[keycloak] Rename environment variables.

[monaka]

Signed-off-by: Masaki Muranaka [email protected]

I noticed when I deployed eclipse/che-keycloak:nightly NOT by using Helm nor Openshift.
So this patch is not tested well. But I believe multiuser deployments will be failed without this patch.

I can't determine if this is critical or not. As this is only critical for users who want to the multiuser env.

What does this PR do?

Renames environment variables applying to the che-keycloak instance.

PORTGRES_PORT_5432_TCP_ADDR to POSTGRES_ADDR .
POSTGRES_PORT_5432_TCP_PORT to POSTGRES_PORT .

What issues does this PR fix or reference?

refs #13625

[che-bot]

Can one of the admins verify this patch?

[che-bot]

Can one of the admins verify this patch?

[l0rd]

@davidfestal any idea about that?

[davidfestal]

Yes, in the latest versions of the Keycloak docker image, the environment variable names have changed.
I had to do a similar change in the operator code after upstream Che had switched to the latest Keycloak version.
However in the operator case, in order to still be backward compatible with previous versions of keycloak (and also to reduce risks of regression when used with previous versions of RHSSO), I only added the missing POSTGRES_PORT environment variable while also keeping the old ones.

[musienko-maxim]

Can one of the admins verify this PR?

[l0rd]

@davidfestal ok but it doesn't look like che deployment (with helm or deploy_che.sh) are affected by this problem. Is it because these deployments are using an older keycloak image? cc @skabashnyuk

[monaka]

Just by my rough inspection, the vanilla K8s controller will apply POSTGRES_PORT with unexpected value to the Keycloak instance. Because Helm charts deploys svc/postgres. So at least POSTGRES_PORT should be care, IMO.

[skabashnyuk]

@monaka I belive that eclipse/che-keycloak:nightly is used by Openshift https://github.com/eclipse/che/blob/master/deploy/openshift/deploy_che.sh#L169-L172 and that is something that we are testing on CI same for k8s https://github.com/eclipse/che/blob/master/deploy/kubernetes/helm/che/custom-charts/che-keycloak/values.yaml#L14. Can you describe what kind of issue you have and how to reproduce it?

[monaka]

@skabashnyuk I'm not sure how scripts in deploy/{kubernetes,openshift} are tested. And I'm not an expert of Openshift. So just a guess but.

Looks both PORTGRES_PORT_5432_TCP_ADDR and POSTGRES_PORT_5432_TCP_PORT are not used anywhere.
So POSTGRES_ADDR and POSTGRES_PORT won't applied as expected.

Even if the issue above, POSTGRES_ADDR might be a potential issue since it looks the default value of POSTGRES_ADDR will be postgres. I believe this will be a critical issue if the user uses the external Postgres. But we can ignore this issue as there is no way to setup external Postgres with the official scripts. (should be fixed after 7.0.0 released)

The pain point I guess is POSTGRES_PORT. K8s will applies unexpected POSTGRES_PORT to Keycloak as svc/postgres is defined and not set POSTGRES_PORT expressly.

... After I wrote above. I found the issue what I want to say. helm/charts#9561
I got similar issue like that and fixed on my fork. I believe it will be reproduced on the official deployment scripts.

[monaka]

I updated the patch in this PR as I found the issue #13821.
It will work on Openshift even though I've not checked on it.

[skabashnyuk]

ci-test

[che-bot]

Results of automated E2E tests of Eclipse Che Multiuser on OCP:
Build details
Test report
docker image: eclipseche/che-server:13791
https://github.com/orgs/eclipse/teams/eclipse-che-qa please check this report.

[l0rd]

@monaka this PR fixes #13919 right? It doesn't solve the migration part for users that currently use H2 but at least fix the problem for fresh deployments. I am removing the do-not-merge label since #13919 is a 7.0.0 issue.

[l0rd]

We need to test that but +1 to merge this PR as soon as @monaka is ready and @eclipse/eclipse-che-qa is ok.

[mkuznyetsov]

@monaka
I have troubles verifying these changes - can't start the Keycloak Pod
(running on Minikube, installed Che through chectl via Helm)
As I see it, Postgres DB is attempted to be used but there is some error related to Drivers

Pod logs:
logs-from-keycloak-in-keycloak-58656dbd4d-hgf52.txt

[monaka]

@mkuznyetsov Thank you for your checking and report. It may be required to apply some more patches to Dockerfile for che-keycloak. I'll inspect there today.

[monaka]

@mkuznyetsov I pushed the additional patch here. (And I pushed the patched docker image into https://hub.docker.com/r/monaka/che-keycloak for saving time and effort.)

I checked my deployment by Helm boot up with no error on my AKS cluster.

[skabashnyuk]

ci-test

[mkuznyetsov]

@monaka thank you, it works now.

[che-bot]

Results of automated E2E tests of Eclipse Che Multiuser on OCP:
Build details
Test report
docker image: eclipseche/che-server:13791
https://github.com/orgs/eclipse/teams/eclipse-che-qa please check this report.

[skabashnyuk]

@eclipse/eclipse-che-qa do you see any issues in test results?

[skabashnyuk]

ci-build

[skabashnyuk]

@monaka if you don't mind I want to merge it to make it part of RC4

[nickboldt]

why the change of script here? what does docker-entrypoint.sh do that standalone.sh doesn't? (Also, aside, "container-entrypoint" would be better. :) )

[monaka]

Please read docker-entrypoint.sh that stored in the base image.
Some important environment variables are parsed in there. standalone.sh is called by docker-entrypoint.sh after parsing.

It's best to ask maintainers of the jboss-dockerfiles organization (not me) if you don't like the name docker-entrypoint.sh.

[monaka]

@skabashnyuk I see. I pressed merge button now. And it may be better to back-port to Che 6. WDYT?