Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fixed deploying of che on OCP #6656

Merged
merged 5 commits into from
Oct 11, 2017
Merged

Fixed deploying of che on OCP #6656

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
6b5d839
Add ability to set OAUTH token for che-server
sleshchenko Oct 10, 2017
25e1e26
Add ability to deploy che on ocp with local yaml file
sleshchenko Oct 10, 2017
81e2356
Replace null values with defaults
sleshchenko Oct 10, 2017
8cb08b2
Add ability to configure OpenShift project where workspaces objects w…
sleshchenko Oct 10, 2017
3c4e5c3
Add missed sed command for deploying with OCP flavor
sleshchenko Oct 10, 2017
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion assembly/assembly-wsmaster-war/src/main/webapp/WEB-INF/classes/codenvy/che.properties
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -392,10 +392,11 @@ che.docker.connector=default
# Note that this property is needed for backward compatibility and will be removed soon.
che.predefined.stacks.reload_on_start=false

### Openshift Infra parameters
### OpenShift Infra parameters
che.infra.openshift.master_url=
che.infra.openshift.username=
che.infra.openshift.password=
che.infra.openshift.oauth_token=
che.infra.openshift.trust_certs=

# Create routes with Transport Layer Security (TLS) enabled
Expand Down
7 changes: 4 additions & 3 deletions dockerfiles/init/manifests/che.env
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -464,9 +464,10 @@ CHE_SINGLE_PORT=false
##### #####
#
#CHE_INFRA_OPENSHIFT_MASTER__URL=
#CHE_INFRA_OPENSHIFT_USERNAME=developer
#CHE_INFRA_OPENSHIFT_PASSWORD=developer
#CHE_INFRA_OPENSHIFT_TRUST__CERTS=false
#CHE_INFRA_OPENSHIFT_USERNAME=
#CHE_INFRA_OPENSHIFT_PASSWORD=
#CHE_INFRA_OPENSHIFT_OAUTH__TOKEN=
#CHE_INFRA_OPENSHIFT_TRUST__CERTS=

#CHE_INFRA_OPENSHIFT_MACHINE__START__TIMEOUT__MIN=5

Expand Down
16 changes: 11 additions & 5 deletions dockerfiles/init/modules/openshift/files/scripts/che-spi-openshift.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -81,12 +81,13 @@ items:
name: che
data:
CHE_INFRASTRUCTURE_ACTIVE: openshift
CHE_INFRA_OPENSHIFT_MASTER__URL: null
CHE_INFRA_OPENSHIFT_USERNAME: null
CHE_INFRA_OPENSHIFT_PASSWORD: null
CHE_INFRA_OPENSHIFT_TRUST__CERTS: null
CHE_INFRA_OPENSHIFT_MASTER__URL: ""
CHE_INFRA_OPENSHIFT_USERNAME: ""
CHE_INFRA_OPENSHIFT_PASSWORD: ""
CHE_INFRA_OPENSHIFT_OAUTH__TOKEN: ""
CHE_INFRA_OPENSHIFT_TRUST__CERTS: "false"
CHE_INFRA_OPENSHIFT_TLS__ENABLED: "true"
CHE_INFRA_OPENSHIFT_PROJECT: null
CHE_INFRA_OPENSHIFT_PROJECT: ""
CHE_INFRA_OPENSHIFT_MACHINE__START__TIMEOUT__MIN: "5"
CHE_INFRA_OPENSHIFT_BOOTSTRAPPER_BINARY__URL: http://${DEFAULT_OPENSHIFT_NAMESPACE_URL}/agent-binaries/linux_amd64/bootstrapper/bootstrapper
CHE_API: http://${DEFAULT_OPENSHIFT_NAMESPACE_URL}/wsmaster/api
Expand Down Expand Up @@ -189,6 +190,11 @@ items:
configMapKeyRef:
key: CHE_INFRA_OPENSHIFT_PASSWORD
name: che
- name: CHE_INFRA_OPENSHIFT_OAUTH__TOKEN
valueFrom:
configMapKeyRef:
key: CHE_INFRA_OPENSHIFT_OAUTH__TOKEN
name: che
- name: CHE_INFRA_OPENSHIFT_TRUST__CERTS
valueFrom:
configMapKeyRef:
Expand Down
23 changes: 22 additions & 1 deletion dockerfiles/init/modules/openshift/files/scripts/deploy_che.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -164,6 +164,9 @@ if [ "${OPENSHIFT_FLAVOR}" == "minishift" ]; then
DEFAULT_IMAGE_PULL_POLICY="IfNotPresent"
IMAGE_PULL_POLICY=${IMAGE_PULL_POLICY:-${DEFAULT_IMAGE_PULL_POLICY}}

DEFAULT_CHE_INFRA_OPENSHIFT_PROJECT=${CHE_OPENSHIFT_PROJECT}
CHE_INFRA_OPENSHIFT_PROJECT=${CHE_INFRA_OPENSHIFT_PROJECT:-${DEFAULT_CHE_INFRA_OPENSHIFT_PROJECT}}

elif [ "${OPENSHIFT_FLAVOR}" == "osio" ]; then
# ----------------------
# Set osio configuration
Expand All @@ -189,6 +192,10 @@ elif [ "${OPENSHIFT_FLAVOR}" == "ocp" ]; then
# ----------------------
DEFAULT_CHE_OPENSHIFT_PROJECT="eclipse-che"
CHE_OPENSHIFT_PROJECT=${CHE_OPENSHIFT_PROJECT:-${DEFAULT_CHE_OPENSHIFT_PROJECT}}

DEFAULT_CHE_INFRA_OPENSHIFT_PROJECT=${CHE_OPENSHIFT_PROJECT}
CHE_INFRA_OPENSHIFT_PROJECT=${CHE_INFRA_OPENSHIFT_PROJECT:-${DEFAULT_CHE_INFRA_OPENSHIFT_PROJECT}}

CHE_KEYCLOAK_DISABLED=${CHE_KEYCLOAK_DISABLED:-${DEFAULT_CHE_KEYCLOAK_DISABLED}}
DEFAULT_CHE_DEBUGGING_ENABLED="false"
CHE_DEBUGGING_ENABLED=${CHE_DEBUGGING_ENABLED:-${DEFAULT_CHE_DEBUGGING_ENABLED}}
Expand Down Expand Up @@ -400,6 +407,9 @@ cat "${CHE_DEPLOYMENT_FILE_PATH}" | \
sed "s| CHE_HOST: \${DEFAULT_OPENSHIFT_NAMESPACE_URL}| CHE_HOST: che-${DEFAULT_OPENSHIFT_NAMESPACE_URL}|" | \
sed "s| CHE_API: http://\${DEFAULT_OPENSHIFT_NAMESPACE_URL}/wsmaster/api| CHE_API: http://che-${DEFAULT_OPENSHIFT_NAMESPACE_URL}/wsmaster/api|" | \
grep -v -e "tls:" -e "insecureEdgeTerminationPolicy: Redirect" -e "termination: edge" | \
if [ "${CHE_INFRA_OPENSHIFT_OAUTH__TOKEN+x}" ]; then sed "s| CHE_INFRA_OPENSHIFT_OAUTH__TOKEN:.*| CHE_INFRA_OPENSHIFT_OAUTH__TOKEN: ${CHE_INFRA_OPENSHIFT_OAUTH__TOKEN}|"; else cat -; fi | \
if [ "${CHE_INFRA_OPENSHIFT_USERNAME+x}" ]; then sed "s| CHE_INFRA_OPENSHIFT_USERNAME:.*| CHE_INFRA_OPENSHIFT_USERNAME: ${CHE_INFRA_OPENSHIFT_USERNAME}|"; else cat -; fi | \
if [ "${CHE_INFRA_OPENSHIFT_PASSWORD+x}" ]; then sed "s| CHE_INFRA_OPENSHIFT_PASSWORD:.*| CHE_INFRA_OPENSHIFT_PASSWORD: ${CHE_INFRA_OPENSHIFT_PASSWORD}|"; else cat -; fi | \
if [ "${CHE_KEYCLOAK_DISABLED}" == "true" ]; then sed "s/ keycloak-disabled: \"false\"/ keycloak-disabled: \"true\"/" ; else cat -; fi | \
if [ "${CHE_DEBUGGING_ENABLED}" == "true" ]; then sed "s/ remote-debugging-enabled: \"false\"/ remote-debugging-enabled: \"true\"/"; else cat -; fi | \
sed "$MULTI_USER_HEALTH_CHECK_REPLACEMENT_STRING" | \
Expand Down Expand Up @@ -428,13 +438,24 @@ cat "${CHE_DEPLOYMENT_FILE_PATH}" | \
oc apply --force=true -f -
else
echo "[CHE] Deploying Che on OpenShift Container Platform (image ${CHE_IMAGE})"
curl -sSL http://central.maven.org/maven2/io/fabric8/tenant/apps/che/"${OSIO_VERSION}"/che-"${OSIO_VERSION}"-openshift.yml | \
DEFAULT_CHE_DEPLOYMENT_FILE_PATH=./che-spi-openshift.yml
CHE_DEPLOYMENT_FILE_PATH=${CHE_DEPLOYMENT_FILE_PATH:-${DEFAULT_CHE_DEPLOYMENT_FILE_PATH}}

cat "${CHE_DEPLOYMENT_FILE_PATH}" | \
if [ ! -z "${OPENSHIFT_NAMESPACE_URL+x}" ]; then sed "s/ hostname-http:.*/ hostname-http: ${OPENSHIFT_NAMESPACE_URL}/" ; else cat -; fi | \
sed "s/ image:.*/ image: \"${CHE_IMAGE_SANITIZED}\"/" | \
sed "s/ imagePullPolicy:.*/ imagePullPolicy: \"${IMAGE_PULL_POLICY}\"/" | \
sed "s| keycloak-oso-endpoint:.*| keycloak-oso-endpoint: ${KEYCLOAK_OSO_ENDPOINT}|" | \
sed "s| keycloak-github-endpoint:.*| keycloak-github-endpoint: ${KEYCLOAK_GITHUB_ENDPOINT}|" | \
sed "s/ keycloak-disabled:.*/ keycloak-disabled: \"${CHE_KEYCLOAK_DISABLED}\"/" | \
sed "s| CHE_INFRA_OPENSHIFT_PROJECT:.*| CHE_INFRA_OPENSHIFT_PROJECT: ${CHE_INFRA_OPENSHIFT_PROJECT}|" | \
Copy link
Contributor

@riuvshin riuvshin Oct 10, 2017
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

are these lines needed only for ocp flavor? not for minishift or osio ?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For minishift and osio these lines already are there

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@sleshchenko I guess for osio flavor OAUTH__TOKEN / USERNAME / PASSWORD vars are not set deliberately, so that default service account token would be used for object creation in -che namespace, right ?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

KEWL

Copy link
Member Author

@sleshchenko sleshchenko Oct 10, 2017
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@ibuziuk you're right. I think it is useful only for OCP and minishift flavors. So, now for OSIO service account will be used for objects creation in the same project. And later, I believe, we'll implement using of users' OpenShift tokens to create workspaces' objects in different projects.
I am not sure how it will work for OCP and minishift but now it is implemented by using user token or credentials.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

sounds good. Tested on osio and all works just fine. +1 to apply

sed "s| CHE_INFRA_OPENSHIFT_BOOTSTRAPPER_BINARY__URL:.*| CHE_INFRA_OPENSHIFT_BOOTSTRAPPER_BINARY__URL: https://che-${OPENSHIFT_NAMESPACE_URL}/agent-binaries/linux_amd64/bootstrapper/bootstrapper|" | \
sed "s| CHE_WEBSOCKET_ENDPOINT:.*| CHE_WEBSOCKET_ENDPOINT: wss://che-${OPENSHIFT_NAMESPACE_URL}/wsmaster/websocket|" | \
sed "s| CHE_HOST: \${DEFAULT_OPENSHIFT_NAMESPACE_URL}| CHE_HOST: che-${OPENSHIFT_NAMESPACE_URL}|" | \
sed "s| CHE_API: http://\${DEFAULT_OPENSHIFT_NAMESPACE_URL}/wsmaster/api| CHE_API: https://che-${OPENSHIFT_NAMESPACE_URL}/wsmaster/api|" | \
if [ "${CHE_INFRA_OPENSHIFT_OAUTH__TOKEN+x}" ]; then sed "s| CHE_INFRA_OPENSHIFT_OAUTH__TOKEN:.*| CHE_INFRA_OPENSHIFT_OAUTH__TOKEN: ${CHE_INFRA_OPENSHIFT_OAUTH__TOKEN}|"; else cat -; fi | \
if [ "${CHE_INFRA_OPENSHIFT_USERNAME+x}" ]; then sed "s| CHE_INFRA_OPENSHIFT_USERNAME:.*| CHE_INFRA_OPENSHIFT_USERNAME: ${CHE_INFRA_OPENSHIFT_USERNAME}|"; else cat -; fi | \
if [ "${CHE_INFRA_OPENSHIFT_PASSWORD+x}" ]; then sed "s| CHE_INFRA_OPENSHIFT_PASSWORD:.*| CHE_INFRA_OPENSHIFT_PASSWORD: ${CHE_INFRA_OPENSHIFT_PASSWORD}|"; else cat -; fi | \
if [ "${CHE_LOG_LEVEL}" == "DEBUG" ]; then sed "s/ log-level: \"INFO\"/ log-level: \"DEBUG\"/" ; else cat -; fi | \
if [ "${CHE_DEBUGGING_ENABLED}" == "true" ]; then sed "s/ remote-debugging-enabled: \"false\"/ remote-debugging-enabled: \"true\"/"; else cat -; fi | \
if [ "${ENABLE_SSL}" == "false" ]; then sed "s/ che-openshift-secure-routes: \"true\"/ che-openshift-secure-routes: \"false\"/" ; else cat -; fi | \
Expand Down
5 changes: 5 additions & 0 deletions .../main/java/org/eclipse/che/workspace/infrastructure/openshift/OpenShiftClientFactory.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@ public OpenShiftClientFactory(
@Nullable @Named("che.infra.openshift.master_url") String masterUrl,
@Nullable @Named("che.infra.openshift.username") String username,
@Nullable @Named("che.infra.openshift.password") String password,
@Nullable @Named("che.infra.openshift.oauth_token") String oauthToken,
@Nullable @Named("che.infra.openshift.trust_certs") Boolean doTrustCerts) {
OpenShiftConfigBuilder configBuilder = new OpenShiftConfigBuilder();
if (!isNullOrEmpty(masterUrl)) {
Expand All @@ -43,6 +44,10 @@ public OpenShiftClientFactory(
configBuilder.withPassword(password);
}

if (!isNullOrEmpty(oauthToken)) {
configBuilder.withOauthToken(oauthToken);
}

if (doTrustCerts != null) {
configBuilder.withTrustCerts(doTrustCerts);
}
Expand Down