Add property to control manual workspace dir creation in OpenShift

Add property 'che.openshift.precreate.workspace.dirs'. If property is true, OpenShiftConnector will run a pod before launching workspaces to create a subpath in the workspace's persistent volume with correct permissions. If the property is false, this step is skipped. This is necessary as in older versions of OpenShift/Kubernetes, subpaths created as part of a volume mount are created with root permissions, and so cannot be modified by workspace pods. More recent versions fix this, creating subpath volumes with correct permissions, making the step above unnecessary. Signed-off-by: Angel Misevski <amisevsk@redhat.com>
eclipse-che · May 19, 2017 · b769fd9 · b769fd9
1 parent 290d477
commit b769fd9
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 3 deletions.
diff --git a/assembly/assembly-wsmaster-war/src/main/webapp/WEB-INF/classes/codenvy/che.properties b/assembly/assembly-wsmaster-war/src/main/webapp/WEB-INF/classes/codenvy/che.properties
@@ -324,6 +324,14 @@ che.openshift.secure.routes=false
 che.openshift.jobs.image=centos:centos7
 che.openshift.jobs.memorylimit=250Mi
 
+# Run job to create workspace subpath directories in persistent volume before launching workspace.
+# Necessary in some versions of OpenShift/Kubernetes as workspace subpath volumemounts are created
+# with root permissions, and thus cannot be modified by workspaces running as user (presents as error
+# importing projects into workspace in Che). Default is "true", but should be set to false if version
+# of Openshift/Kubernetes creates subdirectories with user permissions.
+# Relevant issue: https://github.com/kubernetes/kubernetes/issues/41638
+che.openshift.precreate.workspace.dirs=true
+
 # Specifications of compute resources that can be consumed
 # by the workspace container:
 #

diff --git a/...hift-client/src/main/java/org/eclipse/che/plugin/openshift/client/OpenShiftConnector.java b/...hift-client/src/main/java/org/eclipse/che/plugin/openshift/client/OpenShiftConnector.java
@@ -193,6 +193,7 @@ public class OpenShiftConnector extends DockerConnector {
     private final String          cheWorkspaceMemoryLimit;
     private final String          cheWorkspaceMemoryRequest;
     private final boolean         secureRoutes;
+    private final boolean         createWorkspaceDirs;
     private final OpenShiftPvcHelper openShiftPvcHelper;
 
     @Inject
@@ -212,7 +213,8 @@ public OpenShiftConnector(DockerConnectorConfiguration connectorConfiguration,
                               @Named("che.workspace.projects.storage") String cheWorkspaceProjectsStorage,
                               @Nullable @Named("che.openshift.workspace.memory.request") String cheWorkspaceMemoryRequest,
                               @Nullable @Named("che.openshift.workspace.memory.override") String cheWorkspaceMemoryLimit,
-                              @Named("che.openshift.secure.routes") boolean secureRoutes) {
+                              @Named("che.openshift.secure.routes") boolean secureRoutes,
+                              @Named("che.openshift.precreate.workspace.dirs") boolean createWorkspaceDirs) {
 
         super(connectorConfiguration, connectionFactory, authResolver, dockerApiVersionPathPrefixProvider);
         this.cheServerExternalAddress = cheServerExternalAddress;
@@ -226,6 +228,7 @@ public OpenShiftConnector(DockerConnectorConfiguration connectorConfiguration,
         this.cheWorkspaceMemoryRequest = cheWorkspaceMemoryRequest;
         this.cheWorkspaceMemoryLimit = cheWorkspaceMemoryLimit;
         this.secureRoutes = secureRoutes;
+        this.createWorkspaceDirs = createWorkspaceDirs;
         this.openShiftPvcHelper = openShiftPvcHelper;
         eventService.subscribe(new EventSubscriber<ServerIdleEvent>() {
 
@@ -1142,7 +1145,9 @@ private String createOpenShiftDeployment(String workspaceID,
 
         LOG.info("Adding container {} to OpenShift deployment {}", sanitizedContainerName, deploymentName);
 
-        createWorkspaceDir(volumes);
+        if (createWorkspaceDirs) {
+            createWorkspaceDir(volumes);
+        }
 
         Container container = new ContainerBuilder()
                                     .withName(sanitizedContainerName)

diff --git a/...-client/src/test/java/org/eclipse/che/plugin/openshift/client/OpenShiftConnectorTest.java b/...-client/src/test/java/org/eclipse/che/plugin/openshift/client/OpenShiftConnectorTest.java
@@ -41,6 +41,7 @@ public class OpenShiftConnectorTest {
     private static final String   CHE_DEFAULT_SERVER_EXTERNAL_ADDRESS = "che.openshift.mini";
     private static final String   CHE_WORKSPACE_CPU_LIMIT = "1";
     private static final boolean  SECURE_ROUTES = false;
+    private static final boolean  CREATE_WORKSPACE_DIRS = true;
 
 
     @Mock
@@ -86,7 +87,8 @@ public void shouldGetWorkspaceIDWhenAValidOneIsProvidedInCreateContainerParams()
                                                     OPENSHIFT_DEFAULT_WORKSPACE_PROJECTS_STORAGE,
                                                     CHE_WORKSPACE_CPU_LIMIT,
                                                     null,
-                                                    SECURE_ROUTES);
+                                                    SECURE_ROUTES,
+                                                    CREATE_WORKSPACE_DIRS);
         String workspaceID = openShiftConnector.getCheWorkspaceId(createContainerParams);
 
         //Then