Creating secrets for services that use Multicloud Object Gateway (Upgrading from Version 4.6 to Version 4.7)

If the instance of IBM Cloud Pak® for Data that you are upgrading to Version 4.7 includes services with a dependency on Multicloud Object Gateway, you must create the secrets that the services use to communicate with Multicloud Object Gateway.

Upgrade phase
You are not here. Updating your client workstation
You are not here. Updating your cluster
You are not here. Collecting required information
You are not here. Preparing to run an upgrade from a private container registry
You are not here. Migrating to the private topology
You are here icon. Preparing to upgrade an instance of Cloud Pak for Data
You are not here. Upgrading an instance of Cloud Pak for Data
Who needs to complete this task?

Cluster administrator A cluster administrator must complete this task.

When do you need to complete this task?

Complete this task only if one or more of the following services are installed on the instance of Cloud Pak for Data that you are upgrading:

  • Watson™ Assistant
  • Watson Discovery
  • Watson Knowledge Studio
  • Watson Speech services

Repeat as needed If you have multiple instances of Cloud Pak for Data on the cluster, repeat this task for each instance that you plan to upgrade to Version 4.7.

Before you begin

Best practice: You can run many of the commands in this task exactly as written if you set up environment variables for your installation. Ensure that you added the new environment variables from Updating your environment variables script.

In addition, ensure that you source the environment variables before you run the commands in this task.

About this task

Use the setup-mcg command to create secrets for one or more of the following services:

  • Watson Assistant
  • Watson Discovery
  • Watson Knowledge Studio
  • Watson Speech services

The secrets enable the services to access the following secrets in the openshift-storage project:

  • The secret that contains the NooBaa account credentials.
  • The secret that contains the NooBaa account certificate.

Procedure

  1. Run the cpd-cli manage login-to-ocp command to log in to the cluster as a user with sufficient permissions to complete this task. For example:
    cpd-cli manage login-to-ocp \
    --username=${OCP_USERNAME} \
    --password=${OCP_PASSWORD} \
    --server=${OCP_URL}
    Tip: The login-to-ocp command takes the same input as the oc login command. Run oc login --help for details.
  2. Get the names of the secrets that contain the NooBaa account credentials and certificate:
    oc get secrets --namespace=openshift-storage
  3. Set the following environment variables based on the names of the secrets on your cluster.

    If you created multiple backing stores or multiple NooBaa accounts, ensure that you specify the appropriate credentials. If you are using a different backing store or different accounts for each service, repeat this step before creating the secrets for each service to specify the correct credentials for the service.

    1. Set NOOBAA_ACCOUNT_CREDENTIALS_SECRET to the name of the secret that contains the NooBaa account credentials. The default name is noobaa-admin.
      export NOOBAA_ACCOUNT_CREDENTIALS_SECRET=<secret-name>
    2. Set NOOBAA_ACCOUNT_CERTIFICATE_SECRET to the name of the secret that contains the NooBaa account certificate. The default name is noobaa-s3-serving-cert.
      export NOOBAA_ACCOUNT_CERTIFICATE_SECRET=<secret-name>
  4. If Watson Assistant is installed in the instance, create the secrets that Watson Assistant uses to connect to Multicloud Object Gateway:
    1. Run the setup-mcg command to create the secrets:
      cpd-cli manage setup-mcg \
      --components=watson_assistant \
      --cpd_instance_ns=${PROJECT_CPD_INST_OPERANDS} \
      --noobaa_account_secret=${NOOBAA_ACCOUNT_CREDENTIALS_SECRET} \
      --noobaa_cert_secret=${NOOBAA_ACCOUNT_CERTIFICATE_SECRET}

      Wait for the cpd-cli to return the following message before proceeding to the next step:

      [SUCCESS] ... setup-mcg completed successfully.
    2. Confirm that the secrets were created in the operands project for the instance:
      oc get secrets --namespace=${PROJECT_CPD_INST_OPERANDS} \
      noobaa-account-watson-assistant \
      noobaa-cert-watson-assistant \
      noobaa-uri-watson-assistant

      If the command returns Error from server (NotFound), re-run the setup-mcg command in the preceding step.

  5. If Watson Discovery is installed in the instance, create the secrets that Watson Discovery uses to connect to Multicloud Object Gateway:
    1. Run the setup-mcg command to create the secrets:
      cpd-cli manage setup-mcg \
      --components=watson_discovery \
      --cpd_instance_ns=${PROJECT_CPD_INST_OPERANDS} \
      --noobaa_account_secret=${NOOBAA_ACCOUNT_CREDENTIALS_SECRET} \
      --noobaa_cert_secret=${NOOBAA_ACCOUNT_CERTIFICATE_SECRET}

      Wait for the cpd-cli to return the following message before proceeding to the next step:

      [SUCCESS] ... setup-mcg completed successfully.
    2. Confirm that the secrets were created in the operands project for the instance:
      oc get secrets --namespace=${PROJECT_CPD_INST_OPERANDS} \
      noobaa-account-watson-discovery
      

      If the command returns Error from server (NotFound), re-run the setup-mcg command in the preceding step.

  6. If Watson Knowledge Studio is installed in the instance, create the secrets that Watson Knowledge Studio uses to connect to Multicloud Object Gateway:
    1. Run the setup-mcg command to create the secrets:
      cpd-cli manage setup-mcg \
      --components=watson_ks \
      --cpd_instance_ns=${PROJECT_CPD_INST_OPERANDS} \
      --noobaa_account_secret=${NOOBAA_ACCOUNT_CREDENTIALS_SECRET} \
      --noobaa_cert_secret=${NOOBAA_ACCOUNT_CERTIFICATE_SECRET}

      Wait for the cpd-cli to return the following message before proceeding to the next step:

      [SUCCESS] ... setup-mcg completed successfully.
    2. Confirm that the secrets were created in the operands project for the instance:
      oc get secrets --namespace=${PROJECT_CPD_INST_OPERANDS} \
      noobaa-account-watson-ks \
      noobaa-cert-watson-ks

      If the command returns Error from server (NotFound), re-run the setup-mcg command in the preceding step.

  7. If the Watson Speech services are installed in the instance, create the secrets that the Watson Speech services use to connect to Multicloud Object Gateway:
    1. Run the setup-mcg command to create the secrets:
      cpd-cli manage setup-mcg \
      --components=watson_speech \
      --cpd_instance_ns=${PROJECT_CPD_INST_OPERANDS} \
      --noobaa_account_secret=${NOOBAA_ACCOUNT_CREDENTIALS_SECRET} \
      --noobaa_cert_secret=${NOOBAA_ACCOUNT_CERTIFICATE_SECRET}

      Wait for the cpd-cli to return the following message before proceeding to the next step:

      [SUCCESS] ... setup-mcg completed successfully.
    2. Confirm that the secrets were created in the operands project for the instance:
      oc get secrets --namespace=${PROJECT_CPD_INST_OPERANDS} \
      noobaa-account-watson-speech

      If the command returns Error from server (NotFound), re-run the setup-mcg command in the preceding step.

What to do next

Now that you've created secrets for services that use Multicloud Object Gateway, you're ready to complete Upgrading an instance of IBM Cloud Pak for Data (Upgrading from Version 4.6 to Version 4.7).