From 1a7cfe1d0f78404383e84a85267a1b4051de99e2 Mon Sep 17 00:00:00 2001 From: Jason Montleon Date: Tue, 31 Oct 2023 13:19:16 -0400 Subject: [PATCH] :sparkles: Migrate Pathfinder assessments and remove Pathfinder Signed-off-by: Jason Montleon --- .github/actions/install-tackle/action.yml | 5 - .github/workflows/create-release.yml | 2 - Dockerfile | 6 + README.md | 4 - ...nveyor-operator.clusterserviceversion.yaml | 7 +- config/manager/manager.yaml | 2 - ...nveyor-operator.clusterserviceversion.yaml | 1 - docs/installation-macos.md | 2 - hack/install-tackle.sh | 2 - roles/tackle/defaults/main.yml | 27 +-- roles/tackle/tasks/main.yml | 176 +++++++++++------- roles/tackle/templates/deployment-hub.yml.j2 | 3 - .../deployment-pathfinder-postgresql.yml.j2 | 93 --------- .../templates/deployment-pathfinder.yml.j2 | 94 ---------- ...ntvolumeclaim-pathfinder-postgresql.yml.j2 | 22 --- .../secret-pathfinder-postgresql.yml.j2 | 14 -- .../service-pathfinder-postgresql.yml.j2 | 20 -- .../templates/service-pathfinder.yml.j2 | 25 --- tools/templates/clusterserviceversion.yaml.j2 | 5 - tools/upgrades/jwt.sh | 28 +++ .../migrate-pathfinder-assessments.py | 1 + 21 files changed, 146 insertions(+), 393 deletions(-) delete mode 100644 roles/tackle/templates/deployment-pathfinder-postgresql.yml.j2 delete mode 100644 roles/tackle/templates/deployment-pathfinder.yml.j2 delete mode 100644 roles/tackle/templates/persistentvolumeclaim-pathfinder-postgresql.yml.j2 delete mode 100644 roles/tackle/templates/secret-pathfinder-postgresql.yml.j2 delete mode 100644 roles/tackle/templates/service-pathfinder-postgresql.yml.j2 delete mode 100644 roles/tackle/templates/service-pathfinder.yml.j2 create mode 100755 tools/upgrades/jwt.sh diff --git a/.github/actions/install-tackle/action.yml b/.github/actions/install-tackle/action.yml index f750ba8..4939a4c 100644 --- a/.github/actions/install-tackle/action.yml +++ b/.github/actions/install-tackle/action.yml @@ -10,10 +10,6 @@ inputs: description: "image url for tackle-hub" required: false default: "quay.io/konveyor/tackle2-hub:latest" - pathfinder-image: - description: "image url for pathfinder image" - required: false - default: "quay.io/konveyor/tackle-pathfinder:1.3.0-native" ui-image: description: "image url for tackle-ui" required: false @@ -47,7 +43,6 @@ runs: run: | export OPERATOR_BUNDLE_IMAGE="${{ inputs.operator-bundle-image }}" export HUB_IMAGE="${{ inputs.hub-image }}" - export PATHFINDER_IMAGE="${{ inputs.pathfinder-image }}" export UI_IMAGE="${{ inputs.ui-image }}" export ADDON_ADMIN_IMAGE="${{ inputs.addon-admin-image }}" export ADDON_ANALYZER_IMAGE="${{ inputs.addon-analyzer-image }}" diff --git a/.github/workflows/create-release.yml b/.github/workflows/create-release.yml index 1e18678..c265c78 100644 --- a/.github/workflows/create-release.yml +++ b/.github/workflows/create-release.yml @@ -106,8 +106,6 @@ jobs: image: konveyor/tackle2-addon - repo: konveyor/operator image: konveyor/tackle2-operator - - repo: konveyor/tackle-pathfinder - image: konveyor/tackle-pathfinder - repo: konveyor/tackle-keycloak-theme image: konveyor/tackle-keycloak-init fail-fast: true diff --git a/Dockerfile b/Dockerfile index 1f2614a..59c7913 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,12 @@ ARG OPERATOR_SDK_VERSION=v1.28.1 FROM quay.io/operator-framework/ansible-operator:$OPERATOR_SDK_VERSION +USER 0 +COPY tools/upgrades/migrate-pathfinder-assessments.py /usr/local/bin/migrate-pathfinder-assessments.py +COPY tools/upgrades/jwt.sh /usr/local/bin/jwt.sh +RUN dnf -y install openssl && dnf clean all +USER 1001 + COPY requirements.yml ${HOME}/requirements.yml RUN ansible-galaxy collection install -r ${HOME}/requirements.yml \ && chmod -R ug+rwx ${HOME}/.ansible diff --git a/README.md b/README.md index 7bac799..c5fd7a8 100644 --- a/README.md +++ b/README.md @@ -94,8 +94,6 @@ tackle-hub-6b6ff674dd-c6xbr 1/1 Running tackle-keycloak-postgresql-57f5c44bcc-r9w9s 1/1 Running 0 131m tackle-keycloak-sso-c65cd79bf-6j4xr 1/1 Running 0 130m tackle-operator-6b65fccb7f-q9lpf 1/1 Running 0 133m -tackle-pathfinder-6c58447d8f-rd6rr 1/1 Running 0 130m -tackle-pathfinder-postgresql-5fff469bcc-bc5z2 1/1 Running 0 130m tackle-ui-5f694bddcb-scbh5 1/1 Running 0 130m ``` You can access the Konveyor UI in your browser through the `$(minikube ip)` IP. @@ -145,7 +143,6 @@ rwx_supported: | true | Whether or not RWX volumes are supported in the cluster hub_database_volume_size | 5Gi | Size requested for Hub database volume hub_bucket_volume_size | 100gi | Size requested for Hub bucket volume keycloak_database_data_volume_size | 1Gi | Size requested for Keycloak DB volume -pathfinder_database_data_volume_size | 1Gi | Size requested for Pathfinder DB volume cache_data_volume_size | 100Gi | Size requested for Tackle Cache volume cache_storage_class | N/A | Storage class requested for Tackle Cache volume hub_bucket_storage_class | N/A | Storage class requested for Tackle Hub Bucket volume @@ -165,7 +162,6 @@ Name | Default Size | Access Mode | Description hub database | 5Gi | RWO | Hub DB hub bucket | 100Gi | RWX | Hub file storage keycloak postgresql | 1Gi | RWO | Keycloak backend DB -pathfinder postgresql | 1Gi | RWO | Pathfinder backend DB cache | 100Gi | RWX | cache repository ### Konveyor Storage Custom Settings Example diff --git a/bundle/manifests/konveyor-operator.clusterserviceversion.yaml b/bundle/manifests/konveyor-operator.clusterserviceversion.yaml index a38cd57..352935b 100644 --- a/bundle/manifests/konveyor-operator.clusterserviceversion.yaml +++ b/bundle/manifests/konveyor-operator.clusterserviceversion.yaml @@ -20,7 +20,7 @@ metadata: categories: Modernization & Migration certified: "false" containerImage: quay.io/konveyor/tackle2-operator:latest - createdAt: "2023-10-23T14:59:12Z" + createdAt: "2023-10-31T20:13:44Z" description: Konveyor is an open-source application modernization platform that helps organizations safely and predictably modernize applications to Kubernetes at scale. @@ -71,7 +71,6 @@ spec: * Hub, to manage the application inventory and coordinate the migration process. * UI, the web console to manage the application inventory and drive the migration waves. - * Pathfinder, a service to manage the assessment questionnaires. Authentication capabilities may be enabled via the `feature_auth_required` parameter in the Tackle CR. When enabled, the Operator installs the following components: * Keycloak, to manage authentication, including with 3rd-party providers. @@ -171,8 +170,6 @@ spec: value: quay.io/konveyor/tackle2-hub:latest - name: RELATED_IMAGE_TACKLE_POSTGRES value: quay.io/centos7/postgresql-12-centos7:latest - - name: RELATED_IMAGE_PATHFINDER - value: quay.io/konveyor/tackle-pathfinder:1.3.1-native - name: RELATED_IMAGE_KEYCLOAK_SSO value: quay.io/keycloak/keycloak:18.0.2-legacy - name: RELATED_IMAGE_KEYCLOAK_INIT @@ -361,8 +358,6 @@ spec: name: tackle-hub - image: quay.io/centos7/postgresql-12-centos7:latest name: tackle-postgres - - image: quay.io/konveyor/tackle-pathfinder:1.3.1-native - name: pathfinder - image: quay.io/keycloak/keycloak:18.0.2-legacy name: keycloak-sso - image: quay.io/konveyor/tackle-keycloak-init:latest diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml index 319d28f..d28efd5 100644 --- a/config/manager/manager.yaml +++ b/config/manager/manager.yaml @@ -48,8 +48,6 @@ spec: value: quay.io/konveyor/tackle2-hub:latest - name: RELATED_IMAGE_TACKLE_POSTGRES value: quay.io/centos7/postgresql-12-centos7:latest - - name: RELATED_IMAGE_PATHFINDER - value: quay.io/konveyor/tackle-pathfinder:1.3.1-native - name: RELATED_IMAGE_KEYCLOAK_SSO value: quay.io/keycloak/keycloak:18.0.2-legacy - name: RELATED_IMAGE_KEYCLOAK_INIT diff --git a/config/manifests/bases/konveyor-operator.clusterserviceversion.yaml b/config/manifests/bases/konveyor-operator.clusterserviceversion.yaml index 9650aa0..44c9cef 100644 --- a/config/manifests/bases/konveyor-operator.clusterserviceversion.yaml +++ b/config/manifests/bases/konveyor-operator.clusterserviceversion.yaml @@ -55,7 +55,6 @@ spec: * Hub, to manage the application inventory and coordinate the migration process. * UI, the web console to manage the application inventory and drive the migration waves. - * Pathfinder, a service to manage the assessment questionnaires. Authentication capabilities may be enabled via the `feature_auth_required` parameter in the Tackle CR. When enabled, the Operator installs the following components: * Keycloak, to manage authentication, including with 3rd-party providers. diff --git a/docs/installation-macos.md b/docs/installation-macos.md index febbd41..91105c2 100644 --- a/docs/installation-macos.md +++ b/docs/installation-macos.md @@ -41,8 +41,6 @@ $ kubectl get pods -n my-konveyor-operator NAME READY STATUS RESTARTS AGE tackle-hub-7f7cc9d574-b5kkl 1/1 Running 0 109m tackle-operator-56c574d689-jmvs7 1/1 Running 0 111m -tackle-pathfinder-7688f4ddc5-wmv9v 1/1 Running 0 109m -tackle-pathfinder-postgresql-fbd985767-glx8k 1/1 Running 0 109m tackle-ui-5bdb565bcd-g6gsr 1/1 Running 0 109m task-1-x6fmv 0/1 Completed 0 4m6s ``` diff --git a/hack/install-tackle.sh b/hack/install-tackle.sh index fe8d5af..f22b8f3 100755 --- a/hack/install-tackle.sh +++ b/hack/install-tackle.sh @@ -20,7 +20,6 @@ export PATH="${__bin_dir}:${PATH}" NAMESPACE="${NAMESPACE:-konveyor-tackle}" OPERATOR_BUNDLE_IMAGE="${OPERATOR_BUNDLE_IMAGE:-quay.io/konveyor/tackle2-operator-bundle:latest}" HUB_IMAGE="${HUB_IMAGE:-quay.io/konveyor/tackle2-hub:latest}" -PATHFINDER_IMAGE="${PATHFINDER_IMAGE:-quay.io/konveyor/tackle-pathfinder:1.3.0-native}" UI_IMAGE="${UI_IMAGE:-quay.io/konveyor/tackle2-ui:latest}" UI_INGRESS_CLASS_NAME="${UI_INGRESS_CLASS_NAME:-nginx}" ADDON_ADMIN_IMAGE="${ADDON_ADMIN_IMAGE:-quay.io/konveyor/tackle2-addon:latest}" @@ -73,7 +72,6 @@ metadata: spec: feature_auth_required: ${FEATURE_AUTH_REQUIRED} hub_image_fqin: ${HUB_IMAGE} - pathfinder_image_fqin: ${PATHFINDER_IMAGE} ui_image_fqin: ${UI_IMAGE} ui_ingress_class_name: ${UI_INGRESS_CLASS_NAME} admin_fqin: ${ADDON_ADMIN_IMAGE} diff --git a/roles/tackle/defaults/main.yml b/roles/tackle/defaults/main.yml index 728d13f..5b45204 100644 --- a/roles/tackle/defaults/main.yml +++ b/roles/tackle/defaults/main.yml @@ -9,7 +9,6 @@ app_version: "{{ lookup('env', 'VERSION') }}" feature_auth_required: "{{ false if app_profile == 'konveyor' else true }}" feature_auth_type: keycloak feature_isolate_namespace: true -feature_pathfinder: true # Environment openshift_cluster: false @@ -53,41 +52,17 @@ hub_log_level: 3 hub_metrics_enabled: true hub_metrics_port: "2112" -pathfinder_database_image_fqin: "{{ lookup('env', 'RELATED_IMAGE_TACKLE_POSTGRES') }}" +pathfinder_delete_db_volume: false pathfinder_database_name: "pathfinder" pathfinder_database_component_name: "postgresql" pathfinder_database_service_name: "{{ app_name }}-{{ pathfinder_database_name }}-{{ pathfinder_database_component_name }}" pathfinder_database_secret_name: "{{ pathfinder_database_service_name }}" pathfinder_database_deployment_name: "{{ pathfinder_database_service_name }}" -pathfinder_database_deployment_strategy: "Recreate" -pathfinder_database_deployment_replicas: "1" -pathfinder_database_container_name: "{{ pathfinder_database_service_name }}" -pathfinder_database_container_limits_cpu: "500m" -pathfinder_database_container_limits_memory: "800Mi" -pathfinder_database_container_requests_cpu: "100m" -pathfinder_database_container_requests_memory: "350Mi" -pathfinder_database_data_volume_name: "{{ pathfinder_database_service_name }}-database" -pathfinder_database_data_volume_size: "1Gi" -pathfinder_database_data_volume_path: "/var/lib/pgsql" pathfinder_database_data_volume_claim_name: "{{ pathfinder_database_service_name }}-volume-claim" -pathfinder_database_db_name: "pathfinder_db" -pathfinder_database_db_name_b64: "{{ pathfinder_database_db_name | b64encode }}" -pathfinder_image_fqin: "{{ lookup('env', 'RELATED_IMAGE_PATHFINDER') }}" pathfinder_component_name: "pathfinder" pathfinder_service_name: "{{ app_name }}-{{ pathfinder_component_name }}" pathfinder_deployment_name: "{{ pathfinder_service_name }}" -pathfinder_deployment_replicas: "1" -pathfinder_container_name: "{{ pathfinder_service_name }}" -pathfinder_container_limits_cpu: "1000m" -pathfinder_container_limits_memory: "2Gi" -pathfinder_container_requests_cpu: "100m" -pathfinder_container_requests_memory: "350Mi" -pathfinder_tls_enabled: false -pathfinder_tls_secret_name: "{{ pathfinder_service_name }}-serving-cert" -pathfinder_port: "{{ '8443' if pathfinder_tls_enabled | bool else '8080' }}" -pathfinder_proto: "{{ 'https' if pathfinder_tls_enabled | bool else 'http' }}" -pathfinder_url: "{{ pathfinder_proto }}://{{ pathfinder_service_name }}.{{ app_namespace }}.svc:{{ pathfinder_port }}" keycloak_database_image_fqin: "{{ lookup('env', 'RELATED_IMAGE_TACKLE_POSTGRES') }}" keycloak_database_name: "keycloak" diff --git a/roles/tackle/tasks/main.yml b/roles/tackle/tasks/main.yml index 43c5ccd..b0b4d76 100644 --- a/roles/tackle/tasks/main.yml +++ b/roles/tackle/tasks/main.yml @@ -272,72 +272,6 @@ retries: 30 delay: 5 -- when: - - feature_pathfinder|bool - block: - - name: "Setup PathFinder PostgreSQL PersistentVolume" - k8s: - state: present - definition: "{{ lookup('template', 'persistentvolumeclaim-pathfinder-postgresql.yml.j2') }}" - - - name: "Check if PathFinder PostgreSQL Secret exists already so we don't update it" - k8s_info: - api_version: v1 - kind: Secret - name: "{{ pathfinder_database_secret_name }}" - namespace: "{{ app_namespace }}" - register: pathfinder_database_secret_status - - - when: (pathfinder_database_secret_status.resources | length) == 0 - block: - - name: "Generate random values for PathFinder PostgreSQL username and password" - set_fact: - pathfinder_database_db_username: "user-{{ lookup('password', '/dev/null chars=ascii_lowercase,ascii_uppercase,digits length=4') }}" - pathfinder_database_db_password: "{{ lookup('password', '/dev/null chars=ascii_lowercase,ascii_uppercase,digits length=16') }}" - - - name: "Encode PathFinder PostgreSQL username and password" - set_fact: - pathfinder_database_db_username_b64: "{{ pathfinder_database_db_username | b64encode }}" - pathfinder_database_db_password_b64: "{{ pathfinder_database_db_password | b64encode }}" - - - name: "Setup PathFinder PostgreSQL Secret" - k8s: - state: present - definition: "{{ lookup('template', 'secret-pathfinder-postgresql.yml.j2') }}" - - - name: "Setup PathFinder PostgreSQL Service" - k8s: - state: present - definition: "{{ lookup('template', 'service-pathfinder-postgresql.yml.j2') }}" - - - name: "Setup PathFinder PostgreSQL Deployment" - k8s: - state: present - definition: "{{ lookup('template', 'deployment-pathfinder-postgresql.yml.j2') }}" - - - name: "Check status of PathFinder PostgreSQL" - kubernetes.core.k8s_info: - api_version: v1 - kind: Pod - namespace: "{{ app_namespace }}" - label_selectors: - - app.kubernetes.io/name = {{ pathfinder_database_service_name }} - wait: true - wait_condition: - type: "Ready" - status: "True" - wait_timeout: 240 - - - name: "Setup PathFinder Service" - k8s: - state: present - definition: "{{ lookup('template', 'service-pathfinder.yml.j2') }}" - - - name: "Setup PathFinder Deployment" - k8s: - state: present - definition: "{{ lookup('template', 'deployment-pathfinder.yml.j2') }}" - - name: "Setup Hub API Database PersistentVolumeClaim" k8s: state: present @@ -392,7 +326,6 @@ state: present definition: "{{ lookup('template', 'secret-hub.yml.j2') }}" - - name: "Look up Keycloak DB Secret for Hashing" set_fact: keycloak_db_secret: @@ -519,3 +452,112 @@ when: - hub_metrics_enabled|bool - openshift_cluster|bool + +- name: "Check if pathfinder exists" + kubernetes.core.k8s_info: + api_version: v1 + kind: Pod + namespace: "{{ app_namespace }}" + label_selectors: + - app.kubernetes.io/name = {{ app_name }}-{{ pathfinder_component_name }} + register: pathfinder_pod + +- when: + - (pathfinder_pod.resources | length) > 0 + block: + - name: "Wait for Pathfinder to be Ready" + kubernetes.core.k8s_info: + api_version: v1 + kind: Pod + namespace: "{{ app_namespace }}" + label_selectors: + - app.kubernetes.io/name = {{ app_name }}-{{ pathfinder_component_name }} + wait: true + wait_condition: + type: "Ready" + status: "True" + wait_timeout: 240 + + - name: "Wait for the Hub to be Ready" + kubernetes.core.k8s_info: + api_version: v1 + kind: Pod + namespace: "{{ app_namespace }}" + label_selectors: + - app.kubernetes.io/name = {{ app_name }}-{{ hub_component_name }} + wait: true + wait_condition: + type: "Ready" + status: "True" + wait_timeout: 240 + + - name: Retrieve Hub Secret + kubernetes.core.k8s_info: + api_version: v1 + kind: Secret + name: "{{ hub_secret_name }}" + namespace: "{{ app_namespace }}" + register: hub_secret + + - name: Set Hub key + set_fact: + hub_key: "{{ hub_secret.resources[0].data.addon_token | b64decode }}" + + - name: Migrate assessments + shell: | + /usr/local/bin/migrate-pathfinder-assessments.py \ + -p http://{{ pathfinder_service_name }}:8080/pathfinder \ + -b http://{{ hub_service_name }}:8080 \ + -t $(/usr/local/bin/jwt.sh {{ hub_key }}) + changed_when: false + + - name: "Remove Pathfinder PostgreSQL Secret" + k8s: + state: absent + api_version: v1 + kind: Secret + name: "{{ pathfinder_database_secret_name }}" + namespace: "{{ app_namespace }}" + + - name: "Remove Pathfinder PostgreSQL Service" + k8s: + state: absent + api_version: v1 + kind: Service + name: "{{ pathfinder_database_service_name }}" + namespace: "{{ app_namespace }}" + + - name: "Remove Pathfinder PostgreSQL Deployment" + k8s: + state: absent + api_version: apps/v1 + kind: Deployment + name: "{{ pathfinder_database_deployment_name }}" + namespace: "{{ app_namespace }}" + + - name: "Remove Pathfinder Service" + k8s: + state: absent + api_version: v1 + kind: Service + name: "{{ pathfinder_service_name }}" + namespace: "{{ app_namespace }}" + + - name: "Remove Pathfinder Deployment" + k8s: + state: absent + api_version: apps/v1 + kind: Deployment + name: "{{ pathfinder_deployment_name }}" + namespace: "{{ app_namespace }}" + +- name: "Remove Pathfinder PostgreSQL Volume" + k8s: + state: absent + api_version: v1 + kind: PersistentVolumeClaim + name: "{{ pathfinder_database_data_volume_claim_name }}" + namespace: "{{ app_namespace }}" + when: + - (pathfinder_delete_db_volume|bool) + - (pathfinder_pod.resources|length) == 0 diff --git a/roles/tackle/templates/deployment-hub.yml.j2 b/roles/tackle/templates/deployment-hub.yml.j2 index f39e190..8ad49dd 100644 --- a/roles/tackle/templates/deployment-hub.yml.j2 +++ b/roles/tackle/templates/deployment-hub.yml.j2 @@ -18,7 +18,6 @@ metadata: { "apiVersion": "apps/v1", "kind": "StatefulSet", "name": "keycloak" }, {% endif %} {% endif %} - { "apiVersion": "apps/v1", "kind": "Deployment", "name": "{{ pathfinder_deployment_name }}" } ] spec: replicas: {{ hub_deployment_replicas }} @@ -106,8 +105,6 @@ spec: - name: AUTH_REQUIRED value: "false" {% endif %} - - name: PATHFINDER_URL - value: "{{ pathfinder_url }}" {% if feature_auth_required|bool and feature_auth_type == "keycloak" %} - name: KEYCLOAK_REALM value: "{{ keycloak_sso_realm }}" diff --git a/roles/tackle/templates/deployment-pathfinder-postgresql.yml.j2 b/roles/tackle/templates/deployment-pathfinder-postgresql.yml.j2 deleted file mode 100644 index d3c3cd2..0000000 --- a/roles/tackle/templates/deployment-pathfinder-postgresql.yml.j2 +++ /dev/null @@ -1,93 +0,0 @@ ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ pathfinder_database_deployment_name }} - namespace: {{ app_namespace }} - labels: - app.kubernetes.io/name: {{ pathfinder_database_service_name }} - app.kubernetes.io/component: {{ pathfinder_database_component_name }} - app.kubernetes.io/part-of: {{ app_name }} -spec: - replicas: {{ pathfinder_database_deployment_replicas }} - selector: - matchLabels: - app.kubernetes.io/name: {{ pathfinder_database_service_name }} - app.kubernetes.io/component: {{ pathfinder_database_component_name }} - app.kubernetes.io/part-of: {{ app_name }} -{% if pathfinder_database_deployment_strategy == 'Recreate' %} - strategy: - type: {{ pathfinder_database_deployment_strategy }} -{% endif %} - template: - metadata: - labels: - app.kubernetes.io/name: {{ pathfinder_database_service_name }} - app.kubernetes.io/component: {{ pathfinder_database_component_name }} - app.kubernetes.io/part-of: {{ app_name }} - app: {{ app_name }} - role: {{ pathfinder_database_service_name }} - spec: - containers: - - name: {{ pathfinder_database_container_name }} - image: "{{ pathfinder_database_image_fqin }}" - imagePullPolicy: "{{ image_pull_policy }}" - env: - - name: POSTGRESQL_USER - valueFrom: - secretKeyRef: - name: {{ pathfinder_database_secret_name }} - key: database-user - - name: POSTGRESQL_PASSWORD - valueFrom: - secretKeyRef: - name: {{ pathfinder_database_secret_name }} - key: database-password - - name: POSTGRESQL_DATABASE - valueFrom: - secretKeyRef: - name: {{ pathfinder_database_secret_name }} - key: database-name - ports: - - containerPort: 5432 - protocol: TCP - resources: - limits: - cpu: {{ pathfinder_database_container_limits_cpu }} - memory: {{ pathfinder_database_container_limits_memory }} - requests: - cpu: {{ pathfinder_database_container_requests_cpu }} - memory: {{ pathfinder_database_container_requests_memory }} - livenessProbe: - exec: - command: - - /bin/sh - - '-c' - - 'psql -U $POSTGRESQL_USER -d $POSTGRESQL_DATABASE -c ''SELECT 1'' ' - initialDelaySeconds: 60 - timeoutSeconds: 10 - periodSeconds: 10 - successThreshold: 1 - failureThreshold: 3 - readinessProbe: - exec: - command: - - /bin/sh - - '-c' - - 'psql -U $POSTGRESQL_USER -d $POSTGRESQL_DATABASE -c ''SELECT 1'' ' - initialDelaySeconds: 5 - timeoutSeconds: 1 - periodSeconds: 10 - successThreshold: 1 - failureThreshold: 3 - volumeMounts: - - name: {{ pathfinder_database_data_volume_name }} - mountPath: {{ pathfinder_database_data_volume_path }} -{% if not openshift_cluster %} - securityContext: - fsGroup: 26 -{% endif %} - volumes: - - name: {{ pathfinder_database_data_volume_name }} - persistentVolumeClaim: - claimName: {{ pathfinder_database_data_volume_claim_name }} diff --git a/roles/tackle/templates/deployment-pathfinder.yml.j2 b/roles/tackle/templates/deployment-pathfinder.yml.j2 deleted file mode 100644 index da41b23..0000000 --- a/roles/tackle/templates/deployment-pathfinder.yml.j2 +++ /dev/null @@ -1,94 +0,0 @@ ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ pathfinder_deployment_name }} - namespace: {{ app_namespace }} - labels: - app.kubernetes.io/name: {{ pathfinder_service_name }} - app.kubernetes.io/component: {{ pathfinder_component_name }} - app.kubernetes.io/part-of: {{ app_name }} - annotations: - app.openshift.io/connects-to: >- - [ - { "apiVersion": "apps/v1", "kind": "Deployment", "name": "{{ pathfinder_database_deployment_name }}" } - ] - prometheus.io/path: /q/metrics - prometheus.io/port: "{{ pathfinder_port }}" - prometheus.io/scheme: "{{ pathfinder_proto }}" - prometheus.io/scrape: 'true' -spec: - replicas: {{ pathfinder_deployment_replicas }} - selector: - matchLabels: - app.kubernetes.io/name: {{ pathfinder_service_name }} - app.kubernetes.io/component: {{ pathfinder_component_name }} - app.kubernetes.io/part-of: {{ app_name }} - template: - metadata: - labels: - app.kubernetes.io/name: {{ pathfinder_service_name }} - app.kubernetes.io/component: {{ pathfinder_component_name }} - app.kubernetes.io/part-of: {{ app_name }} - app: {{ app_name }} - role: {{ pathfinder_service_name }} - annotations: - prometheus.io/path: /q/metrics - prometheus.io/port: "{{ pathfinder_port }}" - prometheus.io/scheme: "{{ pathfinder_proto }}" - prometheus.io/scrape: 'true' - spec: - containers: - - name: {{ pathfinder_container_name }} - image: "{{ pathfinder_image_fqin }}" - imagePullPolicy: "{{ image_pull_policy }}" - env: - - name: KUBERNETES_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: QUARKUS_DATASOURCE_JDBC_URL - value: jdbc:postgresql://{{ pathfinder_database_service_name }}:5432/{{ pathfinder_database_db_name }} - - name: QUARKUS_DATASOURCE_USERNAME - valueFrom: - secretKeyRef: - name: {{ pathfinder_database_secret_name }} - key: database-user - - name: QUARKUS_DATASOURCE_PASSWORD - valueFrom: - secretKeyRef: - name: {{ pathfinder_database_secret_name }} - key: database-password - - name: QUARKUS_PROFILE - value: noauth - ports: - - name: {{ pathfinder_proto }} - containerPort: {{ pathfinder_port }} - protocol: TCP - resources: - limits: - cpu: {{ pathfinder_container_limits_cpu }} - memory: {{ pathfinder_container_limits_memory }} - requests: - cpu: {{ pathfinder_container_requests_cpu }} - memory: {{ pathfinder_container_requests_memory }} - livenessProbe: - httpGet: - path: /pathfinder/q/health/live - port: {{ pathfinder_port }} - scheme: {{ pathfinder_proto|upper }} - initialDelaySeconds: 60 - timeoutSeconds: 10 - periodSeconds: 30 - successThreshold: 1 - failureThreshold: 3 - readinessProbe: - httpGet: - path: /pathfinder/q/health/ready - port: {{ pathfinder_port }} - scheme: {{ pathfinder_proto|upper }} - timeoutSeconds: 10 - periodSeconds: 30 - successThreshold: 1 - failureThreshold: 3 diff --git a/roles/tackle/templates/persistentvolumeclaim-pathfinder-postgresql.yml.j2 b/roles/tackle/templates/persistentvolumeclaim-pathfinder-postgresql.yml.j2 deleted file mode 100644 index 894dd8f..0000000 --- a/roles/tackle/templates/persistentvolumeclaim-pathfinder-postgresql.yml.j2 +++ /dev/null @@ -1,22 +0,0 @@ ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: {{ pathfinder_database_data_volume_claim_name }} - namespace: {{ app_namespace }} - labels: - app.kubernetes.io/name: {{ pathfinder_database_service_name }} - app.kubernetes.io/component: {{ pathfinder_database_component_name }} - app.kubernetes.io/part-of: {{ app_name }} - volume: {{ pathfinder_database_data_volume_name }} -spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: {{ pathfinder_database_data_volume_size }} -{% if rwo_storage_class is defined %} -{% if rwo_storage_class|length %} - storageClassName: {{ rwo_storage_class }} -{% endif %} -{% endif %} diff --git a/roles/tackle/templates/secret-pathfinder-postgresql.yml.j2 b/roles/tackle/templates/secret-pathfinder-postgresql.yml.j2 deleted file mode 100644 index 3518f9d..0000000 --- a/roles/tackle/templates/secret-pathfinder-postgresql.yml.j2 +++ /dev/null @@ -1,14 +0,0 @@ -kind: Secret -apiVersion: v1 -metadata: - labels: - app.kubernetes.io/name: {{ pathfinder_database_service_name }} - app.kubernetes.io/component: {{ pathfinder_database_component_name }} - app.kubernetes.io/part-of: {{ app_name }} - name: {{ pathfinder_database_secret_name }} - namespace: {{ app_namespace }} -type: Opaque -data: - database-name: {{ pathfinder_database_db_name_b64 }} - database-user: {{ pathfinder_database_db_username_b64 }} - database-password: {{ pathfinder_database_db_password_b64 }} diff --git a/roles/tackle/templates/service-pathfinder-postgresql.yml.j2 b/roles/tackle/templates/service-pathfinder-postgresql.yml.j2 deleted file mode 100644 index 4630e4b..0000000 --- a/roles/tackle/templates/service-pathfinder-postgresql.yml.j2 +++ /dev/null @@ -1,20 +0,0 @@ ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/name: {{ pathfinder_database_service_name }} - app.kubernetes.io/component: {{ pathfinder_database_component_name }} - app.kubernetes.io/part-of: {{ app_name }} - name: {{ pathfinder_database_service_name }} - namespace: {{ app_namespace }} -spec: - ports: - - name: postgres - port: 5432 - targetPort: 5432 - protocol: TCP - selector: - app.kubernetes.io/name: {{ pathfinder_database_service_name }} - app.kubernetes.io/component: {{ pathfinder_database_component_name }} - app.kubernetes.io/part-of: {{ app_name }} diff --git a/roles/tackle/templates/service-pathfinder.yml.j2 b/roles/tackle/templates/service-pathfinder.yml.j2 deleted file mode 100644 index e5a35ff..0000000 --- a/roles/tackle/templates/service-pathfinder.yml.j2 +++ /dev/null @@ -1,25 +0,0 @@ ---- -apiVersion: v1 -kind: Service -metadata: -{% if pathfinder_tls_enabled|bool and openshift_cluster|bool %} - annotations: - service.beta.openshift.io/serving-cert-secret-name: {{ pathfinder_tls_secret_name }} -{% endif %} - labels: - app.kubernetes.io/name: {{ pathfinder_service_name }} - app.kubernetes.io/component: {{ pathfinder_component_name }} - app.kubernetes.io/part-of: {{ app_name }} - name: {{ pathfinder_service_name }} - namespace: {{ app_namespace }} -spec: - ports: - - name: api - port: {{ pathfinder_port }} - targetPort: {{ pathfinder_port }} - protocol: TCP - selector: - app.kubernetes.io/name: {{ pathfinder_service_name }} - app.kubernetes.io/component: {{ pathfinder_component_name }} - app.kubernetes.io/part-of: {{ app_name }} - type: ClusterIP diff --git a/tools/templates/clusterserviceversion.yaml.j2 b/tools/templates/clusterserviceversion.yaml.j2 index 654f547..168bec1 100644 --- a/tools/templates/clusterserviceversion.yaml.j2 +++ b/tools/templates/clusterserviceversion.yaml.j2 @@ -86,7 +86,6 @@ spec: * Hub, to manage the application inventory and coordinate the migration process. * UI, the web console to manage the application inventory and drive the migration waves. - * Pathfinder, a service to manage the assessment questionnaires. * Keycloak, to manage authentication, including with 3rd-party providers. ### Documentation @@ -148,8 +147,6 @@ spec: value: quay.io/konveyor/tackle2-hub:{{ tag }} - name: RELATED_IMAGE_TACKLE_POSTGRES value: quay.io/centos7/postgresql-12-centos7:latest - - name: RELATED_IMAGE_PATHFINDER - value: quay.io/konveyor/tackle-pathfinder:1.3.1-native - name: RELATED_IMAGE_KEYCLOAK_SSO value: quay.io/keycloak/keycloak:18.0.2-legacy - name: RELATED_IMAGE_TACKLE_UI @@ -355,8 +352,6 @@ spec: image: quay.io/konveyor/tackle2-addon:{{ tag }} - name: addon-analyzer image: quay.io/konveyor/tackle2-addon-analyzer:{{ tag }} - - name: pathfinder - image: quay.io/konveyor/tackle-pathfinder:1.3.1-native - name: keycloak-sso image: quay.io/keycloak/keycloak:18.0.2-legacy - image: quay.io/konveyor/tackle-keycloak-init:{{ tag }} diff --git a/tools/upgrades/jwt.sh b/tools/upgrades/jwt.sh new file mode 100755 index 0000000..98e10e4 --- /dev/null +++ b/tools/upgrades/jwt.sh @@ -0,0 +1,28 @@ +#!/bin/bash +# +# Usage: jwt.sh +# +# scope - (string) space-separated scopes. (default: *:*). +# +key=$1 +scope="${2:-*:*}" +header='{"typ":"JWT","alg":"HS512"}' +payload="{\"user\":\"operator\",\"scope\":\"${scope}\"}" +headerStr=$(echo -n ${header} \ + | base64 -w 0 \ + | sed s/\+/-/g \ + | sed 's/\//_/g' \ + | sed -E s/=+$//) +payloadStr=$(echo -n ${payload} \ + | base64 -w 0 \ + | sed s/\+/-/g \ + | sed 's/\//_/g' \ + | sed -E s/=+$//) +signStr=$(echo -n "${headerStr}.${payloadStr}" \ + | openssl dgst -sha512 -hmac ${key} -binary \ + | base64 -w 0 \ + | sed s/\+/-/g \ + | sed 's/\//_/g' \ + | sed -E s/=+$//) +token="${headerStr}.${payloadStr}.${signStr}" +echo "${token}" diff --git a/tools/upgrades/migrate-pathfinder-assessments.py b/tools/upgrades/migrate-pathfinder-assessments.py index b42c201..b766cf8 100755 --- a/tools/upgrades/migrate-pathfinder-assessments.py +++ b/tools/upgrades/migrate-pathfinder-assessments.py @@ -82,6 +82,7 @@ def migrateAssessments(pathfinder_url, hub_base_url, token): continue # Prepare new Assessment + passmnt = apiJSON(pathfinder_url + "/assessments/%d" % passmnt['id'], token) assmnt = dict() assmnt['questionnaire'] = {"id": 1} # Default new Questionnaire "Pathfinder Legacy" assmnt['application'] = {"id": passmnt["applicationId"]}