Skip to content

Commit

Permalink
Scar Migration - PEM-6444 (#4968)
Browse files Browse the repository at this point in the history 
* fix: patch release

* docs: add custom security group ingress rules section PCP-1906 (#4781)

* docs: add custom security group ingress rules section PCP-1906

* docs: change existing heading

* docs: specify aws iaas

* docs: VM Migration Assistant (#4737)

* docs: VM Migration Assistant draft

* docs: fix broken links

* doc: heading change

* doc: information architecture improvements

* doc: minor sub-category change

* doc: restructure and additional content

* doc: tidy up and additional overview options

* doc: some peer review changes

* doc: final draft additions

* doc: format changes

* doc: fix broken RBAC anchor

* Apply suggestions from code review

* Optimised images with calibre/image-actions

* Optimised images with calibre/image-actions

* doc: adding one line suggestions

Co-authored-by: Karl Cardenas <[email protected]>

* ci: auto-formatting prettier issues

* docs: resolve longer content suggestions

* ci: auto-formatting prettier issues

* docs: warm and cold migration steps

* Optimised images with calibre/image-actions

* Optimised images with calibre/image-actions

* docs: virt-customize ConfigMap example

* docs: Restructure IA

* docs: change to headers from tabs

* docs: DOC-1490 DOC-1494 Self-Hosted Updates (#4792)

* docs: DOC-1490

* docs: added a prereq to install pages

* docs: 1494

* docs: apply suggestions from code review

Co-authored-by: Lenny Chen <[email protected]>

* docs: Apply suggestions from code review

---------

Co-authored-by: Lenny Chen <[email protected]>

* docs: resolve vale comments

* docs: longform flag

* docs: lingering ableist word

* docs: resolve Romain's comments

* docs: code review suggestions

Co-authored-by: Karl Cardenas <[email protected]>

* docs: change lingering tabs to headers

* docs: access service console

* ci: auto-formatting prettier issues

* docs: resolve prettier issue

* docs: upgrade Docusaurus 3.6.3 (#4799)

* chore: upgrade docusarus

* chore: DOC-1495 upgrade docusaurus

---------

Co-authored-by: vault-token-factory-spectrocloud[bot] <133815545+vault-token-factory-spectrocloud[bot]@users.noreply.github.com>
Co-authored-by: Karl Cardenas <[email protected]>
Co-authored-by: benradstone <[email protected]>
Co-authored-by: Lenny Chen <[email protected]>

* docs: Update VM Migration Assistant pack parameters table (#4810)

* docs: update pack parameter table

* ci: auto-formatting prettier issues

* Apply suggestions from code review

* ci: auto-formatting prettier issues

---------

Co-authored-by: benradstone <[email protected]>

* docs: add message brokers section PEM-6141 (#4818)

* docs: add palette communication section PEM-6141

* docs: fix vale

* Apply suggestions from code review

Co-authored-by: Ben Radstone <[email protected]>

* ci: auto-formatting prettier issues

* docs: clarify management plane clusters

---------

Co-authored-by: Ben Radstone <[email protected]>
Co-authored-by: addetz <[email protected]>

* docs: add feature gate to the vm clone guide DOC-1491 (#4827)

* docs: add feature gate to the vm clone guide DOC-1491

* docs: change capitalisation of kubevirt

* docs: change capitalisation of kubevirt

* docs: Palette 4.5.b API docs (#4842)

* Palette 4.5.b API docs

* ci: auto-formatting API changes

---------

Co-authored-by: karl-cardenas-coding <[email protected]>
Co-authored-by: Karl Cardenas <[email protected]>

* docs: proxy certificates for earthly builds (#4807)

* docs: add docs about proxy certs during build

* docs: adjust subheadings

* Apply suggestions from code review

* docs: update deprecation description

* docs: feedback

---------

Co-authored-by: Lenny Chen <[email protected]>

* docs: update cluster profile update guides PEM-6443 (#4859)

* docs: update cluster profile update guides PEM-6443

* Optimised images with calibre/image-actions

* Optimised images with calibre/image-actions

* docs: rectify misspelling

* ci: auto-formatting prettier issues

* Optimised images with calibre/image-actions

* Optimised images with calibre/image-actions

* Update docs/docs-content/profiles/cluster-profiles/modify-cluster-profiles/update-cluster-profile.md

Co-authored-by: Ben Radstone <[email protected]>

* ci: auto-formatting prettier issues

---------

Co-authored-by: vault-token-factory-spectrocloud[bot] <133815545+vault-token-factory-spectrocloud[bot]@users.noreply.github.com>
Co-authored-by: addetz <[email protected]>
Co-authored-by: Ben Radstone <[email protected]>

* docs: add cluster-wide resources backup options PEM-5124 (#4860)

* docs: add cluster-wide resources backup options PEM-5124

* docs: add deletion policy flag PEM-5124

* docs: remove tabs

* Optimised images with calibre/image-actions

* Optimised images with calibre/image-actions

---------

Co-authored-by: vault-token-factory-spectrocloud[bot] <133815545+vault-token-factory-spectrocloud[bot]@users.noreply.github.com>

* docs: multi-node airgap documentation (#4281)

* docs: multi-node airgap documentation

* docs: update progress

* docs: add delete and scale docs

* docs: add prereqs for deletion

* docs: add draft

* docs: add host unlinking instructions

* docs: minor edit

* docs: edits

* docs: adjust page order

* docs: adjust page order

* docs: address review feedback

* docs: add prerequisites

* Optimised images with calibre/image-actions

* Optimised images with calibre/image-actions

* Optimised images with calibre/image-actions

* docs: fix broken anchors

* docs: proofread

* webp convert

* docs: add links on index page

* docs: typo

* Optimised images with calibre/image-actions

* Optimised images with calibre/image-actions

* Optimised images with calibre/image-actions

* docs: small change

* docs: plural

* docs: clarify leader nodes

* docs: simplify

* Apply suggestions from code review

Co-authored-by: Karl Cardenas <[email protected]>

* Apply suggestions from code review

Co-authored-by: Karl Cardenas <[email protected]>

* ci: auto-formatting prettier issues

* docs: edit

* docs: add warning about local path provisioner

---------

Co-authored-by: Lenny Chen <[email protected]>
Co-authored-by: vault-token-factory-spectrocloud[bot] <133815545+vault-token-factory-spectrocloud[bot]@users.noreply.github.com>
Co-authored-by: Karl Cardenas <[email protected]>
Co-authored-by: lennessyy <[email protected]>

* docs: PE-5647: Allow skipping of node drains when running cluster upgrades for single-node clusters. (#4851)

* docs: add instructions for skipping node draining

* docs: update parameters

* docs: add agent mode

* docs: minodr changes from JIRA

* docs: adjust page order

* docs: add note about always on selectors

* docs: small edits

* Update docs/docs-content/clusters/edge/cluster-management/skip-draining.md

---------

Co-authored-by: Lenny Chen <[email protected]>

* docs: Adjust wording and examples (#4896)

* Adjust wording and examples

* ci: auto-formatting prettier issues

* docs: update patch

* docs: add edits

---------

Co-authored-by: kreeuwijk <[email protected]>
Co-authored-by: Lenny Chen <[email protected]>

* docs: add scar migration guide

* docs: convert image

* docs: add partials

* docs: fix broken link

* Optimised images with calibre/image-actions

* docs: update palette keyword

* docs: remove duplicate entry

* docs: Apply suggestions from code review

Co-authored-by: Karl Cardenas <[email protected]>

* docs: address review suggestions

* docs: address additional suggestions

---------

Co-authored-by: Karl Cardenas <[email protected]>
Co-authored-by: Adelina Simion <[email protected]>
Co-authored-by: Ben Radstone <[email protected]>
Co-authored-by: vault-token-factory-spectrocloud[bot] <133815545+vault-token-factory-spectrocloud[bot]@users.noreply.github.com>
Co-authored-by: Karl Cardenas <[email protected]>
Co-authored-by: benradstone <[email protected]>
Co-authored-by: Lenny Chen <[email protected]>
Co-authored-by: addetz <[email protected]>
Co-authored-by: Ravikumar Kondepati <[email protected]>
Co-authored-by: karl-cardenas-coding <[email protected]>
Co-authored-by: Lenny Chen <[email protected]>
Co-authored-by: lennessyy <[email protected]>
Co-authored-by: Kevin Reeuwijk <[email protected]>
Co-authored-by: kreeuwijk <[email protected]>
  • Loading branch information
@caroldelwing @karl-cardenas-coding
@addetz @benradstone @vault-token-factory-spectrocloud @lennessyy @ravi-k8 @kreeuwijk
15 people authored Dec 17, 2024
1 parent 57c9f91 commit e6a0ce7
Show file tree
Hide file tree
Showing 4 changed files with 428 additions and 0 deletions.
396 changes: 396 additions & 0 deletions _partials/self-hosted/_scar-migration.mdx
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,396 @@
---
partial_category: self-hosted
partial_name: scar-migration
---

The {props.edition} installation process requires users to configure and maintain an HTTP server to host {props.edition} manifests. This
server is known as the Spectro Cloud Artifact Regisry (SCAR). Alternatively, users now have the option to migrate these
manifests to the same OCI registry that hosts the {props.edition} images and packs. This migration is handled by a service
called Specman, which fetches the manifests from the OCI registry and serves them via an internal HTTP server.

The migration process involves two main steps:

- Pushing the {props.edition} manifests to the OCI registry.
- Updating the SCAR endpoint to point to the new internal HTTP server.

Once the migration is complete, there is no longer a need to maintain a separate file server exclusively for hosting the
{props.edition} manifests.

This guide will direct you through the steps required to push the {props.edition} manifests to the OCI registry and update the
SCAR endpoint.

## Prerequisites

- A deployed self-hosted {props.edition} <PaletteVertexUrlMapper
edition={props.edition}
text="cluster"
palettePath="/install-palette"
vertexPath="/install-palette-vertex"
/> that uses a customer-managed SCAR to host {props.edition}
manifests.
- Access to the {props.edition} cluster kubeconfig file to verify the SCAR endpoint.

:::tip

If you deployed {props.edition} using the Palette CLI, you can download the kubeconfig file from the {props.edition} cluster details
page in the system console. Navigate to the **Enterprise Cluster Migration** page and click on the **Admin
Kubeconfig** link to download the kubeconfig file. If you deployed {props.edition} to an existing Kubernetes cluster, contact
your cluster administrator to obtain the kubeconfig file. For instructions on using the kubeconfig file to access your
cluster, refer to the <VersionedLink text="Access Cluster with CLI" url="/clusters/cluster-management/palette-webctl"/>.

:::

- Access to the file server that hosts the {props.edition} manifests.
- The {props.edition} cluster must have been upgraded to version `4.5.13` or later. This is required for the SCAR migration to
function properly.
- Access to the {props.edition} system console.
- Ensure the following software is installed and available in the environment hosting the file server. For example, if
you deployed an airgapped instance of {props.edition} to VMware using an <PaletteVertexUrlMapper
edition={props.edition}
text="OVA"
palettePath="/install-palette/install-on-vmware/airgap-install/environment-setup/vmware-vsphere-airgap-instructions"
vertexPath="/install-palette-vertex/install-on-vmware/airgap-install/environment-setup/vmware-vsphere-airgap-instructions"
/>, these tools must be available on your airgap support VM.

- [tar](https://www.gnu.org/software/tar/)
- [AWS CLI v2](https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html) - Required only for AWS
ECR.
- [ORAS](https://oras.land/docs/installation/) v1.0.0

:::warning

This specific version of ORAS is explicitly required for pushing packs to OCI registries.

:::

- Ensure the following software is installed and available locally on your workstation.
- [curl](https://curl.se/docs/install.html)
- [jq](https://jqlang.github.io/jq/download/)
- [kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl-linux/)

## Migrate SCAR

1. In a terminal with connectivity to your {props.edition} cluster, delete any existing secrets named `spectro-manifest-registry-secrets` in the `hubble-system` namespace.

```shell
kubectl delete secret spectro-manifest-registry-secrets --nampespace hubble-system
```

```text hideClipboard
secret "spectro-manifest-registry-secrets" deleted
```

2. Next, open a terminal window in the environment hosting the file server and navigate to the folder where the {props.edition}
manifests are stored. For example, if you deployed an airgapped instance of {props.edition} to VMware using an <PaletteVertexUrlMapper
edition={props.edition}
text="OVA"
palettePath="/install-palette/install-on-vmware/airgap-install/environment-setup/vmware-vsphere-airgap-instructions"
vertexPath="/install-palette-vertex/install-on-vmware/airgap-install/environment-setup/vmware-vsphere-airgap-instructions"
/>, navigate to the `/var/www/html/`
directory.

```shell
cd /var/www/html/
```

Alternatively, if you deployed {props.edition} in an airgapped Kubernetes environment using <PaletteVertexUrlMapper
edition={props.edition}
text="Helm charts"
palettePath="/install-palette/install-on-kubernetes/airgap-install/kubernetes-airgap-instructions"
vertexPath="/install-palette-vertex/install-on-kubernetes/airgap-install/kubernetes-airgap-instructions"
/>, navigate to the directory served by the file server you configured.

3. Compress the folder contents into an archive file called `manifests.tgz`. Issue the following command to create the
archive.

```shell
tar -czvf manifests.tgz .
```

4. After compressing the files, authenticate with the OCI registry that hosts the {props.edition} images and packs.

:::tip

If you deployed an airgapped instance of {props.edition} to VMware using an <PaletteVertexUrlMapper
edition={props.edition}
text="OVA"
palettePath="/install-palette/install-on-vmware/airgap-install/environment-setup/vmware-vsphere-airgap-instructions"
vertexPath="/install-palette-vertex/install-on-vmware/airgap-install/environment-setup/vmware-vsphere-airgap-instructions"
/>, the OCI registry address is provided by the `airgap-setup.sh` script output. Alternatively, if you
deployed {props.edition} to an existing Kubernetes cluster using <PaletteVertexUrlMapper
edition={props.edition}
text="Helm charts"
palettePath="/install-palette/install-on-kubernetes/airgap-install/kubernetes-airgap-instructions"
vertexPath="/install-palette-vertex/install-on-kubernetes/airgap-install/kubernetes-airgap-instructions"
/>, contact your cluster administrator for the OCI
registry configuration.

:::

<!-- prettier-ignore -->
<Tabs groupId="registry">
<TabItem label="Harbor" value="Harbor_Registry">

Use `oras` to log in to your OCI registry. Replace the values below with your environment configuration. For
additional information about CLI flags and examples, check out the
[oras login](https://oras.land/docs/commands/oras_login) documentation. Replace `<harbor-address>` with the address
of your Harbor registry without the `https://` prefix, and `<harbor-username>` and `<harbor-password>` with your
Harbor credentials.

```shell
oras login <harbor-address> --username <harbor-username> --password <harbor-password>
```

If you are using a Harbor registry with a self-signed certificate, you must add the `--insecure` flag according to the following example.

```shell
oras login <harbor-address> --insecure --username <harbor-username> --password <harbor-password>
```

If the login is successful, you will receive the following confirmation message.

```hideClipboard
Login Succeeded
```

<!-- prettier-ignore -->
</TabItem>
<TabItem label="ECR" value="ECR_Registry">

Authenticate to your ECR registry using the `aws ecr get-login-password` command. This command generates an ECR
authorization token, which is then passed to the `oras login` command with `AWS` as username. Replace `<aws-region>`
with the AWS region where your ECR registry is configured, and `<aws-account-id>` with your AWS account ID.

```bash
aws ecr get-login-password --region <aws-region> | oras login --username AWS --password-stdin <aws-account-id>.dkr.ecr.<aws-region>.amazonaws.com
```

If the login is successful, you will receive the following confirmation message.

```hideClipboard
Login Succeeded
```

<!-- prettier-ignore -->
</TabItem>
</Tabs>

5. Push the `manifests.tgz` file to your OCI registry.
<!-- prettier-ignore -->
<Tabs groupId="registry">
<TabItem label="Harbor" value="Harbor_Registry">

Issue the following command to push the `manifests.tgz` file to your Harbor registry. Replace `<harbor-address>` with the address of your Harbor registry.

```shell
oras push <harbor-address>/spectro-packs/spectro-manifests/manifest:0.0.0 manifests.tgz
```

<!-- prettier-ignore -->
</TabItem>
<TabItem label="ECR" value="ECR_Registry">

Issue the following command to push the `manifests.tgz` file to your ECR registry. Replace `<aws-region>` with the AWS region where your ECR registry is configured and `<aws-account-id>` with your AWS account ID.

```shell
oras push <aws-account-id>.dkr.ecr.<aws-region>.amazonaws.com/spectro-packs/spectro-manifests/manifest:0.0.0 manifests.tgz
```

<!-- prettier-ignore -->
</TabItem>
</Tabs>

6. Next, login to the {props.edition} system console and select **Administration** from the left **Main Menu**.

7. Select the **Pack Registries** tab, click the **three-dot Menu** at the end of the OCI registry row, and then select **Edit**.

8. Check the **Contains Spectro Manifests** box, click **Validate**, and then click **Confirm**.

![View of the 'Contains Spectro Manifests' OCI registry box.](/enterprise-version_system-management_scar-migration.webp)

9. In a terminal with connectivity to your {props.edition} cluster, issue the following command to verify that the `Specman`
service is fetching the content pushed to the OCI registry in step **5** of this guide, with the tag `0.0.0`.

```shell
kubectl logs --namespace hubble-system specman-0
```

```text hideClipboard
time="2024-12-06T12:43:14Z" level=info msg="Syncing with OCI repo"
time="2024-12-06T12:43:14Z" level=info msg="tags[4.5.11 4.5.13 0.0.0]"
time="2024-12-06T12:43:14Z" level=info msg="Downloading 0.0.0"
time="2024-12-06T12:43:14Z" level=info msg="tags[4.5.11 4.5.13 0.0.0]"
time="2024-12-06T12:43:14Z" level=info msg="Downloading 0.0.0"
time="2024-12-06T12:43:14Z" level=info msg="listing dir /tmp/0.0.03808764833"
time="2024-12-06T12:43:14Z" level=info msg="filename: manifests.tgz, isDir: false"
time="2024-12-06T12:43:14Z" level=info msg="Persisting 0.0.0"
```

10. The final step to complete the migration involves updating the SCAR endpoint to the internal HTTP server endpoint
that now serves the {props.edition} manifests: `https://specman-service.hubble-system.svc.cluster.local:8443`. Issue the
following command to create the script responsible for updating the endpoint.

```shell
cat << 'EOF1' > scar-registry-update.sh
#!/bin/bash
###############################################################################
# Usage:
# ./ec-scar-registry-update.sh https://<PALETTE_URL> admin <SYS_ADMIN_PASSWORD>
###############################################################################
#

set -u
set -x

export ENDPOINT=$1
export SYSTEM_ADMIN_USERNAME=$2
export SYSTEM_ADMIN_PASSWORD=$3

export SCAR_ENDPOINT=https://specman-service.hubble-system.svc.cluster.local:8443
export SCAR_USERNAME=
export SCAR_PASSWORD=

auth_request() {
cat <<EOF
{
"username": "${SYSTEM_ADMIN_USERNAME}",
"password": "${SYSTEM_ADMIN_PASSWORD}"
}
EOF
}

scar_request(){
cat <<EOF
{
"endpoint": "${SCAR_ENDPOINT}",
"password": "${SCAR_PASSWORD}",
"username": "${SCAR_USERNAME}"
}
EOF
}

get_auth_token() {
authtoken=$(curl -k --location --silent --request POST "${ENDPOINT}/v1/auth/syslogin?setCookie=true" \
--header 'Content-Type: application/json' \
--data "$(auth_request)" | jq ."Authorization")
if [[ "${authtoken}" == null ]]; then
echo "Error Logging in. Please check the credentials and URL"
exit 1
fi
}

update_scar_repo() {
response=$(curl -k --write-out '%{http_code}' --silent --output /dev/null --location --request PUT "${ENDPOINT}/v1/system/config/scar" \
--header 'Content-Type: application/json' \
--header 'Accept: application/json' \
--header "Cookie: Authorization=${authtoken}" \
--data-raw "$(scar_request)")
if [[ "${response}" != "204" ]]; then
echo "Error: Unable to update the Scar Repo"
else
echo "Success Setting the Scar Repo. Waiting for a minute to get the changes syncing"
sleep 60
fi
}

update_instance_type() {
response=$(curl -k --write-out '%{http_code}' --location "${ENDPOINT}/v1/jobs/internal/syncCloudInstanceTypesData/run" \
--header 'Content-Type: application/json' \
--header 'Accept: application/json' \
--header "Cookie: Authorization=${authtoken}")
if [[ "${response}" != "204" ]]; then
echo "Error: Unable to update the Instance Type"
else
echo "Started Syncing Storage Type from the palette Service"
fi
}

update_storage_type() {
response=$(curl -k --write-out '%{http_code}' --location "${ENDPOINT}/v1/jobs/internal/syncCloudStorageTypesData/run" \
--header 'Content-Type: application/json' \
--header 'Accept: application/json' \
--header "Cookie: Authorization=${authtoken}")
if [[ "${response}" != "204" ]]; then
echo "Error: Unable to update the Storage Type"
else
echo "Started Syncing Storage Type from the palette Service"
fi
}

get_auth_token
update_scar_repo
update_instance_type
update_storage_type

echo "Wait for 5 minute for the sync process to complete."
EOF1
```

11. Grant execution permissions to the `scar-registry-update.sh` script.

```shell
chmod +x scar-registry-update.sh
```

12. Invoke the script to update the SCAR endpoint. Replace `<cluster-url>` with the address of your {props.edition} instance and
`<sys-admin-password>` with the system administrator password.

```shell
./scar-registry-update.sh <cluster-url> admin <sys-admin-password>
```

Consider the following example for reference.

```shell hideClipboard
./scar-registry-update.sh https://example.spectrocloud.com admin examplepassword
```

The following message confirms that the script has completed its tasks.

```text hideClipboard
Wait for 5 minutes for the sync process to complete.
```
You have now migrated SCAR to the OCI registry that hosts the {props.edition} images and packs. In subsequent releases, the {props.edition} airgap installation binary will handle pushing the new manifest to the OCI registry.

## Validate

Use the following steps to verify that the endpoint was updated successfully.

1. Export your {props.edition} credentials as environment variables. Replace `<cluster-url>` with the
address of your {props.edition} cluster and `<sys-admin-password>` with the system administrator password.

```shell
export ENDPOINT=<cluster-url>
export PASSWORD=<sys-admin-password>
```

2. Log in to the Palette System API using the `/v1/auth/syslogin` endpoint. The response will contain the authentication token that you will use in the next request.

```shell
AUTH_TOKEN=$(curl --location "${ENDPOINT}/v1/auth/syslogin" \
--header 'Content-Type: application/json' \
--data '{
"username": "admin",
"password": "'${PASSWORD}'"
}' | jq ."Authorization")
```

:::tip

If your cluster is using the default self-signed certificate, you can use the `--insecure` flag with the `curl` commands
to bypass the certificate check.

:::

3. Use the `/v1/system/config/scar` endpoint to confirm that the SCAR endpoint has been correctly updated.

```shell
curl --location "${ENDPOINT}/v1/system/config/scar" \
--header "Cookie: Authorization=${AUTH_TOKEN}"
```

The output should contain the updated SCAR endpoint.

```text hideClipboard
{"endpoint":"https://specman-service.hubble-system.svc.cluster.local:8443"}
```
Loading

0 comments on commit e6a0ce7

Please sign in to comment.