Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
How to run Che on Openshift 3.11 in a local network
See original GitHub issueAfter reading: https://github.com/eclipse/che/issues/16280 i still was unable to start eclipse, using:
chectl server:start -n=che --platform=openshift --installer=operator --tls --self-signed-cert --che-operator-cr-patch-yaml=./patch.yaml
Inside patch.yaml
spec:
server:
selfSignedCert: true
tlsSupport: true
From log the error is:
Exception while retrieving OpenId configuration from endpoint: https://keycloak-che.192.168.69.245.nip.io/auth/realms/che/.well-known/openid-configuration
Using wget the URL is working (apart an unsigned certificate exception).
I’ve created certs and installed with:
CA_CN=eclipse-che-signer
DOMAIN=*.192.168.69.245.nip.io
OPENSSL_CNF=/etc/ssl/openssl.cnf
openssl genrsa -out rootCA.key 4096
openssl req -x509 \
-new -nodes \
-key rootCA.key \
-sha256 \
-days 1024 \
-out rootCA.crt \
-subj /CN=${CA_CN} \
-reqexts SAN \
-extensions SAN \
-config <(cat ${OPENSSL_CNF} \
<(printf '[SAN]\nbasicConstraints=critical, CA:TRUE\nkeyUsage=keyCertSign, cRLSign, digitalSignature, keyEncipherment'))
openssl genrsa -out domain.key 2048
openssl req -new -sha256 \
-key domain.key \
-subj "/O=EclipseChe/CN=${DOMAIN}" \
-reqexts SAN \
-config <(cat ${OPENSSL_CNF} \
<(printf "\n[SAN]\nsubjectAltName=DNS:${DOMAIN}\nbasicConstraints=critical, CA:FALSE\nkeyUsage=keyCertSign, digitalSignature, keyEncipherment\nextendedKeyUsage=serverAuth")) \
-out domain.csr
openssl x509 \
-req \
-sha256 \
-extfile <(printf "subjectAltName=DNS:${DOMAIN}\nbasicConstraints=critical, CA:FALSE\nkeyUsage=keyCertSign, digitalSignature, keyEncipherment\nextendedKeyUsage=serverAuth") \
-days 365 \
-in domain.csr \
-CA rootCA.crt \
-CAkey rootCA.key \
-CAcreateserial -out domain.crt
oc login -u system:admin --insecure-skip-tls-verify=true
oc project default
oc delete secret router-certs
cat domain.crt domain.key > minishift.crt
oc create secret tls router-certs --key=domain.key --cert=minishift.crt
oc rollout latest router
oc create namespace che
cp rootCA.crt ca.crt
oc create secret generic self-signed-certificate --from-file=ca.crt -n=che
Openshift is running on a Ubuntu 18.04 server pristine VM.
Issue Analytics
- State:
- Created 4 years ago
- Comments:25 (14 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
@ultrafab thank you for this issue and for being active in the resolution process!
I am changing the title as the problem doesn’t related to TLS.
@mmorhun update it works now
referring to docs in: https://docs.openshift.com/container-platform/3.11/install/prerequisites.html i’ve found that Openshift 3.11 just inject DNS servers found in
/etc/resolv.confof host machines.I’ve create a static
/etc/resolv.confin Ubunu 18.04 host. so it’s not rewritten and added the IP address of the private DNS i’ve setup.Now Eclipse CHE starts and it’s reachable via
https://che-che.[privatedomain.lan]Now i’m testing if it’s fully functional