seg_yinzy
/
che-server
mirror of https://github.com/eclipse-che/che-server.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
che-server/deploy/openshift/deploy_che.sh

684 lines
32 KiB
Bash
Executable File
Raw Blame History

This file contains invisible Unicode characters!

This file contains invisible Unicode characters that may be processed differently from what appears below. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to reveal hidden characters.

#!/bin/bash
#
# Copyright (c) 2018 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
# This script is meant for quick & easy install of Che on OpenShift via:
#
# ``` bash
# DEPLOY_SCRIPT_URL=https://raw.githubusercontent.com/eclipse/che/master/deploy/openshift/deploy_che.sh
# curl -fsSL ${DEPLOY_SCRIPT_URL} -o get-che.sh
# bash get-che.sh
# ```
#
# For more deployment options: https://www.eclipse.org/che/docs/setup/openshift/index.html
# --------------
# Print Che logo
# --------------
set -e
export TERM=xterm
echo
cat <<EOF
                10100000               
            0110011001101101           
       01001001001001011011010110      
   1100110101010001000001011101000001  
0111001001111010111011111000111100010001
1110111011010111000001100000111001110  
101010011001001001    10011101000      
1011000101000              0           
100101011                           0110
10100001                        11011111
111101111011                111011110001
10111001000110101      00000111111011111
0110111111011100000001011001010101111111
1101000001101001000010010111101011011011
    00000001111001000001110111100000   
        000110101101000100011110       
            1101011100001001           
                 000101                

EOF
echo
HELP="
--help - script help menu
--project | -p - OpenShift namespace to deploy Che (defaults to eclipse-che). Example: --project=myproject
--multiuser - Deploy che in multiuser mode
--no-pull - IfNotPresent pull policy for Che server deployment
--rolling - Rolling update strategy (Recreate is the default one). With Rolling strategy Che server pvc and volume aren't created
--debug - Deploy Che in a debug mode, create and expose debug route
--image-che - Override default Che image. Example: --image-che=org/repo:tag. Tag is mandatory!
--secure | -s - Deploy Che with SSL enabled
--setup-ocp-oauth - register OCP oauth client and setup Keycloak and Che to use OpenShift Identity Provider
--deploy-che-plugin-registry - deploy Che plugin registry
--deploy-che-devfile-registry - deploy Che devfile registry
--tracing - Deploy jaeger and enable tracing collection
--monitoring - Deploy Grafana + Prometheus and enable metrics collection
===================================
ENV vars: this script automatically detect envs vars beginning with "CHE_" and passes them to Che deployments:
CHE_IMAGE_REPO - Che server Docker image, defaults to "eclipse-che-server"
CHE_IMAGE_TAG - Set che-server image tag, defaults to "nightly"
CHE_INFRA_OPENSHIFT_PROJECT - namespace for workspace objects (defaults to current namespace of Che pod (CHE_OPENSHIFT_PROJECT which defaults to eclipse-che)). It can be overriden with -p|--project param. A separate ws namespace can be used only if username/password or token is provided
CHE_INFRA_KUBERNETES_PVC_STRATEGY - One PVC per workspace (unique) or one PVC shared by all workspaced (common). Defaults to unique
CHE_INFRA_KUBERNETES_PVC_QUANTITY - PVC default claim. Set to 1Gi.
CHE_KEYCLOAK_AUTH__SERVER__URL - URL of a Keycloak auth server. Defaults to route of a Keycloak deployment
"
for key in "$@"
do
case $key in
-s | --secure)
ENABLE_SSL=true
shift
;;
-p=*| --project=*)
CHE_OPENSHIFT_PROJECT="${key#*=}"
shift
;;
--image-che=*)
CHE_IMAGE_REPO=$(echo "${key#*=}" | sed 's/:.*//')
CHE_IMAGE_TAG=$(echo "${key#*=}" | sed 's/.*://')
shift
;;
--multiuser)
CHE_MULTIUSER=true
shift
;;
--no-pull)
IMAGE_PULL_POLICY=IfNotPresent
shift
;;
--setup-ocp-oauth)
export SETUP_OCP_OAUTH=true
shift
;;
--postgres-debug)
POSTGRESQL_LOG_DEBUG=true
shift
;;
--rolling)
UPDATE_STRATEGY=Rolling
shift
;;
--debug)
CHE_DEBUG_SERVER=true
shift
;;
--tracing)
CHE_TRACING_ENABLED=true
shift
;;
--monitoring)
CHE_METRICS_ENABLED=true
shift
;;
--deploy-che-plugin-registry)
DEPLOY_CHE_PLUGIN_REGISTRY=true
shift
;;
--deploy-che-devfile-registry)
DEPLOY_CHE_DEVFILE_REGISTRY=true
shift
;;
--help)
echo -e "$HELP"
exit 1
;;
*)
echo "You've passed wrong arg '$key'."
echo -e "$HELP"
exit 1
;;
esac
done
# util, helper functions and default env values
BASE_DIR=$(cd "$(dirname "$0")"; pwd)
# if available use oc binary provided by ocp.sh script
if [ ! -f /tmp/oc ]; then
OC_BINARY="oc"
else
OC_BINARY="/tmp/oc"
fi
DEFAULT_IMAGE_PULL_POLICY="Always"
export IMAGE_PULL_POLICY=${IMAGE_PULL_POLICY:-${DEFAULT_IMAGE_PULL_POLICY}}
DEFAULT_UPDATE_STRATEGY="Recreate"
export UPDATE_STRATEGY=${UPDATE_STRATEGY:-${DEFAULT_UPDATE_STRATEGY}}
DEFAULT_CHE_OPENSHIFT_PROJECT="eclipse-che"
export CHE_OPENSHIFT_PROJECT=${CHE_OPENSHIFT_PROJECT:-${DEFAULT_CHE_OPENSHIFT_PROJECT}}
DEFAULT_CHE_IMAGE_REPO="eclipse/che-server"
export CHE_IMAGE_REPO=${CHE_IMAGE_REPO:-${DEFAULT_CHE_IMAGE_REPO}}
DEFAULT_CHE_IMAGE_TAG="nightly"
export CHE_IMAGE_TAG=${CHE_IMAGE_TAG:-${DEFAULT_CHE_IMAGE_TAG}}
DEFAULT_IMAGE_KEYCLOAK="eclipse/che-keycloak"
export IMAGE_KEYCLOAK=${IMAGE_KEYCLOAK:-${DEFAULT_IMAGE_KEYCLOAK}}
DEFAULT_KEYCLOAK_IMAGE_TAG="nightly"
export KEYCLOAK_IMAGE_TAG=${KEYCLOAK_IMAGE_TAG:-${DEFAULT_KEYCLOAK_IMAGE_TAG}}
DEFAULT_KEYCLOAK_IMAGE_PULL_POLICY="Always"
export KEYCLOAK_IMAGE_PULL_POLICY=${KEYCLOAK_IMAGE_PULL_POLICY:-${DEFAULT_KEYCLOAK_IMAGE_PULL_POLICY}}
DEFAULT_ENABLE_SSL="false"
export ENABLE_SSL=${ENABLE_SSL:-${DEFAULT_ENABLE_SSL}}
DEFAULT_OPENSHIFT_USERNAME="developer"
export OPENSHIFT_USERNAME=${OPENSHIFT_USERNAME:-${DEFAULT_OPENSHIFT_USERNAME}}
DEFAULT_OPENSHIFT_PASSWORD="developer"
export OPENSHIFT_PASSWORD=${OPENSHIFT_PASSWORD:-${DEFAULT_OPENSHIFT_PASSWORD}}
DEFAULT_OCP_OAUTH_CLIENT_ID=ocp-client
export OCP_OAUTH_CLIENT_ID=${OCP_OAUTH_CLIENT_ID:-${DEFAULT_OCP_OAUTH_CLIENT_ID}}
DEFAULT_OCP_OAUTH_CLIENT_SECRET=ocp-client-secret
export OCP_OAUTH_CLIENT_SECRET=${OCP_OAUTH_CLIENT_SECRET:-${DEFAULT_OCP_OAUTH_CLIENT_SECRET}}
DEFAULT_OCP_IDENTITY_PROVIDER_ID=openshift-v3
export OCP_IDENTITY_PROVIDER_ID=${OCP_IDENTITY_PROVIDER_ID:-${DEFAULT_OCP_IDENTITY_PROVIDER_ID}}
DEFAULT_KEYCLOAK_USER=admin
export KEYCLOAK_USER=${KEYCLOAK_USER:-${DEFAULT_KEYCLOAK_USER}}
DEFAULT_KEYCLOAK_PASSWORD=admin
export KEYCLOAK_PASSWORD=${KEYCLOAK_PASSWORD:-${DEFAULT_KEYCLOAK_PASSWORD}}
###
### Plugin Registry settings
###
DEFAULT_PLUGIN_REGISTRY_IMAGE_TAG="latest"
export PLUGIN_REGISTRY_IMAGE_TAG=${PLUGIN_REGISTRY_IMAGE_TAG:-${DEFAULT_PLUGIN_REGISTRY_IMAGE_TAG}}
DEFAULT_PLUGIN_REGISTRY_IMAGE="quay.io/openshiftio/che-plugin-registry"
export PLUGIN_REGISTRY_IMAGE=${PLUGIN_REGISTRY_IMAGE:-${DEFAULT_PLUGIN_REGISTRY_IMAGE}}
DEFAULT_PLUGIN_REGISTRY_IMAGE_PULL_POLICY="Always"
export PLUGIN_REGISTRY_IMAGE_PULL_POLICY=${PLUGIN_REGISTRY_IMAGE_PULL_POLICY:-${DEFAULT_PLUGIN_REGISTRY_IMAGE_PULL_POLICY}}
DEFAULT_PLUGIN__REGISTRY__URL="https://che-plugin-registry.openshift.io/v3"
export PLUGIN__REGISTRY__URL=${PLUGIN__REGISTRY__URL:-${DEFAULT_PLUGIN__REGISTRY__URL}}
###
### Devfile Registry settings
###
DEFAULT_DEVFILE_REGISTRY_IMAGE_TAG="latest"
export DEVFILE_REGISTRY_IMAGE_TAG=${DEVFILE_REGISTRY_IMAGE_TAG:-${DEFAULT_DEVFILE_REGISTRY_IMAGE_TAG}}
DEFAULT_DEVFILE_REGISTRY_IMAGE="quay.io/openshiftio/che-devfile-registry"
export DEVFILE_REGISTRY_IMAGE=${DEVFILE_REGISTRY_IMAGE:-${DEFAULT_DEVFILE_REGISTRY_IMAGE}}
DEFAULT_DEVFILE_REGISTRY_IMAGE_PULL_POLICY="Always"
export DEVFILE_REGISTRY_IMAGE_PULL_POLICY=${DEVFILE_REGISTRY_IMAGE_PULL_POLICY:-${DEFAULT_DEVFILE_REGISTRY_IMAGE_PULL_POLICY}}
DEFAULT_DEVFILE__REGISTRY__URL="NULL"
export DEVFILE__REGISTRY__URL=${DEVFILE__REGISTRY__URL:-${DEFAULT_DEVFILE__REGISTRY__URL}}
DEFAULT_CHE_METRICS_ENABLED="false"
export CHE_METRICS_ENABLED=${CHE_METRICS_ENABLED:-${DEFAULT_CHE_METRICS_ENABLED}}
DEFAULT_CHE_TRACING_ENABLED="false"
export CHE_TRACING_ENABLED=${CHE_TRACING_ENABLED:-${DEFAULT_CHE_TRACING_ENABLED}}
DEFAULT_JAEGER_ENDPOINT="http://jaeger-collector:14268/api/traces"
export JAEGER_ENDPOINT=${JAEGER_ENDPOINT:-${DEFAULT_JAEGER_ENDPOINT}}
DEFAULT_JAEGER_SERVICE_NAME="che-server"
export JAEGER_SERVICE_NAME=${JAEGER_SERVICE_NAME:-${DEFAULT_JAEGER_SERVICE_NAME}}
DEFAULT_JAEGER_SAMPLER_MANAGER_HOST_PORT="jaeger:5778"
export JAEGER_SAMPLER_MANAGER_HOST_PORT=${JAEGER_SAMPLER_MANAGER_HOST_PORT:-${DEFAULT_JAEGER_SAMPLER_MANAGER_HOST_PORT}}
DEFAULT_JAEGER_SAMPLER_TYPE="const"
export JAEGER_SAMPLER_TYPE=${JAEGER_SAMPLER_TYPE:-${DEFAULT_JAEGER_SAMPLER_TYPE}}
DEFAULT_JAEGER_SAMPLER_PARAM="1"
export JAEGER_SAMPLER_PARAM=${JAEGER_SAMPLER_PARAM:-${DEFAULT_JAEGER_SAMPLER_PARAM}}
DEFAULT_JAEGER_REPORTER_MAX_QUEUE_SIZE="10000"
export JAEGER_REPORTER_MAX_QUEUE_SIZE=${JAEGER_REPORTER_MAX_QUEUE_SIZE:-${DEFAULT_JAEGER_REPORTER_MAX_QUEUE_SIZE}}
if [ "${ENABLE_SSL}" == "true" ]; then
HTTP_PROTOCOL="https"
WS_PROTOCOL="wss"
TLS="true"
else
HTTP_PROTOCOL="http"
WS_PROTOCOL="ws"
TLS="false"
fi
DEFAULT_CHE_MULTIUSER="false"
export CHE_MULTIUSER=${CHE_MULTIUSER:-${DEFAULT_CHE_MULTIUSER}}
DEFAULT_POSTGRESQL_LOG_DEBUG="false"
export POSTGRESQL_LOG_DEBUG=${POSTGRESQL_LOG_DEBUG:-${DEFAULT_POSTGRESQL_LOG_DEBUG}}
printInfo() {
green=`tput setaf 2`
reset=`tput sgr0`
echo "${green}[INFO]: ${1} ${reset}"
}
printWarning() {
yellow=`tput setaf 3`
reset=`tput sgr0`
echo "${yellow}[WARNING]: ${1} ${reset}"
}
printError() {
red=`tput setaf 1`
reset=`tput sgr0`
echo "${red}[ERROR]: ${1} ${reset}"
}
# --------------------------------------------------------
# Check pre-requisites
# --------------------------------------------------------
command -v oc >/dev/null 2>&1 || { printError "Command line tool oc (https://docs.openshift.org/latest/cli_reference/get_started_cli.html) is required but it's not installed. Aborting."; exit 1; }
# check if oc client has an active session
isLoggedIn() {
printInfo "Checking if you are currently logged in..."
${OC_BINARY} whoami > /dev/null
OUT=$?
if [ ${OUT} -eq 1 ]; then
printError "Log in to your OpenShift cluster: oc login --server=openshiftIP"
exit 1
else
CONTEXT=$(${OC_BINARY} whoami -c)
OPENSHIFT_ENDPOINT=$(oc whoami -c --show-context=false --show-server=true)
printInfo "Active session found. Your current context is: ${CONTEXT}"
fi
}
getTemplates(){
if [ ! -d "${BASE_DIR}/templates" ]; then
printInfo "Local templates directory not found. Downloading templates..."
curl -s https://codeload.github.com/eclipse/che/tar.gz/master | tar -xz --strip=3 che-master/deploy/openshift/templates -C ${BASE_DIR}
echo ${BASE_DIR}
OUT=$?
if [ ${OUT} -ne 0 ]; then
printError "Failed to curl and untar Eclipse Che repo because of an error"
printInfo "You may need to manually clone or download content of https://github.com/eclipse/che/tree/master/deploy/openshift and re-run the script"
exit ${OUT}
else
printInfo "Templates have been successfully saved to ${BASE_DIR}/templates"
fi
else printInfo "Templates directory found at ${BASE_DIR}/templates. Applying templates from this directory. Delete it to get the latest templates if necessary"
fi
}
wait_for_postgres() {
DESIRED_REPLICA_COUNT=1
CURRENT_REPLICA_COUNT=$(${OC_BINARY} get dc/postgres -o=jsonpath='{.status.availableReplicas}')
DEPLOYMENT_TIMEOUT_SEC=300
POLLING_INTERVAL_SEC=5
end=$((SECONDS+DEPLOYMENT_TIMEOUT_SEC))
while [ "${CURRENT_REPLICA_COUNT}" -ne "${DESIRED_REPLICA_COUNT}" ] && [ ${SECONDS} -lt ${end} ]; do
CURRENT_REPLICA_COUNT=$(${OC_BINARY} get dc/postgres -o=jsonpath='{.status.availableReplicas}')
timeout_in=$((end-SECONDS))
printInfo "Deployment is in progress...(Current replica count=${CURRENT_REPLICA_COUNT}, ${timeout_in} seconds remain)"
sleep ${POLLING_INTERVAL_SEC}
done
if [ "${CURRENT_REPLICA_COUNT}" -ne "${DESIRED_REPLICA_COUNT}" ]; then
printError "Postgres deployment failed. Aborting. Run command 'oc rollout status postgres' to get more details."
exit 1
elif [ ${SECONDS} -ge ${end} ]; then
printError "Deployment timeout. Aborting."
exit 1
fi
printInfo "Postgres successfully deployed"
}
wait_for_keycloak() {
DESIRED_REPLICA_COUNT=1
CURRENT_REPLICA_COUNT=$(${OC_BINARY} get dc/keycloak -o=jsonpath='{.status.availableReplicas}')
DEPLOYMENT_TIMEOUT_SEC=300
POLLING_INTERVAL_SEC=5
end=$((SECONDS+DEPLOYMENT_TIMEOUT_SEC))
while [ "${CURRENT_REPLICA_COUNT}" -ne "${DESIRED_REPLICA_COUNT}" ] && [ ${SECONDS} -lt ${end} ]; do
CURRENT_REPLICA_COUNT=$(${OC_BINARY} get dc/keycloak -o=jsonpath='{.status.availableReplicas}')
timeout_in=$((end-SECONDS))
printInfo "Deployment is in progress...(Current replica count=${CURRENT_REPLICA_COUNT}, ${timeout_in} seconds remain)"
sleep ${POLLING_INTERVAL_SEC}
done
if [ "${CURRENT_REPLICA_COUNT}" -ne "${DESIRED_REPLICA_COUNT}" ]; then
printError "Keycloak deployment failed. Aborting. Run command 'oc rollout status keycloak' to get more details."
exit 1
elif [ ${SECONDS} -ge ${end} ]; then
printError "Deployment timeout. Aborting."
exit 1
fi
printInfo "Keycloak successfully deployed"
}
wait_for_che() {
CHE_ROUTE=$(oc get route/che -o=jsonpath='{.spec.host}')
DESIRED_REPLICA_COUNT=1
CURRENT_REPLICA_COUNT=$(${OC_BINARY} get dc/che -o=jsonpath='{.status.availableReplicas}')
DEPLOYMENT_TIMEOUT_SEC=300
POLLING_INTERVAL_SEC=5
end=$((SECONDS+DEPLOYMENT_TIMEOUT_SEC))
while [ "${CURRENT_REPLICA_COUNT}" -ne "${DESIRED_REPLICA_COUNT}" ] && [ ${SECONDS} -lt ${end} ]; do
CURRENT_REPLICA_COUNT=$(${OC_BINARY} get dc/che -o=jsonpath='{.status.availableReplicas}')
timeout_in=$((end-SECONDS))
printInfo "Deployment is in progress...(Current replica count=${CURRENT_REPLICA_COUNT}, ${timeout_in} seconds remain)"
sleep ${POLLING_INTERVAL_SEC}
done
if [ "${CURRENT_REPLICA_COUNT}" -ne "${DESIRED_REPLICA_COUNT}" ]; then
printError "Che deployment failed. Aborting. Run command 'oc rollout status che' to get more details."
exit 1
elif [ ${SECONDS} -ge ${end} ]; then
printError "Deployment timeout. Aborting."
exit 1
fi
printInfo "Che successfully deployed and is available at ${HTTP_PROTOCOL}://${CHE_ROUTE}"
}
createNewProject() {
WAIT_FOR_PROJECT_TO_DELETE=true
CHE_REMOVE_PROJECT=true
DELETE_OPENSHIFT_PROJECT_MESSAGE=$(printInfo "Removing namespace ${CHE_OPENSHIFT_PROJECT}")
CREATE_ATTEMPTS=1
if ${OC_BINARY} get project "${CHE_OPENSHIFT_PROJECT}" &> /dev/null; then
printWarning "Namespace \"${CHE_OPENSHIFT_PROJECT}\" exists."
while $WAIT_FOR_PROJECT_TO_DELETE
do
{ # try
echo -n $DELETE_OPENSHIFT_PROJECT_MESSAGE
if $CHE_REMOVE_PROJECT; then
${OC_BINARY} delete project "${CHE_OPENSHIFT_PROJECT}" &> /dev/null
CHE_REMOVE_PROJECT=false
CREATE_ATTEMPTS=50
fi
DELETE_OPENSHIFT_PROJECT_MESSAGE="`tput setaf 2`.`tput sgr0`"
if ! ${OC_BINARY} get project "${CHE_OPENSHIFT_PROJECT}" &> /dev/null; then
WAIT_FOR_PROJECT_TO_DELETE=false
fi
echo -n $DELETE_OPENSHIFT_PROJECT_MESSAGE
}
done
echo "`tput setaf 2` Done!`tput sgr0`"
fi
CURRENT_ATTEMPT=0
CREATE_SUCCESS=1
while [[ ${CURRENT_ATTEMPT} -lt ${CREATE_ATTEMPTS} ]]; do
CURRENT_ATTEMPT=$((CURRENT_ATTEMPT + 1));
printInfo "Creating namespace \"${CHE_OPENSHIFT_PROJECT}\" (attempt ${CURRENT_ATTEMPT}/${CREATE_ATTEMPTS})"
OUT=`${OC_BINARY} new-project "${CHE_OPENSHIFT_PROJECT}" > /dev/null 2>&1; echo $?`
if [[ ${OUT} -ne 0 ]]; then
sleep 5
else
CREATE_SUCCESS=0
CURRENT_ATTEMPT=${CREATE_ATTEMPTS}
fi
done
if [[ ${CREATE_SUCCESS} ]]; then
printInfo "Namespace \"${CHE_OPENSHIFT_PROJECT}\" successfully created"
else
printError "Failed to create namespace ${CHE_OPENSHIFT_PROJECT}. It may exist in someone else's account or namespace deletion has not been fully completed. Try again in a short while or pick a different project name -p=myProject"
exit 1
fi
}
exposeDebugService() {
if [ "${CHE_DEBUG_SERVER}" == "true" ]; then
printInfo "Creating an OS route to debug Che wsmaster..."
${OC_BINARY} create service nodeport che-debug --tcp=8000:8000
${OC_BINARY} expose service che-debug
NodePort=$(oc get service che-debug -o jsonpath='{.spec.ports[0].nodePort}')
printInfo "Remote wsmaster debugging URL: ${CLUSTER_IP}:${NodePort}"
printInfo "Increasing failure threshold for probes of Che deployment"
oc set probe dc/che --readiness --liveness --failure-threshold=99999
fi
}
getRoutingSuffix() {
if [ -z ${OPENSHIFT_ROUTING_SUFFIX+x} ]; then
printInfo "Computing routing suffix"
${OC_BINARY} create service clusterip test --tcp=80:80 > /dev/null
${OC_BINARY} expose service test > /dev/null
ROUTE=$(oc get route test -o=jsonpath='{.spec.host}')
WORDTOREMOVE="test-${CHE_OPENSHIFT_PROJECT}."
export OPENSHIFT_ROUTING_SUFFIX="${ROUTE//$WORDTOREMOVE/}"
printInfo "Routing suffix identified as: ${OPENSHIFT_ROUTING_SUFFIX}"
${OC_BINARY} delete service test > /dev/null
${OC_BINARY} delete route test > /dev/null
fi
}
deployChePluginRegistry() {
if [ "${DEPLOY_CHE_PLUGIN_REGISTRY}" == "true" ]; then
echo "Deploying Che plugin registry..."
${OC_BINARY} new-app -f ${BASE_DIR}/templates/che-plugin-registry.yml \
-p IMAGE=${PLUGIN_REGISTRY_IMAGE} \
-p IMAGE_TAG=${PLUGIN_REGISTRY_IMAGE_TAG} \
-p PULL_POLICY=${PLUGIN_REGISTRY_IMAGE_PULL_POLICY}
PLUGIN_REGISTRY_ROUTE=$($OC_BINARY get route/che-plugin-registry --namespace=${CHE_OPENSHIFT_PROJECT} -o=jsonpath={'.spec.host'})
echo "Che plugin registry deployment complete. $PLUGIN_REGISTRY_ROUTE"
fi
}
deployCheDevfileRegistry() {
if [ "${DEPLOY_CHE_DEVFILE_REGISTRY}" == "true" ]; then
echo "Deploying Che devfile registry..."
${OC_BINARY} new-app -f ${BASE_DIR}/templates/che-devfile-registry.yml \
-p IMAGE=${DEVFILE_REGISTRY_IMAGE} \
-p IMAGE_TAG=${DEVFILE_REGISTRY_IMAGE_TAG} \
-p PULL_POLICY=${DEVFILE_REGISTRY_IMAGE_PULL_POLICY}
DEVFILE_REGISTRY_ROUTE=$($OC_BINARY get route/che-devfile-registry --namespace=${CHE_OPENSHIFT_PROJECT} -o=jsonpath={'.spec.host'})
echo "Che devfile registry deployment complete. $DEVFILE_REGISTRY_ROUTE"
fi
}
deployJaeger(){
if [ "${CHE_TRACING_ENABLED}" == "true" ]; then
echo "Deploying Jaeger..."
${OC_BINARY} new-app -f ${BASE_DIR}/templates/jaeger-all-in-one-template.yml
JAEGER_ROUTE=$($OC_BINARY get route/jaeger-query --namespace=${CHE_OPENSHIFT_PROJECT} -o=jsonpath={'.spec.host'})
echo "Jaeger deployment complete. $JAEGER_ROUTE"
fi
}
deployMetrics(){
if [ "${CHE_METRICS_ENABLED}" == "true" ]; then
echo "Deploying Grafana and Prometheus..."
${OC_BINARY} apply -f ${BASE_DIR}/templates/monitoring/grafana-dashboards.yaml
${OC_BINARY} apply -f ${BASE_DIR}/templates/monitoring/grafana-datasources.yaml
${OC_BINARY} apply -f ${BASE_DIR}/templates/monitoring/prometheus-config.yaml
${OC_BINARY} new-app -f ${BASE_DIR}/templates/monitoring/che-monitoring.yaml
echo "Grafana deployment complete. $($OC_BINARY get route/grafana --namespace=${CHE_OPENSHIFT_PROJECT} -o=jsonpath={'.spec.host'})"
echo "Prometheus deployment complete. $($OC_BINARY get route/prometheus --namespace=${CHE_OPENSHIFT_PROJECT} -o=jsonpath={'.spec.host'})"
fi
}
deployChe() {
if [ "${CHE_TRACING_ENABLED}" == "true" ]; then
CHE_VAR_ARRAY=$(env | grep -e "^CHE_." -e "^JAEGER_.")
else
CHE_VAR_ARRAY=$(env | grep "^CHE_.")
fi
if [ ${#CHE_VAR_ARRAY[@]} -gt 0 ]; then
ENV="-e ${CHE_VAR_ARRAY}"
fi
printInfo "Deploying Eclipse Che with the following params:
Multi-User: ${CHE_MULTIUSER}
HTTPS support: ${ENABLE_SSL}
Namespace: ${CHE_OPENSHIFT_PROJECT}
Che version: ${CHE_IMAGE_TAG}
Che server debug: ${CHE_DEBUG_SERVER}
Image: ${CHE_IMAGE_REPO}
Pull policy: ${IMAGE_PULL_POLICY}
Update strategy: ${UPDATE_STRATEGY}
Setup OpenShift oAuth: ${SETUP_OCP_OAUTH}
Enable Jaeger based tracing: ${CHE_TRACING_ENABLED}
Enable metrics collection: ${CHE_METRICS_ENABLED}
Environment variables:
${CHE_VAR_ARRAY}"
CHE_INFRA_OPENSHIFT_PROJECT=${CHE_OPENSHIFT_PROJECT}
CHE_INFRA_OPENSHIFT_OAUTH__IDENTITY__PROVIDER=NULL
if [ "${CHE_MULTIUSER}" == "true" ]; then
if [ "${CHE_KEYCLOAK_ADMIN_REQUIRE_UPDATE_PASSWORD}" == "false" ]; then
export KEYCLOAK_PARAM="-p CHE_KEYCLOAK_ADMIN_REQUIRE_UPDATE_PASSWORD=false"
fi
${OC_BINARY} new-app -f ${BASE_DIR}/templates/multi/postgres-template.yaml \
-p POSTGRESQL_LOG_DEBUG=${POSTGRESQL_LOG_DEBUG}
wait_for_postgres
if [ "${SETUP_OCP_OAUTH}" == "true" ]; then
# create secret with OpenShift certificate
if [[ -z ${OPENSHIFT_CERT} ]]; then
DEFAULT_OPENSHIFT_CERT_PATH=/var/lib/origin/openshift.local.config/master/ca.crt
export OPENSHIFT_CERT_PATH=${OPENSHIFT_CERT_PATH:-${DEFAULT_OPENSHIFT_CERT_PATH}}
OPENSHIFT_CERT="$(cat $OPENSHIFT_CERT_PATH)"
fi
$OC_BINARY new-app -f ${BASE_DIR}/templates/multi/openshift-certificate-secret.yaml -p CERTIFICATE="$OPENSHIFT_CERT"
fi
${OC_BINARY} new-app -f ${BASE_DIR}/templates/multi/keycloak-template.yaml \
-p ROUTING_SUFFIX=${OPENSHIFT_ROUTING_SUFFIX} \
-p PROTOCOL=${HTTP_PROTOCOL} \
-p KEYCLOAK_USER=${KEYCLOAK_USER} \
-p KEYCLOAK_PASSWORD=${KEYCLOAK_PASSWORD} \
-p IMAGE_KEYCLOAK=${IMAGE_KEYCLOAK} \
-p KEYCLOAK_IMAGE_TAG=${KEYCLOAK_IMAGE_TAG} \
-p KEYCLOAK_IMAGE_PULL_POLICY=${KEYCLOAK_IMAGE_PULL_POLICY} \
${KEYCLOAK_PARAM}
wait_for_keycloak
if [ "${SETUP_OCP_OAUTH}" == "true" ]; then
printInfo "Registering oAuth client in OpenShift"
# register oAuth client in OpenShift
printInfo "Logging as \"system:admin\""
$OC_BINARY login -u "system:admin"
KEYCLOAK_ROUTE=$($OC_BINARY get route/keycloak --namespace=${CHE_OPENSHIFT_PROJECT} -o=jsonpath={'.spec.host'})
$OC_BINARY process -f ${BASE_DIR}/templates/multi/oauth-client.yaml \
-p REDIRECT_URI="${HTTP_PROTOCOL}://${KEYCLOAK_ROUTE}/auth/realms/che/broker/${OCP_IDENTITY_PROVIDER_ID}/endpoint" \
-p OCP_OAUTH_CLIENT_ID=${OCP_OAUTH_CLIENT_ID} \
-p OCP_OAUTH_CLIENT_SECRET=${OCP_OAUTH_CLIENT_SECRET} | oc apply -f -
# register OpenShift Identity Provider in Keycloak
printInfo "Registering oAuth client in Keycloak"
printInfo "Logging as \"${OPENSHIFT_USERNAME}\""
$OC_BINARY login -u "${OPENSHIFT_USERNAME}" -p "${OPENSHIFT_PASSWORD}"
KEYCLOAK_POD_NAME=$(${OC_BINARY} get pod --namespace=${CHE_OPENSHIFT_PROJECT} -l app=keycloak --no-headers | awk '{print $1}')
${OC_BINARY} exec ${KEYCLOAK_POD_NAME} -- /opt/jboss/keycloak/bin/kcadm.sh create identity-provider/instances -r che \
-s alias=${OCP_IDENTITY_PROVIDER_ID} \
-s providerId=${OCP_IDENTITY_PROVIDER_ID} \
-s enabled=true \
-s storeToken=true \
-s addReadTokenRoleOnCreate=true \
-s config.useJwksUrl="true" \
-s config.clientId=${OCP_OAUTH_CLIENT_ID} \
-s config.clientSecret=${OCP_OAUTH_CLIENT_SECRET} \
-s config.baseUrl="${OPENSHIFT_ENDPOINT}" \
-s config.defaultScope="user:full" \
--no-config --server http://localhost:8080/auth --user ${KEYCLOAK_USER} --password ${KEYCLOAK_PASSWORD} --realm master
# setup Che variables related to oAuth identity provider
CHE_INFRA_OPENSHIFT_PROJECT=
CHE_INFRA_OPENSHIFT_OAUTH__IDENTITY__PROVIDER=${OCP_IDENTITY_PROVIDER_ID}
fi
fi
if [ "${DEPLOY_CHE_PLUGIN_REGISTRY}" == "true" ]; then
PLUGIN_REGISTRY_ROUTE=$($OC_BINARY get route/che-plugin-registry --namespace=${CHE_OPENSHIFT_PROJECT} -o=jsonpath={'.spec.host'})
PLUGIN__REGISTRY__URL="${HTTP_PROTOCOL}://${PLUGIN_REGISTRY_ROUTE}/v3"
fi
if [ "${DEPLOY_CHE_DEVFILE_REGISTRY}" == "true" ]; then
DEVFILE_REGISTRY_ROUTE=$($OC_BINARY get route/che-devfile-registry --namespace=${CHE_OPENSHIFT_PROJECT} -o=jsonpath={'.spec.host'})
DEVFILE__REGISTRY__URL="${HTTP_PROTOCOL}://${DEVFILE_REGISTRY_ROUTE}/"
fi
if [ ! -z ${CHE_INFRA_OPENSHIFT_PROJECT} ]; then
# create workspace service account in the predefined workspace
${OC_BINARY} new-app -f ${BASE_DIR}/templates/che-workspace-service-account.yaml \
-p SERVICE_ACCOUNT_NAME='che-workspace' \
-p SERVICE_ACCOUNT_NAMESPACE=${CHE_INFRA_OPENSHIFT_PROJECT}
fi
WORKSPACE_SERVICE_ACCOUNT_NAME="che-workspace"
${OC_BINARY} new-app -f ${BASE_DIR}/templates/che-server-template.yaml \
-p ROUTING_SUFFIX=${OPENSHIFT_ROUTING_SUFFIX} \
-p IMAGE_CHE=${CHE_IMAGE_REPO} \
-p CHE_VERSION=${CHE_IMAGE_TAG} \
-p PULL_POLICY=${IMAGE_PULL_POLICY} \
-p STRATEGY=${UPDATE_STRATEGY} \
-p CHE_MULTIUSER=${CHE_MULTIUSER} \
-p PROTOCOL=${HTTP_PROTOCOL} \
-p WS_PROTOCOL=${WS_PROTOCOL} \
-p CHE_INFRA_OPENSHIFT_PROJECT=${CHE_INFRA_OPENSHIFT_PROJECT} \
-p CHE_INFRA_OPENSHIFT_OAUTH__IDENTITY__PROVIDER=${CHE_INFRA_OPENSHIFT_OAUTH__IDENTITY__PROVIDER} \
-p TLS=${TLS} \
-p CHE_WORKSPACE_PLUGIN__REGISTRY__URL=${PLUGIN__REGISTRY__URL} \
-p CHE_WORKSPACE_DEVFILE__REGISTRY__URL=${DEVFILE__REGISTRY__URL} \
-p CHE_INFRA_KUBERNETES_SERVICE__ACCOUNT__NAME=${WORKSPACE_SERVICE_ACCOUNT_NAME} \
-p CHE_DEBUG_SERVER=${CHE_DEBUG_SERVER} \
-p CHE_TRACING_ENABLED=${CHE_TRACING_ENABLED} \
-p CHE_METRICS_ENABLED=${CHE_METRICS_ENABLED} \
${ENV}
if [ ${UPDATE_STRATEGY} == "Recreate" ]; then
${OC_BINARY} apply -f ${BASE_DIR}/templates/pvc/che-server-pvc.yaml
${OC_BINARY} set volume dc/che --add -m "/data" --name=che-data-volume --claim-name=che-data-volume
fi
if [ "${ENABLE_SSL}" == "true" ]; then
${OC_BINARY} apply -f ${BASE_DIR}/templates/https/che-route-tls.yaml
if [ "${CHE_MULTIUSER}" == "true" ]; then
${OC_BINARY} apply -f ${BASE_DIR}/templates/https/keycloak-route-tls.yaml
fi
fi
CHE_ROUTE=$(oc get route/che -o=jsonpath='{.spec.host}')
exposeDebugService
if [ "${WAIT_FOR_CHE}" == "true" ]; then
wait_for_che
else
printInfo "Che successfully deployed and will be soon available at ${HTTP_PROTOCOL}://${CHE_ROUTE}"
fi
}
getTemplates
isLoggedIn
createNewProject
getRoutingSuffix
deployChePluginRegistry
deployCheDevfileRegistry
deployJaeger
deployMetrics
deployChe
Reference in New Issue View Git Blame Copy Permalink