cyberark/conjur-authn-k8s-client

Upgrade of Conjur on RHEL upgrade --cluster --spread_files

mbenita-Cyberark opened this issue · 2 comments

mbenita-Cyberark commented

Feature Overview & Customer Need

As an IT admin/PS
I would like to upgrade a DAP Node
So that I can use the goodies of the new version

Full requirements of ALL upgrade are found here
Confluence - DAP Master Cluster Dockerless deployment on VM
Full upgrade flow is found here:
Confluence - DAP on VM Upgrade Cluster Procedure -Matan

User story scope

In this user story we will focus on
As an IT admin/PS
I would like to check cluster upgradeability and copy tar file to all nodes after I accepted EULA
So that I can use the goodies of the new version
The command
./conjur_enterprise_setup.sh upgrade --spread_files is the focus of this user story
This command takes conjur_enterprise_cluster_config.yml as an input and copy the tar file to all nodes in the cluster. it later unpack these tars and run validate_prerequisuites ansible role. if some script fails than we should alert the user that the cluster is not upgradable with the relevant machine.

In this user story we will implement the logic of this command while providing good UX, logs, troubleshooting, validations and so on.
Please notice this command can be run in silent mode and only after the EULA was accepted.
Also, it can be run from jump server and master server.

Help

Make sure you have help for this command - https://romlxa.axshare.com/#id=42zxcb&p=conjur_enterprise_setup_sh_upgrade&g=1

Logs & User messages

Provide as much information as possible during the Validation . The more that validation will give information, the better the user will feel with the process and experience.
All upgrade logs should be located in one file (if silent) named conjur_enterprise_setup.log

Upgrade logs should show the steps of the upgrade - what is being deployed and show state Success / Fail. If we have estimated time that would help also!

Support

All troubleshooting info should be provided in our documentation.

Demo

Please follow the flow defined here present all steps including upgrade --spread_files

DOD

  • Implement for upgrade -spread_files functionality according to the flow defined here
  • Demo the feature according to requirements/flows
  • Enhance logs and supportability - Do we need troubleshooting section?
  • Logs were reviewed by TW and PO
  • validate the configuration yml according to the feature doc
  • Configurations were reviewed by PO - link if something changed
  • Documentation of troubleshooting in confluence page
  • Help for this command was implemented and were reviewed by UX, TW and PO
  • The upgrade process should not touch the following files
  • Audits
  • Runtime Logs
  • Make sure all the configuration in the old master are kept in the new cluster. Including: conjur.conf, posum.conf and so on... The real requirement is keeping all previous configurations are kept after upgrade according to the current Master.
  • keys
InbalZilberman commented

This US is opened in the wrong repo - I am closing this issue and opened this https://app.zenhub.com/workspaces/palmtree-5d99d900491c060001c85cba/issues/conjurinc/dap-package/579