From 905276f65e58601b74dfa0258fa64bc990e33063 Mon Sep 17 00:00:00 2001 From: zhangl Date: Wed, 4 Dec 2024 11:52:48 -0800 Subject: [PATCH] Issue open-horizon#4182 - agent-install.sh should error out earlier if node id of the cluster agent already exists in a different namespace Signed-off-by: zhangl --- agent-install/agent-install.sh | 57 ++++++++++++++++++++++++++-------- 1 file changed, 44 insertions(+), 13 deletions(-) diff --git a/agent-install/agent-install.sh b/agent-install/agent-install.sh index f38aced78..da2634914 100755 --- a/agent-install/agent-install.sh +++ b/agent-install/agent-install.sh @@ -2056,7 +2056,7 @@ function install_macos() { fi if [[ $AGENT_AUTO_UPGRADE != 'true' ]]; then - check_existing_exch_node_is_correct_type "device" + check_existing_exch_node_info "device" fi if is_agent_registered && (! is_horizon_defaults_correct || ! is_registration_correct); then @@ -2304,7 +2304,7 @@ function install_debian() { check_and_set_anax_port # sets ANAX_PORT if [[ $AGENT_AUTO_UPGRADE != 'true' ]]; then - check_existing_exch_node_is_correct_type "device" + check_existing_exch_node_info "device" fi if is_agent_registered && (! is_horizon_defaults_correct "$ANAX_PORT" || ! is_registration_correct); then @@ -2566,7 +2566,7 @@ function install_redhat() { if [[ $AGENT_ONLY_CLI != 'true' ]]; then check_and_set_anax_port # sets ANAX_PORT if [[ $AGENT_AUTO_UPGRADE != 'true' ]]; then - check_existing_exch_node_is_correct_type "device" + check_existing_exch_node_info "device" fi if is_agent_registered && (! is_horizon_defaults_correct "$ANAX_PORT" || ! is_registration_correct); then @@ -3392,13 +3392,8 @@ function find_node_ip_address() { fi } -# If node exist in management hub, verify it is correct type (device or cluster) -function check_existing_exch_node_is_correct_type() { - log_debug "check_existing_exch_node_is_correct_type() begin" - - local expected_type=$1 - - log_info "Verifying that node $NODE_ID in the exchange is type $expected_type (if it exists)..." +# check the node with $NODE_ID in the exchange, return the output from the exchange +function get_existing_exch_node() { local exch_creds cert_flag if [[ -n $HZN_EXCHANGE_USER_AUTH ]]; then exch_creds="$HZN_ORG_ID/$HZN_EXCHANGE_USER_AUTH" else exch_creds="$HZN_ORG_ID/$HZN_EXCHANGE_NODE_AUTH" # input checking requires either user creds or node creds @@ -3407,7 +3402,32 @@ function check_existing_exch_node_is_correct_type() { if [[ -n $AGENT_CERT_FILE && -f $AGENT_CERT_FILE ]]; then cert_flag="--cacert $AGENT_CERT_FILE" fi - local exch_output=$(curl -fsS ${CURL_RETRY_PARMS} $cert_flag $HZN_EXCHANGE_URL/orgs/$HZN_ORG_ID/nodes/$NODE_ID -u "$exch_creds" 2>/dev/null) || true + exch_output=$(curl -fsS ${CURL_RETRY_PARMS} $cert_flag $HZN_EXCHANGE_URL/orgs/$HZN_ORG_ID/nodes/$NODE_ID -u "$exch_creds" 2>/dev/null) || true + echo "$exch_output" +} + +# check if the node with $NODE_ID exists in the exchange, and if public key of node is set +function check_node_existing_and_active() { + log_debug "check_node_existing_and_active() begin" + local exch_output=$(get_existing_exch_node) + if [[ -n "$exch_output" ]]; then + local exch_node_public_key=$(echo $exch_output | jq -re '.nodes | .[].publicKey') + if [[ "$exch_node_public_key" != "" ]] ; then + log_fatal 2 "node $NODE_ID already exists in the exchange and encryption key is set. To continue, use a different node id or delete existing node from the exchange" + fi + fi + log_debug "check_node_existing_and_active() end" +} + +# Check if the node exist in management hub, verify 1) it is correct type (device or cluster), 2) for cluster node, verify namespace +function check_existing_exch_node_info() { + log_debug "check_existing_exch_node_info() begin" + + local expected_type=$1 + local expected_namespace=$2 + + log_info "Verifying that node $NODE_ID in the exchange is type $expected_type (if it exists)..." + local exch_output=$(get_existing_exch_node) if [[ -n "$exch_output" ]]; then local exch_node_type=$(echo $exch_output | jq -re '.nodes | .[].nodeType') @@ -3416,9 +3436,17 @@ function check_existing_exch_node_is_correct_type() { elif [[ "$exch_node_type" == "cluster" ]] && [[ "$expected_type" != "cluster" ]]; then log_fatal 2 "Node id ${NODE_ID} has already been created as nodeType cluster. Remove the node from the exchange and run this script again." fi + + local exch_node_namespace=$(echo $exch_output | jq -re '.nodes | .[].clusterNamespace') + local exch_node_public_key=$(echo $exch_output | jq -re '.nodes | .[].publicKey') + if [[ "$exch_node_type" == "cluster" ]] && [[ "$exch_node_public_key" != "" ]] && [[ "$expected_namespace" != "$exch_node_namespace" ]]; then + log_fatal 2 "Cluster node: $NODE_ID already exists in namespace $exch_node_namespace. To continue, use a different node id or delete existing node from the exchange" + elif [[ "$exch_node_type" == "cluster" ]] && [[ "$exch_node_public_key" == "" ]]; then + log_info "The node in the exchange ($exch_node_namespace) has empty encryption key, continue on cluster install/update" + fi fi - log_debug "check_existing_exch_node_is_correct_type() end" + log_debug "check_existing_exch_node_info() end" } # make sure the new exchange url and cert are good. @@ -4505,7 +4533,7 @@ function install_update_cluster() { confirmCmds jq - check_existing_exch_node_is_correct_type "cluster" + check_existing_exch_node_info "cluster" $AGENT_NAMESPACE check_cluster_agent_scope # sets AGENT_DEPLOYMENT_EXIST_IN_SAME_NAMESPACE @@ -4551,6 +4579,8 @@ function install_update_cluster() { function install_cluster() { log_debug "install_cluster() begin" + check_node_existing_and_active + # generate files based on templates generate_installation_files @@ -4713,3 +4743,4 @@ elif is_cluster; then else log_fatal 1 "AGENT_DEPLOY_TYPE must be 'device' or 'cluster'" fi +