Automate VIC UI Plugin Install (#1758 #1766 #1785 #1799)

Introduces caching of the vic-ui plugin artifacts as a component
of the ova. Updates the fileserver provisioner to package vic-ui
with the correct version numbers.

Creates the Fileserver Thumbprint API to return the
thumbprint of a given target ip address or fqdn.
Also refactors the fileserver main process into
main.go, and creates the routes/ and tasks/
sub-packages.

Moves vic-ui plugin dependencies to fileserver. This includes:
 - vic/lib/install/ova
 - vic/lib/install/plugin
- vic/tagvm/
Additionally, refactors ovatools/vic-ui/ui/ui.go to plugin.go that
doesn't include any CLI flags.

Automates the plugin install process and improves
logging in the fileserver:
 - Add trace.Op logging to fileserver tasks
 - Require vcenter thumprint on psc registration
 - Install VIC UI plugins in the initialization process
 - Attaches a managed tag to the Appliance VM
 - Performs a plugin install during the appliance upgrade
   process using the /plugin API.

Fixes #1433, #637, #1720, #1702 and #1789.

installer/Makefile

@@ -54,7 +54,7 @@ vendor: $(DEP)
 
 gas: $(GAS)
 	@echo running go AST tool
-	@$(GAS) -quiet fileserver/... landing_server/... lib/... ovatools/... pkg/... tagvm/... toolbox/... 2> /dev/null
+	@$(GAS) -quiet fileserver/... landing_server/... lib/... ovatools/... pkg/... toolbox/... 2> /dev/null
 
 golint: $(GOLINT)
 	@echo checking go lint...

installer/build/bootable/build-base.sh

@@ -57,7 +57,7 @@ function set_base() {
     pkgconfig dbus cpio\
     photon-release tdnf \
     openssh linux-esx sed \
-    gzip tar xz bzip2 \
+    gzip zip tar xz bzip2 \
     glibc iana-etc \
     ca-certificates \
     curl which initramfs-1.0-9.113016321.ph1 \

installer/build/bootable/build-main.sh

@@ -104,6 +104,7 @@ function build_app {
     TERM="$TERM" \
     DEBUG="$DEBUG" \
     BUILD_VICENGINE_FILE="${BUILD_VICENGINE_FILE}" \
+    BUILD_VICUI_FILE="${BUILD_VICUI_FILE}" \
     BUILD_HARBOR_FILE="${BUILD_HARBOR_FILE}" \
     BUILD_ADMIRAL_REVISION="${BUILD_ADMIRAL_REVISION}" \
     BUILD_OVA_REVISION="${BUILD_OVA_REVISION}" \

installer/build/build-cache.sh

@@ -36,6 +36,7 @@ images=(
 downloads=(
   ${BUILD_HARBOR_URL}
   ${BUILD_VICENGINE_URL}
+  ${BUILD_VICUI_URL}
 )
 
 function timecho {
@@ -84,7 +85,7 @@ function cacheOther() {
     else
       timecho "${yarrow} downloading and saving ${brprpl}${filename}${reset}"
       set +e
-      basefile=$(ls "$(dirname "$archive")/$(echo "${filename}" | cut -f1 -d"-" | cut -f1 -d"_" | cut -f1 -d".")"* 2>/dev/null)
+      basefile=$(ls "$(dirname "$archive")/$(echo "${filename}" | grep -v vic | cut -f1 -d"-" | cut -f1 -d"_" | cut -f1 -d".")"* 2>/dev/null)
       [ $? -eq 0 ] && [ -f "$basefile" ] && rm "$basefile"*
       set -e
       add "${download}" "$archive"

installer/build/build-ova.sh

@@ -57,6 +57,10 @@ do
       VICENGINE="$2"
       shift 2 # past argument
       ;;
+    --vicui)
+      VICUI="$2"
+      shift 2 # past argument
+      ;;
     --vicmachineserver)
       VIC_MACHINE_SERVER="$2"
       shift 2 # past argument
@@ -84,6 +88,12 @@ if [ -z "${VICENGINE}" ]; then
 fi
 setenv VICENGINE "$url"
 
+url=""
+if [ -z "${VICUI}" ]; then
+    url=$(gsutil ls -l "gs://vic-ui-builds" | grep -v TOTAL | grep vic_ | sort -k2 -r | (trap '' PIPE; head -1) | xargs | cut -d " " -f 3 | sed 's/gs:\/\//https:\/\/storage.googleapis.com\//')
+fi
+setenv VICUI "$url"
+
 #set Harbor
 url=""
 if [ -z "${HARBOR}" ]; then
@@ -104,6 +114,8 @@ export BUILD_HARBOR_FILE=${BUILD_HARBOR_FILE:-}
 export BUILD_HARBOR_URL=${BUILD_HARBOR_URL:-}
 export BUILD_VICENGINE_FILE=${BUILD_VICENGINE_FILE:-}
 export BUILD_VICENGINE_URL=${BUILD_VICENGINE_URL:-}
+export BUILD_VICUI_FILE=${BUILD_VICUI_FILE:-}
+export BUILD_VICUI_URL=${BUILD_VICUI_URL:-}
 export BUILD_VIC_MACHINE_SERVER_REVISION=${BUILD_VIC_MACHINE_SERVER_REVISION:-}
 export BUILD_ADMIRAL_REVISION=${BUILD_ADMIRAL_REVISION:-}
 export BUILD_OVA_REVISION=${BUILD_OVA_REVISION:-}

installer/build/build.sh

@@ -39,8 +39,8 @@ function usage() {
     echo -e "Usage:
       <ova-dev|ova-ci>
       [--admiral|--vicmachineserver] <given a revision, ie. 'dev', 'latest'>
-      [--vicengine|--harbor] <given a url, eg. 'https://storage.googleapis.com/vic-engine-builds/vic_13806.tar.gz'>
-      [--vicengine|--harbor] <given a file in cwd, eg. 'vic_13806.tar.gz'>
+      [--vicengine|--harbor|--vicui] <given a url, eg. 'https://storage.googleapis.com/vic-engine-builds/vic_13806.tar.gz'>
+      [--vicengine|--harbor|--vicui] <given a file in cwd, eg. 'vic_13806.tar.gz'>
       [passthrough args for ./bootable/build-main.sh, eg. '-b bin/.vic-appliance-base.tar.gz']
     ie: $0 ova-dev --harbor v1.2.0-38-ge79334a --vicengine https://storage.googleapis.com/vic-engine-builds/vic_13806.tar.gz --admiral v1.2" >&2
     exit 1

installer/build/ova-manifest.json

@@ -173,11 +173,6 @@
     "source": "../fileserver/files/open_source_license.txt",
     "destination": "/opt/vmware/fileserver/files/open_source_license.txt"
   },
-  {
-    "type": "file",
-    "source": "../fileserver/files/error_index.html",
-    "destination": "/opt/vmware/fileserver/index.html"
-  },
   {
     "type": "file",
     "source": "../landing_server/html",

installer/build/scripts/fileserver/configure_fileserver.sh

@@ -14,59 +14,6 @@
 # limitations under the License.
 set -uf -o pipefail
 
-umask 077
-data_dir="/opt/vmware/fileserver"
-files_dir="${data_dir}/files"
-cert="/storage/data/certs/server.crt"
-error_index_file="index.html"
-
-ca_download_dir="${data_dir}/ca_download"
-mkdir -p ${ca_download_dir}
-
-function updateConfigFiles {
-  set -e
-  # cove cli has package in form of vic-adm_*.tar.gz, so use 'vic_*.tar.gz' here
-  # to avoid including cove cli
-  tar_gz=$(find "${data_dir}" -maxdepth 1 -name "vic_*.tar.gz")
-
-  # untar vic package to tmp dir
-  tar -zxf "${tar_gz}" -C /tmp
-
-  # get certificate thumbprint
-  tp=$(openssl x509 -fingerprint -noout -in "${cert}" | awk -F= '{print $2}')
-
-  # replace configs files
-  lconfig=/tmp/vic/ui/VCSA/configs
-  wconfig=/tmp/vic/ui/vCenterForWindows/configs
-
-  cur_tp_l=$(awk '/VIC_UI_HOST_THUMBPRINT=/{print $NF}' $lconfig)
-  sed -i -e s/${cur_tp_l}/VIC_UI_HOST_THUMBPRINT=\"${tp}\"/g $lconfig
-
-  cur_tp_w=$(awk '/vic_ui_host_thumbprint=/{print $NF}' $wconfig)
-  sed -i -e s/${cur_tp_w}/vic_ui_host_thumbprint=${tp}/g $wconfig
-
-  file_server="https://${HOSTNAME}:${FILESERVER_PORT}"
-  cur_file_server_l=$(awk '/VIC_UI_HOST_URL=/{print $NF}' $lconfig)
-  sed -i -e s%${cur_file_server_l}%VIC_UI_HOST_URL=\"${file_server}\"%g $lconfig
-
-  cur_file_server_w=$(awk '/vic_ui_host_url=/{print $NF}' $wconfig)
-  sed -i -e s%${cur_file_server_w}%vic_ui_host_url=${file_server}%g $wconfig
-
-  # tar all files again
-  tar zcf "$files_dir/$(basename $tar_gz)" -C /tmp vic
-  rm -rf /tmp/vic
-}
+mkdir -p "/opt/vmware/fileserver/ca_download"
 
 iptables -w -A INPUT -j ACCEPT -p tcp --dport "${FILESERVER_PORT}"
-
-# Update configurations, run in subshell to preserve +e
-( updateConfigFiles )
-if [ $? -eq 0 ]; then
-  echo "Fileserver configuration complete."
-  if [ -f "${error_index_file}" ]; then
-    rm "${files_dir}/${error_index_file}"
-  fi
-else
-  echo "Fileserver configuration failed."
-  cp "${data_dir}/${error_index_file}" "${files_dir}/${error_index_file}"
-fi

installer/build/scripts/provisioners/provision_fileserver.sh

@@ -1,5 +1,5 @@
 #!/usr/bin/bash
-# Copyright 2017 VMware, Inc. All Rights Reserved.
+# Copyright 2018 VMware, Inc. All Rights Reserved.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -19,17 +19,52 @@ FILES_DIR="${DATA_DIR}/files"
 
 mkdir -p /etc/vmware/fileserver # Fileserver config scripts
 mkdir -p ${FILES_DIR}           # Files to serve
-mkdir -p ${DATA_DIR}            # Backup of the original vic tar
-
-cd /var/tmp
 
 echo "Provisioning VIC Engine ${BUILD_VICENGINE_FILE}"
-cp /etc/cache/${BUILD_VICENGINE_FILE} .
+cp "/etc/cache/${BUILD_VICENGINE_FILE}" ${FILES_DIR}
+
+echo "Provisioning VIC UI ${BUILD_VICUI_FILE}"
+
+TMP_FOLDER=/tmp/vic-ui
+mkdir -p ${TMP_FOLDER}
+cd ${TMP_FOLDER}
+tar -xzf /etc/cache/${BUILD_VICUI_FILE} -C "${TMP_FOLDER}" # creates ${TMP_FOLDER}/bin/ui/....
+
+# get version strings
+VIC_BIN_ROOT="${TMP_FOLDER}/bin/"
+FULL_VER_STRING=$(echo "${BUILD_OVA_REVISION}" | sed -e 's/\-rc[[:digit:]]//g')
+MAJOR_MINOR_PATCH=$(echo $FULL_VER_STRING | awk -F- '{print $1}' | cut -c 2-)
+BUILD_NUMBER=$(echo $FULL_VER_STRING | awk -F- '{print $2}')
+VIC_ENGINE_VER_STRING=${MAJOR_MINOR_PATCH}.${BUILD_NUMBER}
+VIC_UI_VER_STRING=$(ls -l ${VIC_BIN_ROOT}ui/plugin-packages | grep '^d' | head -1 | awk '{print $9}' | awk -F- '{print $2}')
+
+# update plugin-package.xml for H5 Client plugin
+echo "Updating description for H5 Client plugin to \"vSphere Client Plugin for vSphere Integrated Containers Engine (v${VIC_ENGINE_VER_STRING})"\"
+cd ${VIC_BIN_ROOT}ui/plugin-packages/com.vmware.vic-${VIC_UI_VER_STRING}
+sed -i "s/H5 Client Plugin for vSphere Integrated Containers Engine/vSphere Client Plugin for vSphere Integrated Containers Engine \(v${VIC_ENGINE_VER_STRING}\)/" plugin-package.xml
+zip -9 -r ${VIC_BIN_ROOT}ui/plugin-packages/com.vmware.vic-${VIC_UI_VER_STRING}.zip ./*
+cd ${TMP_FOLDER}
+
+# update plugin-package.xml for Flex Client plugin
+echo "Updating description for Flex Client plugin to \"vSphere Client Plugin for vSphere Integrated Containers Engine (v${VIC_ENGINE_VER_STRING})\""
+cd ${VIC_BIN_ROOT}ui/vsphere-client-serenity/com.vmware.vic.ui-${VIC_UI_VER_STRING}
+sed -i "s/Flex Client Plugin for vSphere Integrated Containers Engine/vSphere Client Plugin for vSphere Integrated Containers Engine \(v${VIC_ENGINE_VER_STRING}\)/" plugin-package.xml 
+zip -9 -r ${VIC_BIN_ROOT}ui/vsphere-client-serenity/com.vmware.vic.ui-${VIC_UI_VER_STRING}.zip ./*
+cd ${TMP_FOLDER}
+
+# update plugin-manifest
+sed -i "s/summary=.*/summary=\"vSphere Client Plugin for vSphere Integrated Containers Engine (v${VIC_ENGINE_VER_STRING})\"/" ${VIC_BIN_ROOT}ui/plugin-manifest 
+
+echo "version from the vic-ui repo is:  ${VIC_UI_VER_STRING}"
+echo "version from vic-appliance is:    ${VIC_ENGINE_VER_STRING}"
+
+tar -czf ${FILES_DIR}/${BUILD_VICUI_FILE} -C ${TMP_FOLDER} .
+find . -iname "*.zip" -exec cp {} ${FILES_DIR} \;
 
-# Copy UI plugin zip files to fileserver directory
-tar tf "${BUILD_VICENGINE_FILE}" | grep "vic/ui" | grep ".zip" | xargs  -I '{}' tar xzf "${BUILD_VICENGINE_FILE}" -C ${FILES_DIR} '{}' --strip-components=3
+# clean up scratch folders
+rm -rf ${TMP_FOLDER}
 
-mv "${BUILD_VICENGINE_FILE}" ${DATA_DIR}
+ls -l ${FILES_DIR}
 
 # Write version files
 echo "engine=${BUILD_VICENGINE_FILE}" >> /data/version

installer/build/scripts/upgrade/upgrade.sh

@@ -88,19 +88,71 @@ function usage {
     "
 }
 
+# A plugin upgrade is a forced plugin install
+function callPluginUpgradeEndpoint {
+  local preset=$1
+  local vc='{"target":"'"${VCENTER_TARGET}"'","user":"'"${VCENTER_USERNAME}"'","password":"'"${VCENTER_PASSWORD}"'","thumbprint":"'"${VCENTER_FINGERPRINT}"'"}'
+  local plugin='{"preset":"'"${preset}"'","force":true}'
+  local payload='{"vc":'${vc}',"plugin":'${plugin}'}'
+  echo "register payload - ${payload}" | sed -e 's/'${VCENTER_PASSWORD}'/***/g' >> $upgrade_log_file 2>&1
+  /usr/bin/curl \
+    -k \
+    --write-out '%{http_code}' \
+    --header "Content-Type: application/json" \
+    -X POST \
+    --data "${payload}" \
+    https://localhost:9443/plugin/upgrade
+}
+
+function upgradeAppliancePlugin {
+  # Upgrade the flex client...
+  tab_retries=0
+  max_tab_retries=30 # 5 minutes
+
+  ret=$(callPluginUpgradeEndpoint FLEX)
+  while [[ "$ret" != *"204"* && "$ret" != *"5"* && ${tab_retries} -lt ${max_tab_retries} ]]; do
+    log "Waiting for upgrade appliance flex plugin..."
+    sleep 10
+    let "tab_retries+=1"
+    ret=$(callPluginUpgradeEndpoint FLEX)
+  done
+
+  if [[ ${tab_retries} -eq ${max_tab_retries} || "$ret" == *"5"* ]]; then
+    log "WARNING: Plugin upgrade failed for the FLEX client. This is expected on vCenter versions 6.7 or higher."
+    log "WARNING: If you expected this to pass on older versions of vSphere, please check your credentials and try again, or contact VMware Support."
+  fi
+
+  # Upgrade the H5 client...
+  tab_retries=0
+  ret=$(callPluginUpgradeEndpoint H5)
+  while [[ "$ret" != *"204"* && "$ret" != *"5"* && ${tab_retries} -lt ${max_tab_retries} ]]; do
+    log "Waiting for upgrade appliance h5 plugin..."
+    sleep 10
+    let "tab_retries+=1"
+    ret=$(callPluginUpgradeEndpoint H5)
+  done
+
+  if [[ ${tab_retries} -eq ${max_tab_retries} || "$ret" == *"5"* ]]; then
+    log "Failed to upgrade appliance h5 plugin. Check vCenter target settings, or contact VMware support."
+    exit 1
+  fi
+}
+
 function callRegisterEndpoint {
+  local payload='{"target":"'"${VCENTER_TARGET}"'","user":"'"${VCENTER_USERNAME}"'","password":"'"${VCENTER_PASSWORD}"'","thumbprint":"'"${VCENTER_FINGERPRINT}"'","externalpsc":"'"${EXTERNAL_PSC}"'","pscdomain":"'"${PSC_DOMAIN}"'"}'
+  echo "register payload - ${payload}" | sed -e 's/'${VCENTER_PASSWORD}'/***/g' >> $upgrade_log_file 2>&1
   /usr/bin/curl \
     -k \
     --write-out '%{http_code}' \
     --header "Content-Type: application/json" \
     -X POST \
-    --data '{"target":"'"${VCENTER_TARGET}"'","user":"'"${VCENTER_USERNAME}"'","password":"'"${VCENTER_PASSWORD}"'","externalpsc":"'"${EXTERNAL_PSC}"'","pscdomain":"'"${PSC_DOMAIN}"'"}' \
+    --data "${payload}" \
     https://localhost:9443/register
 }
 
 # Register appliance for content trust
 function registerAppliance {
-
+  log "Registering the appliance in PSC"
   tab_retries=0
   max_tab_retries=30 # 5 minutes
   while [[ "$(callRegisterEndpoint)" != *"200"* && ${tab_retries} -lt ${max_tab_retries} ]]; do
@@ -113,7 +165,6 @@ function registerAppliance {
     log "Failed to register appliance. Check vCenter target and credentials and provided PSC settings."
     exit 1
   fi
-
 }
 
 # Get PSC tokens for SSO integration
@@ -520,6 +571,7 @@ function main {
       echo "TLS connection is not secure, unable to proceed with upgrade. Please contact VMware support. Exiting..."
       exit 1
     fi
+    export VCENTER_FINGERPRINT="$(echo "${fingerprint}" | awk '{print $2}')"
     echo "${fingerprint}" > $GOVC_TLS_KNOWN_HOSTS
   else
     log "Using provided vCenter fingerprint from --fingerprint ${VCENTER_FINGERPRINT}"
@@ -574,6 +626,9 @@ function main {
   ### -------------------- ###
   ###  Component Upgrades  ###
   ### -------------------- ###
+  log "\n-------------------------\nStarting VIC UI Plugin Upgrade ${TIMESTAMP}\n"
+  upgradeAppliancePlugin
+
   log "\n-------------------------\nStarting Admiral Upgrade ${TIMESTAMP}\n"
   upgradeAdmiral
   log "\n-------------------------\nStarting Harbor Upgrade ${TIMESTAMP}\n"