IM operand pods issue during MongoDB to PostgreSQL migration
The Identity Management (IM) operand pods such as platform-auth-service
, platform-identity-management
, and platform-identity-provider
are not created during data migration.
Symptoms
IM operand pods (platform-auth-service
, platform-identity-management
, and platform-identity-provider
) are not created when the IM operator pod is in running status. To check the status of the IM operator pods,
run the following command:
$ oc get authentication.operator.ibm.com example-authentication -oyaml -n <your-foundational-services-namespace>| yq '.metadata.annotations'
authentication.operator.ibm.com/db-schema-version: 1.0.0
authentication.operator.ibm.com/migration-complete: "true"
authentication.operator.ibm.com/retain-migration-artifacts: "true"
Replace <your-foundational-services-namespace>
with the namespace where you deployed the foundational services.
Diagonising the problem
To diagonise the IM operand pods issue, complete the following steps:
-
Ensure that
common-service-postgresql
is included in theibm-iam-request
OperandRequest. Ifcommon-service-postgresql
is not included in theibm-iam-request
OperandRequest, the issue is in postgresql request from IM operator.oc get operandrequest ibm-iam-request -oyaml |yq '.spec.requests[].operands' - name: ibm-idp-config-ui-operator - bindings: protected-im-db: configmap: im-datastore-edb-cm secret: im-datastore-edb-secret name: common-service-postgresql
-
Ensure that the cluster custom resource is created. If the custom resource is not created, check
operand-deployment-lifecycle-manager
pod logs.$ oc get cluster
NAME AGE INSTANCES READY STATUS PRIMARY common-service-db 23h 1 1 Cluster in healthy state common-service-db-1
-
Ensure that the
common-service-db
pods are running. If the pods are not running, check for theStorageClass
related issues.$ oc get pods |grep common-service-db
common-service-db-1 1/1 Running 0 23h
-
Ensure that the
im-datastore-edb-cm
configmap andim-datastore-edb-secret
Secret are created.oc get cm -n <your-foundational-services-namespace> | grep im-datastore-edb-cm oc get secret -n <your-foundational-services-namespace> | grep im-datastore-edb-secret
Replace
<your-foundational-services-namespace>
with the namespace where you deployed the foundational services. -
Ensure that the MongoDB to PostgreSQL database migration is completed successfully.
$ oc get authentication.operator.ibm.com example-authentication -oyaml | yq '.metadata.annotations' authentication.operator.ibm.com/db-schema-version: 1.0.0 authentication.operator.ibm.com/migration-complete: "true" authentication.operator.ibm.com/retain-migration-artifacts: "true"
If
authentication.operator.ibm.com/migration-complete
is set to"true"
, the database migration is successful. Ifauthentication.operator.ibm.com/migration-complete
is set to"false"
, see MongoDB to PosgreSQL database migration fails because of the data issues in MongoDB.Note: For the Isolated migration of the cluster with two or more Cloud Paks in the same namespace, the MongoDB data is migrated successfully when you upgrade the first Cloud Pak. To migrate the MongoDB data from other Cloud Paks, run the following command:
#!/bin/bash DB_POD="icp-mongodb-0" # Execute MongoDB rollback commands echo 'use samlDB db.saml.updateMany({}, {$unset:{migrated: null}}) use platform-db db.cloudpak_ibmid_v3.updateMany({}, {$unset:{migrated: null}}) db.cloudpak_ibmid_v2.updateMany({}, {$unset:{migrated: null}}) db.Directory.updateMany({}, {$unset:{migrated: null}}) db.Users.updateMany({}, {$unset:{migrated: null}}) db.UserPreferences.updateMany({}, {$unset:{migrated: null}}) db.ZenInstance.updateMany({}, {$unset:{migrated: null}}) db.ZenInstanceUsers.updateMany({}, {$unset:{migrated: null}}) db.ScimAttributes.updateMany({}, {$unset:{migrated: null}}) db.ScimAttributeMapping.updateMany({}, {$unset:{migrated: null}}) db.Groups.updateMany({}, {$unset:{migrated: null}}) db.ScimServerUsers.updateMany({}, {$unset:{migrated: null}}) db.ScimServerGroups.updateMany({}, {$unset:{migrated: null}}) use OAuthDBSchema db.OauthClient.updateMany({}, {$unset:{migrated: null}})' | oc exec -ti $DB_POD -- bash -ec 'mongo --host rs0/mongodb:27017 --username $ADMIN_USER --password $ADMIN_PASSWORD --authenticationDatabase admin --ssl --sslCAFile /data/configdb/tls.crt --sslPEMKeyFile /work-dir/mongo.pem'