Upgrading from IBM Cloud Orchestrator V2.5

You can upgrade from IBM® Cloud Orchestrator V2.5, V2.5.0.1, V2.5.0.1 interim fix 1, V2.5.0.2, V2.5.0.2 LA00​05, or V2.5.0.2 LA00​06, V2.5.0.3, V2.5.0.4, V2.5.0.4, V2.5.0.4 with DirectDriver LA, V2.5.0.5 to IBM Cloud Orchestrator V2.5.0.6.

Before you begin

Before starting the upgrade procedure, ensure that:
  • You have the following credentials:
    • The root credentials for both the IBM Cloud Orchestrator Server and the IBM Cloud Manager with OpenStack master controller
      Note: The credentials for IBM Cloud Manager with OpenStack is not required forIBM Cloud Orchestrator with Keystone topology.
    • The admin password, as used to log in to the user interface, for IBM Cloud Manager with OpenStack
    • The IBM Cloud Orchestrator password, which is used for the Business Process Manager users bpm_admin and tw_admin, and for the IBM HTTP Server keystore.
    • The IBM DB2® user password for IBM Cloud Orchestrator, which is used for db2inst1, if it is different from the IBM Cloud Orchestrator password.
    • For hardware prerequisites, see Checking the hardware prerequisites.
  • The IBM Cloud Orchestrator services are running.
    To check the status of the IBM Cloud Orchestrator services in a non high-availability environment, run the following command as user root on the IBM Cloud Orchestrator Server: 
    /opt/ibm/ico/orchestrator/scorchestrator/SCOrchestrator.py --status

    To check the status of the IBM Cloud Orchestrator services in a high-availability environment, run the lssam command on one of the IBM Cloud Orchestrator Servers.

    For more information about verifying the status, see Verifying the installation.

  • The IBM Cloud Manager with OpenStack environment is correctly configured. If you modified or updated the IBM Cloud Manager with OpenStack topology after the installation, before upgrading you must run the procedure described in Configuring the OpenStack servers. For more information, see Reconfiguring IBM Cloud Manager with OpenStack after updates. This step is not required for IBM Cloud Orchestrator with Keystone topology.
  • The /tmp directory is not mounted with the noexec, nodev, and nosuid options during the upgrade procedure. You can change the /tmp directory configuration after IBM Cloud Orchestrator is upgraded.
  • For OpenStack having endpoint on HTTP, configure the integration of OpenStack installation with IBM Cloud Orchestrator. For the actual steps configure, see [Upgrade] Reconfiguring OpenStack having keystone endpoint on HTTP. This step is not required for IBM Cloud Orchestrator with Keystone topology.
  • For OpenStack having endpoint on HTTPS, configure the integration of OpenStack installation with IBM Cloud Orchestrator. For the actual steps configure, see [Upgrade] Reconfiguring OpenStack having keystone endpoint on HTTPS. This step is not required for IBM Cloud Orchestrator with Keystone topology.
  • If you upgrade from IBM Cloud Orchestrator V2.5.0.2 LA00​05 or V2.5.0.2 LA00​06, then see step 6 of [Upgrade] Reconfiguring OpenStack having keystone endpoint on HTTPS or step 5 of [Upgrade] Reconfiguring OpenStack having keystone endpoint on HTTP. This step is not required for IBM Cloud Orchestrator with Keystone topology.
  • If you are using an external DB2 database instance in a high-availability environment, you configure it for TLS v1.2. For more information, see Configuring external DB2 for TLS v1.2.
  • If you plan to upgrade to RHEL 7.4 on your IBM Cloud Orchestrator and IBM Cloud Manager with OpenStack servers, you run the following upgrading procedure in the correct order:
    1. Upgrade to IBM Cloud Manager with OpenStack 4.3 Fix Pack 9.
    2. Upgrade the IBM Cloud Manager with OpenStack servers to RHEL 7.4.
    3. Upgrade to IBM Cloud Orchestrator 2.5.0.6.
    4. Upgrade the IBM Cloud Orchestrator servers to RHEL 7.4.
  • Ensure that none of the service requests is in progress.

  • The NOVA.CONF is reverted to its default values during IBM Cloud Orchestrator fix pack upgrade. During the IBM Cloud Orchestrator fix pack upgrade, the OpenStack RPM installation might cause the default configuration files to be copied on the region server. When the services are upgraded and restarted, the use of default configurations might damage the virtual machines.

    The IBM Cloud Orchestrator Upgrade documentation reminds you to replace the backed up copies of the original configuration files after the upgrade. However, during upgrade itself these default settings are used and the services are restarted.

    As a resolution, reduce the IBM Cloud Orchestrator vCenter service account permissions to read only during upgrade operation.

  • If you are using a Public Cloud Gateway (PCG) that is configured with IBM Cloud Orchestrator in HTTP and you want to reconfigure the IBM Cloud Orchestrator to HTTPS, then delete the Public Cloud Gateway HTTP endpoints from keystone. Run the following script from the IBM Cloud Orchestrator installation directory to delete the Public Cloud Gateway HTTP endpoints from keystone: 
    delete_pcg_endpoints.sh response_file user_name
  • If Public Cloud Gateway is configured on IBM Cloud Orchestrator V2.5.0.3 HTTPS, then ensure that it is in stop state before you upgrade.
  • If you have IBM Cloud Orchestrator V2.5.0.4 with DirectDriver LA, then do the following tasks:
    • Uninstall DirectDriver LA manually before you proceed with V2.5.0.6 upgrade. For more details about the procedure, see Uninstalling DirectDriver LA.
    • Manually delete all offerings of DirectDriver PowerVC and VMware to avoid duplicate offerings post the upgrade.

About this task

The upgrade procedure runs as user root on the IBM Cloud Orchestrator Server.
Note: The commands that are used in this procedure assume that the following standard directories were used when installing the earlier versions of IBM Cloud Orchestrator:
  • Download directory: /opt/ico_download
  • Install directory:
    • In V2.5: /opt/ico_install/V2500
    • In V2.5.0.1: /opt/ico_install/2.5.0-CSI-ICO-FP0001
    • In V2.5.0.1 interim fix 1: /opt/ico_install/2.5.0.1-CSI-ICO-IF0001
    • In V2.5.0.2: /opt/ico_install/2.5.0-CSI-ICO-FP0002
    • In V2.5.0.3: /opt/ico_install/2.5.0-CSI-ICO-FP0003
    • In V2.5.0.4: /opt/ico_install/2.5.0-CSI-ICO-FP0004
    • In V2.5.0.5: /opt/ico_install/2.5.0-CSI-ICO-FP0005

It also assumes that, for the upgrade to IBM Cloud Orchestrator V2.5.0.6, the upgrade directory is /opt/ico_install/2.5.0-CSI-ICO-FP0006.

If different directories were used, adjust the example commands as appropriate.
Important: The IBM HTTP Server packages are not required in the upgrade procedure, so do not download them.

For the complete list of all part numbers for IBM Cloud Orchestrator, see Passport Advantage eAssemblies list at http://www-01.ibm.com/support/docview.wss?uid=swg27045668. To download appropriate image files, see Downloading the required image files.

Procedure

  1. Download the IBM Cloud Orchestrator V2.5 Fix Pack 6 from Fix Central to the /opt/ico_download directory on the IBM Cloud Orchestrator Server. The package file name is 2.5.0-CSI-ICO-FP0006.tgz.
    If you are upgrading a high-availability environment, ensure that you download the following IBM Tivoli® System Automation for Multiplatforms packages:
    • From IBM Passport Advantage, download SA_MP_v4.1_Lnx.tar and copy it to /opt/ico_install/2.5.0-CSI-ICO-FP0005/data/orchestrator-chef-repo/packages/samp/ directory.
    • From IBM Fix Central, download 4.1.0-TIV-SAMP-Linux64-FP0003.tar and copy it to /opt/ico_install/2.5.0-CSI-ICO-FP0005/data/orchestrator-chef-repo/packages/fixpack3/ directory.
  2. Download the following IBM Business Process Manager packages from the IBM Passport Advantage® site to the /opt/ico_download directory: 
    BPM_V86_Linux_x86_1_of_3.tar.gz 
BPM_V86_Linux_x86_2_of_3.tar.gz 
BPM_V86_Linux_x86_3_of_3.tar.gz
    Note: The Business Process Manager v8.6 part numbers can be found at http://www-01.ibm.com/support/docview.wss?uid=swg27045668.
  3. Unpack the 2.5.0-CSI-ICO-FP0006.tgz file from the download directory into the new /opt/ico_install/2.5.0-CSI-ICO-FP0006 install directory by running the following command: 
    tar -xvf /opt/ico_download/2.5.0-CSI-ICO-FP0006.tgz -C /opt/ico_install
  4. Ensure that the binaries of Business Process Manager V8.6 are available at /opt/ico_download. Copy and paste the Business Process Manager v8.6 media files (3 of them) in IBM Cloud Orchestrator 2.5.0.6 at /opt/ico_install/2.5.0-CSI-ICO-FP0006/data/orchestrator-chef-repo/packages/bpm_binaries.
  5. [For a high-availability environment only:] Perform the following steps to prepare the environment for the upgrade:
    1. Stop the IBM Cloud Orchestrator management stack by running the following command on the primary IBM Cloud Orchestrator Server: 
      chrg -o Offline central-services-rg
      To check that the status of the IBM Cloud Orchestrator management stack is Offline, run the lssam command on one of the IBM Cloud Orchestrator Servers. The following output is displayed, for example:
      Offline IBM.ResourceGroup:central-services-rg Nominal=Online
       |- Offine IBM.Application:bpm
               |- Offline IBM.Application:bpm:ico-node1
               '- Offline IBM.Application:bpm:ico-node4
       |- Offline IBM.Application:ihs
               |- Offline IBM.Application:ihs:ico-node1
               '- Offline IBM.Application:ihs:ico-node4
       |- Offline IBM.Application:scui
               |- Offline IBM.Application:scui:ico-node1
               '- Offline IBM.Application:scui:ico-node4
       '- Offline IBM.ServiceIP:cs-ip
               |- Offline IBM.ServiceIP:cs-ip:ico-node1
               '- Offline IBM.ServiceIP:cs-ip:ico-node4
Offline IBM.ResourceGroup:pcg-rg Nominal=Online
       '- Offline IBM.Application:pcg
               '- Online IBM.Application:pcg:ico-node1
Online IBM.Equivalency:cs-network-equ
       |- Online IBM.NetworkInterface:ens192:ico-node1
       '- Online IBM.NetworkInterface:ens192:ico-node4
    2. Suspend the automation by running the following command on the primary IBM Cloud Orchestrator Server:
      samctrl -M t
      To check that the automation is in manual mode, run the lssam command on one of the IBM Cloud Orchestrator Servers. The following output is displayed, for example:
      Offline IBM.ResourceGroup:central-services-rg Automation=Manual Nominal=Offline
        |- Offline IBM.Application:bpm Request=Offline
                |- Offline IBM.Application:bpm:ico-node1
                '- Offline IBM.Application:bpm:ico-node4
        |- Offline IBM.Application:ihs Request=Offline Control=MemberInProblemState
                |- Offline IBM.Application:ihs:ico-node1
                '- Offline IBM.Application:ihs:ico-node4
        |- Offline IBM.Application:scui
                |- Offline IBM.Application:scui:ico-node1
                '- Offline IBM.Application:scui:ico-node4
        '- Offline IBM.ServiceIP:cs-ip
                |- Offline IBM.ServiceIP:cs-ip:ico-node1
                '- Offline IBM.ServiceIP:cs-ip:ico-node4
Offline IBM.ResourceGroup:pcg-rg Automation=Manual Nominal=Online
        '- Offline IBM.Application:pcg
                '- Offline IBM.Application:pcg:ico-node1
Online IBM.Equivalency:cs-network-equ
        |- Online IBM.NetworkInterface:ens192:ico-node1
        '- Online IBM.NetworkInterface:ens192:ico-node4
  6. Edit the response file to include the current passwords and other parameter values by running the following commands: 
    cd /opt/ico_install/2.5.0-CSI-ICO-FP0006/installer
vi ico_install.rsp
    For more information about the response file parameters, see Setting the deployment parameters.

    If you are upgrading from 2.5.0.5 that is on keystone topology, then add the keystone parameters as well.

  7. Check the installation prerequisites by running the following command: 
    ./prereq-checker.sh ico_install.rsp
    For more information, see Checking the installation prerequisites.
  8. Run the installation script by running the following command: 
    ./ico_install.sh ico_install.rsp
  9. Verify the upgrade by following the procedure that is described in Verifying the installation.
  10. Copy the latest version of the configuration scripts to all the IBM Cloud Manager with OpenStack controllers and compute nodes in place of the existing version of the scripts by running the procedure that is described in Copying the IBM Cloud Orchestrator scripts to the OpenStack servers. This step is not required for IBM Cloud Orchestrator with Keystone topology.
  11. Manually verify and reapply your OpenStack customization after you deploy the IBM Cloud Manager with OpenStack controllers. This step is not required for IBM Cloud Orchestrator with Keystone topology.
  12. After you upgrade to IBM Cloud Orchestrator, for security reasons, ensure that the following steps are completed to prevent unrestricted access to the user and group lists in Business Space when using REST APIs:
    1. Log in as bpm_admin to the WebSphere® Application Server Integrated Solutions console at https://$ico_server:9043/ibm/console/logon.jsp.
    2. Navigate to Resources > Resource Environment > Resource environment providers > Mashups_ConfigService > Custom properties.
    3. Create a new String type property with the following values:
      Scope = cells:PCCell1:clusters:SingleCluster
Name = com.ibm.mashups.usersearch.blocked
Value = true
Type = java.lang.String
      Setting the value to true restricts the global user or group search via the Business Space REST APIs.
    4. Apply and save the custom property in the master configuration and log out from the WebSphere Application Server Integrated Solutions console.
    5. Restart the Business Process Manager server by running the following command on the IBM Cloud Orchestrator Server:
      systemctl restart bpm

What to do next

  • If IBM Cloud Orchestrator V2.5.0.6 upgrade is for HTTPS configuration, then import Self-service user interface certificate in an OpenStack server. For the actual procedure, see Importing SCUI certificate in an OpenStack Server.
  • If you are using a different locale other than EN in a non-high availability installation, then restart IBM Cloud Orchestrator services, Business Process Manager, and the operating system of the IBM Cloud Orchestrator node after upgrade.
  • As the installation paths are changed for Self-service user interface and Public Cloud Gateway, do the following steps after upgrade is complete:
    1. Check and update the credentials/contents of the following Public Cloud Gateway configuration files from old installation path (<INSTALL_ROOT>/pcg/etc/) to new installation path (<INSTALL_ROOT>/wlp/usr/servers/pcg/etc/).
      • flavors.json
      • credentials.json
      • config.json
      • admin.json
    2. Check and update the credentials/contents of the Self-service user interface files from old installation path (<INSTALL_ROOT>/scui/etc/) to new installation path (<INSTALL_ROOT>/wlp/usr/servers/scui/etc/).
    3. After your move or backup all the Public Cloud Gateway and Self-service user interface-related files, delete the old installation paths.
    4. Restart Public Cloud Gateway and Self-service user interface services:
      • systemctl restart pcg
      • systemctl restart scui
  • If you upgraded from IBM Cloud Orchestrator V2.5.0.4 with DirectDriver LA, then do the following steps:
    • Modify the region to add a dataClusterName.
    • When you upgrade, the <ICO_HOME>/HTTPServer/conf/ihs.conf gets overwritten and the earlier changes are lost. Reconfigure ihs.conf again for DirectDriver. For the actual steps to reconfigure, see Configure IBM HTTP Server for DirectDriver section at Prerequisites.
Parent topic: Upgrading