Resizing the SOAR Postgres PVC

Resize the Persistent Volume Claim (PVC) that you use for SOAR by moving the PVC data to a temporary PVC and then back again to the resized one.

Before you begin

  1. Install Red Hat® OpenShift® CLI 4.16 or 4.18.
  2. Back up your QRadar® Suite Software data before you follow this procedure. For more information about backups, see Backing up QRadar Suite Software.
  3. Gather the following information.
    • The namespace in which QRadar Suite Software is installed.
    • The storageClass used for the QRadar Suite Software deployment.
    • The new size of the PVC to create. The new size must be larger than the current PVC size.
    • The repository URL, if your QRadar Suite Software deployment is in an air-gapped environment.
  4. This procedure is for deployments where the storage class used does not support volume expansion, such as VMware thin storage. Check whether your storage class supports volume expansion by typing the following command:
    oc describe sc <storage_class> | grep AllowVolumeExpansion

    If the value is set to True, follow the Modifying QRadar Suite Software deployment resource specifications procedure to resize the PVC.

    If the value is set to False, follow this procedure to resize the PVC.

Procedure

  1. Log in to your Red Hat OpenShift Container Platform cluster as a cluster administrator by typing one of the following commands, where <openshift_url> is the URL for your Red Hat OpenShift Container Platform environment.
    • Using a username and password.
      oc login <openshift_url> -u <cluster_admin_user> -p <cluster_admin_password>
    • Using a token.
      oc login --token=<token> --server=<openshift_url>
  2. Switch to your QRadar Suite Software namespace by typing the following command. 
    oc project <cp4s_namespace>

    For example, if your QRadar Suite Software namespace is cp4sexample, type the following command.

    oc project cp4sexample

    The following example output shows that you switched to the cp4sexample namespace.

    Now using project "cp4sexample" on server "https://example.com:6443".
  3. Clone the cp4s-configuration repository in your working directory.
    1. If you don't already have one, create a working directory by typing the following command. 
      mkdir <working_directory>
    2. Go to your working directory by typing the following command. 
      cd <working_directory>
    3. Clone the cp4s-configuration repository by typing the following command. 
      git clone https://github.com/cp4sec/cp4s-configuration.git
    4. Go to the resize-pvc/soar-postgres directory by typing the following command. 
      cd cp4s-configuration/resize-pvc/soar-postgres
  4. Create temporary PVCs.
    1. Edit temp-pvcs.yaml to set the namespace and storageClassName parameters that are required for your deployment.
    2. Create temporary PVCs by typing the following command. 
      oc apply -f temp-pvcs.yaml
      The expected output of this command is: 
      persistentvolumeclaim/temp-pvc-keeper-0 created
persistentvolumeclaim/temp-pvc-keeper-1 created
  5. Scale down applications that use the Postgres instance by typing the following command. 
    oc scale --replicas=0 deployment/isc-cases-activemq deployment/isc-cases-application deployment/isc-cases-email deployment/isc-cases-event-handler
  6. Scale down the Postgres instance by typing the following commands. 
    oc scale --replicas=0 deployment/soar-postgres-proxy deployment/soar-postgres-sentinel
    oc scale --replicas=0 statefulset/soar-postgres-keeper
  7. Move the PVC data within a temporary pod.
    1. If your QRadar Suite Software deployment is in an air-gapped environment, update the image parameter in busybox-swap-pvc-0.yaml.
    2. Start the busybox pods by typing the following command. 
      oc apply -f busybox-swap-pvc-0.yaml -f busybox-swap-pvc-1.yaml
    3. Confirm that the pods are in the Running state by typing the following command. 
      oc get pods | grep busybox-swap-pvc
      The expected output of this command is 
      busybox-swap-pvc-0    1/1     Running            0          14s
busybox-swap-pvc-1    1/1     Running            0          18s
    4. Copy the content from the busybox pods into the temporary PVCs by typing the following commands. 
      oc exec busybox-swap-pvc-0 -- /bin/sh -c "cp -rp data-source/* data-destination" 
      oc exec busybox-swap-pvc-1 -- /bin/sh -c "cp -rp data-source/* data-destination"
    5. Delete the busybox pod by typing the following command. 
      oc delete pod busybox-swap-pvc-0 busybox-swap-pvc-1
  8. Delete the original PVCs by typing the following command. 
    oc delete pvc soar-postgres-data-soar-postgres-keeper-0 soar-postgres-data-soar-postgres-keeper-1
    The expected output of this command is: 
    persistentvolumeclaim "soar-postgres-data-soar-postgres-keeper-0" deleted
persistentvolumeclaim "soar-postgres-data-soar-postgres-keeper-1" deleted
  9. Create new PVCs with the required size.
    1. Edit new-pvcs.yaml to set the namespace and storageClassName parameters that are required for your deployment.
    2. Create temporary PVCs by typing the following command. 
      oc apply -f new-pvcs.yaml
      The expected output of this command is: 
      persistentvolumeclaim/soar-postgres-data-soar-postgres-keeper-0 created
persistentvolumeclaim/soar-postgres-data-soar-postgres-keeper-1 created
  10. Copy the PVC data from the temporary PVCs to the new PVCs.
    1. If your QRadar Suite Software deployment is in an air-gapped environment, update the image parameter in busybox-swap-pvc-0.yaml.
    2. Start the busybox pod by typing the following command. 
      oc apply -f busybox-swap-pvc-0.yaml -f busybox-swap-pvc-1.yaml
    3. Confirm that the pods are in the Running state by typing the following command. 
      oc get pods | grep busybox-swap-pvc
      The expected output of this command is 
      busybox-swap-pvc-0    1/1     Running            0          14s
busybox-swap-pvc-1    1/1     Running            0          18s
    4. Copy the content from the busybox pods into the new PVCs by typing the following command. 
      oc exec busybox-swap-pvc-0 -- /bin/sh -c "cp -rp data-destination/* data-source" 
      oc exec busybox-swap-pvc-1 -- /bin/sh -c "cp -rp data-destination/* data-source"
    5. Delete the busybox pod by typing the following command. 
      oc delete pod busybox-swap-pvc-0 busybox-swap-pvc-1
  11. Scale up the Postgres instance by typing the following commands. 
    oc scale --replicas=2 deployment/soar-postgres-proxy
    oc scale --replicas=3 deployment/soar-postgres-sentinel
    oc scale --replicas=2 statefulset/soar-postgres-keeper
  12. Scale up the applications that use the Postgres instance by typing the following command. 
    oc scale --replicas=1 deployment/isc-cases-activemq deployment/isc-cases-application deployment/isc-cases-email deployment/isc-cases-event-handler
  13. Validate the QRadar Suite Software application, then delete the temporary PVC by typing the following command. 
    oc delete pvc temp-pvc-keeper-0 temp-pvc-keeper-1