Removes Docs as they need to be re-writtern to fit into Brooklyn These will be PRd into brooklyn-docs
Project: http://git-wip-us.apache.org/repos/asf/brooklyn-server/repo Commit: http://git-wip-us.apache.org/repos/asf/brooklyn-server/commit/01457c99 Tree: http://git-wip-us.apache.org/repos/asf/brooklyn-server/tree/01457c99 Diff: http://git-wip-us.apache.org/repos/asf/brooklyn-server/diff/01457c99 Branch: refs/heads/master Commit: 01457c99eb24640864e8cc2ae342df37d87f17b0 Parents: 758acca Author: CloudsoftOps <[email protected]> Authored: Wed May 24 10:17:19 2017 +0100 Committer: CloudsoftOps <[email protected]> Committed: Wed May 24 10:17:19 2017 +0100 ---------------------------------------------------------------------- catalog/pom.xml | 81 -------- container.bom | 2 +- docker-location/README.md | 19 -- docker-location/docker-container-location.md | 66 ------- docker-location/docker-swarm-location.md | 77 -------- docs-internal/dev.md | 231 ---------------------- getcert.sh | 15 -- kubernetes-location/README.md | 154 --------------- openshift-location/README.md | 171 ---------------- tests/generic-application.tests.bom | 8 +- tests/generic.tests.bom | 4 +- tests/swarm-location.tests.bom | 4 +- 12 files changed, 9 insertions(+), 823 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/brooklyn-server/blob/01457c99/catalog/pom.xml ---------------------------------------------------------------------- diff --git a/catalog/pom.xml b/catalog/pom.xml deleted file mode 100644 index 471caad..0000000 --- a/catalog/pom.xml +++ /dev/null @@ -1,81 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<project xmlns="http://maven.apache.org/POM/4.0.0" - xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" - xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> - <modelVersion>4.0.0</modelVersion> - <artifactId>docker-catalog</artifactId> - <packaging>jar</packaging> - - <parent> - <groupId>io.cloudsoft.amp.containerservice</groupId> - <artifactId>containerservice-parent</artifactId> - <version>2.1.0-SNAPSHOT</version> <!-- CONTAINER_SERVICE_VERSION --> - </parent> - - <name>Docker Catalog</name> - - <build> - <resources> - <resource> - <directory>src/main/resources</directory> - </resource> - </resources> - <plugins> - <plugin> - <artifactId>maven-jar-plugin</artifactId> - <executions> - <execution> - <goals> - <goal>test-jar</goal> - </goals> - </execution> - </executions> - </plugin> - <plugin> - <artifactId>maven-resources-plugin</artifactId> - <executions> - <execution> - <id>copy-resources</id> - <phase>generate-resources</phase> - <goals> - <goal>copy-resources</goal> - </goals> - <configuration> - <outputDirectory>${project.build.outputDirectory}/docker</outputDirectory> - <resources> - <resource> - <directory>../</directory> - <includes> - <include>*.bom</include> - <include>examples/*.*</include> - </includes> - <excludes> - <exclude>catalog.bom</exclude> - </excludes> - </resource> - </resources> - </configuration> - </execution> - <execution> - <id>copy-test-resources</id> - <phase>generate-test-resources</phase> - <goals> - <goal>copy-resources</goal> - </goals> - <configuration> - <outputDirectory>${project.build.testOutputDirectory}/docker</outputDirectory> - <resources> - <resource> - <directory>../</directory> - <includes> - <include>tests/*.bom</include> - </includes> - </resource> - </resources> - </configuration> - </execution> - </executions> - </plugin> - </plugins> - </build> -</project> http://git-wip-us.apache.org/repos/asf/brooklyn-server/blob/01457c99/container.bom ---------------------------------------------------------------------- diff --git a/container.bom b/container.bom index d9e8814..58de910 100644 --- a/container.bom +++ b/container.bom @@ -3,7 +3,7 @@ brooklyn.catalog: publish: description: | Resources for working with Docker Engine from Apache Brooklyn - license_code: CLOUDSOFT-1.0 + license_code: Apache-2.0 overview: README.md qa: tests/docker.tests.bom http://git-wip-us.apache.org/repos/asf/brooklyn-server/blob/01457c99/docker-location/README.md ---------------------------------------------------------------------- diff --git a/docker-location/README.md b/docker-location/README.md deleted file mode 100644 index edb1da0..0000000 --- a/docker-location/README.md +++ /dev/null @@ -1,19 +0,0 @@ ---- -section: Docker Locations -section_type: inline -section_position: 1 -children: -- docker-container-locations.md -- docker-swarm-location.md ---- - -### Docker Locations - -Cloudsoft AMP can deploy applications to: - -- [Docker containers](docker-container-location.html) -- [Docker Swarms](docker-swarm-location.html) -- [Kubernetes Clusters](../kubernetes-location) -- [Openshift Clusters](../openshift-location) - -both provisioned by Cloudsoft AMP and set up manually. http://git-wip-us.apache.org/repos/asf/brooklyn-server/blob/01457c99/docker-location/docker-container-location.md ---------------------------------------------------------------------- diff --git a/docker-location/docker-container-location.md b/docker-location/docker-container-location.md deleted file mode 100644 index 5cb5087..0000000 --- a/docker-location/docker-container-location.md +++ /dev/null @@ -1,66 +0,0 @@ ---- -section: Docker Container Location -section_type: inline -section_position: 2 ---- - -### Docker Container Location - -Cloudsoft AMP can deploy applications to [Docker containers](https://www.docker.com/products/docker-engine) both provisioned by Cloudsoft AMP and set up manually. - -Here is an example catalog item to add a Docker engine endpoint to your catalog locations: - - brooklyn.catalog: - id: my-docker-engine - name: "My Docker engine" - itemType: location - item: - type: docker - brooklyn.config: - endpoint: https://<< address >>:<< port >> - identity: << path to my cert.pem >> - credential: << path to my key.pem >> - # Default image if no other explicitly set - # imageId: "cloudsoft/centos:7" - -**Note** The endpoint of a Docker engine is the IP + port where the docker engine is currently running. As for the identity and credential, the Docker engine will generate those by default in `~/.docker/certs` folder, unless you specified them during the installation. - -#### Docker Container based blueprints - -Once your Docker container location has been configured, AMP can launch instances based on a `DockerContainer` entity, this means additional configuration such as custom docker images can be specified. Here's an example which sets up a [Wordpress](https://wordpress.org/) instance: - - # see above for a definition of the location - location: my-docker-engine - - services: - - type: org.apache.brooklyn.container.entity.docker.DockerContainer - id: wordpress-mysql - name: MySQL - brooklyn.config: - mysql.root_password: password - docker.container.imageName: mysql:5.6 - # Maps the port to the host node, making it available for external access - docker.container.inboundPorts: - - "3306" - docker.container.environment: - MYSQL_ROOT_PASSWORD: $brooklyn:config("mysql.root_password") - - type: org.apache.brooklyn.container.entity.docker.DockerContainer - id: wordpress - name: Wordpress - brooklyn.config: - docker.container.imageName: wordpress:4-apache - # Maps the port to the host node, making it available for external access - docker.container.inboundPorts: - - "80" - docker.container.environment: - WORDPRESS_DB_HOST: $brooklyn:entity("wordpress-mysql").attributeWhenReady("host.subnet.address") - WORDPRESS_DB_PASSWORD: $brooklyn:entity("wordpress-mysql").config("mysql.root_password") - -#### Docker container configuration - -To configure the `DockerContainer` entity, the following configuration params are available: - -- **docker.container.disableSsh** Skip checks such as ssh for when docker image doesn't allow ssh; use the default image `cloudsoft/centos:7` for ssh-able image -- **docker.container.imageName** Image name to pull from docker hub; overrides the default one `cloudsoft/centos:7` -- **docker.container.inboundPorts** List of ports, that the docker image maps to the host, opening them to the public -- **docker.container.environment** Environment variables to set on container startup; this must be a map http://git-wip-us.apache.org/repos/asf/brooklyn-server/blob/01457c99/docker-location/docker-swarm-location.md ---------------------------------------------------------------------- diff --git a/docker-location/docker-swarm-location.md b/docker-location/docker-swarm-location.md deleted file mode 100644 index 0c69417..0000000 --- a/docker-location/docker-swarm-location.md +++ /dev/null @@ -1,77 +0,0 @@ ---- -section: Docker Swarm Location -section_type: inline -section_position: 3 ---- - -### Docker Swarm Location - -Cloudsoft AMP can deploy applications to [Docker Swarms](https://www.docker.com/products/docker-swarm) both provisioned by Cloudsoft AMP and set up manually. - -Here is an example catalog item to add a Docker Swarm endpoint to your catalog locations: - - brooklyn.catalog: - id: my-docker-swarm - name: "My Docker Swarm" - itemType: location - item: - type: docker - brooklyn.config: - endpoint: https://<< address >>:<< port >> - identity: << path to my cert.pem >> - credential: << path to my key.pem >> - # Default image if no other explicitly set - # imageId: "cloudsoft/centos:7" - templateOptions: - networkMode: "brooklyn" - -**Note** if you have provisioned your own docker swarm you may need to first pull the Cloudsoft -configured image on the Swarm Manager. Another recommended step is to create a default network for the containers: - - docker -H ${swarm_endpoint} ${TLS_OPTIONS} pull cloudsoft/centos:7 - docker -H ${swarm_endpoint} ${TLS_OPTIONS} images --no-trunc - docker network create --driver=overlay brooklyn - -#### Credentials for Deploying to Docker Swarm - -To deploy to a Docker Swarm endpoint, you'll need pem files for identity/credential. These can -either be copied from one of the Docker Engine VMs, or can be generated locally and signed by -the certificate authority. The actual IP of the client doesn't matter. - -To generate your own certificates and signed them with the example CA server included in AMP (note this is not -recommended for use in a production environment and could be subject to future removal): - - # Create your certificates directory - mkdir -p .certs - - # Get yourself a certificate from the CA - # You can use any IP; to find your IP use `ifconfig` - own_ip=192.168.1.64 - ca=$(br app "Docker Swarm" ent ca-server sensor main.uri) - echo ${ca} - curl -L ${ca}/cacert/ca.pem --output .certs/ca.pem - openssl genrsa -out .certs/key.pem 2048 - openssl req -new -key .certs/key.pem -days 1825 -out .certs/csr.pem -subj "/CN=${own_ip}" - curl -X POST --data-binary @.certs/csr.pem ${ca}/sign > .certs/cert.pem - -To be able to execute `docker ...` commands locally: - - # Set up TLS options to point at your certificates (created above) - CERTS_DIR=$(pwd)/.certs - TLS_OPTIONS="--tlsverify --tlscacert=${CERTS_DIR}/ca.pem --tlscert=${CERTS_DIR}/cert.pem --tlskey=${CERTS_DIR}/key.pem" - - # Check docker works - swarm_endpoint=$(br app "Docker Swarm" ent "swarm-cluster" sensor swarm.url) - echo ${swarm_endpoint} - docker -H ${swarm_endpoint} ${TLS_OPTIONS} ps - - # Run something, and check it is listed - docker -H ${swarm_endpoint} ${TLS_OPTIONS} run hello-world - docker -H ${swarm_endpoint} ${TLS_OPTIONS} ps -a - -Instead of explicit parameters to `docker` you can use its environment variables as follows: - - export DOCKER_HOST=tcp://10.10.10.152:3376 - export DOCKER_TLS_VERIFY=true - export DOCKER_CERT_PATH=$(pwd)/.certs - docker ps -a \ No newline at end of file http://git-wip-us.apache.org/repos/asf/brooklyn-server/blob/01457c99/docs-internal/dev.md ---------------------------------------------------------------------- diff --git a/docs-internal/dev.md b/docs-internal/dev.md deleted file mode 100644 index 7a7a6ee..0000000 --- a/docs-internal/dev.md +++ /dev/null @@ -1,231 +0,0 @@ -### Setup - -1. Run a bleeding-edge AMP (e.g. a very recent snapshot build) - -2. Add each of the .bom files to the catalog - -Using the CLI: - - for b in *.bom tests/*.bom ; do - echo $b - br add-catalog $b || break - done - -Note that the order in which you add the catalog entries matters, as you canât load a file that uses a definition -that hasnât been loaded yet. the loop above relies on the fact that so far the files in alphabetical order are also -in dependency order, just for the convenience of the command. This is really just a convenience and -not an iron rule that we have to keep. - -**or** via the REST API: - - AMP_URL=http://127.0.0.1:8081 - AMP_USER=admin - AMP_PASSWORD=pa55w0rd - BOMS="ca.bom catalog.bom swarm.bom" - BOMS="${BOMS} tests/common.tests.bom tests/docker.tests.bom tests/swarm.tests.bom " - BOMS="${BOMS} tests/jclouds.tests.bom tests/swarm-endpoint.tests.bom " - BOMS="${BOMS} tests/tests.bom tests/existing-swarm.tests.bom" - for i in ${BOMS}; do - curl -u ${AMP_USER}:${AMP_PASSWORD} ${AMP_URL}/v1/catalog --data-binary @${i} || (echo "FAIL ${i}" && break ) - done - - -3. Add the location definition(s) to your test. For example, use the bluebox definitions - that the QA framework uses (don't forget to run the VPN, and to deploy to CentOS 7). - See: - - - https://github.com/cloudsoft/blueprint-qa-seed/blob/master/locations/bluebox-singapore-centos7.bom - - https://github.com/cloudsoft/cloudsoft/wiki/QA%20Framework - - https://github.com/cloudsoft/cloudsoft/wiki/Blue-Box - - br add-catalog https://raw.githubusercontent.com/cloudsoft/blueprint-qa-seed/master/locations/bluebox-singapore-centos7.bom?token=ANfNJ5kY9pvufckGUZZ3mzM4FlHq1D2Aks5XX93owA%3D%3D - -NOTE - you'll have to get a fresh token of your own by going to Github - I find it convenient enough to -navigate to https://github.com/cloudsoft/blueprint-qa-seed/tree/master/locations, pick the cloud I want, hit the -"Raw" button and copy its URL. Also note to add-catalog from https://... make sure you are using a build of `br` from -after 8th May. - - -### Running tests - -To run the suite of tests, use `tests.bom`. For example: - - location: - ibm-bluebox-sng-centos7-vpn - services: - - type: docker-and-swarm-engine-tests - -And to run tests against an existing Swarm endpoint (changing the part to the pem files accordingly): - - location: - jclouds:docker: - endpoint: https://10.104.0.75:3376/ - identity: /Users/aled/.docker/.certs-from-server/cert.pem - credential: /Users/aled/.docker/.certs-from-server/key.pem - # Needed only if running against Brooklyn (no default image) - # imageDescriptionRegex: cloudsoft/centos:7 - loginUser: root - loginUser.password: p4ssw0rd - onbox.base.dir: /tmp - # FIXME Need to cloudsoft/centos image that has 'sudo' and 'which' pre-installed - user: root - # FIXME Need to add 'brooklyn' network to our pre-existing swarm cluster - #templateOptions: - # networkMode: "brooklyn" # the default swarm network - services: - - type: deploy-app-to-swarm-single-node - - type: deploy-app-to-swarm-multi-node - -There is also a test available to test a Riak multi-node deployment, `riak-cluster-to-swarm-multi-node`, but this -currently requires you to do a docker pull of the cloudsoft Ubuntu 14.04 image onto your swarm before you set up -your location. See the comments in swarm-endpoint-tests.bom. - -### Running as an end-user - -#### Docker Engine - -To deploy a simple Docker Engine: - - name: Docker Engine - location: ibm-bluebox-sng-centos7-vpn - services: - - type: docker-engine - -Or a Docker Engine with a container: - - name: Docker Engine with container - location: ibm-bluebox-sng-centos7-vpn - services: - - type: docker-engine - brooklyn.children: - - type: docker-engine-container - container: cloudsoft/centos:7 - - -To deploy a Docker Engine with TLS (which will also require a CA server): - - name: Docker Engine with TLS - location: ibm-bluebox-sng-centos7-vpn - services: - - type: ca-server - id: ca-server - name: "ca-server" - - type: docker-engine-tls - brooklyn.config: - customize.latch: $brooklyn:entity("ca-server").attributeWhenReady("service.isUp") - ca.request.root.url: $brooklyn:entity("ca-server").attributeWhenReady("main.uri") - -#### VM with Single Docker Container - -To deploy a VM with a single container running on it: - - name: VM with Container - location: ibm-bluebox-sng-centos7-vpn - services: - - type: docker-vm-container - brooklyn.config: - docker.image: redis:latest - - -#### Docker Swarm - -To deploy a Docker Swarm cluster: - - name: Docker Swarm - location: ibm-bluebox-sng-centos7-vpn - services: - - type: docker-swarm - brooklyn.config: - swarm.initial.size: 1 - etcd.initial.size: 1 - - -#### Deploying apps to Docker - -To deploy to an entity to an existing Docker Swarm endpoint (first changing the path to the -cert.pem and key.pem - see next section for how to get those files). If targeting a Docker -Engine directly, use port 2376; if targeting swarm, use 3376: - - name: SoftwareProcess on Docker - location: - jclouds:docker: - endpoint: https://10.104.0.105:2376/ - identity: /Users/aled/.docker/.certs-from-server/cert.pem - credential: /Users/aled/.docker/.certs-from-server/key.pem - # Needed only if running against Brooklyn (no default image) - # imageDescriptionRegex: cloudsoft/centos:7 - loginUser: root - loginUser.password: p4ssw0rd - onbox.base.dir: /tmp - services: - - type: org.apache.brooklyn.entity.machine.MachineEntity - brooklyn.config: - onbox.base.dir.skipResolution: true - sshMonitoring.enabled: false - -Note you may need to first pull the image (depending how the Swarm cluster was provisioned): - - docker -H ${swarm_endpoint} ${TLS_OPTIONS} pull cloudsoft/centos:7 - docker -H ${swarm_endpoint} ${TLS_OPTIONS} images --no-trunc - -Warning: jclouds-docker is currently broken against docker-engine, but works against swarm (as of 8/6/16) -https://github.com/jclouds/jclouds-labs/commit/7e55ad7971f94b19068cd8da32295d2ab5b9c18c -added "Node" but this is not returned by docker-engine rest api when inspecting a container. - - -### Credentials for Deploying to Docker Swarm - -To deploy to a Docker Swarm endpoint, you'll need pem files for identity/credential. These can -either be copied from one of the Docker Engine VMs, or can be generated from the certificate -authority. The actual IP of the client doesn't matter. - -To generate your own certificates from the CA server rest api that we wrote (note this is subject -to deletion in a future release!): - - # Create your certificates directory - mkdir -p .certs - - # Get yourself a certificate from the CA - # You can use any IP; to find your IP use `ifconfig` - own_ip=192.168.1.64 - ca=$(br app "Docker Swarm" ent ca-server sensor main.uri) - echo ${ca} - curl -X POST ${ca}/generate/${own_ip} - curl ${ca}/cert/${own_ip}/ca.pem > .certs/ca.pem - curl ${ca}/cert/${own_ip}/cert.pem > .certs/cert.pem - curl ${ca}/cert/${own_ip}/key.pem > .certs/key.pem - -To be able to execute `docker ...` commands locally: - - # Set up TLS options to point at your certificates - CERTS_DIR=${HOME}/.docker/.certs - TLS_OPTIONS="--tlsverify --tlscacert=${CERTS_DIR}/ca.pem --tlscert=${CERTS_DIR}/cert.pem --tlskey=${CERTS_DIR}/key.pem" - - # Check docker works - swarm_endpoint=$(br app "Docker Swarm" ent "swarm-cluster" sensor swarm.url) - echo ${swarm_endpoint} - docker -H ${swarm_endpoint} ${TLS_OPTIONS} ps - - # Run something, and check it is listed - docker -H ${swarm_endpoint} ${TLS_OPTIONS} run hello-world - docker -H ${swarm_endpoint} ${TLS_OPTIONS} ps -a - -Instead of explicit parameters to `docker` you can use its environment variables as follows: - - export DOCKER_HOST=tcp://10.10.10.152:3376 - export DOCKER_TLS_VERIFY=true - export DOCKER_CERT_PATH=.certs - docker ps -a - - -### Building a Docker Image - -To manually test a docker image: - - IMAGES_REPO=~/repos/cloudsoft/container-service-images - IMAGE_NAME=temp/ubuntu:14.04 - - cd ${IMAGES_REPO}/ubuntu-14.04 - docker build -t ${IMAGE_NAME} . - - docker run -P -d -e "CLOUDSOFT_ROOT_PASSWORD=mypa55word" ${IMAGE_NAME} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/brooklyn-server/blob/01457c99/getcert.sh ---------------------------------------------------------------------- diff --git a/getcert.sh b/getcert.sh deleted file mode 100755 index 9e59074..0000000 --- a/getcert.sh +++ /dev/null @@ -1,15 +0,0 @@ -#!/usr/bin/env bash - -# Utility script for developers to get a certificate from a ca-server -# use like getcert.sh $HOME/.certs http://10.20.30.40:8080 (where that is the IP of your CA server) - -CERT_DIR=$1 -CA=$2 - -set -e - -mkdir -p ${CERT_DIR} -curl -L ${CA}/cacert/ca.pem --output ${CERT_DIR}/ca.pem -openssl genrsa -out ${CERT_DIR}/key.pem 2048 -openssl req -new -key ${CERT_DIR}/key.pem -days 1825 -out ${CERT_DIR}/csr.pem -subj "/CN=$(hostname)" -curl -X POST --data-binary @${CERT_DIR}/csr.pem ${CA}/sign > ${CERT_DIR}/cert.pem http://git-wip-us.apache.org/repos/asf/brooklyn-server/blob/01457c99/kubernetes-location/README.md ---------------------------------------------------------------------- diff --git a/kubernetes-location/README.md b/kubernetes-location/README.md deleted file mode 100644 index 6feadc4..0000000 --- a/kubernetes-location/README.md +++ /dev/null @@ -1,154 +0,0 @@ ---- -section: Kubernetes Location -section_type: inline -section_position: 4 ---- - -### Kubernetes Location - -Cloudsoft AMP can deploy applications to [Kubernetes](http://kubernetes.io/) (k8s) clusters both provisioned by Cloudsoft AMP and set up manually. - -Here is an example catalog item to add a Kubernetes endpoint to your catalog locations: - - brooklyn.catalog: - id: my-kubernetes-cluster - name: "My Kubernetes Cluster" - itemType: location - item: - type: kubernetes - brooklyn.config: - endpoint: << endpoint >> - identity: "guest" - credential: "guest" - image: "cloudsoft/centos:7" - loginUser.password: "p4ssw0rd" - -There are a lot of ways to authenticate with kubernetes. AMP configuration for these are documented in the [reference](kubernetes-location-configuration). For example to use client -certificates use the following example yaml: - - brooklyn.catalog: - id: my-kubernetes-cluster - name: "My Kubernetes Cluster" - itemType: location - item: - type: kubernetes - brooklyn.config: - endpoint: << endpoint >> - caCertData: | - << Generated Ca Cert (see below) >> - clientCertData: | - << Generated Cert (see below) >> - clientKeyData: | - << Generated client key (see below) >> - image: "cloudsoft/centos:7" - loginUser.password: "p4ssw0rd" - -AMP Deploys to a Kubernetes cluster by modelling a `KubernetesPod` entity which is made up of multiple heterogeneous `DockerContainer` entities. - -#### Plain-AMP blueprints - -Standard AMP blueprints can be deployed within a K8s cluster, here's a simple example: - - location: - << see above >> - - services: - - type: org.apache.brooklyn.entity.software.base.VanillaSoftwareProcess - name: "Simple Netcat Server" - brooklyn.config: - provisioning.properties: - inboundPorts: [ 22, 4321 ] - env: - CLOUDSOFT_ROOT_PASSWORD: "p4ssw0rd" - launch.command: | - yum install -y nc - echo hello | nc -l 4321 & - echo $! > $PID_FILE - -For each entity AMP will create a [_Deployment_](http://kubernetes.io/docs/user-guide/deployments/). -This deployment contains a [_ReplicaSet_](http://kubernetes.io/docs/user-guide/replicasets/) -of replicas (defaulting to one) of a [_Pod_](http://kubernetes.io/docs/user-guide/pods/). -Each pod contains a single SSHable container based on the `cloudsoft/centos:7` image. - -It will then install and launch the entity. Each `inboundPort` will be exposed as a -[_NodePort_](http://kubernetes.io/docs/user-guide/services/#type-nodeport) in a _Service_. - -The config options in the `provisioning.properties` section allow the location to be further customized for each entity, as follows: - -- **env** The `cloudsoft/centos:7` image uses an environment variable named `CLOUDSOFT_ROOT_PASSWORD` - to assign the SSH login user password. This must match the `loginUser.password` configuration on the location. -- **inboundPorts** The set of ports that should be exposed by the service. - -#### Docker Container based blueprints - -Alternatively AMP can launch instances based on a `DockerContainer`, this means additional configuration such as custom docker images can be specified. Here's an example which sets up a [Wordpress](https://wordpress.org/) instance: - - location: - << see above >> - - services: - - type: org.apache.brooklyn.container.entity.kubernetes.KubernetesPod - brooklyn.children: - - type: org.apache.brooklyn.container.entity.docker.DockerContainer - id: wordpress-mysql - name: "MySQL" - brooklyn.config: - docker.container.imageName: mysql:5.6 - docker.container.inboundPorts: [ "3306" ] - docker.container.environment: - MYSQL_ROOT_PASSWORD: "password" - provisioning.properties: - deployment: wordpress-mysql - - type: org.apache.brooklyn.container.entity.docker.DockerContainer - id: wordpress - name: "Wordpress" - brooklyn.config: - docker.container.imageName: wordpress:4-apache - docker.container.inboundPorts: [ "80" ] - docker.container.environment: - WORDPRESS_DB_HOST: "wordpress-mysql" - WORDPRESS_DB_PASSWORD: "password" - -The `DockerContainer` entities each create their own _DeploymentConfig_, _ReplicationController_ and _Pod_ entities, -in the same way as the standard AMP blueprint entities above. Each container entity can be further configured using the following options: - -- **docker.container.imageName** The Docker image to use for the container -- **docker.container.inboundPorts** The set of ports on the container that should be exposed -- **docker.container.environment** A map of environment variables for the container - -Note the use of **deployment** in the `provisioning.properties` configuration, to set the hostname of the MySQL container to allow the Wordpress Apache server to connect to it. - -#### Kubernetes location configuration - -To configure the kubernetes location for different kubernetes setups the following configuration params are available. - -- **caCertData** Data for CA certificate -- **caCertFile** URL of resource containing CA certificate data -- **clientCertData** Data for client certificate -- **clientCertFile** URL of resource containing client certificate data -- **clientKeyData** Data for client key -- **clientKeyFile** URL of resource containing client key data -- **clientKeyAlgo** Algorithm used for the client key -- **clientKeyPassphrase** Passphrase used for the client key -- **oauthToken** The OAuth token data for the current user -- **namespace** Namespace where resources will live; the default is 'amp' -- **namespace.create** Whether to create the namespace if it does not exist - - **default** true -- **namespace.deleteEmpty** Whether to delete an empty namespace when releasing resources - - **default** false -- **persistentVolumes** Set up persistent volumes. -- **deployment** The name of the service the deployment will use. -- **image** Docker image to be deployed into the pod -- **osFamily** OS family, e.g. CentOS, Ubuntu -- **osVersionRegex** Regular expression for the OS version to load -- **env** Environment variables to inject when starting a container -- **replicas** Number of replicas of the pod - - **default** 1 -- **secrets** Kubernetes secrets to be added to the pod -- **limits** Kubernetes resource limits -- **privileged** Whether Kubernetes should allow privileged containers - - **default** false -- **loginUser** Override the user who logs in initially to perform setup - - **default** root -- **loginUser.password** Custom password for the user who logs in initially -- **injectLoginCredential** Whether to inject login credentials (if null, will infer from image choice); ignored if explicit 'loginUser.password' supplied http://git-wip-us.apache.org/repos/asf/brooklyn-server/blob/01457c99/openshift-location/README.md ---------------------------------------------------------------------- diff --git a/openshift-location/README.md b/openshift-location/README.md deleted file mode 100644 index 7cefbd6..0000000 --- a/openshift-location/README.md +++ /dev/null @@ -1,171 +0,0 @@ ---- -section: OpenShift Location -section_type: inline -section_position: 5 ---- - -### OpenShift Location - -Cloudsoft AMP can deploy applications to Red Hat [OpenShift](https://www.openshift.com/) clusters. - -Here is an example catalog item to add an OpenShift endpoint to your catalog locations: - - brooklyn.catalog: - id: my-openshift-cluster - name: "My Openshift Cluster" - itemType: location - item: - type: openshift - brooklyn.config: - endpoint: << endpoint >> - caCertData: | - << Generated Ca Cert (see below) >> - clientCertData: | - << Generated Cert (see below) >> - clientKeyData: | - << Generated client key (see below) >> - namespace: << project name >> - privileged: true - -* Endpoint - -The endpoint key is the https URL of your OpenShift master. AMP connects to this to provision applications on the -cluster. - -* OpenShift Authorization - -The `caCertData`, `clientCertData` and `clientKeyData` are the credentials for your OpenShift cluster. Note that -they can also be given as paths to files using the keys `caCertFile`, `clientCertFile` and `clientKeyFile`. See the -[OpenShift documentation](https://docs.openshift.com/enterprise/3.1/install_config/certificate_customization.html) for -more detail on the content of these. - -An alternate way of authorizing your OpenShift is using OAuth. To obtain the token required you must use the `oc` command-line tool, -first to log in to OpenShift and then to display the token value, using the `whoami` command: - - oc login << endpoint >> - oc whoami -t - -Which will output the token to the command line: - - mzUTj0JmWDYLSspumvW5B74rn8geKd6Qll11IPkaqeE - -This is then set as the `oauthToken` field in the location: - - brooklyn.catalog: - id: my-openshift-cluster - name: "My Openshift Cluster" - itemType: location - item: - type: openshift - brooklyn.config: - endpoint: << endpoint >> - oauthToken: mzUTj0JmWDYLSspumvW5B74rn8geKd6Qll11IPkaqeE - namespace: << project name >> - privileged: true - -* Namespace - -The `namespace` key relates to the project in which your AMP managed applications will deploy. If no project exists, -you will first need to log into your OpenShift cluster and create a project. The `namespace` key should then contain -the ID of this. - -#### OpenShift Configuration - -AMP requires that you configure your OpenShift instance with the following options to allow it to fully provision and manage -applications. - -* Container Privileges - -Depending on how the images you wish to use have been created, you may need to set up accounts and permissions to allow them to run. -Containers written for the OpenShift platform follow certain rules such as logging to the console to allow centralized log -management or avoiding the `root` user since the platform will use an arbitrary user id. For applications that follow these rules -the default `restricted` security constraints are all that is needed. When using images from Docker Hub, or the `cloudsoft/centos:7` -image used by native AMP entities, privileged access must be enabled. This can be done by creating a new user for your application, -and assigning it the `privileged` or `anyuid` security constraints as described in the [documentation](https://docs.openshift.org/latest/admin_guide/manage_scc.html). - -Alternatively, for development systems where security is not an issue, you can edit the `restricted` constraint directly, and -set the configuration option `allowPrivilegedContainer` to `true` and `runAsUser` to have type `RunAsAny`. This can be configured -using the [oc command](https://docs.openshift.org/latest/cli_reference/index.html) to edit the cluster configuration: - - oc login << endpoint >> - sudo oc edit scc restricted - -#### Plain-AMP blueprints - -Standard AMP blueprints can be deployed within an OpenShift cluster, here's a simple example: - - location: - << see above >> - - services: - - type: org.apache.brooklyn.entity.software.base.VanillaSoftwareProcess - name: "Simple Netcat Server" - brooklyn.config: - provisioning.properties: - inboundPorts: [ 22, 4321 ] - env: - CLOUDSOFT_ROOT_PASSWORD: "p4ssw0rd" - launch.command: | - yum install -y nc - echo hello | nc -l 4321 & - echo $! > $PID_FILE - -For each entity AMP will create a [_DeploymentConfig_](https://docs.openshift.org/latest/architecture/core_concepts/deployments.html#deployments-and-deployment-configurations). -This deployment configuration contains a [_ReplicationController_](https://kubernetes.io/docs/user-guide/replication-controller/) -with replicas (defaulting to one) of a [_Pod_](http://kubernetes.io/docs/user-guide/pods/). -Each pod contains a single SSHable container based on the `cloudsoft/centos:7` image. - -It will then install and launch the entity. Each `inboundPort` will be exposed as a -[_NodePort_](http://kubernetes.io/docs/user-guide/services/#type-nodeport) in a _Service_. - -The config options in the `provisioning.properties` section allow the location to be further customized for each entity, as follows: - -- **env** The `cloudsoft/centos:7` image uses an environment variable named `CLOUDSOFT_ROOT_PASSWORD` - to assign the SSH login user password. This must match the `loginUser.password` configuration on the location. -- **inboundPorts** The set of ports that should be exposed by the service. - -Note the use of **deployment** in the `provisioning.properties` configuration, to set the hostname of the MySQL container to allow the Wordpress Apache server to connect to it. - -#### DockerContainer based blueprints - -Alternatively AMP can launch instances based on a `DockerContainer`, this means additional configuration such as custom docker images can be specified. Here's an example which sets up a [Wordpress](https://wordpress.org/) instance: - - location: - << see above >> - - services: - - type: org.apache.brooklyn.container.entity.kubernetes.KubernetesPod - brooklyn.children: - - type: org.apache.brooklyn.container.entity.docker.DockerContainer - id: wordpress-mysql - name: "MySQL" - brooklyn.config: - docker.container.imageName: mysql:5.6 - docker.container.inboundPorts: [ "3306" ] - docker.container.environment: - MYSQL_ROOT_PASSWORD: "password" - provisioning.properties: - deployment: wordpress-mysql - - type: org.apache.brooklyn.container.entity.docker.DockerContainer - id: wordpress - name: "Wordpress" - brooklyn.config: - docker.container.imageName: wordpress:4-apache - docker.container.inboundPorts: [ "80" ] - docker.container.environment: - WORDPRESS_DB_HOST: "wordpress-mysql" - WORDPRESS_DB_PASSWORD: "password" - -The `DockerContainer` entities each create their own _DeploymentConfig_, _ReplicationController_ and _Pod_ entities, -in the same way as the standard AMP blueprint entities above. Each container entity can be further configured using the following options: - -- **docker.container.imageName** The Docker image to use for the container -- **docker.container.inboundPorts** The set of ports on the container that should be exposed -- **docker.container.environment** A map of environment variables for the container - -#### OpenShift location configuration - -The OpenShift location uses the same configuration options as the [Kubernetes](../kubernetes-location/README.md) -location, with the following exception: - -- **namespace** Also refers to the OpenShift project the Pod will be started in. http://git-wip-us.apache.org/repos/asf/brooklyn-server/blob/01457c99/tests/generic-application.tests.bom ---------------------------------------------------------------------- diff --git a/tests/generic-application.tests.bom b/tests/generic-application.tests.bom index c871f06..b6007a9 100644 --- a/tests/generic-application.tests.bom +++ b/tests/generic-application.tests.bom @@ -11,7 +11,7 @@ # - app comes up # - via nginx, we can connect to the web-app # - via nginx (and the web-app), we can write to the database and read from database - # + # # The different variants of the test will: # - everything running in cluster; # See "multi-node-app-cluster". @@ -25,17 +25,17 @@ # # It assumes that the tests are run against a location in which VMs can be provisioned # (which is then overridden where "testing-cluster" should instead be used). For example, - # "multi-node-app-cloud-to-cluster" deploys nginx to the location passed in; and + # "multi-node-app-cloud-to-cluster" deploys nginx to the location passed in; and # deploys the tomcat-webapp-cluster to "testing-cluster". ## - + brooklyn.catalog: version: "2.1.0-SNAPSHOT" # CONTAINER_SERVICE_VERSION iconUrl: https://raw.githubusercontent.com/docker-library/docs/471fa6e4cb58062ccbf91afc111980f9c7004981/swarm/logo.png dependsOn: # From https://github.com/brooklyncentral/common-catalog-utils - commontests/common.tests.bom - license_code: CLOUDSOFT-1.0 + license_code: Apache-2.0 items: http://git-wip-us.apache.org/repos/asf/brooklyn-server/blob/01457c99/tests/generic.tests.bom ---------------------------------------------------------------------- diff --git a/tests/generic.tests.bom b/tests/generic.tests.bom index 69acc1b..ec349a2 100644 --- a/tests/generic.tests.bom +++ b/tests/generic.tests.bom @@ -4,12 +4,12 @@ brooklyn.catalog: dependsOn: # From https://github.com/brooklyncentral/common-catalog-utils - commontests/common.tests.bom - license_code: CLOUDSOFT-1.0 + license_code: Apache-2.0 items: - "https://raw.githubusercontent.com/brooklyncentral/common-catalog-utils/master/common-tests/src/main/resources/commontests/common.tests.bom" - + - id: cluster-endpoint-tests name: "Cluster Endpoint Deployment Tests" description: | http://git-wip-us.apache.org/repos/asf/brooklyn-server/blob/01457c99/tests/swarm-location.tests.bom ---------------------------------------------------------------------- diff --git a/tests/swarm-location.tests.bom b/tests/swarm-location.tests.bom index c8c1abc..3a1f0b5 100644 --- a/tests/swarm-location.tests.bom +++ b/tests/swarm-location.tests.bom @@ -4,7 +4,7 @@ brooklyn.catalog: dependsOn: # From https://github.com/brooklyncentral/common-catalog-utils - commontests/common.tests.bom - license_code: CLOUDSOFT-1.0 + license_code: Apache-2.0 ## # To test stop effector: @@ -49,7 +49,7 @@ brooklyn.catalog: ## items: - + ## # Wrapper test ##
