Online upgrade of IBM Cloud Pak for Watson AIOps (CLI method)
Use these instructions to upgrade IBM Cloud Pak® for Watson AIOps 3.7.0 or later to 4.1.1.
This procedure can be used on an online deployment of IBM Cloud Pak for Watson AIOps 3.7.0 or later, and can still be used if the deployment has had hotfixes applied. If you have an offline deployment, follow the instructions in Upgrading IBM Cloud Pak for Watson AIOps (offline).
Before you begin
- Ensure that you are logged in to your Red Hat® OpenShift® Container Platform cluster with
oc loginfor any steps that use the OpenShift command-line interface (CLI). - Red Hat OpenShift Container Platform requires a user with
cluster-adminprivileges for the following operations:
Warnings:
- Custom patches, labels, and manual adjustments to IBM Cloud Pak for Watson AIOps resources are lost when IBM Cloud Pak for Watson AIOps is upgraded, and must be manually reapplied after upgrade. For more information, see Manual adjustments are not persisted.
- If you previously increased the size of the Kafka PVC directly, then you must follow the correct procedure that is supplied in Increasing the Kafka PVC to ensure that the size is updated by the operator. Failure to do so before upgrading IBM Cloud Pak for Watson AIOps causes the operator to attempt to restore a lower default value for the Kafka PVC, and causes an error in your IBM Cloud Pak for Watson AIOps deployment.
Restrictions:
- You cannot use these instructions to upgrade deployments of IBM Cloud Pak for Watson AIOps 3.6.2 or earlier. For example, you cannot upgrade from IBM Cloud Pak for Watson AIOps 3.6.0 or 3.6.2 to 4.1.1.
- The upgrade cannot be removed or rolled back.
- If you are planning to upgrade to Red Hat OpenShift Container Platform 4.12 as part of an upgrade to IBM Cloud Pak for Watson AIOps 4.1.1, you must complete the IBM Cloud Pak for Watson AIOps upgrade before you upgrade to Red Hat OpenShift Container Platform 4.12.
Upgrade procedure
Follow these steps to upgrade your online IBM Cloud Pak for Watson AIOps deployment.
1. Ensure cluster readiness
Recommended: Take a backup before upgrading. For more information, see Backup and restore.
-
Ensure that your cluster still meets all of the prerequisites for deployment. For more information, see Planning.
If you are upgrading from IBM Cloud Pak for Watson AIOps 4.1.0 then you can skip this step as you will already have performed it. From IBM Cloud Pak for Watson AIOps 4.1.0, the storage requirements for Kafka have increased to 300 GB (3 persistent volumes (PVs) of 100 GB each) for production deployments, and to 60 GB for starter deployments. Your PVs are already configured with volume expansion enabled, as stated in the Storage class requirements, but you must ensure that there is adequate space for the Kafka PVs to expand before you commence upgrade.
Note: IBM Cloud Pak for Watson AIOps requires that Red Hat OpenShift Container Platform must be version 4.10.46 or higher.
-
Run the IBM Cloud Pak for Watson AIOps prerequisite checker script.
The prerequisite checker script ensures that your Red Hat OpenShift Container Platform cluster is correctly set up for an IBM Cloud Pak for Watson AIOps upgrade. When you run the prerequisite checker script, you must run the script in the same project (namespace) that IBM Cloud Pak for Watson AIOps is installed in.
For more information about the script, including how to download and run it, see github.com/IBM
.
-
# ./prereq.sh Using project "cp4waiops" on server "https://myserver.mycluster.mydomain:6443".Starting IBM Cloud Pak for Watson AIOps AI Manager prerequisite checker v4.1...
[INFO] =================================Openshift Container Platform Version Check================================= [INFO] Checking OCP Version. Compatible Versions of OCP are v4.10.46+ and v4.12.x [INFO] OCP version 4.12.18 is compaitble [INFO] =================================Openshift Container Platform Version Check=================================
[INFO] =================================Entitlement Pull Secret================================= [INFO] Checking whether the Entitlement secret or Global pull secret is configured correctly. [INFO] Checking if the job 'cp4waiops-entitlement-key-test-job' already exists. [INFO] The job with name 'cp4waiops-entitlement-key-test-job' was not found, so moving ahead and creating it. [INFO] Creating the job 'cp4waiops-entitlement-key-test-job' job.batch/cp4waiops-entitlement-key-test-job created [INFO] Verifying if the job 'cp4waiops-entitlement-key-test-job' completed successfully.. [INFO] SUCCESS! Entitlement secret is configured correctly. job.batch "cp4waiops-entitlement-key-test-job" deleted [INFO] =================================Entitlement Pull Secret=================================
[INFO] =================================Storage Provider================================= [INFO] Checking storage providers [INFO] No IBM Storage Fusion Found... Skipping configuration check.
[INFO] No Portworx StorageClusters found with "Running" or "Online" status. Skipping configuration check for Portworx. [INFO] Openshift Data Foundation found. [INFO] No IBM Cloud Storage found... Skipping configuration check for IBM Cloud Storage Check.
Checking Openshift Data Foundation Configuration... Verifying if Red Hat Openshift Data Foundation pods are in "Running" or "Completed" status [INFO] Pods in openshift-storage project are "Running" or "Completed" [INFO] ocs-storagecluster-ceph-rbd exists. [INFO] ocs-storagecluster-cephfs exists. [INFO] No warnings or failures found when checking for Storage Providers. [INFO] =================================Storage Provider=================================
[INFO] =================================Small or Large Profile Install Resources================================= [INFO] Checking for cluster resources
[INFO] ==================================Resource Summary===================================================== [INFO] Nodes | vCPU | Memory(GB) [INFO] Small profile(available/required) [ 14 / 3 ] [ 255 / 62 ] [ 479 / 140 ] [INFO] Large profile(available/required) [ 14 / 10 ] [ 255 / 162 ] [ 479 / 360 ] [INFO] ==================================Resource Summary===================================================== [INFO] Cluster currently has resources available to create a large profile of Cloud Pak for Watson AIOps AI Manager [INFO] =================================Small or Large Profile Install Resources=================================
[INFO] =================================Prerequisite Checker Tool Summary================================= [ PASS ] Openshift Container Platform Version Check [ PASS ] Entitlement Pull Secret [ PASS ] Storage Provider [ PASS ] Small or Large Profile Install Resources [INFO] =================================Prerequisite Checker Tool Summary=================================
- Important: If you have a backup scheduled, then stop the backup before you upgrade. Failure to do so will cause your upgrade to fail and break your deployment.
2. Configure automatic catalog polling
Ensure that your catalog is set to automatically poll for the latest images.
Your ibm-operator-catalog CatalogSource object can be configured to automatically poll for the latest catalog version, and to retrieve it if one is available. Polling for updates is enabled by configuring the polling attribute,
spec.updateStrategy.registryPoll.
You might have already elected to automatically accept updates by adding the polling attribute to your ibm-operator-catalog YAML when you installed IBM Cloud Pak for Watson AIOps, installed an IBM Cloud Pak for Watson AIOps hotfix
from IBM support , or when you installed another IBM Cloud Pak®.
Use the following steps to check whether you already have a polling attribute set, and to configure it if you do not.
Note: ibm-operator-catalog also contains the catalogs for other IBM Cloud Paks. If you have multiple IBM Cloud Paks installed on your cluster and you enable the polling attribute, then automatic update is configured
for all of them.
-
Run the following command to view and edit your
ibm-operator-catalogCatalogSource instance.oc edit catalogsource ibm-operator-catalog -n openshift-marketplace -
If there is not a
spec.updateStrategysection, orspec.imageis not set toicr.io/cpopen/ibm-operator-catalog:latest, then update the YAML to have the following contents, and save it.apiVersion: operators.coreos.com/v1alpha1 kind: CatalogSource metadata: name: ibm-operator-catalog namespace: openshift-marketplace spec: displayName: ibm-operator-catalog publisher: IBM Content sourceType: grpc image: icr.io/cpopen/ibm-operator-catalog:latest updateStrategy: registryPoll: interval: 45m
3. Update foundational services
IBM Cloud Pak® foundational services, which is part of your IBM Cloud Pak for Watson AIOps deployment, must be at version 3.23 or higher before you upgrade IBM Cloud Pak for Watson AIOps.
Use the following steps to verify that your ibm-common-service-operator subscription is set to version 3.23 or higher, and to set it to a qualifying version if it is not.
-
Run the following command to find out what version of foundational services you have installed.
oc get csv -A | grep ibm-common-service-operatorIf the version returned is v3.23 or higher, then you do not need to update foundational services and you must skip the rest of this section and proceed to step 4, Create a network policy for log anomaly detection.
-
Download the Common Services upgrade script,
upgrade_common_services.sh, from github.com/IBM. -
Run the following command from the directory that you downloaded the Common Services upgrade script to. This script must be run by a user with
cluster-adminprivilege../cp4waiops-samples/upgrade/upgrade_common_services.sh -a -c v3.23Important: You must only run this script if your version of foundational services is less than v3.23.
-
When
upgrade_common_services.shcompletes, verify that theibm-common-service-operatorchannel is set to version 3.23 or higher in the subscription and in the ClusterServiceVersion (csv).oc get subscription ibm-common-service-operator -n ibm-common-services -o jsonpath='{.spec.channel}{"\n"}' oc get csv -A | grep ibm-common-service-operatorThe foundational services upgrade commences, and will take approximately 30 - 60 minutes.
You can run the following command to check the status of
ZenService. When the foundational services upgrade is complete, this command will have a STATUS ofCompleted. Do not proceed until the upgrade has completed.oc get zenservice -A -o custom-columns='KIND:.kind,NAME:.metadata.name,NAMESPACE:.metadata.namespace,VERSION:status.currentVersion,STATUS:.status.zenStatus,PROGRESS:.status.Progress,MESSAGE:.status.ProgressMessage'Example output from a successful foundational services upgrade:
KIND NAME NAMESPACE VERSION STATUS PROGRESS MESSAGE ZenService iaf-zen-cpdservice cp4waiops 4.8.0 Completed 100% The Current Operation Is Completed
4. Create a network policy for log anomaly detection
If you are upgrading from IBM Cloud Pak for Watson AIOps 4.1.0, then skip this step as you will already have configured this network policy.
If you plan to use log anomaly for new or existing log connections, run the following commands. Replace the AIOPS_NAMESPACE value with the name of the project in which Cloud Pak for Watson AIOps is installed.
AIOPS_NAMESPACE="cp4waiops"
cat << EOF | oc apply -n $AIOPS_NAMESPACE -f -
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
labels:
app: flink
cluster: cp4waiops-eventprocessor-eve-29ee-ep
component: taskmanager
name: cp4waiops-eventprocessor-eve-29ee-ep-tm-patch
spec:
egress:
- {}
ingress:
- from:
- podSelector:
matchLabels:
app: flink
cluster: cp4waiops-eventprocessor-eve-29ee-ep
component: taskmanager
- podSelector:
matchLabels:
app: flink
cluster: cp4waiops-eventprocessor-eve-29ee-ep
component: jobmanager
- ports:
- port: 9248
protocol: TCP
- port: 6122
protocol: TCP
- port: 6121
protocol: TCP
podSelector:
matchLabels:
app: flink
cluster: cp4waiops-eventprocessor-eve-29ee-ep
component: taskmanager
policyTypes:
- Ingress
- Egress
EOF
cat << EOF | oc apply -n $AIOPS_NAMESPACE -f -
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
labels:
app: flink
cluster: cp4waiops-eventprocessor-eve-29ee-ep
component: jobmanager
name: cp4waiops-eventprocessor-eve-29ee-ep-jm-patch
spec:
egress:
- {}
ingress:
- from:
- podSelector:
matchLabels:
app: flink
cluster: cp4waiops-eventprocessor-eve-29ee-ep
component: taskmanager
- podSelector:
matchLabels:
app: flink
cluster: cp4waiops-eventprocessor-eve-29ee-ep
component: jobmanager
- ports:
- port: 8081
protocol: TCP
- port: 6123
protocol: TCP
- port: 6125
protocol: TCP
- port: 8080
protocol: TCP
- port: 6124
protocol: TCP
- port: 9249
protocol: TCP
podSelector:
matchLabels:
app: flink
cluster: cp4waiops-eventprocessor-eve-29ee-ep
component: jobmanager
policyTypes:
- Ingress
- Egress
EOF
5. Update the operator subscription
If you are upgrading from IBM Cloud Pak for Watson AIOps 4.1.0, skip this section as the operator subscription is already correctly set. Proceed to section 6, Verify the deployment.
Update the spec.channel value of the IBM Cloud Pak for Watson AIOps subscription to the release that you want to upgrade to, v4.1.
oc patch subscription.operators.coreos.com ibm-aiops-orchestrator -n <namespace> --type=json -p='[{'op': 'replace', 'path': '/spec/channel', 'value': 'v4.1'}]'
Where <namespace> is the namespace (project) that your IBM Cloud Pak for Watson AIOps subscription is deployed in if your deployment is namespace scoped, or openshift-operators if your deployment has a cluster
wide scope.
6. Verify the deployment
6.1 Check the version
Verify that your IBM Cloud Pak for Watson AIOps deployment is successfully upgraded. Run the following command and check that the VERSION that is returned is 4.1.1.
oc get csv -l operators.coreos.com/ibm-aiops-orchestrator.<namespace> -n <namespace>
Where <namespace> is the namespace (project) that your IBM Cloud Pak for Watson AIOps installation is deployed in if your deployment is namespace scoped, or openshift-operators if your deployment has a cluster
wide scope.
Example output:
oc get csv -l operators.coreos.com/ibm-aiops-orchestrator.cp4waiops -n cp4waiops
NAME DISPLAY VERSION REPLACES PHASE
ibm-aiops-orchestrator.v4.1.1 IBM Cloud Pak for Watson AIOps AI Manager 4.1.1 ibm-aiops-orchestrator.v4.1.0 Succeeded
6.2 Check the deployment
Run the following command to check that the PHASE of your deployment is Updating.
oc get installations.orchestrator.aiops.ibm.com -n <namespace>
Where <namespace> is the namespace (project) that your IBM Cloud Pak for Watson AIOps installation is deployed in.
Example output:
NAME PHASE LICENSE STORAGECLASS STORAGECLASSLARGEBLOCK AGE
ibm-cp-watson-aiops Updating Accepted rook-cephfs rook-ceph-block 3m
It takes around 60-90 minutes for the upgrade to complete (subject to the speed with which images can be pulled). When installation is complete and successful, the PHASE of your installation changes to Running.
If your installation phase does not change to Running, then use the following command to find out which components are not ready:
oc get installation.orchestrator.aiops.ibm.com -o yaml | grep 'Not Ready'
Example output:
lifecycleservice: Not Ready
zenservice: Not Ready
To see details about why a component is Not Ready run the following command, where <component> is the component that is not ready, for example zenservice.
oc get <component> -o yaml
(Optional) You can also download and run a status checker script to see information about the status of your deployment. For more information about how to download and run the script, see github.com/IBM.
If the installation fails, or is not complete and is not progressing, then see Troubleshooting installation and upgrade and Known Issues to help you identify any installation problems.
7. Post upgrade actions
-
Running an IBM Cloud Pak for Watson AIOps backup script that is for a version older than the current deployment (for example, running a 4.1.0 backup script on a 4.1.1 deployment) breaks the deployment. If you previously took a backup or scheduled a backup, then use the 4.1.1 backup scripts to take a new backup or schedule a new backup job. For more information, see Backup and restore.
-
If the EXPIRY_SECONDS environment variable was set for configuring log anomaly alerts, the environment variable was not retained in the upgrade. After the upgrade is completed, set the environment variable again. For more information about setting the variable, see Configuring expiry time for log anomaly alerts.
-
If the
Access Controlpage displays custom roles with deprecated permissions after upgrade, see Custom roles with deprecated permissions after upgrade. -
(Optional) A new field is available in IBM Cloud Pak for Watson AIOps 4.1.0 or higher that you can use to specify the terminology for collections of topology resources as
applicationorservice. The default isapplication. If you want to useserviceas the terminology for your topology resource collections, then run the following command to patch your custom resource.oc patch installations.orchestrator.aiops.ibm.com/<namespace> --type merge -p '{"spec":{"topologyModel":"service"}}'Where
<namespace>is the namespace (project) that your IBM Cloud Pak for Watson AIOps installation is deployed in. -
(Optional) Delete the persistent volume claim (PVC) for training job state data that is no longer required. For more information, see Deleting a persistent volume claim.