/
image.yaml
241 lines (240 loc) · 14.2 KB
/
image.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
schema_version: 1
name: "rhpam-7/rhpam70-controller-openshift"
description: "Red Hat Process Automation Manager Standalone Controller 7.0 container image"
version: "1.1"
from: "rhpam-7/rhpam70-controller:latest"
labels:
- name: "com.redhat.component"
value: "rhpam-7-rhpam70-controller-openshift-container"
- name: "io.k8s.description"
value: "Platform for running Red Hat Process Automation Manager Standalone Controller"
- name: "io.k8s.display-name"
value: "Red Hat Process Automation Manager Standalone Controller 7.0"
- name: "io.openshift.expose-services"
value: "8080:http,8443:https"
- name: "io.openshift.tags"
value: "javaee,eap,eap7,rhpam,rhpam7"
envs:
- name: "JBOSS_MODULES_SYSTEM_PKGS"
value: "org.jboss.logmanager,jdk.nashorn.api"
- name: "DEFAULT_ADMIN_USERNAME"
value: "eapadmin"
- name: "HTTPS_ENABLE_HTTP2"
value: "true"
- name: "JAVA_OPTS_APPEND"
example: "-Dfoo=bar"
description: "Server startup options."
- name: "JBOSS_MODULES_SYSTEM_PKGS_APPEND"
example: "org.jboss.byteman"
description: "Comma-separated list of package names that will be appended to the JBOSS_MODULES_SYSTEM_PKGS environment variable."
- name: "CLI_GRACEFUL_SHUTDOWN"
example: "true"
description: "If set to any non zero length value then the image will prevent shutdown with the TERM signal and will require execution of the shutdown command through jboss-cli."
- name: "SCRIPT_DEBUG"
description: "If set to true, ensurses that the bash scripts are executed with the -x option, printing the commands and their arguments as they are executed."
example: "true"
- name: "JAVA_MAX_MEM_RATIO"
description: "This is used to calculate a default maximal heap memory based on a containers restriction. If used in a Docker container without any memory constraints for the container then this option has no effect. If there is a memory constraint then `-Xmx` is set to a ratio of the container available memory as set here. The default is `50` which means 50% of the available memory is used as an upper boundary. You can skip this mechanism by setting this value to `0` in which case no `-Xmx` option is added."
example: "50"
- name: "JAVA_INITIAL_MEM_RATIO"
description: "This is used to calculate a default initial heap memory based the maximumal heap memory. The default is `100` which means 100% of the maximal heap is used for the initial heap size. You can skip this mechanism by setting this value to `0` in which case no `-Xms` option is added."
example: "100"
- name: "JAVA_MAX_INITIAL_MEM"
description: "The maximum size of the initial heap memory, if the calculated default initial heap is larger then it will be capped at this value. The default is 4096 MB."
example: "4096"
- name: "JAVA_CORE_LIMIT"
description: "Core limit as described in https://www.kernel.org/doc/Documentation/scheduler/sched-bwc.txt. Used to configure the number of GC threads and parallelism for ForkJoinPool. Defaults to container core limit."
example: "2"
- name: "JAVA_DIAGNOSTICS"
description: "Set this to get some diagnostics information to standard output when things are happening. **Disabled by default.**"
example: "true"
- name: "GC_MIN_HEAP_FREE_RATIO"
description: "Minimum percentage of heap free after GC to avoid expansion."
example: "20"
- name: "GC_MAX_HEAP_FREE_RATIO"
description: "Maximum percentage of heap free after GC to avoid shrinking."
example: "40"
- name: "GC_TIME_RATIO"
description: "Specifies the ratio of the time spent outside the garbage collection (for example, the time spent for application execution) to the time spent in the garbage collection."
example: "4"
- name: "GC_ADAPTIVE_SIZE_POLICY_WEIGHT"
description: "The weighting given to the current GC time versus previous GC times."
example: "90"
- name: "GC_MAX_METASPACE_SIZE"
description: "The maximum metaspace size."
example: "100"
- name: "CUSTOM_INSTALL_DIRECTORIES"
description: "A list of comma-separated directories used for installation and configuration of artifacts for the image during the S2I process."
example: "custom,shared"
- name: "CONTAINER_HEAP_PERCENT"
example: "0.5"
description: "Deprecated. See JAVA_MAX_MEM_RATIO."
- name: "INITIAL_HEAP_PERCENT"
example: "0.5"
description: "Deprecated. See JAVA_INITIAL_MEM_RATIO."
- name: "PROBE_DISABLE_BOOT_ERRORS_CHECK"
example: "true"
description: "Disable the boot errors check in the probes."
- name: "ENABLE_ACCESS_LOG"
example: "true"
description: "Enable the Access Log."
- name: "ENABLE_JSON_LOGGING"
example: "true"
description: "Enable JSON-formatted logging"
- name: "KIE_SERVER_TOKEN"
example: "dasd373egds"
description: "KIE server token for bearer authentication (Sets the org.kie.server.token system property)"
- name: "KIE_SERVER_USER"
example: "executionUser"
description: "KIE execution server username for basic authentication (Sets the org.kie.server.user system property)"
- name: "KIE_SERVER_PWD"
example: "execution1!"
description: "KIE execution server password for basic authentication (Sets the org.kie.server.pwd system property)"
- name: "KIE_SERVER_CONTROLLER_PROTOCOL"
example: "http"
description: "KIE server controller protocol (Used to set the org.kie.server.controller system property)"
- name: "KIE_SERVER_CONTROLLER_SERVICE"
example: "buscentr-myapp"
description: "KIE server controller service (Used to set the org.kie.server.controller system property if host and port aren't set)"
- name: "KIE_SERVER_CONTROLLER_HOST"
example: "my-app-controller.os.mycloud.com"
description: "KIE server controller host (Used to set the org.kie.server.controller system property)"
- name: "KIE_SERVER_CONTROLLER_PORT"
example: "8080"
description: "KIE server controller port (Used to set the org.kie.server.controller system property)"
- name: "KIE_SERVER_CONTROLLER_TOKEN"
example: "dasd373egds"
description: "KIE server controller token for bearer authentication (Sets the org.kie.server.controller.token system property)"
- name: "KIE_SERVER_CONTROLLER_USER"
example: "controllerUser"
description: "KIE server controller username for basic authentication (Sets the org.kie.server.controller.user system property)"
- name: "KIE_SERVER_CONTROLLER_PWD"
example: "controller1!"
description: "KIE server controller password for basic authentication (Sets the org.kie.server.controller.pwd system property)"
- name: "KIE_AUTH_LDAP_BASE_CTX_DN"
description: "The fixed DN of the top-level context to begin the user search."
example: "ou=users,ou=example,ou=com"
- name: "KIE_AUTH_LDAP_BASE_FILTER"
description: "A search filter used to locate the context of the user to authenticate. The input username or userDN obtained from the login module callback is substituted into the filter anywhere a {0} expression is used. A common example for the search filter is (uid={0})."
example: "(uid={0})"
- name: "KIE_AUTH_LDAP_BIND_CREDENTIAL"
description: "Used to store the credentials for the DN. "
example: "Passw0rd"
- name: "KIE_AUTH_LDAP_BIND_DN"
description: "The DN used to bind against the LDAP server for the user and roles queries. This DN needs read and search permissions on the baseCtxDN and rolesCtxDN values."
example: "uid=admin,ou=users,ou=exmample,ou=com"
- name: "KIE_AUTH_LDAP_DEFAULT_ROLE"
description: "A role included for all authenticated users"
example: "guest"
- name: "KIE_AUTH_LDAP_DISTINGUISHED_NAME_ATTRIBUTE"
description: "The name of the attribute in the user entry that contains the DN of the user. This may be necessary if the DN of the user itself contains special characters, backslash for example, that prevent correct user mapping. If the attribute does not exist, the entry’s DN is used."
example: "distinguishedName"
- name: "KIE_AUTH_LDAP_JAAS_SECURITY_DOMAIN"
description: "he JMX ObjectName of the JaasSecurityDomain used to decrypt the password."
- name: "KIE_AUTH_LDAP_PARSE_ROLE_NAME_FROM_DN"
description: "A flag indicating if the DN returned by a query contains the roleNameAttributeID. If set to true, the DN is checked for the roleNameAttributeID. If set to false, the DN is not checked for the roleNameAttributeID. This flag can improve the performance of LDAP queries."
example: "false"
- name: "KIE_AUTH_LDAP_PARSE_USERNAME"
description: "A flag indicating if the DN is to be parsed for the username. If set to true, the DN is parsed for the username. If set to false the DN is not parsed for the username. This option is used together with usernameBeginString and usernameEndString."
example: "true"
- name: "KIE_AUTH_LDAP_REFERRAL_USER_ATTRIBUTE_ID_TO_CHECK"
description: "If you are not using referrals, this option can be ignored. When using referrals, this option denotes the attribute name which contains users defined for a certain role, for example member, if the role object is inside the referral. Users are checked against the content of this attribute name. If this option is not set, the check will always fail, so role objects cannot be stored in a referral tree."
- name: "KIE_AUTH_LDAP_ROLE_ATTRIBUTE_ID"
description: "Name of the attribute containing the user roles."
example: "memberOf"
- name: "KIE_AUTH_LDAP_ROLE_ATTRIBUTE_IS_DN"
description: "Whether or not the roleAttributeID contains the fully-qualified DN of a role object. If false, the role name is taken from the value of the roleNameAttributeId attribute of the context name. Certain directory schemas, such as Microsoft Active Directory, require this attribute to be set to true."
example: "true"
- name: "KIE_AUTH_LDAP_ROLE_FILTER"
description: "A search filter used to locate the roles associated with the authenticated user. The input username or userDN obtained from the login module callback is substituted into the filter anywhere a {0} expression is used. The authenticated userDN is substituted into the filter anywhere a {1} is used. An example search filter that matches on the input username is (member={0}). An alternative that matches on the authenticated userDN is (member={1})."
example: "(memberOf={1})"
- name: "KIE_AUTH_LDAP_ROLE_NAME_ATTRIBUTE_ID"
description: "Name of the attribute within the roleCtxDN context which contains the role name. If the roleAttributeIsDN property is set to true, this property is used to find the role object’s name attribute."
example: "name"
- name: "KIE_AUTH_LDAP_ROLE_RECURSION"
description: "The numbers of levels of recursion the role search will go below a matching context. Disable recursion by setting this to 0."
example: "1"
- name: "KIE_AUTH_LDAP_ROLES_CTX_DN"
description: "The fixed DN of the context to search for user roles. This is not the DN where the actual roles are, but the DN where the objects containing the user roles are. For example, in a Microsoft Active Directory server, this is the DN where the user account is."
example: "ou=groups,ou=example,ou=com"
- name: "KIE_AUTH_LDAP_SEARCH_SCOPE"
description: "The search scope to use."
example: "SUBTREE_SCOPE"
- name: "KIE_AUTH_LDAP_SEARCH_TIME_LIMIT"
description: "The timeout in milliseconds for user or role searches."
example: "10000"
- name: "KIE_AUTH_LDAP_URL"
description: "LDAP Endpoint to connect to"
example: "ldap://myldap.example.com"
- name: "KIE_AUTH_LDAP_USERNAME_BEGIN_STRING"
description: "Defines the String which is to be removed from the start of the DN to reveal the username. This option is used together with usernameEndString and only taken into account if parseUsername is set to true."
- name: "KIE_AUTH_LDAP_USERNAME_END_STRING"
description: "Defines the String which is to be removed from the end of the DN to reveal the username. This option is used together with usernameBeginString and only taken into account if parseUsername is set to true."
ports:
- value: 8080
- value: 8443
- value: 8778
modules:
repositories:
- git:
url: https://github.com/jboss-openshift/cct_module.git
ref: sprint-18
- git:
url: https://github.com/jboss-container-images/jboss-kie-modules.git
ref: 7.0.x
install:
- name: dynamic-resources
- name: java-alternatives
- name: os-java-jolokia
- name: jolokia
- name: os-eap7-openshift
- name: os-eap71-openshift
- name: os-eap7-modules
- name: os-eap71-modules
- name: os-eap7-ping
- name: os-java-run
- name: os-eap-launch
- name: os-eap7-launch
- name: os-eap-logging
- name: os-eap-probes
- name: jboss-maven
- name: os-eap-db-drivers
- name: os-eap-sso
- name: os-eap70-sso
- name: os-java-hawkular
- name: os-eap70-hawkular
- name: os-eap-hawkular
- name: os-eap-deployment-scanner
- name: os-eap-extensions
- name: openshift-layer
- name: openshift-passwd
- name: os-logging
- name: os.bpmsuite.common
- name: os.bpmsuite.standalonecontroller
packages:
repositories:
- jboss-os
- jboss-rhscl
install:
- rh-mongodb32-mongo-java-driver
- postgresql-jdbc
- mysql-connector-java
- hostname
- python-requests
- python-enum34
- PyYAML
artifacts:
- path: javax.json-1.0.4.jar
md5: 569870f975deeeb6691fcb9bc02a9555
- path: jboss-logmanager-ext-1.0.0.Alpha5-redhat-1.jar
md5: 3c84f54725ea5657913cf6d1610798b0
- path: oauth-20100527.jar
md5: 91c7c70579f95b7ddee95b2143a49b41
run:
user: 185
cmd:
- "/opt/eap/bin/openshift-launch.sh"
osbs:
repository:
name: containers/rhpam-7-controller-openshift
branch: jb-rhpam-7.0-controller-openshift-rhel-7