Applying updates to support actions

The Red Hat OpenShift CLI client helps you develop, build, deploy and run your applications on any Red Hat OpenShift or Kubernetes cluster. It also includes the administrative commands for managing a cluster under the adm subcommand.

1. Download Red Hat OpenShift CLI 4.18 or 4.20 from https://mirror.openshift.com/pub/openshift-v4/x86_64/clients/ocp/stable-4.18/ or https://mirror.openshift.com/pub/openshift-v4/x86_64/clients/ocp/stable-4.20/ . The file to download is called openshift-client-<platform>-<version>.tar.gz.
2. Extract the binary file that you downloaded by typing the following command, where <oc_cli_archive_file> is the name of the archive file that you downloaded.

   tar -xf <oc_cli_archive_file>

3. Modify the permissions of the binary file by typing the following command, where <oc_cli_binary> is the name of the Red Hat OpenShift binary that you extracted from the archive.
4. Move the binary file to the /usr/local/bin directory by typing the following command.

   mv <oc_cli_binary> /usr/local/bin/oc

   Tip: If this command returns a No such file or directory or Not a directory error message, create the /usr/local/bin directory by typing the following command.

   sudo mkdir /usr/local/bin

5. Make sure that the Red Hat OpenShift CLI client is working by typing the following command.

   oc version

   Tip: MacOS users might see a message that this tool cannot be opened because it is from an unidentified developer. Close this message and go to System Preferences > Security & Privacy. On the General tab, click Open Anyway or Allow Anyway. Repeat the oc version command.

Apply the latest support action changes in an online environment.

1. Log in to your Red Hat OpenShift Container Platform cluster by typing either of the following commands, where <openshift_url> is the URL for your Red Hat OpenShift Container Platform environment.
   • Using a username and password.

     oc login <openshift_url> -u <username> -p <password>

   • Using a token.

     oc login --token=<token> --server=<openshift_url>

2. Enter the following command to switch to your QRadar Suite Software namespace:

   oc project <cp4s_namespace>

3. Save the current imagePullPolicy policy as a variable:

   export IMAGE_PULL_POLICY=$(oc get deployment cp-serviceability -o jsonpath='{.spec.template.spec.containers[0].imagePullPolicy}')

4. Update the imagePullPolicy to Always, as follows:

   oc patch deployment cp-serviceability  --type='json'  -p='[{"op": "replace", "path": 
   "/spec/template/spec/containers/0/imagePullPolicy", "value": "Always"}]'

5. Wait for the new pod creation. When the serviceability pod is ready, proceed to the next step. The following sample output shows that the serviceability pod is ready:

   NAME             READY   STATUS    RESTARTS   AGE
   cp-serviceability   1/1     Running   0          78s

6. Revert the imagePullPolicy changes, as follows:

   oc patch deployment cp-serviceability --type='json' -p='[{"op": "replace", "path":
   "/spec/template/spec/containers/0/imagePullPolicy", "value": "'"${IMAGE_PULL_POLICY}"'"}]'

Apply the latest support action changes in an air-gapped environment.

1. Create the following environment variables with the installer image name and the image inventory on your mirroring device by typing the following command.

   export CASE_NAME=ibm-cp-security && export CASE_VERSION=1.1.11

2. Download the IBM Security QRadar Suite Software installer and image inventory to your mirroring device by typing the following command.

   oc ibm-pak get $CASE_NAME --version $CASE_VERSION --disable-top-level-images-mode

   The CASE is saved to the ~/.ibm-pak/data/cases/$CASE_NAME/$CASE_VERSION directory and the log file is saved to ~/.ibm-pak/logs/oc-ibm_pak.log.

   Tip: If you want to save the CASE to a directory other than your home directory, set the $IBMPAK_HOME environment variable by typing the following command.

   export IBMPAK_HOME=<working_directory>

   When you set the $IBMPAK_HOME environment variable, the CASE is saved to <working_directory>/.ibm-pak/data/cases/$CASE_NAME/$CASE_VERSION and the log is saved to <working_directory>/.ibm-pak/logs/oc-ibm_pak.log.

   Important: If you change where the CASE is saved to, you must use $IBMPAK_HOME/.ibm-pak in place of ~/.ibm-pak throughout this procedure.

   Tip: If you want the installation process to be repeatable across environments, you can reuse the same saved CASE instead of downloading the CASE files again in other environments. You don't need to update versions of dependencies into the saved cache.
3. To mirror images from icr.io into the local registry, mirror the support action pod image by using the case action mirrorICRImages.
   The command to run the mirrorICRImages action has the following parameters.

   Parameter	Description
   --registry	The local Podman registry endpoint, for example, <local_registry>:5000
   --icrImages	The image name and tag.
   --namespace	The namespace where QRadar Suite Software is installed.

   oc ibm-pak launch -t 1 ibm-cp-security --version 1.1.11 --inventory ibmSecurityOperatorSetup --namespace <cp4s_namespace> --action mirrorICRImages --args "--registry <local_registry>:5000 --icrImages cp-serviceability:latest"

...
info: Planning completed in 350ms
sha256:072cf26743bf9380a550af10b21c60be5d3a9cdb539d49b11b6416b7a017d284 ocp4-agp-bastion.ocpdev.stg.secops.ibmcloudsecurity.com:5000/ibm-cp-security/cp-serviceability:latest
info: Mirroring completed in 10ms (0B/s)
[✓] CASE launch script completed successfully
OK