Details
-
Task
-
Resolution: Obsolete
-
Major
-
None
-
None
-
None
Description
Here I would add an additional step about how to create an additional secret to be used in case the keystore and truststore passwords are not "password" and in case the AMQ Username and password needs to be changed
Something like:
- In case the trust store or the key store are using a password different from password or custom AMQ credentials are needed a new secret must be created:
# create the secret with AMQ credentials: # amqUser is the key defining the AMQ username with value "amq" # amqPassword is the key defining the AMQ password with value "amq" # trustStorePassword is the key containing the trust store password with value "mytruststorepassword" # keyStorePassword is the key containing the key store password with value "mykeystorepassword" oc create secret generic amq-custom-credential-secrets --from-literal=amqUser=amq --from-literal amqPassword=amq --from-literal=trustStorePassword=mytruststorepassword --from-literal=keyStorePassword=mykeystorepassword
The new secret and the keys must be then referenced on the _oc new-app --template` command with the templates parameters
- AMQ_CREDENTIAL_SECRET: the name of the secret storing AMQ credentials and trust/key store credentials
- AMQ_KEYSTORE_PASSWORD: the secret key containing the keystore password
- AMQ_TRUSTSTORE_PASSWORD: the secret key containing the trustore password
- AMQ_USER: the secret key containing the AMQ username
- AMQ_PASSWORD: the secret key containing the AMQ password
Example:
oc new-app --template=amq-broker-76-ssl \
-p AMQ_PROTOCOL=core,openwire,amqp,stomp,mqtt,hornetq \
-p AMQ_QUEUES=demoQueue \
-p AMQ_ADDRESSES=demoTopic \
-p AMQ_MULTICAST_PREFIX=jms.topic. \
-p AMQ_ANYCAST_PREFIX=jms.queue. \
-p AMQ_USER=amqUser \
-p AMQ_PASSWORD=amqPassword \
-p AMQ_KEYSTORE=broker.ks \
-p AMQ_TRUSTSTORE=client.ts \
-p AMQ_KEYSTORE_PASSWORD=keyStorePassword \
-p AMQ_TRUSTSTORE_PASSWORD=trustStorePassword \
-p AMQ_CREDENTIAL_SECRET=amq-credential-secrets \
-p AMQ_SECRET=amq-ssl-certs
Reported by: pbertera