che-operator points to invalid cacerts path on RHEL8 based RH SSO

[nickboldt]

Describe the bug

As investigated in https://issues.redhat.com/browse/CRW-933 the che-operator points to a hardcoded path to the cacerts file, which may not exist on newer platforms.

• https://github.com/eclipse/che-operator/blob/master/pkg/deploy/deployment_keycloak.go#L124-L126
• https://github.com/eclipse/che-operator/blob/7.13.x/pkg/deploy/deployment_keycloak.go#L116-L118

Result is this failure to start the SSO container:

keytool error: java.io.FileNotFoundException: 
/usr/lib/jvm/java-11/jre/lib/security/cacerts (No such file or directory)

Solution is to check more than one path exists, and pick the first valid one.

Some paths to check:

• /etc/pki/java/cacerts
• /usr/lib/jvm/java*/lib/security/cacerts
• /etc/java/java*/*/lib/security/cacerts
• $JAVA_HOME/jre/lib/security/cacerts

Che version

• master
• 7.13.x

Steps to reproduce

See CRW-933

Expected behavior

SSO container should be able to start inside a CRW deployment.

Runtime

• kubernetes (include output of kubectl version)
• Openshift (include output of oc version)
• minikube (include output of minikube version and kubectl version)
• minishift (include output of minishift version and oc version)
• docker-desktop + K8S (include output of docker version and kubectl version)
• other: (please specify)

Screenshots

Installation method

• chectl
  • provide a full command that was used to deploy Eclipse Che (including the output)
  • provide an output of chectl version command
• OperatorHub
• I don't know

crwctl server:start --self-signed-cert --che-operator-image=quay.io/crw/operator-rhel8:latest --listr-renderer=verbose -n nboldt-crw220b

[tolusha]

We will start working on it asap

[tolusha]

It is enough to import /etc/pki/ca-trust/extracted/java/cacerts
All other files are simlink to that one