Manual Appliance Update Process for AWS - When Port 80 is not Open or any internet limitation
Problem
If anyone tries to upgrade an appliance in AWS and drydock fails to do the job because docker hits a timeout while trying to pull images from harbor2.iqcloud.iquate.org or strict internet limitations here's how you can perform the upgrade copying the docker image from another machine.
Solution
SOURCE-MACHINE
= server which has access to harbor2.iqcloud.iquate.org and has enough privileges to pull imagesTARGET-MACHINE
= server where we intend to upgrade the applianceWanted-Version
= the version of the docker image to which we intend to manually upgrade the appliance
Connect through SSH to the SOURCE-MACHINE
docker pull harbor2.iqcloud.iquate.org/fishbowl/server-appliance:{Wanted-Version}
docker save [docker-image-id] | gzip > image.tar.gz
scp image.tar.gz iquate@TARGET-MACHINE:/home/iquate
Connect through SSH to the TARGET-MACHINE
ssh iquate@TARGET-MACHINE
gunzip image.tar.gz
docker load -i image.tar
iquate@ip-of-the-target:~$ docker load -i image.tar
935c56d8b3f9: Loading layer [==================================================>] 135.8MB/135.8MB
697949baa658: Loading layer [==================================================>] 15.87kB/15.87kB
e6feec0db89a: Loading layer [==================================================>] 11.78kB/11.78kB
5276d2b930fc: Loading layer [==================================================>] 3.072kB/3.072kB
95637adae617: Loading layer [==================================================>] 863.6MB/863.6MB
ce6d03db7f88: Loading layer [==================================================>] 6.593MB/6.593MB
517419b249b3: Loading layer [==================================================>] 277.6MB/277.6MB
Loaded image ID: sha256:917f575bfb10e402fac89b395e26c5fbd3bdcec0ce423aafd5e332cee584fef8
9. Check if the image was loaded
docker images
iquate@ip-of-the-target:~$ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
917f575bfb10 20 hours ago 1.26GB
.....................
10. So, the id of our docker image is
917f575bfb10
.
Each build in the past and the future will have a different tag so before doing that you must be aware about available build and it’s respective tag. For more details about available versions and tag please refer - https://hub.docker.com/r/iqcloud/server-appliance/tags
Let's tag it
docker tag 917f575bfb10 harbor2.iqcloud.iquate.org/fishbowl/server-appliance:{Wanted-Version}
11. Follow the rest of the steps for updating the YAML onwards from https://cloudsphere.atlassian.net/wiki/spaces/CDP/pages/504758329
NOTE: The CloudSphere appliance has right certificate. The firewall at customer’s end might try a cert rewrite. what happens is firewall looks at cert and tries to replace it.
To resolve any cert issue, the whitelisting of root level docker.io and docker.com at the firewall is needed and there should not be any change to certificate.