Merge pull request #6 from github/backup-manage-password

Support backup/restore of enterprise-manage password hash

Author: rtomayko

bin/ghe-backup

@@ -94,9 +94,25 @@ echo "Backing up GitHub settings ..."
 ghe-ssh "$host" -- 'ghe-export-settings' > settings.json ||
 failures="$failures settings"
 
+# transfer license file
 ghe-ssh "$host" -- "cat '$GHE_REMOTE_LICENSE_FILE'" > enterprise.ghl ||
 failures="$failures license"
 
+# transfer enterprise manage password hash if running against a v2.x instance.
+if [ "$GHE_VERSION_MAJOR" -ge 2 ]; then
+    manage_password_file="$GHE_REMOTE_DATA_USER_DIR/common/manage-password"
+    if echo "sudo cat '$manage_password_file' 2>/dev/null || true" |
+       ghe-ssh "$host" -- /bin/sh > manage-password+
+    then
+        if [ -n "$(cat manage-password+)" ]; then
+            mv manage-password+ manage-password
+        fi
+    else
+        unlink manage-password+
+        failures="$failures manage-password"
+    fi
+fi
+
 echo "Backing up SSH authorized keys ..."
 ghe-ssh "$host" -- 'ghe-export-authorized-keys' > authorized-keys.json ||
 failures="$failures authorized-keys"

bin/ghe-restore

@@ -94,6 +94,15 @@ if $clean_restore; then
         echo "Restoring license ..."
         ghe-ssh "$host" -- 'ghe-import-license' < "$GHE_RESTORE_SNAPSHOT_PATH/enterprise.ghl" 1>&3
 
+        if [ -f "$GHE_RESTORE_SNAPSHOT_PATH/manage-password" ]; then
+            echo "Restoring management console password ..."
+            cat "$GHE_RESTORE_SNAPSHOT_PATH/manage-password" |
+            ghe-ssh "$host" -- \
+                "sudo -u git dd of='$GHE_REMOTE_DATA_USER_DIR/common/manage-password' 2>&1"
+            ghe-ssh "$host" -- \
+                "sudo -u git chmod 0600 '$GHE_REMOTE_DATA_USER_DIR/common/manage-password'"
+        fi
+
         echo "
           sudo ghe-service-ensure-mysql &&
           sudo ghe-service-ensure-elasticsearch

test/test-ghe-backup.sh

@@ -13,6 +13,10 @@ cd "$GHE_REMOTE_DATA_USER_DIR/pages"
 mkdir -p alice bob
 touch alice/index.html bob/index.html
 
+# Create a fake manage password file
+mkdir -p "$GHE_REMOTE_DATA_USER_DIR/common"
+echo "fake password hash data" > "$GHE_REMOTE_DATA_USER_DIR/common/manage-password"
+
 # Create some fake elasticsearch data in the remote data directory
 mkdir -p "$GHE_REMOTE_DATA_USER_DIR/elasticsearch"
 cd "$GHE_REMOTE_DATA_USER_DIR/elasticsearch"
@@ -102,6 +106,11 @@ begin_test "ghe-backup first snapshot"
         # verify all ES data was transferred from snapshot directory
         diff -ru "$GHE_REMOTE_DATA_USER_DIR/elasticsearch-snapshots" "$GHE_DATA_DIR/current/elasticsearch"
     fi
+
+    # verify manage-password file was backed up under v2.x VMs
+    if [ "$GHE_VERSION_MAJOR" -ge 2 ]; then
+        [ "$(cat "$GHE_DATA_DIR/current/manage-password")" = "fake password hash data" ]
+    fi
 )
 end_test
 
@@ -167,6 +176,11 @@ begin_test "ghe-backup subsequent snapshot"
         # verify all ES data was transferred from snapshot directory
         diff -ru "$GHE_REMOTE_DATA_USER_DIR/elasticsearch-snapshots" "$GHE_DATA_DIR/current/elasticsearch"
     fi
+
+    # verify manage-password file was backed up under v2.x VMs
+    if [ "$GHE_VERSION_MAJOR" -ge 2 ]; then
+        [ "$(cat "$GHE_DATA_DIR/current/manage-password")" = "fake password hash data" ]
+    fi
 )
 end_test
 
@@ -208,5 +222,18 @@ begin_test "ghe-backup fails fast when other run in progress"
 
     ln -s 1 "$GHE_DATA_DIR/in-progress"
     ! ghe-backup
+
+    unlink "$GHE_DATA_DIR/in-progress"
+)
+end_test
+
+begin_test "ghe-backup without manage-password file"
+(
+    set -e
+
+    unlink "$GHE_REMOTE_DATA_USER_DIR/common/manage-password"
+    ghe-backup
+
+    [ ! -f "$GHE_DATA_DIR/current/manage-password" ]
 )
 end_test

test/test-ghe-restore.sh

@@ -43,6 +43,7 @@ echo "fake ghe-export-ssh-host-keys data" > "$GHE_DATA_DIR/current/ssh-host-keys
 echo "fake ghe-export-repositories data" > "$GHE_DATA_DIR/current/repositories.tar"
 echo "fake ghe-export-settings data" > "$GHE_DATA_DIR/current/settings.json"
 echo "fake license data" > "$GHE_DATA_DIR/current/enterprise.ghl"
+echo "fake manage password hash data" > "$GHE_DATA_DIR/current/manage-password"
 echo "rsync" > "$GHE_DATA_DIR/current/strategy"
 
 begin_test "ghe-restore into unconfigured vm"
@@ -56,8 +57,10 @@ begin_test "ghe-restore into unconfigured vm"
     export GHE_RESTORE_HOST
 
     # run ghe-restore and write output to file for asserting against
-    ghe-restore -v > "$TRASHDIR/restore-out" 2>&1
-    cat "$TRASHDIR/restore-out"
+    if ! ghe-restore -v > "$TRASHDIR/restore-out" 2>&1; then
+        cat "$TRASHDIR/restore-out"
+        false
+    fi
 
     # verify connect to right host
     grep -q "Connect 127.0.0.1 OK" "$TRASHDIR/restore-out"
@@ -78,6 +81,12 @@ begin_test "ghe-restore into unconfigured vm"
         test -d "$GHE_REMOTE_DATA_USER_DIR/elasticsearch-legacy"
     fi
 
+    # verify manage password was restored under v2.x or greater VMs
+    if [ "$GHE_VERSION_MAJOR" -ge 2 ]; then
+        test -f "$GHE_REMOTE_DATA_USER_DIR/common/manage-password"
+        [ "$(cat "$GHE_REMOTE_DATA_USER_DIR/common/manage-password")" = "fake manage password hash data" ]
+    fi
+
     # verify service-ensure scripts were run under versions >= v2.x
     if [ "$GHE_VERSION_MAJOR" -ge 2 ]; then
         grep -q "ghe-service-ensure-mysql OK" "$TRASHDIR/restore-out"

test/testlib.sh

@@ -77,6 +77,11 @@ cd "$TRASHDIR"
 setup_remote_metadata () {
     mkdir -p "$GHE_REMOTE_DATA_DIR" "$GHE_REMOTE_DATA_USER_DIR"
     mkdir -p "$(dirname "$GHE_REMOTE_METADATA_FILE")"
+
+    if [ "$GHE_VERSION_MAJOR" -ge 2 ]; then
+        mkdir -p "$GHE_REMOTE_DATA_USER_DIR/common"
+    fi
+
     echo '
     {
       "timestamp": "Wed Jul 30 13:48:52 +0000 2014",