Upgrading Cloud Pak for Security

If you have IBM Cloud Pak® for Security 1.7.2 installed, you can upgrade to 1.8.1.

About this task

If you already upgraded from IBM Cloud Pak for Security 1.7.2 to IBM Cloud Pak for Security 1.8, any patch updates to 1.8 are automatically applied, unless you have disabled automatic updates. If you want to automatically apply the updates, configure the approval strategy, described in Approval strategy.

Procedure

  1. Complete a backup procedure before beginning the upgrade.
    For more information see Backup and restore.
  2. Check that you have all the details that are required for installation.
    For more information see Completing preinstallation tasks.
  3. Check that you have the required hardware requirements.
    For more information see Hardware requirements.
  4. Check that you have the required storage requirements.
    For more information see Storage requirements.
  5. Gather the following information from your 1.7.2 installation.
    Important: When you fill in the parameters during any of the installation procedures listed in step 6, use the same value you had in IBM Cloud Pak for Security 1.7.2 for the following parameters.
    1. Provide the namespace where IBM Cloud Pak for Security 1.7.2 is installed.
    2. Retrieve the admin user ID set during the IBM Cloud Pak for Security 1.7.2 installation. Verify the value by typing the following command.
      oc get deploy isc-entitlements -o yaml -n <CP4S_NAMESPACE> | grep "name: ADMIN_USER_ID" -A1
      
    3. Retrieve the current domain being used by IBM Cloud Pak for Security by typing the following command.
      oc get route isc-route-default -o jsonpath='{.spec.host}' -n <CP4S_NAMESPACE>
      
    4. Set the storage class to the same storage class that is used in IBM Cloud Pak for Security 1.7.2, which is typically the default storage class. Verify the default storage class in the cluster by typing the following command.
      oc get sc
      
    5. If you are using an IBM Cloud® cluster, set this to the same value you used in the cp4sOpenshiftAuthentication parameter when you installed IBM Cloud Pak for Security 1.7.2. Verify the value that you used by typing the following command.
      oc get cm platform-auth-idp -n ibm-common-services -o jsonpath='{.data.ROKS_ENABLED}'
      
  6. Upgrade IBM Cloud Pak for Security 1.7.2 to 1.8.1 by following any of the installation procedures.

What to do next

  1. Verify that the Postgres Persistent Volume Claims (PVCs) have been automatically expanded to meet the 1 TB storage requirement for IBM Cloud Pak for Security 1.8.1 by typing the following command.
    oc get pvc -l stolon-cluster=default-postgres -n <cp4s_namespace>
    
    The following example output shows that the capacity of each PVC 1Ti.
    NAME                                              STATUS   VOLUME                                     CAPACITY   ACCESS MODES   STORAGECLASS      AGE
    default-postgres-data-default-postgres-keeper-0   Bound    pvc-aed7f106-5aa3-4308-8b65-86993dcf262f   1Ti        RWO            ibmc-block-gold   5h53m
    default-postgres-data-default-postgres-keeper-1   Bound    pvc-8c496dcb-581e-44fc-97d0-a4b96b0c7f44   1Ti        RWO            ibmc-block-gold   5h53m
    
    If the capacity shown is not 1Ti, follow the procedure in Resizing the default Postgres PVCs.