Skip to content

Commit 8cd34ec

Browse files
KosukeOkamotoKosukeOkamoto
committed
Update script for Watson Discovery 4.8.0 on CP4D
1 parent b74f2c0 commit 8cd34ec

File tree

4 files changed

+35
-28
lines changed

4 files changed

+35
-28
lines changed

discovery-data/latest/elastic-backup-restore.sh

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -321,7 +321,7 @@ EOF
321321
stop_minio_port_forward
322322
echo "RC=${RC}" >> "${BACKUP_RESTORE_LOG_DIR}/${CURRENT_COMPONENT}.log"
323323
if [ $RC -eq 0 ] ; then
324-
brlog "INFO" "Archiving snapshot..."
324+
brlog "INFO" "Archiving sanpshot..."
325325
tar "${ELASTIC_TAR_OPTIONS[@]}" -cf ${BACKUP_FILE} -C ${TMP_WORK_DIR}/${ELASTIC_BACKUP_DIR}/${ELASTIC_BACKUP_BUCKET}/${ELASTIC_SNAPSHOT_PATH} .
326326
else
327327
brlog "ERROR" "Some files could not be transfered. Consider to use '--use-job' and '--pvc' option. Please see help (--help) for details."
@@ -474,4 +474,4 @@ fi
474474
rm -rf ${TMP_WORK_DIR}
475475
if [ -z "$(ls tmp)" ] ; then
476476
rm -rf tmp
477-
fi
477+
fi

discovery-data/latest/lib/function.bash

Lines changed: 28 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -1206,12 +1206,11 @@ setup_zen_core_service_connection(){
12061206
ZEN_CORE_SERVICE=${ZEN_CORE_SERVICE:-$(oc get ${OC_ARGS} svc -l component=zen-core-api -o jsonpath='{.items[0].metadata.name}')}
12071207
ZEN_CORE_PORT=${ZEN_CORE_PORT:-$(oc get ${OC_ARGS} svc -l component=zen-core-api -o jsonpath='{.items[0].spec.ports[?(@.name=="zencoreapi-tls")].port}')}
12081208
ZEN_CORE_API_ENDPOINT="https://${ZEN_CORE_SERVICE}:${ZEN_CORE_PORT}"
1209-
ZEN_CORE_UID=${ZEN_CORE_UID:-"1000330999"}
1210-
ZEN_CORE_TOKEN=${ZEN_CORE_TOKEN:-"$(oc get ${OC_ARGS} secret zen-service-broker-secret --template '{{.data.token}}' | base64 --decode)"}
1209+
ZEN_CORE_TOKEN="${ZEN_CORE_TOKEN:-"$(oc get ${OC_ARGS} secret zen-service-broker-secret --template '{{.data.token}}' | base64 --decode)"}"
12111210
ZEN_INSTANCE_TYPE="discovery"
12121211
ZEN_PROVISION_STATUS="PROVISIONED"
1213-
WATSON_GATEWAY_SERVICE=${WATSON_GATEWAY_SERVICE:-"$(oc get ${OC_ARGS} svc -l release=${TENANT_NAME}-discovery-watson-gateway -o jsonpath='{.items[0].metadata.name}')"}
1214-
WATSON_GATEWAY_PORT=${WATSON_GATEWAY_PORT:-"$(oc get ${OC_ARGS} svc -l release=${TENANT_NAME}-discovery-watson-gateway -o jsonpath='{.items[0].spec.ports[?(@.name=="https")].port}')"}
1212+
WATSON_GATEWAY_SERVICE="${WATSON_GATEWAY_SERVICE:-"$(oc get ${OC_ARGS} svc -l release=${TENANT_NAME}-discovery-watson-gateway -o jsonpath='{.items[0].metadata.name}')"}"
1213+
WATSON_GATEWAY_PORT="${WATSON_GATEWAY_PORT:-"$(oc get ${OC_ARGS} svc -l release=${TENANT_NAME}-discovery-watson-gateway -o jsonpath='{.items[0].spec.ports[?(@.name=="https")].port}')"}"
12151214
WATSON_GATEWAY_ENDPOINT="https://${WATSON_GATEWAY_SERVICE}:${WATSON_GATEWAY_PORT}"
12161215
}
12171216

@@ -1221,7 +1220,7 @@ create_backup_instance_mappings(){
12211220
local wd_version="${WD_VERSION:-$(get_version)}"
12221221
setup_zen_core_service_connection
12231222
ELASTIC_POD=$(get_elastic_pod)
1224-
token=$(fetch_cmd_result ${ELASTIC_POD} "curl -ks ${ZEN_CORE_API_ENDPOINT}/internal/v1/service_token?uid=${ZEN_CORE_UID} -H 'secret: ${ZEN_CORE_TOKEN}' -H 'cache-control: no-cache' | jq -r .token" -c elasticsearch)
1223+
token=$(fetch_cmd_result ${ELASTIC_POD} "curl -ks '${ZEN_CORE_API_ENDPOINT}/internal/v1/service_token?expiration_time=1000' -H 'secret: ${ZEN_CORE_TOKEN}' -H 'cache-control: no-cache' | jq -r .token" -c elasticsearch)
12251224
if [ $(compare_version ${wd_version} "4.0.9") -le 0 ] ; then
12261225
mappings=$(fetch_cmd_result ${ELASTIC_POD} "curl -ks '${ZEN_CORE_API_ENDPOINT}/v2/serviceInstance' -H 'Authorization: Bearer ${token}' | jq -r '.requestObj[] | select(.ServiceInstanceType == \"discovery\" and .ProvisionStatus == \"PROVISIONED\") | { \"display_name\": .ServiceInstanceDisplayName, \"source_instance_id\": .CreateArguments.metadata.instanceId, \"dest_instance_id\": \"<new_instance_id>\"}' | jq -s '{\"instance_mappings\": .}'" -c elasticsearch)
12271226
else
@@ -1243,7 +1242,7 @@ create_restore_instance_mappings(){
12431242
setup_zen_core_service_connection
12441243
ELASTIC_POD=$(get_elastic_pod)
12451244
_oc_cp "${MAPPING_FILE}" "${ELASTIC_POD}:/tmp/mapping.json" -c elasticsearch
1246-
local token=$(fetch_cmd_result ${ELASTIC_POD} "curl -ks '${ZEN_CORE_API_ENDPOINT}/internal/v1/service_token?service_token?expiration_time=1000' -H 'secret: ${ZEN_CORE_TOKEN}' -H 'cache-control: no-cache' | jq -r .token" -c elasticsearch)
1245+
local token=$(fetch_cmd_result ${ELASTIC_POD} "curl -ks '${ZEN_CORE_API_ENDPOINT}/internal/v1/service_token?expiration_time=1000' -H 'secret: ${ZEN_CORE_TOKEN}' -H 'cache-control: no-cache' | jq -r .token" -c elasticsearch)
12471246
local service_instances=$(fetch_cmd_result ${ELASTIC_POD} "curl -ks '${ZEN_CORE_API_ENDPOINT}/v3/service_instances?fetch_all_instances=true' -H 'Authorization: Bearer ${token}' | jq -r '${service_instance_query}'" -c elasticsearch)
12481247
if [ -n "${service_instances}" ] && [ "${service_instances}" != "null" ] ; then
12491248
brlog "INFO" "Discovery instances exist. Check if they are same instance."
@@ -1345,7 +1344,7 @@ require_tenant_backup(){
13451344
check_instance_exists(){
13461345
setup_zen_core_service_connection
13471346
ELASTIC_POD=${ELASTIC_POD:-$(get_elastic_pod)}
1348-
local token=$(fetch_cmd_result ${ELASTIC_POD} "curl -ks '${ZEN_CORE_API_ENDPOINT}/internal/v1/service_token?expiration_time=1000' -H 'secret: ${ZEN_CORE_TOKEN}' -H 'cache-control: no-cache' | jq -r .token" -c elasticsearch)
1347+
local token="$(fetch_cmd_result ${ELASTIC_POD} "curl -ks '${ZEN_CORE_API_ENDPOINT}/internal/v1/service_token?expiration_time=1000' -H 'secret: ${ZEN_CORE_TOKEN}' -H 'cache-control: no-cache' | jq -r .token" -c elasticsearch)"
13491348
local service_instances=$(fetch_cmd_result ${ELASTIC_POD} "curl -ks '${ZEN_CORE_API_ENDPOINT}/v3/service_instances?fetch_all_instances=true' -H 'Authorization: Bearer ${token}' | jq -r '${service_instance_query}'" -c elasticsearch)
13501349
if [ -n "${service_instances}" ] && [ "${service_instances}" != "null" ] ; then
13511350
return 0
@@ -1369,15 +1368,21 @@ create_service_instance(){
13691368
"${template}" > "${request_file}"
13701369
_oc_cp "${request_file}" "${ELASTIC_POD}:/tmp/request.json" -c elasticsearch
13711370
if [ -z "${ZEN_USER_NAME+UNDEF}" ] ; then
1372-
brlog "WARN" "'--cp4d-user-name' option is not provided. Use 'admin' as a user to create Discovery instance" >&2
1373-
ZEN_USER_NAME="admin"
1374-
ZEN_UID=${ZEN_CORE_UID}
1371+
brlog "WARN" "'--cp4d-user-name' option is not provided. Use default admin user to create Discovery instance" >&2
1372+
iam_secret="$(oc get ${OC_ARGS} secret/ibm-iam-bindinfo-platform-auth-idp-credentials --ignore-not-found -o jsonpath='{.metadata.name}')"
1373+
if [ -n "${iam_secret}" ] ; then
1374+
ZEN_USER_NAME="$(oc extract secret/ibm-iam-bindinfo-platform-auth-idp-credentials --to=- --keys=admin_username 2> /dev/null)"
1375+
else
1376+
ZEN_USER_NAME="admin"
1377+
ZEN_UID="1000330999"
1378+
fi
13751379
fi
13761380
if [ -z "${ZEN_UID+UNDEF}" ] ; then
1377-
brlog "WARN" "'--cp4d-user-id' option is not provided. Use 'admin' as a user to create Discovery instance" >&2
1378-
ZEN_USER_NAME="admin"
1379-
ZEN_UID=${ZEN_CORE_UID}
1381+
brlog "INFO" "Get CP4D user ID for ${ZEN_USER_NAME}" >&2
1382+
token="$(fetch_cmd_result ${ELASTIC_POD} "curl -ks '${ZEN_CORE_API_ENDPOINT}/internal/v1/service_token?expiration_time=1000' -H 'secret: ${ZEN_CORE_TOKEN}' -H 'cache-control: no-cache' | jq -r .token" -c elasticsearch)"
1383+
ZEN_UID="$(fetch_cmd_result ${ELASTIC_POD} "curl -ks '${ZEN_CORE_API_ENDPOINT}/openapi/v1/users/${ZEN_USER_NAME}' -H 'Authorization: Bearer ${token}' | jq -r '.UserInfo.uid'" -c elasticsearch)"
13801384
fi
1385+
brlog "INFO" "Create Discovery instance as ${ZEN_USER_NAME}:${ZEN_UID}" >&2
13811386
local token=$(fetch_cmd_result ${ELASTIC_POD} "curl -ks '${ZEN_CORE_API_ENDPOINT}/internal/v1/service_token?uid=${ZEN_UID}&username=${ZEN_USER_NAME}&display_name=${ZEN_USER_NAME}' -H 'secret: ${ZEN_CORE_TOKEN}' -H 'cache-control: no-cache' | jq -r .token" -c elasticsearch)
13821387
local instance_id=$(fetch_cmd_result ${ELASTIC_POD} "curl -ks -X POST '${WATSON_GATEWAY_ENDPOINT}/api/ibmcloud/resource-controller/resource_instances' -H 'Authorization: Bearer ${token}' -H 'Content-Type: application/json' -d@/tmp/request.json | jq -r 'if .zen_id == null or .zen_id == \"\" then \"null\" else .zen_id end'" -c elasticsearch)
13831388
if [ "${instance_id}" != "null" ] ; then
@@ -1420,13 +1425,17 @@ EOF
14201425

14211426
get_oc_token(){
14221427
local service_account="$1"
1423-
# OCP 4.12 doesn't automatically link token to ServiceAccount so instead use secret annotations
1424-
local token_secret=$(oc ${OC_ARGS} get secrets -o jsonpath='{range .items[?(@.metadata.annotations.kubernetes\.io\/service\-account\.name=="'"${service_account}"'")]}{.metadata.name}{"\n"}{end}' | grep -m1 'token')
1425-
if [ -z "${token_secret}" ]; then
1426-
brlog "ERROR" "Failed to find token in Service Account ${service_account}" >&2
1427-
return 1
1428+
if [ $(compare_version "$(get_version)" "4.8.0") -ge 0 ] ; then
1429+
oc ${OC_ARGS} create token ${service_account} --duration "${SA_TOKEN_DURATION:-168h}"
1430+
else
1431+
# OCP 4.12 doesn't automatically link token to ServiceAccount so instead use secret annotations
1432+
local token_secret=$(oc ${OC_ARGS} get secrets -o jsonpath='{range .items[?(@.metadata.annotations.kubernetes\.io\/service\-account\.name=="'"${service_account}"'")]}{.metadata.name}{"\n"}{end}' | grep -m1 'token')
1433+
if [ -z "${token_secret}" ]; then
1434+
brlog "ERROR" "Failed to find token in Service Account ${service_account}" >&2
1435+
return 1
1436+
fi
1437+
oc ${OC_ARGS} extract secret/${token_secret} --keys=token --to=-
14281438
fi
1429-
oc ${OC_ARGS} extract secret/${token_secret} --keys=token --to=-
14301439
}
14311440

14321441
delete_service_account(){

discovery-data/latest/mt-mt-migration.sh

Lines changed: 4 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -119,14 +119,12 @@ do
119119
CMD="psql -d dadmin -t -A -c \"SELECT table_name FROM information_schema.columns WHERE table_schema = 'public' AND column_name = 'tenant_id' ORDER BY table_name\""
120120
standard_mt_tables=($(oc exec ${OC_ARGS} "${PG_POD}" -- bash -c "${CMD}"))
121121
echo "Updating tables with tenant_id: ${standard_mt_tables[*]}"
122-
foreign_key_tables=(wd_collections wd_collections_status wd_collections_project wd_datasets_collection wd_collection_document_status wd_collections_enrichment_job_status wd_datasets wd_datasets_status wd_datasets_project wd_enrichments wd_enrichments_lang wd_enrichments_project)
123-
if [ $(compare_version "${WD_VERSION}" "4.7.0") -ge 0 ] ; then
124-
foreign_key_tables+=( wd_collection_stats )
125-
fi
122+
foreign_key_tables=(wd_collections wd_collections_status wd_collections_project wd_datasets_collection wd_collection_document_status wd_collections_enrichment_job_status wd_datasets wd_datasets_status wd_datasets_project wd_enrichments wd_enrichments_lang wd_enrichments_project wd_collection_stats wd_enrichments_webhook_secret wd_collections_webhook_secret)
123+
126124
SQL="BEGIN;"
127125

128126
for table in "${foreign_key_tables[@]}"; do
129-
SQL+=" ALTER TABLE ${table} DISABLE TRIGGER ALL;"
127+
SQL+=" ALTER TABLE IF EXISTS ${table} DISABLE TRIGGER ALL;"
130128
done
131129

132130
# wd_crawler update
@@ -167,7 +165,7 @@ do
167165
done
168166

169167
for table in "${foreign_key_tables[@]}"; do
170-
SQL+=" ALTER TABLE ${table} ENABLE TRIGGER ALL;"
168+
SQL+=" ALTER TABLE IF EXISTS ${table} ENABLE TRIGGER ALL;"
171169
done
172170

173171
SQL+=" COMMIT;"

discovery-data/latest/version.txt

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,2 +1,2 @@
11
The Backup and Restore Scripts for the Watson Discovery on CP4D.
2-
Scripts Version: 4.7.3
2+
Scripts Version: 4.8.0

0 commit comments

Comments
 (0)