OPSEXP-1862: add message broker support (#89)

charts/alfresco-repository/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 name: alfresco-repository
 description: Alfresco content repository Helm chart
 type: application
-version: 0.1.0-alpha.2
+version: 0.1.0-alpha.3
 appVersion: 23.1.0-A21
 dependencies:
   - name: alfresco-common

charts/alfresco-repository/README.md

@@ -1,6 +1,6 @@
 # alfresco-repository
 
-![Version: 0.1.0-alpha.2](https://img.shields.io/badge/Version-0.1.0--alpha.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 23.1.0-A21](https://img.shields.io/badge/AppVersion-23.1.0--A21-informational?style=flat-square)
+![Version: 0.1.0-alpha.3](https://img.shields.io/badge/Version-0.1.0--alpha.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 23.1.0-A21](https://img.shields.io/badge/AppVersion-23.1.0--A21-informational?style=flat-square)
 
 Alfresco content repository Helm chart
 
@@ -18,6 +18,14 @@ Alfresco content repository Helm chart
 | affinity | object | `{}` |  |
 | args | list | `[]` |  |
 | command | list | `[]` |  |
+| configuration.messageBroker.existingConfigMap.keys.url | string | `"BROKER_URL"` | Key within the configmap  holding the message broker URL. It MUST be a failover URL as per the spec below: https://activemq.apache.org/failover-transport-reference.html |
+| configuration.messageBroker.existingConfigMap.name | string | `nil` | Name of a pre-existing configmap containing the meesage broker URL |
+| configuration.messageBroker.existingSecret.keys.password | string | `"BROKER_PASSWORD"` | Key within the secret holding the message broker password |
+| configuration.messageBroker.existingSecret.keys.username | string | `"BROKER_USERNAME"` | Key within the secret holding the message broker username |
+| configuration.messageBroker.existingSecret.name | string | `nil` | Name of a pre-existing secret containing message broker credentials |
+| configuration.messageBroker.password | string | `nil` | Password to authenticate to the message broker |
+| configuration.messageBroker.url | string | `nil` | Message Broker URL |
+| configuration.messageBroker.username | string | `nil` | Username to authenticate to the message broker |
 | configuration.repository.existingConfigMap | string | `nil` | a configmap containing the "alfresco-global.properties" key populated with actual Alfresco repository properties |
 | configuration.repository.existingSecrets | list | `[{"key":"license.lic","name":"repository-secrets","purpose":"acs-license"}]` | A list of secrets to make available to the repo as env vars. It's also used to pass the Alfresco license which will be mounted as a file when the secret as the `purpose` value set to `acs-license`. Other secrets will be used as env variables. |
 | db.driver | string | `nil` | JDBC driver class of the driver if none is provided the it is guessed from the URL provided |
@@ -28,8 +36,7 @@ Alfresco content repository Helm chart
 | db.password | string | `nil` | Password to authentication to the repository database |
 | db.url | string | `nil` | JDBC url of the database WITHOUT the "jdbc:" prefix This is a mandatory parameter |
 | db.username | string | `nil` | Username to authentication to the repository database |
-| environment.ALFRESCO_OPTS | string | `nil` | Alfresco java system properties. These properties must be provided as a string following the pattern "-Dproperty=value". They override the content of the global properties file but you should prefer using an existing configuration.repository.existingConfigMap. |
-| environment.CATALINA_OPTS | string | `nil` | Apache Tomcat command line options |
+| environment.CATALINA_OPTS | string | `nil` | Java or Tomcat system properties. These properties must be provided as a single string following the pattern "-Dproperty=value -Dmoreprop=morevalue". They override the content of the global properties file but you should prefer providing configuration.repository.existingConfigMap. |
 | environment.JAVA_OPTS | string | `"-XX:MaxRAMPercentage=80"` | Set JVM options |
 | extraInitContainers | list | `[]` |  |
 | extraSideContainers | list | `[]` |  |

charts/alfresco-repository/ci/default-values.yaml

@@ -2,6 +2,9 @@ db:
   url: postgresql://pg-postgresql-acs/alfresco
   username: &pguser pguser
   password: &pgpass pgpass
+configuration:
+  messageBroker:
+    url: failover:(tcp://localhost:61616)
 postgresql:
   enabled: true
   fullnameOverride: pg-postgresql-acs

charts/alfresco-repository/templates/configmap-message-broker.yaml

@@ -0,0 +1,17 @@
+{{- if not .Values.configuration.messageBroker.existingConfigMap.name }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: >-
+    {{- $mqconfigCtx := dict "Values" (dict "nameOverride" "configmap-mq") "Chart" .Chart "Release" .Release }}
+    {{ template "alfresco-repository.fullname" $mqconfigCtx }}
+  labels:
+    {{- include "alfresco-repository.labels" . | nindent 4 }}
+data:
+  BROKER_URL: >-
+    {{- with .Values.configuration.messageBroker }}
+      {{- $reqmsg := "You must either provide a valid Message broker URL or use an existingConfigMap.name with that URL" }}
+      {{- $mqurl := required $reqmsg .url }}
+      {{- hasPrefix "failover:(" $mqurl | ternary $mqurl (printf "failover:(%s)" $mqurl) | nindent 4 }}
+    {{- end }}
+{{- end }}

charts/alfresco-repository/templates/configmap.yaml

@@ -2,12 +2,12 @@ apiVersion: v1
 kind: ConfigMap
 metadata:
   name: >-
-    {{- $alfoptsCtx := dict "Values" (dict "nameOverride" "alfresco-opts") "Chart" .Chart "Release" .Release }}
-    {{ template "alfresco-repository.fullname" $alfoptsCtx }}
+    {{- $optsCtx := dict "Values" (dict "nameOverride" "alfresco-opts") "Chart" .Chart "Release" .Release }}
+    {{ template "alfresco-repository.fullname" $optsCtx }}
   labels:
     {{- include "alfresco-repository.labels" . | nindent 4 }}
 data:
-  ALFRESCO_OPTS: >-
+  CATALINA_OPTS: >-
     -Ddeployment.method=HELM_CHART
     -Ddb.url=jdbc:{{ .Values.db.url }}
     -Ddb.username=${DATABASE_USERNAME}
@@ -21,9 +21,9 @@ data:
     -Dmetadata-keystore.metadata.algorithm=DESede
     -Dmetadata-keystore.password=mp6yc0UD9e
     -Dmetadata-keystore.metadata.password=oKIWzVdEdA
-    {{ .Values.environment.ALFRESCO_OPTS | default "" }}
-  CATALINA_OPTS: >-
-    $ALFRESCO_OPTS
+    -Dmessaging.broker.url="$BROKER_URL"
+    -Dmessaging.broker.username="$BROKER_USERNAME"
+    -Dmessaging.broker.password="$BROKER_PASSWORD"
     {{ .Values.environment.CATALINA_OPTS | default "" }}
   JAVA_OPTS: >-
     {{ .Values.environment.JAVA_OPTS | default "" }}

charts/alfresco-repository/templates/deployment.yaml

@@ -48,12 +48,12 @@ spec:
           {{- include "component-security-context" .Values | indent 8 }}
           image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
           imagePullPolicy: {{ .Values.image.pullPolicy }}
-          envFrom:
-            - configMapRef:
-                {{- $alfoptsCtx := dict "Values" (dict "nameOverride" "alfresco-opts") "Chart" .Chart "Release" .Release }}
-                name: {{ template "alfresco-repository.fullname" $alfoptsCtx }}
           {{- $dbsecretCtx := dict "Values" (dict "nameOverride" "secret-database") "Chart" .Chart "Release" .Release }}
           {{- $dbsecret := coalesce .Values.db.existingSecret.name (include "alfresco-repository.fullname" $dbsecretCtx) }}
+          {{- $mqsecretCtx := dict "Values" (dict "nameOverride" "secret-mq") "Chart" .Chart "Release" .Release }}
+          {{- $mqsecret := coalesce .Values.configuration.messageBroker.existingSecret.name (include "alfresco-repository.fullname" $mqsecretCtx) }}
+          {{- $mqconfigCtx := dict "Values" (dict "nameOverride" "configmap-mq") "Chart" .Chart "Release" .Release }}
+          {{- $mqconfig := coalesce .Values.configuration.messageBroker.existingConfigMap.name (include "alfresco-repository.fullname" $mqconfigCtx) }}
           env:
             - name: DATABASE_USERNAME
               valueFrom:
@@ -72,6 +72,27 @@ spec:
              {{- list $repoSecretsEnv | toYaml | nindent 12 }}
            {{- end }}
           {{- end }}
+            - name: BROKER_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  name: {{ $mqsecret }}
+                  key: {{ .Values.configuration.messageBroker.existingSecret.keys.username }}
+                  optional: true
+            - name: BROKER_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: {{ $mqsecret }}
+                  key: {{ .Values.configuration.messageBroker.existingSecret.keys.password }}
+                  optional: true
+            - name: BROKER_URL
+              valueFrom:
+                configMapKeyRef:
+                  name: {{ $mqconfig }}
+                  key: {{ .Values.configuration.messageBroker.existingConfigMap.keys.url }}
+          {{- $optsCtx := dict "Values" (dict "nameOverride" "alfresco-opts") "Chart" .Chart "Release" .Release }}
+          envFrom:
+            - configMapRef:
+                name: {{ template "alfresco-repository.fullname" $optsCtx }}
           {{- if .Values.command }}
           command:
             {{- toYaml .Values.command | nindent 12 }}
@@ -110,6 +131,9 @@ spec:
             {{- if .Values.extraVolumeMounts }}
             {{- tpl (.Values.extraVolumeMounts | toYaml) . | nindent 12 }}
             {{- end }}
+        {{- range .Values.extraSideContainers }}
+          {{ tpl (toYaml (list .)) $ | nindent 8 }}
+        {{- end }}
       volumes:
         {{- include "data_volume" .Values | nindent 8 }}
         {{- if .Values.configuration.repository.existingConfigMap }}

charts/alfresco-repository/templates/secret-message-broker.yaml

@@ -0,0 +1,13 @@
+{{- if and (not .Values.configuration.messageBroker.existingSecret.name) .Values.configuration.messageBroker.username .Values.configuration.messageBroker.password }}
+apiVersion: v1
+kind: Secret
+metadata:
+  {{- $mqsecretCtx := dict "Values" (dict "nameOverride" "secret-mq") "Chart" .Chart "Release" .Release }}
+  name: {{ template "alfresco-repository.fullname" $mqsecretCtx }}
+  labels:
+    {{- include "alfresco-repository.labels" . | nindent 4 }}
+type: Opaque
+data:
+  BROKER_USERNAME: {{ .Values.configuration.messageBroker.username | b64enc | quote }}
+  BROKER_PASSWORD: {{ .Values.configuration.messageBroker.password | b64enc | quote }}
+{{- end }}

charts/alfresco-repository/tests/configmap_test.yaml

@@ -12,33 +12,29 @@ tests:
           value: RELEASE-NAME-alfresco-opts
         template: configmap.yaml
       - matchRegex:
-          path: data.ALFRESCO_OPTS
+          path: data.CATALINA_OPTS
           pattern: |-
             (^\s*|[^\s]\s+)-Ddeployment.method=HELM_CHART($|\s)
       - matchRegex:
           path: data.CATALINA_OPTS
-          pattern: ^\$ALFRESCO_OPTS
-      - matchRegex:
-          path: data.ALFRESCO_OPTS
           pattern: |-
             (^\s*|[^\s]\s+)-Ddb.username=\${DATABASE_USERNAME}($|\s)
       - matchRegex:
-          path: data.ALFRESCO_OPTS
+          path: data.CATALINA_OPTS
           pattern: |-
             (^\s*|[^\s]\s+)-Ddb.password=\${DATABASE_PASSWORD}($|\s)
 
   - it: should render environment vars
     set:
       environment:
-        ALFRESCO_OPTS: >-
-          -Dserver.allowWrite=false
         CATALINA_OPTS: >-
+          -Dserver.allowWrite=false
           -Dcatalina.base="/opt/tomcat/alternate"
         JAVA_OPTS: >-
           -Xmx32G
     asserts:
       - matchRegex:
-          path: data.ALFRESCO_OPTS
+          path: data.CATALINA_OPTS
           pattern: |-
             (^\s*|[^\s]\s+)-Dserver.allowWrite=false($|\s)
       - matchRegex:
@@ -53,11 +49,11 @@ tests:
   - it: should render MySQL properties
     asserts:
       - matchRegex:
-          path: data.ALFRESCO_OPTS
+          path: data.CATALINA_OPTS
           pattern: |-
             (^\s*|[^\s]\s+)-Ddb.url=jdbc:mysql://sandy:secret@myhost1:1111($|\s)
       - matchRegex:
-          path: data.ALFRESCO_OPTS
+          path: data.CATALINA_OPTS
           pattern: |-
             (^\s*|[^\s]\s+)-Ddb.driver=com.mysql.jdbc.Driver($|\s)
 
@@ -67,11 +63,11 @@ tests:
         url: postgresql://pghost/alfdb
     asserts:
       - matchRegex:
-          path: data.ALFRESCO_OPTS
+          path: data.CATALINA_OPTS
           pattern: |-
             (^\s*|[^\s]\s+)-Ddb.url=jdbc:postgresql://pghost/alfdb($|\s)
       - matchRegex:
-          path: data.ALFRESCO_OPTS
+          path: data.CATALINA_OPTS
           pattern: |-
             (^\s*|[^\s]\s+)-Ddb.driver=org.postgresql.Driver($|\s)
 
@@ -81,11 +77,11 @@ tests:
         url: sqlserver://sqlservrhost;databaseName=alfdb;lockTimeout=1000;
     asserts:
       - matchRegex:
-          path: data.ALFRESCO_OPTS
+          path: data.CATALINA_OPTS
           pattern: |-
             (^\s*|[^\s]\s+)-Ddb.url=jdbc:sqlserver://sqlservrhost;databaseName=alfdb;lockTimeout=1000;($|\s)
       - matchRegex:
-          path: data.ALFRESCO_OPTS
+          path: data.CATALINA_OPTS
           pattern: |-
             (^\s*|[^\s]\s+)-Ddb.driver=com.microsoft.sqlserver.jdbc.SQLServerDriver($|\s)
 
@@ -95,11 +91,11 @@ tests:
         url: oracle:thin:@tcp://mydbhost:1521/mydbservice
     asserts:
       - matchRegex:
-          path: data.ALFRESCO_OPTS
+          path: data.CATALINA_OPTS
           pattern: |-
             (^\s*|[^\s]\s+)-Ddb.url=jdbc:oracle:thin:@tcp://mydbhost:1521/mydbservice($|\s)
       - matchRegex:
-          path: data.ALFRESCO_OPTS
+          path: data.CATALINA_OPTS
           pattern: |-
             (^\s*|[^\s]\s+)-Ddb.driver=oracle.jdbc.OracleDriver($|\s)
 

charts/alfresco-repository/tests/message-broker_test.yaml

@@ -0,0 +1,53 @@
+---
+suite: test Message Queue Broker
+templates:
+  - secret-message-broker.yaml
+  - deployment.yaml
+  - configmap-message-broker.yaml
+tests:
+  - it: should render ActiveMQ minimal config
+    values: &testvalues
+      - values/test_values.yaml
+    asserts:
+      - contains:
+          path: spec.template.spec.containers[0].env
+          content:
+            name: BROKER_URL
+            valueFrom:
+              configMapKeyRef:
+                name: RELEASE-NAME-configmap-mq
+                key: BROKER_URL
+        template: deployment.yaml
+      - equal:
+          path: data.BROKER_URL
+          value: failover:(tcp://localhost:61616)
+        template: configmap-message-broker.yaml
+
+  - it: should render custom secret
+    values:
+      - values/test_values.yaml
+    set:
+      configuration:
+        messageBroker:
+          existingSecret:
+            name: mqSecret
+            keys:
+              username: mquser
+              password: mqpass
+          existingConfigMap:
+            name: mqConfigmap
+            keys:
+              url: myurl
+    asserts:
+      - contains:
+          path: spec.template.spec.containers[0].env
+          content:
+            name: BROKER_URL
+            valueFrom:
+              configMapKeyRef:
+                name: mqConfigmap
+                key: myurl
+        template: deployment.yaml
+      - hasDocuments:
+          count: 0
+        template: secret-message-broker.yaml

charts/alfresco-repository/tests/values/test_values.yaml

@@ -1,2 +1,5 @@
 db:
   url: mysql://sandy:secret@myhost1:1111
+configuration:
+  messageBroker:
+    url: failover:(tcp://localhost:61616)

charts/alfresco-repository/values.yaml

@@ -51,14 +51,35 @@ configuration:
       - name: repository-secrets
         key: license.lic
         purpose: acs-license
+  messageBroker:
+    # -- Message Broker URL
+    url: null
+    # -- Username to authenticate to the message broker
+    username: null
+    # -- Password to authenticate to the message broker
+    password: null
+    existingSecret:
+      # -- Name of a pre-existing secret containing message broker credentials
+      name: null
+      keys:
+        # -- Key within the secret holding the message broker username
+        username: BROKER_USERNAME
+        # -- Key within the secret holding the message broker password
+        password: BROKER_PASSWORD
+    existingConfigMap:
+      # -- Name of a pre-existing configmap containing the meesage broker URL
+      name: null
+      keys:
+        # -- Key within the configmap  holding the message broker URL. It MUST
+        # be a failover URL as per the spec below:
+        # https://activemq.apache.org/failover-transport-reference.html
+        url: BROKER_URL
 
 environment:
-  # -- Alfresco java system properties. These properties must be provided as a
-  # string following the pattern "-Dproperty=value". They override the content
-  # of the global properties file but you should prefer using an existing
-  # configuration.repository.existingConfigMap.
-  ALFRESCO_OPTS: null
-  # -- Apache Tomcat command line options
+  # -- Java or Tomcat system properties. These properties must be provided as a
+  # single string following the pattern "-Dproperty=value -Dmoreprop=morevalue".
+  # They override the content of the global properties file but you should
+  # prefer providing configuration.repository.existingConfigMap.
   CATALINA_OPTS: null
   # -- Set JVM options
   JAVA_OPTS: >-