[JDK17] EAP 7.4.4 image changes.

Author: jfdenise

jboss/container/config/7.4/ee-elytron/standalone-openshift.xml

@@ -0,0 +1,17 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<feature-group-spec name="os-undertow-elytron" xmlns="urn:jboss:galleon:feature-group:1.0">
+    <feature-group name="undertow-elytron-security"/>
+    <feature spec="subsystem.undertow">
+        <feature spec="subsystem.undertow.server">
+            <param name="server" value="default-server" />
+            <feature spec="subsystem.undertow.server.host">
+                <param name="host" value="default-host" />
+                <feature spec="subsystem.undertow.server.host.setting.http-invoker">
+                    <unset param="security-realm"/>
+                    <param name="http-authentication-factory" value="application-http-authentication"/>
+                </feature>
+            </feature>
+        </feature>
+    </feature>
+    <feature-group name="os-undertow"/>
+</feature-group-spec>

jboss/container/eap/galleon/artifacts/opt/jboss/container/eap/galleon/eap-s2i-galleon-pack/src/main/resources/feature_groups/os-undertow-elytron.xml

@@ -0,0 +1,13 @@
+#!/bin/sh
+# Configure module
+set -e
+
+SCRIPT_DIR=$(dirname $0)
+ARTIFACTS_DIR=${SCRIPT_DIR}/artifacts
+
+chown -R jboss:root $SCRIPT_DIR
+chmod -R ug+rwX $SCRIPT_DIR
+
+pushd ${ARTIFACTS_DIR}
+cp -pr * /
+popd

jboss/container/eap/galleon/config/ee/artifacts/opt/jboss/container/eap/galleon/definitions/fat-default-server/provisioning.xml renamed to jboss/container/eap/galleon/config/ee-common/artifacts/opt/jboss/container/eap/galleon/definitions/fat-default-server/provisioning.xml

@@ -0,0 +1,7 @@
+schema_version: 1
+name: jboss.container.eap.galleon.config.ee.common
+version: '1.0'
+description: Install Galleon ee default configuration.
+
+execute:
+- script: configure.sh

jboss/container/eap/galleon/config/ee/artifacts/opt/jboss/container/eap/galleon/definitions/slim-default-server/provisioning.xml renamed to jboss/container/eap/galleon/config/ee-common/artifacts/opt/jboss/container/eap/galleon/definitions/slim-default-server/provisioning.xml

@@ -0,0 +1,106 @@
+<?xml version="1.0" ?>
+
+<config xmlns="urn:jboss:galleon:config:1.0" name="standalone.xml" model="standalone">
+    <layers>
+        <!-- we already have all required in default config -->
+        <!-- Although logically correct, galleon doesn't actually support excluding from model -->
+        <!-- This is harmless, keeping the exclusion commented for reference until GAL-308 is fixed -->
+        <!--<exclude name="operator-required"/>-->
+        <include name="amq6-rar"/>
+    </layers>
+
+     <!-- sso packages -->
+    <feature-group name="sso"/>
+
+    <!-- JDK 17 -->
+    <exclude feature-id="core-service.management.security-realm:security-realm=ApplicationRealm"/>
+    <exclude feature-id="core-service.management.security-realm:security-realm=ManagementRealm"/>
+    <feature spec="subsystem.batch-jberet">
+        <param name="security-domain" value="ApplicationDomain"/>
+    </feature>
+    <!-- JDK 17, remoting secured with elytron -->
+    <feature spec="subsystem.remoting.http-connector">
+        <param name="http-connector" value="http-remoting-connector"/>
+        <unset param="security-realm"/>
+        <param name="sasl-authentication-factory" value="application-sasl-authentication"/>
+    </feature>
+    
+    <!-- management -->
+    <exclude spec="core-service.management.access.identity"/>
+    <feature spec="core-service.management.management-interface.http-interface">
+        <param name="socket-binding" value="management-http"/>
+        <unset param="http-authentication-factory"/>
+        <feature spec="core-service.management.management-interface.http-interface.http-upgrade">
+            <param name="sasl-authentication-factory" value="management-sasl-authentication"/>
+        </feature>
+    </feature>
+    <exclude spec="subsystem.core-management"/>
+    <feature-group name="os-management"/>
+
+    <!-- messaging -->
+    <feature spec="subsystem.messaging-activemq"/>
+    <feature-group name="os-messaging"/>
+
+    <!-- logging -->
+    <exclude feature-id="subsystem.logging.pattern-formatter:pattern-formatter=PATTERN"/>
+    <exclude feature-id="subsystem.logging.periodic-rotating-file-handler:periodic-rotating-file-handler=FILE"/>
+    <feature-group name="os-logging"/>
+
+    <!-- jberet We can't remove it... needs a default job repository -->
+    <!--<feature spec="subsystem.batch-jberet">
+        <unset param="default-job-repository"/>
+    </feature>-->
+
+    <!-- datasources -->
+    <!-- We are not keeping the ExampleDS in the config -->
+    <exclude feature-id="subsystem.datasources.data-source:data-source=ExampleDS"/>
+    <feature spec="subsystem.ee.service.default-bindings">
+        <unset param="datasource"/>
+    </feature>
+
+    <!-- ejb3 -->
+    <feature spec="subsystem.ejb3">
+        <param name="default-sfsb-cache" value="distributable"/>
+        <param name="default-sfsb-passivation-disabled-cache" value="simple"/>
+        <param name="default-mdb-instance-pool" value="mdb-strict-max-pool"/>
+        <param name="default-resource-adapter-name" value="${ejb.resource-adapter-name:activemq-ra.rar}"/>
+        <!-- JDK 17, elytron security -->
+        <feature spec="subsystem.ejb3.application-security-domain">
+            <param name="application-security-domain" value="other"/>
+            <param name="security-domain" value="ApplicationDomain"/>
+        </feature>
+    </feature>
+    <exclude spec="subsystem.ejb3.service.timer-service"/>
+
+    <!-- elytron -->
+    <feature-group name="os-elytron"/>
+
+    <!-- clustering -->
+    <exclude spec="subsystem.infinispan"/>
+    <exclude spec="subsystem.distributable-web"/>
+    <feature-group name="os-clustering"/>
+
+    <!-- legacy security -->
+    <!-- JDK 17 excluded fully -->
+    <exclude feature-id="subsystem.security.security-domain:security-domain=jaspitest"/>
+    <exclude feature-id="subsystem.security.security-domain:security-domain=other"/>
+    <exclude feature-id="subsystem.security.security-domain:security-domain=jboss-web-policy"/>
+    <exclude feature-id="subsystem.security.security-domain:security-domain=jboss-ejb-policy"/>
+    <exclude spec="subsystem.security"/>
+    <!-- transactions -->
+    <feature-group name="tx-recovery"/>
+
+    <!-- undertow -->
+    <exclude feature-id="subsystem.undertow.server.https-listener:server=default-server,https-listener=https"/>
+
+    <!-- web-services -->
+    <feature spec="subsystem.webservices">
+        <param name="modify-wsdl-address" value="true"/>
+        <param name="wsdl-host" value="jbossws.undefined.host"/>
+    </feature>
+
+    <feature-group name="os-socket"/>
+
+    <feature-group name="os-undertow-elytron"/>
+
+</config>

jboss/container/eap/galleon/config/ee-common/configure.sh

@@ -0,0 +1,4 @@
+<?xml version="1.0" ?>
+<layer-spec xmlns="urn:jboss:galleon:layer-spec:1.0" name="application-security-realm">
+    <exclude feature-id="core-service.management.security-realm:security-realm=ApplicationRealm"/>
+</layer-spec>

jboss/container/eap/galleon/config/ee-common/module.yaml

@@ -0,0 +1,4 @@
+<?xml version="1.0" ?>
+<layer-spec xmlns="urn:jboss:galleon:layer-spec:1.0" name="management-security-realm">
+    <exclude feature-id="core-service.management.security-realm:security-realm=ManagementRealm"/>
+</layer-spec>

jboss/container/eap/galleon/config/ee-elytron/artifacts/opt/jboss/container/eap/galleon/eap-s2i-galleon-pack/src/main/resources/configs/standalone/standalone.xml/config.xml

@@ -0,0 +1,13 @@
+#!/bin/sh
+# Configure module
+set -e
+
+SCRIPT_DIR=$(dirname $0)
+ARTIFACTS_DIR=${SCRIPT_DIR}/artifacts
+
+chown -R jboss:root $SCRIPT_DIR
+chmod -R ug+rwX $SCRIPT_DIR
+
+pushd ${ARTIFACTS_DIR}
+cp -pr * /
+popd