Add RancherOS upgrade

Author: ibuildthecloud

cmd/rancherd/upgrade/upgrade.go

@@ -14,6 +14,7 @@ func NewUpgrade() *cobra.Command {
 
 type Upgrade struct {
 	RancherVersion    string `usage:"Target Rancher version" short:"r" default:"stable"`
+	RancherOSVersion  string `usage:"Target RancherOS version" short:"o" default:"latest" name:"rancher-os-version"`
 	KubernetesVersion string `usage:"Target Kubernetes version" short:"k" default:"stable"`
 	Force             bool   `usage:"Run without prompting for confirmation" short:"f"`
 }
@@ -27,5 +28,6 @@ func (b *Upgrade) Run(cmd *cobra.Command, args []string) error {
 	return r.Upgrade(cmd.Context(), rancherd.UpgradeConfig{
 		RancherVersion:    b.RancherVersion,
 		KubernetesVersion: b.KubernetesVersion,
+		RancherOSVersion:  b.RancherOSVersion,
 	})
 }

go.mod

@@ -33,7 +33,6 @@ replace (
 require (
 	github.com/hashicorp/go-discover v0.0.0-20201029210230-738cb3105cd0
 	github.com/pkg/errors v0.9.1
-	github.com/rancher/fleet/pkg/apis v0.0.0-20210920165712-667022c1d661
 	github.com/rancher/rancher/pkg/apis v0.0.0-20210920193801-79027c456224
 	github.com/rancher/system-agent v0.0.1-alpha30
 	github.com/rancher/wharfie v0.3.2

go.sum

@@ -828,8 +828,6 @@ github.com/rancher/client-go v0.21.0-rancher.1 h1:WVy7jpVmdjIRVkgXpBRlNx4jnGkLCF
 github.com/rancher/client-go v0.21.0-rancher.1/go.mod h1:nNBytTF9qPFDEhoqgEPaarobC8QPae13bElIVHzIglA=
 github.com/rancher/eks-operator v1.1.1/go.mod h1:MIgvBMHO0MqPuvehwAGxpg7Zcg20GhYO1dXjh9BAHqs=
 github.com/rancher/fleet/pkg/apis v0.0.0-20210918015053-5a141a6b18f0/go.mod h1:fiKjX1CsAZhe2u1h/GWNDSc5Ol4+5Q3roWxq9cMbgHk=
-github.com/rancher/fleet/pkg/apis v0.0.0-20210920165712-667022c1d661 h1:5z1ey2n0NvONqwjnRfb3+qg52P4zCqqn0VqFZ5oCxqo=
-github.com/rancher/fleet/pkg/apis v0.0.0-20210920165712-667022c1d661/go.mod h1:fiKjX1CsAZhe2u1h/GWNDSc5Ol4+5Q3roWxq9cMbgHk=
 github.com/rancher/gke-operator v1.1.1/go.mod h1:o2EC1q3xO3gq0vRid1CbaEvvXnWdptT7wiGPRPwUJqY=
 github.com/rancher/lasso v0.0.0-20200427171700-e0509f89f319/go.mod h1:6Dw19z1lDIpL887eelVjyqH/mna1hfR61ddCFOG78lw=
 github.com/rancher/lasso v0.0.0-20200515155337-a34e1e26ad91/go.mod h1:G6Vv2aj6xB2YjTVagmu4NkhBvbE8nBcGykHRENH6arI=
@@ -1565,7 +1563,6 @@ rsc.io/pdf v0.1.1/go.mod h1:n8OzWcQ6Sp37PL01nO98y4iUCRdTGarVfzxY20ICaU4=
 rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
 rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
 sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.15/go.mod h1:LEScyzhFmoF5pso/YSeBstl57mOzx9xlU9n85RGrDQg=
-sigs.k8s.io/cli-utils v0.16.0 h1:Wr32m1oxjIqc9G9l+igr13PeIM9LCyq8jQ8KjXKelvg=
 sigs.k8s.io/cli-utils v0.16.0/go.mod h1:9Jqm9K2W6ShhCxsEuaz6HSRKKOXigPUx3ZfypGgxBLY=
 sigs.k8s.io/cluster-api v0.3.11-0.20210430180359-45b6080c2764 h1:KR5002Y1x1g+BYmsoaODC/Z43xdKSY0B6bOcwfBa9Bk=
 sigs.k8s.io/cluster-api v0.3.11-0.20210430180359-45b6080c2764/go.mod h1:iDmIO2c5/RSiSciQnI7Xocfe8hTu+KafcgEuc/hnhS4=

pkg/cacerts/cacerts.go

@@ -28,6 +28,14 @@ var insecureClient = &http.Client{
 }
 
 func Get(server, token, path string) ([]byte, string, error) {
+	return get(server, token, path, true)
+}
+
+func MachineGet(server, token, path string) ([]byte, string, error) {
+	return get(server, token, path, false)
+}
+
+func get(server, token, path string, clusterToken bool) ([]byte, string, error) {
 	u, err := url2.Parse(server)
 	if err != nil {
 		return nil, "", err
@@ -38,8 +46,11 @@ func Get(server, token, path string) ([]byte, string, error) {
 	if err != nil {
 		return nil, "", err
 	}
+	if !clusterToken {
+		req.Header.Set("Authorization", "Bearer "+base64.StdEncoding.EncodeToString([]byte(token)))
+	}
 
-	cacert, caChecksum, err := CACerts(server, token)
+	cacert, caChecksum, err := CACerts(server, token, clusterToken)
 	if err != nil {
 		return nil, "", err
 	}
@@ -71,10 +82,13 @@ func Get(server, token, path string) ([]byte, string, error) {
 	}
 
 	data, err := ioutil.ReadAll(resp.Body)
+	if resp.StatusCode != http.StatusOK {
+		return nil, "", fmt.Errorf("%s: %s", resp.Status, data)
+	}
 	return data, caChecksum, err
 }
 
-func CACerts(server, token string) ([]byte, string, error) {
+func CACerts(server, token string, clusterToken bool) ([]byte, string, error) {
 	nonce, err := randomtoken.Generate()
 	if err != nil {
 		return nil, "", err
@@ -86,6 +100,9 @@ func CACerts(server, token string) ([]byte, string, error) {
 	}
 
 	requestURL := fmt.Sprintf("https://%s/cacerts", url.Host)
+	if !clusterToken {
+		requestURL = fmt.Sprintf("https://%s/v1-rancheros/cacerts", url.Host)
+	}
 	req, err := http.NewRequest(http.MethodGet, requestURL, nil)
 	if err != nil {
 		return nil, "", err

pkg/config/remote.go

@@ -0,0 +1,51 @@
+package config
+
+import (
+	"encoding/json"
+	"fmt"
+
+	"github.com/rancher/rancherd/pkg/cacerts"
+	"github.com/rancher/wrangler/pkg/data"
+	"github.com/rancher/wrangler/pkg/data/convert"
+	"github.com/sirupsen/logrus"
+)
+
+func processRemote(cfg Config) (Config, error) {
+	if cfg.Role != "" || cfg.Server == "" || cfg.Token == "" {
+		return cfg, nil
+	}
+
+	logrus.Infof("server and token set but required role is not set. Trying to bootstrapping config from machine inventory")
+	resp, _, err := cacerts.MachineGet(cfg.Server, cfg.Token, "/v1-rancheros/inventory")
+	if err != nil {
+		return cfg, fmt.Errorf("bootstrapping config from machine inventory: %w", err)
+	}
+
+	config := map[string]interface{}{}
+	if err := json.Unmarshal(resp, &config); err != nil {
+		return cfg, fmt.Errorf("decoding inventory response: %w", err)
+	}
+
+	currentConfig, err := convert.EncodeToMap(cfg)
+	if err != nil {
+		return cfg, err
+	}
+
+	var (
+		newConfig = data.MergeMapsConcatSlice(currentConfig, config)
+		result    Config
+	)
+
+	if err := convert.ToObj(newConfig, &result); err != nil {
+		return result, err
+	}
+
+	copyConfig := result
+	copyConfig.Token = "--redacted--"
+	downloadedConfig, err := json.Marshal(copyConfig)
+	if err == nil {
+		logrus.Infof("Downloaded config: %s", downloadedConfig)
+	}
+
+	return result, nil
+}

pkg/config/types.go

@@ -8,7 +8,7 @@ import (
 	"strings"
 
 	v1 "github.com/rancher/rancher/pkg/apis/rke.cattle.io/v1"
-	"github.com/rancher/rancher/pkg/apis/rke.cattle.io/v1/plan"
+	"github.com/rancher/system-agent/pkg/applyinator"
 	"github.com/rancher/wharfie/pkg/registries"
 	"github.com/rancher/wrangler/pkg/data"
 	"github.com/rancher/wrangler/pkg/data/convert"
@@ -46,9 +46,9 @@ type Config struct {
 	Server            string           `json:"server,omitempty"`
 	Discovery         *DiscoveryConfig `json:"discovery,omitempty"`
 
-	RancherValues    map[string]interface{} `json:"rancherValues,omitempty"`
-	PreInstructions  []plan.Instruction     `json:"preInstructions,omitempty"`
-	PostInstructions []plan.Instruction     `json:"postInstructions,omitempty"`
+	RancherValues    map[string]interface{}    `json:"rancherValues,omitempty"`
+	PreInstructions  []applyinator.Instruction `json:"preInstructions,omitempty"`
+	PostInstructions []applyinator.Instruction `json:"postInstructions,omitempty"`
 	// Deprecated, use Resources instead
 	BootstrapResources []v1.GenericMap `json:"bootstrapResources,omitempty"`
 	Resources          []v1.GenericMap `json:"resources,omitempty"`
@@ -111,7 +111,11 @@ func Load(path string) (result Config, err error) {
 	}
 
 	err = convert.ToObj(values, &result)
-	return
+	if err != nil {
+		return
+	}
+
+	return processRemote(result)
 }
 
 func populatedSystemResources(config *Config) error {

pkg/discovery/discovery.go

@@ -41,14 +41,14 @@ var (
 
 func DiscoverServerAndRole(ctx context.Context, cfg *config.Config) error {
 	if cfg.Discovery == nil {
-		if cfg.Server == "" && cfg.Role == "server" && cfg.Token == "" {
+		if cfg.Server == "" && cfg.Role == "server" {
 			cfg.Role = "cluster-init"
 		}
 		return nil
 	}
 
 	if cfg.Token == "" {
-		return fmt.Errorf("token is required to be set")
+		return fmt.Errorf("token is required to be set when discovery is set")
 	}
 
 	server, clusterInit, err := discoverServerAndRole(ctx, cfg)

pkg/join/join.go

@@ -42,7 +42,7 @@ func ToInstruction(config *config.Config, dataDir string) (*applyinator.Instruct
 		return nil, fmt.Errorf("invalid role (%s) defined", config.Role)
 	}
 
-	_, caChecksum, err := cacerts.CACerts(config.Server, config.Token)
+	_, caChecksum, err := cacerts.CACerts(config.Server, config.Token, true)
 	if err != nil {
 		return nil, err
 	}

pkg/os/os.go

@@ -0,0 +1,33 @@
+package os
+
+import (
+	"encoding/json"
+	"fmt"
+	"os"
+
+	"github.com/rancher/rancherd/pkg/kubectl"
+	"github.com/rancher/rancherd/pkg/self"
+	"github.com/rancher/system-agent/pkg/applyinator"
+)
+
+func ToUpgradeInstruction(k8sVersion, rancherOSVersion string) (*applyinator.Instruction, error) {
+	cmd, err := self.Self()
+	if err != nil {
+		return nil, fmt.Errorf("resolving location of %s: %w", os.Args[0], err)
+	}
+	patch, err := json.Marshal(map[string]interface{}{
+		"spec": map[string]interface{}{
+			"osImage": rancherOSVersion,
+		},
+	})
+	if err != nil {
+		return nil, err
+	}
+	return &applyinator.Instruction{
+		Name:       "patch-rancher-os-version",
+		SaveOutput: true,
+		Args:       []string{"retry", kubectl.Command(k8sVersion), "--type=merge", "-n", "fleet-local", "patch", "managedosimages.rancheros.cattle.io", "default-os-image", "-p", string(patch)},
+		Env:        kubectl.Env(k8sVersion),
+		Command:    cmd,
+	}, nil
+}

pkg/plan/bootstrap.go

@@ -7,6 +7,7 @@ import (
 	"github.com/rancher/rancherd/pkg/config"
 	"github.com/rancher/rancherd/pkg/discovery"
 	"github.com/rancher/rancherd/pkg/join"
+	"github.com/rancher/rancherd/pkg/kubectl"
 	"github.com/rancher/rancherd/pkg/probe"
 	"github.com/rancher/rancherd/pkg/rancher"
 	"github.com/rancher/rancherd/pkg/registry"
@@ -68,6 +69,8 @@ func toJoinPlan(cfg *config.Config, dataDir string) (*applyinator.Plan, error) {
 	if err := plan.addProbesForRoles(cfg); err != nil {
 		return nil, err
 	}
+
+	plan.addPrePostInstructions(cfg, "")
 	return (*applyinator.Plan)(&plan), nil
 }
 
@@ -124,7 +127,33 @@ func (p *plan) addInstructions(cfg *config.Config, dataDir string) error {
 		return err
 	}
 
-	return p.addInstruction(runtime.ToWaitKubernetesInstruction(cfg.RuntimeInstallerImage, cfg.SystemDefaultRegistry, k8sVersion))
+	if err := p.addInstruction(runtime.ToWaitKubernetesInstruction(cfg.RuntimeInstallerImage, cfg.SystemDefaultRegistry, k8sVersion)); err != nil {
+		return err
+	}
+
+	p.addPrePostInstructions(cfg, k8sVersion)
+	return nil
+}
+
+func (p *plan) addPrePostInstructions(cfg *config.Config, k8sVersion string) {
+	var instructions []applyinator.Instruction
+
+	for _, inst := range cfg.PreInstructions {
+		if k8sVersion != "" {
+			inst.Env = append(inst.Env, kubectl.Env(k8sVersion)...)
+		}
+		instructions = append(instructions, inst)
+	}
+
+	instructions = append(instructions, p.Instructions...)
+
+	for _, inst := range cfg.PostInstructions {
+		inst.Env = append(inst.Env, kubectl.Env(k8sVersion)...)
+		instructions = append(instructions, inst)
+	}
+
+	p.Instructions = instructions
+	return
 }
 
 func (p *plan) addInstruction(instruction *applyinator.Instruction, err error) error {

pkg/plan/upgrade.go

@@ -2,12 +2,13 @@ package plan
 
 import (
 	"github.com/rancher/rancherd/pkg/config"
+	"github.com/rancher/rancherd/pkg/os"
 	"github.com/rancher/rancherd/pkg/rancher"
 	"github.com/rancher/rancherd/pkg/runtime"
 	"github.com/rancher/system-agent/pkg/applyinator"
 )
 
-func Upgrade(cfg *config.Config, k8sVersion, rancherVersion, dataDir string) (*applyinator.Plan, error) {
+func Upgrade(cfg *config.Config, k8sVersion, rancherVersion, rancherOSVersion, dataDir string) (*applyinator.Plan, error) {
 	p := plan{}
 
 	if rancherVersion != "" {
@@ -28,5 +29,11 @@ func Upgrade(cfg *config.Config, k8sVersion, rancherVersion, dataDir string) (*a
 		}
 	}
 
+	if rancherOSVersion != "" {
+		if err := p.addInstruction(os.ToUpgradeInstruction(k8sVersion, rancherOSVersion)); err != nil {
+			return nil, err
+		}
+	}
+
 	return (*applyinator.Plan)(&p), nil
 }

pkg/rancherd/rancher.go

@@ -31,6 +31,7 @@ type Config struct {
 type UpgradeConfig struct {
 	RancherVersion    string
 	KubernetesVersion string
+	RancherOSVersion  string
 	Force             bool
 }
 
@@ -45,10 +46,13 @@ func New(cfg Config) *Rancherd {
 }
 
 func (r *Rancherd) Info(ctx context.Context) error {
-	rancherVersion, k8sVersion := r.getExistingVersions(ctx)
+	rancherVersion, k8sVersion, rancherOSVersion := r.getExistingVersions(ctx)
 
 	fmt.Printf("    Rancher:    %s\n", rancherVersion)
 	fmt.Printf("    Kubernetes: %s\n", k8sVersion)
+	if rancherOSVersion != "" {
+		fmt.Printf("    RancherOS:  %s\n", rancherOSVersion)
+	}
 	fmt.Printf("    Rancherd:   %s\n\n", version.FriendlyVersion())
 	return nil
 }
@@ -69,10 +73,20 @@ func (r *Rancherd) Upgrade(ctx context.Context, upgradeConfig UpgradeConfig) err
 		return err
 	}
 
-	existingRancherVersion, existingK8sVersion := r.getExistingVersions(ctx)
-	if existingRancherVersion == rancherVersion && existingK8sVersion == k8sVersion {
+	rancherOSVersion, err := versions.RancherOSVersion(upgradeConfig.RancherOSVersion)
+	if err != nil {
+		return err
+	}
+
+	existingRancherVersion, existingK8sVersion, existingRancherOSVersion := r.getExistingVersions(ctx)
+	if existingRancherVersion == rancherVersion &&
+		existingK8sVersion == k8sVersion &&
+		(existingRancherOSVersion == "" || existingRancherOSVersion == rancherOSVersion) {
 		fmt.Printf("\nNothing to upgrade:\n\n")
 		fmt.Printf("    Rancher:    %s\n", rancherVersion)
+		if existingRancherOSVersion != "" {
+			fmt.Printf("    RancherOS:  %s\n", rancherOSVersion)
+		}
 		fmt.Printf("    Kubernetes: %s\n\n", k8sVersion)
 		return nil
 	}
@@ -83,6 +97,9 @@ func (r *Rancherd) Upgrade(ctx context.Context, upgradeConfig UpgradeConfig) err
 	if existingK8sVersion == k8sVersion {
 		k8sVersion = ""
 	}
+	if existingRancherOSVersion == "" || existingRancherOSVersion == rancherOSVersion {
+		rancherOSVersion = ""
+	}
 
 	if k8sVersion != "" && existingK8sVersion != "" {
 		existingRuntime := config.GetRuntime(existingK8sVersion)
@@ -100,6 +117,9 @@ func (r *Rancherd) Upgrade(ctx context.Context, upgradeConfig UpgradeConfig) err
 	if k8sVersion != "" {
 		fmt.Printf("    Kubernetes: %s => %s\n", existingK8sVersion, k8sVersion)
 	}
+	if rancherOSVersion != "" {
+		fmt.Printf("    RancherOS:  %s => %s\n", existingRancherOSVersion, rancherOSVersion)
+	}
 
 	if !r.cfg.Force {
 		go func() {
@@ -114,7 +134,7 @@ func (r *Rancherd) Upgrade(ctx context.Context, upgradeConfig UpgradeConfig) err
 		}
 	}
 
-	nodePlan, err := plan.Upgrade(&cfg, k8sVersion, rancherVersion, DefaultDataDir)
+	nodePlan, err := plan.Upgrade(&cfg, k8sVersion, rancherVersion, rancherOSVersion, DefaultDataDir)
 	if err != nil {
 		return err
 	}