From 06df5be97dfbc09c13dd208e12db4ac63fa21aff Mon Sep 17 00:00:00 2001 From: Eugene Ivantsov Date: Fri, 23 Feb 2018 13:47:49 +0200 Subject: [PATCH] Replace s2i based deployment approach with pure deployments (#8819) * Experimenting with deployment config based approach to Che multi user on OCP * Service pod * Remove s2i * Remove s2i * EOF * Cleanup * Cleanup * Cleanup * Cleanup * Make Keycloak util image configurable * Update webdriver.sh --- .../openshift/files/scripts/deploy_che.sh | 7 +- .../scripts/multi-user/configure_keycloak.sh | 48 +++++++++++ .../deploy_postgres_and_keycloak.sh | 84 ++----------------- .../multi-user/deploy_postgres_only.sh | 62 ++------------ .../keycloak-config-pod-deployment.yaml | 28 +++++++ .../keycloak/deployment-config.yaml | 17 ++-- .../multi-user/postgres/build-config.yaml | 41 --------- .../postgres/deployment-config.yaml | 13 +-- .../multi-user/postgres/image-stream.yaml | 9 -- .../wait_until_keycloak_is_available.sh | 4 +- .../wait_until_postgres_is_available.sh | 3 +- .../Dockerfile} | 17 ++-- dockerfiles/keycloak-util/build.sh | 19 +++++ dockerfiles/keycloak-util/keycloak_config.sh | 33 ++++++++ .../Dockerfile} | 11 +-- dockerfiles/keycloak/build.sh | 19 +++++ dockerfiles/postgres/Dockerfile | 15 ++++ dockerfiles/postgres/build.sh | 18 ++++ 18 files changed, 221 insertions(+), 227 deletions(-) create mode 100755 dockerfiles/init/modules/openshift/files/scripts/multi-user/configure_keycloak.sh create mode 100644 dockerfiles/init/modules/openshift/files/scripts/multi-user/keycloak/config/keycloak-config-pod-deployment.yaml delete mode 100644 dockerfiles/init/modules/openshift/files/scripts/multi-user/postgres/build-config.yaml delete mode 100644 dockerfiles/init/modules/openshift/files/scripts/multi-user/postgres/image-stream.yaml rename dockerfiles/{init/modules/openshift/files/scripts/multi-user/keycloak/image-stream.yaml => keycloak-util/Dockerfile} (54%) create mode 100755 dockerfiles/keycloak-util/build.sh create mode 100755 dockerfiles/keycloak-util/keycloak_config.sh rename dockerfiles/{init/modules/openshift/files/scripts/multi-user/che-init-image-stream.yaml => keycloak/Dockerfile} (65%) create mode 100755 dockerfiles/keycloak/build.sh create mode 100644 dockerfiles/postgres/Dockerfile create mode 100755 dockerfiles/postgres/build.sh diff --git a/dockerfiles/init/modules/openshift/files/scripts/deploy_che.sh b/dockerfiles/init/modules/openshift/files/scripts/deploy_che.sh index 2e9dc801c5..2ff18fddb1 100755 --- a/dockerfiles/init/modules/openshift/files/scripts/deploy_che.sh +++ b/dockerfiles/init/modules/openshift/files/scripts/deploy_che.sh @@ -1,5 +1,5 @@ #!/bin/bash -# Copyright (c) 2012-2017 Red Hat, Inc +# Copyright (c) 2018 Red Hat, Inc. # All rights reserved. This program and the accompanying materials # are made available under the terms of the Eclipse Public License v1.0 # which accompanies this distribution, and is available at @@ -225,6 +225,7 @@ DEFAULT_CHE_IMAGE_REPO="docker.io/eclipse/che-server" DEFAULT_CHE_IMAGE_TAG="nightly" DEFAULT_CHE_KEYCLOAK_OSO_ENDPOINT="https://sso.openshift.io/auth/realms/fabric8/broker/openshift-v3/token" DEFAULT_KEYCLOAK_GITHUB_ENDPOINT="https://sso.openshift.io/auth/realms/fabric8/broker/github/token" +DEFAULT_CHE_KEYCLOAK_ADMIN_REQUIRE_UPDATE_PASSWORD="true" COMMAND=${COMMAND:-${DEFAULT_COMMAND}} WAIT_FOR_CHE=${WAIT_FOR_CHE:-"false"} @@ -535,6 +536,10 @@ if [ "${WAIT_FOR_CHE}" == "true" ]; then wait_until_che_is_available fi +if [ "${CHE_DEDICATED_KEYCLOAK}" == "true" ]; then +"${COMMAND_DIR}"/multi-user/configure_keycloak.sh +fi + che_route=$(oc get route che -o jsonpath='{.spec.host}') echo echo "[CHE] Che deployment has been successufully bootstrapped" diff --git a/dockerfiles/init/modules/openshift/files/scripts/multi-user/configure_keycloak.sh b/dockerfiles/init/modules/openshift/files/scripts/multi-user/configure_keycloak.sh new file mode 100755 index 0000000000..5021eff713 --- /dev/null +++ b/dockerfiles/init/modules/openshift/files/scripts/multi-user/configure_keycloak.sh @@ -0,0 +1,48 @@ +#!/bin/bash +# Copyright (c) 2018 Red Hat, Inc. +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Eclipse Public License v1.0 +# which accompanies this distribution, and is available at +# http://www.eclipse.org/legal/epl-v10.html +# + +COMMAND_DIR=$(dirname "$0") +CHE_HOST=$(oc get route che -o jsonpath='{.spec.host}') +KC_HOST=$(oc get route keycloak -o jsonpath='{.spec.host}') +CHE_SERVER_ROUTE_TLS=$(oc get route che -o jsonpath='{.spec.tls}' || echo "") + +if [ "${CHE_SERVER_ROUTE_TLS}" != "" ]; then + HTTP_PROTOCOL="https" +else + HTTP_PROTOCOL="http" +fi + +CHE_KEYCLOAK_ADMIN_REQUIRE_UPDATE_PASSWORD=${DEFAULT_CHE_KEYCLOAK_ADMIN_REQUIRE_UPDATE_PASSWORD:-${CHE_KEYCLOAK_ADMIN_REQUIRE_UPDATE_PASSWORD}} + +IMAGE_KEYCLOAK_UTIL=${IMAGE_KEYCLOAK_UTIL:-"eclipse/che-keycloak-util:nightly"} + +echo "[CHE] Configuring Keycloak realm, client and user..." + +cat "${COMMAND_DIR}"/keycloak/config/keycloak-config-pod-deployment.yaml | sed "s/\${CHE_HOST}/${CHE_HOST}/" | \ + sed "s/\${KC_HOST}/${KC_HOST}/" | \ + sed "s/\${HTTP_PROTOCOL}/${HTTP_PROTOCOL}/" | \ + sed "s#\${IMAGE_KEYCLOAK_UTIL}#${IMAGE_KEYCLOAK_UTIL}#" | \ + sed "s/\${CHE_KEYCLOAK_ADMIN_REQUIRE_UPDATE_PASSWORD}/${CHE_KEYCLOAK_ADMIN_REQUIRE_UPDATE_PASSWORD}/" | \ + oc apply -f - + +echo "[CHE] Keycloak configuration initiated. It takes ~10 seconds to complete" +KC_UTIL_POD=$(oc get pods -l="app=keycloak-util" -o jsonpath='{.items[].metadata.name}') +sleep 5 +DEPLOYMENT_TIMEOUT_SEC=1200 +POLLING_INTERVAL_SEC=5 +end=$((SECONDS+DEPLOYMENT_TIMEOUT_SEC)) +available=$(oc get pods keycloak-util -o json | jq '.status.containerStatuses[].state | to_entries[].key') +while [[ "${available}" != "\"terminated\"" ]] && [ ${SECONDS} -lt ${end} ]; do + timeout_in=$((end-SECONDS)) + echo "[CHE] Watching Keycloak config pod status. Current status=${available}, Timeout in ${timeout_in}s)" + sleep ${POLLING_INTERVAL_SEC} + available=$(oc get pods keycloak-util -o json | jq '.status.containerStatuses[].state | to_entries[].key') +done +oc logs -f "${KC_UTIL_POD}" +oc delete pod "${KC_UTIL_POD}" +echo "[CHE] Keycloak configuration completed" diff --git a/dockerfiles/init/modules/openshift/files/scripts/multi-user/deploy_postgres_and_keycloak.sh b/dockerfiles/init/modules/openshift/files/scripts/multi-user/deploy_postgres_and_keycloak.sh index d79e0f14d1..7daed20117 100755 --- a/dockerfiles/init/modules/openshift/files/scripts/multi-user/deploy_postgres_and_keycloak.sh +++ b/dockerfiles/init/modules/openshift/files/scripts/multi-user/deploy_postgres_and_keycloak.sh @@ -1,5 +1,5 @@ #!/bin/bash -# Copyright (c) 2012-2017 Red Hat, Inc +# Copyright (c) 2018 Red Hat, Inc. # All rights reserved. This program and the accompanying materials # are made available under the terms of the Eclipse Public License v1.0 # which accompanies this distribution, and is available at @@ -37,64 +37,15 @@ if [ "${CHE_SERVER_URL}" == "" ]; then CHE_SERVER_URL="https://${CHE_SERVER_ROUTE_HOST}" fi fi -DEFAULT_CHE_KEYCLOAK_ADMIN_REQUIRE_UPDATE_PASSWORD=true - -# apply KC build config -oc apply -f - <<-EOF - -apiVersion: v1 -kind: BuildConfig -metadata: - name: keycloak-for-che -spec: - nodeSelector: null - output: - to: - kind: ImageStreamTag - name: 'keycloak:latest' - postCommit: {} - resources: {} - runPolicy: Serial - source: - images: - - from: - kind: ImageStreamTag - name: 'che-init:latest' - paths: - - destinationDir: ./themes/ - sourcePath: /etc/puppet/modules/keycloak/files/che/ - - destinationDir: ./realms/ - sourcePath: /etc/puppet/modules/keycloak/templates/. - - destinationDir: .s2i/bin/ - sourcePath: /files/s2i/keycloak/assemble - - destinationDir: .s2i/bin/ - sourcePath: /files/s2i/keycloak/run - type: Image - strategy: - sourceStrategy: - env: - - name: "CHE_SERVER_URL" - value: "${CHE_SERVER_URL}" - - name: "CHE_KEYCLOAK_ADMIN_REQUIRE_UPDATE_PASSWORD" - value: "${CHE_KEYCLOAK_ADMIN_REQUIRE_UPDATE_PASSWORD:-${DEFAULT_CHE_KEYCLOAK_ADMIN_REQUIRE_UPDATE_PASSWORD}}" - from: - kind: ImageStreamTag - name: 'keycloak-source:latest' - type: Source - triggers: - - type: "ImageChange" - imageChange: {} - - type: "ImageChange" - imageChange: - from: - kind: "ImageStreamTag" - name: "che-init:latest" -status: - -EOF # apply all yaml files from "$COMMAND_DIR"/keycloak/ -oc apply -f "$COMMAND_DIR"/keycloak/ + +IMAGE_KEYCLOAK=${IMAGE_KEYCLOAK:-"eclipse/che-keycloak:nightly"} + +for i in $(ls -Iconfig "$COMMAND_DIR"/keycloak ); do + cat "${COMMAND_DIR}"/keycloak/"${i}" | sed "s#\${IMAGE_KEYCLOAK}#${IMAGE_KEYCLOAK}#" | oc apply -f - +done + if [ "${CHE_EPHEMERAL}" == "true" ]; then oc volume dc/keycloak --remove --confirm @@ -113,23 +64,4 @@ if [ "${CHE_SERVER_ROUTE_TLS}" != "" ]; then oc replace -f - fi -IMAGE_KEYCLOACK=${IMAGE_KEYCLOACK:-"jboss/keycloak-openshift:3.3.0.CR2-3"} - -oc apply -f - <<-EOF - -apiVersion: v1 -kind: ImageStream -metadata: - name: keycloak-source -spec: - tags: - - from: - kind: DockerImage - name: ${IMAGE_KEYCLOACK} - name: latest - importPolicy: - scheduled: true - -EOF - "$COMMAND_DIR"/wait_until_keycloak_is_available.sh diff --git a/dockerfiles/init/modules/openshift/files/scripts/multi-user/deploy_postgres_only.sh b/dockerfiles/init/modules/openshift/files/scripts/multi-user/deploy_postgres_only.sh index 30356dc981..13356193e1 100755 --- a/dockerfiles/init/modules/openshift/files/scripts/multi-user/deploy_postgres_only.sh +++ b/dockerfiles/init/modules/openshift/files/scripts/multi-user/deploy_postgres_only.sh @@ -1,5 +1,5 @@ #!/bin/bash -# Copyright (c) 2012-2017 Red Hat, Inc +# Copyright (c) 2018 Red Hat, Inc. # All rights reserved. This program and the accompanying materials # are made available under the terms of the Eclipse Public License v1.0 # which accompanies this distribution, and is available at @@ -9,67 +9,15 @@ COMMAND_DIR=$(dirname "$0") export CHE_EPHEMERAL=${CHE_EPHEMERAL:-false} -oc apply -f "$COMMAND_DIR"/che-init-image-stream.yaml +IMAGE_POSTGRES=${IMAGE_POSTGRES:-"eclipse/che-postgres:nightly"} -oc apply -f "$COMMAND_DIR"/postgres/ +for i in $(ls "$COMMAND_DIR"/postgres ); do + cat "${COMMAND_DIR}"/postgres/"${i}" | sed "s#\${IMAGE_POSTGRES}#${IMAGE_POSTGRES}#" | oc apply -f - +done if [ "${CHE_EPHEMERAL}" == "true" ]; then oc volume dc/postgres --remove --confirm oc delete pvc/postgres-data fi -IMAGE_INIT=${IMAGE_INIT:-"eclipse/che-init:nightly"} - -oc apply -f - <<-EOF - -apiVersion: v1 -kind: BuildConfig -metadata: - name: che-init-image-stream-build -spec: - nodeSelector: null - output: - to: - kind: ImageStreamTag - name: 'che-init:latest' - runPolicy: Serial - source: - dockerfile: | - FROM ${IMAGE_INIT} - type: Dockerfile - strategy: - dockerStrategy: - forcePull: true - from: - kind: DockerImage - name: '${IMAGE_INIT}' - type: Docker - triggers: - - type: ImageChange - imageChange: {} -status: - -EOF - -IMAGE_POSTGRES=${IMAGE_POSTGRES:-centos/postgresql-96-centos7} - -oc apply -f - <<-EOF - -apiVersion: v1 -kind: ImageStream -metadata: - name: postgres-source -spec: - tags: - - from: - kind: DockerImage - name: ${IMAGE_POSTGRES} - name: latest - importPolicy: - scheduled: true - -EOF - -oc start-build che-init-image-stream-build - "$COMMAND_DIR"/wait_until_postgres_is_available.sh diff --git a/dockerfiles/init/modules/openshift/files/scripts/multi-user/keycloak/config/keycloak-config-pod-deployment.yaml b/dockerfiles/init/modules/openshift/files/scripts/multi-user/keycloak/config/keycloak-config-pod-deployment.yaml new file mode 100644 index 0000000000..56c58daa1f --- /dev/null +++ b/dockerfiles/init/modules/openshift/files/scripts/multi-user/keycloak/config/keycloak-config-pod-deployment.yaml @@ -0,0 +1,28 @@ +# Copyright (c) 2018 Red Hat, Inc. +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Eclipse Public License v1.0 +# which accompanies this distribution, and is available at +# http://www.eclipse.org/legal/epl-v10.html +# + +apiVersion: v1 +kind: Pod +metadata: + labels: + app: keycloak-util + name: keycloak-util +spec: + containers: + - env: + - name: CHE_HOST + value: "${CHE_HOST}" + - name: HTTP_PROTOCOL + value: "${HTTP_PROTOCOL}" + - name: KC_HOST + value: "${KC_HOST}" + - name: CHE_KEYCLOAK_ADMIN_REQUIRE_UPDATE_PASSWORD + value: "${CHE_KEYCLOAK_ADMIN_REQUIRE_UPDATE_PASSWORD}" + image: "${IMAGE_KEYCLOAK_UTIL}" + name: keycloak-util + imagePullPolicy: Always + restartPolicy: Never diff --git a/dockerfiles/init/modules/openshift/files/scripts/multi-user/keycloak/deployment-config.yaml b/dockerfiles/init/modules/openshift/files/scripts/multi-user/keycloak/deployment-config.yaml index e0c731d6b7..fcebf72fe8 100644 --- a/dockerfiles/init/modules/openshift/files/scripts/multi-user/keycloak/deployment-config.yaml +++ b/dockerfiles/init/modules/openshift/files/scripts/multi-user/keycloak/deployment-config.yaml @@ -36,7 +36,12 @@ spec: value: keycloak - name: POSTGRES_PASSWORD value: keycloak - image: ' ' + - name: KEYCLOAK_USER + value: admin + - name: KEYCLOAK_PASSWORD + value: admin + image: '${IMAGE_KEYCLOAK}' + imagePullPolicy: Always name: keycloak livenessProbe: failureThreshold: 11 @@ -77,14 +82,4 @@ spec: persistentVolumeClaim: claimName: keycloak-log test: false - triggers: - - type: ConfigChange - - imageChangeParams: - automatic: true - containerNames: - - keycloak - from: - kind: ImageStreamTag - name: keycloak:latest - type: ImageChange status: {} diff --git a/dockerfiles/init/modules/openshift/files/scripts/multi-user/postgres/build-config.yaml b/dockerfiles/init/modules/openshift/files/scripts/multi-user/postgres/build-config.yaml deleted file mode 100644 index d1886a5269..0000000000 --- a/dockerfiles/init/modules/openshift/files/scripts/multi-user/postgres/build-config.yaml +++ /dev/null @@ -1,41 +0,0 @@ -apiVersion: v1 -kind: BuildConfig -metadata: - name: postgres-for-che -spec: - nodeSelector: null - output: - to: - kind: ImageStreamTag - name: 'postgres:latest' - postCommit: {} - resources: {} - runPolicy: Serial - source: - images: - - from: - kind: ImageStreamTag - name: 'che-init:latest' - paths: - - destinationDir: ./ - sourcePath: /etc/puppet/modules/postgres/templates/init-che-user.sh.erb - - destinationDir: .s2i/bin/ - sourcePath: /files/s2i/postgres/assemble - - destinationDir: .s2i/bin/ - sourcePath: /files/s2i/postgres/run - type: Image - strategy: - sourceStrategy: - from: - kind: ImageStreamTag - name: 'postgres-source:latest' - type: Source - triggers: - - type: "ImageChange" - imageChange: {} - - type: "ImageChange" - imageChange: - from: - kind: "ImageStreamTag" - name: "che-init:latest" -status: diff --git a/dockerfiles/init/modules/openshift/files/scripts/multi-user/postgres/deployment-config.yaml b/dockerfiles/init/modules/openshift/files/scripts/multi-user/postgres/deployment-config.yaml index d13763229a..4d92ff0e90 100644 --- a/dockerfiles/init/modules/openshift/files/scripts/multi-user/postgres/deployment-config.yaml +++ b/dockerfiles/init/modules/openshift/files/scripts/multi-user/postgres/deployment-config.yaml @@ -32,7 +32,8 @@ spec: value: "pgchepassword" - name: "CHE_POSTGRES_DATABASE" value: "dbche" - image: ' ' + image: '${IMAGE_POSTGRES}' + imagePullPolicy: Always name: postgres livenessProbe: failureThreshold: 3 @@ -68,14 +69,4 @@ spec: persistentVolumeClaim: claimName: postgres-data test: false - triggers: - - type: ConfigChange - - imageChangeParams: - automatic: true - containerNames: - - postgres - from: - kind: ImageStreamTag - name: postgres:latest - type: ImageChange status: {} diff --git a/dockerfiles/init/modules/openshift/files/scripts/multi-user/postgres/image-stream.yaml b/dockerfiles/init/modules/openshift/files/scripts/multi-user/postgres/image-stream.yaml deleted file mode 100644 index 84cb412bb0..0000000000 --- a/dockerfiles/init/modules/openshift/files/scripts/multi-user/postgres/image-stream.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: v1 -kind: ImageStream -metadata: - name: postgres -spec: - lookupPolicy: - local: false - tags: - - name: latest diff --git a/dockerfiles/init/modules/openshift/files/scripts/multi-user/wait_until_keycloak_is_available.sh b/dockerfiles/init/modules/openshift/files/scripts/multi-user/wait_until_keycloak_is_available.sh index 10e395ff66..f2b5a35148 100755 --- a/dockerfiles/init/modules/openshift/files/scripts/multi-user/wait_until_keycloak_is_available.sh +++ b/dockerfiles/init/modules/openshift/files/scripts/multi-user/wait_until_keycloak_is_available.sh @@ -1,5 +1,5 @@ #!/bin/bash -# Copyright (c) 2012-2017 Red Hat, Inc +# Copyright (c) 2018 Red Hat, Inc. # All rights reserved. This program and the accompanying materials # are made available under the terms of the Eclipse Public License v1.0 # which accompanies this distribution, and is available at @@ -13,7 +13,7 @@ echo "[CHE] This script is going to wait until Keycloak is deployed and availabl command -v oc >/dev/null 2>&1 || { echo >&2 "[CHE] [ERROR] Command line tool oc (https://docs.openshift.org/latest/cli_reference/get_started_cli.html) is required but it's not installed. Aborting."; exit 1; } command -v jq >/dev/null 2>&1 || { echo >&2 "[CHE] [ERROR] Command line tool jq (https://stedolan.github.io/jq) is required but it's not installed. Aborting."; exit 1; } -echo "[CHE] wait Keycloak pod booting..." +echo "[CHE] Wait for Keycloak pod booting..." available=$(oc get dc keycloak -o json | jq ".status.conditions[] | select(.type == \"Available\") | .status") progressing=$(oc get dc keycloak -o json | jq ".status.conditions[] | select(.type == \"Progressing\") | .status") diff --git a/dockerfiles/init/modules/openshift/files/scripts/multi-user/wait_until_postgres_is_available.sh b/dockerfiles/init/modules/openshift/files/scripts/multi-user/wait_until_postgres_is_available.sh index 39118ce129..66b9af0070 100755 --- a/dockerfiles/init/modules/openshift/files/scripts/multi-user/wait_until_postgres_is_available.sh +++ b/dockerfiles/init/modules/openshift/files/scripts/multi-user/wait_until_postgres_is_available.sh @@ -1,5 +1,5 @@ #!/bin/bash -# Copyright (c) 2012-2017 Red Hat, Inc +# Copyright (c) 2018 Red Hat, Inc. # All rights reserved. This program and the accompanying materials # are made available under the terms of the Eclipse Public License v1.0 # which accompanies this distribution, and is available at @@ -9,6 +9,7 @@ set -e echo "[CHE] This script is going to wait until Postgres is deployed and available" +echo "[CHE] It can take a couple of minutes depending on network and image availability" command -v oc >/dev/null 2>&1 || { echo >&2 "[CHE] [ERROR] Command line tool oc (https://docs.openshift.org/latest/cli_reference/get_started_cli.html) is required but it's not installed. Aborting."; exit 1; } command -v jq >/dev/null 2>&1 || { echo >&2 "[CHE] [ERROR] Command line tool jq (https://stedolan.github.io/jq) is required but it's not installed. Aborting."; exit 1; } diff --git a/dockerfiles/init/modules/openshift/files/scripts/multi-user/keycloak/image-stream.yaml b/dockerfiles/keycloak-util/Dockerfile similarity index 54% rename from dockerfiles/init/modules/openshift/files/scripts/multi-user/keycloak/image-stream.yaml rename to dockerfiles/keycloak-util/Dockerfile index 2d7a4605f2..3eb02bb92d 100644 --- a/dockerfiles/init/modules/openshift/files/scripts/multi-user/keycloak/image-stream.yaml +++ b/dockerfiles/keycloak-util/Dockerfile @@ -1,16 +1,13 @@ -# Copyright (c) 2012-2017 Red Hat, Inc +# Copyright (c) 2018 Red Hat, Inc. # All rights reserved. This program and the accompanying materials # are made available under the terms of the Eclipse Public License v1.0 # which accompanies this distribution, and is available at # http://www.eclipse.org/legal/epl-v10.html # -apiVersion: v1 -kind: ImageStream -metadata: - name: keycloak -spec: - lookupPolicy: - local: false - tags: - - name: latest +FROM jboss/keycloak-openshift:3.3.0.CR2-3 +ADD . /scripts/ +USER root +RUN chgrp -R 0 /scripts && \ + chmod -R g+rwX /scripts +ENTRYPOINT ["/scripts/keycloak_config.sh"] diff --git a/dockerfiles/keycloak-util/build.sh b/dockerfiles/keycloak-util/build.sh new file mode 100755 index 0000000000..0b3925cc8b --- /dev/null +++ b/dockerfiles/keycloak-util/build.sh @@ -0,0 +1,19 @@ +#!/bin/sh +# Copyright (c) 2018 Red Hat, Inc. +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Eclipse Public License v1.0 +# which accompanies this distribution, and is available at +# http://www.eclipse.org/legal/epl-v10.html +# + +base_dir=$(cd "$(dirname "$0")"; pwd) +. "${base_dir}"/../build.include + +# copy user and realm json templates +cp -r ../init/modules/keycloak/templates/* . + +init --name:keycloak-util "$@" +build + +# remove jsons +rm *.erb diff --git a/dockerfiles/keycloak-util/keycloak_config.sh b/dockerfiles/keycloak-util/keycloak_config.sh new file mode 100755 index 0000000000..915c25ed5f --- /dev/null +++ b/dockerfiles/keycloak-util/keycloak_config.sh @@ -0,0 +1,33 @@ +#!/bin/bash +# Copyright (c) 2018 Red Hat, Inc. +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Eclipse Public License v1.0 +# which accompanies this distribution, and is available at +# http://www.eclipse.org/legal/epl-v10.html + +echo "Configuring Keycloak..." + +cat /scripts/che-users-0.json.erb | \ + sed -e "/<% if scope.lookupvar('keycloak::che_keycloak_admin_require_update_password') == 'true' -%>/d" | \ + sed -e "/<% else -%>/d" | \ + sed -e "/<% end -%>/d" | \ + sed -e "/\"requiredActions\" : \[ \],/d" | \ + jq .users[] > /scripts/che-user.json + +if [ "${CHE_KEYCLOAK_ADMIN_REQUIRE_UPDATE_PASSWORD}" == "false" ]; then + sed -i -e "s#\"UPDATE_PASSWORD\"##" /scripts/che-user.json +fi + +cat /scripts/che-realm.json.erb | sed -e "s@<%= scope\.lookupvar('che::che_server_url') %>@${HTTP_PROTOCOL}://${CHE_HOST}@" > /scripts/realm.json + +echo "Creating Che realm and che-public client..." + +cd /opt/jboss/keycloak/bin + +./kcadm.sh create realms -f /scripts/realm.json --no-config --server ${HTTP_PROTOCOL}://${KC_HOST}/auth --realm master --user admin --password admin + +echo "Creating default Che user with the following credentials 'admin:admin'" + +./kcadm.sh create users -r che -f /scripts/che-user.json --no-config --server ${HTTP_PROTOCOL}://${KC_HOST}/auth --realm master --user admin --password admin + +echo "Done!" diff --git a/dockerfiles/init/modules/openshift/files/scripts/multi-user/che-init-image-stream.yaml b/dockerfiles/keycloak/Dockerfile similarity index 65% rename from dockerfiles/init/modules/openshift/files/scripts/multi-user/che-init-image-stream.yaml rename to dockerfiles/keycloak/Dockerfile index 16b1d0fb56..37297672ec 100644 --- a/dockerfiles/init/modules/openshift/files/scripts/multi-user/che-init-image-stream.yaml +++ b/dockerfiles/keycloak/Dockerfile @@ -1,14 +1,9 @@ -# Copyright (c) 2012-2017 Red Hat, Inc +# Copyright (c) 2018 Red Hat, Inc. # All rights reserved. This program and the accompanying materials # are made available under the terms of the Eclipse Public License v1.0 # which accompanies this distribution, and is available at # http://www.eclipse.org/legal/epl-v10.html # -apiVersion: v1 -kind: ImageStream -metadata: - name: che-init -spec: - tags: - - name: latest +FROM jboss/keycloak-openshift:3.3.0.CR2-3 +ADD che /opt/jboss/keycloak/themes/che diff --git a/dockerfiles/keycloak/build.sh b/dockerfiles/keycloak/build.sh new file mode 100755 index 0000000000..56569a5543 --- /dev/null +++ b/dockerfiles/keycloak/build.sh @@ -0,0 +1,19 @@ +#!/bin/sh +# Copyright (c) 2018 Red Hat, Inc. +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Eclipse Public License v1.0 +# which accompanies this distribution, and is available at +# http://www.eclipse.org/legal/epl-v10.html +# + +base_dir=$(cd "$(dirname "$0")"; pwd) +. "${base_dir}"/../build.include + +# copy user and realm json templates +cp -r ../init/modules/keycloak/files/che . + +init --name:keycloak "$@" +build + +# remove files +rm -rf che diff --git a/dockerfiles/postgres/Dockerfile b/dockerfiles/postgres/Dockerfile new file mode 100644 index 0000000000..908752c4c9 --- /dev/null +++ b/dockerfiles/postgres/Dockerfile @@ -0,0 +1,15 @@ +# Copyright (c) 2018 Red Hat, Inc. +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Eclipse Public License v1.0 +# which accompanies this distribution, and is available at +# http://www.eclipse.org/legal/epl-v10.html + +FROM centos/postgresql-96-centos7 +ADD init-che-user-and-run.sh.erb init-che-user.sh.erb /var/lib/pgsql/ +RUN cat /var/lib/pgsql/init-che-user.sh.erb | \ + sed -e "/exit 0/d" > /var/lib/pgsql/init-che-user-and-run.sh && \ + echo "exec run-postgresql \"\$@\"" >> /var/lib/pgsql/init-che-user-and-run.sh +USER root +RUN chmod +x /var/lib/pgsql/init-che-user-and-run.sh +USER postgres +CMD ["/var/lib/pgsql/init-che-user-and-run.sh"] diff --git a/dockerfiles/postgres/build.sh b/dockerfiles/postgres/build.sh new file mode 100755 index 0000000000..299353be3f --- /dev/null +++ b/dockerfiles/postgres/build.sh @@ -0,0 +1,18 @@ +#!/bin/sh +# Copyright (c) 2018 Red Hat, Inc. +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Eclipse Public License v1.0 +# which accompanies this distribution, and is available at +# http://www.eclipse.org/legal/epl-v10.html + +base_dir=$(cd "$(dirname "$0")"; pwd) +. "${base_dir}"/../build.include + +# copy user and realm json templates +cp -r ../init/modules/postgres/templates/* . + +init --name:postgres "$@" +build + +# remove jsons +rm *.erb