Skip to content

Commit e47996b

Browse files
lildudelildude
authored
Merge pull request #329 from github/lildude/prep-es24-update
Prepare backup-utils for the Elasticsearch upgrade coming in GHE 2.11.0
2 parents ac259f9 + 0ae65cd commit e47996b

File tree

5 files changed

+115
-1
lines changed

5 files changed

+115
-1
lines changed

bin/ghe-restore

Lines changed: 21 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -109,7 +109,7 @@ if $cluster; then
109109
snapshot_instance_version=$(cat $GHE_RESTORE_SNAPSHOT_PATH/version)
110110
if ! echo $snapshot_instance_version | \
111111
grep -Eq "v2\.[5-9]|v2\.[1-9][0-9]|v[3-9]|v[1-9][0-9]"; then
112-
echo "Error: Snapshot must be from GitHub Enterprise v2.5.0 or above to be restored"
112+
echo "Error: Snapshot must be from GitHub Enterprise v2.5.0 or above to be restored" >&2
113113
echo " into a cluster (detected $snapshot_instance_version). Aborting." >&2
114114
exit 1
115115
fi
@@ -123,6 +123,21 @@ if ghe-ssh "$GHE_HOSTNAME" -- \
123123
exit 1
124124
fi
125125

126+
# Only allow restores of 2.9 and 2.10 snapshots that have run the audit log migration to 2.11 and above
127+
if ! $force; then
128+
snapshot_instance_version=$(cat $GHE_RESTORE_SNAPSHOT_PATH/version)
129+
snapshot_version_major=$(echo "${snapshot_instance_version#v}" | cut -f 1 -d .)
130+
snapshot_version_minor=$(echo "$snapshot_instance_version" | cut -f 2 -d .)
131+
if ! test -f $GHE_RESTORE_SNAPSHOT_PATH/es-scan-complete && \
132+
[ "$snapshot_version_major" -eq 2 ] && [ "$snapshot_version_minor" -lt 11 ] && \
133+
[ "$GHE_VERSION_MAJOR" -eq 2 ] && [ "$GHE_VERSION_MINOR" -ge 11 ]; then
134+
echo "Error: Snapshot must be from GitHub Enterprise v2.9 or v2.10 after running the" >&2
135+
echo " audit log migration, or from v2.11.0 or above." >&2
136+
echo "Please see https://git.io/v5rCE for the audit log migration procedure." >&2
137+
exit 1
138+
fi
139+
fi
140+
126141
# Prompt to verify the restore host given is correct. Restoring overwrites
127142
# important data on the destination appliance that cannot be recovered. This is
128143
# mostly to prevent accidents where the backup host is given to restore instead
@@ -339,6 +354,11 @@ else
339354
ghe-restore-es-${GHE_BACKUP_STRATEGY} "$GHE_HOSTNAME" 1>&3
340355
fi
341356

357+
# Restore the audit log migration sentinel file, if it exists in the snapshot
358+
if test -f $GHE_RESTORE_SNAPSHOT_PATH/es-scan-complete; then
359+
ghe-ssh "$GHE_HOSTNAME" -- "sudo touch $GHE_REMOTE_DATA_USER_DIR/common/es-scan-complete"
360+
fi
361+
342362
# Restart an already running memcached to reset the cache after restore
343363
if [ "$GHE_VERSION_MAJOR" -ge 2 ]; then
344364
echo "Restarting memcached ..." 1>&3

script/cibuild

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,7 @@ REMOTE_VERSIONS="
1111
2.0.0
1212
2.2.0
1313
2.5.0
14+
2.11.0
1415
"
1516

1617
# Enable verbose logging of ssh commands

share/github-backup-utils/ghe-backup-es-rsync

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -96,4 +96,9 @@ ghe-rsync -avz \
9696
"$(ssh_host_part "$host"):$GHE_REMOTE_DATA_USER_DIR/elasticsearch/" \
9797
"$GHE_SNAPSHOT_DIR/elasticsearch" 1>&3
9898

99+
# "Backup" audit log migration sentinel file
100+
if ghe-ssh "$host" -- "test -f $GHE_REMOTE_DATA_USER_DIR/common/es-scan-complete"; then
101+
touch $GHE_SNAPSHOT_DIR/es-scan-complete
102+
fi
103+
99104
bm_end "$(basename $0)"

test/test-ghe-backup.sh

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -49,6 +49,9 @@ if [ "$GHE_VERSION_MAJOR" -ge 2 ]; then
4949

5050
# Create a fake UUID
5151
echo "fake uuid" > "$GHE_REMOTE_DATA_USER_DIR/common/uuid"
52+
53+
# Create fake audit log migration sentinel file
54+
touch "$GHE_REMOTE_DATA_USER_DIR/common/es-scan-complete"
5255
fi
5356

5457
# Create some fake elasticsearch data in the remote data directory
@@ -154,6 +157,9 @@ begin_test "ghe-backup first snapshot"
154157

155158
# check that ca certificates were backed up
156159
[ "$(cat "$GHE_DATA_DIR/current/ssl-ca-certificates.tar")" = "fake ghe-export-ssl-ca-certificates data" ]
160+
161+
# verify the audit log migration sentinel file has been created
162+
[ -f "$GHE_DATA_DIR/current/es-scan-complete" ]
157163
fi
158164

159165
# verify that ghe-backup wrote its version information to the host
@@ -241,6 +247,9 @@ begin_test "ghe-backup subsequent snapshot"
241247

242248
# check that ca certificates were backed up
243249
[ "$(cat "$GHE_DATA_DIR/current/ssl-ca-certificates.tar")" = "fake ghe-export-ssl-ca-certificates data" ]
250+
251+
# verify the audit log migration sentinel file has been created
252+
[ -f "$GHE_DATA_DIR/current/es-scan-complete" ]
244253
fi
245254
)
246255
end_test
@@ -344,6 +353,9 @@ begin_test "ghe-backup with relative data dir path"
344353

345354
# check that ca certificates were backed up
346355
[ "$(cat "$GHE_DATA_DIR/current/ssl-ca-certificates.tar")" = "fake ghe-export-ssl-ca-certificates data" ]
356+
357+
# verify the audit log migration sentinel file has been created
358+
[ -f "$GHE_DATA_DIR/current/es-scan-complete" ]
347359
fi
348360

349361
# verify that ghe-backup wrote its version information to the host

test/test-ghe-restore.sh

Lines changed: 76 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -83,6 +83,10 @@ echo "fake ghe-export-ssl-ca-certificates data" > "$GHE_DATA_DIR/current/ssl-ca-
8383
echo "fake license data" > "$GHE_DATA_DIR/current/enterprise.ghl"
8484
echo "fake manage password hash data" > "$GHE_DATA_DIR/current/manage-password"
8585
echo "rsync" > "$GHE_DATA_DIR/current/strategy"
86+
echo "$GHE_REMOTE_VERSION" > "$GHE_DATA_DIR/current/version"
87+
if [ "$GHE_VERSION_MAJOR" -eq 2 ]; then
88+
touch "$GHE_DATA_DIR/current/es-scan-complete"
89+
fi
8690

8791
begin_test "ghe-restore into configured vm"
8892
(
@@ -152,6 +156,11 @@ begin_test "ghe-restore into configured vm"
152156

153157
# verify the UUID was transferred
154158
diff -ru "$GHE_DATA_DIR/current/uuid" "$GHE_REMOTE_DATA_USER_DIR/common/uuid"
159+
160+
# verify the audit log migration sentinel file has been created on 2.9 and above
161+
if [ "$GHE_VERSION_MAJOR" -eq 2 ] && [ "$GHE_VERSION_MINOR" -ge 9 ]; then
162+
[ -f "$GHE_REMOTE_DATA_USER_DIR/common/es-scan-complete" ]
163+
fi
155164
fi
156165
)
157166
end_test
@@ -292,6 +301,11 @@ begin_test "ghe-restore -c into unconfigured vm"
292301

293302
# verify ghe-export-ssl-ca-certificates was run
294303
grep -q "fake ghe-export-ssl-ca-certificates data" "$TRASHDIR/restore-out"
304+
305+
# verify the audit log migration sentinel file has been created on 2.9 and above
306+
if [ "$GHE_VERSION_MAJOR" -eq 2 ] && [ "$GHE_VERSION_MINOR" -ge 9 ]; then
307+
[ -f "$GHE_REMOTE_DATA_USER_DIR/common/es-scan-complete" ]
308+
fi
295309
fi
296310
)
297311
end_test
@@ -365,6 +379,11 @@ begin_test "ghe-restore into unconfigured vm"
365379

366380
# verify no config run after restore on unconfigured instance
367381
! grep -q "ghe-config-apply OK" "$TRASHDIR/restore-out"
382+
383+
# verify the audit log migration sentinel file has been created on 2.9 and above
384+
if [ "$GHE_VERSION_MAJOR" -eq 2 ] && [ "$GHE_VERSION_MINOR" -ge 9 ]; then
385+
[ -f "$GHE_REMOTE_DATA_USER_DIR/common/es-scan-complete" ]
386+
fi
368387
fi
369388
)
370389
end_test
@@ -418,6 +437,11 @@ begin_test "ghe-restore with host arg"
418437

419438
# verify the UUID was transferred
420439
diff -ru "$GHE_DATA_DIR/current/uuid" "$GHE_REMOTE_DATA_USER_DIR/common/uuid"
440+
441+
# verify the audit log migration sentinel file has been created on 2.9 and above
442+
if [ "$GHE_VERSION_MAJOR" -eq 2 ] && [ "$GHE_VERSION_MINOR" -ge 9 ]; then
443+
[ -f "$GHE_REMOTE_DATA_USER_DIR/common/es-scan-complete" ]
444+
fi
421445
fi
422446
)
423447
end_test
@@ -628,3 +652,55 @@ begin_test "ghe-restore fails when restore to an active HA pair"
628652
echo $output | grep -q "Error: Restoring to an appliance with replication enabled is not supported."
629653
)
630654
end_test
655+
656+
begin_test "ghe-restore fails when restore 2.9/2.10 snapshot without audit log migration sentinel file to 2.11"
657+
(
658+
set -e
659+
660+
# noop if not testing against 2.11
661+
if [ "$GHE_VERSION_MAJOR" -le 1 ] || [ "$GHE_VERSION_MINOR" -ne 11 ]; then
662+
exit 0
663+
fi
664+
665+
rm -rf "$GHE_REMOTE_ROOT_DIR"
666+
setup_remote_metadata
667+
668+
echo "rsync" > "$GHE_DATA_DIR/current/strategy"
669+
echo "v2.9.10" > "$GHE_DATA_DIR/current/version"
670+
rm "$GHE_DATA_DIR/current/es-scan-complete"
671+
672+
! output=$(ghe-restore -v localhost 2>&1)
673+
674+
echo $output | grep -q "Error: Snapshot must be from GitHub Enterprise v2.9 or v2.10 after running the"
675+
676+
echo "v2.10.5" > "$GHE_DATA_DIR/current/version"
677+
! output=$(ghe-restore -v localhost 2>&1)
678+
679+
echo $output | grep -q "Error: Snapshot must be from GitHub Enterprise v2.9 or v2.10 after running the"
680+
)
681+
end_test
682+
683+
begin_test "ghe-restore force restore of 2.9/2.10 snapshot without audit log migration sentinel file to 2.11"
684+
(
685+
set -e
686+
687+
# noop if not testing against 2.11
688+
if [ "$GHE_VERSION_MAJOR" -le 1 ] || [ "$GHE_VERSION_MINOR" -ne 11 ]; then
689+
exit 0
690+
fi
691+
692+
rm -rf "$GHE_REMOTE_ROOT_DIR"
693+
setup_remote_metadata
694+
695+
echo "rsync" > "$GHE_DATA_DIR/current/strategy"
696+
echo "v2.9.10" > "$GHE_DATA_DIR/current/version"
697+
698+
# Create fake remote repositories dir
699+
mkdir -p "$GHE_REMOTE_DATA_USER_DIR/repositories"
700+
701+
ghe-restore -v -f localhost
702+
703+
echo "v2.10.5" > "$GHE_DATA_DIR/current/version"
704+
ghe-restore -v -f localhost
705+
)
706+
end_test

0 commit comments

Comments
 (0)