Chapter 4. OpenShift template reference information

${APPLICATION_NAME}-rhpamcentr

jolokia

8778

TCP

http

8080

TCP

${APPLICATION_NAME}-kieserver

jolokia

8778

TCP

http

8080

TCP

${APPLICATION_NAME}-rhpamcentr

WORKBENCH_ROUTE_NAME

 — 

insecure-${APPLICATION_NAME}-rhpamcentr

KIE_ADMIN_USER

KIE administrator user name.

${KIE_ADMIN_USER}

KIE_ADMIN_PWD

Default password used for multiple components for user convenience in this trial environment.

${DEFAULT_PASSWORD}

KIE_MBEANS

KIE server mbeans enabled/disabled. (Sets the kie.mbeans and kie.scanner.mbeans system properties)

${KIE_MBEANS}

KIE_SERVER_CONTROLLER_OPENSHIFT_ENABLED

 — 

true

KIE_SERVER_CONTROLLER_OPENSHIFT_GLOBAL_DISCOVERY_ENABLED

If set to true, turns on KIE server global discovery feature (Sets the org.kie.server.controller.openshift.global.discovery.enabled system property)

${KIE_SERVER_CONTROLLER_OPENSHIFT_GLOBAL_DISCOVERY_ENABLED}

KIE_SERVER_CONTROLLER_OPENSHIFT_PREFER_KIESERVER_SERVICE

If OpenShift integration of Business Central is turned on, setting this parameter to true enables connection to KIE Server via an OpenShift internal Service endpoint. (Sets the org.kie.server.controller.openshift.prefer.kieserver.service system property)

${KIE_SERVER_CONTROLLER_OPENSHIFT_PREFER_KIESERVER_SERVICE}

KIE_SERVER_CONTROLLER_TEMPLATE_CACHE_TTL

KIE ServerTemplate Cache TTL in milliseconds. (Sets the org.kie.server.controller.template.cache.ttl system property)

${KIE_SERVER_CONTROLLER_TEMPLATE_CACHE_TTL}

MAVEN_REPO_ID

The id to use for the maven repository, if set. Default is generated randomly.

${MAVEN_REPO_ID}

MAVEN_REPO_URL

Fully qualified URL to a Maven repository or service.

${MAVEN_REPO_URL}

MAVEN_REPO_USERNAME

User name for accessing the Maven repository, if required.

${MAVEN_REPO_USERNAME}

MAVEN_REPO_PASSWORD

Password to access the Maven repository, if required.

${MAVEN_REPO_PASSWORD}

GIT_HOOKS_DIR

The directory to use for git hooks, if required.

${GIT_HOOKS_DIR}

SSO_URL

RH-SSO URL.

${SSO_URL}

SSO_OPENIDCONNECT_DEPLOYMENTS

 — 

ROOT.war

SSO_REALM

RH-SSO Realm name.

${SSO_REALM}

SSO_SECRET

Business Central RH-SSO Client Secret.

${BUSINESS_CENTRAL_SSO_SECRET}

SSO_CLIENT

Business Central RH-SSO Client name.

${BUSINESS_CENTRAL_SSO_CLIENT}

SSO_USERNAME

RH-SSO Realm admin user name for creating the Client if it doesn’t exist.

${SSO_USERNAME}

SSO_PASSWORD

RH-SSO Realm Admin Password used to create the Client.

${SSO_PASSWORD}

SSO_DISABLE_SSL_CERTIFICATE_VALIDATION

RH-SSO Disable SSL Certificate Validation.

${SSO_DISABLE_SSL_CERTIFICATE_VALIDATION}

SSO_PRINCIPAL_ATTRIBUTE

RH-SSO Principal Attribute to use as user name.

${SSO_PRINCIPAL_ATTRIBUTE}

HOSTNAME_HTTP

Custom hostname for http service route for Business Central. Leave blank for default hostname, e.g.: insecure-<application-name>-rhpamcentr-<project>.<default-domain-suffix>

${BUSINESS_CENTRAL_HOSTNAME_HTTP}

AUTH_LDAP_URL

LDAP Endpoint to connect for authentication.

${AUTH_LDAP_URL}

AUTH_LDAP_BIND_DN

Bind DN used for authentication.

${AUTH_LDAP_BIND_DN}

AUTH_LDAP_BIND_CREDENTIAL

LDAP Credentials used for authentication.

${AUTH_LDAP_BIND_CREDENTIAL}

AUTH_LDAP_JAAS_SECURITY_DOMAIN

The JMX ObjectName of the JaasSecurityDomain used to decrypt the password.

${AUTH_LDAP_JAAS_SECURITY_DOMAIN}

AUTH_LDAP_BASE_CTX_DN

LDAP Base DN of the top-level context to begin the user search.

${AUTH_LDAP_BASE_CTX_DN}

AUTH_LDAP_BASE_FILTER

LDAP search filter used to locate the context of the user to authenticate. The input username or userDN obtained from the login module callback is substituted into the filter anywhere a {0} expression is used. A common example for the search filter is (uid={0}).

${AUTH_LDAP_BASE_FILTER}

AUTH_LDAP_SEARCH_SCOPE

The search scope to use.

${AUTH_LDAP_SEARCH_SCOPE}

AUTH_LDAP_SEARCH_TIME_LIMIT

The timeout in milliseconds for user or role searches.

${AUTH_LDAP_SEARCH_TIME_LIMIT}

AUTH_LDAP_DISTINGUISHED_NAME_ATTRIBUTE

The name of the attribute in the user entry that contains the DN of the user. This may be necessary if the DN of the user itself contains special characters, backslash for example, that prevent correct user mapping. If the attribute does not exist, the entry’s DN is used.

${AUTH_LDAP_DISTINGUISHED_NAME_ATTRIBUTE}

AUTH_LDAP_PARSE_USERNAME

A flag indicating if the DN is to be parsed for the user name. If set to true, the DN is parsed for the user name. If set to false the DN is not parsed for the user name. This option is used together with usernameBeginString and usernameEndString.

${AUTH_LDAP_PARSE_USERNAME}

AUTH_LDAP_USERNAME_BEGIN_STRING

Defines the String which is to be removed from the start of the DN to reveal the user name. This option is used together with usernameEndString and only taken into account if parseUsername is set to true.

${AUTH_LDAP_USERNAME_BEGIN_STRING}

AUTH_LDAP_USERNAME_END_STRING

Defines the String which is to be removed from the end of the DN to reveal the user name. This option is used together with usernameEndString and only taken into account if parseUsername is set to true.

${AUTH_LDAP_USERNAME_END_STRING}

AUTH_LDAP_ROLE_ATTRIBUTE_ID

Name of the attribute containing the user roles.

${AUTH_LDAP_ROLE_ATTRIBUTE_ID}

AUTH_LDAP_ROLES_CTX_DN

The fixed DN of the context to search for user roles. This is not the DN where the actual roles are, but the DN where the objects containing the user roles are. For example, in a Microsoft Active Directory server, this is the DN where the user account is.

${AUTH_LDAP_ROLES_CTX_DN}

AUTH_LDAP_ROLE_FILTER

A search filter used to locate the roles associated with the authenticated user. The input username or userDN obtained from the login module callback is substituted into the filter anywhere a {0} expression is used. The authenticated userDN is substituted into the filter anywhere a {1} is used. An example search filter that matches on the input username is (member={0}). An alternative that matches on the authenticated userDN is (member={1}).

${AUTH_LDAP_ROLE_FILTER}

AUTH_LDAP_ROLE_RECURSION

The number of levels of recursion the role search will go below a matching context. Disable recursion by setting this to 0.

${AUTH_LDAP_ROLE_RECURSION}

AUTH_LDAP_DEFAULT_ROLE

A role included for all authenticated users.

${AUTH_LDAP_DEFAULT_ROLE}

AUTH_LDAP_ROLE_NAME_ATTRIBUTE_ID

Name of the attribute within the roleCtxDN context which contains the role name. If the roleAttributeIsDN property is set to true, this property is used to find the role object’s name attribute.

${AUTH_LDAP_ROLE_NAME_ATTRIBUTE_ID}

AUTH_LDAP_PARSE_ROLE_NAME_FROM_DN

A flag indicating if the DN returned by a query contains the roleNameAttributeID. If set to true, the DN is checked for the roleNameAttributeID. If set to false, the DN is not checked for the roleNameAttributeID. This flag can improve the performance of LDAP queries.

${AUTH_LDAP_PARSE_ROLE_NAME_FROM_DN}

AUTH_LDAP_ROLE_ATTRIBUTE_IS_DN

Whether or not the roleAttributeID contains the fully-qualified DN of a role object. If false, the role name is taken from the value of the roleNameAttributeId attribute of the context name. Certain directory schemas, such as Microsoft Active Directory, require this attribute to be set to true.

${AUTH_LDAP_ROLE_ATTRIBUTE_IS_DN}

AUTH_LDAP_REFERRAL_USER_ATTRIBUTE_ID_TO_CHECK

If you are not using referrals, you can ignore this option. When using referrals, this option denotes the attribute name which contains users defined for a certain role, for example member, if the role object is inside the referral. Users are checked against the content of this attribute name. If this option is not set, the check will always fail, so role objects cannot be stored in a referral tree.

${AUTH_LDAP_REFERRAL_USER_ATTRIBUTE_ID_TO_CHECK}

AUTH_ROLE_MAPPER_ROLES_PROPERTIES

When present, the RoleMapping Login Module will be configured to use the provided file. This parameter defines the fully-qualified file path and name of a properties file or resource which maps roles to replacement roles. The format is original_role=role1,role2,role3

${AUTH_ROLE_MAPPER_ROLES_PROPERTIES}

AUTH_ROLE_MAPPER_REPLACE_ROLE

Whether to add to the current roles, or replace the current roles with the mapped ones. Replaces if set to true.

${AUTH_ROLE_MAPPER_REPLACE_ROLE}

${APPLICATION_NAME}-kieserver

WORKBENCH_SERVICE_NAME

 — 

${APPLICATION_NAME}-rhpamcentr

KIE_ADMIN_USER

KIE administrator user name.

${KIE_ADMIN_USER}

KIE_ADMIN_PWD

Default password used for multiple components for user convenience in this trial environment.

${DEFAULT_PASSWORD}

KIE_SERVER_MODE

The KIE Server mode. Valid values are 'DEVELOPMENT' or 'PRODUCTION'. In production mode, you can not deploy SNAPSHOT versions of artifacts on the KIE server and can not change the version of an artifact in an existing container. (Sets the org.kie.server.mode system property).

${KIE_SERVER_MODE}

KIE_MBEANS

KIE server mbeans enabled/disabled. (Sets the kie.mbeans and kie.scanner.mbeans system properties)

${KIE_MBEANS}

DROOLS_SERVER_FILTER_CLASSES

KIE server class filtering. (Sets the org.drools.server.filter.classes system property)

${DROOLS_SERVER_FILTER_CLASSES}

PROMETHEUS_SERVER_EXT_DISABLED

If set to false, the prometheus server extension will be enabled. (Sets the org.kie.prometheus.server.ext.disabled system property)

${PROMETHEUS_SERVER_EXT_DISABLED}

KIE_SERVER_BYPASS_AUTH_USER

Allows the KIE server to bypass the authenticated user for task-related operations e.g. queries. (Sets the org.kie.server.bypass.auth.user system property)

${KIE_SERVER_BYPASS_AUTH_USER}

KIE_SERVER_ID

 — 

 — 

KIE_SERVER_ROUTE_NAME

 — 

insecure-${APPLICATION_NAME}-kieserver

KIE_SERVER_STARTUP_STRATEGY

 — 

OpenShiftStartupStrategy

KIE_SERVER_CONTAINER_DEPLOYMENT

KIE Server Container deployment configuration with optional alias. Format: containerId=groupId:artifactId:version|c2(alias2)=g2:a2:v2

${KIE_SERVER_CONTAINER_DEPLOYMENT}

MAVEN_REPOS

 — 

RHPAMCENTR,EXTERNAL

RHPAMCENTR_MAVEN_REPO_ID

 — 

repo-rhpamcentr

RHPAMCENTR_MAVEN_REPO_SERVICE

 — 

${APPLICATION_NAME}-rhpamcentr

RHPAMCENTR_MAVEN_REPO_PATH

 — 

/maven2/

RHPAMCENTR_MAVEN_REPO_USERNAME

KIE administrator user name.

${KIE_ADMIN_USER}

RHPAMCENTR_MAVEN_REPO_PASSWORD

Default password used for multiple components for user convenience in this trial environment.

${DEFAULT_PASSWORD}

EXTERNAL_MAVEN_REPO_ID

The id to use for the maven repository, if set. Default is generated randomly.

${MAVEN_REPO_ID}

EXTERNAL_MAVEN_REPO_URL

Fully qualified URL to a Maven repository or service.

${MAVEN_REPO_URL}

EXTERNAL_MAVEN_REPO_USERNAME

User name for accessing the Maven repository, if required.

${MAVEN_REPO_USERNAME}

EXTERNAL_MAVEN_REPO_PASSWORD

Password to access the Maven repository, if required.

${MAVEN_REPO_PASSWORD}

SSO_URL

RH-SSO URL.

${SSO_URL}

SSO_OPENIDCONNECT_DEPLOYMENTS

 — 

ROOT.war

SSO_REALM

RH-SSO Realm name.

${SSO_REALM}

SSO_SECRET

KIE Server RH-SSO Client Secret.

${KIE_SERVER_SSO_SECRET}

SSO_CLIENT

KIE Server RH-SSO Client name.

${KIE_SERVER_SSO_CLIENT}

SSO_USERNAME

RH-SSO Realm admin user name for creating the Client if it doesn’t exist.

${SSO_USERNAME}

SSO_PASSWORD

RH-SSO Realm Admin Password used to create the Client.

${SSO_PASSWORD}

SSO_DISABLE_SSL_CERTIFICATE_VALIDATION

RH-SSO Disable SSL Certificate Validation.

${SSO_DISABLE_SSL_CERTIFICATE_VALIDATION}

SSO_PRINCIPAL_ATTRIBUTE

RH-SSO Principal Attribute to use as user name.

${SSO_PRINCIPAL_ATTRIBUTE}

HOSTNAME_HTTP

Custom hostname for http service route. Leave blank for default hostname, e.g.: insecure-<application-name>-kieserver-<project>.<default-domain-suffix>

${KIE_SERVER_HOSTNAME_HTTP}

AUTH_LDAP_URL

LDAP Endpoint to connect for authentication.

${AUTH_LDAP_URL}

AUTH_LDAP_BIND_DN

Bind DN used for authentication.

${AUTH_LDAP_BIND_DN}

AUTH_LDAP_BIND_CREDENTIAL

LDAP Credentials used for authentication.

${AUTH_LDAP_BIND_CREDENTIAL}

AUTH_LDAP_JAAS_SECURITY_DOMAIN

The JMX ObjectName of the JaasSecurityDomain used to decrypt the password.

${AUTH_LDAP_JAAS_SECURITY_DOMAIN}

AUTH_LDAP_BASE_CTX_DN

LDAP Base DN of the top-level context to begin the user search.

${AUTH_LDAP_BASE_CTX_DN}

AUTH_LDAP_BASE_FILTER

LDAP search filter used to locate the context of the user to authenticate. The input username or userDN obtained from the login module callback is substituted into the filter anywhere a {0} expression is used. A common example for the search filter is (uid={0}).

${AUTH_LDAP_BASE_FILTER}

AUTH_LDAP_SEARCH_SCOPE

The search scope to use.

${AUTH_LDAP_SEARCH_SCOPE}

AUTH_LDAP_SEARCH_TIME_LIMIT

The timeout in milliseconds for user or role searches.

${AUTH_LDAP_SEARCH_TIME_LIMIT}

AUTH_LDAP_DISTINGUISHED_NAME_ATTRIBUTE

The name of the attribute in the user entry that contains the DN of the user. This may be necessary if the DN of the user itself contains special characters, backslash for example, that prevent correct user mapping. If the attribute does not exist, the entry’s DN is used.

${AUTH_LDAP_DISTINGUISHED_NAME_ATTRIBUTE}

AUTH_LDAP_PARSE_USERNAME

A flag indicating if the DN is to be parsed for the user name. If set to true, the DN is parsed for the user name. If set to false the DN is not parsed for the user name. This option is used together with usernameBeginString and usernameEndString.

${AUTH_LDAP_PARSE_USERNAME}

AUTH_LDAP_USERNAME_BEGIN_STRING

Defines the String which is to be removed from the start of the DN to reveal the user name. This option is used together with usernameEndString and only taken into account if parseUsername is set to true.

${AUTH_LDAP_USERNAME_BEGIN_STRING}

AUTH_LDAP_USERNAME_END_STRING

Defines the String which is to be removed from the end of the DN to reveal the user name. This option is used together with usernameEndString and only taken into account if parseUsername is set to true.

${AUTH_LDAP_USERNAME_END_STRING}

AUTH_LDAP_ROLE_ATTRIBUTE_ID

Name of the attribute containing the user roles.

${AUTH_LDAP_ROLE_ATTRIBUTE_ID}

AUTH_LDAP_ROLES_CTX_DN

The fixed DN of the context to search for user roles. This is not the DN where the actual roles are, but the DN where the objects containing the user roles are. For example, in a Microsoft Active Directory server, this is the DN where the user account is.

${AUTH_LDAP_ROLES_CTX_DN}

AUTH_LDAP_ROLE_FILTER

A search filter used to locate the roles associated with the authenticated user. The input username or userDN obtained from the login module callback is substituted into the filter anywhere a {0} expression is used. The authenticated userDN is substituted into the filter anywhere a {1} is used. An example search filter that matches on the input username is (member={0}). An alternative that matches on the authenticated userDN is (member={1}).

${AUTH_LDAP_ROLE_FILTER}

AUTH_LDAP_ROLE_RECURSION

The number of levels of recursion the role search will go below a matching context. Disable recursion by setting this to 0.

${AUTH_LDAP_ROLE_RECURSION}

AUTH_LDAP_DEFAULT_ROLE

A role included for all authenticated users.

${AUTH_LDAP_DEFAULT_ROLE}

AUTH_LDAP_ROLE_NAME_ATTRIBUTE_ID

Name of the attribute within the roleCtxDN context which contains the role name. If the roleAttributeIsDN property is set to true, this property is used to find the role object’s name attribute.

${AUTH_LDAP_ROLE_NAME_ATTRIBUTE_ID}

AUTH_LDAP_PARSE_ROLE_NAME_FROM_DN

A flag indicating if the DN returned by a query contains the roleNameAttributeID. If set to true, the DN is checked for the roleNameAttributeID. If set to false, the DN is not checked for the roleNameAttributeID. This flag can improve the performance of LDAP queries.

${AUTH_LDAP_PARSE_ROLE_NAME_FROM_DN}

AUTH_LDAP_ROLE_ATTRIBUTE_IS_DN

Whether or not the roleAttributeID contains the fully-qualified DN of a role object. If false, the role name is taken from the value of the roleNameAttributeId attribute of the context name. Certain directory schemas, such as Microsoft Active Directory, require this attribute to be set to true.

${AUTH_LDAP_ROLE_ATTRIBUTE_IS_DN}

AUTH_LDAP_REFERRAL_USER_ATTRIBUTE_ID_TO_CHECK

If you are not using referrals, you can ignore this option. When using referrals, this option denotes the attribute name which contains users defined for a certain role, for example member, if the role object is inside the referral. Users are checked against the content of this attribute name. If this option is not set, the check will always fail, so role objects cannot be stored in a referral tree.

${AUTH_LDAP_REFERRAL_USER_ATTRIBUTE_ID_TO_CHECK}

AUTH_ROLE_MAPPER_ROLES_PROPERTIES

When present, the RoleMapping Login Module will be configured to use the provided file. This parameter defines the fully-qualified file path and name of a properties file or resource which maps roles to replacement roles. The format is original_role=role1,role2,role3

${AUTH_ROLE_MAPPER_ROLES_PROPERTIES}

AUTH_ROLE_MAPPER_REPLACE_ROLE

Whether to add to the current roles, or replace the current roles with the mapped ones. Replaces if set to true.

${AUTH_ROLE_MAPPER_REPLACE_ROLE}

FILTERS

 — 

AC_ALLOW_ORIGIN,AC_ALLOW_METHODS,AC_ALLOW_HEADERS,AC_ALLOW_CREDENTIALS,AC_MAX_AGE

AC_ALLOW_ORIGIN_FILTER_RESPONSE_HEADER_NAME

 — 

Access-Control-Allow-Origin

AC_ALLOW_ORIGIN_FILTER_RESPONSE_HEADER_VALUE

Sets the Access-Control-Allow-Origin response header value in the KIE Server (useful for CORS support).

${KIE_SERVER_ACCESS_CONTROL_ALLOW_ORIGIN}

AC_ALLOW_METHODS_FILTER_RESPONSE_HEADER_NAME

 — 

Access-Control-Allow-Methods

AC_ALLOW_METHODS_FILTER_RESPONSE_HEADER_VALUE

Sets the Access-Control-Allow-Methods response header value in the KIE Server (useful for CORS support).

${KIE_SERVER_ACCESS_CONTROL_ALLOW_METHODS}

AC_ALLOW_HEADERS_FILTER_RESPONSE_HEADER_NAME

 — 

Access-Control-Allow-Headers

AC_ALLOW_HEADERS_FILTER_RESPONSE_HEADER_VALUE

Sets the Access-Control-Allow-Headers response header value in the KIE Server (useful for CORS support).

${KIE_SERVER_ACCESS_CONTROL_ALLOW_HEADERS}

AC_ALLOW_CREDENTIALS_FILTER_RESPONSE_HEADER_NAME

 — 

Access-Control-Allow-Credentials

AC_ALLOW_CREDENTIALS_FILTER_RESPONSE_HEADER_VALUE

Sets the Access-Control-Allow-Credentials response header value in the KIE Server (useful for CORS support).

${KIE_SERVER_ACCESS_CONTROL_ALLOW_CREDENTIALS}

AC_MAX_AGE_FILTER_RESPONSE_HEADER_NAME

 — 

Access-Control-Max-Age

AC_MAX_AGE_FILTER_RESPONSE_HEADER_VALUE

Sets the Access-Control-Max-Age response header value in the KIE Server (useful for CORS support).

${KIE_SERVER_ACCESS_CONTROL_MAX_AGE}