO_DISABLE_SSL_CERTIFICATE_VALIDATION
 
+  value: "false"
 
+  required: false
 
+objects:
 
+- kind: Service
 
+  apiVersion: v1
 
+  spec:
 
+    ports:
 
+    - name: http
 
+      port: 8080
 
+      targetPort: 8080
 
+    - name: https
 
+      port: 8443
 
+      targetPort: 8443
 
+    - name: git-ssh
 
+      port: 8001
 
+      targetPort: 8001
 
+    selector:
 
+      deploymentConfig: "${APPLICATION_NAME}-rhpamcentr"
 
+  metadata:
 
+    name: "${APPLICATION_NAME}-rhpamcentr"
 
+    labels:
 
+      application: "${APPLICATION_NAME}"
 
+      service: "${APPLICATION_NAME}-rhpamcentr"
 
+    annotations:
 
+      description: All the Business Central web server's ports.
 
+- kind: Service
 
+  apiVersion: v1
 
+  spec:
 
+    ports:
 
+    - name: http
 
+      port: 8080
 
+      targetPort: 8080
 
+    - name: https
 
+      port: 8443
 
+      targetPort: 8443
 
+    selector:
 
+      deploymentConfig: "${APPLICATION_NAME}-kieserver"
 
+  metadata:
 
+    name: "${APPLICATION_NAME}-kieserver"
 
+    labels:
 
+      application: "${APPLICATION_NAME}"
 
+      service: "${APPLICATION_NAME}-kieserver"
 
+    annotations:
 
+      description: All the KIE server web server's ports.
 
+## Place to add database service
 
+- kind: Route
 
+  apiVersion: v1
 
+  id: "${APPLICATION_NAME}-rhpamcentr-http"
 
+  metadata:
 
+    name: "${APPLICATION_NAME}-rhpamcentr"
 
+    labels:
 
+      application: "${APPLICATION_NAME}"
 
+      service: "${APPLICATION_NAME}-rhpamcentr"
 
+    annotations:
 
+      description: Route for Business Central's http service.
 
+      haproxy.router.openshift.io/timeout: 60s
 
+  spec:
 
+    host: "${BUSINESS_CENTRAL_HOSTNAME_HTTP}"
 
+    to:
 
+      name: "${APPLICATION_NAME}-rhpamcentr"
 
+    port:
 
+      targetPort: http
 
+- kind: Route
 
+  apiVersion: v1
 
+  id: "${APPLICATION_NAME}-rhpamcentr-https"
 
+  metadata:
 
+    name: secure-${APPLICATION_NAME}-rhpamcentr
 
+    labels:
 
+      application: "${APPLICATION_NAME}"
 
+      service: "${APPLICATION_NAME}-rhpamcentr"
 
+    annotations:
 
+      description: Route for Business Central's https service.
 
+      haproxy.router.openshift.io/timeout: 60s
 
+  spec:
 
+    host: "${BUSINESS_CENTRAL_HOSTNAME_HTTPS}"
 
+    to:
 
+      name: ${APPLICATION_NAME}-rhpamcentr
 
+    port:
 
+      targetPort: https
 
+    tls:
 
+      termination: passthrough
 
+- kind: Route
 
+  apiVersion: v1
 
+  id: "${APPLICATION_NAME}-kieserver-http"
 
+  metadata:
 
+    name: "${APPLICATION_NAME}-kieserver"
 
+    labels:
 
+      application: "${APPLICATION_NAME}"
 
+      service: "${APPLICATION_NAME}-kieserver"
 
+    annotations:
 
+      description: Route for KIE server's http service.
 
+  spec:
 
+    host: "${EXECUTION_SERVER_HOSTNAME_HTTP}"
 
+    to:
 
+      name: "${APPLICATION_NAME}-kieserver"
 
+    port:
 
+      targetPort: http
 
+- kind: Route
 
+  apiVersion: v1
 
+  id: "${APPLICATION_NAME}-kieserver-https"
 
+  metadata:
 
+    name: secure-${APPLICATION_NAME}-kieserver
 
+    labels:
 
+      application: "${APPLICATION_NAME}"
 
+      service: "${APPLICATION_NAME}-kieserver"
 
+    annotations:
 
+      description: Route for KIE server's https service.
 
+  spec:
 
+    host: "${EXECUTION_SERVER_HOSTNAME_HTTPS}"
 
+    to:
 
+      name: ${APPLICATION_NAME}-kieserver
 
+    port:
 
+      targetPort: https
 
+    tls:
 
+      termination: passthrough
 
+- kind: DeploymentConfig
 
+  apiVersion: v1
 
+  metadata:
 
+    name: "${APPLICATION_NAME}-rhpamcentr"
 
+    labels:
 
+      application: "${APPLICATION_NAME}"
 
+      service: "${APPLICATION_NAME}-rhpamcentr"
 
+  spec:
 
+    strategy:
 
+      type: Recreate
 
+    triggers:
 
+    - type: ImageChange
 
+      imageChangeParams:
 
+        automatic: true
 
+        containerNames:
 
+        - "${APPLICATION_NAME}-rhpamcentr"
 
+        from:
 
+          kind: ImageStreamTag
 
+          namespace: "${IMAGE_STREAM_NAMESPACE}"
 
+          name: "rhpam70-businesscentral-openshift:${IMAGE_STREAM_TAG}"
 
+    - type: ConfigChange
 
+    replicas: 1
 
+    selector:
 
+      deploymentConfig: "${APPLICATION_NAME}-rhpamcentr"
 
+    template:
 
+      metadata:
 
+        name: "${APPLICATION_NAME}-rhpamcentr"
 
+        labels:
 
+          deploymentConfig: "${APPLICATION_NAME}-rhpamcentr"
 
+          application: "${APPLICATION_NAME}"
 
+          service: "${APPLICATION_NAME}-rhpamcentr"
 
+      spec:
 
+        terminationGracePeriodSeconds: 60
 
+        containers:
 
+        - name: "${APPLICATION_NAME}-rhpamcentr"
 
+          image: rhpam70-businesscentral-openshift
 
+          imagePullPolicy: Always
 
+          resources:
 
+            limits:
 
+              memory: "${BUSINESS_CENTRAL_MEMORY_LIMIT}"
 
+          volumeMounts:
 
+          - name: businesscentral-keystore-volume
 
+            mountPath: "/etc/businesscentral-secret-volume"
 
+            readOnly: true
 
+          - name: "${APPLICATION_NAME}-rhpamcentr-pvol"
 
+            mountPath: "/opt/eap/standalone/data/bpmsuite"
 
+          livenessProbe:
 
+            exec:
 
+              command:
 
+              - "/bin/bash"
 
+              - "-c"
 
+              - "curl --fail --silent -u '${KIE_ADMIN_USER}:${KIE_ADMIN_PWD}' http://localhost:8080/kie-wb.jsp"
 
+            initialDelaySeconds: 180
 
+            timeoutSeconds: 2
 
+            periodSeconds: 15
 
+          readinessProbe:
 
+            exec:
 
+              command:
 
+              - "/bin/bash"
 
+              - "-c"
 
+              - "curl --fail --silent -u '${KIE_ADMIN_USER}:${KIE_ADMIN_PWD}' http://localhost:8080/kie-wb.jsp"
 
+            initialDelaySeconds: 60
 
+            timeoutSeconds: 2
 
+            periodSeconds: 30
 
+            failureThreshold: 6
 
+          ports:
 
+          - name: jolokia
 
+            containerPort: 8778
 
+            protocol: TCP
 
+          - name: http
 
+            containerPort: 8080
 
+            protocol: TCP
 
+          - name: https
 
+            containerPort: 8443
 
+            protocol: TCP
 
+          - name: git-ssh
 
+            containerPort: 8001
 
+            protocol: TCP
 
+          env:
 
+          - name: KIE_ADMIN_USER
 
+            value: "${KIE_ADMIN_USER}"
 
+          - name: KIE_ADMIN_PWD
 
+            value: "${KIE_ADMIN_PWD}"
 
+          - name: KIE_MBEANS
 
+            value: "${KIE_MBEANS}"
 
+          - name: KIE_SERVER_CONTROLLER_USER
 
+            value: "${KIE_SERVER_CONTROLLER_USER}"
 
+          - name: KIE_SERVER_CONTROLLER_PWD
 
+            value: "${KIE_SERVER_CONTROLLER_PWD}"
 
+          - name: KIE_SERVER_USER
 
+            value: "${KIE_SERVER_USER}"
 
+          - name: KIE_SERVER_PWD
 
+            value: "${KIE_SERVER_PWD}"
 
+          - name: MAVEN_REPO_URL
 
+            value: "${MAVEN_REPO_URL}"
 
+          - name: MAVEN_REPO_USERNAME
 
+            value: "${MAVEN_REPO_USERNAME}"
 
+          - name: MAVEN_REPO_PASSWORD
 
+            value: "${MAVEN_REPO_PASSWORD}"
 
+          - name: KIE_MAVEN_USER
 
+            value: "${BUSINESS_CENTRAL_MAVEN_USERNAME}"
 
+          - name: KIE_MAVEN_PWD
 
+            value: "${BUSINESS_CENTRAL_MAVEN_PASSWORD}"
 
+          - name: HTTPS_KEYSTORE_DIR
 
+            value: "/etc/businesscentral-secret-volume"
 
+          - name: HTTPS_KEYSTORE
 
+            value: "${BUSINESS_CENTRAL_HTTPS_KEYSTORE}"
 
+          - name: HTTPS_NAME
 
+            value: "${BUSINESS_CENTRAL_HTTPS_NAME}"
 
+          - name: HTTPS_PASSWORD
 
+            value: "${BUSINESS_CENTRAL_HTTPS_PASSWORD}"
 
+          - name: ADMIN_USERNAME
 
+            value: "${ADMIN_USERNAME}"
 
+          - name: ADMIN_PASSWORD
 
+            value: "${ADMIN_PASSWORD}"
 
+          - name: PROBE_IMPL
 
+            value: probe.eap.jolokia.EapProbe
 
+          - name: PROBE_DISABLE_BOOT_ERRORS_CHECK
 
+            value: 'true'
 
+          - name: SSO_URL
 
+            value: "${SSO_URL}"
 
+          - name: SSO_OPENIDCONNECT_DEPLOYMENTS
 
+            value: "ROOT.war"
 
+          - name: SSO_REALM
 
+            value: "${SSO_REALM}"
 
+          - name: SSO_SECRET
 
+            value: "${BUSINESS_CENTRAL_SSO_SECRET}"
 
+          - name: SSO_CLIENT
 
+            value: "${BUSINESS_CENTRAL_SSO_CLIENT}"
 
+          - name: SSO_USERNAME
 
+            value: "${SSO_USERNAME}"
 
+          - name: SSO_PASSWORD
 
+            value: "${SSO_PASSWORD}"
 
+          - name: SSO_DISABLE_SSL_CERTIFICATE_VALIDATION
 
+            value: "${SSO_DISABLE_SSL_CERTIFICATE_VALIDATION}"
 
+          - name: HOSTNAME_HTTP
 
+            value: "${BUSINESS_CENTRAL_HOSTNAME_HTTP}"
 
+          - name: HOSTNAME_HTTPS
 
+            value: "${BUSINESS_CENTRAL_HOSTNAME_HTTPS}"
 
+        volumes:
 
+        - name: businesscentral-keystore-volume
 
+          secret:
 
+            secretName: "${BUSINESS_CENTRAL_HTTPS_SECRET}"
 
+        - name: "${APPLICATION_NAME}-rhpamcentr-pvol"
 
+          persistentVolumeClaim:
 
+            claimName: "${APPLICATION_NAME}-rhpamcentr-claim"
 
+- kind: DeploymentConfig
 
+  apiVersion: v1
 
+  metadata:
 
+    name: "${APPLICATION_NAME}-kieserver"
 
+    labels:
 
+      application: "${APPLICATION_NAME}"
 
+      service: "${APPLICATION_NAME}-kieserver"
 
+  spec:
 
+    strategy:
 
+      type: Recreate
 
+    triggers:
 
+    - type: ImageChange
 
+      imageChangeParams:
 
+        automatic: true
 
+        containerNames:
 
+        - "${APPLICATION_NAME}-kieserver"
 
+        from:
 
+          kind: ImageStreamTag
 
+          namespace: "${IMAGE_STREAM_NAMESPACE}"
 
+          name: "rhpam70-kieserver-openshift:${IMAGE_STREAM_TAG}"
 
+    - type: ConfigChange
 
+    replicas: 1
 
+    selector:
 
+      deploymentConfig: "${APPLICATION_NAME}-kieserver"
 
+    template:
 
+      metadata:
 
+        name: "${APPLICATION_NAME}-kieserver"
 
+        labels:
 
+          deploymentConfig: "${APPLICATION_NAME}-kieserver"
 
+          application: "${APPLICATION_NAME}"
 
+          service: "${APPLICATION_NAME}-kieserver"
 
+      spec:
 
+        terminationGracePeriodSeconds: 60
 
+        containers:
 
+        - name: "${APPLICATION_NAME}-kieserver"
 
+          image: rhpam70-kieserver-openshift
 
+          imagePullPolicy: Always
 
+          resources:
 
+            limits:
 
+              memory: "${EXCECUTION_SERVER_MEMORY_LIMIT}"
 
+          volumeMounts:
 
+          - name: kieserver-keystore-volume
 
+            mountPath: "/etc/kieserver-secret-volume"
 
+            readOnly: true
 
+## H2 volume mount BEGIN
 
+          - name: "${APPLICATION_NAME}-h2-pvol"
 
+            mountPath: "/opt/eap/standalone/data"
 
+## H2 volume mount END
 
+          livenessProbe:
 
+            exec:
 
+              command:
 
+              - "/bin/bash"
 
+              - "-c"
 
+              - "curl --fail --silent -u '${KIE_ADMIN_USER}:${KIE_ADMIN_PWD}' http://localhost:8080/services/rest/server/healthcheck"
 
+            initialDelaySeconds: 180
 
+            timeoutSeconds: 2
 
+            periodSeconds: 15
 
+            failureThreshold: 3
 
+          readinessProbe:
 
+            exec:
 
+              command:
 
+              - "/bin/bash"
 
+              - "-c"
 
+              - "curl --fail --silent -u '${KIE_ADMIN_USER}:${KIE_ADMIN_PWD}' http://localhost:8080/services/rest/server/readycheck"
 
+            initialDelaySeconds: 60
 
+            timeoutSeconds: 2
 
+            periodSeconds: 30
 
+            failureThreshold: 6
 
+          ports:
 
+          - name: jolokia
 
+            containerPort: 8778
 
+            protocol: TCP
 
+          - name: http
 
+            containerPort: 8080
 
+            protocol: TCP
 
+          - name: https
 
+            containerPort: 8443
 
+            protocol: TCP
 
+          env:
 
+          - name: DATASOURCES
 
+            value: "RHPAM"
 
+          - name: RHPAM_DATABASE
 
+            value: "rhpam7"
 
+          - name: RHPAM_JNDI
 
+            value: "${KIE_SERVER_PERSISTENCE_DS}"
 
+          - name: RHPAM_JTA
 
+            value: "true"
 
+## H2 driver settings BEGIN
 
+          - name: RHPAM_DRIVER
 
+            value: "h2"
 
+          - name: RHPAM_USERNAME
 
+            value: "${KIE_SERVER_H2_USER}"
 
+          - name: RHPAM_PASSWORD
 
+            value: "${KIE_SERVER_H2_PWD}"
 
+          - name: RHPAM_XA_CONNECTION_PROPERTY_URL
 
+            value: "jdbc:h2:/opt/eap/standalone/data/rhpam"
 
+          - name: RHPAM_SERVICE_HOST
 
+            value: "dummy_ignored"
 
+          - name: RHPAM_SERVICE_PORT
 
+            value: "12345"
 
+          - name: KIE_SERVER_PERSISTENCE_DIALECT
 
+            value: "org.hibernate.dialect.H2Dialect"
 
+## H2 driver settings END
 
+          - name: DROOLS_SERVER_FILTER_CLASSES
 
+            value: "${DROOLS_SERVER_FILTER_CLASSES}"
 
+          - name: KIE_ADMIN_USER
 
+            value: "${KIE_ADMIN_USER}"
 
+          - name: KIE_ADMIN_PWD
 
+            value: "${KIE_ADMIN_PWD}"
 
+          - name: KIE_MBEANS
 
+            value: "${KIE_MBEANS}"
 
+          - name: KIE_SERVER_BYPASS_AUTH_USER
 
+            value: "${KIE_SERVER_BYPASS_AUTH_USER}"
 
+          - name: KIE_SERVER_CONTROLLER_USER
 
+            value: "${KIE_SERVER_CONTROLLER_USER}"
 
+          - name: KIE_SERVER_CONTROLLER_PWD
 
+            value: "${KIE_SERVER_CONTROLLER_PWD}"
 
+          - name: KIE_SERVER_CONTROLLER_SERVICE
 
+            value: "${APPLICATION_NAME}-rhpamcentr"
 
+          - name: KIE_SERVER_ID
 
+            value: "${KIE_SERVER_ID}"
 
+          - name: KIE_SERVER_HOST
 
+            valueFrom:
 
+              fieldRef:
 
+                fieldPath: status.podIP
 
+          - name: KIE_SERVER_PERSISTENCE_DS
 
+            value: "${KIE_SERVER_PERSISTENCE_DS}"
 
+          - name: KIE_SERVER_USER
 
+            value: "${KIE_SERVER_USER}"
 
+          - name: KIE_SERVER_PWD
 
+            value: "${KIE_SERVER_PWD}"
 
+          - name: MAVEN_REPOS
 
+            value: "RHPAMCENTR,EXTERNAL"
 
+          - name: RHPAMCENTR_MAVEN_REPO_SERVICE
 
+            value: "${APPLICATION_NAME}-rhpamcentr"
 
+          - name: RHPAMCENTR_MAVEN_REPO_PATH
 
+            value: "/maven2/"
 
+          - name: RHPAMCENTR_MAVEN_REPO_USERNAME
 
+            value: "${BUSINESS_CENTRAL_MAVEN_USERNAME}"
 
+          - name: RHPAMCENTR_MAVEN_REPO_PASSWORD
 
+            value: "${BUSINESS_CENTRAL_MAVEN_PASSWORD}"
 
+          - name: EXTERNAL_MAVEN_REPO_URL
 
+            value: "${MAVEN_REPO_URL}"
 
+          - name: EXTERNAL_MAVEN_REPO_USERNAME
 
+            value: "${MAVEN_REPO_USERNAME}"
 
+          - name: EXTERNAL_MAVEN_REPO_PASSWORD
 
+            value: "${MAVEN_REPO_PASSWORD}"
 
+          - name: HTTPS_KEYSTORE_DIR
 
+            value: "/etc/kieserver-secret-volume"
 
+          - name: HTTPS_KEYSTORE
 
+            value: "${KIE_SERVER_HTTPS_KEYSTORE}"
 
+          - name: HTTPS_NAME
 
+            value: "${KIE_SERVER_HTTPS_NAME}"
 
+          - name: HTTPS_PASSWORD
 
+            value: "${KIE_SERVER_HTTPS_PASSWORD}"
 
+          - name: SSO_URL
 
+            value: "${SSO_URL}"
 
+          - name: SSO_OPENIDCONNECT_DEPLOYMENTS
 
+            value: "ROOT.war"
 
+          - name: SSO_REALM
 
+            value: "${SSO_REALM}"
 
+          - name: SSO_SECRET
 
+            value: "${KIE_SERVER_SSO_SECRET}"
 
+          - name: SSO_CLIENT
 
+            value: "${KIE_SERVER_SSO_CLIENT}"
 
+          - name: SSO_USERNAME
 
+            value: "${SSO_USERNAME}"
 
+          - name: SSO_PASSWORD
 
+            value: "${SSO_PASSWORD}"
 
+          - name: SSO_DISABLE_SSL_CERTIFICATE_VALIDATION
 
+            value: "${SSO_DISABLE_SSL_CERTIFICATE_VALIDATION}"
 
+          - name: HOSTNAME_HTTP
 
+            value: "${EXECUTION_SERVER_HOSTNAME_HTTP}"
 
+          - name: HOSTNAME_HTTPS
 
+            value: "${EXECUTION_SERVER_HOSTNAME_HTTPS}"
 
+        volumes:
 
+        - name: kieserver-keystore-volume
 
+          secret:
 
+            secretName: "${KIE_SERVER_HTTPS_SECRET}"
 
+## H2 volume settings BEGIN
 
+        - name: "${APPLICATION_NAME}-h2-pvol"
 
+          persistentVolumeClaim:
 
+            claimName: "${APPLICATION_NAME}-h2-claim"
 
+## H2 volume settings END
 
+## Place to add database deployment config
 
+- apiVersion: v1
 
+  kind: PersistentVolumeClaim
 
+  metadata:
 
+    name: "${APPLICATION_NAME}-rhpamcentr-claim"
 
+    labels:
 
+      application: "${APPLICATION_NAME}"
 
+      service: "${APPLICATION_NAME}-rhpamcentr"
 
+  spec:
 
+    accessModes:
 
+    - ReadWriteOnce
 
+    resources:
 
+      requests:
 
+        storage: "${BUSINESS_CENTRAL_VOLUME_CAPACITY}"
 
+## H2 persistent volume claim BEGIN
 
+- apiVersion: v1
 
+  kind: PersistentVolumeClaim
 
+  metadata:
 
+    name: "${APPLICATION_NAME}-h2-claim"
 
+    labels:
 
+      application: "${APPLICATION_NAME}"
 
+      service: "${APPLICATION_NAME}-kieserver"
 
+  spec:
 
+    accessModes:
 
+    - ReadWriteOnce
 
+    resources:
 
+      requests:
 
+        storage: "${DB_VOLUME_CAPACITY}"
 
+## H2 persistent volume claim END

+ 502 - 0
roles/openshift_examples/files/examples/v3.10/xpaas-templates/rhpam70-kieserver-externaldb.yaml
Xem Tập Tin 

@@ -0,0 +1,502 @@
 
+---
 
+kind: Template
 
+apiVersion: v1
 
+metadata:
 
+  annotations:
 
+    description: Application template for a managed KIE server with an external database, for Red Hat Process Automation Manager 7.0
 
+    iconClass: icon-jboss
 
+    tags: rhpam,jboss,xpaas
 
+    version: 1.4.0
 
+    openshift.io/display-name: Red Hat Process Automation Manager 7.0 managed KIE server with an external database
 
+  name: rhpam70-kieserver-externaldb
 
+labels:
 
+  template: rhpam70-kieserver-externaldb
 
+  xpaas: 1.4.0
 
+message: A new environment has been set up for Red Hat Process Automation Manager 7. The username/password for accessing the KIE server is ${KIE_SERVER_USER}/${KIE_SERVER_PWD}.
 
+parameters:
 
+- displayName: Application Name
 
+  description: The name for the application.
 
+  name: APPLICATION_NAME
 
+  value: myapp
 
+  required: true
 
+- displayName: Maven repository URL
 
+  description: Fully qualified URL to a Maven repository or service.
 
+  name: MAVEN_REPO_URL
 
+  example: http://nexus.nexus-project.svc.cluster.local:8081/nexus/content/groups/public/
 
+  required: true
 
+- displayName: Maven repository username
 
+  description: Username to access the Maven repository, if required.
 
+  name: MAVEN_REPO_USERNAME
 
+  required: false
 
+- displayName: Maven repository password
 
+  description: Password to access the Maven repository, if required.
 
+  name: MAVEN_REPO_PASSWORD
 
+  required: false
 
+- displayName: EAP Admin User
 
+  description: EAP administrator username
 
+  name: ADMIN_USERNAME
 
+  value: eapadmin
 
+  required: false
 
+- displayName: EAP Admin Password
 
+  description: EAP administrator password
 
+  name: ADMIN_PASSWORD
 
+  from: "[a-zA-Z]{6}[0-9]{1}!"
 
+  generate: expression
 
+  required: false
 
+- displayName: KIE Admin User
 
+  description: KIE administrator username
 
+  name: KIE_ADMIN_USER
 
+  value: adminUser
 
+  required: false
 
+- displayName: KIE Admin Password
 
+  description: KIE administrator password
 
+  name: KIE_ADMIN_PWD
 
+  from: "[a-zA-Z]{6}[0-9]{1}!"
 
+  generate: expression
 
+  required: false
 
+- displayName: KIE Server ID
 
+  description: The KIE server ID to use, which defaults to ${APPLICATION_NAME}-kieserver if not specified (Sets the org.kie.server.id system property).
 
+  name: KIE_SERVER_ID
 
+  required: false
 
+- displayName: KIE Server User
 
+  description: KIE execution server username (Sets the org.kie.server.user system property)
 
+  name: KIE_SERVER_USER
 
+  value: executionUser
 
+  required: false
 
+- displayName: KIE Server Password
 
+  description: KIE execution server password (Sets the org.kie.server.pwd system property)
 
+  name: KIE_SERVER_PWD
 
+  from: "[a-zA-Z]{6}[0-9]{1}!"
 
+  generate: expression
 
+  required: false
 
+- displayName: ImageStream Namespace
 
+  description: Namespace in which the ImageStreams for Red Hat Middleware images are
 
+    installed. These ImageStreams are normally installed in the openshift namespace.
 
+    You should only need to modify this if you've installed the ImageStreams in a
 
+    different namespace/project.
 
+  name: IMAGE_STREAM_NAMESPACE
 
+  value: openshift
 
+  required: true
 
+- displayName: ImageStream Tag
 
+  description: A named pointer to an image in an image stream. Default is "1.0".
 
+  name: IMAGE_STREAM_TAG
 
+  value: "1.0"
 
+  required: false
 
+- displayName: Smart Router Service
 
+  description: The service name for the optional smart router, where it can be reached, to allow smart routing
 
+  name: KIE_SERVER_ROUTER_SERVICE
 
+  required: false
 
+- displayName: Smart Router Host
 
+  description: "The host name of the smart router, which could be the service name resolved by OpenShift or a globally resolvable domain name"
 
+  name: KIE_SERVER_ROUTER_HOST
 
+  example: "myapp-smartrouter"
 
+  required: false
 
+- displayName: Smart Router listening port
 
+  description: Port in which the smart router server listens (router property org.kie.server.router.port)
 
+  name: KIE_SERVER_ROUTER_PORT
 
+  example: "9000"
 
+  required: false
 
+- displayName: Smart Router protocol
 
+  description: KIE server router protocol (Used to build the org.kie.server.router.url.external property)
 
+  name: KIE_SERVER_ROUTER_PROTOCOL
 
+  example: "http"
 
+  required: false
 
+- displayName: KIE Server Controller Service
 
+  description: The service name for the optional business-central-monitor, where it can be reached and registered with, to allow monitoring console functionality
 
+  name: KIE_SERVER_CONTROLLER_SERVICE
 
+  required: false
 
+- displayName: KIE Server Controller User
 
+  description: KIE server controller username (Sets the org.kie.server.controller.user system property)
 
+  name: KIE_SERVER_CONTROLLER_USER
 
+  value: controllerUser
 
+  required: false
 
+- displayName: KIE Server Controller Password
 
+  description: KIE server controller password (Sets the org.kie.server.controller.pwd system property)
 
+  name: KIE_SERVER_CONTROLLER_PWD
 
+  required: false
 
+- displayName: KIE server controller host
 
+  description: KIE server controller host (Used to set the org.kie.server.controller system property)
 
+  name: KIE_SERVER_CONTROLLER_HOST
 
+  example: my-app-controller-ocpuser.os.example.com
 
+  required: false
 
+- displayName: KIE server controller port
 
+  description: KIE server controller port (Used to set the org.kie.server.controller system property)
 
+  name: KIE_SERVER_CONTROLLER_PORT
 
+  example: '8080'
 
+  required: false
 
+- displayName: KIE server controller protocol
 
+  description: KIE server controller protocol (Used to set the org.kie.server.controller system property)
 
+  name: KIE_SERVER_CONTROLLER_PROTOCOL
 
+  example: http
 
+  required: false
 
+- displayName: KIE Server controller token
 
+  description: KIE server controller token for bearer authentication (Sets the org.kie.server.controller.token system property)
 
+  name: KIE_SERVER_CONTROLLER_TOKEN
 
+  required: false
 
+- displayName: KIE Server Persistence DS
 
+  description: KIE execution server persistence datasource (Sets the org.kie.server.persistence.ds system property)
 
+  name: KIE_SERVER_PERSISTENCE_DS
 
+  value: java:/jboss/datasources/rhpam
 
+  required: false
 
+## External database parameters BEGIN
 
+- displayName: KIE Server External Database Driver
 
+  description: KIE execution server external database driver
 
+  name: KIE_SERVER_EXTERNALDB_DRIVER
 
+  example: "mysql"
 
+  required: true
 
+- displayName: KIE Server External Database User
 
+  description: KIE execution server external database username
 
+  name: KIE_SERVER_EXTERNALDB_USER
 
+  example: rhpam
 
+  required: true
 
+- displayName: KIE Server External Database Password
 
+  description: KIE execution server external database password
 
+  name: KIE_SERVER_EXTERNALDB_PWD
 
+  required: true
 
+- displayName: KIE Server External Database URL
 
+  description: KIE execution server external database JDBC URL
 
+  name: KIE_SERVER_EXTERNALDB_URL
 
+  example: "jdbc:mysql://127.0.0.1:3306/rhpam"
 
+  required: true
 
+- displayName: KIE Server External Database Dialect
 
+  description: KIE execution server external database Hibernate dialect
 
+  name: KIE_SERVER_EXTERNALDB_DIALECT
 
+  example: "org.hibernate.dialect.MySQL5Dialect"
 
+  required: true
 
+- displayName: KIE Server External Database Host
 
+  description: KIE execution server external database host, for ejb_timer datasource configuration
 
+  name: KIE_SERVER_EXTERNALDB_HOST
 
+  required: true
 
+- displayName: KIE Server External Database name
 
+  description: KIE execution server external database name, for ejb_timer datasource configuration
 
+  name: KIE_SERVER_EXTERNALDB_DB
 
+  value: rhpam
 
+  required: false
 
+## External database parameters END
 
+- displayName: Drools Server Filter Classes
 
+  description: KIE execution server class filtering (Sets the org.drools.server.filter.classes system property)
 
+  name: DROOLS_SERVER_FILTER_CLASSES
 
+  value: 'true'
 
+  required: false
 
+- displayName: KIE MBeans
 
+  description: KIE execution server mbeans enabled/disabled (Sets the kie.mbeans and kie.scanner.mbeans system properties)
 
+  name: KIE_MBEANS
 
+  value: enabled
 
+  required: false
 
+- displayName: Execution Server Custom http Route Hostname
 
+  description: 'Custom hostname for http service route.  Leave blank for default hostname,
 
+    e.g.: <application-name>-kieserver-<project>.<default-domain-suffix>'
 
+  name: EXECUTION_SERVER_HOSTNAME_HTTP
 
+  value: ''
 
+  required: false
 
+- displayName: Execution Server Custom https Route Hostname
 
+  description: 'Custom hostname for https service route.  Leave blank for default
 
+    hostname, e.g.: secure-<application-name>-kieserver-<project>.<default-domain-suffix>'
 
+  name: EXECUTION_SERVER_HOSTNAME_HTTPS
 
+  value: ''
 
+  required: false
 
+- displayName: KIE Server Keystore Secret Name
 
+  description: The name of the secret containing the keystore file
 
+  name: KIE_SERVER_HTTPS_SECRET
 
+  example: kieserver-app-secret
 
+  required: true
 
+- displayName: KIE Server Keystore Filename
 
+  description: The name of the keystore file within the secret
 
+  name: KIE_SERVER_HTTPS_KEYSTORE
 
+  value: keystore.jks
 
+  required: false
 
+- displayName: KIE Server Certificate Name
 
+  description: The name associated with the server certificate
 
+  name: KIE_SERVER_HTTPS_NAME
 
+  value: jboss
 
+  required: false
 
+- displayName: KIE Server Keystore Password
 
+  description: The password for the keystore and certificate
 
+  name: KIE_SERVER_HTTPS_PASSWORD
 
+  value: mykeystorepass
 
+  required: false
 
+- displayName: KIE Server Bypass Auth User
 
+  description: KIE execution server bypass auth user (Sets the org.kie.server.bypass.auth.user system property)
 
+  name: KIE_SERVER_BYPASS_AUTH_USER
 
+  value: 'false'
 
+  required: false
 
+- displayName: "Timer service data store refresh interval (in milliseconds)"
 
+  description: "Sets refresh-interval for the EJB timer database data-store service."
 
+  name: TIMER_SERVICE_DATA_STORE_REFRESH_INTERVAL
 
+  value: '30000'
 
+  required: false
 
+- displayName: Execution Server Container Memory Limit
 
+  description: Execution Server Container memory limit
 
+  name: EXECUTION_SERVER_MEMORY_LIMIT
 
+  value: 1Gi
 
+  required: false
 
+- displayName: KIE Server Container Deployment
 
+  description: 'KIE Server Container deployment configuration in format: containerId=groupId:artifactId:version|c2=g2:a2:v2'
 
+  name: KIE_SERVER_CONTAINER_DEPLOYMENT
 
+  example: rhpam-kieserver-library=org.openshift.quickstarts:rhpam-kieserver-library:1.4.0-SNAPSHOT
 
+  required: false
 
+- displayName: Disable KIE Server Management
 
+  description: "Disable management api and don't allow KIE containers to be deployed/undeployed or started/stopped sets the property org.kie.server.mgmt.api.disabled to true and org.kie.server.startup.strategy to LocalContainersStartupStrategy."
 
+  name: KIE_SERVER_MGMT_DISABLED
 
+  example: "true"
 
+  required: false
 
+- displayName: KIE Server Startup Strategy
 
+  description: "When set to LocalContainersStartupStrategy, allows KIE server to start up and function with local config, even when a controller is configured and unavailable."
 
+  name: KIE_SERVER_STARTUP_STRATEGY
 
+  example: "LocalContainersStartupStrategy"
 
+  required: false
 
+objects:
 
+- kind: Service
 
+  apiVersion: v1
 
+  spec:
 
+    ports:
 
+    - name: http
 
+      port: 8080
 
+      targetPort: 8080
 
+    - name: https
 
+      port: 8443
 
+      targetPort: 8443
 
+    selector:
 
+      deploymentConfig: "${APPLICATION_NAME}-kieserver"
 
+  metadata:
 
+    name: "${APPLICATION_NAME}-kieserver"
 
+    labels:
 
+      application: "${APPLICATION_NAME}"
 
+      service: "${APPLICATION_NAME}-kieserver"
 
+    annotations:
 
+      description: All the KIE server web server's ports.
 
+- kind: Service
 
+  apiVersion: v1
 
+  spec:
 
+    clusterIP: "None"
 
+    ports:
 
+    - name: "ping"
 
+      port: 8888
 
+    selector:
 
+      deploymentConfig: "${APPLICATION_NAME}-kieserver"
 
+  metadata:
 
+    name: "${APPLICATION_NAME}-kieserver-ping"
 
+    labels:
 
+      application: "${APPLICATION_NAME}"
 
+      service: "${APPLICATION_NAME}-kieserver"
 
+    annotations:
 
+      service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"
 
+      description: "The JGroups ping port for clustering."
 
+- kind: Route
 
+  apiVersion: v1
 
+  id: "${APPLICATION_NAME}-kieserver-http"
 
+  metadata:
 
+    name: "${APPLICATION_NAME}-kieserver"
 
+    labels:
 
+      application: "${APPLICATION_NAME}"
 
+      service: "${APPLICATION_NAME}-kieserver"
 
+    annotations:
 
+      description: Route for KIE server's http service.
 
+  spec:
 
+    host: "${EXECUTION_SERVER_HOSTNAME_HTTP}"
 
+    to:
 
+      name: "${APPLICATION_NAME}-kieserver"
 
+    port:
 
+      targetPort: http
 
+- kind: Route
 
+  apiVersion: v1
 
+  id: "${APPLICATION_NAME}-kieserver-https"
 
+  metadata:
 
+    name: "secure-${APPLICATION_NAME}-kieserver"
 
+    labels:
 
+      application: "${APPLICATION_NAME}"
 
+      service: "${APPLICATION_NAME}-kieserver"
 
+    annotations:
 
+      description: Route for KIE server's https service.
 
+  spec:
 
+    host: "${EXECUTION_SERVER_HOSTNAME_HTTPS}"
 
+    to:
 
+      name: "${APPLICATION_NAME}-kieserver"
 
+    port:
 
+      targetPort: https
 
+    tls:
 
+      termination: passthrough
 
+- kind: DeploymentConfig
 
+  apiVersion: v1
 
+  metadata:
 
+    name: "${APPLICATION_NAME}-kieserver"
 
+    labels:
 
+      application: "${APPLICATION_NAME}"
 
+      service: "${APPLICATION_NAME}-kieserver"
 
+  spec:
 
+    strategy:
 
+      type: Recreate
 
+    triggers:
 
+    - type: ImageChange
 
+      imageChangeParams:
 
+        automatic: true
 
+        containerNames:
 
+        - "${APPLICATION_NAME}-kieserver"
 
+        from:
 
+          kind: ImageStreamTag
 
+          namespace: "${IMAGE_STREAM_NAMESPACE}"
 
+          name: "rhpam70-kieserver-openshift:${IMAGE_STREAM_TAG}"
 
+    - type: ConfigChange
 
+    replicas: 1
 
+    selector:
 
+      deploymentConfig: "${APPLICATION_NAME}-kieserver"
 
+    template:
 
+      metadata:
 
+        name: "${APPLICATION_NAME}-kieserver"
 
+        labels:
 
+          deploymentConfig: "${APPLICATION_NAME}-kieserver"
 
+          application: "${APPLICATION_NAME}"
 
+          service: "${APPLICATION_NAME}-kieserver"
 
+      spec:
 
+        terminationGracePeriodSeconds: 60
 
+        containers:
 
+        - name: "${APPLICATION_NAME}-kieserver"
 
+          image: rhpam70-kieserver-openshift
 
+          imagePullPolicy: Always
 
+          resources:
 
+            limits:
 
+              memory: "${EXECUTION_SERVER_MEMORY_LIMIT}"
 
+          volumeMounts:
 
+          - name: kieserver-keystore-volume
 
+            mountPath: "/etc/kieserver-secret-volume"
 
+            readOnly: true
 
+          livenessProbe:
 
+            exec:
 
+              command:
 
+              - "/bin/bash"
 
+              - "-c"
 
+              - "curl --fail --silent -u '${KIE_ADMIN_USER}:${KIE_ADMIN_PWD}' http://localhost:8080/services/rest/server/healthcheck"
 
+            initialDelaySeconds: 180
 
+            timeoutSeconds: 2
 
+            periodSeconds: 15
 
+            failureThreshold: 3
 
+          readinessProbe:
 
+            exec:
 
+              command:
 
+              - "/bin/bash"
 
+              - "-c"
 
+              - "curl --fail --silent -u '${KIE_ADMIN_USER}:${KIE_ADMIN_PWD}' http://localhost:8080/services/rest/server/readycheck"
 
+            initialDelaySeconds: 60
 
+            timeoutSeconds: 2
 
+            periodSeconds: 30
 
+            failureThreshold: 6
 
+          ports:
 
+          - name: jolokia
 
+            containerPort: 8778
 
+            protocol: TCP
 
+          - name: http
 
+            containerPort: 8080
 
+            protocol: TCP
 
+          - name: https
 
+            containerPort: 8443
 
+            protocol: TCP
 
+          - name: ping
 
+            containerPort: 8888
 
+            protocol: TCP
 
+          env:
 
+          - name: DROOLS_SERVER_FILTER_CLASSES
 
+            value: "${DROOLS_SERVER_FILTER_CLASSES}"
 
+          - name: KIE_ADMIN_USER
 
+            value: "${KIE_ADMIN_USER}"
 
+          - name: KIE_ADMIN_PWD
 
+            value: "${KIE_ADMIN_PWD}"
 
+          - name: KIE_MBEANS
 
+            value: "${KIE_MBEANS}"
 
+          - name: KIE_SERVER_BYPASS_AUTH_USER
 
+            value: "${KIE_SERVER_BYPASS_AUTH_USER}"
 
+          - name: KIE_SERVER_CONTROLLER_USER
 
+            value: "${KIE_SERVER_CONTROLLER_USER}"
 
+          - name: KIE_SERVER_CONTROLLER_PWD
 
+            value: "${KIE_SERVER_CONTROLLER_PWD}"
 
+          - name: KIE_SERVER_CONTROLLER_SERVICE
 
+            value: "${KIE_SERVER_CONTROLLER_SERVICE}"
 
+          - name: KIE_SERVER_CONTROLLER_HOST
 
+            value: "${KIE_SERVER_CONTROLLER_HOST}"
 
+          - name: KIE_SERVER_CONTROLLER_PORT
 
+            value: "${KIE_SERVER_CONTROLLER_PORT}"
 
+          - name: KIE_SERVER_CONTROLLER_PROTOCOL
 
+            value: "${KIE_SERVER_CONTROLLER_PROTOCOL}"
 
+          - name: KIE_SERVER_CONTROLLER_TOKEN
 
+            value: "${KIE_SERVER_CONTROLLER_TOKEN}"
 
+          - name: KIE_SERVER_ID
 
+            value: "${KIE_SERVER_ID}"
 
+          - name: KIE_SERVER_HOST
 
+            valueFrom:
 
+              fieldRef:
 
+                fieldPath: status.podIP
 
+          - name: KIE_SERVER_USER
 
+            value: "${KIE_SERVER_USER}"
 
+          - name: KIE_SERVER_PWD
 
+            value: "${KIE_SERVER_PWD}"
 
+          - name: KIE_SERVER_CONTAINER_DEPLOYMENT
 
+            value: "${KIE_SERVER_CONTAINER_DEPLOYMENT}"
 
+          - name: MAVEN_REPO_URL
 
+            value: "${MAVEN_REPO_URL}"
 
+          - name: MAVEN_REPO_USERNAME
 
+            value: "${MAVEN_REPO_USERNAME}"
 
+          - name: MAVEN_REPO_PASSWORD
 
+            value: "${MAVEN_REPO_PASSWORD}"
 
+          - name: MAVEN_REPO_PATH
 
+            value: "/maven2/"
 
+          - name: KIE_SERVER_ROUTER_SERVICE
 
+            value: "${KIE_SERVER_ROUTER_SERVICE}"
 
+          - name: KIE_SERVER_ROUTER_HOST
 
+            value: "${KIE_SERVER_ROUTER_HOST}"
 
+          - name: KIE_SERVER_ROUTER_PORT
 
+            value: "${KIE_SERVER_ROUTER_PORT}"
 
+          - name: KIE_SERVER_ROUTER_PROTOCOL
 
+            value: "${KIE_SERVER_ROUTER_PROTOCOL}"
 
+          - name: KIE_SERVER_MGMT_DISABLED
 
+            value: "${KIE_SERVER_MGMT_DISABLED}"
 
+          - name: KIE_SERVER_STARTUP_STRATEGY
 
+            value: "${KIE_SERVER_STARTUP_STRATEGY}"
 
+          - name: KIE_SERVER_PERSISTENCE_DS
 
+            value: "${KIE_SERVER_PERSISTENCE_DS}"
 
+          - name: DATASOURCES
 
+            value: "RHPAM"
 
+          - name: RHPAM_JNDI
 
+            value: "${KIE_SERVER_PERSISTENCE_DS}"
 
+## External database driver settings BEGIN
 
+          - name: KIE_SERVER_PERSISTENCE_DIALECT
 
+            value: "${KIE_SERVER_EXTERNALDB_DIALECT}"
 
+          - name: RHPAM_DRIVER
 
+            value: "${KIE_SERVER_EXTERNALDB_DRIVER}"
 
+          - name: RHPAM_USERNAME
 
+            value: "${KIE_SERVER_EXTERNALDB_USER}"
 
+          - name: RHPAM_PASSWORD
 
+            value: "${KIE_SERVER_EXTERNALDB_PWD}"
 
+          - name: RHPAM_XA_CONNECTION_PROPERTY_URL
 
+            value: "${KIE_SERVER_EXTERNALDB_URL}"
 
+          - name: RHPAM_SERVICE_HOST
 
+            value: "${KIE_SERVER_EXTERNALDB_HOST}"
 
+          - name: RHPAM_DATABASE
 
+            value: "${KIE_SERVER_EXTERNALDB_DB}"
 
+## External database driver settings END
 
+          - name: RHPAM_JTA
 
+            value: "true"
 
+          - name: RHPAM_TX_ISOLATION
 
+            value: "TRANSACTION_READ_COMMITTED"
 
+          - name: TIMER_SERVICE_DATA_STORE_REFRESH_INTERVAL
 
+            value: "${TIMER_SERVICE_DATA_STORE_REFRESH_INTERVAL}"
 
+          - name: HTTPS_KEYSTORE_DIR
 
+            value: "/etc/kieserver-secret-volume"
 
+          - name: HTTPS_KEYSTORE
 
+            value: "${KIE_SERVER_HTTPS_KEYSTORE}"
 
+          - name: HTTPS_NAME
 
+            value: "${KIE_SERVER_HTTPS_NAME}"
 
+          - name: HTTPS_PASSWORD
 
+            value: "${KIE_SERVER_HTTPS_PASSWORD}"
 
+          - name: ADMIN_USERNAME
 
+            value: "${ADMIN_USERNAME}"
 
+          - name: ADMIN_PASSWORD
 
+            value: "${ADMIN_PASSWORD}"
 
+          - name: JGROUPS_PING_PROTOCOL
 
+            value: "openshift.DNS_PING"
 
+          - name: OPENSHIFT_DNS_PING_SERVICE_NAME
 
+            value: "${APPLICATION_NAME}-kieserver-ping"
 
+          - name: OPENSHIFT_DNS_PING_SERVICE_PORT
 
+            value: "8888"
 
+        volumes:
 
+        - name: kieserver-keystore-volume
 
+          secret:
 
+            secretName: "${KIE_SERVER_HTTPS_SECRET}"

+ 585 - 0
roles/openshift_examples/files/examples/v3.10/xpaas-templates/rhpam70-kieserver-mysql.yaml
Xem Tập Tin 

@@ -0,0 +1,585 @@
 
+---
 
+kind: Template
 
+apiVersion: v1
 
+metadata:
 
+  annotations:
 
+    description: Application template for a managed KIE server with a MySQL database, for Red Hat Process Automation Manager 7.0
 
+    iconClass: icon-jboss
 
+    tags: rhpam,jboss,xpaas
 
+    version: 1.4.0
 
+    openshift.io/display-name: Red Hat Process Automation Manager 7.0 managed KIE server with a MySQL database
 
+  name: rhpam70-kieserver-mysql
 
+labels:
 
+  template: rhpam70-kieserver-mysql
 
+  xpaas: 1.4.0
 
+message: A new environment has been set up for Red Hat Process Automation Manager 7. The username/password for accessing the KIE server is ${KIE_SERVER_USER}/${KIE_SERVER_PWD}.
 
+parameters:
 
+- displayName: Application Name
 
+  description: The name for the application.
 
+  name: APPLICATION_NAME
 
+  value: myapp
 
+  required: true
 
+- displayName: Maven repository URL
 
+  description: Fully qualified URL to a Maven repository or service.
 
+  name: MAVEN_REPO_URL
 
+  example: http://nexus.nexus-project.svc.cluster.local:8081/nexus/content/groups/public/
 
+  required: true
 
+- displayName: Maven repository username
 
+  description: Username to access the Maven repository, if required.
 
+  name: MAVEN_REPO_USERNAME
 
+  required: true
 
+- displayName: Maven repository password
 
+  description: Password to access the Maven repository, if required.
 
+  name: MAVEN_REPO_PASSWORD
 
+  required: true
 
+- displayName: EAP Admin User
 
+  description: EAP administrator username
 
+  name: ADMIN_USERNAME
 
+  value: eapadmin
 
+  required: false
 
+- displayName: EAP Admin Password
 
+  description: EAP administrator password
 
+  name: ADMIN_PASSWORD
 
+  from: "[a-zA-Z]{6}[0-9]{1}!"
 
+  generate: expression
 
+  required: false
 
+- displayName: KIE Admin User
 
+  description: KIE administrator username
 
+  name: KIE_ADMIN_USER
 
+  value: adminUser
 
+  required: false
 
+- displayName: KIE Admin Password
 
+  description: KIE administrator password
 
+  name: KIE_ADMIN_PWD
 
+  from: "[a-zA-Z]{6}[0-9]{1}!"
 
+  generate: expression
 
+  required: false
 
+- displayName: KIE Server ID
 
+  description: The KIE server ID to use, which defaults to ${APPLICATION_NAME}-kieserver if not specified (Sets the org.kie.server.id system property).
 
+  name: KIE_SERVER_ID
 
+  required: false
 
+- displayName: KIE Server User
 
+  description: KIE execution server username (Sets the org.kie.server.user system property)
 
+  name: KIE_SERVER_USER
 
+  value: executionUser
 
+  required: false
 
+- displayName: KIE Server Password
 
+  description: KIE execution server password (Sets the org.kie.server.pwd system property)
 
+  name: KIE_SERVER_PWD
 
+  from: "[a-zA-Z]{6}[0-9]{1}!"
 
+  generate: expression
 
+  required: false
 
+- displayName: ImageStream Namespace
 
+  description: Namespace in which the ImageStreams for Red Hat Middleware images are
 
+    installed. These ImageStreams are normally installed in the openshift namespace.
 
+    You should only need to modify this if you've installed the ImageStreams in a
 
+    different namespace/project.
 
+  name: IMAGE_STREAM_NAMESPACE
 
+  value: openshift
 
+  required: true
 
+- displayName: ImageStream Tag
 
+  description: A named pointer to an image in an image stream. Default is "1.0".
 
+  name: IMAGE_STREAM_TAG
 
+  value: "1.0"
 
+  required: false
 
+- displayName: Smart Router Service
 
+  description: The service name for the optional smart router, where it can be reached, to allow smart routing
 
+  name: KIE_SERVER_ROUTER_SERVICE
 
+  required: false
 
+- displayName: Smart Router Host
 
+  description: "The host name of the smart router, which could be the service name resolved by OpenShift or a globally resolvable domain name"
 
+  name: KIE_SERVER_ROUTER_HOST
 
+  example: "myapp-smartrouter"
 
+  required: false
 
+- displayName: Smart Router listening port
 
+  description: Port in which the smart router server listens (router property org.kie.server.router.port)
 
+  name: KIE_SERVER_ROUTER_PORT
 
+  example: "9000"
 
+  required: false
 
+- displayName: Smart Router protocol
 
+  description: KIE server router protocol (Used to build the org.kie.server.router.url.external property)
 
+  name: KIE_SERVER_ROUTER_PROTOCOL
 
+  example: "http"
 
+  required: false
 
+- displayName: KIE Server Controller Service
 
+  description: The service name for the optional business-central-monitor, where it can be reached and registered with, to allow monitoring console functionality
 
+  name: KIE_SERVER_CONTROLLER_SERVICE
 
+  required: false
 
+- displayName: KIE Server Controller User
 
+  description: KIE server controller username (Sets the org.kie.server.controller.user system property)
 
+  name: KIE_SERVER_CONTROLLER_USER
 
+  value: controllerUser
 
+  required: false
 
+- displayName: KIE Server Controller Password
 
+  description: KIE server controller password (Sets the org.kie.server.controller.pwd system property)
 
+  name: KIE_SERVER_CONTROLLER_PWD
 
+  required: false
 
+- displayName: KIE server controller host
 
+  description: KIE server controller host (Used to set the org.kie.server.controller system property)
 
+  name: KIE_SERVER_CONTROLLER_HOST
 
+  example: my-app-controller-ocpuser.os.example.com
 
+  required: false
 
+- displayName: KIE server controller port
 
+  description: KIE server controller port (Used to set the org.kie.server.controller system property)
 
+  name: KIE_SERVER_CONTROLLER_PORT
 
+  example: '8080'
 
+  required: false
 
+- displayName: KIE server controller protocol
 
+  description: KIE server controller protocol (Used to set the org.kie.server.controller system property)
 
+  name: KIE_SERVER_CONTROLLER_PROTOCOL
 
+  example: http
 
+  required: false
 
+- displayName: KIE Server controller token
 
+  description: KIE server controller token for bearer authentication (Sets the org.kie.server.controller.token system property)
 
+  name: KIE_SERVER_CONTROLLER_TOKEN
 
+  required: false
 
+- displayName: KIE Server Persistence DS
 
+  description: KIE execution server persistence datasource (Sets the org.kie.server.persistence.ds system property)
 
+  name: KIE_SERVER_PERSISTENCE_DS
 
+  value: java:/jboss/datasources/rhpam
 
+  required: false
 
+## MySQL database parameters BEGIN
 
+- displayName: MySQL ImageStream Tag
 
+  description: The MySQL image version, which is intended to correspond to the MySQL version. Default is "5.7".
 
+  name: MYSQL_IMAGE_STREAM_TAG
 
+  value: "5.7"
 
+  required: false
 
+- displayName: KIE Server MySQL Database User
 
+  description: KIE execution server MySQL database username
 
+  name: KIE_SERVER_MYSQL_USER
 
+  value: rhpam
 
+  required: false
 
+- displayName: KIE Server MySQL Database Password
 
+  description: KIE execution server MySQL database password
 
+  name: KIE_SERVER_MYSQL_PWD
 
+  from: "[a-zA-Z]{6}[0-9]{1}!"
 
+  generate: expression
 
+  required: false
 
+- displayName: KIE Server MySQL Database Name
 
+  description: KIE execution server MySQL database name
 
+  name: KIE_SERVER_MYSQL_DB
 
+  value: rhpam7
 
+  required: false
 
+- displayName: Database Volume Capacity
 
+  description: Size of persistent storage for database volume.
 
+  name: DB_VOLUME_CAPACITY
 
+  value: 1Gi
 
+## MySQL database parameters END
 
+- displayName: Drools Server Filter Classes
 
+  description: KIE execution server class filtering (Sets the org.drools.server.filter.classes system property)
 
+  name: DROOLS_SERVER_FILTER_CLASSES
 
+  value: 'true'
 
+  required: false
 
+- displayName: KIE MBeans
 
+  description: KIE execution server mbeans enabled/disabled (Sets the kie.mbeans and kie.scanner.mbeans system properties)
 
+  name: KIE_MBEANS
 
+  value: enabled
 
+  required: false
 
+- displayName: Execution Server Custom http Route Hostname
 
+  description: 'Custom hostname for http service route.  Leave blank for default hostname,
 
+    e.g.: <application-name>-kieserver-<project>.<default-domain-suffix>'
 
+  name: EXECUTION_SERVER_HOSTNAME_HTTP
 
+  value: ''
 
+  required: false
 
+- displayName: Execution Server Custom https Route Hostname
 
+  description: 'Custom hostname for https service route.  Leave blank for default
 
+    hostname, e.g.: secure-<application-name>-kieserver-<project>.<default-domain-suffix>'
 
+  name: EXECUTION_SERVER_HOSTNAME_HTTPS
 
+  value: ''
 
+  required: false
 
+- displayName: KIE Server Keystore Secret Name
 
+  description: The name of the secret containing the keystore file
 
+  name: KIE_SERVER_HTTPS_SECRET
 
+  example: kieserver-app-secret
 
+  required: true
 
+- displayName: KIE Server Keystore Filename
 
+  description: The name of the keystore file within the secret
 
+  name: KIE_SERVER_HTTPS_KEYSTORE
 
+  value: keystore.jks
 
+  required: false
 
+- displayName: KIE Server Certificate Name
 
+  description: The name associated with the server certificate
 
+  name: KIE_SERVER_HTTPS_NAME
 
+  value: jboss
 
+  required: false
 
+- displayName: KIE Server Keystore Password
 
+  description: The password for the keystore and certificate
 
+  name: KIE_SERVER_HTTPS_PASSWORD
 
+  value: mykeystorepass
 
+  required: false
 
+- displayName: KIE Server Bypass Auth User
 
+  description: KIE execution server bypass auth user (Sets the org.kie.server.bypass.auth.user system property)
 
+  name: KIE_SERVER_BYPASS_AUTH_USER
 
+  value: 'false'
 
+  required: false
 
+  required: true
 
+- displayName: "Timer service data store refresh interval (in milliseconds)"
 
+  description: "Sets refresh-interval for the EJB timer database data-store service."
 
+  name: TIMER_SERVICE_DATA_STORE_REFRESH_INTERVAL
 
+  value: '30000'
 
+  required: false
 
+- displayName: Execution Server Container Memory Limit
 
+  description: Execution Server Container memory limit
 
+  name: EXECUTION_SERVER_MEMORY_LIMIT
 
+  value: 1Gi
 
+  required: false
 
+- displayName: KIE Server Container Deployment
 
+  description: 'KIE Server Container deployment configuration in format: containerId=groupId:artifactId:version|c2=g2:a2:v2'
 
+  name: KIE_SERVER_CONTAINER_DEPLOYMENT
 
+  example: rhpam-kieserver-library=org.openshift.quickstarts:rhpam-kieserver-library:1.4.0-SNAPSHOT
 
+  required: false
 
+- displayName: Disable KIE Server Management
 
+  description: "When set to LocalContainersStartupStrategy, allows KIE server to start up and function with local config, even when a controller is configured and unavailable."
 
+  name: KIE_SERVER_MGMT_DISABLED
 
+  example: "true"
 
+  required: false
 
+- displayName: KIE Server Startup Strategy
 
+  description: "When set to LocalContainersStartupStrategy, allows KIE server to start up and function with local config, even when a controller is configured and unavailable."
 
+  name: KIE_SERVER_STARTUP_STRATEGY
 
+  example: "LocalContainersStartupStrategy"
 
+  required: false
 
+objects:
 
+- kind: Service
 
+  apiVersion: v1
 
+  spec:
 
+    ports:
 
+    - name: http
 
+      port: 8080
 
+      targetPort: 8080
 
+    - name: https
 
+      port: 8443
 
+      targetPort: 8443
 
+    selector:
 
+      deploymentConfig: "${APPLICATION_NAME}-kieserver"
 
+  metadata:
 
+    name: "${APPLICATION_NAME}-kieserver"
 
+    labels:
 
+      application: "${APPLICATION_NAME}"
 
+      service: "${APPLICATION_NAME}-kieserver"
 
+    annotations:
 
+      description: All the KIE server web server's ports.
 
+- kind: Service
 
+  apiVersion: v1
 
+  spec:
 
+    clusterIP: "None"
 
+    ports:
 
+    - name: "ping"
 
+      port: 8888
 
+    selector:
 
+      deploymentConfig: "${APPLICATION_NAME}-kieserver"
 
+  metadata:
 
+    name: "${APPLICATION_NAME}-kieserver-ping"
 
+    labels:
 
+      application: "${APPLICATION_NAME}"
 
+      service: "${APPLICATION_NAME}-kieserver"
 
+    annotations:
 
+      service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"
 
+      description: "The JGroups ping port for clustering."
 
+## MySQL service BEGIN
 
+- apiVersion: v1
 
+  kind: Service
 
+  metadata:
 
+    annotations:
 
+      description: The database server's port.
 
+    labels:
 
+      application: ${APPLICATION_NAME}
 
+      service: "${APPLICATION_NAME}-mysql"
 
+    name: ${APPLICATION_NAME}-mysql
 
+  spec:
 
+    ports:
 
+    - port: 3306
 
+      targetPort: 3306
 
+    selector:
 
+      deploymentConfig: ${APPLICATION_NAME}-mysql
 
+## MySQL service END
 
+- kind: Route
 
+  apiVersion: v1
 
+  id: "${APPLICATION_NAME}-kieserver-http"
 
+  metadata:
 
+    name: "${APPLICATION_NAME}-kieserver"
 
+    labels:
 
+      application: "${APPLICATION_NAME}"
 
+      service: "${APPLICATION_NAME}-kieserver"
 
+    annotations:
 
+      description: Route for KIE server's http service.
 
+  spec:
 
+    host: "${EXECUTION_SERVER_HOSTNAME_HTTP}"
 
+    to:
 
+      name: "${APPLICATION_NAME}-kieserver"
 
+    port:
 
+      targetPort: http
 
+- kind: Route
 
+  apiVersion: v1
 
+  id: "${APPLICATION_NAME}-kieserver-https"
 
+  metadata:
 
+    name: "secure-${APPLICATION_NAME}-kieserver"
 
+    labels:
 
+      application: "${APPLICATION_NAME}"
 
+      service: "${APPLICATION_NAME}-kieserver"
 
+    annotations:
 
+      description: Route for KIE server's https service.
 
+  spec:
 
+    host: "${EXECUTION_SERVER_HOSTNAME_HTTPS}"
 
+    to:
 
+      name: "${APPLICATION_NAME}-kieserver"
 
+    port:
 
+      targetPort: https
 
+    tls:
 
+      termination: passthrough
 
+- kind: DeploymentConfig
 
+  apiVersion: v1
 
+  metadata:
 
+    name: "${APPLICATION_NAME}-kieserver"
 
+    labels:
 
+      application: "${APPLICATION_NAME}"
 
+      service: "${APPLICATION_NAME}-kieserver"
 
+  spec:
 
+    strategy:
 
+      type: Recreate
 
+    triggers:
 
+    - type: ImageChange
 
+      imageChangeParams:
 
+        automatic: true
 
+        containerNames:
 
+        - "${APPLICATION_NAME}-kieserver"
 
+        from:
 
+          kind: ImageStreamTag
 
+          namespace: "${IMAGE_STREAM_NAMESPACE}"
 
+          name: "rhpam70-kieserver-openshift:${IMAGE_STREAM_TAG}"
 
+    - type: ConfigChange
 
+    replicas: 1
 
+    selector:
 
+      deploymentConfig: "${APPLICATION_NAME}-kieserver"
 
+    template:
 
+      metadata:
 
+        name: "${APPLICATION_NAME}-kieserver"
 
+        labels:
 
+          deploymentConfig: "${APPLICATION_NAME}-kieserver"
 
+          application: "${APPLICATION_NAME}"
 
+          service: "${APPLICATION_NAME}-kieserver"
 
+      spec:
 
+        terminationGracePeriodSeconds: 60
 
+        containers:
 
+        - name: "${APPLICATION_NAME}-kieserver"
 
+          image: rhpam70-kieserver-openshift
 
+          imagePullPolicy: Always
 
+          resources:
 
+            limits:
 
+              memory: "${EXECUTION_SERVER_MEMORY_LIMIT}"
 
+          volumeMounts:
 
+          - name: kieserver-keystore-volume
 
+            mountPath: "/etc/kieserver-secret-volume"
 
+            readOnly: true
 
+          livenessProbe:
 
+            exec:
 
+              command:
 
+              - "/bin/bash"
 
+              - "-c"
 
+              - "curl --fail --silent -u '${KIE_ADMIN_USER}:${KIE_ADMIN_PWD}' http://localhost:8080/services/rest/server/healthcheck"
 
+            initialDelaySeconds: 180
 
+            timeoutSeconds: 2
 
+            periodSeconds: 15
 
+            failureThreshold: 3
 
+          readinessProbe:
 
+            exec:
 
+              command:
 
+              - "/bin/bash"
 
+              - "-c"
 
+              - "curl --fail --silent -u '${KIE_ADMIN_USER}:${KIE_ADMIN_PWD}' http://localhost:8080/services/rest/server/readycheck"
 
+            initialDelaySeconds: 60
 
+            timeoutSeconds: 2
 
+            periodSeconds: 30
 
+            failureThreshold: 6
 
+          ports:
 
+          - name: jolokia
 
+            containerPort: 8778
 
+            protocol: TCP
 
+          - name: http
 
+            containerPort: 8080
 
+            protocol: TCP
 
+          - name: https
 
+            containerPort: 8443
 
+            protocol: TCP
 
+          - name: ping
 
+            containerPort: 8888
 
+            protocol: TCP
 
+          env:
 
+          - name: DROOLS_SERVER_FILTER_CLASSES
 
+            value: "${DROOLS_SERVER_FILTER_CLASSES}"
 
+          - name: KIE_ADMIN_USER
 
+            value: "${KIE_ADMIN_USER}"
 
+          - name: KIE_ADMIN_PWD
 
+            value: "${KIE_ADMIN_PWD}"
 
+          - name: KIE_MBEANS
 
+            value: "${KIE_MBEANS}"
 
+          - name: KIE_SERVER_BYPASS_AUTH_USER
 
+            value: "${KIE_SERVER_BYPASS_AUTH_USER}"
 
+          - name: KIE_SERVER_CONTROLLER_USER
 
+            value: "${KIE_SERVER_CONTROLLER_USER}"
 
+          - name: KIE_SERVER_CONTROLLER_PWD
 
+            value: "${KIE_SERVER_CONTROLLER_PWD}"
 
+          - name: KIE_SERVER_CONTROLLER_SERVICE
 
+            value: "${KIE_SERVER_CONTROLLER_SERVICE}"
 
+          - name: KIE_SERVER_CONTROLLER_HOST
 
+            value: "${KIE_SERVER_CONTROLLER_HOST}"
 
+          - name: KIE_SERVER_CONTROLLER_PORT
 
+            value: "${KIE_SERVER_CONTROLLER_PORT}"
 
+          - name: KIE_SERVER_CONTROLLER_PROTOCOL
 
+            value: "${KIE_SERVER_CONTROLLER_PROTOCOL}"
 
+          - name: KIE_SERVER_CONTROLLER_TOKEN
 
+            value: "${KIE_SERVER_CONTROLLER_TOKEN}"
 
+          - name: KIE_SERVER_ID
 
+            value: "${KIE_SERVER_ID}"
 
+          - name: KIE_SERVER_HOST
 
+            valueFrom:
 
+              fieldRef:
 
+                fieldPath: status.podIP
 
+          - name: KIE_SERVER_USER
 
+            value: "${KIE_SERVER_USER}"
 
+          - name: KIE_SERVER_PWD
 
+            value: "${KIE_SERVER_PWD}"
 
+          - name: KIE_SERVER_CONTAINER_DEPLOYMENT
 
+            value: "${KIE_SERVER_CONTAINER_DEPLOYMENT}"
 
+          - name: MAVEN_REPO_URL
 
+            value: "${MAVEN_REPO_URL}"
 
+          - name: MAVEN_REPO_USERNAME
 
+            value: "${MAVEN_REPO_USERNAME}"
 
+          - name: MAVEN_REPO_PASSWORD
 
+            value: "${MAVEN_REPO_PASSWORD}"
 
+          - name: MAVEN_REPO_PATH
 
+            value: "/maven2/"
 
+          - name: KIE_SERVER_ROUTER_SERVICE
 
+            value: "${KIE_SERVER_ROUTER_SERVICE}"
 
+          - name: KIE_SERVER_ROUTER_HOST
 
+            value: "${KIE_SERVER_ROUTER_HOST}"
 
+          - name: KIE_SERVER_ROUTER_PORT
 
+            value: "${KIE_SERVER_ROUTER_PORT}"
 
+          - name: KIE_SERVER_ROUTER_PROTOCOL
 
+            value: "${KIE_SERVER_ROUTER_PROTOCOL}"
 
+          - name: KIE_SERVER_MGMT_DISABLED
 
+            value: "${KIE_SERVER_MGMT_DISABLED}"
 
+          - name: KIE_SERVER_STARTUP_STRATEGY
 
+            value: "${KIE_SERVER_STARTUP_STRATEGY}"
 
+          - name: KIE_SERVER_PERSISTENCE_DS
 
+            value: "${KIE_SERVER_PERSISTENCE_DS}"
 
+          - name: DATASOURCES
 
+            value: "RHPAM"
 
+          - name: RHPAM_JNDI
 
+            value: "${KIE_SERVER_PERSISTENCE_DS}"
 
+          - name: RHPAM_TX_ISOLATION
 
+            value: "TRANSACTION_READ_COMMITTED"
 
+## MySQL driver settings BEGIN
 
+          - name: RHPAM_DATABASE
 
+            value: "${KIE_SERVER_MYSQL_DB}"
 
+          - name: RHPAM_DRIVER
 
+            value: "mysql"
 
+          - name: KIE_SERVER_PERSISTENCE_DIALECT
 
+            value: "org.hibernate.dialect.MySQL5Dialect"
 
+          - name: RHPAM_USERNAME
 
+            value: "${KIE_SERVER_MYSQL_USER}"
 
+          - name: RHPAM_PASSWORD
 
+            value: "${KIE_SERVER_MYSQL_PWD}"
 
+          - name: RHPAM_SERVICE_HOST
 
+            value: "${APPLICATION_NAME}-mysql"
 
+          - name: RHPAM_SERVICE_PORT
 
+            value: "3306"
 
+          - name: TIMER_SERVICE_DATA_STORE
 
+            value: "${APPLICATION_NAME}-mysql"
 
+## MySQL driver settings END
 
+          - name: RHPAM_JTA
 
+            value: "true"
 
+          - name: TIMER_SERVICE_DATA_STORE_REFRESH_INTERVAL
 
+            value: "${TIMER_SERVICE_DATA_STORE_REFRESH_INTERVAL}"
 
+          - name: HTTPS_KEYSTORE_DIR
 
+            value: "/etc/kieserver-secret-volume"
 
+          - name: HTTPS_KEYSTORE
 
+            value: "${KIE_SERVER_HTTPS_KEYSTORE}"
 
+          - name: HTTPS_NAME
 
+            value: "${KIE_SERVER_HTTPS_NAME}"
 
+          - name: HTTPS_PASSWORD
 
+            value: "${KIE_SERVER_HTTPS_PASSWORD}"
 
+          - name: ADMIN_USERNAME
 
+            value: "${ADMIN_USERNAME}"
 
+          - name: ADMIN_PASSWORD
 
+            value: "${ADMIN_PASSWORD}"
 
+          - name: JGROUPS_PING_PROTOCOL
 
+            value: "openshift.DNS_PING"
 
+          - name: OPENSHIFT_DNS_PING_SERVICE_NAME
 
+            value: "${APPLICATION_NAME}-kieserver-ping"
 
+          - name: OPENSHIFT_DNS_PING_SERVICE_PORT
 
+            value: "8888"
 
+        volumes:
 
+        - name: kieserver-keystore-volume
 
+          secret:
 
+            secretName: "${KIE_SERVER_HTTPS_SECRET}"
 
+## MySQL deployment config BEGIN
 
+- kind: DeploymentConfig
 
+  apiVersion: v1
 
+  metadata:
 
+    name: "${APPLICATION_NAME}-mysql"
 
+    labels:
 
+      application: "${APPLICATION_NAME}"
 
+      service: "${APPLICATION_NAME}-mysql"
 
+  spec:
 
+    strategy:
 
+      type: Recreate
 
+    triggers:
 
+    - type: ImageChange
 
+      imageChangeParams:
 
+        automatic: true
 
+        containerNames:
 
+        - "${APPLICATION_NAME}-mysql"
 
+        from:
 
+          kind: ImageStreamTag
 
+          namespace: "${IMAGE_STREAM_NAMESPACE}"
 
+          name: "mysql:${MYSQL_IMAGE_STREAM_TAG}"
 
+    - type: ConfigChange
 
+    replicas: 1
 
+    selector:
 
+      deploymentConfig: "${APPLICATION_NAME}-mysql"
 
+    template:
 
+      metadata:
 
+        name: "${APPLICATION_NAME}-mysql"
 
+        labels:
 
+          deploymentConfig: "${APPLICATION_NAME}-mysql"
 
+          application: "${APPLICATION_NAME}"
 
+          service: "${APPLICATION_NAME}-mysql"
 
+      spec:
 
+        terminationGracePeriodSeconds: 60
 
+        containers:
 
+        - name: "${APPLICATION_NAME}-mysql"
 
+          image: mysql
 
+          imagePullPolicy: Always
 
+          ports:
 
+          - containerPort: 3306
 
+            protocol: TCP
 
+          volumeMounts:
 
+          - mountPath: "/var/lib/mysql/data"
 
+            name: "${APPLICATION_NAME}-mysql-pvol"
 
+          env:
 
+          - name: MYSQL_USER
 
+            value: "${KIE_SERVER_MYSQL_USER}"
 
+          - name: MYSQL_PASSWORD
 
+            value: "${KIE_SERVER_MYSQL_PWD}"
 
+          - name: MYSQL_DATABASE
 
+            value: "${KIE_SERVER_MYSQL_DB}"
 
+        volumes:
 
+        - name: "${APPLICATION_NAME}-mysql-pvol"
 
+          persistentVolumeClaim:
 
+            claimName: "${APPLICATION_NAME}-mysql-claim"
 
+## MySQL deployment config END
 
+## MySQL persistent volume claim BEGIN
 
+- apiVersion: v1
 
+  kind: PersistentVolumeClaim
 
+  metadata:
 
+    name: "${APPLICATION_NAME}-mysql-claim"
 
+    labels:
 
+      application: "${APPLICATION_NAME}"
 
+      service: "${APPLICATION_NAME}-mysql"
 
+  spec:
 
+    accessModes:
 
+    - ReadWriteOnce
 
+    resources:
 
+      requests:
 
+        storage: "${DB_VOLUME_CAPACITY}"
 
+## MySQL persistent volume claim END

+ 592 - 0
roles/openshift_examples/files/examples/v3.10/xpaas-templates/rhpam70-kieserver-postgresql.yaml
Xem Tập Tin 

@@ -0,0 +1,592 @@
 
+---
 
+kind: Template
 
+apiVersion: v1
 
+metadata:
 
+  annotations:
 
+    description: Application template for a managed KIE server with a PostgreSQL database, for Red Hat Process Automation Manager 7.0
 
+    iconClass: icon-jboss
 
+    tags: rhpam,jboss,xpaas
 
+    version: 1.4.0
 
+    openshift.io/display-name: Red Hat Process Automation Manager 7.0 managed KIE server with a PostgreSQL database
 
+  name: rhpam70-kieserver-postgresql
 
+labels:
 
+  template: rhpam70-kieserver-postgresql
 
+  xpaas: 1.4.0
 
+message: A new environment has been set up for Red Hat Process Automation Manager 7. The username/password for accessing the KIE server is ${KIE_SERVER_USER}/${KIE_SERVER_PWD}.
 
+parameters:
 
+- displayName: Application Name
 
+  description: The name for the application.
 
+  name: APPLICATION_NAME
 
+  value: myapp
 
+  required: true
 
+- displayName: Maven repository URL
 
+  description: Fully qualified URL to a Maven repository or service.
 
+  name: MAVEN_REPO_URL
 
+  example: http://nexus.nexus-project.svc.cluster.local:8081/nexus/content/groups/public/
 
+  required: true
 
+- displayName: Maven repository username
 
+  description: Username to access the Maven repository, if required.
 
+  name: MAVEN_REPO_USERNAME
 
+  required: true
 
+- displayName: Maven repository password
 
+  description: Password to access the Maven repository, if required.
 
+  name: MAVEN_REPO_PASSWORD
 
+  required: true
 
+- displayName: EAP Admin User
 
+  description: EAP administrator username
 
+  name: ADMIN_USERNAME
 
+  value: eapadmin
 
+  required: false
 
+- displayName: EAP Admin Password
 
+  description: EAP administrator password
 
+  name: ADMIN_PASSWORD
 
+  from: "[a-zA-Z]{6}[0-9]{1}!"
 
+  generate: expression
 
+  required: false
 
+- displayName: KIE Admin User
 
+  description: KIE administrator username
 
+  name: KIE_ADMIN_USER
 
+  value: adminUser
 
+  required: false
 
+- displayName: KIE Admin Password
 
+  description: KIE administrator password
 
+  name: KIE_ADMIN_PWD
 
+  from: "[a-zA-Z]{6}[0-9]{1}!"
 
+  generate: expression
 
+  required: false
 
+- displayName: KIE Server ID
 
+  description: The KIE server ID to use, which defaults to ${APPLICATION_NAME}-kieserver if not specified (Sets the org.kie.server.id system property).
 
+  name: KIE_SERVER_ID
 
+  required: false
 
+- displayName: KIE Server User
 
+  description: KIE execution server username (Sets the org.kie.server.user system property)
 
+  name: KIE_SERVER_USER
 
+  value: executionUser
 
+  required: false
 
+- displayName: KIE Server Password
 
+  description: KIE execution server password (Sets the org.kie.server.pwd system property)
 
+  name: KIE_SERVER_PWD
 
+  from: "[a-zA-Z]{6}[0-9]{1}!"
 
+  generate: expression
 
+  required: false
 
+- displayName: ImageStream Namespace
 
+  description: Namespace in which the ImageStreams for Red Hat Middleware images are
 
+    installed. These ImageStreams are normally installed in the openshift namespace.
 
+    You should only need to modify this if you've installed the ImageStreams in a
 
+    different namespace/project.
 
+  name: IMAGE_STREAM_NAMESPACE
 
+  value: openshift
 
+  required: true
 
+- displayName: ImageStream Tag
 
+  description: A named pointer to an image in an image stream. Default is "1.0".
 
+  name: IMAGE_STREAM_TAG
 
+  value: "1.0"
 
+  required: false
 
+  required: false
 
+- displayName: Smart Router Service
 
+  description: The service name for the optional smart router, where it can be reached, to allow smart routing
 
+  name: KIE_SERVER_ROUTER_SERVICE
 
+  required: false
 
+- displayName: Smart Router Host
 
+  description: "The host name of the smart router, which could be the service name resolved by OpenShift or a globally resolvable domain name"
 
+  name: KIE_SERVER_ROUTER_HOST
 
+  example: "myapp-smartrouter"
 
+  required: false
 
+- displayName: Smart Router listening port
 
+  description: Port in which the smart router server listens (router property org.kie.server.router.port)
 
+  name: KIE_SERVER_ROUTER_PORT
 
+  example: "9000"
 
+  required: false
 
+- displayName: Smart Router protocol
 
+  description: KIE server router protocol (Used to build the org.kie.server.router.url.external property)
 
+  name: KIE_SERVER_ROUTER_PROTOCOL
 
+  example: "http"
 
+  required: false
 
+- displayName: KIE Server Controller Service
 
+  description: The service name for the optional business-central-monitor, where it can be reached and registered with, to allow monitoring console functionality
 
+  name: KIE_SERVER_CONTROLLER_SERVICE
 
+  required: false
 
+- displayName: KIE Server Controller User
 
+  description: KIE server controller username (Sets the org.kie.server.controller.user system property)
 
+  name: KIE_SERVER_CONTROLLER_USER
 
+  value: controllerUser
 
+  required: false
 
+- displayName: KIE Server Controller Password
 
+  description: KIE server controller password (Sets the org.kie.server.controller.pwd system property)
 
+  name: KIE_SERVER_CONTROLLER_PWD
 
+  required: false
 
+- displayName: KIE server controller host
 
+  description: KIE server controller host (Used to set the org.kie.server.controller system property)
 
+  name: KIE_SERVER_CONTROLLER_HOST
 
+  example: my-app-controller-ocpuser.os.example.com
 
+  required: false
 
+- displayName: KIE server controller port
 
+  description: KIE server controller port (Used to set the org.kie.server.controller system property)
 
+  name: KIE_SERVER_CONTROLLER_PORT
 
+  example: '8080'
 
+  required: false
 
+- displayName: KIE server controller protocol
 
+  description: KIE server controller protocol (Used to set the org.kie.server.controller system property)
 
+  name: KIE_SERVER_CONTROLLER_PROTOCOL
 
+  example: http
 
+  required: false
 
+- displayName: KIE Server controller token
 
+  description: KIE server controller token for bearer authentication (Sets the org.kie.server.controller.token system property)
 
+  name: KIE_SERVER_CONTROLLER_TOKEN
 
+  required: false
 
+- displayName: KIE Server Persistence DS
 
+  description: KIE execution server persistence datasource (Sets the org.kie.server.persistence.ds system property)
 
+  name: KIE_SERVER_PERSISTENCE_DS
 
+  value: java:/jboss/datasources/rhpam
 
+  required: false
 
+## PostgreSQL database parameters BEGIN
 
+- displayName: KIE Server PostgreSQL Database User
 
+  description: KIE execution server PostgreSQL database username
 
+  name: KIE_SERVER_POSTGRESQL_USER
 
+  value: rhpam
 
+  required: false
 
+- displayName: KIE Server PostgreSQL Database Password
 
+  description: KIE execution server PostgreSQL database password
 
+  name: KIE_SERVER_POSTGRESQL_PWD
 
+  from: "[a-zA-Z]{6}[0-9]{1}!"
 
+  generate: expression
 
+  required: false
 
+- displayName: KIE Server PostgreSQL Database Name
 
+  description: KIE execution server PostgreSQL database name
 
+  name: KIE_SERVER_POSTGRESQL_DB
 
+  value: rhpam7
 
+  required: false
 
+- displayName: PostgreSQL ImageStream Tag
 
+  description: The PostgreSQL image version, which is intended to correspond to the PostgreSQL version. Default is "9.6".
 
+  name: POSTGRESQL_IMAGE_STREAM_TAG
 
+  value: "9.6"
 
+- displayName: PostgreSQL Database max prepared connections
 
+  description: Allows the PostgreSQL to handle XA transactions.
 
+  name: POSTGRESQL_MAX_PREPARED_TRANSACTIONS
 
+  value: '100'
 
+  required: true
 
+- displayName: Database Volume Capacity
 
+  description: Size of persistent storage for database volume.
 
+  name: DB_VOLUME_CAPACITY
 
+  value: 1Gi
 
+## PostgreSQL database parameters END
 
+- displayName: Drools Server Filter Classes
 
+  description: KIE execution server class filtering (Sets the org.drools.server.filter.classes system property)
 
+  name: DROOLS_SERVER_FILTER_CLASSES
 
+  value: 'true'
 
+  required: false
 
+- displayName: KIE MBeans
 
+  description: KIE execution server mbeans enabled/disabled (Sets the kie.mbeans and kie.scanner.mbeans system properties)
 
+  name: KIE_MBEANS
 
+  value: enabled
 
+  required: false
 
+- displayName: Execution Server Custom http Route Hostname
 
+  description: 'Custom hostname for http service route.  Leave blank for default hostname,
 
+    e.g.: <application-name>-kieserver-<project>.<default-domain-suffix>'
 
+  name: EXECUTION_SERVER_HOSTNAME_HTTP
 
+  value: ''
 
+  required: false
 
+- displayName: Execution Server Custom https Route Hostname
 
+  description: 'Custom hostname for https service route.  Leave blank for default
 
+    hostname, e.g.: secure-<application-name>-kieserver-<project>.<default-domain-suffix>'
 
+  name: EXECUTION_SERVER_HOSTNAME_HTTPS
 
+  value: ''
 
+  required: false
 
+- displayName: KIE Server Keystore Secret Name
 
+  description: The name of the secret containing the keystore file
 
+  name: KIE_SERVER_HTTPS_SECRET
 
+  example: kieserver-app-secret
 
+  required: true
 
+- displayName: KIE Server Keystore Filename
 
+  description: The name of the keystore file within the secret
 
+  name: KIE_SERVER_HTTPS_KEYSTORE
 
+  value: keystore.jks
 
+  required: false
 
+- displayName: KIE Server Certificate Name
 
+  description: The name associated with the server certificate
 
+  name: KIE_SERVER_HTTPS_NAME
 
+  value: jboss
 
+  required: false
 
+- displayName: KIE Server Keystore Password
 
+  description: The password for the keystore and certificate
 
+  name: KIE_SERVER_HTTPS_PASSWORD
 
+  value: mykeystorepass
 
+  required: false
 
+- displayName: KIE Server Bypass Auth User
 
+  description: KIE execution server bypass auth user (Sets the org.kie.server.bypass.auth.user system property)
 
+  name: KIE_SERVER_BYPASS_AUTH_USER
 
+  value: 'false'
 
+  required: false
 
+  required: true
 
+- displayName: "Timer service data store refresh interval (in milliseconds)"
 
+  description: "Sets refresh-interval for the EJB timer database data-store service."
 
+  name: TIMER_SERVICE_DATA_STORE_REFRESH_INTERVAL
 
+  value: '30000'
 
+  required: false
 
+- displayName: Execution Server Container Memory Limit
 
+  description: Execution Server Container memory limit
 
+  name: EXECUTION_SERVER_MEMORY_LIMIT
 
+  value: 1Gi
 
+  required: false
 
+- displayName: KIE Server Container Deployment
 
+  description: 'KIE Server Container deployment configuration in format: containerId=groupId:artifactId:version|c2=g2:a2:v2'
 
+  name: KIE_SERVER_CONTAINER_DEPLOYMENT
 
+  example: rhpam-kieserver-library=org.openshift.quickstarts:rhpam-kieserver-library:1.4.0-SNAPSHOT
 
+  required: false
 
+- displayName: Disable KIE Server Management
 
+  description: "When set to LocalContainersStartupStrategy, allows KIE server to start up and function with local config, even when a controller is configured and unavailable"
 
+  name: KIE_SERVER_MGMT_DISABLED
 
+  example: "true"
 
+  required: false
 
+- displayName: KIE Server Startup Strategy
 
+  description: "When set to LocalContainersStartupStrategy, allows KIE server to start up and function with local config, even when a controller is configured and unavailable."
 
+  name: KIE_SERVER_STARTUP_STRATEGY
 
+  example: "LocalContainersStartupStrategy"
 
+  required: false
 
+objects:
 
+- kind: Service
 
+  apiVersion: v1
 
+  spec:
 
+    ports:
 
+    - name: http
 
+      port: 8080
 
+      targetPort: 8080
 
+    - name: https
 
+      port: 8443
 
+      targetPort: 8443
 
+    selector:
 
+      deploymentConfig: "${APPLICATION_NAME}-kieserver"
 
+  metadata:
 
+    name: "${APPLICATION_NAME}-kieserver"
 
+    labels:
 
+      application: "${APPLICATION_NAME}"
 
+      service: "${APPLICATION_NAME}-kieserver"
 
+    annotations:
 
+      description: All the KIE server web server's ports.
 
+- kind: Service
 
+  apiVersion: v1
 
+  spec:
 
+    clusterIP: "None"
 
+    ports:
 
+    - name: "ping"
 
+      port: 8888
 
+    selector:
 
+      deploymentConfig: "${APPLICATION_NAME}-kieserver"
 
+  metadata:
 
+    name: "${APPLICATION_NAME}-kieserver-ping"
 
+    labels:
 
+      application: "${APPLICATION_NAME}"
 
+      service: "${APPLICATION_NAME}-kieserver"
 
+    annotations:
 
+      service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"
 
+      description: "The JGroups ping port for clustering."
 
+## PostgreSQL service BEGIN
 
+- apiVersion: v1
 
+  kind: Service
 
+  metadata:
 
+    annotations:
 
+      description: The database server's port.
 
+    labels:
 
+      application: ${APPLICATION_NAME}
 
+      service: "${APPLICATION_NAME}-postgresql"
 
+    name: ${APPLICATION_NAME}-postgresql
 
+  spec:
 
+    ports:
 
+    - port: 5432
 
+      targetPort: 5432
 
+    selector:
 
+      deploymentConfig: ${APPLICATION_NAME}-postgresql
 
+## PostgreSQL service END
 
+- kind: Route
 
+  apiVersion: v1
 
+  id: "${APPLICATION_NAME}-kieserver-http"
 
+  metadata:
 
+    name: "${APPLICATION_NAME}-kieserver"
 
+    labels:
 
+      application: "${APPLICATION_NAME}"
 
+      service: "${APPLICATION_NAME}-kieserver"
 
+    annotations:
 
+      description: Route for KIE server's http service.
 
+  spec:
 
+    host: "${EXECUTION_SERVER_HOSTNAME_HTTP}"
 
+    to:
 
+      name: "${APPLICATION_NAME}-kieserver"
 
+    port:
 
+      targetPort: http
 
+- kind: Route
 
+  apiVersion: v1
 
+  id: "${APPLICATION_NAME}-kieserver-https"
 
+  metadata:
 
+    name: "secure-${APPLICATION_NAME}-kieserver"
 
+    labels:
 
+      application: "${APPLICATION_NAME}"
 
+      service: "${APPLICATION_NAME}-kieserver"
 
+    annotations:
 
+      description: Route for KIE server's https service.
 
+  spec:
 
+    host: "${EXECUTION_SERVER_HOSTNAME_HTTPS}"
 
+    to:
 
+      name: "${APPLICATION_NAME}-kieserver"
 
+    port:
 
+      targetPort: https
 
+    tls:
 
+      termination: passthrough
 
+- kind: DeploymentConfig
 
+  apiVersion: v1
 
+  metadata:
 
+    name: "${APPLICATION_NAME}-kieserver"
 
+    labels:
 
+      application: "${APPLICATION_NAME}"
 
+      service: "${APPLICATION_NAME}-kieserver"
 
+  spec:
 
+    strategy:
 
+      type: Recreate
 
+    triggers:
 
+    - type: ImageChange
 
+      imageChangeParams:
 
+        automatic: true
 
+        containerNames:
 
+        - "${APPLICATION_NAME}-kieserver"
 
+        from:
 
+          kind: ImageStreamTag
 
+          namespace: "${IMAGE_STREAM_NAMESPACE}"
 
+          name: "rhpam70-kieserver-openshift:${IMAGE_STREAM_TAG}"
 
+    - type: ConfigChange
 
+    replicas: 1
 
+    selector:
 
+      deploymentConfig: "${APPLICATION_NAME}-kieserver"
 
+    template:
 
+      metadata:
 
+        name: "${APPLICATION_NAME}-kieserver"
 
+        labels:
 
+          deploymentConfig: "${APPLICATION_NAME}-kieserver"
 
+          application: "${APPLICATION_NAME}"
 
+          service: "${APPLICATION_NAME}-kieserver"
 
+      spec:
 
+        terminationGracePeriodSeconds: 60
 
+        containers:
 
+        - name: "${APPLICATION_NAME}-kieserver"
 
+          image: rhpam70-kieserver-openshift
 
+          imagePullPolicy: Always
 
+          resources:
 
+            limits:
 
+              memory: "${EXECUTION_SERVER_MEMORY_LIMIT}"
 
+          volumeMounts:
 
+          - name: kieserver-keystore-volume
 
+            mountPath: "/etc/kieserver-secret-volume"
 
+            readOnly: true
 
+          livenessProbe:
 
+            exec:
 
+              command:
 
+              - "/bin/bash"
 
+              - "-c"
 
+              - "curl --fail --silent -u '${KIE_ADMIN_USER}:${KIE_ADMIN_PWD}' http://localhost:8080/services/rest/server/healthcheck"
 
+            initialDelaySeconds: 180
 
+            timeoutSeconds: 2
 
+            periodSeconds: 15
 
+            failureThreshold: 3
 
+          readinessProbe:
 
+            exec:
 
+              command:
 
+              - "/bin/bash"
 
+              - "-c"
 
+              - "curl --fail --silent -u '${KIE_ADMIN_USER}:${KIE_ADMIN_PWD}' http://localhost:8080/services/rest/server/readycheck"
 
+            initialDelaySeconds: 60
 
+            timeoutSeconds: 2
 
+            periodSeconds: 30
 
+            failureThreshold: 6
 
+          ports:
 
+          - name: jolokia
 
+            containerPort: 8778
 
+            protocol: TCP
 
+          - name: http
 
+            containerPort: 8080
 
+            protocol: TCP
 
+          - name: https
 
+            containerPort: 8443
 
+            protocol: TCP
 
+          - name: ping
 
+            containerPort: 8888
 
+            protocol: TCP
 
+          env:
 
+          - name: DROOLS_SERVER_FILTER_CLASSES
 
+            value: "${DROOLS_SERVER_FILTER_CLASSES}"
 
+          - name: KIE_ADMIN_USER
 
+            value: "${KIE_ADMIN_USER}"
 
+          - name: KIE_ADMIN_PWD
 
+            value: "${KIE_ADMIN_PWD}"
 
+          - name: KIE_MBEANS
 
+            value: "${KIE_MBEANS}"
 
+          - name: KIE_SERVER_BYPASS_AUTH_USER
 
+            value: "${KIE_SERVER_BYPASS_AUTH_USER}"
 
+          - name: KIE_SERVER_CONTROLLER_USER
 
+            value: "${KIE_SERVER_CONTROLLER_USER}"
 
+          - name: KIE_SERVER_CONTROLLER_PWD
 
+            value: "${KIE_SERVER_CONTROLLER_PWD}"
 
+          - name: KIE_SERVER_CONTROLLER_SERVICE
 
+            value: "${KIE_SERVER_CONTROLLER_SERVICE}"
 
+          - name: KIE_SERVER_CONTROLLER_HOST
 
+            value: "${KIE_SERVER_CONTROLLER_HOST}"
 
+          - name: KIE_SERVER_CONTROLLER_PORT
 
+            value: "${KIE_SERVER_CONTROLLER_PORT}"
 
+          - name: KIE_SERVER_CONTROLLER_PROTOCOL
 
+            value: "${KIE_SERVER_CONTROLLER_PROTOCOL}"
 
+          - name: KIE_SERVER_CONTROLLER_TOKEN
 
+            value: "${KIE_SERVER_CONTROLLER_TOKEN}"
 
+          - name: KIE_SERVER_ID
 
+            value: "${KIE_SERVER_ID}"
 
+          - name: KIE_SERVER_HOST
 
+            valueFrom:
 
+              fieldRef:
 
+                fieldPath: status.podIP
 
+          - name: KIE_SERVER_USER
 
+            value: "${KIE_SERVER_USER}"
 
+          - name: KIE_SERVER_PWD
 
+            value: "${KIE_SERVER_PWD}"
 
+          - name: KIE_SERVER_CONTAINER_DEPLOYMENT
 
+            value: "${KIE_SERVER_CONTAINER_DEPLOYMENT}"
 
+          - name: MAVEN_REPO_URL
 
+            value: "${MAVEN_REPO_URL}"
 
+          - name: MAVEN_REPO_USERNAME
 
+            value: "${MAVEN_REPO_USERNAME}"
 
+          - name: MAVEN_REPO_PASSWORD
 
+            value: "${MAVEN_REPO_PASSWORD}"
 
+          - name: MAVEN_REPO_PATH
 
+            value: "/maven2/"
 
+          - name: KIE_SERVER_ROUTER_SERVICE
 
+            value: "${KIE_SERVER_ROUTER_SERVICE}"
 
+          - name: KIE_SERVER_ROUTER_HOST
 
+            value: "${KIE_SERVER_ROUTER_HOST}"
 
+          - name: KIE_SERVER_ROUTER_PORT
 
+            value: "${KIE_SERVER_ROUTER_PORT}"
 
+          - name: KIE_SERVER_ROUTER_PROTOCOL
 
+            value: "${KIE_SERVER_ROUTER_PROTOCOL}"
 
+          - name: KIE_SERVER_MGMT_DISABLED
 
+            value: "${KIE_SERVER_MGMT_DISABLED}"
 
+          - name: KIE_SERVER_STARTUP_STRATEGY
 
+            value: "${KIE_SERVER_STARTUP_STRATEGY}"
 
+          - name: KIE_SERVER_PERSISTENCE_DS
 
+            value: "${KIE_SERVER_PERSISTENCE_DS}"
 
+          - name: DATASOURCES
 
+            value: "RHPAM"
 
+## PostgreSQL driver settings BEGIN
 
+          - name: RHPAM_DATABASE
 
+            value: "${KIE_SERVER_POSTGRESQL_DB}"
 
+          - name: RHPAM_DRIVER
 
+            value: "postgresql"
 
+          - name: RHPAM_USERNAME
 
+            value: "${KIE_SERVER_POSTGRESQL_USER}"
 
+          - name: RHPAM_PASSWORD
 
+            value: "${KIE_SERVER_POSTGRESQL_PWD}"
 
+          - name: RHPAM_SERVICE_HOST
 
+            value: "${APPLICATION_NAME}-postgresql"
 
+          - name: RHPAM_SERVICE_PORT
 
+            value: "5432"
 
+          - name: TIMER_SERVICE_DATA_STORE
 
+            value: "${APPLICATION_NAME}-postgresql"
 
+          - name: KIE_SERVER_PERSISTENCE_DIALECT
 
+            value: "org.hibernate.dialect.PostgreSQLDialect"
 
+## PostgreSQL driver settings END
 
+          - name: RHPAM_JTA
 
+            value: "true"
 
+          - name: RHPAM_JNDI
 
+            value: "${KIE_SERVER_PERSISTENCE_DS}"
 
+          - name: RHPAM_TX_ISOLATION
 
+            value: "TRANSACTION_READ_COMMITTED"
 
+          - name: TIMER_SERVICE_DATA_STORE_REFRESH_INTERVAL
 
+            value: "${TIMER_SERVICE_DATA_STORE_REFRESH_INTERVAL}"
 
+          - name: HTTPS_KEYSTORE_DIR
 
+            value: "/etc/kieserver-secret-volume"
 
+          - name: HTTPS_KEYSTORE
 
+            value: "${KIE_SERVER_HTTPS_KEYSTORE}"
 
+          - name: HTTPS_NAME
 
+            value: "${KIE_SERVER_HTTPS_NAME}"
 
+          - name: HTTPS_PASSWORD
 
+            value: "${KIE_SERVER_HTTPS_PASSWORD}"
 
+          - name: ADMIN_USERNAME
 
+            value: "${ADMIN_USERNAME}"
 
+          - name: ADMIN_PASSWORD
 
+            value: "${ADMIN_PASSWORD}"
 
+          - name: JGROUPS_PING_PROTOCOL
 
+            value: "openshift.DNS_PING"
 
+          - name: OPENSHIFT_DNS_PING_SERVICE_NAME
 
+            value: "${APPLICATION_NAME}-kieserver-ping"
 
+          - name: OPENSHIFT_DNS_PING_SERVICE_PORT
 
+            value: "8888"
 
+        volumes:
 
+        - name: kieserver-keystore-volume
 
+          secret:
 
+            secretName: "${KIE_SERVER_HTTPS_SECRET}"
 
+## PostgreSQL deployment config BEGIN
 
+- kind: DeploymentConfig
 
+  apiVersion: v1
 
+  metadata:
 
+    name: "${APPLICATION_NAME}-postgresql"
 
+    labels:
 
+      application: "${APPLICATION_NAME}"
 
+      service: "${APPLICATION_NAME}-postgresql"
 
+  spec:
 
+    strategy:
 
+      type: Recreate
 
+    triggers:
 
+    - type: ImageChange
 
+      imageChangeParams:
 
+        automatic: true
 
+        containerNames:
 
+        - "${APPLICATION_NAME}-postgresql"
 
+        from:
 
+          kind: ImageStreamTag
 
+          namespace: "${IMAGE_STREAM_NAMESPACE}"
 
+          name: "postgresql:${POSTGRESQL_IMAGE_STREAM_TAG}"
 
+    - type: ConfigChange
 
+    replicas: 1
 
+    selector:
 
+      deploymentConfig: "${APPLICATION_NAME}-postgresql"
 
+    template:
 
+      metadata:
 
+        name: "${APPLICATION_NAME}-postgresql"
 
+        labels:
 
+          deploymentConfig: "${APPLICATION_NAME}-postgresql"
 
+          application: "${APPLICATION_NAME}"
 
+          service: "${APPLICATION_NAME}-postgresql"
 
+      spec:
 
+        terminationGracePeriodSeconds: 60
 
+        containers:
 
+        - name: "${APPLICATION_NAME}-postgresql"
 
+          image: postgresql
 
+          imagePullPolicy: Always
 
+          ports:
 
+          - containerPort: 5432
 
+            protocol: TCP
 
+          volumeMounts:
 
+          - mountPath: "/var/lib/postgresql/data"
 
+            name: "${APPLICATION_NAME}-postgresql-pvol"
 
+          env:
 
+          - name: POSTGRESQL_USER
 
+            value: "${KIE_SERVER_POSTGRESQL_USER}"
 
+          - name: POSTGRESQL_PASSWORD
 
+            value: "${KIE_SERVER_POSTGRESQL_PWD}"
 
+          - name: POSTGRESQL_DATABASE
 
+            value: "${KIE_SERVER_POSTGRESQL_DB}"
 
+          - name: POSTGRESQL_MAX_PREPARED_TRANSACTIONS
 
+            value: "${POSTGRESQL_MAX_PREPARED_TRANSACTIONS}"
 
+        volumes:
 
+        - name: "${APPLICATION_NAME}-postgresql-pvol"
 
+          persistentVolumeClaim:
 
+            claimName: "${APPLICATION_NAME}-postgresql-claim"
 
+## PostgreSQL deployment config END
 
+## PostgreSQL persistent volume claim BEGIN
 
+- apiVersion: v1
 
+  kind: PersistentVolumeClaim
 
+  metadata:
 
+    name: "${APPLICATION_NAME}-postgresql-claim"
 
+    labels:
 
+      application: "${APPLICATION_NAME}"
 
+      service: "${APPLICATION_NAME}-postgresql"
 
+  spec:
 
+    accessModes:
 
+    - ReadWriteOnce
 
+    resources:
 
+      requests:
 
+        storage: "${DB_VOLUME_CAPACITY}"
 
+## PostgreSQL persistent volume claim END

+ 651 - 0
roles/openshift_examples/files/examples/v3.10/xpaas-templates/rhpam70-prod-immutable-kieserver.yaml
Xem Tập Tin 

@@ -0,0 +1,651 @@
 
+---
 
+kind: Template
 
+apiVersion: v1
 
+metadata:
 
+  annotations:
 
+    description: Application template for an immultable KIE server in a production environment, for Red Hat Process Automation Manager 7.0
 
+    iconClass: icon-jboss
 
+    tags: rhpam,jboss,xpaas
 
+    version: 1.4.0
 
+    openshift.io/display-name: Red Hat Process Automation Manager 7.0 immutable production environment
 
+  name: rhpam70-prod-immutable-kieserver
 
+labels:
 
+  template: rhpam70-prod-immutable-kieserver
 
+  xpaas: 1.4.0
 
+message: A new environment has been set up for Red Hat Process Automation Manager 7. The username/password for accessing the KIE server is ${KIE_SERVER_USER}/${KIE_SERVER_PWD}.
 
+parameters:
 
+- displayName: Application Name
 
+  description: The name for the application.
 
+  name: APPLICATION_NAME
 
+  value: myapp
 
+  required: true
 
+- displayName: EAP Admin User
 
+  description: EAP administrator username
 
+  name: ADMIN_USERNAME
 
+  value: eapadmin
 
+  required: false
 
+- displayName: EAP Admin Password
 
+  description: EAP administrator password
 
+  name: ADMIN_PASSWORD
 
+  from: "[a-zA-Z]{6}[0-9]{1}!"
 
+  generate: expression
 
+  required: false
 
+- displayName: KIE Admin User
 
+  description: KIE administrator username
 
+  name: KIE_ADMIN_USER
 
+  value: adminUser
 
+  required: false
 
+- displayName: KIE Admin Password
 
+  description: KIE administrator password
 
+  name: KIE_ADMIN_PWD
 
+  from: "[a-zA-Z]{6}[0-9]{1}!"
 
+  generate: expression
 
+  required: false
 
+- displayName: KIE Server User
 
+  description: KIE execution server username (Sets the org.kie.server.user system property)
 
+  name: KIE_SERVER_USER
 
+  value: executionUser
 
+  required: false
 
+- displayName: KIE Server Password
 
+  description: KIE execution server password, used to connect to KIE servers. Generated value can be a suggestion to use for thew s2i various (Sets the org.kie.server.pwd system property)
 
+  name: KIE_SERVER_PWD
 
+  from: "[a-zA-Z]{6}[0-9]{1}!"
 
+  generate: expression
 
+  required: false
 
+- displayName: KIE Server ID
 
+  description: The KIE server ID to use, which defaults to ${APPLICATION_NAME}-kieserver if not specified (Sets the org.kie.server.id system property).
 
+  name: KIE_SERVER_ID
 
+  value: ''
 
+  required: false
 
+- displayName: ImageStream Namespace
 
+  description: Namespace in which the ImageStreams for Red Hat Middleware images are
 
+    installed. These ImageStreams are normally installed in the openshift namespace.
 
+    You should only need to modify this if you've installed the ImageStreams in a
 
+    different namespace/project.
 
+  name: IMAGE_STREAM_NAMESPACE
 
+  value: openshift
 
+  required: true
 
+- displayName: ImageStream Tag
 
+  description: A named pointer to an image in an image stream. Default is "1.0".
 
+  name: IMAGE_STREAM_TAG
 
+  value: "1.0"
 
+  required: false
 
+- displayName: KIE Server Monitor User
 
+  description: KIE server monitor username, for optional use of the business-central-monitor (Sets the org.kie.server.controller.user system property)
 
+  name: KIE_SERVER_MONITOR_USER
 
+  value: monitorUser
 
+  required: false
 
+- displayName: KIE Server Monitor Password
 
+  description: KIE server monitor password, for optional use of the business-central-monitor (Sets the org.kie.server.controller.pwd system property)
 
+  name: KIE_SERVER_MONITOR_PWD
 
+  required: false
 
+- displayName: KIE Server Monitor Service
 
+  description: The service name for the optional business-central-monitor, where it can be reached and registered with, to allow monitoring console functionality
 
+  name: KIE_SERVER_MONITOR_SERVICE
 
+  required: false
 
+- displayName: Smart Router Service
 
+  description: The service name for the optional smart router, where it can be reached, to allow smart routing
 
+  name: KIE_SERVER_ROUTER_SERVICE
 
+  required: false
 
+- displayName: Smart Router Host
 
+  description: "The host name of the smart router, which could be the service name resolved by OpenShift or a globally resolvable domain name"
 
+  name: KIE_SERVER_ROUTER_HOST
 
+  example: "myapp-smartrouter"
 
+  required: false
 
+- displayName: Smart Router listening port
 
+  description: Port in which the smart router server listens (router property org.kie.server.router.port)
 
+  name: KIE_SERVER_ROUTER_PORT
 
+  example: "9000"
 
+  required: false
 
+- displayName: Smart Router protocol
 
+  description: KIE server router protocol (Used to build the org.kie.server.router.url.external property)
 
+  name: KIE_SERVER_ROUTER_PROTOCOL
 
+  example: "http"
 
+  required: false
 
+- displayName: KIE Server Persistence DS
 
+  description: KIE execution server persistence datasource (Sets the org.kie.server.persistence.ds system property)
 
+  name: KIE_SERVER_PERSISTENCE_DS
 
+  value: java:/jboss/datasources/rhpam
 
+  required: false
 
+## PostgreSQL database parameters BEGIN
 
+- displayName: PostgreSQL ImageStream Tag
 
+  description: The PostgreSQL image version, which is intended to correspond to the PostgreSQL version. Default is "9.6".
 
+  name: POSTGRESQL_IMAGE_STREAM_TAG
 
+  value: "9.6"
 
+  required: false
 
+- displayName: KIE Server PostgreSQL Database User
 
+  description: KIE execution server PostgreSQL database username
 
+  name: KIE_SERVER_POSTGRESQL_USER
 
+  value: rhpam
 
+  required: false
 
+- displayName: KIE Server PostgreSQL Database Password
 
+  description: KIE execution server PostgreSQL database password
 
+  name: KIE_SERVER_POSTGRESQL_PWD
 
+  from: "[a-zA-Z]{6}[0-9]{1}!"
 
+  generate: expression
 
+  required: false
 
+- displayName: KIE Server PostgreSQL Database Name
 
+  description: KIE execution server PostgreSQL database name
 
+  name: KIE_SERVER_POSTGRESQL_DB
 
+  value: rhpam7
 
+  required: false
 
+- displayName: PostgreSQL Database max prepared connections
 
+  description: Allows the PostgreSQL to handle XA transactions.
 
+  name: POSTGRESQL_MAX_PREPARED_TRANSACTIONS
 
+  value: '100'
 
+  required: true
 
+- displayName: Database Volume Capacity
 
+  description: Size of persistent storage for database volume.
 
+  name: DB_VOLUME_CAPACITY
 
+  value: 1Gi
 
+  required: true
 
+## PostgreSQL database parameters END
 
+- displayName: Drools Server Filter Classes
 
+  description: KIE execution server class filtering (Sets the org.drools.server.filter.classes system property)
 
+  name: DROOLS_SERVER_FILTER_CLASSES
 
+  value: 'true'
 
+  required: false
 
+- displayName: KIE MBeans
 
+  description: KIE execution server mbeans enabled/disabled (Sets the kie.mbeans and kie.scanner.mbeans system properties)
 
+  name: KIE_MBEANS
 
+  value: enabled
 
+  required: false
 
+- displayName: Execution Server Custom http Route Hostname
 
+  description: 'Custom hostname for http service route.  Leave blank for default hostname,
 
+    e.g.: <application-name>-kieserver-<project>.<default-domain-suffix>'
 
+  name: EXECUTION_SERVER_HOSTNAME_HTTP
 
+  value: ''
 
+  required: false
 
+- displayName: Execution Server Custom https Route Hostname
 
+  description: 'Custom hostname for https service route.  Leave blank for default
 
+    hostname, e.g.: secure-<application-name>-kieserver-<project>.<default-domain-suffix>'
 
+  name: EXECUTION_SERVER_HOSTNAME_HTTPS
 
+  value: ''
 
+  required: false
 
+- displayName: KIE Server Keystore Secret Name
 
+  description: The name of the secret containing the keystore file
 
+  name: KIE_SERVER_HTTPS_SECRET
 
+  example: kieserver-app-secret
 
+  required: true
 
+- displayName: KIE Server Keystore Filename
 
+  description: The name of the keystore file within the secret
 
+  name: KIE_SERVER_HTTPS_KEYSTORE
 
+  value: keystore.jks
 
+  required: false
 
+- displayName: KIE Server Certificate Name
 
+  description: The name associated with the server certificate
 
+  name: KIE_SERVER_HTTPS_NAME
 
+  value: jboss
 
+  required: false
 
+- displayName: KIE Server Keystore Password
 
+  description: The password for the keystore and certificate
 
+  name: KIE_SERVER_HTTPS_PASSWORD
 
+  value: mykeystorepass
 
+  required: false
 
+- displayName: KIE Server Bypass Auth User
 
+  description: KIE execution server bypass auth user (Sets the org.kie.server.bypass.auth.user system property)
 
+  name: KIE_SERVER_BYPASS_AUTH_USER
 
+  value: 'false'
 
+  required: false
 
+- displayName: KIE Server Container Deployment
 
+  description: 'KIE Server Container deployment configuration in format: containerId=groupId:artifactId:version|c2=g2:a2:v2'
 
+  name: KIE_SERVER_CONTAINER_DEPLOYMENT
 
+  example: rhpam-kieserver-library=org.openshift.quickstarts:rhpam-kieserver-library:1.4.0-SNAPSHOT
 
+  required: true
 
+- displayName: Git Repository URL
 
+  description: Git source URI for application
 
+  name: SOURCE_REPOSITORY_URL
 
+  example: https://github.com/jboss-container-images/rhpam-7-openshift-image.git
 
+  required: true
 
+- displayName: Git Reference
 
+  description: Git branch/tag reference
 
+  name: SOURCE_REPOSITORY_REF
 
+  example: rhpam70-dev
 
+  required: false
 
+- displayName: Context Directory
 
+  description: Path within Git project to build; empty for root project directory.
 
+  name: CONTEXT_DIR
 
+  example: quickstarts/library-process/library
 
+  required: false
 
+- displayName: Github Webhook Secret
 
+  description: GitHub trigger secret
 
+  name: GITHUB_WEBHOOK_SECRET
 
+  from: "[a-zA-Z0-9]{8}"
 
+  generate: expression
 
+  required: true
 
+- displayName: Generic Webhook Secret
 
+  description: Generic build trigger secret
 
+  name: GENERIC_WEBHOOK_SECRET
 
+  from: "[a-zA-Z0-9]{8}"
 
+  generate: expression
 
+  required: true
 
+- displayName: Maven mirror URL
 
+  description: Maven mirror to use for S2I builds
 
+  name: MAVEN_MIRROR_URL
 
+  value: ''
 
+  required: false
 
+- displayName: Maven repository URL
 
+  description: Fully qualified URL to a Maven repository.
 
+  name: MAVEN_REPO_URL
 
+  value: ''
 
+  required: false
 
+- displayName: Maven repository username
 
+  description: Username to access the Maven repository.
 
+  name: MAVEN_REPO_USERNAME
 
+  value: ''
 
+  required: false
 
+- displayName: Maven repository password
 
+  description: Password to access the Maven repository.
 
+  name: MAVEN_REPO_PASSWORD
 
+  value: ''
 
+  required: false
 
+- description: List of directories from which archives will be copied into the deployment folder. If unspecified, all archives in /target will be copied.
 
+  name: ARTIFACT_DIR
 
+  value: ''
 
+  required: false
 
+- displayName: "Timer service data store refresh interval (in milliseconds)"
 
+  description: "Sets refresh-interval for the EJB timer service database-data-store."
 
+  name: TIMER_SERVICE_DATA_STORE_REFRESH_INTERVAL
 
+  value: '30000'
 
+  required: false
 
+- displayName: Execution Server Container Memory Limit
 
+  description: Execution Server Container memory limit
 
+  name: EXECUTION_SERVER_MEMORY_LIMIT
 
+  value: 1Gi
 
+  required: false
 
+- displayName: Disable KIE Server Management
 
+  description: "Disable management api and don't allow KIE containers to be deployed/undeployed or started/stopped sets the property org.kie.server.mgmt.api.disabled to true and org.kie.server.startup.strategy to LocalContainersStartupStrategy."
 
+  name: KIE_SERVER_MGMT_DISABLED
 
+  value: "true"
 
+  required: true
 
+- displayName: KIE Server Startup Strategy
 
+  description: "When set to LocalContainersStartupStrategy, allows KIE server to start up and function with local config, even when a controller is configured and unavailable."
 
+  name: KIE_SERVER_STARTUP_STRATEGY
 
+  value: LocalContainersStartupStrategy
 
+  required: true
 
+objects:
 
+- kind: Service
 
+  apiVersion: v1
 
+  spec:
 
+    ports:
 
+    - name: http
 
+      port: 8080
 
+      targetPort: 8080
 
+    - name: https
 
+      port: 8443
 
+      targetPort: 8443
 
+    selector:
 
+      deploymentConfig: "${APPLICATION_NAME}-kieserver"
 
+  metadata:
 
+    name: "${APPLICATION_NAME}-kieserver"
 
+    labels:
 
+      application: "${APPLICATION_NAME}"
 
+      service: "${APPLICATION_NAME}-kieserver"
 
+    annotations:
 
+      description: All the KIE server web server's ports.
 
+- kind: Service
 
+  apiVersion: v1
 
+  spec:
 
+    clusterIP: "None"
 
+    ports:
 
+    - name: "ping"
 
+      port: 8888
 
+    selector:
 
+      deploymentConfig: "${APPLICATION_NAME}-kieserver"
 
+  metadata:
 
+    name: "${APPLICATION_NAME}-kieserver-ping"
 
+    labels:
 
+      application: "${APPLICATION_NAME}"
 
+      service: "${APPLICATION_NAME}-kieserver"
 
+    annotations:
 
+      service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"
 
+      description: "The JGroups ping port for clustering."
 
+## PostgreSQL service BEGIN
 
+- apiVersion: v1
 
+  kind: Service
 
+  metadata:
 
+    annotations:
 
+      description: The database server's port.
 
+    labels:
 
+      application: ${APPLICATION_NAME}
 
+      service: "${APPLICATION_NAME}-postgresql"
 
+    name: ${APPLICATION_NAME}-postgresql
 
+  spec:
 
+    ports:
 
+    - port: 5432
 
+      targetPort: 5432
 
+    selector:
 
+      deploymentConfig: ${APPLICATION_NAME}-postgresql
 
+## PostgreSQL service END
 
+- kind: Route
 
+  apiVersion: v1
 
+  id: "${APPLICATION_NAME}-kieserver-http"
 
+  metadata:
 
+    name: "${APPLICATION_NAME}-kieserver"
 
+    labels:
 
+      application: "${APPLICATION_NAME}"
 
+      service: "${APPLICATION_NAME}-kieserver"
 
+    annotations:
 
+      description: Route for KIE server's http service.
 
+  spec:
 
+    host: "${EXECUTION_SERVER_HOSTNAME_HTTP}"
 
+    to:
 
+      name: "${APPLICATION_NAME}-kieserver"
 
+    port:
 
+      targetPort: http
 
+- kind: Route
 
+  apiVersion: v1
 
+  id: "${APPLICATION_NAME}-kieserver-https"
 
+  metadata:
 
+    name: "secure-${APPLICATION_NAME}-kieserver"
 
+    labels:
 
+      application: "${APPLICATION_NAME}"
 
+      service: "${APPLICATION_NAME}-kieserver"
 
+    annotations:
 
+      description: Route for KIE server's https service.
 
+  spec:
 
+    host: "${EXECUTION_SERVER_HOSTNAME_HTTPS}"
 
+    to:
 
+      name: "${APPLICATION_NAME}-kieserver"
 
+    port:
 
+      targetPort: https
 
+    tls:
 
+      termination: passthrough
 
+- kind: ImageStream
 
+  apiVersion: v1
 
+  metadata:
 
+    name: "${APPLICATION_NAME}-kieserver"
 
+    labels:
 
+      application: "${APPLICATION_NAME}"
 
+      service: "${APPLICATION_NAME}-kieserver"
 
+- kind: BuildConfig
 
+  apiVersion: v1
 
+  metadata:
 
+    name: "${APPLICATION_NAME}-kieserver"
 
+    labels:
 
+      application: "${APPLICATION_NAME}"
 
+      service: "${APPLICATION_NAME}-kieserver"
 
+  spec:
 
+    source:
 
+      type: Git
 
+      git:
 
+        uri: "${SOURCE_REPOSITORY_URL}"
 
+        ref: "${SOURCE_REPOSITORY_REF}"
 
+      contextDir: "${CONTEXT_DIR}"
 
+    strategy:
 
+      type: Source
 
+      sourceStrategy:
 
+        env:
 
+        - name: KIE_SERVER_CONTAINER_DEPLOYMENT
 
+          value: "${KIE_SERVER_CONTAINER_DEPLOYMENT}"
 
+        - name: MAVEN_MIRROR_URL
 
+          value: "${MAVEN_MIRROR_URL}"
 
+        - name: ARTIFACT_DIR
 
+          value: "${ARTIFACT_DIR}"
 
+        forcePull: true
 
+        from:
 
+          kind: ImageStreamTag
 
+          namespace: "${IMAGE_STREAM_NAMESPACE}"
 
+          name: "rhpam70-kieserver-openshift:${IMAGE_STREAM_TAG}"
 
+    output:
 
+      to:
 
+        kind: ImageStreamTag
 
+        name: "${APPLICATION_NAME}-kieserver:latest"
 
+    triggers:
 
+    - type: GitHub
 
+      github:
 
+        secret: "${GITHUB_WEBHOOK_SECRET}"
 
+    - type: Generic
 
+      generic:
 
+        secret: "${GENERIC_WEBHOOK_SECRET}"
 
+    - type: ImageChange
 
+      imageChange: {}
 
+    - type: ConfigChange
 
+- kind: DeploymentConfig
 
+  apiVersion: v1
 
+  metadata:
 
+    name: "${APPLICATION_NAME}-kieserver"
 
+    labels:
 
+      application: "${APPLICATION_NAME}"
 
+      service: "${APPLICATION_NAME}-kieserver"
 
+  spec:
 
+    strategy:
 
+      type: Recreate
 
+    triggers:
 
+    - type: ImageChange
 
+      imageChangeParams:
 
+        automatic: true
 
+        containerNames:
 
+        - "${APPLICATION_NAME}-kieserver"
 
+        from:
 
+          kind: ImageStream
 
+          name: "${APPLICATION_NAME}-kieserver"
 
+    - type: ConfigChange
 
+    replicas: 2
 
+    selector:
 
+      deploymentConfig: "${APPLICATION_NAME}-kieserver"
 
+    template:
 
+      metadata:
 
+        name: "${APPLICATION_NAME}-kieserver"
 
+        labels:
 
+          deploymentConfig: "${APPLICATION_NAME}-kieserver"
 
+          application: "${APPLICATION_NAME}"
 
+          service: "${APPLICATION_NAME}-kieserver"
 
+      spec:
 
+        terminationGracePeriodSeconds: 60
 
+        containers:
 
+        - name: "${APPLICATION_NAME}-kieserver"
 
+          image: "${APPLICATION_NAME}-kieserver"
 
+          imagePullPolicy: Always
 
+          resources:
 
+            limits:
 
+              memory: "${EXECUTION_SERVER_MEMORY_LIMIT}"
 
+          volumeMounts:
 
+          - name: kieserver-keystore-volume
 
+            mountPath: "/etc/kieserver-secret-volume"
 
+            readOnly: true
 
+          livenessProbe:
 
+            exec:
 
+              command:
 
+              - "/bin/bash"
 
+              - "-c"
 
+              - "curl --fail --silent -u '${KIE_ADMIN_USER}:${KIE_ADMIN_PWD}' http://localhost:8080/services/rest/server/healthcheck"
 
+            initialDelaySeconds: 180
 
+            timeoutSeconds: 2
 
+            periodSeconds: 15
 
+            failureThreshold: 3
 
+          readinessProbe:
 
+            exec:
 
+              command:
 
+              - "/bin/bash"
 
+              - "-c"
 
+              - "curl --fail --silent -u '${KIE_ADMIN_USER}:${KIE_ADMIN_PWD}' http://localhost:8080/services/rest/server/readycheck"
 
+            initialDelaySeconds: 60
 
+            timeoutSeconds: 2
 
+            periodSeconds: 30
 
+            failureThreshold: 6
 
+          ports:
 
+          - name: jolokia
 
+            containerPort: 8778
 
+            protocol: TCP
 
+          - name: http
 
+            containerPort: 8080
 
+            protocol: TCP
 
+          - name: https
 
+            containerPort: 8443
 
+            protocol: TCP
 
+          - name: ping
 
+            containerPort: 8888
 
+            protocol: TCP
 
+          env:
 
+          - name: DROOLS_SERVER_FILTER_CLASSES
 
+            value: "${DROOLS_SERVER_FILTER_CLASSES}"
 
+          - name: KIE_ADMIN_USER
 
+            value: "${KIE_ADMIN_USER}"
 
+          - name: KIE_ADMIN_PWD
 
+            value: "${KIE_ADMIN_PWD}"
 
+          - name: KIE_MBEANS
 
+            value: "${KIE_MBEANS}"
 
+          - name: KIE_SERVER_BYPASS_AUTH_USER
 
+            value: "${KIE_SERVER_BYPASS_AUTH_USER}"
 
+          - name: KIE_SERVER_CONTROLLER_USER
 
+            value: "${KIE_SERVER_MONITOR_USER}"
 
+          - name: KIE_SERVER_CONTROLLER_PWD
 
+            value: "${KIE_SERVER_MONITOR_PWD}"
 
+          - name: KIE_SERVER_CONTROLLER_SERVICE
 
+            value: "${KIE_SERVER_MONITOR_SERVICE}"
 
+          - name: KIE_SERVER_ID
 
+            value: "${KIE_SERVER_ID}"
 
+          - name: KIE_SERVER_HOST
 
+            valueFrom:
 
+              fieldRef:
 
+                fieldPath: status.podIP
 
+          - name: KIE_SERVER_USER
 
+            value: "${KIE_SERVER_USER}"
 
+          - name: KIE_SERVER_PWD
 
+            value: "${KIE_SERVER_PWD}"
 
+          - name: KIE_SERVER_CONTAINER_DEPLOYMENT
 
+            value: "${KIE_SERVER_CONTAINER_DEPLOYMENT}"
 
+          - name: MAVEN_REPO_URL
 
+            value: "${MAVEN_REPO_URL}"
 
+          - name: MAVEN_REPO_USERNAME
 
+            value: "${MAVEN_REPO_USERNAME}"
 
+          - name: MAVEN_REPO_PASSWORD
 
+            value: "${MAVEN_REPO_PASSWORD}"
 
+          - name: MAVEN_REPO_SERVICE
 
+            value: ""
 
+          - name: MAVEN_REPO_PATH
 
+            value: "/maven2/"
 
+          - name: KIE_SERVER_ROUTER_SERVICE
 
+            value: "${KIE_SERVER_ROUTER_SERVICE}"
 
+          - name: KIE_SERVER_ROUTER_HOST
 
+            value: "${KIE_SERVER_ROUTER_HOST}"
 
+          - name: KIE_SERVER_ROUTER_PORT
 
+            value: "${KIE_SERVER_ROUTER_PORT}"
 
+          - name: KIE_SERVER_ROUTER_PROTOCOL
 
+            value: "${KIE_SERVER_ROUTER_PROTOCOL}"
 
+          - name: KIE_SERVER_PERSISTENCE_DS
 
+            value: "${KIE_SERVER_PERSISTENCE_DS}"
 
+          - name: DATASOURCES
 
+            value: "RHPAM"
 
+          - name: RHPAM_DATABASE
 
+            value: "${KIE_SERVER_POSTGRESQL_DB}"
 
+          - name: RHPAM_JNDI
 
+            value: "${KIE_SERVER_PERSISTENCE_DS}"
 
+          - name: RHPAM_JTA
 
+            value: "true"
 
+## PostgreSQL driver settings BEGIN
 
+          - name: RHPAM_DRIVER
 
+            value: "postgresql"
 
+          - name: KIE_SERVER_PERSISTENCE_DIALECT
 
+            value: "org.hibernate.dialect.PostgreSQLDialect"
 
+          - name: RHPAM_TX_ISOLATION
 
+            value: "TRANSACTION_READ_COMMITTED"
 
+          - name: RHPAM_USERNAME
 
+            value: "${KIE_SERVER_POSTGRESQL_USER}"
 
+          - name: RHPAM_PASSWORD
 
+            value: "${KIE_SERVER_POSTGRESQL_PWD}"
 
+          - name: RHPAM_SERVICE_HOST
 
+            value: "${APPLICATION_NAME}-postgresql"
 
+          - name: RHPAM_SERVICE_PORT
 
+            value: "5432"
 
+          - name: TIMER_SERVICE_DATA_STORE
 
+            value: "${APPLICATION_NAME}-postgresql"
 
+## PostgreSQL driver settings END
 
+          - name: TIMER_SERVICE_DATA_STORE_REFRESH_INTERVAL
 
+            value: "${TIMER_SERVICE_DATA_STORE_REFRESH_INTERVAL}"
 
+          - name: HTTPS_KEYSTORE_DIR
 
+            value: "/etc/kieserver-secret-volume"
 
+          - name: HTTPS_KEYSTORE
 
+            value: "${KIE_SERVER_HTTPS_KEYSTORE}"
 
+          - name: HTTPS_NAME
 
+            value: "${KIE_SERVER_HTTPS_NAME}"
 
+          - name: HTTPS_PASSWORD
 
+            value: "${KIE_SERVER_HTTPS_PASSWORD}"
 
+          - name: KIE_SERVER_MGMT_DISABLED
 
+            value: "${KIE_SERVER_MGMT_DISABLED}"
 
+          - name: KIE_SERVER_STARTUP_STRATEGY
 
+            value: "${KIE_SERVER_STARTUP_STRATEGY}"
 
+          - name: JGROUPS_PING_PROTOCOL
 
+            value: "openshift.DNS_PING"
 
+          - name: OPENSHIFT_DNS_PING_SERVICE_NAME
 
+            value: "${APPLICATION_NAME}-kieserver-ping"
 
+          - name: OPENSHIFT_DNS_PING_SERVICE_PORT
 
+            value: "8888"
 
+        volumes:
 
+        - name: kieserver-keystore-volume
 
+          secret:
 
+            secretName: "${KIE_SERVER_HTTPS_SECRET}"
 
+## PostgreSQL deployment config BEGIN
 
+- kind: DeploymentConfig
 
+  apiVersion: v1
 
+  metadata:
 
+    name: "${APPLICATION_NAME}-postgresql"
 
+    labels:
 
+      application: "${APPLICATION_NAME}"
 
+      service: "${APPLICATION_NAME}-postgresql"
 
+  spec:
 
+    strategy:
 
+      type: Recreate
 
+    triggers:
 
+    - type: ImageChange
 
+      imageChangeParams:
 
+        automatic: true
 
+        containerNames:
 
+        - "${APPLICATION_NAME}-postgresql"
 
+        from:
 
+          kind: ImageStreamTag
 
+          namespace: "${IMAGE_STREAM_NAMESPACE}"
 
+          name: "postgresql:${POSTGRESQL_IMAGE_STREAM_TAG}"
 
+    - type: ConfigChange
 
+    replicas: 1
 
+    selector:
 
+      deploymentConfig: "${APPLICATION_NAME}-postgresql"
 
+    template:
 
+      metadata:
 
+        name: "${APPLICATION_NAME}-postgresql"
 
+        labels:
 
+          deploymentConfig: "${APPLICATION_NAME}-postgresql"
 
+          application: "${APPLICATION_NAME}"
 
+          service: "${APPLICATION_NAME}-postgresql"
 
+      spec:
 
+        terminationGracePeriodSeconds: 60
 
+        containers:
 
+        - name: "${APPLICATION_NAME}-postgresql"
 
+          image: postgresql
 
+          imagePullPolicy: Always
 
+          ports:
 
+          - containerPort: 5432
 
+            protocol: TCP
 
+          volumeMounts:
 
+          - mountPath: "/var/lib/postgresql/data"
 
+            name: "${APPLICATION_NAME}-postgresql-pvol"
 
+          env:
 
+          - name: POSTGRESQL_USER
 
+            value: "${KIE_SERVER_POSTGRESQL_USER}"
 
+          - name: POSTGRESQL_PASSWORD
 
+            value: "${KIE_SERVER_POSTGRESQL_PWD}"
 
+          - name: POSTGRESQL_DATABASE
 
+            value: "${KIE_SERVER_POSTGRESQL_DB}"
 
+          - name: POSTGRESQL_MAX_PREPARED_TRANSACTIONS
 
+            value: "${POSTGRESQL_MAX_PREPARED_TRANSACTIONS}"
 
+        volumes:
 
+        - name: "${APPLICATION_NAME}-postgresql-pvol"
 
+          persistentVolumeClaim:
 
+            claimName: "${APPLICATION_NAME}-postgresql-claim"
 
+## PostgreSQL deployment config END
 
+## PostgreSQL persistent volume claim BEGIN
 
+- apiVersion: v1
 
+  kind: PersistentVolumeClaim
 
+  metadata:
 
+    name: "${APPLICATION_NAME}-postgresql-claim"
 
+    labels:
 
+      application: "${APPLICATION_NAME}"
 
+      service: "${APPLICATION_NAME}-postgresql"
 
+  spec:
 
+    accessModes:
 
+    - ReadWriteOnce
 
+    resources:
 
+      requests:
 
+        storage: "${DB_VOLUME_CAPACITY}"
 
+## PostgreSQL persistent volume claim END

+ 558 - 0
roles/openshift_examples/files/examples/v3.10/xpaas-templates/rhpam70-prod-immutable-monitor.yaml
Xem Tập Tin 

@@ -0,0 +1,558 @@
 
+---
 
+kind: Template
 
+apiVersion: v1
 
+metadata:
 
+  annotations:
 
+    description: Application template for a router and monitoring console in a production environment, for Red Hat Process Automation Manager 7.0
 
+    iconClass: icon-jboss
 
+    tags: rhpam,jboss,xpaas
 
+    version: 1.4.0
 
+    openshift.io/display-name: Red Hat Process Automation Manager 7.0 production monitoring environment
 
+  name: rhpam70-prod-immutable-monitor
 
+labels:
 
+  template: rhpam70-prod-immutable-monitor
 
+  xpaas: 1.4.0
 
+message: A new environment has been set up for Red Hat Process Automation Manager 7. To create a new KIE server and connect to this monitoring console/router, enter
 
+  oc new-app -f rhpam70-prod-immutable-kieserver.yaml -p KIE_ADMIN_PWD=${KIE_ADMIN_PWD} -p KIE_SERVER_PWD=${KIE_SERVER_PWD} -p KIE_SERVER_MONITOR_PWD=${KIE_SERVER_MONITOR_PWD} -p KIE_SERVER_MONITOR_SERVICE=${APPLICATION_NAME}-rhpamcentrmon -p KIE_SERVER_ROUTER_SERVICE=${APPLICATION_NAME}-smartrouter -p SOURCE_REPOSITORY_URL=https://example.com/xxxx.git -p CONTEXT_DIR=rootDir -p KIE_SERVER_CONTAINER_DEPLOYMENT=containerId=G:A:V
 
+parameters:
 
+- displayName: Application Name
 
+  description: The name for the application.
 
+  name: APPLICATION_NAME
 
+  value: myapp
 
+  required: true
 
+- displayName: Maven repository URL
 
+  description: Fully qualified URL to a Maven repository or service.
 
+  name: MAVEN_REPO_URL
 
+  example: http://nexus.nexus-project.svc.cluster.local:8081/nexus/content/groups/public/
 
+  required: false
 
+- displayName: Maven repository username
 
+  description: Username to access the Maven repository, if required.
 
+  name: MAVEN_REPO_USERNAME
 
+  required: false
 
+- displayName: Maven repository password
 
+  description: Password to access the Maven repository, if required.
 
+  name: MAVEN_REPO_PASSWORD
 
+  required: false
 
+- displayName: EAP Admin User
 
+  description: EAP administrator username
 
+  name: ADMIN_USERNAME
 
+  value: eapadmin
 
+  required: false
 
+- displayName: EAP Admin Password
 
+  description: EAP administrator password
 
+  name: ADMIN_PASSWORD
 
+  from: "[a-zA-Z]{6}[0-9]{1}!"
 
+  generate: expression
 
+  required: false
 
+- displayName: KIE Admin User
 
+  description: KIE administrator username
 
+  name: KIE_ADMIN_USER
 
+  value: adminUser
 
+  required: false
 
+- displayName: KIE Admin Password
 
+  description: KIE administrator password
 
+  name: KIE_ADMIN_PWD
 
+  from: "[a-zA-Z]{6}[0-9]{1}!"
 
+  generate: expression
 
+  required: false
 
+- displayName: KIE Server User
 
+  description: KIE execution server username (Sets the org.kie.server.user system property)
 
+  name: KIE_SERVER_USER
 
+  value: executionUser
 
+  required: false
 
+- displayName: KIE Server Password
 
+  description: KIE execution server password, used to connect to KIE servers. Generated value can be a suggestion to use for thew s2i various (Sets the org.kie.server.pwd system property)
 
+  name: KIE_SERVER_PWD
 
+  from: "[a-zA-Z]{6}[0-9]{1}!"
 
+  generate: expression
 
+  required: false
 
+- displayName: ImageStream Namespace
 
+  description: Namespace in which the ImageStreams for Red Hat Middleware images are
 
+    installed. These ImageStreams are normally installed in the openshift namespace.
 
+    You should only need to modify this if you've installed the ImageStreams in a
 
+    different namespace/project.
 
+  name: IMAGE_STREAM_NAMESPACE
 
+  value: openshift
 
+  required: true
 
+- displayName: ImageStream Tag
 
+  description: A named pointer to an image in an image stream. Default is "1.0".
 
+  name: IMAGE_STREAM_TAG
 
+  value: "1.0"
 
+  required: false
 
+- displayName: Smart Router Custom http Route Hostname
 
+  description: Custom hostname for http service route.  Leave blank for default hostname, e.g. <application-name>-smartrouter-<project>.<default-domain-suffix>'
 
+  name: SMART_ROUTER_HOSTNAME_HTTP
 
+  value: ''
 
+  required: false
 
+- displayName: Smart Router ID
 
+  description: Router ID used when connecting to the controller (router property org.kie.server.router.id)
 
+  name: KIE_SERVER_ROUTER_ID
 
+  value: kie-server-router
 
+- displayName: Smart Router listening port
 
+  description: Port in which the smart router server listens (router property org.kie.server.router.port)
 
+  name: KIE_SERVER_ROUTER_PORT
 
+  example: "9000"
 
+  required: false
 
+- displayName: Smart Router protocol
 
+  description: KIE server router protocol (Used to build the org.kie.server.router.url.external property)
 
+  name: KIE_SERVER_ROUTER_PROTOCOL
 
+  example: "http"
 
+  required: false
 
+- displayName: Smart Router external URL
 
+  description: Public URL where the router can be found. Format http://<host>:<port>  (router property org.kie.server.router.url.external)
 
+  name: KIE_SERVER_ROUTER_URL_EXTERNAL
 
+- displayName: Smart Router name
 
+  description: Router name used when connecting to the controller (router property org.kie.server.router.name)
 
+  name: KIE_SERVER_ROUTER_NAME
 
+  value: KIE Server Router
 
+- displayName: KIE Server Monitor User
 
+  description: KIE server monitor username (Sets the org.kie.server.controller.user system property)
 
+  name: KIE_SERVER_MONITOR_USER
 
+  value: monitorUser
 
+  required: false
 
+- displayName: KIE Server Monitor Password
 
+  description: KIE server monitor password (Sets the org.kie.server.controller.pwd system property)
 
+  name: KIE_SERVER_MONITOR_PWD
 
+  from: "[a-zA-Z]{6}[0-9]{1}!"
 
+  generate: expression
 
+  required: false
 
+- displayName: JGroups Cluster Password
 
+  description: JGroups Cluster Password, used to establish an EAP cluster on OpenShift
 
+  name: JGROUPS_CLUSTER_PASSWORD
 
+  from: "[a-zA-Z]{6}[0-9]{1}!"
 
+  generate: expression
 
+  required: true
 
+- displayName: KIE MBeans
 
+  description: KIE mbeans enabled/disabled (Sets the kie.mbeans and kie.scanner.mbeans system properties)
 
+  name: KIE_MBEANS
 
+  value: enabled
 
+  required: false
 
+- displayName: Business Central Custom http Route Hostname
 
+  description: 'Custom hostname for http service route.  Leave blank for default hostname,
 
+    e.g.: <application-name>-rhpamcentrmon-<project>.<default-domain-suffix>'
 
+  name: BUSINESS_CENTRAL_HOSTNAME_HTTP
 
+  value: ''
 
+  required: false
 
+- displayName: Business Central Custom https Route Hostname
 
+  description: 'Custom hostname for https service route.  Leave blank for default
 
+    hostname, e.g.: secure-<application-name>-rhpamcentrmon-<project>.<default-domain-suffix>'
 
+  name: BUSINESS_CENTRAL_HOSTNAME_HTTPS
 
+  value: ''
 
+  required: false
 
+- displayName: Business Central Server Keystore Secret Name
 
+  description: The name of the secret containing the keystore file
 
+  name: BUSINESS_CENTRAL_HTTPS_SECRET
 
+  example: businesscentral-app-secret
 
+  required: true
 
+- displayName: Business Central Server Keystore Filename
 
+  description: The name of the keystore file within the secret
 
+  name: BUSINESS_CENTRAL_HTTPS_KEYSTORE
 
+  value: keystore.jks
 
+  required: false
 
+- displayName: Business Central Server Certificate Name
 
+  description: The name associated with the server certificate
 
+  name: BUSINESS_CENTRAL_HTTPS_NAME
 
+  value: jboss
 
+  required: false
 
+- displayName: Business Central Server Keystore Password
 
+  description: The password for the keystore and certificate
 
+  name: BUSINESS_CENTRAL_HTTPS_PASSWORD
 
+  value: mykeystorepass
 
+  required: false
 
+- displayName: Smart Router Custom http Route Hostname
 
+  description: 'Custom hostname for http service route.  Leave blank for default hostname,
 
+    e.g.: <application-name>-rhpamcentrmon-<project>.<default-domain-suffix>'
 
+  name: SMART_ROUTER_HOSTNAME_HTTP
 
+  value: ''
 
+  required: false
 
+- displayName: Business Central Container Memory Limit
 
+  description: Business Central Container memory limit
 
+  name: BUSINESS_CENTRAL_MEMORY_LIMIT
 
+  value: 2Gi
 
+  required: false
 
+- displayName: Smart Router Container Memory Limit
 
+  description: Smart Router Container memory limit
 
+  name: SMART_ROUTER_MEMORY_LIMIT
 
+  value: 512Mi
 
+  required: false
 
+- displayName: RH-SSO URL
 
+  description: RH-SSO URL
 
+  name: SSO_URL
 
+  example: https://rh-sso.example.com/auth
 
+  required: false
 
+- displayName: RH-SSO Realm name
 
+  description: RH-SSO Realm name
 
+  name: SSO_REALM
 
+  required: false
 
+- displayName: Business Central Monitoring RH-SSO Client name
 
+  description: Business Central Monitoring RH-SSO Client name
 
+  name: BUSINESS_CENTRAL_SSO_CLIENT
 
+  required: false
 
+- displayName: Business Central Monitoring RH-SSO Client Secret
 
+  description: Business Central Monitoring RH-SSO Client Secret
 
+  name: BUSINESS_CENTRAL_SSO_SECRET
 
+  example: "252793ed-7118-4ca8-8dab-5622fa97d892"
 
+  required: false
 
+- displayName: RH-SSO Realm Admin Username
 
+  description: RH-SSO Realm Admin Username used to create the Client if it doesn't exist
 
+  name: SSO_USERNAME
 
+  required: false
 
+- displayName: RH-SSO Realm Admin Password
 
+  description: RH-SSO Realm Admin Password used to create the Client
 
+  name: SSO_PASSWORD
 
+  required: false
 
+- displayName: RH-SSO Disable SSL Certificate Validation
 
+  description: RH-SSO Disable SSL Certificate Validation
 
+  name: SSO_DISABLE_SSL_CERTIFICATE_VALIDATION
 
+  value: "false"
 
+  required: false
 
+objects:
 
+- kind: Service
 
+  apiVersion: v1
 
+  spec:
 
+    ports:
 
+    - name: http
 
+      port: 8080
 
+      targetPort: 8080
 
+    - name: https
 
+      port: 8443
 
+      targetPort: 8443
 
+    selector:
 
+      deploymentConfig: "${APPLICATION_NAME}-rhpamcentrmon"
 
+  metadata:
 
+    name: "${APPLICATION_NAME}-rhpamcentrmon"
 
+    labels:
 
+      application: "${APPLICATION_NAME}"
 
+      service: "${APPLICATION_NAME}-rhpamcentrmon"
 
+    annotations:
 
+      description: All the Business Central Monitoring web server's ports.
 
+- kind: Service
 
+  apiVersion: v1
 
+  spec:
 
+    clusterIP: "None"
 
+    ports:
 
+    - name: "ping"
 
+      port: 8888
 
+    selector:
 
+      deploymentConfig: "${APPLICATION_NAME}-rhpamcentrmon"
 
+  metadata:
 
+    name: "${APPLICATION_NAME}-rhpamcentrmon-ping"
 
+    labels:
 
+      application: "${APPLICATION_NAME}"
 
+      service: "${APPLICATION_NAME}-rhpamcentrmon"
 
+    annotations:
 
+      service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"
 
+      description: "The JGroups ping port for clustering."
 
+- kind: Service
 
+  apiVersion: v1
 
+  spec:
 
+    ports:
 
+    - port: 9000
 
+      targetPort: 9000
 
+    selector:
 
+      deploymentConfig: "${APPLICATION_NAME}-smartrouter"
 
+  metadata:
 
+    name: "${APPLICATION_NAME}-smartrouter"
 
+    labels:
 
+      application: "${APPLICATION_NAME}"
 
+      service: "${APPLICATION_NAME}-smartrouter"
 
+    annotations:
 
+      description: The smart router server http port.
 
+- kind: Route
 
+  apiVersion: v1
 
+  id: "${APPLICATION_NAME}-rhpamcentrmon-http"
 
+  metadata:
 
+    name: "${APPLICATION_NAME}-rhpamcentrmon"
 
+    labels:
 
+      application: "${APPLICATION_NAME}"
 
+      service: "${APPLICATION_NAME}-rhpamcentrmon"
 
+    annotations:
 
+      description: Route for Business Central Monitoring's http service.
 
+      haproxy.router.openshift.io/timeout: 60s
 
+  spec:
 
+    host: "${BUSINESS_CENTRAL_HOSTNAME_HTTP}"
 
+    to:
 
+      name: "${APPLICATION_NAME}-rhpamcentrmon"
 
+    port:
 
+      targetPort: http
 
+- kind: Route
 
+  apiVersion: v1
 
+  id: "${APPLICATION_NAME}-rhpamcentrmon-https"
 
+  metadata:
 
+    name: "secure-${APPLICATION_NAME}-rhpamcentrmon"
 
+    labels:
 
+      application: "${APPLICATION_NAME}"
 
+      service: "${APPLICATION_NAME}-rhpamcentrmon"
 
+    annotations:
 
+      description: Route for Business Central Monitoring's https service.
 
+      haproxy.router.openshift.io/timeout: 60s
 
+  spec:
 
+    host: "${BUSINESS_CENTRAL_HOSTNAME_HTTPS}"
 
+    to:
 
+      name: "${APPLICATION_NAME}-rhpamcentrmon"
 
+    port:
 
+      targetPort: https
 
+    tls:
 
+      termination: passthrough
 
+- kind: Route
 
+  apiVersion: v1
 
+  id: "${APPLICATION_NAME}-smartrouter-http"
 
+  metadata:
 
+    name: "${APPLICATION_NAME}-smartrouter"
 
+    labels:
 
+      application: "${APPLICATION_NAME}"
 
+      service: "${APPLICATION_NAME}-smartrouter"
 
+    annotations:
 
+      description: Route for Smart Router's http service.
 
+  spec:
 
+    host: "${SMART_ROUTER_HOSTNAME_HTTP}"
 
+    to:
 
+      name: "${APPLICATION_NAME}-smartrouter"
 
+- kind: DeploymentConfig
 
+  apiVersion: v1
 
+  metadata:
 
+    name: "${APPLICATION_NAME}-rhpamcentrmon"
 
+    labels:
 
+      application: "${APPLICATION_NAME}"
 
+      service: "${APPLICATION_NAME}-rhpamcentrmon"
 
+  spec:
 
+    strategy:
 
+      type: Recreate
 
+    triggers:
 
+    - type: ImageChange
 
+      imageChangeParams:
 
+        automatic: true
 
+        containerNames:
 
+        - "${APPLICATION_NAME}-rhpamcentrmon"
 
+        from:
 
+          kind: ImageStreamTag
 
+          namespace: "${IMAGE_STREAM_NAMESPACE}"
 
+          name: "rhpam70-businesscentral-monitoring-openshift:${IMAGE_STREAM_TAG}"
 
+    - type: ConfigChange
 
+    replicas: 1
 
+    selector:
 
+      deploymentConfig: "${APPLICATION_NAME}-rhpamcentrmon"
 
+    template:
 
+      metadata:
 
+        name: "${APPLICATION_NAME}-rhpamcentrmon"
 
+        labels:
 
+          deploymentConfig: "${APPLICATION_NAME}-rhpamcentrmon"
 
+          application: "${APPLICATION_NAME}"
 
+          service: "${APPLICATION_NAME}-rhpamcentrmon"
 
+      spec:
 
+        terminationGracePeriodSeconds: 60
 
+        containers:
 
+        - name: "${APPLICATION_NAME}-rhpamcentrmon"
 
+          image: rhpam70-businesscentral-monitoring-openshift
 
+          imagePullPolicy: Always
 
+          resources:
 
+            limits:
 
+              memory: "${BUSINESS_CENTRAL_MEMORY_LIMIT}"
 
+          volumeMounts:
 
+          - name: businesscentral-keystore-volume
 
+            mountPath: "/etc/businesscentral-secret-volume"
 
+            readOnly: true
 
+          - name: "${APPLICATION_NAME}-rhpamcentr-pvol"
 
+            mountPath: "/opt/eap/standalone/data/bpmsuite"
 
+          livenessProbe:
 
+            exec:
 
+              command:
 
+              - "/bin/bash"
 
+              - "-c"
 
+              - "curl --fail --silent -u '${KIE_ADMIN_USER}:${KIE_ADMIN_PWD}' http://localhost:8080/kie-wb.jsp"
 
+            initialDelaySeconds: 180
 
+            timeoutSeconds: 2
 
+            periodSeconds: 15
 
+          readinessProbe:
 
+            exec:
 
+              command:
 
+              - "/bin/bash"
 
+              - "-c"
 
+              - "curl --fail --silent -u '${KIE_ADMIN_USER}:${KIE_ADMIN_PWD}' http://localhost:8080/kie-wb.jsp"
 
+            initialDelaySeconds: 60
 
+            timeoutSeconds: 2
 
+            periodSeconds: 30
 
+            failureThreshold: 6
 
+          ports:
 
+          - name: jolokia
 
+            containerPort: 8778
 
+            protocol: TCP
 
+          - name: http
 
+            containerPort: 8080
 
+            protocol: TCP
 
+          - name: https
 
+            containerPort: 8443
 
+            protocol: TCP
 
+          - name: ping
 
+            containerPort: 8888
 
+            protocol: TCP
 
+          env:
 
+          - name: KIE_ADMIN_PWD
 
+            value: "${KIE_ADMIN_PWD}"
 
+          - name: KIE_ADMIN_USER
 
+            value: "${KIE_ADMIN_USER}"
 
+          - name: KIE_SERVER_PWD
 
+            value: "${KIE_SERVER_PWD}"
 
+          - name: KIE_SERVER_USER
 
+            value: "${KIE_SERVER_USER}"
 
+          - name: MAVEN_REPO_URL
 
+            value: "${MAVEN_REPO_URL}"
 
+          - name: MAVEN_REPO_USERNAME
 
+            value: "${MAVEN_REPO_USERNAME}"
 
+          - name: MAVEN_REPO_PASSWORD
 
+            value: "${MAVEN_REPO_PASSWORD}"
 
+          - name: ADMIN_USERNAME
 
+            value: "${ADMIN_USERNAME}"
 
+          - name: ADMIN_PASSWORD
 
+            value: "${ADMIN_PASSWORD}"
 
+          - name: KIE_SERVER_CONTROLLER_USER
 
+            value: "${KIE_SERVER_MONITOR_USER}"
 
+          - name: KIE_SERVER_CONTROLLER_PWD
 
+            value: "${KIE_SERVER_MONITOR_PWD}"
 
+          - name: PROBE_IMPL
 
+            value: probe.eap.jolokia.EapProbe
 
+          - name: PROBE_DISABLE_BOOT_ERRORS_CHECK
 
+            value: 'true'
 
+          - name: HTTPS_KEYSTORE_DIR
 
+            value: "/etc/businesscentral-secret-volume"
 
+          - name: HTTPS_KEYSTORE
 
+            value: "${BUSINESS_CENTRAL_HTTPS_KEYSTORE}"
 
+          - name: HTTPS_NAME
 
+            value: "${BUSINESS_CENTRAL_HTTPS_NAME}"
 
+          - name: HTTPS_PASSWORD
 
+            value: "${BUSINESS_CENTRAL_HTTPS_PASSWORD}"
 
+          - name: JGROUPS_PING_PROTOCOL
 
+            value: "openshift.DNS_PING"
 
+          - name: OPENSHIFT_DNS_PING_SERVICE_NAME
 
+            value: "${APPLICATION_NAME}-rhpamcentrmon-ping"
 
+          - name: OPENSHIFT_DNS_PING_SERVICE_PORT
 
+            value: "8888"
 
+          - name: SSO_URL
 
+            value: "${SSO_URL}"
 
+          - name: SSO_OPENIDCONNECT_DEPLOYMENTS
 
+            value: "ROOT.war"
 
+          - name: SSO_REALM
 
+            value: "${SSO_REALM}"
 
+          - name: SSO_SECRET
 
+            value: "${BUSINESS_CENTRAL_SSO_SECRET}"
 
+          - name: SSO_CLIENT
 
+            value: "${BUSINESS_CENTRAL_SSO_CLIENT}"
 
+          - name: SSO_USERNAME
 
+            value: "${SSO_USERNAME}"
 
+          - name: SSO_PASSWORD
 
+            value: "${SSO_PASSWORD}"
 
+          - name: SSO_DISABLE_SSL_CERTIFICATE_VALIDATION
 
+            value: "${SSO_DISABLE_SSL_CERTIFICATE_VALIDATION}"
 
+          - name: HOSTNAME_HTTP
 
+            value: "${BUSINESS_CENTRAL_HOSTNAME_HTTP}"
 
+          - name: HOSTNAME_HTTPS
 
+            value: "${BUSINESS_CENTRAL_HOSTNAME_HTTPS}"
 
+        volumes:
 
+        - name: businesscentral-keystore-volume
 
+          secret:
 
+            secretName: "${BUSINESS_CENTRAL_HTTPS_SECRET}"
 
+        - name: "${APPLICATION_NAME}-rhpamcentr-pvol"
 
+          persistentVolumeClaim:
 
+            claimName: "${APPLICATION_NAME}-rhpamcentr-claim"
 
+- kind: DeploymentConfig
 
+  apiVersion: v1
 
+  metadata:
 
+    name: ${APPLICATION_NAME}-smartrouter
 
+    labels:
 
+      application: "${APPLICATION_NAME}"
 
+      service: "${APPLICATION_NAME}-smartrouter"
 
+  spec:
 
+    strategy:
 
+      type: Recreate
 
+    triggers:
 
+    - type: ImageChange
 
+      imageChangeParams:
 
+        automatic: true
 
+        containerNames:
 
+        - "${APPLICATION_NAME}-smartrouter"
 
+        from:
 
+          kind: ImageStreamTag
 
+          namespace: "${IMAGE_STREAM_NAMESPACE}"
 
+          name: "rhpam70-smartrouter-openshift:${IMAGE_STREAM_TAG}"
 
+    - type: ConfigChange
 
+    replicas: 2
 
+    selector:
 
+      deploymentConfig: "${APPLICATION_NAME}-smartrouter"
 
+    template:
 
+      metadata:
 
+        name: "${APPLICATION_NAME}-smartrouter"
 
+        labels:
 
+          deploymentConfig: "${APPLICATION_NAME}-smartrouter"
 
+          application: "${APPLICATION_NAME}"
 
+          service: "${APPLICATION_NAME}-smartrouter"
 
+      spec:
 
+        terminationGracePeriodSeconds: 60
 
+        containers:
 
+        - name: "${APPLICATION_NAME}-smartrouter"
 
+          image: rhpam70-smartrouter-openshift
 
+          imagePullPolicy: Always
 
+          resources:
 
+            limits:
 
+              memory: "${SMART_ROUTER_MEMORY_LIMIT}"
 
+          ports:
 
+          - name: http
 
+            containerPort: 9000
 
+            protocol: TCP
 
+          env:
 
+          - name: KIE_SERVER_ROUTER_HOST
 
+            valueFrom:
 
+              fieldRef:
 
+                fieldPath: status.podIP
 
+          - name: KIE_SERVER_ROUTER_PORT
 
+            value: "${KIE_SERVER_ROUTER_PORT}"
 
+          - name: KIE_SERVER_ROUTER_URL_EXTERNAL
 
+            value: "${KIE_SERVER_ROUTER_URL_EXTERNAL}"
 
+          - name: KIE_SERVER_ROUTER_ID
 
+            value: "${KIE_SERVER_ROUTER_ID}"
 
+          - name: KIE_SERVER_ROUTER_NAME
 
+            value: "${KIE_SERVER_ROUTER_NAME}"
 
+          - name: KIE_SERVER_ROUTER_PROTOCOL
 
+            value: "${KIE_SERVER_ROUTER_PROTOCOL}"
 
+          - name: KIE_SERVER_CONTROLLER_USER
 
+            value: "${KIE_SERVER_MONITOR_USER}"
 
+          - name: KIE_SERVER_CONTROLLER_PWD
 
+            value: "${KIE_SERVER_MONITOR_PWD}"
 
+          - name: KIE_SERVER_CONTROLLER_SERVICE
 
+            value: "${APPLICATION_NAME}-rhpamcentrmon"
 
+          - name: KIE_SERVER_ROUTER_REPO
 
+            value: "/opt/rhpam-smartrouter/data"
 
+          - name: KIE_SERVER_ROUTER_CONFIG_WATCHER_ENABLED
 
+            value: "true"
 
+          volumeMounts:
 
+          - name: "${APPLICATION_NAME}-smartrouter"
 
+            mountPath: "/opt/rhpam-smartrouter/data"
 
+        volumes:
 
+        - name: "${APPLICATION_NAME}-smartrouter"
 
+          persistentVolumeClaim:
 
+            claimName: "${APPLICATION_NAME}-smartrouter-claim"
 
+- apiVersion: v1
 
+  kind: PersistentVolumeClaim
 
+  metadata:
 
+    name: "${APPLICATION_NAME}-smartrouter-claim"
 
+    labels:
 
+      application: "${APPLICATION_NAME}"
 
+      service: "${APPLICATION_NAME}-smartrouter"
 
+  spec:
 
+    accessModes:
 
+    - ReadWriteMany
 
+    resources:
 
+      requests:
 
+        storage: "64Mi"
 
+- apiVersion: v1
 
+  kind: PersistentVolumeClaim
 
+  metadata:
 
+    name: "${APPLICATION_NAME}-rhpamcentr-claim"
 
+    labels:
 
+      application: "${APPLICATION_NAME}"
 
+      service: "${APPLICATION_NAME}-rhpamcentrmon"
 
+  spec:
 
+    accessModes:
 
+    - ReadWriteMany
 
+    resources:
 
+      requests:
 
+        storage: "64Mi"

Những thai đổi đã bị hủy bỏ vì nó quá lớn
+ 1374 - 0
roles/openshift_examples/files/examples/v3.10/xpaas-templates/rhpam70-prod.yaml


Những thai đổi đã bị hủy bỏ vì nó quá lớn
+ 1369 - 0
roles/openshift_examples/files/examples/v3.10/xpaas-templates/rhpam70-sit.yaml


+ 479 - 0
roles/openshift_examples/files/examples/v3.10/xpaas-templates/rhpam70-trial-ephemeral.yaml
Xem Tập Tin 

@@ -0,0 +1,479 @@
 
+---
 
+kind: Template
 
+apiVersion: v1
 
+metadata:
 
+  annotations:
 
+    description: Application template for an ephemeral authoring and testing environment, for Red Hat Process Automation Manager 7.0
 
+    iconClass: icon-jboss
 
+    tags: rhpam,jboss,xpaas
 
+    version: 1.4.0
 
+    openshift.io/display-name: Red Hat Process Automation Manager 7.0 ephemeral trial environment
 
+  name: rhpam70-trial-ephemeral
 
+labels:
 
+  template: rhpam70-trial-ephemeral
 
+  xpaas: 1.4.0
 
+message: "A new Process Automation Manager trial environment has been created. Please remember that this is an ephemeral enviornment and any work will be LOST with a simple pod restart."
 
+parameters:
 
+- displayName: Application Name
 
+  description: The name for the application.
 
+  name: APPLICATION_NAME
 
+  value: myapp
 
+  required: true
 
+- displayName: Default Password
 
+  description: Default password used for multiple components for user convenience in this trial environment
 
+  name: DEFAULT_PASSWORD
 
+  value: RedHat
 
+  required: true
 
+- displayName: EAP Admin User
 
+  description: EAP administrator username
 
+  name: ADMIN_USERNAME
 
+  value: eapadmin
 
+  required: false
 
+- displayName: KIE Admin User
 
+  description: KIE administrator username
 
+  name: KIE_ADMIN_USER
 
+  value: adminUser
 
+  required: false
 
+- displayName: KIE Server User
 
+  description: KIE execution server username (Sets the org.kie.server.user system property)
 
+  name: KIE_SERVER_USER
 
+  value: executionUser
 
+  required: false
 
+- displayName: KIE Server ID
 
+  description: Business server identifier. Determines the template ID in Business Central or controller. If this parameter is left blank, it is set using the $HOSTNAME environment variable or a random value. (Sets the org.kie.server.id system property).
 
+  name: KIE_SERVER_ID
 
+  value: ''
 
+  required: false
 
+- displayName: KIE Server Bypass Auth User
 
+  description: KIE execution server bypass auth user (Sets the org.kie.server.bypass.auth.user system property)
 
+  name: KIE_SERVER_BYPASS_AUTH_USER
 
+  value: 'false'
 
+  required: false
 
+- displayName: KIE Server Controller User
 
+  description: KIE server controller username (Sets the org.kie.server.controller.user system property)
 
+  name: KIE_SERVER_CONTROLLER_USER
 
+  value: controllerUser
 
+  required: false
 
+- displayName: KIE MBeans
 
+  description: KIE execution server mbeans enabled/disabled (Sets the kie.mbeans and kie.scanner.mbeans system properties)
 
+  name: KIE_MBEANS
 
+  value: enabled
 
+  required: false
 
+- displayName: Drools Server Filter Classes
 
+  description: KIE execution server class filtering (Sets the org.drools.server.filter.classes system property)
 
+  name: DROOLS_SERVER_FILTER_CLASSES
 
+  value: 'true'
 
+  required: false
 
+- displayName: Execution Server Custom http Route Hostname
 
+  description: 'Custom hostname for http service route.  Leave blank for default hostname,
 
+    e.g.: <application-name>-kieserver-<project>.<default-domain-suffix>'
 
+  name: EXECUTION_SERVER_HOSTNAME_HTTP
 
+  value: ''
 
+  required: false
 
+- displayName: Business Central Custom http Route Hostname
 
+  description: 'Custom hostname for http service route.  Leave blank for default hostname,
 
+    e.g.: <application-name>-rhpamcentr-<project>.<default-domain-suffix>'
 
+  name: BUSINESS_CENTRAL_HOSTNAME_HTTP
 
+  value: ''
 
+  required: false
 
+- displayName: ImageStream Namespace
 
+  description: Namespace in which the ImageStreams for Red Hat Middleware images are
 
+    installed. These ImageStreams are normally installed in the openshift namespace.
 
+    You should only need to modify this if you've installed the ImageStreams in a
 
+    different namespace/project.
 
+  name: IMAGE_STREAM_NAMESPACE
 
+  value: openshift
 
+  required: true
 
+- displayName: ImageStream Tag
 
+  description: A named pointer to an image in an image stream. Default is "1.0".
 
+  name: IMAGE_STREAM_TAG
 
+  value: "1.0"
 
+  required: false
 
+- displayName: KIE Server Container Deployment
 
+  description: 'KIE Server Container deployment configuration in format: containerId=groupId:artifactId:version|c2=g2:a2:v2'
 
+  name: KIE_SERVER_CONTAINER_DEPLOYMENT
 
+  value: ''
 
+  required: false
 
+- displayName: Maven repository URL
 
+  description: Fully qualified URL to a Maven repository or service.
 
+  name: MAVEN_REPO_URL
 
+  example: http://nexus.nexus-project.svc.cluster.local:8081/nexus/content/groups/public/
 
+  required: false
 
+- displayName: Maven repository username
 
+  description: Username to access the Maven repository.
 
+  name: MAVEN_REPO_USERNAME
 
+  required: false
 
+- displayName: Maven repository password
 
+  description: Password to access the Maven repository, if required.
 
+  name: MAVEN_REPO_PASSWORD
 
+  required: false
 
+- displayName: Username for the Maven service hosted by Business Central
 
+  description: Username to access the Maven service hosted by Business Central inside EAP.
 
+  name: BUSINESS_CENTRAL_MAVEN_USERNAME
 
+  required: true
 
+  value: mavenUser
 
+- displayName: Business Central Container Memory Limit
 
+  description: Business Central Container memory limit
 
+  name: BUSINESS_CENTRAL_MEMORY_LIMIT
 
+  value: 2Gi
 
+  required: false
 
+- displayName: Execution Server Container Memory Limit
 
+  description: Execution Server Container memory limit
 
+  name: EXCECUTION_SERVER_MEMORY_LIMIT
 
+  value: 1Gi
 
+  required: false
 
+- displayName: RH-SSO URL
 
+  description: RH-SSO URL
 
+  name: SSO_URL
 
+  example: https://rh-sso.example.com/auth
 
+  required: false
 
+- displayName: RH-SSO Realm name
 
+  description: RH-SSO Realm name
 
+  name: SSO_REALM
 
+  required: false
 
+- displayName: Business Central RH-SSO Client name
 
+  description: Business Central RH-SSO Client name
 
+  name: BUSINESS_CENTRAL_SSO_CLIENT
 
+  required: false
 
+- displayName: Business Central RH-SSO Client Secret
 
+  description: Business Central RH-SSO Client Secret
 
+  name: BUSINESS_CENTRAL_SSO_SECRET
 
+  example: "252793ed-7118-4ca8-8dab-5622fa97d892"
 
+  required: false
 
+- displayName: KIE Server RH-SSO Client name
 
+  description: KIE Server RH-SSO Client name
 
+  name: KIE_SERVER_SSO_CLIENT
 
+  required: false
 
+- displayName: KIE Server RH-SSO Client Secret
 
+  description: KIE Server RH-SSO Client Secret
 
+  name: KIE_SERVER_SSO_SECRET
 
+  example: "252793ed-7118-4ca8-8dab-5622fa97d892"
 
+  required: false
 
+- displayName: RH-SSO Realm Admin Username
 
+  description: RH-SSO Realm Admin Username used to create the Client if it doesn't exist
 
+  name: SSO_USERNAME
 
+  required: false
 
+- displayName: RH-SSO Realm Admin Password
 
+  description: RH-SSO Realm Admin Password used to create the Client
 
+  name: SSO_PASSWORD
 
+  required: false
 
+- displayName: RH-SSO Disable SSL Certificate Validation
 
+  description: RH-SSO Disable SSL Certificate Validation
 
+  name: SSO_DISABLE_SSL_CERTIFICATE_VALIDATION
 
+  value: "false"
 
+  required: false
 
+objects:
 
+- kind: Service
 
+  apiVersion: v1
 
+  spec:
 
+    ports:
 
+    - name: http
 
+      port: 8080
 
+      targetPort: 8080
 
+    - name: git-ssh
 
+      port: 8001
 
+      targetPort: 8001
 
+    selector:
 
+      deploymentConfig: "${APPLICATION_NAME}-rhpamcentr"
 
+  metadata:
 
+    name: "${APPLICATION_NAME}-rhpamcentr"
 
+    labels:
 
+      application: "${APPLICATION_NAME}"
 
+      service: "${APPLICATION_NAME}-rhpamcentr"
 
+    annotations:
 
+      description: All the Business Central web server's ports.
 
+- kind: Service
 
+  apiVersion: v1
 
+  spec:
 
+    ports:
 
+    - port: 8080
 
+      targetPort: 8080
 
+    selector:
 
+      deploymentConfig: "${APPLICATION_NAME}-kieserver"
 
+  metadata:
 
+    name: "${APPLICATION_NAME}-kieserver"
 
+    labels:
 
+      application: "${APPLICATION_NAME}"
 
+      service: "${APPLICATION_NAME}-kieserver"
 
+    annotations:
 
+      description: All the KIE server web server's ports.
 
+- kind: Route
 
+  apiVersion: v1
 
+  id: "${APPLICATION_NAME}-rhpamcentr-http"
 
+  metadata:
 
+    name: "${APPLICATION_NAME}-rhpamcentr"
 
+    labels:
 
+      application: "${APPLICATION_NAME}"
 
+      service: "${APPLICATION_NAME}-rhpamcentr"
 
+    annotations:
 
+      description: Route for Business Central's http service.
 
+  spec:
 
+    host: "${BUSINESS_CENTRAL_HOSTNAME_HTTP}"
 
+    to:
 
+      name: "${APPLICATION_NAME}-rhpamcentr"
 
+    port:
 
+      targetPort: http
 
+- kind: Route
 
+  apiVersion: v1
 
+  id: "${APPLICATION_NAME}-kieserver-http"
 
+  metadata:
 
+    name: "${APPLICATION_NAME}-kieserver"
 
+    labels:
 
+      application: "${APPLICATION_NAME}"
 
+      service: "${APPLICATION_NAME}-kieserver"
 
+    annotations:
 
+      description: Route for execution server's http service.
 
+  spec:
 
+    host: "${EXECUTION_SERVER_HOSTNAME_HTTP}"
 
+    to:
 
+      name: "${APPLICATION_NAME}-kieserver"
 
+- kind: DeploymentConfig
 
+  apiVersion: v1
 
+  metadata:
 
+    name: "${APPLICATION_NAME}-rhpamcentr"
 
+    labels:
 
+      application: "${APPLICATION_NAME}"
 
+      service: "${APPLICATION_NAME}-rhpamcentr"
 
+  spec:
 
+    strategy:
 
+      type: Recreate
 
+    triggers:
 
+    - type: ImageChange
 
+      imageChangeParams:
 
+        automatic: true
 
+        containerNames:
 
+        - "${APPLICATION_NAME}-rhpamcentr"
 
+        from:
 
+          kind: ImageStreamTag
 
+          namespace: "${IMAGE_STREAM_NAMESPACE}"
 
+          name: "rhpam70-businesscentral-openshift:${IMAGE_STREAM_TAG}"
 
+    - type: ConfigChange
 
+    replicas: 1
 
+    selector:
 
+      deploymentConfig: "${APPLICATION_NAME}-rhpamcentr"
 
+    template:
 
+      metadata:
 
+        name: "${APPLICATION_NAME}-rhpamcentr"
 
+        labels:
 
+          deploymentConfig: "${APPLICATION_NAME}-rhpamcentr"
 
+          application: "${APPLICATION_NAME}"
 
+          service: "${APPLICATION_NAME}-rhpamcentr"
 
+      spec:
 
+        terminationGracePeriodSeconds: 60
 
+        containers:
 
+        - name: "${APPLICATION_NAME}-rhpamcentr"
 
+          image: rhpam70-businesscentral-openshift
 
+          imagePullPolicy: Always
 
+          resources:
 
+            limits:
 
+              memory: "${BUSINESS_CENTRAL_MEMORY_LIMIT}"
 
+          livenessProbe:
 
+            exec:
 
+              command:
 
+              - "/bin/bash"
 
+              - "-c"
 
+              - "curl --fail --silent -u '${KIE_ADMIN_USER}:${KIE_ADMIN_PWD}' http://localhost:8080/kie-wb.jsp"
 
+            initialDelaySeconds: 180
 
+            timeoutSeconds: 2
 
+            periodSeconds: 15
 
+          readinessProbe:
 
+            exec:
 
+              command:
 
+              - "/bin/bash"
 
+              - "-c"
 
+              - "curl --fail --silent -u '${KIE_ADMIN_USER}:${KIE_ADMIN_PWD}' http://localhost:8080/kie-wb.jsp"
 
+            initialDelaySeconds: 60
 
+            timeoutSeconds: 2
 
+            periodSeconds: 30
 
+            failureThreshold: 6
 
+          ports:
 
+          - name: jolokia
 
+            containerPort: 8778
 
+            protocol: TCP
 
+          - name: http
 
+            containerPort: 8080
 
+            protocol: TCP
 
+          - name: git-ssh
 
+            containerPort: 8001
 
+            protocol: TCP
 
+          env:
 
+          - name: KIE_ADMIN_USER
 
+            value: "${KIE_ADMIN_USER}"
 
+          - name: KIE_ADMIN_PWD
 
+            value: "${DEFAULT_PASSWORD}"
 
+          - name: KIE_MBEANS
 
+            value: "${KIE_MBEANS}"
 
+          - name: KIE_SERVER_CONTROLLER_USER
 
+            value: "${KIE_SERVER_CONTROLLER_USER}"
 
+          - name: KIE_SERVER_CONTROLLER_PWD
 
+            value: "${DEFAULT_PASSWORD}"
 
+          - name: KIE_SERVER_USER
 
+            value: "${KIE_SERVER_USER}"
 
+          - name: KIE_SERVER_PWD
 
+            value: "${DEFAULT_PASSWORD}"
 
+          - name: MAVEN_REPO_URL
 
+            value: "${MAVEN_REPO_URL}"
 
+          - name: MAVEN_REPO_USERNAME
 
+            value: "${MAVEN_REPO_USERNAME}"
 
+          - name: MAVEN_REPO_PASSWORD
 
+            value: "${MAVEN_REPO_PASSWORD}"
 
+          - name: KIE_MAVEN_USER
 
+            value: "${BUSINESS_CENTRAL_MAVEN_USERNAME}"
 
+          - name: KIE_MAVEN_PWD
 
+            value: "${DEFAULT_PASSWORD}"
 
+          - name: ADMIN_USERNAME
 
+            value: "${ADMIN_USERNAME}"
 
+          - name: ADMIN_PASSWORD
 
+            value: "${DEFAULT_PASSWORD}"
 
+          - name: PROBE_IMPL
 
+            value: probe.eap.jolokia.EapProbe
 
+          - name: PROBE_DISABLE_BOOT_ERRORS_CHECK
 
+            value: 'true'
 
+          - name: SSO_URL
 
+            value: "${SSO_URL}"
 
+          - name: SSO_OPENIDCONNECT_DEPLOYMENTS
 
+            value: "ROOT.war"
 
+          - name: SSO_REALM
 
+            value: "${SSO_REALM}"
 
+          - name: SSO_SECRET
 
+            value: "${BUSINESS_CENTRAL_SSO_SECRET}"
 
+          - name: SSO_CLIENT
 
+            value: "${BUSINESS_CENTRAL_SSO_CLIENT}"
 
+          - name: SSO_USERNAME
 
+            value: "${SSO_USERNAME}"
 
+          - name: SSO_PASSWORD
 
+            value: "${SSO_PASSWORD}"
 
+          - name: SSO_DISABLE_SSL_CERTIFICATE_VALIDATION
 
+            value: "${SSO_DISABLE_SSL_CERTIFICATE_VALIDATION}"
 
+          - name: HOSTNAME_HTTP
 
+            value: "${BUSINESS_CENTRAL_HOSTNAME_HTTP}"
 
+- kind: DeploymentConfig
 
+  apiVersion: v1
 
+  metadata:
 
+    name: "${APPLICATION_NAME}-kieserver"
 
+    labels:
 
+      application: "${APPLICATION_NAME}"
 
+      service: "${APPLICATION_NAME}-kieserver"
 
+  spec:
 
+    strategy:
 
+      type: Recreate
 
+    triggers:
 
+    - type: ImageChange
 
+      imageChangeParams:
 
+        automatic: true
 
+        containerNames:
 
+        - "${APPLICATION_NAME}-kieserver"
 
+        from:
 
+          kind: ImageStreamTag
 
+          namespace: "${IMAGE_STREAM_NAMESPACE}"
 
+          name: "rhpam70-kieserver-openshift:${IMAGE_STREAM_TAG}"
 
+    - type: ConfigChange
 
+    replicas: 1
 
+    selector:
 
+      deploymentConfig: "${APPLICATION_NAME}-kieserver"
 
+    template:
 
+      metadata:
 
+        name: "${APPLICATION_NAME}-kieserver"
 
+        labels:
 
+          deploymentConfig: "${APPLICATION_NAME}-kieserver"
 
+          application: "${APPLICATION_NAME}"
 
+          service: "${APPLICATION_NAME}-kieserver"
 
+      spec:
 
+        terminationGracePeriodSeconds: 60
 
+        containers:
 
+        - name: "${APPLICATION_NAME}-kieserver"
 
+          image: rhpam70-kieserver-openshift
 
+          imagePullPolicy: Always
 
+          resources:
 
+            limits:
 
+              memory: "${EXCECUTION_SERVER_MEMORY_LIMIT}"
 
+          livenessProbe:
 
+            exec:
 
+              command:
 
+              - "/bin/bash"
 
+              - "-c"
 
+              - "curl --fail --silent -u ${KIE_ADMIN_USER}:${DEFAULT_PASSWORD} http://localhost:8080/services/rest/server/healthcheck"
 
+            initialDelaySeconds: 180
 
+            timeoutSeconds: 2
 
+            periodSeconds: 15
 
+            failureThreshold: 3
 
+          readinessProbe:
 
+            exec:
 
+              command:
 
+              - "/bin/bash"
 
+              - "-c"
 
+              - "curl --fail --silent -u ${KIE_ADMIN_USER}:${DEFAULT_PASSWORD} http://localhost:8080/services/rest/server/readycheck"
 
+            initialDelaySeconds: 60
 
+            timeoutSeconds: 2
 
+            periodSeconds: 30
 
+            failureThreshold: 6
 
+          ports:
 
+          - name: jolokia
 
+            containerPort: 8778
 
+            protocol: TCP
 
+          - name: http
 
+            containerPort: 8080
 
+            protocol: TCP
 
+          env:
 
+          - name: DROOLS_SERVER_FILTER_CLASSES
 
+            value: "${DROOLS_SERVER_FILTER_CLASSES}"
 
+          - name: KIE_ADMIN_USER
 
+            value: "${KIE_ADMIN_USER}"
 
+          - name: KIE_ADMIN_PWD
 
+            value: "${DEFAULT_PASSWORD}"
 
+          - name: KIE_MBEANS
 
+            value: "${KIE_MBEANS}"
 
+          - name: KIE_SERVER_BYPASS_AUTH_USER
 
+            value: "${KIE_SERVER_BYPASS_AUTH_USER}"
 
+          - name: KIE_SERVER_CONTROLLER_USER
 
+            value: "${KIE_SERVER_CONTROLLER_USER}"
 
+          - name: KIE_SERVER_CONTROLLER_PWD
 
+            value: "${DEFAULT_PASSWORD}"
 
+          - name: KIE_SERVER_CONTROLLER_SERVICE
 
+            value: "${APPLICATION_NAME}-rhpamcentr"
 
+          - name: KIE_SERVER_ID
 
+            value: "${KIE_SERVER_ID}"
 
+          - name: KIE_SERVER_HOST
 
+            valueFrom:
 
+              fieldRef:
 
+                fieldPath: status.podIP
 
+          - name: KIE_SERVER_USER
 
+            value: "${KIE_SERVER_USER}"
 
+          - name: KIE_SERVER_PWD
 
+            value: "${DEFAULT_PASSWORD}"
 
+          - name: KIE_SERVER_CONTAINER_DEPLOYMENT
 
+            value: "${KIE_SERVER_CONTAINER_DEPLOYMENT}"
 
+          - name: MAVEN_REPOS
 
+            value: "RHPAMCENTR,EXTERNAL"
 
+          - name: RHPAMCENTR_MAVEN_REPO_SERVICE
 
+            value: "${APPLICATION_NAME}-rhpamcentr"
 
+          - name: RHPAMCENTR_MAVEN_REPO_PATH
 
+            value: "/maven2/"
 
+          - name: RHPAMCENTR_MAVEN_REPO_USERNAME
 
+            value: "${BUSINESS_CENTRAL_MAVEN_USERNAME}"
 
+          - name: RHPAMCENTR_MAVEN_REPO_PASSWORD
 
+            value: "${DEFAULT_PASSWORD}"
 
+          - name: EXTERNAL_MAVEN_REPO_URL
 
+            value: "${MAVEN_REPO_URL}"
 
+          - name: EXTERNAL_MAVEN_REPO_USERNAME
 
+            value: "${MAVEN_REPO_USERNAME}"
 
+          - name: MAVEN_REPO_PASSWORD
 
+            value: "${MAVEN_REPO_USERNAME}"
 
+          - name: SSO_URL
 
+            value: "${SSO_URL}"
 
+          - name: SSO_OPENIDCONNECT_DEPLOYMENTS
 
+            value: "ROOT.war"
 
+          - name: SSO_REALM
 
+            value: "${SSO_REALM}"
 
+          - name: SSO_SECRET
 
+            value: "${KIE_SERVER_SSO_SECRET}"
 
+          - name: SSO_CLIENT
 
+            value: "${KIE_SERVER_SSO_CLIENT}"
 
+          - name: SSO_USERNAME
 
+            value: "${SSO_USERNAME}"
 
+          - name: SSO_PASSWORD
 
+            value: "${SSO_PASSWORD}"
 
+          - name: SSO_DISABLE_SSL_CERTIFICATE_VALIDATION
 
+            value: "${SSO_DISABLE_SSL_CERTIFICATE_VALIDATION}"
 
+          - name: HOSTNAME_HTTP
 
+            value: "${EXECUTION_SERVER_HOSTNAME_HTTP}"