diff --git a/Makefile b/Makefile index 25cbfd1..309aa8e 100644 --- a/Makefile +++ b/Makefile @@ -35,8 +35,8 @@ export RHDH_HELM_CHART_VERSION ?= export RHDH_HELM_RELEASE_NAME ?= rhdh # RHDH OLM subscription to deploy -export RHDH_OLM_INDEX_IMAGE ?= quay.io/rhdh/iib:1.2-v$(shell oc version -o json | jq -r '.openshiftVersion' | sed -r -e "s,([0-9]+\.[0-9]+)\..+,\1,")-$(shell oc version -o json | jq -r '.serverVersion.platform' | sed -r -e "s,linux/,," | sed -e 's,amd64,x86_64,') -export RHDH_OLM_CHANNEL ?= fast +export RHDH_OLM_INDEX_IMAGE ?= registry.redhat.io/redhat/redhat-operator-index:v$(shell oc version -o json | jq -r '.openshiftVersion' | sed -r -e "s,([0-9]+\.[0-9]+)\..+,\1,") +export RHDH_OLM_CHANNEL ?= fast-1.2 # RHDH horizontal scaling export RHDH_DEPLOYMENT_REPLICAS ?= 1 @@ -48,7 +48,7 @@ export RHDH_RESOURCES_MEMORY_REQUESTS ?= export RHDH_RESOURCES_MEMORY_LIMITS ?= export RHDH_KEYCLOAK_REPLICAS ?= 1 export LOCUST_EXTRA_CMD ?= -export AUTH_PROVIDER ?= +export AUTH_PROVIDER ?= keycloak # RHDH install method - one of 'helm' or 'olm' export RHDH_INSTALL_METHOD ?= helm @@ -175,7 +175,7 @@ test: $(TMP_DIR) $(ARTIFACT_DIR) ifneq ($(shell test '$(AUTH_PROVIDER)' == 'keycloak' && echo 1 || echo 0),0) $(eval key_pass := $(shell oc -n rhdh-performance get secret perf-test-secrets -o template --template='{{.data.keycloak_user_pass}}' | base64 -d)) $(eval key_host := $(shell oc -n rhdh-performance get routes/keycloak -o template --template='{{.spec.host}}' )) - $(eval LOCUST_EXTRA_CMD := --keycloak-host $(key_host) --keycloak-password $(key_pass) ) + $(eval LOCUST_EXTRA_CMD := $(LOCUST_EXTRA_CMD) --keycloak-host $(key_host) --keycloak-password $(key_pass) ) ifneq ($(shell test $(USERS) -gt $(WORKERS) && echo 1 || echo 0),0) @echo "users greater than workers " else diff --git a/ci-scripts/dev-sandbox/Makefile b/ci-scripts/dev-sandbox/Makefile index b63337f..556a83e 100644 --- a/ci-scripts/dev-sandbox/Makefile +++ b/ci-scripts/dev-sandbox/Makefile @@ -1,8 +1,8 @@ #SHELL="/bin/bash -x" -export RHDH_OLM_INDEX_IMAGE ?= quay.io/rhdh/iib:1.2-v4.15-x86_64 +export RHDH_OLM_INDEX_IMAGE ?= registry.redhat.io/redhat/redhat-operator-index:v4.15 export RHDH_OPERATOR_NAMESPACE ?= rhdh-operator -export RHDH_OLM_CHANNEL ?= fast +export RHDH_OLM_CHANNEL ?= fast-1.2 export RHDH_OLM_OPERATOR_PACKAGE ?= rhdh export ARTIFACT_DIR ?= diff --git a/ci-scripts/dev-sandbox/run.sh b/ci-scripts/dev-sandbox/run.sh index c6c533c..1c95d3a 100755 --- a/ci-scripts/dev-sandbox/run.sh +++ b/ci-scripts/dev-sandbox/run.sh @@ -44,7 +44,11 @@ collect_counts "baseline-counts-post" # testing env if [ "$RHDH_INSTALL_METHOD" == "olm" ]; then - rhdh_route="backstage-developer-hub" + if [ "$AUTH_PROVIDER" == "keycloak" ]; then + rhdh_route="rhdh" + else + rhdh_route="backstage-developer-hub" + fi elif [ "$RHDH_INSTALL_METHOD" == "helm" ]; then export RHDH_HELM_RELEASE_NAME RHDH_HELM_CHART diff --git a/ci-scripts/rhdh-setup/create_resource.sh b/ci-scripts/rhdh-setup/create_resource.sh index 5e7675d..51f020e 100755 --- a/ci-scripts/rhdh-setup/create_resource.sh +++ b/ci-scripts/rhdh-setup/create_resource.sh @@ -45,7 +45,11 @@ backstage_url() { if [ "$RHDH_INSTALL_METHOD" == "helm" ]; then rhdh_route="${RHDH_HELM_RELEASE_NAME}-${RHDH_HELM_CHART}" else - rhdh_route="backstage-developer-hub" + if [ "$AUTH_PROVIDER" == "keycloak" ]; then + rhdh_route="rhdh" + else + rhdh_route="backstage-developer-hub" + fi fi echo -n "https://$(oc get routes "${rhdh_route}" -n "${RHDH_NAMESPACE}" -o jsonpath='{.spec.host}')" >"$f" fi @@ -149,14 +153,27 @@ create_cmp() { } create_group() { - token=$(get_token) - groupname="group${0}" - echo " g, group:default/${groupname}, role:default/perf_admin" >>"$TMP_DIR/group-rbac.yaml" - curl -s -k --location --request POST "$(keycloak_url)/auth/admin/realms/backstage/groups" \ - -H 'Content-Type: application/json' \ - -H 'Authorization: Bearer '"$token" \ - --data-raw '{"name": "'"${groupname}"'"}' |& tee -a "$TMP_DIR/create_group.log" - echo "[INFO][$(date --utc -Ins)] Group $groupname created" >>"$TMP_DIR/create_group.log" + max_attempts=5 + attempt=1 + while ((attempt <= max_attempts)); do + token=$(get_token) + groupname="group${0}" + echo " g, group:default/${groupname}, role:default/perf_admin" >>"$TMP_DIR/group-rbac.yaml" + curl -s -k --location --request POST "$(keycloak_url)/auth/admin/realms/backstage/groups" \ + -H 'Content-Type: application/json' \ + -H 'Authorization: Bearer '"$token" \ + --data-raw '{"name": "'"${groupname}"'"}' |& tee -a "$TMP_DIR/create_group.log" + if [ "${PIPESTATUS[0]}" -eq 0 ]; then + echo "[INFO][$(date --utc -Ins)] Group $groupname created" >>"$TMP_DIR/create_group.log" + return + else + echo "[WARNING][$(date --utc -Ins)] Unable to create the $groupname group at $attempt. attempt. Trying again up to $max_attempts times." >>"$TMP_DIR/create_group.log" + ((attempt++)) + fi + done + if [[ $attempt -gt $max_attempts ]]; then + echo "[ERROR][$(date --utc -Ins)] Unable to create the $groupname group in $max_attempts attempts, giving up!" |& tee -a "$TMP_DIR/create_group.log" + fi } create_groups() { @@ -166,16 +183,29 @@ create_groups() { } create_user() { - token=$(get_token) - grp=$(echo "${0}%${GROUP_COUNT}" | bc) - [[ $grp -eq 0 ]] && grp=${GROUP_COUNT} - username="test${0}" - groupname="group${grp}" - curl -s -k --location --request POST "$(keycloak_url)/auth/admin/realms/backstage/users" \ - -H 'Content-Type: application/json' \ - -H 'Authorization: Bearer '"$token" \ - --data-raw '{"firstName":"'"${username}"'","lastName":"tester", "email":"'"${username}"'@test.com","emailVerified":"true", "enabled":"true", "username":"'"${username}"'","groups":["/'"${groupname}"'"],"credentials":[{"type":"password","value":"'"${KEYCLOAK_USER_PASS}"'","temporary":false}]}' |& tee -a "$TMP_DIR/create_user.log" - echo "[INFO][$(date --utc -Ins)] User $username ($groupname) created" >>"$TMP_DIR/create_user.log" + max_attempts=5 + attempt=1 + while ((attempt <= max_attempts)); do + token=$(get_token) + grp=$(echo "${0}%${GROUP_COUNT}" | bc) + [[ $grp -eq 0 ]] && grp=${GROUP_COUNT} + username="test${0}" + groupname="group${grp}" + curl -s -k --location --request POST "$(keycloak_url)/auth/admin/realms/backstage/users" \ + -H 'Content-Type: application/json' \ + -H 'Authorization: Bearer '"$token" \ + --data-raw '{"firstName":"'"${username}"'","lastName":"tester", "email":"'"${username}"'@test.com","emailVerified":"true", "enabled":"true", "username":"'"${username}"'","groups":["/'"${groupname}"'"],"credentials":[{"type":"password","value":"'"${KEYCLOAK_USER_PASS}"'","temporary":false}]}' |& tee -a "$TMP_DIR/create_user.log" + if [ "${PIPESTATUS[0]}" -eq 0 ]; then + echo "[INFO][$(date --utc -Ins)] User $username ($groupname) created" >>"$TMP_DIR/create_user.log" + return + else + echo "[WARNING][$(date --utc -Ins)] Unable to create the $username user at $attempt. attempt. Trying again up to $max_attempts times." >>"$TMP_DIR/create_user.log" + ((attempt++)) + fi + done + if [[ $attempt -gt $max_attempts ]]; then + echo "[ERROR][$(date --utc -Ins)] Unable to create the $username user in $max_attempts attempts, giving up!" |& tee -a "$TMP_DIR/create_user.log" + fi } create_users() { @@ -267,19 +297,20 @@ get_token() { trap "rm -rf $token_lockfile; exit" INT TERM EXIT HUP timeout_timestamp=$(date -d "60 seconds" "+%s") - while [ ! -f "$token_file" ] || [ ! -s "$token_file" ] || [ "$(date +%s)" -gt "$(jq -rc '.expires_in_timestamp' "$token_file")" ]; do + while [ ! -f "$token_file" ] || [ ! -s "$token_file" ] || [ -z "$(jq -rc '.expires_in_timestamp' "$token_file")" ] || [ "$(date +%s)" -gt "$(jq -rc '.expires_in_timestamp' "$token_file")" ]; do log_token_info "Refreshing keycloak token" if [ "$(date "+%s")" -gt "$timeout_timestamp" ]; then log_token_err "Timeout getting keycloak token" exit 1 fi if [[ ${service} == 'rhdh' ]]; then + log_token_info "Refreshing RHDH token" [[ -f "$token_file" ]] && rm -rf "$token_file" && rm -rf "$TMP_DIR/cookie.jar" if ! rhdh_token >"$token_file"; then log_token_err "Unable to get token, re-attempting" fi else - keycloak_pass=$(oc -n "${RHDH_NAMESPACE}" get secret credential-example-sso -o template --template='{{.data.ADMIN_PASSWORD}}' | base64 -d) + keycloak_pass=$(oc -n "${RHDH_NAMESPACE}" get secret credential-rhdh-sso -o template --template='{{.data.ADMIN_PASSWORD}}' | base64 -d) if ! keycloak_token >"$token_file"; then log_token_err "Unable to get token, re-attempting" fi diff --git a/ci-scripts/rhdh-setup/deploy.sh b/ci-scripts/rhdh-setup/deploy.sh index 1c13739..68ae2b7 100755 --- a/ci-scripts/rhdh-setup/deploy.sh +++ b/ci-scripts/rhdh-setup/deploy.sh @@ -41,9 +41,9 @@ export RHDH_HELM_CHART=${RHDH_HELM_CHART:-redhat-developer-hub} export RHDH_HELM_CHART_VERSION=${RHDH_HELM_CHART_VERSION:-} OCP_VER="$(oc version -o json | jq -r '.openshiftVersion' | sed -r -e "s#([0-9]+\.[0-9]+)\..+#\1#")" -OCP_ARCH="$(oc version -o json | jq -r '.serverVersion.platform' | sed -r -e "s#linux/##" | sed -e 's#amd64#x86_64#')" -export RHDH_OLM_INDEX_IMAGE="${RHDH_OLM_INDEX_IMAGE:-quay.io/rhdh/iib:1.2-v${OCP_VER}-${OCP_ARCH}}" -export RHDH_OLM_CHANNEL=${RHDH_OLM_CHANNEL:-fast} +#OCP_ARCH="$(oc version -o json | jq -r '.serverVersion.platform' | sed -r -e "s#linux/##" | sed -e 's#amd64#x86_64#')" +export RHDH_OLM_INDEX_IMAGE="${RHDH_OLM_INDEX_IMAGE:-registry.redhat.io/redhat/redhat-operator-index:v${OCP_VER}}" +export RHDH_OLM_CHANNEL=${RHDH_OLM_CHANNEL:-fast-1.2} export RHDH_OLM_OPERATOR_PACKAGE=${RHDH_OLM_OPERATOR_PACKAGE:-rhdh} export PRE_LOAD_DB="${PRE_LOAD_DB:-true}" @@ -173,6 +173,15 @@ keycloak_install() { envsubst