diff --git a/.github/workflows/build-push.yml b/.github/workflows/build-push.yml index cbffa418f..4fb23ecee 100644 --- a/.github/workflows/build-push.yml +++ b/.github/workflows/build-push.yml @@ -354,7 +354,7 @@ jobs: mac-build: needs: offset-build-number - runs-on: ${{ (matrix.architecture == 'amd64') && 'macos-12' || 'macos-14' }} + runs-on: ${{ (matrix.architecture == 'amd64') && 'macos-13' || 'macos-14' }} strategy: matrix: @@ -450,7 +450,7 @@ jobs: # Upload created package to artifacts to be used in next job - name: Upload MacOS Package to Artifacts - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: macos-${{ matrix.architecture }}-package path: ${{ env.GOPATH }}/src/github.com/${{ github.repository }}/pkg/mac/build/*.pkg @@ -517,7 +517,7 @@ jobs: # Retrieve artifact from previous job - name: Download our MacOS Package Artifact - uses: actions/download-artifact@v3 + uses: actions/download-artifact@v4 with: name: macos-${{ matrix.architecture }}-package path: ${{ steps.workdir_setup.outputs.PKG_PATH }} diff --git a/agent-install/agent-install.sh b/agent-install/agent-install.sh index fe3a82348..2422992d1 100755 --- a/agent-install/agent-install.sh +++ b/agent-install/agent-install.sh @@ -2063,7 +2063,7 @@ function install_macos() { fi if [[ $AGENT_AUTO_UPGRADE != 'true' ]]; then - check_existing_exch_node_is_correct_type "device" + check_existing_exch_node_info "device" fi if is_agent_registered && (! is_horizon_defaults_correct || ! is_registration_correct); then @@ -2311,7 +2311,7 @@ function install_debian() { check_and_set_anax_port # sets ANAX_PORT if [[ $AGENT_AUTO_UPGRADE != 'true' ]]; then - check_existing_exch_node_is_correct_type "device" + check_existing_exch_node_info "device" fi if is_agent_registered && (! is_horizon_defaults_correct "$ANAX_PORT" || ! is_registration_correct); then @@ -2573,7 +2573,7 @@ function install_redhat() { if [[ $AGENT_ONLY_CLI != 'true' ]]; then check_and_set_anax_port # sets ANAX_PORT if [[ $AGENT_AUTO_UPGRADE != 'true' ]]; then - check_existing_exch_node_is_correct_type "device" + check_existing_exch_node_info "device" fi if is_agent_registered && (! is_horizon_defaults_correct "$ANAX_PORT" || ! is_registration_correct); then @@ -3399,13 +3399,8 @@ function find_node_ip_address() { fi } -# If node exist in management hub, verify it is correct type (device or cluster) -function check_existing_exch_node_is_correct_type() { - log_debug "check_existing_exch_node_is_correct_type() begin" - - local expected_type=$1 - - log_info "Verifying that node $NODE_ID in the exchange is type $expected_type (if it exists)..." +# check the node with $NODE_ID in the exchange, return the output from the exchange +function get_existing_exch_node() { local exch_creds cert_flag if [[ -n $HZN_EXCHANGE_USER_AUTH ]]; then exch_creds="$HZN_ORG_ID/$HZN_EXCHANGE_USER_AUTH" else exch_creds="$HZN_ORG_ID/$HZN_EXCHANGE_NODE_AUTH" # input checking requires either user creds or node creds @@ -3414,7 +3409,32 @@ function check_existing_exch_node_is_correct_type() { if [[ -n $AGENT_CERT_FILE && -f $AGENT_CERT_FILE ]]; then cert_flag="--cacert $AGENT_CERT_FILE" fi - local exch_output=$(curl -fsS ${CURL_RETRY_PARMS} $cert_flag $HZN_EXCHANGE_URL/orgs/$HZN_ORG_ID/nodes/$NODE_ID -u "$exch_creds" 2>/dev/null) || true + exch_output=$(curl -fsS ${CURL_RETRY_PARMS} $cert_flag $HZN_EXCHANGE_URL/orgs/$HZN_ORG_ID/nodes/$NODE_ID -u "$exch_creds" 2>/dev/null) || true + echo "$exch_output" +} + +# check if the node with $NODE_ID exists in the exchange, and if public key of node is set +function check_node_existing_and_active() { + log_debug "check_node_existing_and_active() begin" + local exch_output=$(get_existing_exch_node) + if [[ -n "$exch_output" ]]; then + local exch_node_public_key=$(echo $exch_output | jq -re '.nodes | .[].publicKey') + if [[ "$exch_node_public_key" != "" ]] ; then + log_fatal 2 "node $NODE_ID already exists in the exchange and encryption key is set. To continue, use a different node id or delete existing node from the exchange" + fi + fi + log_debug "check_node_existing_and_active() end" +} + +# Check if the node exist in management hub, verify 1) it is correct type (device or cluster), 2) for cluster node, verify namespace +function check_existing_exch_node_info() { + log_debug "check_existing_exch_node_info() begin" + + local expected_type=$1 + local expected_namespace=$2 + + log_info "Verifying that node $NODE_ID in the exchange is type $expected_type (if it exists)..." + local exch_output=$(get_existing_exch_node) if [[ -n "$exch_output" ]]; then local exch_node_type=$(echo $exch_output | jq -re '.nodes | .[].nodeType') @@ -3423,9 +3443,17 @@ function check_existing_exch_node_is_correct_type() { elif [[ "$exch_node_type" == "cluster" ]] && [[ "$expected_type" != "cluster" ]]; then log_fatal 2 "Node id ${NODE_ID} has already been created as nodeType cluster. Remove the node from the exchange and run this script again." fi + + local exch_node_namespace=$(echo $exch_output | jq -re '.nodes | .[].clusterNamespace') + local exch_node_public_key=$(echo $exch_output | jq -re '.nodes | .[].publicKey') + if [[ "$exch_node_type" == "cluster" ]] && [[ "$exch_node_public_key" != "" ]] && [[ "$expected_namespace" != "$exch_node_namespace" ]]; then + log_fatal 2 "Cluster node: $NODE_ID already exists in namespace $exch_node_namespace. To continue, use a different node id or delete existing node from the exchange" + elif [[ "$exch_node_type" == "cluster" ]] && [[ "$exch_node_public_key" == "" ]]; then + log_info "The node in the exchange ($exch_node_namespace) has empty encryption key, continue on cluster install/update" + fi fi - log_debug "check_existing_exch_node_is_correct_type() end" + log_debug "check_existing_exch_node_info() end" } # make sure the new exchange url and cert are good. @@ -4516,7 +4544,7 @@ function install_update_cluster() { confirmCmds jq - check_existing_exch_node_is_correct_type "cluster" + check_existing_exch_node_info "cluster" $AGENT_NAMESPACE check_cluster_agent_scope # sets AGENT_DEPLOYMENT_EXIST_IN_SAME_NAMESPACE @@ -4562,6 +4590,8 @@ function install_update_cluster() { function install_cluster() { log_debug "install_cluster() begin" + check_node_existing_and_active + # generate files based on templates generate_installation_files @@ -4724,3 +4754,4 @@ elif is_cluster; then else log_fatal 1 "AGENT_DEPLOY_TYPE must be 'device' or 'cluster'" fi + diff --git a/agent-install/agent-uninstall.sh b/agent-install/agent-uninstall.sh old mode 100644 new mode 100755 index 4f353b9e3..961808b7c --- a/agent-install/agent-uninstall.sh +++ b/agent-install/agent-uninstall.sh @@ -19,10 +19,6 @@ SKIP_DELETE_AGENT_NAMESPACE=false USE_DELETE_FORCE=false DELETE_TIMEOUT=10 # Default delete timeout -function now() { - echo `date '+%Y-%m-%d %H:%M:%S'` -} - # Exit handling function quit(){ case $1 in @@ -216,7 +212,7 @@ function get_agent_pod_id() { fi if [ "$AGENT_POD_READY" == "true" ]; then - POD_ID=$($KUBECTL get pod -n ${AGENT_NAMESPACE} 2> /dev/null | grep "agent-" | cut -d " " -f1 2> /dev/null) + POD_ID=$($KUBECTL get pod -n ${AGENT_NAMESPACE} -l app=agent,type!=auto-upgrade-cronjob 2> /dev/null | grep "agent-" | cut -d " " -f1 2> /dev/null) if [ -n "${POD_ID}" ]; then log_info "get pod: ${POD_ID}" else @@ -231,7 +227,7 @@ function removeNodeFromLocalAndManagementHub() { log_debug "removeNodeFromLocalAndManagementHub() begin" log_info "Check node status for agent pod: ${POD_ID}" - NODE_INFO=$($KUBECTL exec -it ${POD_ID} -n ${AGENT_NAMESPACE} -- bash -c "hzn node list") + NODE_INFO=$($KUBECTL exec ${POD_ID} -n ${AGENT_NAMESPACE} -c "anax" -- bash -c "hzn node list") NODE_STATE=$(echo $NODE_INFO | jq -r .configstate.state | sed 's/[^a-z]*//g') NODE_ID=$(echo $NODE_INFO | jq -r .id | sed 's/\r//g') log_debug "NODE config state for ${NODE_ID} is ${NODE_STATE}" @@ -274,11 +270,11 @@ function unregister() { fi set +e - $KUBECTL exec -it ${POD_ID} -n ${AGENT_NAMESPACE} -- bash -c "${HZN_UNREGISTER_CMD}" + $KUBECTL exec ${POD_ID} -n ${AGENT_NAMESPACE} -c "anax" -- bash -c "${HZN_UNREGISTER_CMD}" set -e # verify the node is unregistered - NODE_STATE=$($KUBECTL exec -it ${POD_ID} -n ${AGENT_NAMESPACE} -- bash -c "hzn node list | jq -r .configstate.state" | sed 's/[^a-z]*//g') + NODE_STATE=$($KUBECTL exec ${POD_ID} -n ${AGENT_NAMESPACE} -c "anax" -- bash -c "hzn node list | jq -r .configstate.state" | sed 's/[^a-z]*//g') log_debug "NODE config state is ${NODE_STATE}" if [[ "$NODE_STATE" != "unconfigured" ]] && [[ "$NODE_STATE" != "unconfiguring" ]]; then @@ -288,8 +284,9 @@ function unregister() { log_debug "unregister() end" } +# escape: ;, $, &, |, (, ) function getEscapedExchangeUserAuth() { - local escaped_auth=$( echo "${HZN_EXCHANGE_USER_AUTH}" | sed 's/;/\\;/g;s/\$/\\$/g;s/\&/\\&/g;s/|/\\|/g' ) + local escaped_auth=$( echo "${HZN_EXCHANGE_USER_AUTH}" | sed 's/;/\\;/g;s/\$/\\$/g;s/\&/\\&/g;s/|/\\|/g;s/(/\\(/g;s/)/\\)/g' ) echo "${escaped_auth}" } @@ -303,7 +300,7 @@ function deleteNodeFromManagementHub() { log_info "Deleting node ${node_id} from the management hub..." set +e - $KUBECTL exec -it ${POD_ID} -n ${AGENT_NAMESPACE} -- bash -c "${EXPORT_EX_USER_AUTH_CMD}; hzn exchange node remove ${node_id} -f" + $KUBECTL exec ${POD_ID} -n ${AGENT_NAMESPACE} -c "anax" -- bash -c "${EXPORT_EX_USER_AUTH_CMD}; hzn exchange node remove ${node_id} -f" set -e log_debug "deleteNodeFromManagementHub() end" @@ -319,7 +316,7 @@ function verifyNodeRemovedFromManagementHub() { log_info "Verifying node ${node_id} is removed from the management hub..." set +e - $KUBECTL exec -it ${POD_ID} -n ${AGENT_NAMESPACE} -- bash -c "${EXPORT_EX_USER_AUTH_CMD}; hzn exchange node list ${node_id}" >/dev/null 2>&1 + $KUBECTL exec ${POD_ID} -n ${AGENT_NAMESPACE} -c "anax" -- bash -c "${EXPORT_EX_USER_AUTH_CMD}; hzn exchange node list ${node_id}" >/dev/null 2>&1 if [ $? -ne 8 ]; then log_warning "Node was not removed from the management hub" fi