Fix domain upgrade from 12214 to 1412 logic causing regular online update failure.

Author: jshum2479

operator/src/main/resources/scripts/mii-domain-upgrade.py

@@ -10,6 +10,7 @@
 import sys
 import traceback
 from xml.dom.minidom import parse
+from java.lang import Boolean
 
 
 tmp_callerframerecord = inspect.stack()[0]    # 0 represents this line # 1 represents line at caller
@@ -21,7 +22,10 @@
 from weblogic.management.configuration import LegalHelper
 
 def checkIfSecureModeEnabledForDomain(domain, domain_version):
-  trace("Checking secure mode")
+
+  # Caller only invoke this if the current pod version is greater than or 14.1.2.0 and existing domain
+
+  trace("Checking secure mode in existing domain")
   secureModeEnabled = False
   cd('/SecurityConfiguration/' + domain.getName())
   childs = ls(returnType='c', returnMap='true')
@@ -36,10 +40,22 @@ def checkIfSecureModeEnabledForDomain(domain, domain_version):
     #
     secureModeEnabled = domain.isProductionModeEnabled() and not LegalHelper.versionEarlierThan(domain_version, "14.1.2.0")
 
+  if isinstance(secureModeEnabled, str) or isinstance(secureModeEnabled, unicode):
+    result =  Boolean.valueOf(secureModeEnabled)
+  else:
+    result =  secureModeEnabled
+
   trace("Writing secure mode status as " + str(secureModeEnabled))
   fh = open('/tmp/mii_domain_upgrade.txt', 'w')
-  fh.write(str(secureModeEnabled))
+  if result:
+    fh.write("True")
+  else:
+    fh.write("False")
   fh.close()
+  if LegalHelper.versionEarlierThan(domain_version, "14.1.2.0"):
+    fh = open('/tmp/mii_domain_before14120.txt', 'w')
+    fh.write("True")
+    fh.close()
 
 trace("Checking existing domain at " + str(sys.argv[1]))
 try:

operator/src/main/resources/scripts/modelInImage.sh

@@ -395,13 +395,13 @@ createWLDomain() {
   # something changed in the wdt artifacts or wls version changed
   # create domain again
 
-  SECUREMODE_INJECTED=0
+  DISABLE_SM_FOR_12214_NONSM_UPG=0
   if [  -f ${PRIMORDIAL_DOMAIN_ZIPPED} ] ; then
     checkSecureModeForUpgrade
   fi
 
   if  [ ${WDT_ARTIFACTS_CHANGED} -ne 0 ] || [ ${jdk_changed} -eq 1 ] \
-    || [ ${SECRETS_AND_ENV_CHANGED} -ne 0 ] || [ ${SECUREMODE_INJECTED} -eq 1 ] ; then
+    || [ ${SECRETS_AND_ENV_CHANGED} -ne 0 ] || [ ${DISABLE_SM_FOR_12214_NONSM_UPG} -eq 1 ] ; then
 
     trace "Need to create domain ${WDT_DOMAIN_TYPE}"
     createModelDomain
@@ -816,12 +816,16 @@ checkSecureModeForUpgrade() {
       local MII_PASSPHRASE=$(cat ${RUNTIME_ENCRYPTION_SECRET_PASSWORD})
       encrypt_decrypt_domain_secret "decrypt" /tmp/miiupgdomain${DOMAIN_HOME} ${MII_PASSPHRASE}
       cd /tmp/miiupgdomain && base64 -d ${WLSDOMAIN_CONFIG_ZIPPED} > ${LOCAL_WLSDOMAIN_CONFIG_ZIP}.tmp && tar -pxzf ${LOCAL_WLSDOMAIN_CONFIG_ZIP}.tmp
+      # reading existing domain to determine what the secure mode should be whether it is set or by default.
       # a file is written to a /tmp/mii_domain_upgrade.txt containing the status of SecureModeEnabled.
       ${SCRIPTPATH}/wlst.sh ${SCRIPTPATH}/mii-domain-upgrade.py /tmp/miiupgdomain$DOMAIN_HOME || exitOrLoop
       # cd to an existing dir since we are deleting the /tmp/miiupgdomain
       cd /
       if [ -f /tmp/mii_domain_upgrade.txt ] && [ $(grep -i False /tmp/mii_domain_upgrade.txt | wc -l ) -gt 0 ] ; then
-        SECUREMODE_INJECTED=1
+        if [ -f /tmp/mii_domain_before14120.txt ] && [ $(grep -i True /tmp/mii_domain_before14120.txt | wc -l ) -gt 0 ] ; then
+          # Set this so that the upgrade image only scenario 12.2.1.4 to 14.1.2 will recreate the domain
+          DISABLE_SM_FOR_12214_NONSM_UPG=1
+        fi
       fi
       rm -fr /tmp/miiupgdomain
     fi

operator/src/main/resources/scripts/model_wdt_mii_filter.py

@@ -398,7 +398,7 @@ def customizeCoherenceMemberConfig(server, listen_address):
 
 def upgradeServerIfNeeded(model):
   # The marker file is created earlier when the introspector checking if
-  # the secure mode is enabled in the config.xml.  This will compare with the incoming model
+  # the secure mode should be false in the config.xml.  This will compare with the incoming model
   # if secure mode is not set (or set to secure in option),  then inject the secure mode
   # to false.  This is done to maintain compatibility from 12.2.1* to 14.1.2 and the file
   # is only created when the deploy version is newer than or equals to 14.1.2
@@ -410,24 +410,34 @@ def upgradeServerIfNeeded(model):
     found = False
     if result == 'False':
         # check if model has anything set
+        # if domainInfo already set to secure or in dev mode then do not set it, prod mode will not be secure
+        # regardless of others
+        # if the model disabled `ProductionModeEnabled`  specifically now, do nothing
+
+        if 'domainInfo' in model and 'ServerStartMode' in model['domainInfo']:
+          return
+
         if 'topology' in model:
+
             topology = model['topology']
+            if 'ProductionModeEnabled' not in topology:
+              return
+
+            if 'ProductionModeEnabled' in topology:
+              value = topology['ProductionModeEnabled']
+              if isinstance(value, str) or isinstance(value, unicode):
+                prod_enabled = Boolean.valueOf(value)
+              else:
+                prod_enabled = value
+              if not prod_enabled:
+                return
 
             if 'SecurityConfiguration' in topology:
                 if 'SecureMode' in topology['SecurityConfiguration']:
                    if 'SecureModeEnabled' in topology['SecurityConfiguration']['SecureMode']:
                         found = True
 
             if not found:
-                # if domainInfo already set to secure or in dev mode then do not set it.
-                if 'ServerStartMode' in model['domainInfo']:
-                    mode = model['domainInfo']['ServerStartMode']
-                    if mode == 'secure' or mode == 'dev':
-                        return
-                # if the model disabled `ProductionModeEnabled`  specifically now, do nothing
-                if 'ProductionModeEnabled' in topology and topology['ProductionModeEnabled'] == False:
-                  return
-
                 if not 'SecurityConfiguration' in topology:
                     topology['SecurityConfiguration'] = {}
                 if not 'SecureMode' in topology['SecurityConfiguration']: