Manual Appliance Update Process for AWS - When Port 80 is not Open or any internet limitation

Problem

If anyone tries to upgrade an appliance in AWS and drydock fails to do the job because docker hits a timeout while trying to pull images from harbor2.iqcloud.iquate.org or strict internet limitations here's how you can perform the upgrade copying the docker image from another machine.

Solution

SOURCE-MACHINE = server which has access to harbor2.iqcloud.iquate.org and has enough privileges to pull images
TARGET-MACHINE = server where we intend to upgrade the appliance
Wanted-Version = the version of the docker image to which we intend to manually upgrade the appliance

Connect through SSH to the SOURCE-MACHINE
docker pull harbor2.iqcloud.iquate.org/fishbowl/server-appliance:{Wanted-Version}
docker save [docker-image-id] | gzip > image.tar.gz
scp image.tar.gz iquate@TARGET-MACHINE:/home/iquate
Connect through SSH to the TARGET-MACHINE
ssh iquate@TARGET-MACHINE
gunzip image.tar.gz
docker load -i image.tar

iquate@ip-of-the-target:~$ docker load -i image.tar
935c56d8b3f9: Loading layer [==================================================>]  135.8MB/135.8MB
697949baa658: Loading layer [==================================================>]  15.87kB/15.87kB
e6feec0db89a: Loading layer [==================================================>]  11.78kB/11.78kB
5276d2b930fc: Loading layer [==================================================>]  3.072kB/3.072kB
95637adae617: Loading layer [==================================================>]  863.6MB/863.6MB
ce6d03db7f88: Loading layer [==================================================>]  6.593MB/6.593MB
517419b249b3: Loading layer [==================================================>]  277.6MB/277.6MB
Loaded image ID: sha256:917f575bfb10e402fac89b395e26c5fbd3bdcec0ce423aafd5e332cee584fef8

9. Check if the image was loaded

docker images

iquate@ip-of-the-target:~$ docker images
REPOSITORY                                                       TAG                        IMAGE ID       CREATED         SIZE
                                                                                            917f575bfb10   20 hours ago    1.26GB
.....................

10. So, the id of our docker image is

917f575bfb10.

Each build in the past and the future will have a different tag so before doing that you must be aware about available build and it’s respective tag. For more details about available versions and tag please refer - https://hub.docker.com/r/iqcloud/server-appliance/tags

Let's tag it

docker tag 917f575bfb10 harbor2.iqcloud.iquate.org/fishbowl/server-appliance:{Wanted-Version}

11. Follow the rest of the steps for updating the YAML onwards from https://cloudsphere.atlassian.net/wiki/spaces/CDP/pages/504758329

NOTE: The CloudSphere appliance has right certificate. The firewall at customer’s end might try a cert rewrite. what happens is firewall looks at cert and tries to replace it.

To resolve any cert issue, the whitelisting of root level docker.io and docker.com at the firewall is needed and there should not be any change to certificate.