Update upgrade script version detection (#1333)

installer/build/scripts/upgrade/upgrade-harbor.sh

@@ -22,7 +22,7 @@ set -euf -o pipefail
 data_mount="/storage/data/harbor"
 cfg="${data_mount}/harbor.cfg"
 harbor_backup_prev="/storage/data/harbor_backup"
-harbor_backup="/storage/data/harbor_backup_1.3.0"
+harbor_backup="/storage/data/harbor_backup_1.3.1"
 harbor_migration="/storage/data/harbor_migration"
 harbor_psc_token_file="/etc/vmware/psc/harbor/tokens.properties"
 
@@ -32,11 +32,14 @@ harbor_upgrade_status_prev="/etc/vmware/harbor/upgrade_status"
 DB_USER=""
 DB_PASSWORD=""
 
+HARBOR_VER_1_2_1="harbor-offline-installer-v1.2.0.tgz"
+HARBOR_VER_1_3_0="harbor-offline-installer-v1.3.0.tgz"
+
 MANAGED_KEY="# Managed by configure_harbor.sh"
 export LC_ALL="C"
 
-# check for presence of required harbor folders before upgrade
-function harborDataSanityCheck {
+# check for presence of required harbor folders before upgrade from v1.2.1
+function harborDataSanityCheck_1_2 {
   harbor_dirs=(
     database
     job_logs
@@ -50,7 +53,19 @@ function harborDataSanityCheck {
       return 1
     fi
   done
+}
 
+# Cleanup files from previous upgrade operations
+function cleanupFiles {
+  if [ -f "${harbor_upgrade_status_prev}" ]; then
+    rm -rf "${harbor_upgrade_status_prev}"
+  fi
+  if [ -d "${harbor_backup_prev}" ]; then
+    rm -rf "${harbor_backup_prev}"
+  fi
+  if [ -d "${harbor_migration}" ]; then
+    rm -rf "${harbor_migration}"
+  fi
 }
 
 # Check if required PSC token is present
@@ -145,7 +160,7 @@ function configureHarborCfgManageKey {
 # Upgrade config file in place
 function upgradeHarborConfiguration {
   # Add generated log_rotate_count, log_rotate_size, email_insecure, db_host, db_port, db_user, uaa_endpoint,
-  # uaa_clientid, uaa_clientsecret and uaa_ca_root as managed key if not present
+  # uaa_clientid, uaa_clientsecret, uaa_ca_root, and ldap_verify_cert as managed key if not present
   configureHarborCfgUnset log_rotate_count 50
   configureHarborCfgUnset log_rotate_size 200M
   configureHarborCfgUnset email_insecure false
@@ -156,6 +171,7 @@ function upgradeHarborConfiguration {
   configureHarborCfgUnset uaa_clientid id
   configureHarborCfgUnset uaa_clientsecret secret
   configureHarborCfgUnset uaa_ca_root /path/to/uaa_ca.pem
+  configureHarborCfgUnset ldap_verify_cert true
 
   # Add managed tags to db_password and clair_db_password
   configureHarborCfgManageKey db_password
@@ -190,13 +206,16 @@ function migrateHarborData {
   fi
 
   mkdir -p ${harbor_new_database_dir}
+
   DIR="database";  mv "${harbor_old_database_dir}/$DIR" "${harbor_new_database_dir}/"
   DIR="clair-db";  mv "${harbor_old_database_dir}/$DIR" "${harbor_new_database_dir}/"
   DIR="notary-db"; mv "${harbor_old_database_dir}/$DIR" "${harbor_new_database_dir}/"
 }
 
 # Upgrade entry point from upgrade.sh
 function upgradeHarbor {
+  HARBOR_VER=$(readKeyValue "harbor" "/storage/data/version")
+
   if [ -z "${DB_USER}" ]; then
     DB_USER="root"
   fi
@@ -213,26 +232,25 @@ function upgradeHarbor {
   fi
   echo "Performing pre-upgrade checks" | tee /dev/fd/3
 
-  # Perform sanity check on data volume
-  if ! harborDataSanityCheck ${data_mount}; then
-    echo "Harbor Data is not present in ${data_mount}, can't continue with upgrade operation" | tee /dev/fd/3
+  if [ "$HARBOR_VER" == "$HARBOR_VER_1_2_1" ]; then
+    if ! harborDataSanityCheck_1_2 ${data_mount}; then
+      echo "Harbor Data is not present in ${data_mount}, aborting upgrade" | tee /dev/fd/3
+      exit 1
+    fi
+  elif [ "$HARBOR_VER" == "$HARBOR_VER_1_3_0" ]; then
+    echo "No upgrade operations required for upgrade from Harbor $HARBOR_VER" | tee /dev/fd/3
+    cleanupFiles
+    upgradeHarborConfiguration
+    return
+  else
+    echo "Invalid Harbor version $HARBOR_VER detected. Aborting upgrade." | tee /dev/fd/3
     exit 1
   fi
 
+  cleanupFiles
   checkDir ${harbor_backup}
   checkHarborPSCToken
 
-  # Remove files from old upgrade
-  if [ -f "${harbor_upgrade_status_prev}" ]; then
-    rm -rf "${harbor_upgrade_status_prev}"
-  fi
-  if [ -d "${harbor_backup_prev}" ]; then
-    rm -rf "${harbor_backup_prev}"
-  fi
-  if [ -d "${harbor_migration}" ]; then
-    rm -rf "${harbor_migration}"
-  fi
-
   # Start Admiral for data migration
   systemctl start admiral.service
 
@@ -241,9 +259,11 @@ function upgradeHarbor {
   echo "[=] Shutting down Harbor" | tee /dev/fd/3
   systemctl stop harbor.service
 
-  echo "[=] Migrating Harbor data" | tee /dev/fd/3
-  migrateHarborData
-  echo "[=] Finished migrating Harbor data" | tee /dev/fd/3
+  if [ "$HARBOR_VER" == "$HARBOR_VER_1_2_1" ]; then
+    echo "[=] Migrating Harbor data" | tee /dev/fd/3
+    migrateHarborData
+    echo "[=] Finished migrating Harbor data" | tee /dev/fd/3
+  fi
 
   echo "[=] Migrating Harbor configuration" | tee /dev/fd/3
   upgradeHarborConfiguration

installer/build/scripts/upgrade/upgrade.sh

@@ -34,6 +34,9 @@ EXTERNAL_PSC=""
 PSC_DOMAIN=""
 TIMESTAMP=$(date +"%Y-%m-%d %H:%M:%S %z %Z")
 
+VER_1_1_1="v1.1.1"
+VER_1_2_1="v1.2.1"
+VER_1_3_0="v1.3.0"
 
 # Register appliance for content trust
 function registerAppliance {
@@ -79,35 +82,41 @@ function setDataVersion {
 function disableServicesStart {
   echo "Disabling and stopping Admiral and Harbor" | tee /dev/fd/3
   systemctl stop admiral.service
-  systemctl stop harbor.servce
-  systemctl disable admiral.servce
-  systemctl disable harbor.servce
+  systemctl stop harbor.service
+  systemctl disable admiral.service
+  systemctl disable harbor.service
 }
 
 # Enable Admiral and Harbor starting from path units
 function enableServicesStart {
   echo "Enabling and starting Admiral and Harbor" | tee /dev/fd/3
-  systemctl enable admiral.servce
-  systemctl enable harbor.servce
-  systemctl start admiral.servce
-  systemctl start harbor.servce
+  systemctl enable admiral.service
+  systemctl enable harbor.service
+  systemctl start admiral.service
+  systemctl start harbor.service
 }
 
-# Check for presence of Admiral's PSC config file. If the file exists, the old
-# OVA is version 1.2.x.
+
+### Valid upgrade paths to v1.3.1
+#   v1.2.1 /data/version has "appliance=v1.2.1"
+#   v1.3.0 /storage/data/version has "appliance=v1.3.0-3033-f8cc7317"
+###
 function proceedWithUpgrade {
   checkUpgradeStatus "VIC Appliance" ${appliance_upgrade_status}
-
-  if [ ! -f "/storage/data/admiral/configs/psc-config.properties" ]; then
-    echo "Detected old OVA's version as 1.1.x. We no longer support this upgrade path." | tee /dev/fd/3
-    echo -n "If the version of the old OVA is not 1.1.x, please contact VMware support: " | tee /dev/fd/3
-    exit 1
+  local ver=""
+  ver=$(getApplianceVersion)
+  if [ "$ver" == "$VER_1_1_1" ]; then
+    echo -n "Detected old appliance's version as 1.1.x or older." | tee /dev/fd/3
   else
-    echo "Detected old OVA's version as 1.2.x. Upgrade will perform data migration, but previous component logs won't be transferred." | tee /dev/fd/3
-    echo -n "If the version of the old OVA is not 1.2.x, please enter n and contact VMware support: " | tee /dev/fd/3
+    echo "Detected old appliance's version as $ver" | tee /dev/fd/3
+  fi
+
+  if [ "$ver" == "$VER_1_2_1" ] || [ "$ver" == "$VER_1_3_0" ]; then
+    echo "Detected valid upgrade path. Upgrade will perform data migration, but previous component logs won't be transferred." | tee /dev/fd/3
+    echo -n "If the old appliance's version is not detected correctly, please enter \"n\" to abort the upgrade and contact VMware support." | tee /dev/fd/3
     while true; do
       echo "" | tee /dev/fd/3
-      echo "Do you wish to proceed with a 1.2.x to 1.3.x upgrade? [y/n]" | tee /dev/fd/3
+      echo "Do you wish to proceed with upgrade? [y/n]" | tee /dev/fd/3
       read response
       case $response in
           [Yy] )
@@ -125,7 +134,12 @@ function proceedWithUpgrade {
               ;;
       esac
     done
+    return # continue with upgrade
   fi
+
+  echo -n "Upgrade from this version is not a supported upgrade path."
+  echo -n "If the old appliance's version is not detected correctly, please contact VMware support." | tee /dev/fd/3
+  exit 1
 }
 
 function main {

installer/build/scripts/upgrade/util.sh

@@ -79,3 +79,58 @@ function checkUpgradeStatus {
 function genPass {
   openssl rand -base64 32 | shasum -a 256 | head -c 32 ; echo
 }
+
+# Return value from key in file
+function readKeyValue() {
+  local key=$1
+  local infile=$2
+  local value=""
+
+  if [ ! -f "$infile" ]; then
+    echo "$infile does not exist"
+    return 1
+  fi
+  value=$(grep "^$key" "$infile" | cut -d'=' -f2-)
+  echo "$value"
+}
+
+# Return only the tag version
+function getTagVersion() {
+  local in=$1
+  local value=""
+  value=$(echo "$in" | cut -d'-' -f1)
+  echo "$value"
+}
+
+# Determine appliance version
+function getApplianceVersion() {
+  local VER_UNKNOWN="unknown"
+  local VER_1_1_1="v1.1.1"
+  local VER_1_2_0="v1.2.0"
+  local VALID_VER=("v1.2.1" "v1.3.0")
+
+  # Appliance is older than 1.2.0, could be 1.0.x or 1.1.x, refer to these as v1.1.1
+  if [ ! -f "/storage/data/admiral/configs/psc-config.properties" ]; then
+    echo $VER_1_1_1
+    return
+  fi
+
+  # PSC file exists, but no version file
+  if [ ! -f "/storage/data/version" ]; then
+    echo $VER_1_2_0
+    return
+  fi
+
+  local ver=""
+  ver=$(readKeyValue "appliance" "/storage/data/version")
+  tag=$(getTagVersion "$ver")
+
+  # Check for known versions
+  for valid in ${VALID_VER[*]}
+  do
+    test "$tag" == "$valid" && { echo "$tag"; return; }
+  done
+  # Version not found
+  echo $VER_UNKNOWN
+  return
+}