diff --git a/core/src/main/python/wlsdeploy/tool/util/targets/vz_config_helper.py b/core/src/main/python/wlsdeploy/tool/util/targets/vz_config_helper.py index 666a4ea72..0295c0e5c 100644 --- a/core/src/main/python/wlsdeploy/tool/util/targets/vz_config_helper.py +++ b/core/src/main/python/wlsdeploy/tool/util/targets/vz_config_helper.py @@ -34,11 +34,13 @@ DATASOURCE_NAME = 'datasourceName' DOMAIN_NAME = 'domainName' DOMAIN_PREFIX = 'domainPrefix' +DOMAIN_TYPE = 'domainType' DOMAIN_UID = 'domainUid' DS_URL = 'url' HAS_CLUSTERS = 'hasClusters' HAS_DATABASES = 'hasDatabases' REPLICAS = 'replicas' +RUNTIME_ENCRYPTION_SECRET = 'runtimeEncryptionSecret' WEBLOGIC_CREDENTIALS_SECRET = 'webLogicCredentialsSecret' @@ -54,7 +56,7 @@ def create_vz_configuration(model, model_context, aliases, exception_type): # -output_dir argument was previously verified output_dir = model_context.get_kubernetes_output_dir() - template_hash = _build_template_hash(model, aliases) + template_hash = _build_template_hash(model, model_context, aliases) _create_file('model.yaml', template_hash, output_dir, exception_type) @@ -80,10 +82,11 @@ def _create_file(template_name, template_hash, output_dir, exception_type): file_template_helper.create_file(template_path, template_hash, output_file, exception_type) -def _build_template_hash(model, aliases): +def _build_template_hash(model, model_context, aliases): """ Create a dictionary of substitution values to apply to the templates. :param model: Model object used to derive values + :param model_context: used to determine domain type :param aliases: used to derive folder names :return: the hash dictionary """ @@ -110,6 +113,11 @@ def _build_template_hash(model, aliases): admin_secret = domain_uid + target_configuration_helper.WEBLOGIC_CREDENTIALS_SECRET_SUFFIX template_hash[WEBLOGIC_CREDENTIALS_SECRET] = admin_secret + # configuration / model + template_hash[DOMAIN_TYPE] = model_context.get_domain_type() + template_hash[RUNTIME_ENCRYPTION_SECRET] = domain_uid +\ + target_configuration_helper.RUNTIME_ENCRYPTION_SECRET_SUFFIX + # clusters clusters = [] diff --git a/core/src/main/python/wlsdeploy/util/target_configuration_helper.py b/core/src/main/python/wlsdeploy/util/target_configuration_helper.py index f0bd84030..018395473 100644 --- a/core/src/main/python/wlsdeploy/util/target_configuration_helper.py +++ b/core/src/main/python/wlsdeploy/util/target_configuration_helper.py @@ -26,6 +26,10 @@ __class_name = 'target_configuration_helper' __logger = PlatformLogger('wlsdeploy.tool.util') +# secret name for runtime encryption +RUNTIME_ENCRYPTION_SECRET_NAME = 'runtime-encryption' +RUNTIME_ENCRYPTION_SECRET_SUFFIX = '-' + RUNTIME_ENCRYPTION_SECRET_NAME + # Kubernetes secret for admin name and password is -weblogic-credentials WEBLOGIC_CREDENTIALS_SECRET_NAME = 'weblogic-credentials' WEBLOGIC_CREDENTIALS_SECRET_SUFFIX = '-' + WEBLOGIC_CREDENTIALS_SECRET_NAME @@ -151,6 +155,15 @@ def generate_k8s_script(model_context, token_dictionary, model_dictionary): k8s_script.write("# " + message + nl) k8s_script.write(command_string + nl) + # for vz additional output type, add the runtime encryption secret + output_types = model_context.get_target_configuration().get_additional_output_types() + if VZ_EXTRA_CONFIG in output_types: + message = exception_helper.get_message("WLSDPLY-01663", PASSWORD_TAG, RUNTIME_ENCRYPTION_SECRET_NAME) + command_string = "create_k8s_secret %s %s " % (RUNTIME_ENCRYPTION_SECRET_NAME, PASSWORD_TAG) + k8s_script.write(nl) + k8s_script.write("# " + message + nl) + k8s_script.write(command_string + nl) + k8s_script.close() diff --git a/core/src/main/resources/oracle/weblogic/deploy/targets/vz/model.yaml b/core/src/main/resources/oracle/weblogic/deploy/targets/vz/model.yaml index a7f1f70cb..bcc672605 100644 --- a/core/src/main/resources/oracle/weblogic/deploy/targets/vz/model.yaml +++ b/core/src/main/resources/oracle/weblogic/deploy/targets/vz/model.yaml @@ -30,6 +30,10 @@ spec: value: "-Dweblogic.StdoutDebugEnabled=false" - name: USER_MEM_ARGS value: "-Djava.security.egd=file:/dev/./urandom -Xms64m -Xmx256m " + configuration: + model: + domainType: {{{domainType}}} + runtimeEncryptionSecret: {{{runtimeEncryptionSecret}}} connections: - ingress: - name: {{{domainPrefix}}}-ingress