Upgrading from IBM Cloud Pak for Data Version 4.5 to Version 4.6
A Red Hat® OpenShift® Container Platform cluster administrator and project administrator can work together to prepare the cluster and upgrade IBM Cloud Pak for Data from Version 4.5 to Version 4.6.
Your Cloud Pak for Data deployment will be unavailable during the upgrade.
Before you begin
- 4.6.3 If you are upgrading to Cloud Pak for Data 4.6.3, ensure that you are running Red Hat OpenShift Container Platform Version 4.10, which is supported by Cloud Pak for Data Version 4.5 and Cloud Pak for Data Version 4.6.3.
- Review the information in the Planning section.
Specifically, ensure that you review the System requirements. Your cluster must have sufficient resources.
- Ensure that you have a copy of script that defines the installation environment variables for
your deployment.Remember: The script enables you to run most of the installation and upgrade commands without modifying them.
- Determine which install plan the IBM
Cloud Pak foundational services operators and Cloud Pak for Data operators are using:
oc get installplan
- If the install plan approval is
Automatic
, you can proceed to the next step. - If the install plan approval is
Manual
, review the following options:Option Details Change the install plan to Automatic
(recommended)It is strongly recommended that you change the install plan for the IBM Cloud Pak foundational services operators and Cloud Pak for Data operators to Automatic
. This enables thecpd-cli manage
commands to seamlessly update the operators.To update the install plan for the operators:
- For the IBM
Cloud Pak foundational services
operators, see the Changing approval strategy from
Manual
toAutomatic
in the IBM Cloud Pak foundational services documentation. - For the Cloud Pak for Data operators, update the install plans for each operator through the Red Hat OpenShift Container Platform console. Open each subscription, view the subscription details, and edit the Update approval setting. For a list of the Cloud Pak for Data operators, see Creating operator subscriptions in the IBM Cloud Pak for Data Version 4.0 documentation.
Important: Ensure that the install plan of all the operators in the${PROJECT_CPFS_OPS}
project and${PROJECT_CPD_OPS}
project are set toAutomatic
. If any of the install plans are set toManual
, Operator Lifecycle Manager (OLM) will automatically update the install plans toManual
when you run thecpd-cli manage apply-olm
command.Leave the install plan as Manual
You can optionally leave the install plan for the IBM Cloud Pak foundational services operators and Cloud Pak for Data operators Manual
.Important: If you choose this option, you must watch the install plans and manually approve them during the upgrade to ensure that thecpd-cli manage apply-olm
commands complete successfully.Additionally, you must repeat this process each time that you upgrade the operators to a newer release.
Run the appropriate commands based on where your operators are installed:
- The IBM Cloud Pak foundational services operators and Cloud Pak for Data operators are installed in the same project (express installation)
-
- After you run the
cpd-cli manage apply-olm
command, open a new terminal window. - Run the following command to watch the project where the operators are
installed:
watch oc get installplan -n ${PROJECT_CPFS_OPS}
- Manually approve each install plan as it is created.
- After you run the
- The IBM Cloud Pak foundational services operators and Cloud Pak for Data operators are installed in different projects (specialized installation)
-
- After you run the
cpd-cli manage apply-olm
command, open two new terminal windows. - In the first terminal window, run the following command to watch the project where the IBM
Cloud Pak foundational services operators are
installed:
watch oc get installplan -n ${PROJECT_CPFS_OPS}
- In the second terminal window, run the following command to watch the project where the Cloud Pak for Data operators are
installed:
watch oc get installplan -n ${PROJECT_CPD_OPS}
- Manually approve each install plan as it is created by setting
spec.approved
totrue
.
- After you run the
- For the IBM
Cloud Pak foundational services
operators, see the Changing approval strategy from
- If the install plan approval is
-
If you have any of the following services on your cluster, check for expired or expiring SSL certificates:
Db2
Repeat the following steps for each Db2 database instance associated with this installation of Cloud Pak for Data:
- Get the name of each instance of Db2U that is associated with this installation of
Cloud Pak for Data:
oc get db2u -n=${PROJECT_CPD_INSTANCE}
- Set the
DB2U_NAME
environment variable to the name of the Db2 database instance to check:export
DB2U_NAME
=<db2oltp-id> - Run the following command to determine when the certificate
expires:
oc -n=${PROJECT_CPD_INSTANCE} exec -it c-${
DB2U_NAME
}-db2u-0 -- /bin/su - db2inst1 -c 'cd /mnt/blumeta0/db2/ssl_keystore;gsk8capicmd_64 -cert -details -db bludb_ssl.kdb -stashed -label CN=zen-ca-cert | grep "Not After"'The command returns output with the following format:
Not After : September 12, 2023 7:44:34 AM GMT+00:00
- If the date is in the past or in the near future, update the certificate by following the guidance in Updating the Db2 SSL certificate.
Db2 Big SQL
Repeat the following steps for each Db2 Big SQL service instance associated with this installation of Cloud Pak for Data:
- Run the following command to get the IDs of the Db2 Big
SQL service instances associated with this
installation of Cloud Pak for Data:
oc get -A cm \ -n=${PROJECT_CPD_INSTANCE} \ -l component=db2bigsql \ -o custom-columns="Instance Id:{.data.instance_id},Instance Name:{.data.instance_name},Created:{.metadata.creationTimestamp}"
- Set the
BIG_SQL_ID
environment variable to the name of the Db2 Big SQL service instance to check:export
BIG_SQL_ID
=<bigsql-id> - Get the name of the head pod for the Db2 Big
SQL service
instance:
HEAD_POD=$(oc get pod -n=${PROJECT_CPD_INSTANCE} -l app=bigsql-${
BIG_SQL_ID
},name=dashmpp-head-0 --no-headers=true -o=custom-columns=NAME:.metadata.name) - Run the following command to determine when the certificate
expires:
oc -n=${PROJECT_CPD_INSTANCE} exec -it ${HEAD_POD} -- /bin/su - db2inst1 -c 'cd /mnt/blumeta0/db2/ssl_keystore;gsk8capicmd_64 -cert -details -db bludb_ssl.kdb -stashed -label CN=zen-ca-cert | grep "Not After"'
The command returns output with the following format:
Not After : September 12, 2023 7:44:34 AM GMT+00:00
- If the date is in the past or in the near future, update the certificate by following the guidance in Refreshing the SSL certificate used by Db2 Big SQL.
Db2 Warehouse
Repeat the following steps for each Db2 Warehouse database instance associated with this installation of Cloud Pak for Data:
- Get the name of each instance of Db2U that is associated with this installation of
Cloud Pak for Data:
oc get db2u -n=${PROJECT_CPD_INSTANCE}
- Set the
DB2U_NAME
environment variable to the name of the Db2 Warehouse database instance to check:export
DB2U_NAME
=<db2wh-id> - Run the following command to determine when the certificate
expires:
oc -n=${PROJECT_CPD_INSTANCE} exec -it c-${
DB2U_NAME
}-db2u-0 -- /bin/su - db2inst1 -c 'cd /mnt/blumeta0/db2/ssl_keystore;gsk8capicmd_64 -cert -details -db bludb_ssl.kdb -stashed -label CN=zen-ca-cert | grep "Not After"'The command returns output with the following format:
Not After : September 12, 2023 7:44:34 AM GMT+00:00
- If the date is in the past or in the near future, update the certificate by following the guidance in Updating the Db2 Warehouse SSL certificate.
Watson Knowledge Catalog
- Run the following command to determine when the certificate expires:
- For the full version of Watson Knowledge
Catalog, run
the following commands:
-
oc -n=${PROJECT_CPD_INSTANCE} exec c-db2oltp-wkc-db2u-0 -- ksh -lc "cd /mnt/blumeta0/db2/ssl_keystore; gsk8capicmd_64 -cert -details -db bludb_ssl.kdb -stashed -label CN=zen-ca-cert" 2>&1
-
oc -n=${PROJECT_CPD_INSTANCE} exec c-db2oltp-iis-db2u-0 -- ksh -lc "cd /mnt/blumeta0/db2/ssl_keystore; gsk8capicmd_64 -cert -details -db bludb_ssl.kdb -stashed -label CN=zen-ca-cert" 2>&1
-
- For the core version of Watson Knowledge
Catalog, run
the following
command:
oc -n=${PROJECT_CPD_INSTANCE} exec c-db2oltp-wkc-db2u-0 -- ksh -lc "cd /mnt/blumeta0/db2/ssl_keystore; gsk8capicmd_64 -cert -details -db bludb_ssl.kdb -stashed -label CN=zen-ca-cert" 2>&1
- For the full version of Watson Knowledge
Catalog, run
the following commands:
- If the date is in the past or in the near future, update the certificate by following the guidance in Renewing the Db2 SSL certificate.
Watson Query (previously Data Virtualization)
- Run the following command to determine when the certificate
expires:
oc -n=${PROJECT_CPD_INSTANCE} exec -it c-db2u-dv-db2u-0 -- /bin/su - db2inst1 -c 'cd /mnt/blumeta0/db2/ssl_keystore;gsk8capicmd_64 -cert -details -db bludb_ssl.kdb -stashed -label CN=zen-ca-cert | grep "Not After"'
The command returns output with the following format:
Not After : September 12, 2023 7:44:34 AM GMT+00:00
- If the date is in the past or in the near future, update the certificate by following the guidance in Refreshing the SSL certificate used by Data Virtualization.
- Get the name of each instance of Db2U that is associated with this installation of
Cloud Pak for Data:
- If you have any of the following services on your cluster, complete the required prerequisite steps:
For upgrades to 4.6.3 or 4.6.4 only: You must make a backup of your data.
For more information, see the appropriate topic for the service in the product documentation: - Check whether any of the entries in the Cloud Pak for Data database include an apostrophe
('):
- Open a remote shell in the
zen-metastoredb-0
pod and copy the certificate that's required to connect to the database:oc exec -it zen-metastoredb-0 \ --namespace=${PROJECT_CPD_INSTANCE} \ -- bash \ -c "cp -r /certs/ /tmp/;cd /tmp/ && chmod -R 0700 certs/;cd /cockroach"
- Query the database for any apostrophes:
The query returns output with the following format:oc exec -it zen-metastoredb-0 \ --namespace=${PROJECT_CPD_INSTANCE} \ -- /cockroach/cockroach sql \ --certs-dir=/tmp/certs/ \ --host=zen-metastoredb-0.zen-metastoredb \ --database=zen \ --execute="SELECT uid, username, \"displayName\" FROM platform_users WHERE username LIKE '%'||chr(39)||'%' OR \"displayName\" LIKE '%'||chr(39)||'%';SELECT uid, vault_name, description FROM vaults where description LIKE '%'||chr(39)||'%' OR vault_name LIKE '%'||chr(39)||'%';SELECT group_id, description, name FROM user_groups where description LIKE '%'||chr(39)||'%' OR name LIKE '%'||chr(39)||'%';SELECT uid, secret_name, description FROM secrets where description LIKE '%'||chr(39)||'%' OR secret_name LIKE '%'||chr(39)||'%';SELECT id, display_name, description FROM connections where description LIKE '%'||chr(39)||'%' OR display_name LIKE '%'||chr(39)||'%';SELECT id, extension_name FROM custom_extensions where extension_name LIKE '%'||chr(39)||'%';"
uid | username | displayName ------+----------+-------------- (N rows) uid | vault_name | description ------+------------+-------------- (N rows) group_id | description | name -----------+-------------+------- (N rows) uid | secret_name | description ------+-------------+-------------- (N rows) id | display_name | description -----+--------------+-------------- (N rows) id | extension_name -----+----------------- (N rows)
- If all the entries in the output return
(0 rows)
, proceed with the upgrade. - If any entries in the output include a value other than
(0 rows)
, contact IBM Software Support
- If all the entries in the output return
- Open a remote shell in the
- Best practice Backup your Cloud Pak for Data installation before you upgrade.
In the event of an unrecoverable failure, you can use the backup to recover your existing installation. For details, see Backing up and restoring Cloud Pak for Data.
1. Updating the cpd-cli
and the olm-utils
image
on client workstations
Before you upgrade IBM Cloud Pak for Data, you must
download the latest version of the cpd-cli
and ensure that the
cpd-cli
manage
plug-in is using the latest image.
What to do |
---|
|
2. Collecting required information
Before you upgrade from Version 4.5, confirm which components are installed on your cluster. In addition, determine whether you want to install any additional services on your cluster.
What to do |
---|
3. Updating your environment variables script
Before you upgrade from Version 4.5, ensure that your environment variables script includes information about the version of Cloud Pak for Data that you want to upgrade to.
What to do |
---|
4. Preparing your cluster
Before you upgrade Cloud Pak for Data, you must prepare your cluster.
- a. Do you plan to upgrade any services that require custom SCCs?
-
Services that require custom SCCs
If you had any of the following services installed on IBM Cloud Pak for Data Version 4.5, you can use the SCCs that you created as part of your Version 4.5 installation or upgrade:- Db2
- Db2 Big SQL
- Db2 Warehouse
- OpenPages®
- Watson Knowledge Catalog
- Watson Query
If you have any of the following services on IBM Cloud Pak for Data Version 4.5, you might need to create custom SCCs before you upgrade to Version 4.6:- Informix®
Informix Version 4.6.0 or later requires a custom security context constraint. (Informix Version 4.6.0 was released in IBM Cloud Pak for Data Version 4.5.2)
For details, see: Creating the custom security context constraint for Informix (Upgrading from Version 4.5 to Version 4.6)
Options What to do You plan to upgrade one or more of these services - Create the appropriate SCCs for your environment. For details, see Creating custom security context constraints for services (Upgrading from Version 4.5 to Version 4.6).
- Go to b. Do you need to mirror the updated software images to a private container registry?
You don't plan to upgrade any of these services - b. Do you need to mirror the updated software images to a private container registry?
-
If you pull images from a private container registry, you must mirror the updated images to the private container registry before you upgrade your environment.
Options What to do You are pulling images from the IBM® Entitled Registry You are pulling images from a private container registry
5. Upgrading the Cloud Pak for Data platform and services
After you prepare your cluster, you can upgrade the Cloud Pak for Data platform and services.
What to do |
---|
|
6. Completing post-upgrade tasks
After you upgrade Cloud Pak for Data, determine whether there are any additional tasks that you should complete to configure your Cloud Pak for Data cluster.
What to do |
---|
Complete the appropriate tasks for your environment in Setting up services after install or upgrade. |
7. Upgrading services
Options | What to do |
---|---|
You upgraded the services when you upgraded the platform | Your environment is ready to use. |
You didn't upgrade the services when you upgraded the platform | Instructions for upgrading IBM services are available in Services. |