seg_yinzy
/
che-server
mirror of https://github.com/eclipse-che/che-server.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
che-server/deploy/openshift/deploy_che.sh

553 lines
29 KiB
Bash
Executable File
Raw Blame History

This file contains invisible Unicode characters!

This file contains invisible Unicode characters that may be processed differently from what appears below. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to reveal hidden characters.

#!/bin/bash
# Copyright (c) 2018 Red Hat, Inc.
# All rights reserved. This program and the accompanying materials
# are made available under the terms of the Eclipse Public License v1.0
# which accompanies this distribution, and is available at
# http://www.eclipse.org/legal/epl-v10.html
#
# This script is meant for quick & easy install of Che on OpenShift via:
#
# ``` bash
# DEPLOY_SCRIPT_URL=https://raw.githubusercontent.com/eclipse/che/master/deploy/openshift/deploy_che.sh
# curl -fsSL ${DEPLOY_SCRIPT_URL} -o get-che.sh
# bash get-che.sh --wait-che
# ```
#
# For more deployment options: https://www.eclipse.org/che/docs/setup/openshift/index.html
set -e
# --------------------------------------------------------
# Check pre-requisites
# --------------------------------------------------------
command -v oc >/dev/null 2>&1 || { echo >&2 "[CHE] [ERROR] Command line tool oc (https://docs.openshift.org/latest/cli_reference/get_started_cli.html) is required but it's not installed. Aborting."; exit 1; }
command -v jq >/dev/null 2>&1 || { echo >&2 "[CHE] [ERROR] Command line tool jq (https://stedolan.github.io/jq) is required but it's not installed. Aborting."; exit 1; }
# ----------------
# helper functions
# ----------------
# inject_che_config injects che configuration in ENV format in deploy config
# first arg is a marker string, second is a path to the file with parameters in KV format which will be inserted after marker
inject_che_config() {
while IFS= read -r line
do
printf '%s\n' "$line"
if [[ "$line" == *"$1"* ]];then
while read l; do
#ignore comments and empty lines
if [[ "$l" != "#"* ]] && [[ ! -z "$l" ]]; then
# properly extract key and value from config map file
KEY=$(echo $l | cut -d ' ' -f1 | cut -d ':' -f1)
VALUE=$(eval echo $l | cut -d ':' -f2- | cut -d ' ' -f2-)
# put key and value in proper format in to a yaml file after marker line
printf '%s\n' " - name: $KEY"
printf '%s\n' " value: \"$VALUE\""
fi
done <$2
fi
done < /dev/stdin
}
wait_until_che_is_available() {
if [ -z "${CHE_API_ENDPOINT+x}" ]; then
echo -n "[CHE] Inferring \$CHE_API_ENDPOINT..."
che_host=$(oc get route che -o jsonpath='{.spec.host}')
if [ -z "${che_host}" ]; then echo >&2 "[CHE] [ERROR] Failed to infer environment variable \$CHE_API_ENDPOINT. Aborting. Please set it and run ${0} script again."; exit 1; fi
if [[ $(oc get route che -o jsonpath='{.spec.tls}') ]]; then protocol="https" ; else protocol="http"; fi
CHE_API_ENDPOINT="${protocol}://${che_host}/api"
echo "done (${CHE_API_ENDPOINT})"
fi
available=$(oc get dc che -o json | jq '.status.conditions[] | select(.type == "Available") | .status')
progressing=$(oc get dc che -o json | jq '.status.conditions[] | select(.type == "Progressing") | .status')
DEPLOYMENT_TIMEOUT_SEC=300
POLLING_INTERVAL_SEC=5
end=$((SECONDS+DEPLOYMENT_TIMEOUT_SEC))
while [ "${available}" != "\"True\"" ] && [ ${SECONDS} -lt ${end} ]; do
available=$(oc get dc che -o json | jq '.status.conditions[] | select(.type == "Available") | .status')
progressing=$(oc get dc che -o json | jq '.status.conditions[] | select(.type == "Progressing") | .status')
timeout_in=$((end-SECONDS))
echo "[CHE] Deployment is in progress...(Available.status=${available}, Progressing.status=${progressing}, Timeout in ${timeout_in}s)"
sleep ${POLLING_INTERVAL_SEC}
done
if [ "${progressing}" == "\"True\"" ]; then
echo "[CHE] Che deployed successfully"
elif [ "${progressing}" == "False" ]; then
echo "[CHE] [ERROR] Che deployment failed. Aborting. Run command 'oc rollout status che' to get more details."
exit 1
elif [ ${SECONDS} -lt ${end} ]; then
echo "[CHE] [ERROR] Deployment timeout. Aborting."
exit 1
fi
che_http_status=$(curl -s -o /dev/null -I -w "%{http_code}" "${CHE_API_ENDPOINT}/system/state")
if [ "${che_http_status}" == "200" ]; then
echo "[CHE] Che is up and running"
else
echo "[CHE] [ERROR] Che is not responding (HTTP status= ${che_http_status})"
exit 1
fi
}
# --------------
# Print Che logo
# --------------
echo
cat <<EOF
                10100000               
            0110011001101101           
       01001001001001011011010110      
   1100110101010001000001011101000001  
0111001001111010111011111000111100010001
1110111011010111000001100000111001110  
101010011001001001    10011101000      
1011000101000              0           
100101011                           0110
10100001                        11011111
111101111011                111011110001
10111001000110101      00000111111011111
0110111111011100000001011001010101111111
1101000001101001000010010111101011011011
    00000001111001000001110111100000   
        000110101101000100011110       
            1101011100001001           
                 000101                

EOF
echo
# --------------------------------------------------------
# Parse options
# --------------------------------------------------------
for key in "$@"
do
case $key in
-c | --command)
COMMAND="$2"
shift
;;
--wait-che)
WAIT_FOR_CHE=true
shift
;;
*)
# unknown option
;;
esac
done
# OPENSHIFT_FLAVOR can be minishift or osio or ocp
# TODO Set flavour via a parameter
DEFAULT_OPENSHIFT_FLAVOR="minishift"
OPENSHIFT_FLAVOR=${OPENSHIFT_FLAVOR:-${DEFAULT_OPENSHIFT_FLAVOR}}
DEFAULT_DNS_PROVIDER="nip.io"
DNS_PROVIDER=${DNS_PROVIDER:-${DEFAULT_DNS_PROVIDER}}
BASE_DIR=$(cd "$(dirname "$0")"; pwd)
# If OpenShift flavor is MiniShift check its availability
if [ "${OPENSHIFT_FLAVOR}" == "minishift" ]; then
if [ -z "${MINISHIFT_IP}" ]; then
# ---------------------------
# Set minishift configuration
# ---------------------------
echo -n "[CHE] Checking if minishift is running..."
minishift status | grep -q "Running" ||(echo "Minishift is not running. Aborting"; exit 1)
echo "done!"
MINISHIFT_IP="$(minishift ip)"
fi
fi
# -----------------------------------------------
# Set defaults for different flavors of OpenShift
# -----------------------------------------------
if [ "${OPENSHIFT_FLAVOR}" == "minishift" ]; then
# ----------------------
# Set minishift configuration
# ----------------------
DEFAULT_CHE_INFRA_OPENSHIFT_PROJECT=""
DEFAULT_CHE_INFRA_KUBERNETES_PVC_STRATEGY="unique"
DEFAULT_OPENSHIFT_ENDPOINT="https://${MINISHIFT_IP}:8443/"
DEFAULT_OPENSHIFT_USERNAME="developer"
DEFAULT_OPENSHIFT_PASSWORD="developer"
DEFAULT_CHE_OPENSHIFT_PROJECT="eclipse-che"
DEFAULT_OPENSHIFT_ROUTING_SUFFIX="${MINISHIFT_IP}.${DNS_PROVIDER}"
DEFAULT_CHE_DEBUG_SERVER="true"
DEFAULT_OC_SKIP_TLS="true"
DEFAULT_CHE_APPLY_RESOURCE_QUOTAS="false"
DEFAULT_IMAGE_PULL_POLICY="IfNotPresent"
DEFAULT_ENABLE_SSL="false"
DEFAULT_CHE_LOG_LEVEL="INFO"
DEFAULT_CHE_PREDEFINED_STACKS_RELOAD="false"
DEFAULT_CHE_INFRA_KUBERNETES_PVC_PRECREATE__SUBPATHS="true"
elif [ "${OPENSHIFT_FLAVOR}" == "osio" ]; then
# ----------------------
# Set osio configuration
# ----------------------
if [ -z "${OPENSHIFT_TOKEN+x}" ]; then echo "[CHE] **ERROR** Env var OPENSHIFT_TOKEN is unset. You need to set it with your OSO token to continue. To retrieve your token: https://console.starter-us-east-2.openshift.com/console/command-line. Aborting"; exit 1; fi
DEFAULT_CHE_INFRA_OPENSHIFT_PROJECT=${CHE_OPENSHIFT_PROJECT:-${DEFAULT_CHE_OPENSHIFT_PROJECT}}
DEFAULT_CHE_INFRA_KUBERNETES_PVC_STRATEGY="common"
DEFAULT_OPENSHIFT_ENDPOINT="https://api.starter-us-east-2.openshift.com"
DEFAULT_CHE_OPENSHIFT_PROJECT="$(oc get projects -o=custom-columns=NAME:.metadata.name --no-headers | grep "\\-che$")"
DEFAULT_OPENSHIFT_ROUTING_SUFFIX="8a09.starter-us-east-2.openshiftapps.com"
DEFAULT_CHE_DEBUG_SERVER="false"
DEFAULT_OC_SKIP_TLS="false"
DEFAULT_ENABLE_SSL="true"
DEFAULT_CHE_LOG_LEVEL="INFO"
DEFAULT_CHE_PREDEFINED_STACKS_RELOAD="true"
DEFAULT_CHE_INFRA_KUBERNETES_PVC_PRECREATE__SUBPATHS="false"
elif [ "${OPENSHIFT_FLAVOR}" == "ocp" ]; then
# ----------------------
# Set ocp configuration
# ----------------------
DEFAULT_CHE_INFRA_OPENSHIFT_PROJECT=""
DEFAULT_CHE_INFRA_KUBERNETES_PVC_STRATEGY="unique"
DEFAULT_OPENSHIFT_USERNAME="developer"
DEFAULT_OPENSHIFT_PASSWORD="developer"
DEFAULT_CHE_OPENSHIFT_PROJECT="eclipse-che"
DEFAULT_CHE_DEBUG_SERVER="false"
DEFAULT_OC_SKIP_TLS="false"
DEFAULT_ENABLE_SSL="true"
DEFAULT_CHE_LOG_LEVEL="INFO"
DEFAULT_CHE_PREDEFINED_STACKS_RELOAD="true"
DEFAULT_CHE_INFRA_KUBERNETES_PVC_PRECREATE__SUBPATHS="true"
fi
# --------------------------------------------------------
# Set configuration common to any flavor of OpenShift
# --------------------------------------------------------
CHE_OPENSHIFT_PROJECT=${CHE_OPENSHIFT_PROJECT:-${DEFAULT_CHE_OPENSHIFT_PROJECT}}
DEFAULT_COMMAND="deploy"
DEFAULT_CHE_MULTIUSER="false"
DEFAULT_CHE_IMAGE_REPO="docker.io/eclipse/che-server"
DEFAULT_CHE_IMAGE_TAG="nightly"
DEFAULT_CHE_KEYCLOAK_OSO_ENDPOINT="https://sso.openshift.io/auth/realms/fabric8/broker/openshift-v3/token"
DEFAULT_KEYCLOAK_GITHUB_ENDPOINT="https://sso.openshift.io/auth/realms/fabric8/broker/github/token"
DEFAULT_CHE_KEYCLOAK_ADMIN_REQUIRE_UPDATE_PASSWORD="true"
COMMAND=${COMMAND:-${DEFAULT_COMMAND}}
WAIT_FOR_CHE=${WAIT_FOR_CHE:-"false"}
CHE_MULTIUSER=${CHE_MULTIUSER:-${DEFAULT_CHE_MULTIUSER}}
if [ "${CHE_MULTIUSER}" == "true" ]; then
CHE_DEDICATED_KEYCLOAK=${CHE_DEDICATED_KEYCLOAK:-"true"}
else
CHE_DEDICATED_KEYCLOAK="false"
fi
OPENSHIFT_ENDPOINT=${OPENSHIFT_ENDPOINT:-${DEFAULT_OPENSHIFT_ENDPOINT}}
if [ -z "${OPENSHIFT_TOKEN+x}" ]; then
OPENSHIFT_USERNAME=${OPENSHIFT_USERNAME:-${DEFAULT_OPENSHIFT_USERNAME}}
OPENSHIFT_PASSWORD=${OPENSHIFT_PASSWORD:-${DEFAULT_OPENSHIFT_PASSWORD}}
fi
CHE_OAUTH_GITHUB_CLIENTID=${CHE_OAUTH_GITHUB_CLIENTID:-}
CHE_OAUTH_GITHUB_CLIENTSECRET=${CHE_OAUTH_GITHUB_CLIENTSECRET:-}
CHE_INFRA_OPENSHIFT_PROJECT=${CHE_INFRA_OPENSHIFT_PROJECT:-${DEFAULT_CHE_INFRA_OPENSHIFT_PROJECT}}
if [ -z ${CHE_INFRA_KUBERNETES_USERNAME+x} ]; then CHE_INFRA_KUBERNETES_USERNAME=$OPENSHIFT_USERNAME; fi
if [ -z ${CHE_INFRA_KUBERNETES_PASSWORD+x} ]; then CHE_INFRA_KUBERNETES_PASSWORD=$OPENSHIFT_PASSWORD; fi
if [ -z ${CHE_INFRA_KUBERNETES_OAUTH__TOKEN+x} ]; then CHE_INFRA_KUBERNETES_OAUTH__TOKEN=$OPENSHIFT_TOKEN; fi
CHE_INFRA_KUBERNETES_PVC_PRECREATE__SUBPATHS=${CHE_INFRA_KUBERNETES_PVC_PRECREATE__SUBPATHS:-${DEFAULT_CHE_INFRA_KUBERNETES_PVC_PRECREATE__SUBPATHS}}
OPENSHIFT_ROUTING_SUFFIX=${OPENSHIFT_ROUTING_SUFFIX:-${DEFAULT_OPENSHIFT_ROUTING_SUFFIX}}
DEFAULT_OPENSHIFT_NAMESPACE_URL="${CHE_OPENSHIFT_PROJECT}.${OPENSHIFT_ROUTING_SUFFIX}"
OPENSHIFT_NAMESPACE_URL=${OPENSHIFT_NAMESPACE_URL:-${DEFAULT_OPENSHIFT_NAMESPACE_URL}}
CHE_LOG_LEVEL=${CHE_LOG_LEVEL:-${DEFAULT_CHE_LOG_LEVEL}}
ENABLE_SSL=${ENABLE_SSL:-${DEFAULT_ENABLE_SSL}}
WORKSPACE_MEMORY_REQUEST=${WORKSPACE_MEMORY_REQUEST:-${DEFAULT_WORKSPACE_MEMORY_REQUEST}}
CHE_PREDEFINED_STACKS_RELOAD=${CHE_PREDEFINED_STACKS_RELOAD:-${DEFAULT_CHE_PREDEFINED_STACKS_RELOAD}}
CHE_DEBUG_SERVER=${CHE_DEBUG_SERVER:-${DEFAULT_CHE_DEBUG_SERVER}}
OC_SKIP_TLS=${OC_SKIP_TLS:-${DEFAULT_OC_SKIP_TLS}}
CHE_APPLY_RESOURCE_QUOTAS=${CHE_APPLY_RESOURCE_QUOTAS:-${DEFAULT_CHE_APPLY_RESOURCE_QUOTAS}}
IMAGE_PULL_POLICY=${IMAGE_PULL_POLICY:-${DEFAULT_IMAGE_PULL_POLICY}}
CHE_INFRA_KUBERNETES_PVC_STRATEGY=${CHE_INFRA_KUBERNETES_PVC_STRATEGY:-${DEFAULT_CHE_INFRA_KUBERNETES_PVC_STRATEGY}}
CHE_HOST="${OPENSHIFT_NAMESPACE_URL}"
if [ "${ENABLE_SSL}" == "true" ]; then
HTTP_PROTOCOL="https"
WS_PROTOCOL="wss"
else
HTTP_PROTOCOL="http"
WS_PROTOCOL="ws"
fi
export IMAGE_POSTGRES=${IMAGE_POSTGRES:-"eclipse/che-postgres:nightly"}
export IMAGE_KEYCLOAK=${IMAGE_KEYCLOAK:-"eclipse/che-keycloak:nightly"}
CHE_IMAGE_REPO=${CHE_IMAGE_REPO:-${DEFAULT_CHE_IMAGE_REPO}}
CHE_IMAGE_TAG=${CHE_IMAGE_TAG:-${DEFAULT_CHE_IMAGE_TAG}}
CHE_IMAGE="${CHE_IMAGE_REPO}:${CHE_IMAGE_TAG}"
# Escape slashes in CHE_IMAGE to use it with sed later
# e.g. docker.io/rhchestage => docker.io\/rhchestage
CHE_IMAGE_SANITIZED=$(echo "${CHE_IMAGE}" | sed 's/\//\\\//g')
# Keycloak production endpoints are used by default
CHE_KEYCLOAK_OSO_ENDPOINT=${CHE_KEYCLOAK_OSO_ENDPOINT:-${DEFAULT_CHE_KEYCLOAK_OSO_ENDPOINT}}
KEYCLOAK_GITHUB_ENDPOINT=${KEYCLOAK_GITHUB_ENDPOINT:-${DEFAULT_KEYCLOAK_GITHUB_ENDPOINT}}
get_che_pod_config() {
DEFAULT_CHE_DEPLOYMENT_FILE_PATH=${BASE_DIR}/che-openshift.yml
CHE_DEPLOYMENT_FILE_PATH=${CHE_DEPLOYMENT_FILE_PATH:-${DEFAULT_CHE_DEPLOYMENT_FILE_PATH}}
DEFAULT_CHE_CONFIG_FILE_PATH=${BASE_DIR}/che-config
CHE_CONFIG_FILE_PATH=${CHE_CONFIG_FILE_PATH:-${DEFAULT_CHE_CONFIG_FILE_PATH}}
cat "${CHE_DEPLOYMENT_FILE_PATH}" | \
sed "s/ image:.*/ image: \"${CHE_IMAGE_SANITIZED}\"/" | \
sed "s/ imagePullPolicy:.*/ imagePullPolicy: \"${IMAGE_PULL_POLICY}\"/" | \
inject_che_config "#CHE_MASTER_CONFIG" "${CHE_CONFIG_FILE_PATH}"
}
# ---------------------------------------
# Verify that we have all env var are set
# ---------------------------------------
if ([ -z "${OPENSHIFT_USERNAME+x}" ] ||
[ -z "${OPENSHIFT_PASSWORD+x}" ]) &&
[ -z "${OPENSHIFT_TOKEN+x}" ]; then echo "[CHE] **ERROR** Env var OPENSHIFT_USERNAME, OPENSHIFT_PASSWORD and OPENSHIFT_TOKEN are unset. You need to set username/password or token to continue. Aborting"; exit 1; fi
if [ -z "${OPENSHIFT_ENDPOINT+x}" ]; then echo "[CHE] **ERROR**Env var OPENSHIFT_ENDPOINT is unset. You need to set it to continue. Aborting"; exit 1; fi
if [ -z "${OPENSHIFT_NAMESPACE_URL+x}" ]; then echo "[CHE] **ERROR**Env var OPENSHIFT_NAMESPACE_URL is unset. You need to set it to continue. Aborting"; exit 1; fi
# -----------------------------------
# Logging on to the OpenShift cluster
# -----------------------------------
echo -n "[CHE] Logging on using OpenShift endpoint \"${OPENSHIFT_ENDPOINT}\"..."
if [ -z "${OPENSHIFT_TOKEN+x}" ]; then
oc login "${OPENSHIFT_ENDPOINT}" --insecure-skip-tls-verify="${OC_SKIP_TLS}" -u "${OPENSHIFT_USERNAME}" -p "${OPENSHIFT_PASSWORD}" > /dev/null
OPENSHIFT_TOKEN=$(oc whoami -t)
else
oc login "${OPENSHIFT_ENDPOINT}" --insecure-skip-tls-verify="${OC_SKIP_TLS}" --token="${OPENSHIFT_TOKEN}" > /dev/null
fi
echo "done!"
# -------------------------------------------------------------
# If command == cleanup then delete all openshift objects
# -------------------------------------------------------------
if [ "${COMMAND}" == "cleanup" ]; then
echo "[CHE] Deleting all OpenShift objects..."
oc delete all --all
echo "[CHE] Cleanup successfully started. Use \"oc get all\" to verify that all resources have been deleted."
exit 0
# -------------------------------------------------------------
# If command == rollupdate then update Che
# -------------------------------------------------------------
elif [ "${COMMAND}" == "rollupdate" ]; then
echo "[CHE] Update CHE pod"
get_che_pod_config | oc apply -f -
echo "[CHE] Update successfully started"
exit 0
# ----------------------------------------------------------------
# At this point command should be "deploy" otherwise it's an error
# ----------------------------------------------------------------
elif [ "${COMMAND}" != "deploy" ]; then
echo "[CHE] **ERROR**: Command \"${COMMAND}\" is not a valid command. Aborting."
exit 1
fi
# --------------------------
# Create project (if needed)
# --------------------------
echo -n "[CHE] Checking if project \"${CHE_OPENSHIFT_PROJECT}\" exists..."
if ! oc get project "${CHE_OPENSHIFT_PROJECT}" &> /dev/null; then
if [ "${COMMAND}" == "cleanup" ] || [ "${COMMAND}" == "rollupdate" ]; then echo "**ERROR** project doesn't exist. Aborting"; exit 1; fi
if [ "${OPENSHIFT_FLAVOR}" == "osio" ]; then echo "**ERROR** project doesn't exist on OSIO. Aborting"; exit 1; fi
# OpenShift will not get project but project still exists for a period after being deleted.
# The following will loop until it can create successfully.
WAIT_FOR_PROJECT_TO_DELETE=true
WAIT_FOR_PROJECT_TO_DELETE_MESSAGE="Waiting for project to be deleted fully(~15 seconds)..."
echo "Project \"${CHE_OPENSHIFT_PROJECT}\" does not exist...trying to create it."
DEPLOYMENT_TIMEOUT_SEC=120
POLLING_INTERVAL_SEC=2
timeout_in=$((POLLING_INTERVAL_SEC+DEPLOYMENT_TIMEOUT_SEC))
while $WAIT_FOR_PROJECT_TO_DELETE
do
{ # try
timeout_in=$((timeout_in-POLLING_INTERVAL_SEC))
if [ "$timeout_in" -le "0" ] ; then
echo "[CHE] **ERROR**: Timeout of $DEPLOYMENT_TIMEOUT_SEC waiting for project \"${CHE_OPENSHIFT_PROJECT}\" to be deleted."
exit 1
fi
oc new-project "${CHE_OPENSHIFT_PROJECT}" &> /dev/null && \
WAIT_FOR_PROJECT_TO_DELETE=false # Only excutes if project creation is successfully
} || { # catch
echo -n $WAIT_FOR_PROJECT_TO_DELETE_MESSAGE
WAIT_FOR_PROJECT_TO_DELETE_MESSAGE="."
sleep $POLLING_INTERVAL_SEC
}
done
echo "Project \"${CHE_OPENSHIFT_PROJECT}\" creation done!"
else
echo "Project \"${CHE_OPENSHIFT_PROJECT}\" already exists. Please remove project before running this script."
exit 1
fi
# -------------------------------------------------------------
# create CHE service and route
# -------------------------------------------------------------
echo "[CHE] Creating serviceaccount, service and route for CHE pod"
echo "apiVersion: v1
kind: List
items:
- apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app: che
name: che
- apiVersion: v1
kind: Service
metadata:
labels:
app: che
name: che-host
spec:
ports:
- name: http
port: 8080
protocol: TCP
targetPort: 8080
selector:
app: che
- apiVersion: v1
kind: Route
metadata:
labels:
app: che
name: che
spec:
tls:
insecureEdgeTerminationPolicy: Redirect
termination: edge
to:
kind: Service
name: che-host" | \
if [ "${ENABLE_SSL}" == "false" ]; then grep -v -e "tls:" -e "insecureEdgeTerminationPolicy: Redirect" -e "termination: edge" ; else cat -; fi | \
oc apply -f -
# -------------------------------------------------------------
# Deploying secondary servers
# for postgres and optionally Keycloak
# -------------------------------------------------------------
if [[ "${CHE_MULTIUSER}" == "true" ]] && [[ "${COMMAND}" == "deploy" ]]; then
if [ "${CHE_DEDICATED_KEYCLOAK}" == "true" ]; then
"${BASE_DIR}"/multi-user/deploy_postgres_and_keycloak.sh
else
"${BASE_DIR}"/multi-user/deploy_postgres_only.sh
fi
fi
# -------------------------------------------------------------
# Setting Keycloak-related environment variables
# Done here since the Openshift project should be available
# TODO Maybe this should go into a config map, but I don't know
# How we would manage the retrieval of the Keycloak route
# external URL.
# -------------------------------------------------------------
if [ "${CHE_DEDICATED_KEYCLOAK}" == "true" ]; then
CHE_KEYCLOAK_SERVER_ROUTE=$(oc get route keycloak -o jsonpath='{.spec.host}' || echo "")
if [ "${CHE_KEYCLOAK_SERVER_ROUTE}" == "" ]; then
echo "[CHE] **ERROR**: The dedicated Keycloak server should be deployed and visible through a route before starting the Che server"
exit 1
fi
CHE_POSTRES_SERVICE=$(oc get service postgres || echo "")
if [ "${CHE_POSTRES_SERVICE}" == "" ]; then
echo "[CHE] **ERROR**: The dedicated Postgres server should be started in Openshift project ${CHE_OPENSHIFT_PROJECT} before starting the Che server"
exit 1
fi
CHE_KEYCLOAK_AUTH__SERVER__URL=${CHE_KEYCLOAK_AUTH__SERVER__URL:-"${HTTP_PROTOCOL}://${CHE_KEYCLOAK_SERVER_ROUTE}/auth"}
CHE_KEYCLOAK_REALM=${CHE_KEYCLOAK_REALM:-"che"}
CHE_KEYCLOAK_CLIENT__ID=${CHE_KEYCLOAK_CLIENT__ID:-"che-public"}
else
CHE_KEYCLOAK_AUTH__SERVER__URL=${CHE_KEYCLOAK_AUTH__SERVER__URL:-"https://sso.openshift.io/auth"}
CHE_KEYCLOAK_REALM=${CHE_KEYCLOAK_REALM:-"fabric8"}
CHE_KEYCLOAK_CLIENT__ID=${CHE_KEYCLOAK_CLIENT__ID:-"openshiftio-public"}
fi
# -------------------------------------------------------------
# Verify that Che ServiceAccount has admin rights at project level
# -------------------------------------------------------------
## TODO we should create Che SA if it doesn't exist
## TODO we should check if che has admin rights before creating the role biding
## TODO if we are not in minishift we should fail if che SA doesn't have admin rights
if [[ "${OPENSHIFT_FLAVOR}" =~ ^(minishift|ocp)$ ]]; then
echo -n "[CHE] Setting admin role to \"che\" service account..."
echo "apiVersion: v1
kind: RoleBinding
metadata:
name: che
roleRef:
name: admin
subjects:
- kind: ServiceAccount
name: che" | oc apply -f -
fi
# ----------------------------------------------
# Get latest version of fabric8 tenant templates
# ----------------------------------------------
# TODO make it possible to use a local Che template instead of always downloading it from maven central
echo -n "[CHE] Retrieving latest version of fabric8 tenant Che template..."
OSIO_VERSION=$(curl -sSL http://central.maven.org/maven2/io/fabric8/tenant/apps/che/maven-metadata.xml | grep latest | sed -e 's,.*<latest>\([^<]*\)</latest>.*,\1,g')
echo "done! (v.${OSIO_VERSION})"
# --------------------------------------
# Applying resource quotas on minishift
# --------------------------------------
if [ "${CHE_APPLY_RESOURCE_QUOTAS}" == "true" ] && [ "${OPENSHIFT_FLAVOR}" == "minishift" ]; then
# Only cluster admin can set limitranges / resourcequotas
oc login "${OPENSHIFT_ENDPOINT}" -u system:admin &> /dev/null
echo "[CHE] Applying resource quotas for ${CHE_OPENSHIFT_PROJECT}"
curl -sSL http://central.maven.org/maven2/io/fabric8/tenant/packages/fabric8-tenant-che-quotas-oso/"${OSIO_VERSION}"/fabric8-tenant-che-quotas-oso-"${OSIO_VERSION}"-openshift.yml |
oc apply --force=true -f-
echo "[CHE] Resource quotas have been successfully applied"
oc login "${OPENSHIFT_ENDPOINT}" --token="${OPENSHIFT_TOKEN}" &> /dev/null
fi
# ----------------------------------------------
# Start the deployment
# ----------------------------------------------
echo
echo "[CHE] Deploying Che on ${OPENSHIFT_FLAVOR} (image ${CHE_IMAGE})"
get_che_pod_config | oc apply --force=true -f -
echo
# --------------------------------
# Setup debugging routes if needed
# --------------------------------
if [ "${CHE_DEBUG_SERVER}" == "true" ]; then
if oc get svc che-debug &> /dev/null; then
echo -n "[CHE] Deleting old che-debug service..."
oc delete svc che-debug
echo "done"
fi
echo -n "[CHE] Creating an OS route to debug Che wsmaster..."
oc expose dc che --name=che-debug --target-port=http-debug --port=8000 --type=NodePort
NodePort=$(oc get service che-debug -o jsonpath='{.spec.ports[0].nodePort}')
echo "[CHE] Remote wsmaster debugging URL: ${MINISHIFT_IP}:${NodePort}"
fi
if [ "${WAIT_FOR_CHE}" == "true" ]; then
wait_until_che_is_available
fi
if [ "${CHE_DEDICATED_KEYCLOAK}" == "true" ]; then
"${BASE_DIR}"/multi-user/configure_keycloak.sh
fi
che_route=$(oc get route che -o jsonpath='{.spec.host}')
echo
echo "[CHE] Che deployment has been successufully bootstrapped"
echo "[CHE] -> To check OpenShift deployment logs: 'oc get events -w'"
echo "[CHE] -> To check Che server logs: 'oc logs -f dc/che'"
echo "[CHE] -> Once the deployment is completed Che will be available at: "
echo "[CHE] ${HTTP_PROTOCOL}://${che_route}"
echo
echo
Reference in New Issue View Git Blame Copy Permalink