Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Che Multiuser + Single Port #10943

Closed
ethanlonge opened this issue Aug 28, 2018 · 22 comments
Closed

Che Multiuser + Single Port #10943

ethanlonge opened this issue Aug 28, 2018 · 22 comments
Labels
kind/question Questions that haven't been identified as being feature requests or bugs.

Comments

@ethanlonge
Copy link

ethanlonge commented Aug 28, 2018
edited by ghost

Description

I cannot get eclipse che workspace to open. It will start and say it is working but when it tries to access /api it says "Internal server occurs. API is not accessible".

Reproduction Steps

Turn on Multiuser and Single Port. Try to start

OS and version:
Ubuntu 16.04

Diagnostics:

11) Error injecting constructor, java.lang.RuntimeException: Exception while retrieving OpenId configuration from endpoint: http://keycloak.dev.tesseract.ml/auth/realms/che/.well-known/openid-configuration
  at org.eclipse.che.multiuser.keycloak.server.KeycloakSettings.<init>(KeycloakSettings.java:65)
  at org.eclipse.che.multiuser.keycloak.server.KeycloakSettings.class(KeycloakSettings.java:50)
  while locating org.eclipse.che.multiuser.keycloak.server.KeycloakSettings
    for the 1st parameter of org.eclipse.che.multiuser.keycloak.server.dao.KeycloakProfileDao.<init>(KeycloakProfileDao.java:47)
@ghost
Copy link

ghost commented Aug 28, 2018

@gtesblue you need to make sure the keycloak endpoint is accessible. What I see at http://keycloak.dev.tesseract.ml/ is Apache welcome page.

How did you start Che? I mean your start syntax.

@ghost ghost added the kind/question Questions that haven't been identified as being feature requests or bugs. label Aug 28, 2018
@ethanlonge
Copy link
Author

ethanlonge commented Aug 28, 2018
edited

@eivantsov Here is the start command: sudo docker run -it -v /var/run/docker.sock:/var/run/docker.sock -v /che/mu:/data eclipse/che-cli start
As for the keycloak url that is because I turned it off. Here it is working:
image
I will leave it on until it gets resolved.
By the way it is port 1337.

@ethanlonge
Copy link
Author

Here is my che.env: https://pastebin.com/rVrB1sLP

@ghost
Copy link

ghost commented Aug 28, 2018

IN che.env

CHE_KEYCLOAK_AUTH__SERVER__URL=yourURL:port/auth

@ethanlonge
Copy link
Author

@eivantsov Does this include the keycloak suburl?

@ghost
Copy link

ghost commented Aug 28, 2018

http://keycloak.dev.tesseract.ml:1337/auth

@ethanlonge
Copy link
Author

@eivantsov Yeah tried that and it still produces the same result of /api not working

@ethanlonge
Copy link
Author

@eivantsov
31) Error injecting constructor, java.lang.RuntimeException: Exception while retrieving OpenId configuration from endpoint: http://keycloak.dev.tesseract.ml/auth/realms/che/.well-known/openid-configuration

It looks like it is still trying to look at port 80, any chance there is another variable that should be changed?

@ghost
Copy link

ghost commented Aug 28, 2018

Try with -e CHE_KEYCLOAK_AUTH__SERVER__URL=http://keycloak.dev.tesseract.ml:1337/auth

@ethanlonge
Copy link
Author

@eivantsov Still same thing
34) Error injecting constructor, java.lang.RuntimeException: Exception while retrieving OpenId configuration from endpoint: http://keycloak.dev.tesseract.ml/auth/realms/che/.well-known/openid-configuration

@ghost
Copy link

ghost commented Aug 28, 2018

@gtesblue your complete run syntax please?

@ethanlonge
Copy link
Author

@eivantsov sudo docker run -it -e CHE_KEYCLOAK_AUTH__SERVER__URL=http://keycloak.dev.tesseract.ml:1337/auth -v /var/run/docker.sock:/var/run/docker.sock -v /che/mu:/data eclipse/che-cli start

@ghost
Copy link

ghost commented Aug 28, 2018
edited by ghost

I'd also try to use a different local dir -v /che/mu1:/data and then explicitly pass CHE_HOST and CHE_PORT

@ethanlonge
Copy link
Author

@eivantsov Here is the new startup command: sudo docker run -it -e CHE_KEYCLOAK_AUTH__SERVER__URL=http://keycloak.dev.tseract.ml:1337/auth -e CHE_SINGLE_PORT=true -e CHE_PORT=1337 -e CHE_MULTIUSER=true -e CHE_SINGLEPORT_WILDCARD__DOMAIN_HOST=dev.tesseract.ml -e CHE_SINGLEPORT_WILDCARD__DOMAIN_PORT=1337 -v /var/run/docker.sock:/var/run/docker.sock -v /che/mu1:/data eclipse/che-cli start
It looks like it is working now but the keycloak url is at this address now: http://keycloak.172.17.0.1.dev.tesseract.ml Any idea how to fix?

@ethanlonge
Copy link
Author

ethanlonge commented Aug 28, 2018
edited

@eivantsov Wait it isn't working properly. It says Error: Failed to start the workspace: "Forbidden" after trying to start a newly created workspace

UPDATE: Could start it from the workspaces and then I could open it but it wouldn't start up by clicking on it

@ghost
Copy link

ghost commented Aug 28, 2018

I'd try -e CHE_HOST=che.dev.tesseract.ml

@Xhelliom
Copy link

Xhelliom commented Aug 31, 2018
edited

hello, same issue with

SINGLE_PORT=true
CHE_HOST=my.domain
CHE_SINGLEPORT_WILDCARD__DOMAIN_HOST=my.domain

(Multi-user =False)

It says Error: Failed to start the workspace: "Forbidden" after trying to start a newly created workspace
Using CHE v6.10.0

@ethanlonge
Copy link
Author

ethanlonge commented Aug 31, 2018 via email

@ghost
Copy link

ghost commented Sep 10, 2018

@Xhelliom Forbidden in a single user mode?

Can you create a separate issue please?

@ghost ghost closed this as completed Sep 10, 2018
@fishingwind
Copy link

fishingwind commented Mar 15, 2019
edited

@gtesblue
31) Error injecting constructor, java.lang.RuntimeException: Exception while retrieving OpenId configuration from endpoint: http://keycloak.dev.tesseract.ml/auth/realms/che/.well-known/openid-configuration

It looks like it is still trying to look at port 80, any chance there is another variable that should be changed?

Hi, gtesblue
Have you resolved the 'retrieving OpenId at port 80' thing? I'm trying to run Che with 'Che Multiuser + Single Port' and now stunk by the same port missing problem. I've configed 'CHE_KEYCLOAK_AUTH__SERVER__URL=http://keycloak.domain.tld:8080/auth' etc.

@ethanlonge
Copy link
Author

Sorry to say but I didn't end up fixing it, instead I pointed che at a new folder

@irrealis
Copy link

irrealis commented Mar 19, 2019
edited

Here's a wrong way to make it work:

  • Found cluster IP/port of keycloak pod: 172.17.0.12/8080
  • In codeready deployment set CHE_KEYCLOAK_AUTH__SERVER__URL=http://172.17.0.12:8080/auth

Details that may or may not be useful:

Error injecting constructor, java.lang.RuntimeException: Exception while retrieving OpenId configuration from endpoint: http://keycloak.dev.tesseract.ml/auth/realms/che/.well-known/openid-configuration
  • From terminal inside codeready container, cannot connect to keycloak via hostname, but can by IP/port:
sh-4.2$ curl http://keycloak-codeready.127.0.0.1.nip.io/auth/realms/codeready/.well-known/openid-configuration
curl: (7) Failed connect to keycloak-codeready.127.0.0.1.nip.io:80; Connection refused
sh-4.2$ curl http://172.17.0.12:8080/auth/realms/codeready/.well-known/openid-configuration
{"issuer":"http://172.17.0.12:8080/auth/realms/codeready","authorization_endpoint":"http://172.17.0.12:8080/auth/realms/codeready/protocol/openid-connect/auth","token_endpoint":"http://172.17.0.12:8080/auth/realms/codeready/protocol/openid-connect/token","token_introspection_endpoint":"http://172.17.0.12:8080/auth/realms/codeready/protocol/openid-connect/token/introspect","userinfo_endpoint":"http://172.17.0.12:8080/auth/realms/codeready/protocol/openid-connect/userinfo","end_session_endpoint":"http://172.17.0.12:8080/auth/realms/codeready/protocol/openid-connect/logout","jwks_uri":"http://172.17.0.12:8080/auth/realms/codeready/protocol/openid-connect/certs","check_session_iframe":"http://172.17.0.12:8080/auth/realms/codeready/protocol/openid-connect/login-status-iframe.html","grant_types_supported":["authorization_code","implicit","refresh_token","password","client_credentials"],"response_types_supported":["code","none","id_token","token","id_token token","code id_token","code token","code id_token token"],"subject_types_supported":["public","pairwise"],"id_token_signing_alg_values_supported":["RS256"],"userinfo_signing_alg_values_supported":["RS256"],"request_object_signing_alg_values_supported":["none","RS256"],"response_modes_supported":["query","fragment","form_post"],"registration_endpoint":"http://172.17.0.12:8080/auth/realms/codeready/clients-registrations/openid-connect","token_endpoint_auth_methods_supported":["private_key_jwt","client_secret_basic","client_secret_post"],"token_endpoint_auth_signing_alg_values_supported":["RS256"],"claims_supported":["sub","iss","auth_time","name","given_name","family_name","preferred_username","email"],"claim_types_supported":["normal"],"claims_parameter_supported":false,"scopes_supported":["openid","offline_access"],"request_parameter_supported":true,"request_uri_parameter_supported":true}

This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/question Questions that haven't been identified as being feature requests or bugs.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@ethanlonge @irrealis @Xhelliom @fishingwind