Docs: verify Infinispan deployment (#572)

keycloak · Oct 23, 2023 · d2cf2b4 · d2cf2b4
1 parent fbc00ef
commit d2cf2b4
Show file tree

Hide file tree

Showing 4 changed files with 89 additions and 38 deletions.
diff --git a/doc/kubernetes/modules/ROOT/pages/running/infinispan-crossdc-deployment.adoc b/doc/kubernetes/modules/ROOT/pages/running/infinispan-crossdc-deployment.adoc
@@ -1,13 +1,7 @@
 = Infinispan Deployment: Multiple Clusters
 :description: This describes how to deploy Infinispan with cross-site enabled.
-:site-a: Site-A
-:site-b: Site-B
-:ocp: OpenShift
-:operator-docs: https://infinispan.org/docs/infinispan-operator/main/operator.html
-:xsite-docs: https://infinispan.org/docs/stable/titles/xsite/xsite.html
-:ispn: Infinispan
-:ispn-operator: Infinispan Operator
-:kc: Keycloak
+
+include::partial$running/infinispan-attributes.adoc[]
 
 {description}
 
@@ -42,35 +36,35 @@ For more details check {operator-docs}#managed-cross-site-connections_cross-site
 .. First, create the service account and generate an access token in both {ocp} clusters.
 +
 .Create the service account in `{site-a}`
-[source,bash]
+[source,bash,subs="+attributes"]
 ----
-oc create sa -n ispn-namespace xsite-sa
-oc policy add-role-to-user view -n ispn-namespace -z xsite-sa
-oc create token -n ispn-namespace xsite-sa > site-a-token.txt
+oc create sa -n {ns} {sa}
+oc policy add-role-to-user view -n {ns} -z {sa}
+oc create token -n {ns} {sa} > {site-a}-token.txt
 ----
 +
 .Create the service account in `{site-b}`
-[source,bash]
+[source,bash,subs="+attributes"]
 ----
-oc create sa -n ispn-namespace xsite-sa
-oc policy add-role-to-user view -n ispn-namespace -z xsite-sa
-oc create token -n ispn-namespace xsite-sa > site-b-token.txt
+oc create sa -n {ns} {sa}
+oc policy add-role-to-user view -n {ns} -z {sa}
+oc create token -n {ns} {sa} > {site-b}-token.txt
 ----
 +
 .. The next step is to deploy the token from `{site-a}` into `{site-b}` and vice-versa
 +
 .Deploy `{site-b}` token into `{site-a}`
-[source,bash]
+[source,bash,subs="+attributes"]
 ----
-oc create secret generic -n ispn-namespace xsite-token-secret \
-  --from-literal=token="$(cat site-b-token.txt)"
+oc create secret generic -n {ns} {sa-secret} \
+  --from-literal=token="$(cat {site-b}-token.txt)"
 ----
 +
 .Deploy `{site-a}` token into `{site-b}`
-[source,bash]
+[source,bash,subs="+attributes"]
 ----
-oc create secret generic -n ispn-namespace xsite-token-secret \
-  --from-literal=token="$(cat site-a-token.txt)"
+oc create secret generic -n {ns} {sa-secret} \
+  --from-literal=token="$(cat {site-a}-token.txt)"
 ----
 
 . Create TLS secrets
@@ -88,9 +82,9 @@ How to create the certificates and the stores are out of the scope of this guide
 To upload the Keystore as a Secret, use the following command:
 +
 .Deploy a Keystore
-[source,bash]
+[source,bash,subs="+attributes"]
 ----
-oc -n ispn-namespace create secret generic xsite-keystore-secret \
+oc -n {ns} create secret generic {ks-secret} \
   --from-file=keystore.p12="./certs/keystore.p12" \ # <1>
   --from-literal=password=secret \ #<2>
   --from-literal=type=pkcs12 #<3>
@@ -102,9 +96,9 @@ oc -n ispn-namespace create secret generic xsite-keystore-secret \
 To upload the Truststore as a Secret, use the following command:
 +
 .Deploy a Truststore
-[source,bash]
+[source,bash,subs="+attributes"]
 ----
-oc -n ispn-namespace create secret generic xsite-truststore-secret \
+oc -n {ns} create secret generic {ts-secret} \
         --from-file=truststore.p12="./certs/truststore.p12" \  # <1>
         --from-literal=password=caSecret \  # <2>
         --from-literal=type=pkcs12  # <3>
@@ -179,3 +173,20 @@ For `{site-b}`, the Cache CR is similar except in point 2.
 ----
 include::example$helm/ispn-site-b.yaml[tag=infinispan-cache-sessions]
 ----
+
+== Verifying the deployment
+
+Confirm that the {ispn} cluster is formed and the cross-site connection is established between the {ocp} clusters.
+
+
+.Wait until the {ispn} cluster is formed
+[source,bash,subs="+attributes"]
+----
+oc wait --for condition=WellFormed --timeout=300s infinispans.infinispan.org -n {ns} {cluster-name}
+----
+
+.Wait until the {ispn} cross-site connection is established
+[source,bash,subs="+attributes"]
+----
+oc wait --for condition=CrossSiteViewFormed --timeout=300s infinispans.infinispan.org -n {ns} {cluster-name}
+----
diff --git a/doc/kubernetes/modules/ROOT/pages/running/infinispan-deployment.adoc b/doc/kubernetes/modules/ROOT/pages/running/infinispan-deployment.adoc
@@ -1,13 +1,14 @@
 = Infinispan Deployment: Single Cluster
 :description: This describes the Infinispan deployment in a single cluster environment.
-:operator-docs: https://infinispan.org/docs/infinispan-operator/main/operator.html
+
+include::partial$running/infinispan-attributes.adoc[]
 
 {description}
 
 == Audience
 
-This guide describes the procedure required to deploy Infinispan in a single cluster environment.
-For simplicity, this guide uses the minimum configuration possible that allows Keycloak to be used with an external infinispan.
+This guide describes the procedure required to deploy {ispn} in a single cluster environment.
+For simplicity, this guide uses the minimum configuration possible that allows {kc} to be used with an external {ispn}.
 
 See xref:running/index.adoc[] for additional guides.
 
@@ -20,11 +21,11 @@ include::partial$/running/infinispan-prerequisites.adoc[]
 include::partial$/running/infinispan-install-operator.adoc[]
 include::partial$/running/infinispan-credentials.adoc[]
 
-. Create an Infinispan cluster.
+. Create an {ispn} cluster.
 +
-The {operator-docs}#creating-clusters[Creating Infinispan clusters] documentation provides all the information on how to create and configure your Infinispan cluster.
+The {operator-docs}#creating-clusters[Creating {ispn} clusters] documentation provides all the information on how to create and configure your {ispn} cluster.
 +
-.Infinispan CR
+.{ispn} CR
 [source,yaml]
 ----
 include::example$helm/ispn-single.yaml[tag=infinispan-single]
@@ -33,11 +34,11 @@ include::example$helm/ispn-single.yaml[tag=infinispan-single]
 <2> Allows the cluster to be monitored by Prometheus
 <3> If using a custom credential, configure here the secret name created in the previous step.
 
-. Create the caches for Keycloak.
+. Create the caches for {kc}.
 +
-Keycloak requires the following caches to be present: `sessions`, `actionTokens`, `authenticationSessions`, `offlineSessions`, `clientSessions`, `offlineClientSessions`, `loginFailures`, and `work`.
+{kc} requires the following caches to be present: `sessions`, `actionTokens`, `authenticationSessions`, `offlineSessions`, `clientSessions`, `offlineClientSessions`, `loginFailures`, and `work`.
 +
-Use the {operator-docs}#creating-caches[Infinispan Cache CR] to deploy the caches in the Infinispan cluster.
+Use the {operator-docs}#creating-caches[{ispn} Cache CR] to deploy the caches in the {ispn} cluster.
 +
 See below for an example for the `sessions` cache.
 Repeat this for all other caches listed above.
@@ -48,4 +49,14 @@ Repeat this for all other caches listed above.
 include::example$helm/ispn-single.yaml[tag=infinispan-cache-sessions]
 ----
 +
-The https://infinispan.org/docs/stable/titles/configuring/configuring.html[Infinispan documentation] contains more detail about cache configuration ands its options.
+The https://infinispan.org/docs/stable/titles/configuring/configuring.html[{ispn} documentation] contains more detail about cache configuration ands its options.
+
+== Verifying the deployment
+
+Confirm that the {ispn} cluster is formed.
+
+.Wait until the {ispn} cluster is formed
+[source,bash,subs="+attributes"]
+----
+oc wait --for condition=WellFormed --timeout=300s infinispans.infinispan.org -n {ns} {cluster-name}
+----
diff --git a/doc/kubernetes/modules/ROOT/partials/running/infinispan-attributes.adoc b/doc/kubernetes/modules/ROOT/partials/running/infinispan-attributes.adoc
@@ -0,0 +1,29 @@
+// Attributes present in doc/kubernetes/collector/build.sh
+// If the build.sh is changed, update the attributes in this file
+// namespace
+:ns: ispn-namespace
+// sites: crossdc.local.name and crossdc.remote.name
+:site-a: site-a
+:site-b: site-b
+// crossdc.remote.secret
+:sa-secret: xsite-token-secret
+// crossdc.route.tls.keystore.secret
+:ks-secret: xsite-keystore-secret
+// crossdc.route.tls.truststore.secret
+:ts-secret: xsite-truststore-secret
+// hotrodPassword
+:hr-password: strong-password
+// cross-site service account
+:sa: xsite-sa
+// deployment name (hardcoded in ispn-helm chart)
+:cluster-name: infinispan
+
+// Other common attributes
+:operator-docs: https://infinispan.org/docs/infinispan-operator/main/operator.html
+:xsite-docs: https://infinispan.org/docs/stable/titles/xsite/xsite.html
+:ocp: OpenShift
+:ispn: Infinispan
+:ispn-operator: Infinispan Operator
+:kc: Keycloak
+:site-a: Site-A
+:site-b: Site-B
diff --git a/doc/kubernetes/modules/ROOT/partials/running/infinispan-credentials.adoc b/doc/kubernetes/modules/ROOT/partials/running/infinispan-credentials.adoc
@@ -3,11 +3,11 @@
 Keycloak needs this credential to be able to authenticate with the Infinispan cluster.
 The following `identities.yaml` file sets the username and password with admin permissions
 +
-[source,yam]
+[source,yam,subs="+attributes"]
 ----
 credentials:
   - username: developer
-    password: strong-password
+    password: {hr-password}
     roles:
       - admin
 ----