Multi-user Eclipse Che (#6441)
#### How to run it.
```docker run -it -e CHE_MULTIUSER=true -e CHE_HOST=<your ip> -e CHE_KEYCLOAK_AUTH-SERVER-URL=http://<your ip>:5050/auth -v /var/run/docker.sock:/var/run/docker.sock -v ~/.che-multiuser:/data eclipse/che:nightly start --skip:pull --skip:nightly```
#### How to manage it
- Keycloak configured with two realms. ```Master``` and ```che```. Also we have one user admin/admin in both realm. Admin user in master realm is - super admin.
- Eclipse Che configured for che realm
- We enabled user registration in ```Che``` realm
#### Known limitation
- swagger would not work. We need to upgrade a version. to support openid authentification https://github.com/eclipse/che/issues/6015
- It's working on local docker. We are going to provide scalable version based on OpenShift on next versions.
- Invitation of non-existent users to Eclipse Che organization https://github.com/eclipse/che/issues/6335
#### How to run it when it is in a branch
To run an multiuser Che version, the following steps are required after building the branch:
- Rebuild init, cli and che images (in the given sequence). To do that, proceed to folder _dockerfiles/<image_name>_ and run _build.sh_
- Run Che in a usual way using cli, with additional parameters: `-e CHE_MULTIUSER=true` and `--skip:pull --skip:nightly`
Full command example:
`docker run -it --rm -v /var/run/docker.sock:/var/run/docker.sock -v /home/user/.che:/data -e CHE_MULTIUSER=true eclipse/che-cli:nightly start --skip:pull --skip:nightly`
- MacOS users may need to edit _che.env_ file in the data folder, changing `CHE_HOST` and `CHE_KEYCLOAK_AUTH__SERVER__URL` values to their specific IP.
When start is succeeded, the following docker containers should be created:
- che, exposing 8080 port;
- che_keycloak, exposing 5050 port;
- che_postgres, exposing 5432 port;
* Use of new Traefik version (before : 1.3RC1, now 1.3RC3)
Change-Id: I8b7097f60dc28bfcf2e4585d4c1e1393d53b8332
Signed-off-by: Florent BENOIT <fbenoit@codenvy.com>
* Toggle Che single port by enabling CHE_SINGLE_PORT in the che.env file. (CHE_SINGLE_PORT=true, default is false)
By enabling single-port, all browser traffic to Che or any workspace will be routed through the value that you have set to CHE_PORT`, or 8080 if not set. Setting this property will transform the launch sequence of Che to launch a Traefik reverse proxy. The reverse proxy will act as the traffic endpoint for all browser communications. When a new workspace is started or stopped, Che will update Traefik's configuration
with rules for how browser traffic should be routed to Che or a workspace.
It’s now using an official Traefik image (before I was using a custom made image)
There is an interceptor with a kill switch. It means interceptor is applied only if plug-in is enabled (not only if plug-in is added at compilation)
It is automatically enabled when CHE_SINGLE_PORT is turned on
docker-compose file is handling if the single_port is turned on or off and then add the traefik container and redirect port only if the property is enabled. (not enabled by default)
using —debug flag when launching che is also turning on the traffic web console to view traefik routes
It is not enabled by default, so it means that without user change, there is no overhead, no useless container started, etc.
Change-Id: I12644d9202dadc0b10104f78bb055425ca6611ac
Signed-off-by: Florent BENOIT <fbenoit@codenvy.com>
Roman Iuvshyn