How to upgrade above 4.4.0 when the list option values disappear
65 views
Skip to first unread message
Raphaël Bihoré
Dec 29, 2022, 11:13:15 AM12/29/22
to rundeck-discuss
Hi Rundeck Community,
I want to upgrade a rundeck instance from version 4.1.0 to version 4.6.2 but most of our jobs lose their list of possible option values when I go beyond version 4.4.0.
It seems to be due to the deletion of the rdoption_values table, as I saw with the issue https://github.com/rundeck/rundeck/issues/7993
In your opinion, what is the best way to be able to update our rundeck instances while keeping the option lists?
Do we need to export and re-import all of our jobs (several thousand across multiple instances) so that they set their options in the rdoptions table rather than rdoption_value?
I want to upgrade a rundeck instance from version 4.1.0 to version 4.6.2 but most of our jobs lose their list of possible option values when I go beyond version 4.4.0.
It seems to be due to the deletion of the rdoption_values table, as I saw with the issue https://github.com/rundeck/rundeck/issues/7993
In your opinion, what is the best way to be able to update our rundeck instances while keeping the option lists?
Do we need to export and re-import all of our jobs (several thousand across multiple instances) so that they set their options in the rdoptions table rather than rdoption_value?
Would a sql command simply migrate the lists to the correct table?
I take your suggestions.
Thanks very much
Thanks very much
rac...@rundeck.com
Jan 3, 2023, 8:38:48 AM1/3/23
to rundeck-discuss
Hi Raphaël,
The safest way is to export/reimport your jobs. But, you don't need to re-import one by one, you can export your projects and then import them. Just make sure to test all of that on a non-prod environment first. You can automate this using RD CLI in a script.
Greetings!
Raphaël Bihoré
Jan 18, 2023, 12:29:48 PM1/18/23
to rundeck-discuss
Hi Rainer,
It's magic, it worked on our staging environment! :D
It's magic, it worked on our staging environment! :D
I was able to install version 4.6.0 without breaking the options of certain jobs.
I struggled a bit because I couldn't re-import the jobs on some projects (most in fact, 22 out of 31). Even with admin accounts I had 403 "errorCode":"unauthorized" errors.
I modified an admin acl which was quite old, but that didn't change anything. Then I dropped all the database data to re-import them with psql... and now the import works on all projects. I didn't understand why.
Here is the initial acl snippet
description: Full-access to rundeck resources (rundeck_usl token from puppet, TEAM_AVENGERS & GG_A_RDECK_ADMIN)
context:
app: 'rundeck'
for:
resource:
- allow: '*' # full-access to all kinds of resources (project, system, system_acl, user, job, apitoken)
project:
- allow: '*' # full-access
project_acl:
- allow: '*' # full-access
storage:
- allow: '*' # full-access
apitoken:
- allow: '*' # full-access
by:
username:
- 'rundeck_usl_token' # rundeck_usl token from puppet
group:
- 'TEAM_AVENGERS'
- 'GG_A_RDECK_ADMIN'
I replaced the project part with
project:
- match:
name: '.*'
allow: [read,import,export,configure,delete,promote,admin] # allow full access of all projects or use 'admin'
I struggled a bit because I couldn't re-import the jobs on some projects (most in fact, 22 out of 31). Even with admin accounts I had 403 "errorCode":"unauthorized" errors.
I modified an admin acl which was quite old, but that didn't change anything. Then I dropped all the database data to re-import them with psql... and now the import works on all projects. I didn't understand why.
Here is the initial acl snippet
description: Full-access to rundeck resources (rundeck_usl token from puppet, TEAM_AVENGERS & GG_A_RDECK_ADMIN)
context:
app: 'rundeck'
for:
resource:
- allow: '*' # full-access to all kinds of resources (project, system, system_acl, user, job, apitoken)
project:
- allow: '*' # full-access
project_acl:
- allow: '*' # full-access
storage:
- allow: '*' # full-access
apitoken:
- allow: '*' # full-access
by:
username:
- 'rundeck_usl_token' # rundeck_usl token from puppet
group:
- 'TEAM_AVENGERS'
- 'GG_A_RDECK_ADMIN'
I replaced the project part with
project:
- match:
name: '.*'
allow: [read,import,export,configure,delete,promote,admin] # allow full access of all projects or use 'admin'
Are the 2 notations equivalent?
Anyway, thanks a lot for the tip.
Reply all
Reply to author
Forward
0 new messages