AIFBR-12310: skill restore in active active setup (#199)

* skill restore in active active setup

* skill restore script

* skill restore script

* skill restore script

* skill restore script

* review comments

* review comments

* review comments

Author: vaibhavs-uipath

activeactive/skills/README.md

@@ -0,0 +1,31 @@
+# Script for manual backup and restore of skills in OnPrem
+
+## Purpose
+With skills being present in more than one cluster in Active-Active setup, there is a need to manually backup and 
+restore skills when needed.
+
+## Requirements
+The Machine where script runs needs the following:
+* Minimum AIC version 22.10
+* jq, curl to be installed.
+* User logged in with permission to run the script and access to above tools
+
+### NOTE
+* Please note port forwarding will be done by the script to create tenant secret on secondary cluster
+
+## Steps to restore skills on secondary
+
+* Find the skill id to restore. <skill-id>
+* Run script skill-backup.sh in the primary and give skill-id as input.
+  * Example:
+            [root@server0 testadmin]# sh skill-backup.sh
+            Enter skill id:
+             083a05ac-1c1e-4db5-850b-ca1d9d4e56cd
+* This will generate a dir with all the artifacts of that skill.
+* Copy the dir in secondary.
+* Run script skill-restore.sh and give path of the copied folder as input.
+  * Example: 
+             [root@server0 testadmin]# sh skill-restore.sh
+             Enter backup dir path:
+              083a05ac-skill-backup
+

activeactive/skills/skill-backup.sh

@@ -0,0 +1,132 @@
+#!/bin/bash
+
+red=$(tput setaf 1)
+green=$(tput setaf 2)
+yellow=$(tput setaf 3)
+default=$(tput sgr0)
+
+
+echo "$green Enter skill id:"
+read skillId
+#echo "Skill Id is: $skillId"
+
+echo "$green $(date) Taking backup of Skill with Id: $skillId"
+
+uuidArray=(${skillId//-/ })
+uuid=${uuidArray[0]}
+#echo "uuid: $uuid"
+mkdir $uuid-skill-backup
+
+function backup_deployment() {
+
+  getDeployment=`kubectl get deployment -n uipath | grep -i $skillId`
+    if [ -z "$getDeployment" ]; then
+        echo "$red $(date) No deployment present with provided skill id, Please check ... Exiting $default"
+        exit 1
+     else
+       deploymentArray=(${getDeployment// / })
+       deployFile=${deploymentArray[0]}
+       #echo "deploy file name: $deployFile"
+       kubectl get deployment -n uipath $deployFile -o yaml > $uuid-skill-backup/$uuid-deployment.yaml
+       echo "$green $(date) Backup of deployment is success for Skill with Id: $skillId"
+     fi
+}
+
+function backup_service() {
+
+  getService=`kubectl get svc -n uipath | grep -i $skillId`
+  if [ -z "$getService" ]; then
+     echo "$red $(date) No SVC found for Skill id : $skillId"
+  else
+    serviceArray=(${getService// / })
+    serviceFile=${serviceArray[0]}
+    #echo "service file name: $serviceFile"
+    kubectl get svc -n uipath $serviceFile -o yaml > $uuid-skill-backup/$uuid-service.yaml
+    echo "$green $(date) Backup of service is success for Skill with Id: $skillId"
+  fi
+}
+
+function backup_virtual_service() {
+
+  getVirtualService=`kubectl get virtualservices -n uipath | grep -i $skillId`
+  if [ -z "$getVirtualService" ]; then
+     echo "$red $(date) No Virtual Service found for Skill id : $skillId"
+  else
+    virtualServiceArray=(${getVirtualService// / })
+    virtualServiceFile=${virtualServiceArray[0]}
+    kubectl get virtualservices -n uipath $virtualServiceFile -o yaml > $uuid-skill-backup/$uuid-virtual-service.yaml
+    echo "$green $(date) Backup of virtual service is success for Skill with Id: $skillId"
+  fi
+}
+
+function backup_skill_secret() {
+
+  getSkillSecret=`kubectl get secret -n uipath | grep -i $skillId`
+  if [ -z "$getSkillSecret" ]; then
+     echo "$red $(date) No Secret found for Skill id : $skillId"
+  else
+    secretArray=(${getSkillSecret// / })
+    secretFile=${secretArray[0]}
+    #echo "secretFile file name: $secretFile"
+    kubectl get secret -n uipath $secretFile -o yaml > $uuid-skill-backup/$uuid-secret.yaml
+    echo "$green $(date) Backup of Secret is success for Skill with Id: $skillId"
+  fi
+}
+
+function backup_configmap() {
+
+  getConfigmap=`kubectl get configmap -n uipath | grep -i $skillId`
+  if [ -z "$getConfigmap" ]; then
+     echo "$red $(date) No Configmap found for Skill id : $skillId"
+  else
+    configmapArray=(${getConfigmap// / })
+    configmapFile=${configmapArray[0]}
+    kubectl get configmap -n uipath $configmapFile -o yaml > $uuid-skill-backup/$uuid-configmap.yaml
+    echo "$green $(date) Backup of Configmap is success for Skill with Id: $skillId"
+  fi
+}
+
+function backup_hpa() {
+
+  getHpa=`kubectl get hpa -n uipath | grep -i $skillId`
+  if [ -z "$getHpa" ]; then
+     echo "$yellow $(date) No HPA found for Skill id : $skillId"
+  else
+    hpaArray=(${getHpa// / })
+    hpaFile=${hpaArray[0]}
+    kubectl get hpa -n uipath $hpaFile -o yaml > $uuid-skill-backup/$uuid-hpa.yaml
+    echo "$green $(date) Backup of HPA is success for Skill with Id: $skillId"
+  fi
+}
+
+function backup_pdb() {
+
+  getPdb=`kubectl get pdb -n uipath | grep -i $skillId`
+  if [ -z "$getPdb" ]; then
+     echo "$yellow $(date) No PDB found for Skill id : $skillId"
+  else
+    pdbArray=(${getPdb// / })
+    pdbFile=${pdbArray[0]}
+    kubectl get pdb -n uipath $pdbFile -o yaml > $uuid-skill-backup/$uuid-pdb.yaml
+    echo "$green $(date) Backup of PDB is success for Skill with Id: $skillId"
+  fi
+
+}
+
+backup_deployment
+
+backup_service
+
+backup_virtual_service
+
+backup_skill_secret
+
+backup_configmap
+
+backup_hpa
+
+backup_pdb
+
+echo "$green $(date) Skill backup complete in dir: $uuid-skill-backup"
+
+

activeactive/skills/skill-restore.sh

@@ -0,0 +1,109 @@
+#!/bin/bash
+
+
+red=$(tput setaf 1)
+green=$(tput setaf 2)
+yellow=$(tput setaf 3)
+default=$(tput sgr0)
+
+PORT_FRWD=80
+
+echo "$green Enter backup dir path:"
+read backupDir
+echo "$green Enter skill id:"
+read skillId
+
+uuidArray=(${skillId//-/ })
+uuid=${uuidArray[0]}
+
+echo -e "$green $(date) Backup started \n"
+
+# Validate dependency module
+# $1 - Name of the dependency module
+# $2 - Command to validate module
+function validate_dependency() {
+  eval $2
+  # Next statement is checking last command success
+  if [ $? -ne 0 ]; then
+    echo -e "$red $(date) Please install ******** $1 ***********  ... Exiting $default"
+    exit 1
+  fi
+}
+
+# Validate required modules exits in target setup
+function validate_setup() {
+  validate_dependency jq "jq --version"
+  echo -e "$(date) Successfully validated required dependencies"
+}
+
+
+function create_tenant_secret() {
+  TENANT_SECRET_EXISTS=$(kubectl -n uipath get secret | grep deployment-storage-credentials)
+  if [ -z "$TENANT_SECRET_EXISTS" ]; then
+      echo -e "$green Starting port forwarding for ai-deployer to create tenant secret \n"
+
+        IDENTITY_SERVER_ENDPOINT=$(kubectl -n uipath get deployment ai-app-deployment -o json | jq -r '.spec.template.spec.containers[0].env[] | select(.name == "IDENTITY_SERVER_ENDPOINT").value')'/connect/token'
+        if [[ -z $IDENTITY_SERVER_ENDPOINT ]]; then
+          echo "$red $(date) IDENTITY_SERVER_ENDPOINT is invalid or missing, Please check ... Exiting $default"
+          exit 1
+        fi
+
+        S2S_CLIENT_ID=$(kubectl -n uipath get secret identity-client-aifabric -o json | jq '.data."Aicenter.Recovery.S2S.ClientId"' | sed -e 's/^"//' -e 's/"$//' | base64 -d)
+        S2S_CLIENT_SECRET=$(kubectl -n uipath get secret identity-client-aifabric -o json | jq '.data."Aicenter.Recovery.S2S.ClientSecret"' | sed -e 's/^"//' -e 's/"$//' | base64 -d)
+        if [[ -z $S2S_CLIENT_ID || -z $S2S_CLIENT_SECRET ]]; then
+          echo "$red $(date) S2S_CLIENT_ID or S2S_CLIENT_SECRET is invalid or missing, Please check ... Exiting $default"
+          exit 1
+        fi
+
+        ACCESS_TOKEN=$(curl --location --request POST $IDENTITY_SERVER_ENDPOINT \
+        --header 'Content-Type: application/x-www-form-urlencoded' \
+        --data-urlencode 'client_id='$S2S_CLIENT_ID \
+        --data-urlencode 'client_secret='$S2S_CLIENT_SECRET \
+        --data-urlencode 'grant_type=client_credentials' \
+        --data-urlencode 'audience=AiFabricRecovery' | jq '.access_token' | sed -e 's/^"//' -e 's/"$//')
+        if [[ -z $ACCESS_TOKEN ]]; then
+          echo "$red $(date) ACCESS_TOKEN is invalid or missing, Please check ... Exiting $default"
+          exit 1
+        fi
+
+        kubectl -n uipath port-forward service/ai-deployer-svc $PORT_FRWD:80 --address 0.0.0.0 &
+        bkg_pid=$!
+        sleep 5
+        echo -e "$green Calling create tenant secret API \n"
+        curl --silent --fail -i -k --show-error -X POST 'http://localhost:'$PORT_FRWD'/ai-deployer/v1/system/namespace/recover' -H 'authorization: Bearer '"$ACCESS_TOKEN"
+        echo -e "$yellow Waiting for tenant secret creation to complete  \n"
+        sleep 5
+        test -f /proc/$bkg_pid/cmdline && kill $bkg_pid
+
+        echo -e "$green Tenant Secret creation complete. Restoring backup dir \n"
+        echo $default
+  else
+            echo -e "$green Tenant Secret already exists. Restoring backup dir \n"
+            echo $default
+  fi
+
+}
+
+function restore_skill() {
+
+  kubectl apply -f $backupDir/$uuid-secret.yaml
+  kubectl apply -f $backupDir/$uuid-configmap.yaml
+  kubectl apply -f $backupDir/$uuid-deployment.yaml
+  kubectl apply -f $backupDir/$uuid-service.yaml
+  if [ -f "$backupDir/$uuid-hpa.yaml" ]; then
+  kubectl apply -f $backupDir/$uuid-hpa.yaml
+  fi
+  if [ -f "$backupDir/$uuid-pdb.yaml" ]; then
+  kubectl apply -f $backupDir/$uuid-pdb.yaml
+  fi
+  kubectl apply -f $backupDir/$uuid-virtual-service.yaml
+
+  echo -e "$green $(date) Backup completed \n"
+  echo $default
+}
+
+validate_setup
+
+create_tenant_secret
+
+restore_skill