Running the Open VSX On-Premises

Follow the instructions below to deploy and configure an on-premises Eclipse Open VSX extension registry, fully integrated with Che and OpenShift environments. Choose one of the two setup paths: using a Che workspace or the OpenShift CLI (oc), to help you set up a secure, internal Open VSX instance. This includes creating necessary OpenShift project, deploying Open VSX components, publishing extensions and integrating the registry with Che.

Using Che instance

Prerequisites

  • Be logged in as a cluster administrator.

Procedure

  1. Start a workspace using the Open VSX repository.

    Create a workspace by using the following Eclipse Open VSX repository.

    The environment, including all necessary commands, is defined in the .devfile.yaml file.

  2. Create a new OpenShift project for Open VSX.

    Run 2.1. Create Namespace for OpenVSX task in the workspace (Terminal → Run Task… → devfile → 2.1. Create Namespace for OpenVSX). A new project with the name openvsx should be created on the cluster.

  3. Build and Publish Open VSX image.

    To build and deploy the Open VSX server container image to the OpenShift internal image registry, run the 2.2. Build and Publish Open VSX Image task in the workspace: (Terminal → Run Task… → devfile → 2.2. Build and Publish OpenVSX Image). During execution, you will be prompted to enter the Open VSX server version. If left blank, the task will default to using v0.27.0.

    Open VSX server versions could be found on the OpenVSX GitHub release page: https://github.com/eclipse/openvsx/releases

  4. Build and Publish Open VSX CLI (ovsx) Image.

    Run 2.3. Build and Publish OpenVSX CLI Image task in the workspace (Terminal → Run Task… → devfile → 2.3. Build and Publish OpenVSX CLI Image) to build the Open VSX CLI image and push it to OpenShift internal registry.

  5. Deploy Open VSX.

    Run 2.4. Deploy OpenVSX task in the workspace (Terminal → Run Task… → devfile → 2.4. Deploy OpenVSX). This command deploys the Open VSX components to an OpenShift project by processing a template file (openvsx-deployment.yml). It creates all required resources defined in the template, which includes:

    1. Deployments (PostgreSQL, Elasticsearch, Open VSX server, Open VSX CLI).

    2. Services and Routes for accessing components.

    3. Secrets for GitHub OAuth credentials and Open VSX personal access token.

    All deployment information is described in the deploy/openshift/openvsx-deployment.yml file with some default values such as OVSX_PAT_BASE64.

  6. Add Open VSX user with PAT to the database.

    Run the 2.5. Add OpenVSX user with PAT to the DB task in the workspace (Terminal → Run Task… → devfile → 2.5. Add OpenVSX user with PAT to the DB). The command will ask for the Open VSX username and user PAT. You can just click enter to use the default values.

    The user PAT must match the decoded value of OVSX_PAT_BASE64 specified in the deployment file. If OVSX_PAT_BASE64 has been updated, use the new token’s decoded value as the user PAT.

  7. Configure Che to use the internal Open VSX.

    Run the 2.6. Configure Che to use the internal Open VSX registry task in the workspace (Terminal → Run Task… → devfile → 2.6. Configure Che to use the internal OpenVSX registry). It applies the patch to the CheCluster custom resource, updating its configuration to use the specified Open VSX URL for the extension registry.

  8. Publish an extension from a .vsix file.

    At the beginning, the Open VSX registry does not provide any extension. Once the openvsx-server pod is running and in the Ready state, extensions can be published to the registry. The 2.8. Publish a Visual Studio Code Extension from a VSIX file command publishes an extension to the local Open VSX registry directly from a .vsix file. It prompts you to provide the extension’s namespace name and the path to the .vsix file.

  9. Publish list of extensions.

    The 2.9. Publish list of Visual Studio Code Extensions command automates the process of publishing a predefined list of Microsoft Visual Studio Code extensions based on download URLs to the internal Open VSX registry.

    The command reads from the deploy/openshift/extensions.txt file, which lists the URLs of .vsix files for each extension to be published. To publish your extensions to Open VSX, update the extensions.txt file as needed, then run the 2.9. Publish list of Visual Studio Code Extensions task from the workspace: Terminal → Run Task… → devfile → 2.9. Publish list of Visual Studio Code Extensions.

  10. Verify that Che uses internal Open VSX.

    Start any workspace and check the available extensions in the Extensions view of the workspace IDE or by opening the internal route in the OpenVSX OpenShift project.

Using OpenShift CLI (oc) tool

Prerequisites

  • Installed oc and git tools.

  • Installed Podman.

  • Log in to the OpenShift cluster where the Che is deployed as a cluster administrator.

    $ oc login https://<che_fqdn> --username=<my_user>
Procedure

  1. Create a new OpenShift project for Open VSX.

    oc new-project openvsx

  2. Clone Open VSX sources.

    Get Open VSX sources and navigate to the OpenShift deploy directory:

    git clone https://github.com/eclipse/openvsx.git &&
cd openvsx/deploy/openshift

  3. Prepare Open VSX server image.

    The next step is to build and publish the Open VSX server image. To do this, run the following commands:

    export REGISTRY=quay.io &&
export NAMESPACE=myuser &&
export OPENVSX_SERVER_IMAGE_NAME=openvsx-server &&
export OPENVSX_VERSION=v0.27.0 &&
export OPENVSX_SERVER_IMAGE=${REGISTRY}/${NAMESPACE}/${OPENVSX_SERVER_IMAGE_NAME}:${OPENVSX_VERSION} &&
podman build -t "${OPENVSX_SERVER_IMAGE}" --build-arg "OPENVSX_VERSION=${OPENVSX_VERSION}" -f openvsx.Dockerfile . &&
podman login "${REGISTRY}" &&
podman push "${OPENVSX_SERVER_IMAGE}"

    Make sure to configure the correct container registry and namespace for your image. Additionally, ensure that the image is publicly accessible and can be pulled without authentication.

  4. Prepare Open VSX CLI image.

    Build and publish the Open VSX CLI image. To do this, run the following commands:

    export OPENVSX_CLI_IMAGE_NAME=openvsx-cli &&
export OPENVSX_CLI_VERSION=0.10.5 &&
export OPENVSX_CLI_IMAGE=${REGISTRY}/${NAMESPACE}/${OPENVSX_CLI_IMAGE_NAME}:${OPENVSX_CLI_VERSION} &&
podman build -t "${OPENVSX_CLI_IMAGE}" --build-arg "OVSX_VERSION=${OPENVSX_CLI_VERSION}" -f cli.Dockerfile . &&
podman push "${OPENVSX_CLI_IMAGE}"

    Ensure that the image is publicly accessible and can be pulled without authentication.

  5. Deploy Open VSX.

    oc process -f openvsx-deployment.yml \
-p OPENVSX_SERVER_IMAGE="${OPENVSX_SERVER_IMAGE}" \
-p OPENVSX_CLI_IMAGE="${OPENVSX_CLI_IMAGE}" \
| oc apply -f -

  6. Verify that all pods in the openvsx namespace are running and ready. It might take a few minutes for all pods to become ready. Run the following command:

    oc get pods -n openvsx \
  -o jsonpath='{range .items[*]}{@.metadata.name}{"\t"}{@.status.phase}{"\t"}{.status.containerStatuses[*].ready}{"\n"}{end}'

  7. Add Open VSX user with PAT to the database.

    Find PostgreSQL pod:

    export POSTGRESQL_POD_NAME=$(oc get pods -n openvsx \
   -o jsonpath="{.items[*].metadata.name}" | tr ' ' '\n' | grep '^postgresql' | head -n 1)

    Insert username into OpenVSX database:

    oc exec -n openvsx "$POSTGRESQL_POD_NAME" -- bash -c \
   "psql -d openvsx -c \"INSERT INTO user_data (id, login_name, role) VALUES (1001, 'eclipse-che', 'privileged');\""

    Insert user PAT into OpenVSX database:

    oc exec -n openvsx "$POSTGRESQL_POD_NAME" -- bash -c \
   "psql -d openvsx -c \"INSERT INTO personal_access_token (id, user_data, value, active, created_timestamp, accessed_timestamp, description) VALUES (1001, 1001, 'eclipse_che_token', true, current_timestamp, current_timestamp, 'extensions publisher');\""

  8. Configure Che to use the internal Open VSX.

    export CHECLUSTER_NAME="$(oc get checluster --all-namespaces -o json | jq -r '.items[0].metadata.name')" &&
export CHECLUSTER_NAMESPACE="$(oc get checluster --all-namespaces -o json | jq -r '.items[0].metadata.namespace')" &&
export OPENVSX_ROUTE_URL="$(oc get route internal -n openvsx -o jsonpath='{.spec.host}')" &&
export PATCH='{"spec":{"components":{"pluginRegistry":{"openVSXURL":"https://'"$OPENVSX_ROUTE_URL"'"}}}}' &&
oc patch checluster "${CHECLUSTER_NAME}" --type=merge --patch "${PATCH}" -n "${CHECLUSTER_NAMESPACE}"

    Refer to the Configuring the Open VSX registry URL for detailed instructions on configuring the Open VSX registry URL in Che.

  9. Publish Visual Studio Code extensions with the ovsx command.

    At the beginning, the Open VSX registry does not provide any extension.

    With everything configured, the next step is to publish a Visual Studio Code extension from inside the ovsx-cli container. To do this, you need two pieces of information: the extension namespace name (used for publishing), the download URL of the .vsix extension package. Once you have this information, run the following commands to publish the extension:

    1. Retrieve the name of the pod running the Open VSX server:

      export OVSX_POD_NAME=$(oc get pods -n openvsx -o jsonpath="{.items[*].metadata.name}" | tr ' ' '\n' | grep ^ovsx-cli)

    2. Download the .vsix extension:

      oc exec -n openvsx "${OVSX_POD_NAME}" -- bash -c "wget -O /tmp/extension.vsix EXTENSION_DOWNLOAD_URL "

    3. Create an extension namespace:

      oc exec -n openvsx "${OVSX_POD_NAME}" -- bash -c "ovsx create-namespace EXTENSION_NAMESPACE_NAME" || true

    4. Publish the extension:

      oc exec -n openvsx "${OVSX_POD_NAME}" -- bash -c "ovsx publish /tmp/extension.vsix"

    5. Delete the downloaded extension file:

      oc exec -n openvsx "${OVSX_POD_NAME}" -- bash -c "rm /tmp/extension.vsix"

      Example: Publish the redhat.vscode-yaml extension version 1.18.0:

      oc exec -n openvsx "${OVSX_POD_NAME}" -- bash -c "wget -O /tmp/extension.vsix https://open-vsx.org/api/redhat/vscode-yaml/1.18.0/file/redhat.vscode-yaml-1.18.0.vsix " &&
oc exec -n openvsx "${OVSX_POD_NAME}" -- bash -c "ovsx create-namespace redhat" || true &&
oc exec -n openvsx "${OVSX_POD_NAME}" -- bash -c "ovsx publish /tmp/extension.vsix" &&
oc exec -n openvsx "${OVSX_POD_NAME}" -- bash -c "rm /tmp/extension.vsix"

  10. Verify Open VSX extension registry.

    Check the list of published extensions by navigating to the URL defined in the OPENVSX_ROUTE_URL environment variable.

Setting Up Internal Access to the Open VSX Service

In addition to using a public route to reference the Open VSX registry, you can also configure Che to set internal cluster service routing. This method provides enhanced security by keeping traffic confined within the cluster, avoiding public exposure.

Procedure

Steps for Internal Service Routing:

  1. Remove the Public Route.

    Delete the public route associated with the Open VSX registry to restrict external access:

    oc delete route internal -n openvsx

  2. Set the Internal Open VSX Service URL.

    Update the CheCluster custom resource to use the internal cluster service DNS:

    export CHECLUSTER_NAME="$(oc get checluster --all-namespaces -o json | jq -r '.items[0].metadata.name')" &&
export CHECLUSTER_NAMESPACE="$(oc get checluster --all-namespaces -o json | jq -r '.items[0].metadata.namespace')" &&
export PATCH='{"spec":{"components":{"pluginRegistry":{"openVSXURL":"http://openvsx-server.openvsx.svc:8080"}}}}' &&
oc patch checluster "${CHECLUSTER_NAME}" --type=merge --patch "${PATCH}" -n "${CHECLUSTER_NAMESPACE}"
Additional resources