Inspection refactoring and cleanup

mgradm/cmd/install/podman/utils.go

@@ -72,10 +72,11 @@ func installForPodman(
 		return errors.New(L("install podman before running this command"))
 	}
 
-	inspectedHostValues, err := utils.InspectHost(false)
+	authFile, cleaner, err := shared_podman.PodmanLogin()
 	if err != nil {
-		return utils.Errorf(err, L("cannot inspect host values"))
+		return utils.Errorf(err, L("failed to login to registry.suse.com"))
 	}
+	defer cleaner()
 
 	fqdn, err := getFqdn(args)
 	if err != nil {
@@ -87,14 +88,8 @@ func installForPodman(
 	if err != nil {
 		return utils.Errorf(err, L("failed to compute image URL"))
 	}
-	pullArgs := []string{}
-	_, scc_user_exist := inspectedHostValues["host_scc_username"]
-	_, scc_user_password := inspectedHostValues["host_scc_password"]
-	if scc_user_exist && scc_user_password {
-		pullArgs = append(pullArgs, "--creds", inspectedHostValues["host_scc_username"]+":"+inspectedHostValues["host_scc_password"])
-	}
 
-	preparedImage, err := shared_podman.PrepareImage(image, flags.Image.PullPolicy, pullArgs...)
+	preparedImage, err := shared_podman.PrepareImage(authFile, image, flags.Image.PullPolicy)
 	if err != nil {
 		return err
 	}

mgradm/cmd/install/shared/flags.go

@@ -214,13 +214,7 @@ func AddInstallFlags(cmd *cobra.Command) {
 	cmd.Flags().Bool("debug-java", false, L("Enable tomcat and taskomatic remote debugging"))
 	cmd_utils.AddImageFlag(cmd)
 
-	cmd_utils.AddContainerImageFlags(cmd, "coco", L("confidential computing attestation"))
-	cmd.Flags().Int("coco-replicas", 0, L("How many replicas of the confidential computing container should be started. (only 0 or 1 supported for now)"))
-
-	_ = utils.AddFlagHelpGroup(cmd, &utils.Group{ID: "coco-container", Title: L("Confidential Computing Flags")})
-	_ = utils.AddFlagToHelpGroupID(cmd, "coco-replicas", "coco-container")
-	_ = utils.AddFlagToHelpGroupID(cmd, "coco-image", "coco-container")
-	_ = utils.AddFlagToHelpGroupID(cmd, "coco-tag", "coco-container")
+	cmd_utils.AddCocoFlag(cmd)
 
 	cmd.Flags().Int("hubxmlrpc-replicas", 0, L("How many replicas of the Hub XML-RPC API service container should be started. (only 0 or 1 supported for now)"))
 	hubXmlrpcImage := path.Join(utils.DefaultNamespace, "server-hub-xmlrpc-api")

mgradm/cmd/migrate/kubernetes/utils.go

@@ -90,7 +90,7 @@ func migrateToKubernetes(
 		return utils.Errorf(err, L("cannot run migration"))
 	}
 
-	tz, oldPgVersion, newPgVersion, err := adm_utils.ReadContainerData(scriptDir)
+	extractedData, err := utils.ReadInspectData[utils.InspectResult](path.Join(scriptDir, "data"))
 	if err != nil {
 		return utils.Errorf(err, L("cannot read data from container"))
 	}
@@ -115,7 +115,7 @@ func migrateToKubernetes(
 
 	helmArgs := []string{
 		"--reset-values",
-		"--set", "timezone=" + tz,
+		"--set", "timezone=" + extractedData.Timezone,
 	}
 	if flags.Mirror != "" {
 		log.Warn().Msgf(L("The mirror data will not be migrated, ensure it is available at %s"), flags.Mirror)
@@ -139,15 +139,18 @@ func migrateToKubernetes(
 		return utils.Errorf(err, L("cannot set replicas to 0"))
 	}
 
+	oldPgVersion := extractedData.CurrentPgVersion
+	newPgVersion := extractedData.ImagePgVersion
+
 	if oldPgVersion != newPgVersion {
 		if err := kubernetes.RunPgsqlVersionUpgrade(flags.Image, flags.DbUpgradeImage, nodeName, oldPgVersion, newPgVersion); err != nil {
 			return utils.Errorf(err, L("cannot run PostgreSQL version upgrade script"))
 		}
 	}
 
 	schemaUpdateRequired := oldPgVersion != newPgVersion
-	if err := kubernetes.RunPgsqlFinalizeScript(serverImage, flags.Image.PullPolicy, nodeName, schemaUpdateRequired); err != nil {
-		return utils.Errorf(err, L("cannot run PostgreSQL version upgrade script"))
+	if err := kubernetes.RunPgsqlFinalizeScript(serverImage, flags.Image.PullPolicy, nodeName, schemaUpdateRequired, true); err != nil {
+		return utils.Errorf(err, L("cannot run PostgreSQL finalisation script"))
 	}
 
 	if err := kubernetes.RunPostUpgradeScript(serverImage, flags.Image.PullPolicy, nodeName); err != nil {

mgradm/cmd/migrate/podman/utils.go

@@ -12,6 +12,7 @@ import (
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
 	migration_shared "github.com/uyuni-project/uyuni-tools/mgradm/cmd/migrate/shared"
+	"github.com/uyuni-project/uyuni-tools/mgradm/shared/coco"
 	"github.com/uyuni-project/uyuni-tools/mgradm/shared/podman"
 	"github.com/uyuni-project/uyuni-tools/shared"
 	podman_utils "github.com/uyuni-project/uyuni-tools/shared/podman"
@@ -31,20 +32,13 @@ func migrateToPodman(globalFlags *types.GlobalFlags, flags *podmanMigrateFlags,
 		return utils.Errorf(err, L("cannot compute image"))
 	}
 
-	// FIXME all this code should be centralized. Now it being called in several different places.
-	inspectedHostValues, err := utils.InspectHost(false)
+	authFile, cleaner, err := podman_utils.PodmanLogin()
 	if err != nil {
-		return utils.Errorf(err, L("cannot inspect host values"))
+		return utils.Errorf(err, L("failed to login to registry.suse.com"))
 	}
+	defer cleaner()
 
-	pullArgs := []string{}
-	_, scc_user_exist := inspectedHostValues["host_scc_username"]
-	_, scc_user_password := inspectedHostValues["host_scc_password"]
-	if scc_user_exist && scc_user_password {
-		pullArgs = append(pullArgs, "--creds", inspectedHostValues["host_scc_username"]+":"+inspectedHostValues["host_scc_password"])
-	}
-
-	preparedImage, err := podman_utils.PrepareImage(serverImage, flags.Image.PullPolicy, pullArgs...)
+	preparedImage, err := podman_utils.PrepareImage(authFile, serverImage, flags.Image.PullPolicy)
 	if err != nil {
 		return err
 	}
@@ -53,27 +47,34 @@ func migrateToPodman(globalFlags *types.GlobalFlags, flags *podmanMigrateFlags,
 	sshAuthSocket := migration_shared.GetSshAuthSocket()
 	sshConfigPath, sshKnownhostsPath := migration_shared.GetSshPaths()
 
-	tz, oldPgVersion, newPgVersion, err := podman.RunMigration(preparedImage, sshAuthSocket, sshConfigPath, sshKnownhostsPath, sourceFqdn, flags.User)
+	extractedData, err := podman.RunMigration(preparedImage, sshAuthSocket, sshConfigPath, sshKnownhostsPath, sourceFqdn, flags.User)
 	if err != nil {
 		return utils.Errorf(err, L("cannot run migration script"))
 	}
 
+	oldPgVersion := extractedData.CurrentPgVersion
+	newPgVersion := extractedData.ImagePgVersion
+
 	if oldPgVersion != newPgVersion {
-		if err := podman.RunPgsqlVersionUpgrade(flags.Image, flags.DbUpgradeImage, oldPgVersion, newPgVersion); err != nil {
+		if err := podman.RunPgsqlVersionUpgrade(
+			authFile, flags.Image, flags.DbUpgradeImage, oldPgVersion, newPgVersion,
+		); err != nil {
 			return utils.Errorf(err, L("cannot run PostgreSQL version upgrade script"))
 		}
 	}
 
 	schemaUpdateRequired := oldPgVersion != newPgVersion
-	if err := podman.RunPgsqlFinalizeScript(preparedImage, schemaUpdateRequired); err != nil {
+	if err := podman.RunPgsqlFinalizeScript(preparedImage, schemaUpdateRequired, true); err != nil {
 		return utils.Errorf(err, L("cannot run PostgreSQL finalize script"))
 	}
 
 	if err := podman.RunPostUpgradeScript(preparedImage); err != nil {
 		return utils.Errorf(err, L("cannot run post upgrade script"))
 	}
 
-	if err := podman.GenerateSystemdService(tz, preparedImage, false, flags.Mirror, viper.GetStringSlice("podman.arg")); err != nil {
+	if err := podman.GenerateSystemdService(
+		extractedData.Timezone, preparedImage, false, flags.Mirror, viper.GetStringSlice("podman.arg"),
+	); err != nil {
 		return utils.Errorf(err, L("cannot generate systemd service file"))
 	}
 
@@ -82,6 +83,21 @@ func migrateToPodman(globalFlags *types.GlobalFlags, flags *podmanMigrateFlags,
 		return err
 	}
 
+	// Prepare confidential computing containers
+	if err = coco.Upgrade(
+		flags.Coco.Image, flags.Image, extractedData.DbPort, extractedData.DbName,
+		extractedData.DbUser, extractedData.DbPassword,
+	); err != nil {
+		return utils.Errorf(err, L("cannot setup confidential computing attestation service"))
+	}
+
+	if flags.Coco.Replicas > 0 {
+		err := podman_utils.ScaleService(flags.Coco.Replicas, podman_utils.ServerAttestationService)
+		if err != nil {
+			return err
+		}
+	}
+
 	log.Info().Msg(L("Server migrated"))
 
 	if err := podman_utils.EnablePodmanSocket(); err != nil {

mgradm/cmd/migrate/shared/flags.go

@@ -6,6 +6,7 @@ package shared
 
 import (
 	"github.com/spf13/cobra"
+	"github.com/uyuni-project/uyuni-tools/mgradm/cmd/install/shared"
 	"github.com/uyuni-project/uyuni-tools/mgradm/shared/utils"
 	. "github.com/uyuni-project/uyuni-tools/shared/l10n"
 	"github.com/uyuni-project/uyuni-tools/shared/types"
@@ -15,6 +16,7 @@ import (
 type MigrateFlags struct {
 	Image          types.ImageFlags `mapstructure:",squash"`
 	DbUpgradeImage types.ImageFlags `mapstructure:"dbupgrade"`
+	Coco           shared.CocoFlags
 	User           string
 	Mirror         string
 }
@@ -24,5 +26,6 @@ func AddMigrateFlags(cmd *cobra.Command) {
 	utils.AddMirrorFlag(cmd)
 	utils.AddImageFlag(cmd)
 	utils.AddDbUpgradeImageFlag(cmd)
+	utils.AddCocoFlag(cmd)
 	cmd.Flags().String("user", "root", L("User on the source server. Non-root user must have passwordless sudo privileges (NOPASSWD tag in /etc/sudoers)."))
 }

mgradm/cmd/status/podman.go

@@ -11,7 +11,6 @@ import (
 	"github.com/spf13/cobra"
 	adm_utils "github.com/uyuni-project/uyuni-tools/mgradm/shared/utils"
 	"github.com/uyuni-project/uyuni-tools/shared"
-	. "github.com/uyuni-project/uyuni-tools/shared/l10n"
 	"github.com/uyuni-project/uyuni-tools/shared/podman"
 	"github.com/uyuni-project/uyuni-tools/shared/types"
 	"github.com/uyuni-project/uyuni-tools/shared/utils"
@@ -29,9 +28,7 @@ func podmanStatus(
 	} else {
 		// Run spacewalk-service status in the container
 		cnx := shared.NewConnection("podman", podman.ServerContainerName, "")
-		if err := adm_utils.ExecCommand(zerolog.InfoLevel, cnx, "spacewalk-service", "status"); err != nil {
-			return utils.Errorf(err, L("failed to run spacewalk-service status"))
-		}
+		_ = adm_utils.ExecCommand(zerolog.InfoLevel, cnx, "spacewalk-service", "status")
 	}
 
 	for i := 0; i < podman.CurrentReplicaCount(podman.ServerAttestationService); i++ {

mgradm/cmd/support/ptf/podman/utils.go

@@ -30,7 +30,14 @@ func ptfForPodman(
 	if err := flags.checkParameters(); err != nil {
 		return err
 	}
-	return podman.Upgrade(flags.Image, dummyMigration, dummyCoco, args)
+
+	authFile, cleaner, err := podman_shared.PodmanLogin()
+	if err != nil {
+		return utils.Errorf(err, L("failed to login to registry.suse.com"))
+	}
+	defer cleaner()
+
+	return podman.Upgrade(authFile, flags.Image, dummyMigration, dummyCoco, args)
 }
 
 func (flags *podmanPTFFlags) checkParameters() error {

mgradm/cmd/upgrade/podman/utils.go

@@ -7,9 +7,18 @@ package podman
 import (
 	"github.com/spf13/cobra"
 	"github.com/uyuni-project/uyuni-tools/mgradm/shared/podman"
+	. "github.com/uyuni-project/uyuni-tools/shared/l10n"
+	shared_podman "github.com/uyuni-project/uyuni-tools/shared/podman"
 	"github.com/uyuni-project/uyuni-tools/shared/types"
+	"github.com/uyuni-project/uyuni-tools/shared/utils"
 )
 
 func upgradePodman(globalFlags *types.GlobalFlags, flags *podmanUpgradeFlags, cmd *cobra.Command, args []string) error {
-	return podman.Upgrade(flags.Image, flags.DbUpgradeImage, flags.Coco.Image, args)
+	authFile, cleaner, err := shared_podman.PodmanLogin()
+	if err != nil {
+		return utils.Errorf(err, L("failed to login to registry.suse.com"))
+	}
+	defer cleaner()
+
+	return podman.Upgrade(authFile, flags.Image, flags.DbUpgradeImage, flags.Coco.Image, args)
 }

mgradm/shared/kubernetes/install.go

@@ -147,8 +147,8 @@ func Upgrade(
 		return err
 	}
 
-	fqdn, exist := inspectedValues["fqdn"]
-	if !exist {
+	fqdn := inspectedValues.Fqdn
+	if fqdn == "" {
 		return fmt.Errorf(L("inspect function did non return fqdn value"))
 	}
 
@@ -182,25 +182,25 @@ func Upgrade(
 			err = kubernetes.ReplicasTo(kubernetes.ServerApp, 1)
 		}
 	}()
-	if inspectedValues["image_pg_version"] > inspectedValues["current_pg_version"] {
+	if inspectedValues.ImagePgVersion > inspectedValues.CurrentPgVersion {
 		log.Info().Msgf(L("Previous PostgreSQL is %[1]s, new one is %[2]s. Performing a DB version upgrade…"),
-			inspectedValues["current_pg_version"], inspectedValues["image_pg_version"])
+			inspectedValues.CurrentPgVersion, inspectedValues.ImagePgVersion)
 
 		if err := RunPgsqlVersionUpgrade(*image, *upgradeImage, nodeName,
-			inspectedValues["current_pg_version"], inspectedValues["image_pg_version"],
+			inspectedValues.CurrentPgVersion, inspectedValues.ImagePgVersion,
 		); err != nil {
 			return utils.Errorf(err, L("cannot run PostgreSQL version upgrade script"))
 		}
-	} else if inspectedValues["image_pg_version"] == inspectedValues["current_pg_version"] {
-		log.Info().Msgf(L("Upgrading to %s without changing PostgreSQL version"), inspectedValues["uyuni_release"])
+	} else if inspectedValues.ImagePgVersion == inspectedValues.CurrentPgVersion {
+		log.Info().Msgf(L("Upgrading to %s without changing PostgreSQL version"), inspectedValues.UyuniRelease)
 	} else {
 		return fmt.Errorf(L("trying to downgrade PostgreSQL from %[1]s to %[2]s"),
-			inspectedValues["current_pg_version"], inspectedValues["image_pg_version"])
+			inspectedValues.CurrentPgVersion, inspectedValues.ImagePgVersion)
 	}
 
-	schemaUpdateRequired := inspectedValues["current_pg_version"] != inspectedValues["image_pg_version"]
-	if err := RunPgsqlFinalizeScript(serverImage, image.PullPolicy, nodeName, schemaUpdateRequired); err != nil {
-		return utils.Errorf(err, L("cannot run PostgreSQL version upgrade script"))
+	schemaUpdateRequired := inspectedValues.CurrentPgVersion != inspectedValues.ImagePgVersion
+	if err := RunPgsqlFinalizeScript(serverImage, image.PullPolicy, nodeName, schemaUpdateRequired, false); err != nil {
+		return utils.Errorf(err, L("cannot run PostgreSQL finalize script"))
 	}
 
 	if err := RunPostUpgradeScript(serverImage, image.PullPolicy, nodeName); err != nil {

mgradm/shared/kubernetes/k3s.go

@@ -98,14 +98,16 @@ func RunPgsqlVersionUpgrade(image types.ImageFlags, upgradeImage types.ImageFlag
 }
 
 // RunPgsqlFinalizeScript run the script with all the action required to a db after upgrade.
-func RunPgsqlFinalizeScript(serverImage string, pullPolicy string, nodeName string, schemaUpdateRequired bool) error {
+func RunPgsqlFinalizeScript(
+	serverImage string, pullPolicy string, nodeName string, schemaUpdateRequired bool, migration bool,
+) error {
 	scriptDir, err := os.MkdirTemp("", "mgradm-*")
 	defer os.RemoveAll(scriptDir)
 	if err != nil {
 		return fmt.Errorf(L("failed to create temporary directory: %s"))
 	}
 	pgsqlFinalizeContainer := "uyuni-finalize-pgsql"
-	pgsqlFinalizeScriptName, err := adm_utils.GenerateFinalizePostgresScript(scriptDir, true, schemaUpdateRequired, true, true, true)
+	pgsqlFinalizeScriptName, err := adm_utils.GenerateFinalizePostgresScript(scriptDir, true, schemaUpdateRequired, true, migration, true)
 	if err != nil {
 		return utils.Errorf(err, L("cannot generate PostgreSQL finalization script"))
 	}