Skip to content

Instantly share code, notes, and snippets.

@nickboldt

nickboldt/pre-release-installation-test-against-OCP4.x-with-OS-oauth-CRW-202.bash

Created July 16, 2019 19:16
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save nickboldt/b1d01151a32ec0581d5eba0701194cbb to your computer and use it in GitHub Desktop.
Save nickboldt/b1d01151a32ec0581d5eba0701194cbb to your computer and use it in GitHub Desktop.
Download ZIP
pre-release-installation-test-against-OCP4.x-with-OS-oauth-CRW-202 Jenkins config
Raw
pre-release-installation-test-against-OCP4.x-with-OS-oauth-CRW-202.bash
set -x
OPENSHIFT_URL=************
CHE_OPENSHIFT_PROJECT="j$(echo ${JOB_NAME} | md5sum | tr -d "[:punct:][:space:]")-${BUILD_NUMBER}b"
CRW_HOST=codeready-${CHE_OPENSHIFT_PROJECT}.apps.crw.codereadyqe.com
OPENSHIFT_USERNAME=*******
OPENSHIFT_PASSWORD="**********"
QUAY_USER="nickboldt"
QUAY_REGISTRY="quay.io/nickboldt"
QUAY_TOKEN="***********"
# tags
OP_IMAGE_TAG=1.2-17
SERV_IMAGE_TAG=1.2-44
# images to use for testing CRW-202
OP_PATCH_IMAGE="${QUAY_REGISTRY}/server-operator-rhel8:KEYCLOAK-10169_5"
SSO_PATCH_IMAGE="${QUAY_REGISTRY}/sso73-openshift:KEYCLOAK-10169_5"
# oc run params, no -t
export JENKINS_BUILD=true
# setup mvn command
export PATH=/qa/tools/opt/apache-maven-3.5.4/bin:$PATH
# clean docker containers
psaq="$(docker ps -aq)" && if [[ ${psaq} ]]; then docker rm -f ${psaq}; fi
download_oc_and_login() {
echo "======= download OpenShift CLI client ======="
cd /tmp
if [[ $1 == "oc4" ]]; then
wget -q -O oc4.tar.gz https://mirror.openshift.com/pub/openshift-v4/clients/ocp/4.1.0/openshift-client-linux-4.1.0.tar.gz
tar -x -f ${1}.tar.gz "oc"
else
wget -q -O oc3.tar.gz https://github.com/openshift/origin/releases/download/v3.11.0/openshift-origin-client-tools-v3.11.0-0cbc58b-linux-64bit.tar.gz
tar -x --strip=1 -f ${1}.tar.gz "*/oc"
fi
/tmp/oc version
export PATH=/tmp:$PATH
cd ${WORKSPACE}
/tmp/oc login --server=${OPENSHIFT_URL} -u=${OPENSHIFT_USERNAME} -p=${OPENSHIFT_PASSWORD} --insecure-skip-tls-verify
}
waitForDeployment()
{
deploymentName=$1
DEPLOYMENT_TIMEOUT_SEC=300
POLLING_INTERVAL_SEC=5
echo "Waiting for the deployment/${deploymentName} to be scaled to 1. Timeout ${DEPLOYMENT_TIMEOUT_SEC} seconds"
DESIRED_REPLICA_COUNT=1
UNAVAILABLE=1
end=$((SECONDS+DEPLOYMENT_TIMEOUT_SEC))
while [[ "${UNAVAILABLE}" -eq 1 ]] && [[ ${SECONDS} -lt ${end} ]]; do
UNAVAILABLE=$(oc get deployment/${deploymentName} -n="${CHE_OPENSHIFT_PROJECT}" -o=jsonpath='{.status.unavailableReplicas}')
if [[ "${FOLLOW_LOGS}" == "true" ]]; then echo "Deployment is in progress...(Unavailable replica count=${UNAVAILABLE}, ${timeout_in} seconds remain)"; fi
sleep 3
done
if [[ "${UNAVAILABLE}" == 1 ]]; then
printError "Deployment timeout. Aborting."
printError "Check deployment logs and events:"
printError "oc logs deployment/${deploymentName} -n ${CHE_OPENSHIFT_PROJECT}"
printError "oc get events -n ${CHE_OPENSHIFT_PROJECT}"
exit 1
fi
CURRENT_REPLICA_COUNT=-1
while [[ "${CURRENT_REPLICA_COUNT}" -ne "${DESIRED_REPLICA_COUNT}" ]] && [[ ${SECONDS} -lt ${end} ]]; do
CURRENT_REPLICA_COUNT=$(oc get deployment/${deploymentName} -o=jsonpath='{.status.availableReplicas}')
timeout_in=$((end-SECONDS))
if [[ "${FOLLOW_LOGS}" == "true" ]]; then echo "Deployment in progress...(Current replica count=${CURRENT_REPLICA_COUNT}, ${timeout_in} seconds remain)"; fi
sleep ${POLLING_INTERVAL_SEC}
done
if [[ "${CURRENT_REPLICA_COUNT}" -ne "${DESIRED_REPLICA_COUNT}" ]]; then
printError "CodeReady Workspaces ${deploymentName} deployment failed. Aborting. Run command 'oc logs deployment/${deploymentName}' to get more details."
exit 1
elif [ ${SECONDS} -ge ${end} ]; then
printError "Deployment timeout. Aborting."
exit 1
fi
elapsed=$((DEPLOYMENT_TIMEOUT_SEC-timeout_in))
echo "Codeready Workspaces deployment/${deploymentName} started in ${elapsed} seconds"
}
quay_login ()
{
echo "${QUAY_TOKEN}" | docker login -u="${QUAY_USER}" --password-stdin ${QUAY_REGISTRY}
}
# see https://gist.github.com/nickboldt/1b0002dd006aea827ece386bb4901447 and
# see https://github.com/eclipse/che/blob/master/dockerfiles/keycloak/Dockerfile
build_patched_images()
{
quay_login
mkdir -p ${WORKSPACE}/patch-root
pushd ${WORKSPACE}/patch-root >/dev/null
git clone https://github.com/che-incubator/KEYCLOAK-10169-OpenShift4-User-Provider && cd KEYCLOAK-10169-OpenShift4-User-Provider
mvn clean install
#curl -sSL -o targt/openshift4-extension-6.0.1.jar \
# https://github.com/che-incubator/KEYCLOAK-10169-OpenShift4-User-Provider/releases/download/6.0.1-openshift-v4/openshift4-extension-6.0.1.jar
# build SSO image with updated OS4 Provider
echo "
FROM registry.access.redhat.com/redhat-sso-7/sso73-openshift:1.0-12.1561751916
COPY target/openshift4-extension-6.0.1.jar /opt/eap/standalone/deployments/
RUN touch /opt/eap/standalone/deployments/openshift4-extension-6.0.1.jar.dodeploy && \
unzip -j /opt/eap/standalone/deployments/openshift4-extension-6.0.1.jar -d \
/opt/eap/themes/base/admin/resources/partials \
theme-resources/resources/realm-identity-provider-openshift-v4.html \
theme-resources/resources/realm-identity-provider-openshift-v4-ext.html
" > Dockerfile
docker build . -t ${SSO_PATCH_IMAGE}
docker push ${SSO_PATCH_IMAGE}
cd ..
# build CRW operator image with updated SSO default image
git clone git@github.com:eclipse/che-operator.git && cd che-operator && git checkout support-openshift-v4-provider-1.x
# patch operator defaults.go
sed -i pkg/deploy/defaults.go -e "s#DefaultKeycloakImage.\+#DefaultKeycloakImage = \"${SSO_PATCH_IMAGE}\"#"
docker build . -t ${OP_PATCH_IMAGE}
docker push ${OP_PATCH_IMAGE}
popd >/dev/null
}
start_sso_and_check_log() {
docker run -t -a STDOUT --entrypoint /opt/eap/bin/standalone.sh ${SSO_PATCH_IMAGE} | tee start_sso_and_check_log.standalone.txt &
last_pid=$!
sleep 30s
kill -KILL $last_pid
docker run -t -a STDOUT --entrypoint /opt/eap/bin/openshift-launch.sh ${SSO_PATCH_IMAGE} | tee start_sso_and_check_log.openshift-launch.txt &
last_pid=$!
sleep 60s
kill -KILL $last_pid
}
patch() {
DB_PASSWORD=$(oc get deployment keycloak -o=jsonpath={'.spec.template.spec.containers[0].env[?(@.name=="DB_PASSWORD")].value'} -n=${CHE_OPENSHIFT_PROJECT})
PATCH_JSON=$(cat << EOF
{
"spec": {
"auth": {
"identityProviderImage": "${SSO_PATCH_IMAGE}",
"identityProviderPostgresPassword":"${DB_PASSWORD}"
}
}
}
EOF
)
echo; echo "Patch operator image to use ${SSO_PATCH_IMAGE}"
oc patch checluster codeready -p "${PATCH_JSON}" --type merge -n ${CHE_OPENSHIFT_PROJECT}
echo; echo "Operator image patched to use ${SSO_PATCH_IMAGE}"
oc scale deployment/codeready-operator --replicas=0
oc scale deployment/codeready --replicas=0
oc scale deployment/keycloak --replicas=0
oc scale deployment/codeready-operator --replicas=1
#echo; echo "Update operator image to ${OP_PATCH_IMAGE}"
#oc set image deployment/codeready-operator *=${OP_PATCH_IMAGE} -n ${CHE_OPENSHIFT_PROJECT}
#echo; echo "Successfully updated running deployment ${CHE_OPENSHIFT_PROJECT}."
waitForDeployment codeready-operator
oc scale deployment/keycloak --replicas=1
waitForDeployment keycloak
oc scale deployment/codeready --replicas=1
waitForDeployment codeready
}
reinstall_CRW() {
echo "======= download operator installer ======="
wget https://codeready-workspaces-jenkins.rhev-ci-vms.eng.rdu2.redhat.com/view/CRW_CI/view/Pipelines/job/crw-operator-installer-and-ls-deps_stable-branch/lastSuccessfulBuild/artifact/codeready-workspaces-deprecated/operator-installer/target/codeready-workspaces-operator-installer.tar.gz
tar -xvf codeready-workspaces-operator-installer.tar.gz
echo "======= re-install CRW on OCP ======="
oc delete checluster codeready || true
oc delete project ${CHE_OPENSHIFT_PROJECT} || true
# worksaround to let OCP to finish removal complitely
sleep 5
# --operator-image=quay.io/crw/operator-rhel8:${OP_IMAGE_TAG} \
${WORKSPACE}/codeready-workspaces-operator-installer/deploy.sh -d \
--server-image=quay.io/crw/server-rhel8 \
--version=${SERV_IMAGE_TAG} \
--operator-image=${OP_PATCH_IMAGE} \
-p=${CHE_OPENSHIFT_PROJECT} \
--oauth
# TODO this should be included inside deploy.sh
# patch deployment to allow OS OAuth v4 to work
curl -sSL -q -o /tmp/cr.yaml https://raw.githubusercontent.com/eclipse/che-operator/master/deploy/cluster_role.yaml
curl -sSL -q -o /tmp/crb.yaml https://raw.githubusercontent.com/eclipse/che-operator/master/deploy/cluster_role_binding.yaml
/tmp/oc apply -f /tmp/cr.yaml
/tmp/oc apply -f /tmp/crb.yaml
# print Che configuration
/tmp/oc describe cm/che --namespace=${CHE_OPENSHIFT_PROJECT}
}
configure_github_related_stuff() {
# configure GitHub test users
mkdir -p ${WORKSPACE}/codeready_local_conf_dir
export CHE_LOCAL_CONF_DIR=${WORKSPACE}/codeready_local_conf_dir/
rm -f ${WORKSPACE}/codeready_local_conf_dir/selenium.properties
echo "github.username=che6ocpmulti" >> ${WORKSPACE}/codeready_local_conf_dir/selenium.properties
echo "github.password=CheMain2017" >> ${WORKSPACE}/codeready_local_conf_dir/selenium.properties
echo "github.auxiliary.username=iedexmain1" >> ${WORKSPACE}/codeready_local_conf_dir/selenium.properties
echo "github.auxiliary.password=CodenvyMain15" >> ${WORKSPACE}/codeready_local_conf_dir/selenium.properties
}
# run E2E tests
run_e2e_tests() {
echo "======= run E2E tests ======="
export OPENSHIFT_USERNAME=developer
export OPENSHIFT_PASSWORD=123
export OPENSHIFT_URL=${OPENSHIFT_URL}
export CHE_OPENSHIFT_PROJECT=${CHE_OPENSHIFT_PROJECT}
export TEST_USER_NAME=admin
export CHE_TESTUSER_NAME=${TEST_USER_NAME}
export CHE_TESTUSER_PASSWORD=${TEST_USER_NAME}
export CHE_TESTUSER_EMAIL=${TEST_USER_NAME}@admin.com
export OPENSHIFT_REGULAR_USERNAME=crw
export OPENSHIFT_REGULAR_PASSWORD=crw
export OPENSHIFT_REGULAR_EMAIL=${OPENSHIFT_REGULAR_USERNAME}@1.com
${WORKSPACE}/codeready-workspaces/test/codeready-test-e2e/e2e-tests.sh \
--host=${CRW_HOST} \
--threads=1 \
--test=com.redhat.codeready.selenium.ocpoauth.**
}
download_oc_and_login oc4
build_patched_images
start_sso_and_check_log
reinstall_CRW
patch
configure_github_related_stuff
run_e2e_tests
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment