Installing the patch for version 5.0.3

After installing or upgrading IBM Knowledge Catalog to version 5.0.3, you must install this patch as a hotfix.

Before you begin

This patch addresses the following known issues:
  • On an environment with many catalogs, an error may occur when the user opens a catalog: "The search query failed. There might be a syntax error..."(DT397430)
  • When adding a platform connection to Data Virtualization, the UI does not proceed after prompting for personal credentials (DT397461)
  • Global search may not return all relevant and expected results (DT397463)
  • Catalog UI known issues in 5.0.3 (DT397333)

About this task

Important: Installing the patch is only meant for users upgrading to version 5.0.3, or newly installing version 5.0.3.

A project administrator must install this patch to fix these issues in 5.0.3.

Follow the set of instructions based on your install or upgrade setup:
  • Step 1 and the sub-steps go through how to download and copy the images to a local private registry for an air-gapped environment.
  • Step 2 and the sub-steps go through applying the patch using the online IBM entitled registry, or to apply the patch using the images downloaded to the local private registry from step 1.

Procedure

  1. To apply the patch in an air-gapped environment, proceed with the following steps.
    1. Log in to the OpenShift® Console as the cluster admin.
    2. Prepare the authentication credentials to access the IBM production repository. Use the same auth.json file used for CASE downloads and image mirroring. An example directory path:
      ${HOME}/.airgap/auth.json
      Or create an auth.json file that contains credentials to access cp.icr.io and your local private registry. For example:
      {
"auths": {
      "cp.icr.io":{"email":"unused","auth":"<base64 encoded id:apikey>"},
      "<private registry hostname>":{"email":"unused","auth":"<base64 encoded id:password>"}
   }
}
      For more information about the auth.json file, see containers-auth.json - syntax for the registry authentication file.
    3. Install skopeo by running:
      yum install skopeo
    4. To confirm the path for the local private registry to copy the patch image, run the following command:
      oc describe pod <hotfix image pod> | grep -i "image:"
      The <hotfix image pod> variable is the pod name for any of the images that will be patched.
      For example:
      oc describe pod portal-catalog-7855f7fd8f-lsvsj | grep Image:
Image: cp.icr.io/cp/cpd/portal-catalog@sha256:03c88c69b986f24d39e4556731c0d171169d2bd91b0fb22f6367fd51c9020e64
    5. To get the local private registry source details, run the following commands:
      oc get imageContentSourcePolicy
oc describe imageContentSourcePolicy [cloud-pak-for-data-mirror]
      The local private registry mirror repository and path details should be in the output of the describe command:
      - mirrors:
 - ${PRIVATE_REGISTRY_LOCATION}/cp/
 source: cp.icr.io/cp/cpd
      For more information about mirroring of images, see Configuring your cluster to pull Cloud Pak for Data images.
    6. Use the skopeo command to copy the patch images from the IBM production registry to the local private registry. Using the appropriate auth.json file, copy the patch images from the IBM production registry to the OpenShift cluster registry:
      skopeo copy --all --authfile "<folder path>/auth.json" \
    --dest-tls-verify=false --src-tls-verify=false \
    docker://cp.icr.io/cp/cpd/catalog_master@sha256:2463947f5adb4a40ec41fa2aae537ce0e8842038f5e4df365a7c6e9b63d4283a \
    docker://<local private registry>/cp/cpd/catalog_master@sha256:2463947f5adb4a40ec41fa2aae537ce0e8842038f5e4df365a7c6e9b63d4283a

skopeo copy --all --authfile "<folder path>/auth.json" \
    --dest-tls-verify=false --src-tls-verify=false \
    docker://cp.icr.io/cp/cpd/catalog-api-aux_master@sha256:472cfe8a0455a6aec60e11f56f84f265a27f02a4348c82565c48225197843a9e \
    docker://<local private registry>/cp/cpd/catalog-api-aux_master@sha256:472cfe8a0455a6aec60e11f56f84f265a27f02a4348c82565c48225197843a9e

skopeo copy --all --authfile "<folder path>/auth.json" \
    --dest-tls-verify=false --src-tls-verify=false \
    docker://cp.icr.io/cp/cpd/portal-catalog@sha256:308ed0a6c2d92014359a1b14ab11ce096fee99392e6cc709bf701e87d7644a6d \
    docker://<local private registry>/cp/cpd/portal-catalog@sha256:308ed0a6c2d92014359a1b14ab11ce096fee99392e6cc709bf701e87d7644a6d

skopeo copy --all --authfile "<folder path>/auth.json" \
    --dest-tls-verify=false --src-tls-verify=false \
    docker://cp.icr.io/cpopen/ibm-cpd-ccs-operator@sha256:bae5282f83e5b2cc8da066df988172ed2fb9501140e972fc8498cb3c1c41ef2d \
    docker://<local private registry>/cpopen/ibm-cpd-ccs-operator@sha256:bae5282f83e5b2cc8da066df988172ed2fb9501140e972fc8498cb3c1c41ef2d
  2. To install the patch using the online IBM entitled registry, or to apply the hotfix using the images downloaded to the local private registry from step 1, proceed with the following commands.
    Note: In the following commands, ${PROJECT_CPD_INST_OPERANDS} refers to the project name where IBM Knowledge Catalog is installed.
    1. Before applying the patch command, take note and copy the existing sha256 digest value for the ibm-cpd-ccs-operator image, this will be useful in the event that you want to revert the patch.
      Run the following command to find the ibm-cpd-ccs-operator image:
      oc describe pod <ibm-cpd-ccs-operator pod> -n ${PROJECT_CPD_INST_OPERATORS} | grep "Image:"
    2. Run the following command to patch the common core services (ccs) operator CSV:
      oc patch csv -n ${PROJECT_CPD_INST_OPERATORS} ibm-cpd-ccs.v9.3.0 --type='json' -p='[{"op": "replace", "path": "/spec/install/spec/deployments/0/spec/template/spec/containers/0/image", "value":"icr.io/cpopen/ibm-cpd-ccs-operator@sha256:bae5282f83e5b2cc8da066df988172ed2fb9501140e972fc8498cb3c1c41ef2d"}]'
      Note: The ccs operator image update already contains the digest details for the catalog_master, catalog-api-aux_master, and portal-catalog images included in this patch.
    3. Wait for the ccs operator to complete the reconciliation. Run the following command to monitor the reconciliation status:
      oc get ccs ccs-cr -n ${PROJECT_CPD_INST_OPERANDS}
      After a period of time, the catalog-api and portal-catalog pods in ${PROJECT_CPD_INST_OPERANDS} will be up and running with the updated image.

Reverting the patch changes

Important: Make sure to revert the image overrides before you install or upgrade to a newer refresh or to a new major release of IBM Cloud Pak for Data.
To revert the image override, proceed with the following steps.
Note: ${PROJECT_CPD_INST_OPERANDS} refers to the project name where IBM Knowledge Catalog is installed.
  1. Using the sha256 digest value for the ibm-cpd-ccs-operator image saved before applying the hotfix, run the following patch command to revert the CCS operator image:
    oc patch csv -n ${PROJECT_CPD_INST_OPERATORS} ibm-cpd-ccs.v9.3.0 --type='json' -p='[{"op":"replace", "path":"/spec/install/spec/deployments/0/spec/template/spec/containers/0/image","value":"icr.io/cpopen/ibm-cpd-ccs-operator@sha256:<original sha256 value>"}]'
    Note: The sha256 value for the IBM Cloud Pak for Data version 5.0.3 version is 001c475ad6f704edbb48d05bbedae1d8c9e15e91dadd5dc2c29ac951e23e493c.
  2. Wait for the CCS operator to complete reconciliation. Run the following command to monitor the reconciliation status:
    oc get ccs ccs-cr -n ${PROJECT_CPD_INST_OPERANDS}
    After a period of time, the catalog-api and portal-catalog pods in ${PROJECT_CPD_INST_OPERANDS} will be up and running with the original image.