Infinispan deployment (#426)

* Infinispan Deployment

Closes #417

Co-authored-by: Alexander Schwartz <[email protected]>

.github/actions/infinispan-create-deployment/action.yml

@@ -0,0 +1,28 @@
+name: Create Infinispan Deployment
+description: Create Infinispan Deployment for running OpenShift project
+
+inputs:
+  cluster1:
+    description: 'The first ROSA cluster'
+    required: true
+  namespace1:
+    description: 'The namespace to install Infinispan in the first ROSA cluster.'
+    required: true
+  cluster2:
+    description: 'The second ROSA cluster (optional)'
+  namespace2:
+    description: 'The namespace to install Infinispan in the second ROSA cluster.'
+
+
+runs:
+  using: "composite"
+  steps:
+    - id: install_infinispan
+      shell: bash
+      run: ./create_ispn_clusters.sh
+      working-directory: provision/infinispan
+      env:
+        CLUSTER_1: ${{ inputs.cluster1 }}
+        NS_1: ${{ inputs.namespace1 }}
+        CLUSTER_2: ${{ inputs.cluster2 }}
+        NS_2: ${{ inputs.namespace2 }}

.github/actions/infinispan-delete-deployment/action.yml

@@ -0,0 +1,28 @@
+name: Delete Infinispan Deployment
+description: Delete Infinispan Deployment for running OpenShift project
+
+inputs:
+  cluster1:
+    description: 'The first ROSA cluster'
+    required: true
+  namespace1:
+    description: 'The namespace to install Infinispan in the first ROSA cluster.'
+    required: true
+  cluster2:
+    description: 'The second ROSA cluster (optional)'
+  namespace2:
+    description: 'The namespace to install Infinispan in the second ROSA cluster.'
+
+
+runs:
+  using: "composite"
+  steps:
+    - id: delete_infinispan
+      shell: bash
+      run: ./delete_ispn_clusters.sh
+      working-directory: provision/infinispan
+      env:
+        CLUSTER_1: ${{ inputs.cluster1 }}
+        NS_1: ${{ inputs.namespace1 }}
+        CLUSTER_2: ${{ inputs.cluster2 }}
+        NS_2: ${{ inputs.namespace2 }}

.github/workflows/infinispan-cross-site-mutiple-clusters.yml

@@ -0,0 +1,43 @@
+name: Infinispan - Cross-site in Two Clusters Deployment
+
+on:
+  workflow_dispatch:
+    inputs:
+      clusterName1:
+        description: 'Name of the first ROSA cluster'
+        type: string
+        required: true
+      namespace1:
+        description: 'Namespace to deploy Infinispan in the first ROSA cluster'
+        type: string
+        required: true
+      clusterName2:
+        description: 'Name of the second ROSA cluster'
+        type: string
+        required: true
+      namespace2:
+        description: 'Namespace to deploy Infinispan in the second ROSA cluster'
+        type: string
+        required: true
+
+jobs:
+  prepare:
+    name: Create Infinispan deployment
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+      - name: Setup ROSA CLI
+        uses: ./.github/actions/rosa-cli-setup
+        with:
+          aws-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-default-region: ${{ vars.AWS_DEFAULT_REGION }}
+          rosa-token: ${{ secrets.ROSA_TOKEN }}
+      - name: Create Infinispan deployment
+        uses: ./.github/actions/infinispan-create-deployment
+        with:
+          cluster1: ${{ inputs.clusterName1 }}
+          namespace1: ${{ inputs.namespace1 }}
+          cluster2: ${{ inputs.clusterName2 }}
+          namespace2: ${{ inputs.namespace2 }}

.github/workflows/infinispan-cross-site-single-cluster.yml

@@ -0,0 +1,38 @@
+name: Infinispan - Cross-site in Single Cluster Deployment
+
+on:
+  workflow_dispatch:
+    inputs:
+      clusterName:
+        description: 'Name of the ROSA cluster'
+        type: string
+        required: true
+      namespace1:
+        description: 'Namespace to deploy the first Infinispan clusters'
+        type: string
+        required: true
+      namespace2:
+        description: 'Namespace to deploy the second Infinispan cluster'
+        type: string
+        required: true
+
+jobs:
+  prepare:
+    name: Create Infinispan deployment
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+      - name: Setup ROSA CLI
+        uses: ./.github/actions/rosa-cli-setup
+        with:
+          aws-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-default-region: ${{ vars.AWS_DEFAULT_REGION }}
+          rosa-token: ${{ secrets.ROSA_TOKEN }}
+      - name: Create Infinispan deployment
+        uses: ./.github/actions/infinispan-create-deployment
+        with:
+          cluster1: ${{ inputs.clusterName }}
+          namespace1: ${{ inputs.namespace1 }}
+          namespace2: ${{ inputs.namespace2 }}

.github/workflows/infinispan-delete-deployment.yml

@@ -0,0 +1,43 @@
+name: Infinispan - Delete Deployment
+
+on:
+  workflow_dispatch:
+    inputs:
+      clusterName1:
+        description: 'Name of the first ROSA cluster'
+        type: string
+        required: true
+      namespace1:
+        description: 'Namespace to deploy Infinispan in the first ROSA cluster'
+        type: string
+        required: true
+      clusterName2:
+        description: 'Name of the second ROSA cluster'
+        type: string
+        required: false
+      namespace2:
+        description: 'Namespace to deploy Infinispan in the second ROSA cluster'
+        type: string
+        required: false
+
+jobs:
+  prepare:
+    name: Delete Infinispan deployment
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+      - name: Setup ROSA CLI
+        uses: ./.github/actions/rosa-cli-setup
+        with:
+          aws-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-default-region: ${{ vars.AWS_DEFAULT_REGION }}
+          rosa-token: ${{ secrets.ROSA_TOKEN }}
+      - name: Create Infinispan deployment
+        uses: ./.github/actions/infinispan-delete-deployment
+        with:
+          cluster1: ${{ inputs.clusterName1 }}
+          namespace1: ${{ inputs.namespace1 }}
+          cluster2: ${{ inputs.clusterName2 }}
+          namespace2: ${{ inputs.namespace2 }}

.github/workflows/infinispan-single-cluster.yml

@@ -0,0 +1,33 @@
+name: Infinispan - Single Cluster Deployment
+
+on:
+  workflow_dispatch:
+    inputs:
+      clusterName:
+        description: 'Name of the ROSA cluster'
+        type: string
+        required: true
+      namespace:
+        description: 'Namespace to deploy Infinispan'
+        type: string
+        required: true
+
+jobs:
+  prepare:
+    name: Create Infinispan deployment
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+      - name: Setup ROSA CLI
+        uses: ./.github/actions/rosa-cli-setup
+        with:
+          aws-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-default-region: ${{ vars.AWS_DEFAULT_REGION }}
+          rosa-token: ${{ secrets.ROSA_TOKEN }}
+      - name: Create Infinispan deployment
+        uses: ./.github/actions/infinispan-create-deployment
+        with:
+          cluster1: ${{ inputs.clusterName }}
+          namespace1: ${{ inputs.namespace }}

provision/common/Taskfile.yaml

@@ -22,6 +22,10 @@ vars:
   KC_METASPACE_INIT_MB: '{{default "96" .KC_METASPACE_INIT_MB}}'
   KC_METASPACE_MAX_MB: '{{default "256" .KC_METASPACE_MAX_MB}}'
   KC_CUSTOM_INFINISPAN_CONFIG: '{{default "true" .KC_CUSTOM_INFINISPAN_CONFIG}}'
+  KC_CUSTOM_INFINISPAN_CONFIG_FILE: '{{default "config/kcb-infinispan-cache-config.xml" .KC_CUSTOM_INFINISPAN_CONFIG_FILE}}'
+  KC_REMOTE_STORE: '{{default "false" .KC_REMOTE_STORE}}'
+  KC_REMOTE_STORE_HOST: '{{default "localhost" .KC_REMOTE_STORE_HOST}}'
+  KC_REMOTE_STORE_PORT: '{{default "11222" .KC_REMOTE_STORE_PORT}}'
   KC_DISABLE_STICKY_SESSION: '{{default "false" .KC_DISABLE_STICKY_SESSION}}'
 
 tasks:
@@ -64,6 +68,10 @@ tasks:
       - echo {{.KC_METASPACE_INIT_MB}} > .task/var-KC_METASPACE_INIT_MB
       - echo {{.KC_METASPACE_MAX_MB}} > .task/var-KC_METASPACE_MAX_MB
       - echo {{.KC_CUSTOM_INFINISPAN_CONFIG}} > .task/var-KC_CUSTOM_INFINISPAN_CONFIG
+      - echo {{.KC_CUSTOM_INFINISPAN_CONFIG_FILE}} > .task/var-KC_CUSTOM_INFINISPAN_CONFIG_FILE
+      - echo {{.KC_REMOTE_STORE}} > .task/var-KC_REMOTE_STORE
+      - echo {{.KC_REMOTE_STORE_HOST}} > .task/var-KC_REMOTE_STORE_HOST
+      - echo {{.KC_REMOTE_STORE_PORT}} > .task/var-KC_REMOTE_STORE_PORT
       - echo {{.KC_DISABLE_STICKY_SESSION}} > .task/var-KC_DISABLE_STICKY_SESSION
     run: once
     sources:
@@ -89,6 +97,10 @@ tasks:
       - test "{{.KC_METASPACE_INIT_MB}}" == "$(cat .task/var-KC_METASPACE_INIT_MB)"
       - test "{{.KC_METASPACE_MAX_MB}}" == "$(cat .task/var-KC_METASPACE_MAX_MB)"
       - test "{{.KC_CUSTOM_INFINISPAN_CONFIG}}" == "$(cat .task/var-KC_CUSTOM_INFINISPAN_CONFIG)"
+      - test "{{.KC_CUSTOM_INFINISPAN_CONFIG_FILE}}" == "$(cat .task/var-KC_CUSTOM_INFINISPAN_CONFIG_FILE)"
+      - test "{{.KC_REMOTE_STORE}}" == "$(cat .task/var-KC_REMOTE_STORE)"
+      - test "{{.KC_REMOTE_STORE_HOST}}" == "$(cat .task/var-KC_REMOTE_STORE_HOST)"
+      - test "{{.KC_REMOTE_STORE_PORT}}" == "$(cat .task/var-KC_REMOTE_STORE_PORT)"
       - test "{{.KC_DISABLE_STICKY_SESSION}}" == "$(cat .task/var-KC_DISABLE_STICKY_SESSION)"
 
   mvnw:

provision/infinispan/.gitignore

@@ -0,0 +1,2 @@
+kubecfg_1
+kubecfg_2

provision/infinispan/README.adoc

@@ -0,0 +1,89 @@
+= Infinispan Installer
+
+Deploy an Infinispan cluster (with or without cross-site) and configures the necessary caches for Keycloak.
+
+== Required variables
+
+* `CLUSTER_1`: The ROSA cluster name of site 1.
+* `CLUSTER_2`: The ROSA cluster name of site 2.
+* `NS_1`: The namespace to install Infinispan in site 1.
+* `NS_2`: The namespace to install Infinispan in site 2.
+
+== Optional variables:
+* `KUBECONFIG_1`: Path to `KUBECONFIG` to use for CLUSTER_1.
+* `KUBECONFIG_2`: Path to `KUBECONFIG` to use for CLUSTER_2.
+
+If file does not exist, rosa_oc_login will be invoked and the configuration stored in this path.
+
+== Infinispan cluster customization:
+
+* `XSITE_MODE`: The cross-site strategy, default to SYNC.
+* `ISPN_REPLICAS`: The number of Infinispan pods.
+
+== Operation Modes
+
+* CLUSTER_1 == CLUSTER_2 and NS_1 == NS_2 -> Single Infinispan cluster without cross-site.
+
+Example:
+[source, bash]
+----
+CLUSTER_1="gh-pruivo" CLUSTER_2="gh-pruivo" NS_1="ispn-server" NS_2="ispn-server" ./create_ispn_clusters.sh
+----
+
+* CLUSTER_1 == CLUSTER_2 and NS_1 != NS_2 -> Infinispan clusters with cross-site enabled in a single OCP cluster.
+Each namespace gets an Infinispan cluster, and they are linked together with cross-site.
+
+Example:
+[source, bash]
+----
+CLUSTER_1="gh-pruivo" CLUSTER_2="gh-pruivo" NS_1="server-site-1" NS_2="server-site-2" ./create_ispn_clusters.sh
+----
+
+* CLUSTER_1 != CLUSTER_2 -> Infinispan clusters with cross-site enabled in 2 different OCP clusters.
+The namespaces must be set and they can be the same or different namespaces.
+
+Example:
+[source, bash]
+----
+CLUSTER_1="gh-pruivo" CLUSTER_2="gh-keycloak" NS_1="ispn-server" NS_2="ispn-server" ./create_ispn_clusters.sh
+----
+
+[source, bash]
+----
+CLUSTER_1="gh-pruivo" CLUSTER_2="gh-keycloak" NS_1="server-site-1" NS_2="server-site-2" ./create_ispn_clusters.sh
+----
+
+== Provision Keycloak
+
+The Taskfile in `provistion/openshift` introduced 4 more variables:
+
+
+|===
+|Variable |Default |Details
+
+|`KC_CUSTOM_INFINISPAN_CONFIG_FILE`
+|`config/kcb-infinispan-cache-config.xml`
+|The path to the Infinispan configuration file to be used by Keycloak
+
+|`KC_ISPN_PORT`
+|`11222`
+|The Infinispan port. Should never be set if Infinispan is installed by this script.
+
+|`KC_ISPN_CLUSTER`
+|-
+|The Infinispan cluster name. If installed by this script, its value is infinispan
+
+|`KC_ISPN_NAMESPACE`
+|-
+|The namespace where the Infinispan cluster is installed.
+|===
+
+As an example, using a single Infinispan cluster, Infinispan and keycloak can be deployed using the
+following commands from this directory (assuming `.env` is properly configured to access the OCP cluster):
+
+[source, bash]
+----
+CLUSTER_1="gh-pruivo" CLUSTER_2="gh-pruivo" NS_1="ispn-server" NS_2="ispn-server" ./create_ispn_clusters.sh
+cd ../provistion/openshift
+go-task KC_CUSTOM_INFINISPAN_CONFIG_FILE=config/kcb-infinispan-cache-remote-store-config.xml KC_ISPN_CLUSTER=infinispan KC_ISPN_NAMESPACE=ispn-server
+----

provision/infinispan/commons.sh

@@ -0,0 +1,20 @@
+function error_and_exit() {
+    echo "Error: ${@:2}"
+    exit "${1}"
+}
+
+# required!
+[ -z "${CLUSTER_1}" ] && error_and_exit 1 "CLUSTER_1 is required. CLUSTER_1 is the name of the first ROSA cluster."
+[ -z "${NS_1}" ] && error_and_exit 3 "NS_1 is required. NS_1 is the namespace to install Infinispan in the first ROSA cluster"
+
+KUBECONFIG_1=${KUBECONFIG_1:-"./kubecfg_1"}
+KUBECONFIG_2=${KUBECONFIG_2:-"./kubecfg_2"}
+
+
+function rosa_oc_login() {
+    local kubecfg="${1}"
+    local cluster="${2}"
+
+    # if file exists, assume oc login is done
+    [ -f "${kubecfg}" ] || KUBECONFIG="${kubecfg}" CLUSTER_NAME="${cluster}" ${WD}/../aws/rosa_oc_login.sh
+}