Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support single-host mode on the multi-user server #14335

Merged
merged 13 commits into from
Sep 10, 2019
Merged

Support single-host mode on the multi-user server #14335

merged 13 commits into from
Sep 10, 2019

Conversation

metlos
Copy link
Contributor

@metlos metlos commented Aug 26, 2019

What does this PR do?

  • Add a distinction between service name and path base in the external
    server exposer to be able to correctly expose a service through a proxy
  • the async authentication in loader.js doesn't truncate the path
    anymore so that it can correctly locate /jwt/auth even in single-host mode
  • enhance the jwt proxy configuration with the ability use custom uri
    prefixes for the redirects on auth failure - this can be used to pass in
    the information about the external path the proxy is available on even if
    hidden behind a path rewriting ingress

Note that this depends changes in the che-jwtproxy component.

What issues does this PR fix or reference?

#14189
eclipse-che/che-jwtproxy#11

@metlos
Support single-host mode on the multi-user server. Note that this dep…
7edb8e7 
…ends

changes in the che-jwtproxy component.

* Add a distinction between service name and path base in the external
server exposer to be able to correctly expose a service through a proxy
* the async authentication in loader.js doesn't truncate the path
anymore so that it can correctly locate /jwt/auth even in single-host mode
* enhance the jwt proxy configuration with the ability use custom uri
prefixes for the redirects on auth failure - this can be used to pass in
the information about the external path the proxy is available on even if
hidden behind a path rewriting ingress

Signed-off-by: Lukas Krejci <lkrejci@redhat.com>
@che-bot
Copy link
Contributor

che-bot commented Aug 26, 2019

E2E tests of Eclipse Che Multiuser on OCP has failed:

@che-bot
Copy link
Contributor

che-bot commented Aug 26, 2019

E2E Happy path tests of Eclipse Che Single User on K8S (minikube v1.1.1) has failed:

@che-bot che-bot added status/code-review This issue has a pull request posted for it and is awaiting code review completion by the community. kind/task Internal things, technical debt, and to-do tasks to be performed. labels Aug 26, 2019
@metlos
Formatting and test fixes.
78c8d02 
Signed-off-by: Lukas Krejci <lkrejci@redhat.com>
@che-bot
Copy link
Contributor

che-bot commented Aug 27, 2019

E2E tests of Eclipse Che Multiuser on OCP has failed:

@metlos
Copy link
Contributor Author

metlos commented Aug 28, 2019

ci-test

@metlos
Copy link
Contributor Author

metlos commented Aug 28, 2019

crw-ci-test

@che-bot
Copy link
Contributor

che-bot commented Aug 28, 2019

E2E Happy path tests of Eclipse Che Single User on K8S (minikube v1.1.1) has been successful:

  • build details
  • "che-server" docker image: maxura/che-server:14335

@che-bot
Copy link
Contributor

che-bot commented Aug 28, 2019

E2E Happy path tests of Eclipse Che Single User on K8S (minikube v1.1.1) has been successful:

  • build details
  • "che-server" docker image: maxura/che-server:14335

@che-bot
Copy link
Contributor

che-bot commented Aug 28, 2019

E2E tests of Eclipse Che Multiuser on OCP has failed:

@SkorikSergey
Copy link
Contributor

@metlos : about failed deployment of Che here in test results:
it was because of Che deployment error:

2019-08-28 09:14:16,959[ost-startStop-1]  [INFO ] [.e.c.c.d.JNDIDataSourceFactory 63]   - This=org.eclipse.che.core.db.postgresql.PostgreSQLJndiDataSourceFactory@17483064 obj=ResourceRef[className=javax.sql.DataSource,factoryClassLocation=null,factoryClassName=org.apache.naming.factory.ResourceFactory,{type=scope,content=Shareable},{type=auth,content=Container},{type=singleton,content=true},{type=factory,content=org.eclipse.che.api.CommonJndiDataSourceFactory}] name=che Context=org.apache.naming.NamingContext@6dbb94d7 environment={}
--
  2019-08-28 09:14:19,196[ost-startStop-1]  [ERROR] [o.a.c.c.C.[.[localhost].[/api] 4798] - Exception sending context initialized event to listener instance of class [org.eclipse.che.inject.CheBootstrap]
  com.google.inject.CreationException: Unable to create injector, see the following errors:
   
  1) No implementation for org.eclipse.che.workspace.infrastructure.kubernetes.server.external.IngressServiceExposureStrategy was bound.
  while locating org.eclipse.che.workspace.infrastructure.kubernetes.server.external.IngressServiceExposureStrategy
  for the 3rd parameter of org.eclipse.che.workspace.infrastructure.kubernetes.server.secure.jwtproxy.JwtProxyProvisioner.<init>(JwtProxyProvisioner.java:122)
  at org.eclipse.che.workspace.infrastructure.kubernetes.server.secure.jwtproxy.factory.JwtProxyProvisionerFactory.create(JwtProxyProvisionerFactory.java:1)
  at com.google.inject.assistedinject.FactoryProvider2.initialize(FactoryProvider2.java:716)
  at org.eclipse.che.api.deploy.WsMasterModule.configureJwtProxySecureProvisioner(WsMasterModule.java:425) (via modules: org.eclipse.che.api.deploy.WsMasterModule -> com.google.inject.assistedinject.FactoryModuleBuilder$1)
  
  1 error

@metlos
Copy link
Contributor Author

metlos commented Aug 28, 2019

Thanks for investigating @SkorikSergey. That is rather weird, I'll take a look.

@metlos metlos mentioned this pull request Aug 29, 2019
Merged
@metlos
Make sure pathname doesn't contain duplicated slashes when constructing
5c66420 
the auth request.

Signed-off-by: Lukas Krejci <lkrejci@redhat.com>
@metlos
The JWT proxy is needed on the OpenShift as well.
68d8242 
* provided overriden bindings for OpenShift infra
* Renamed IngressServiceExposureStrategy to ExternalServiceExposureStrategy
  so that it is not confusing on OpenShift where ingresses are not used
* Made the cookie path server-strategy sensitive

Signed-off-by: Lukas Krejci <lkrejci@redhat.com>
@che-bot
Copy link
Contributor

che-bot commented Aug 29, 2019

E2E tests of Eclipse Che Multiuser on OCP has failed:

@SkorikSergey
Copy link
Contributor

ci-test

@che-bot
Copy link
Contributor

che-bot commented Aug 30, 2019

E2E tests of Eclipse Che Multiuser on OCP has failed:

@metlos
Copy link
Contributor Author

metlos commented Aug 30, 2019

ci-test

@metlos
Copy link
Contributor Author

metlos commented Sep 5, 2019

ci-test

@metlos
Copy link
Contributor Author

metlos commented Sep 5, 2019

crw-ci-test

@che-bot
Copy link
Contributor

che-bot commented Sep 5, 2019

E2E Happy path tests of Eclipse Che Single User on K8S (minikube v1.1.1) has failed:

@che-bot
Copy link
Contributor

che-bot commented Sep 5, 2019

E2E tests of Eclipse Che Multiuser on OCP has failed:

@skabashnyuk skabashnyuk mentioned this pull request Sep 5, 2019
Closed
@metlos
Copy link
Contributor Author

metlos commented Sep 5, 2019

ci-test

@metlos
Copy link
Contributor Author

metlos commented Sep 6, 2019

ci-test

@metlos
Merge remote-tracking branch 'upstream/master' into single-host-multi…
2e1e057 
…-user

Signed-off-by: Lukas Krejci <lkrejci@redhat.com>
@che-bot
Copy link
Contributor

che-bot commented Sep 6, 2019

E2E tests of Eclipse Che Multiuser on OCP has failed:

@metlos
Use the fixed version of the JWT proxy image.
3d94934 
Signed-off-by: Lukas Krejci <lkrejci@redhat.com>
@che-bot
Copy link
Contributor

che-bot commented Sep 9, 2019

E2E Happy path tests of Eclipse Che Single User on K8S (minikube v1.1.1) has been successful:

  • build details
  • "che-server" docker image: maxura/che-server:14335

@che-bot
Copy link
Contributor

che-bot commented Sep 9, 2019

E2E tests of Eclipse Che Multiuser on OCP has failed:

@dmytro-ndp
Copy link
Contributor

ci-test

@che-bot
Copy link
Contributor

che-bot commented Sep 9, 2019

E2E tests of Eclipse Che Multiuser on OCP has failed:

@metlos
The cookie paths are server-strategy dependent.
1c1969e 
Signed-off-by: Lukas Krejci <lkrejci@redhat.com>
@che-bot
Copy link
Contributor

che-bot commented Sep 9, 2019

E2E Happy path tests of Eclipse Che Single User on K8S (minikube v1.1.1) has failed:

@metlos
Merge remote-tracking branch 'upstream/master' into single-host-multi…
e14276a 
…-user

Signed-off-by: Lukas Krejci <lkrejci@redhat.com>
@che-bot
Copy link
Contributor

che-bot commented Sep 9, 2019

E2E tests of Eclipse Che Multiuser on OCP has failed:

@che-bot
Copy link
Contributor

che-bot commented Sep 9, 2019

E2E Happy path tests of Eclipse Che Single User on K8S (minikube v1.1.1) has failed:

@che-bot
Copy link
Contributor

che-bot commented Sep 9, 2019

E2E tests of Eclipse Che Multiuser on OCP has failed:

@dmytro-ndp
Copy link
Contributor

@metlos: about this Happy path tests failure - it was changes in upstream Theia project, which affected our tests.
There is fixup already in master. Please, take changes into PR.

@metlos
Merge remote-tracking branch 'upstream/master' into single-host-multi…
20d9ed8 
…-user

Signed-off-by: Lukas Krejci <lkrejci@redhat.com>
@che-bot
Copy link
Contributor

che-bot commented Sep 10, 2019

E2E Happy path tests of Eclipse Che Single User on K8S (minikube v1.1.1) has been successful:

  • build details
  • "che-server" docker image: maxura/che-server:14335

@che-bot
Copy link
Contributor

che-bot commented Sep 10, 2019

E2E tests of Eclipse Che Multiuser on OCP has been successful:

@metlos metlos merged commit 154d668 into eclipse-che:master Sep 10, 2019
@che-bot che-bot removed the status/code-review This issue has a pull request posted for it and is awaiting code review completion by the community. label Sep 10, 2019
@che-bot che-bot added this to the 7.2.0 milestone Sep 10, 2019
@metlos metlos mentioned this pull request Sep 10, 2019
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@skabashnyuk skabashnyuk skabashnyuk approved these changes

@sleshchenko sleshchenko sleshchenko approved these changes

@amisevsk amisevsk amisevsk approved these changes

@l0rd l0rd Awaiting requested review from l0rd

@nickboldt nickboldt Awaiting requested review from nickboldt

@rhopp rhopp Awaiting requested review from rhopp

@ibuziuk ibuziuk Awaiting requested review from ibuziuk

Assignees
No one assigned
Labels
kind/task Internal things, technical debt, and to-do tasks to be performed.
Projects
None yet
Milestone
7.2.0
Development

Successfully merging this pull request may close these issues.
7 participants
@metlos @che-bot @SkorikSergey @dmytro-ndp @skabashnyuk @sleshchenko @amisevsk