Upgrade, Rollback, and Uninstall

After deploying IBM certified container software for Connect:Direct for UNIX, you can perform following actions:
  • Upgrade, when you wish to move to a new release
  • Rollback, when you wish to recover the previous release version in case of failure
  • Uninstall, when you wish to uninstall

Upgrade – Upgrading a Release

To upgrade the chart ensure that the pre-installation tasks requirements are in-place on the cluster (Kubernetes or OpenShift). Following things must be considered while following pre-installation tasks requirement for upgrade:
  1. Since, upgrade takes backup of configuration data on the Persistent Volume. Ensure that you have sufficient space available to accommodate the backup and running IBM Connect:Direct for UNIX data. A copy of backup is kept on Persistent Volume to enable rollback in case of upgrade failures.
    Example: The default minimum Persistent Volume size requirement for new deployment is 100Mi. We can just double it for upgrade ie. 200Mi.
  2. Re-run the PodSecurityPolicy/SecurityContextConstraints scripts to ensure that the any new changes are in-place in namespace/project on Kubernetes/OpenShift cluster respectively.
  3. Check the CD secrets are still valid and available on the cluster.
  4. Depending upon the accessibility of the public internet on the cluster. The upgrade procedure can be Online upgrade and Offline upgrade.

Upgrade Consideration

In IBM Certified Container Software for Connect:Direct for UNIX v1.3.2, an important update has been made to enhance clarity and relevance.

For System Username Change

The existing system user, previously named cduser, has been renamed to the more meaningful user named cdadmin. The role of this user remains the same, serving as the Connect:Direct Administrative user.
Important: It's important to note that there is no change to the appuser, and it will continue to exist with its current configuration within the container.

To acknowledge this change a new helm parameter has been introduced named upgradeCompCheck whose default value is false. By default, the older helm releases cannot upgrade to this version without setting this new parameter to true which means you have read this section of document and understood the changes which have been introduced as part of this release.

Since, after upgrade from previous versions of IBM Certified Container Software for Connect:Direct for UNIX cduser (older user) won't exist in the container. So, consider following things:
  1. User Record Update:
    During the upgrade, a user record for cdadmin will be created in the userfile.cfg. Existing cduser records will remain unmodified. Post a successful upgrade and testing, the Connect:Direct admin can delete the obsolete cduser records.
  2. Local ID Update:
    The Connect:Direct admin should manually update any user records where the local.id is set to cduser to reflect the new user, cdadmin.
  3. Script and Client Updates:
    Any scripts, Connect:Direct clients, or configurations using cduser for file transfers should be modified to use the new user, cdadmin.

Network Policy Updates:

To update network polices, refer to https://kubernetes.io/docs/concepts/services-networking/network-policies/ and Network Policy Change.

Online upgrade

You have access to the public internet on the cluster. Thus, you have access to Entitled registry and IBM public GitHub repository. Follow these steps to upgrade the chart with release name my-release:
  1. Update the local repo:
    helm repo update
  2. Download the newer helm chart:
    helm pull ibm-helm/ibm-connect-direct
    The helm chart gets pulled in current directory.
  3. Untar the chart and run the PodSecurityPolicy/SecurityContextConstraints scripts to ensure any new required change is in-place on the cluster. Refer Applying Pod Security Standard Kubernetes Cluster and Creating security context constraints for Red Hat OpenShift Cluster as applicable on the cluster.
  4. Upgrade the chart.
    helm upgrade my-release ibm-connect-direct-1.4.x.tgz -f myvalues.yaml --reuse-values

Offline upgrade

You don't have access to the public internet on the cluster. Thus, Entitled registry and public IBM GitHub registry cannot be accessed from cluster. So, you need to follow the Offline (Airgap) Cluster procedure to get the installation files. Follow these steps to upgrade the chart with release name my-release:
  1. After you have the installation files, go inside the charts directory used for downloading the files.
    cd <download directory>/charts
    Download directory is directory where the installation files have been downloaded.
  2. Untar the chart and run the PodSecurityPolicy/SecurityContextConstraints scripts to ensure any new required change is in-place on the cluster. Refer Applying Pod Security Standard Kubernetes Cluster and Creating security context constraints for Red Hat OpenShift Cluster as applicable for the cluster.
  3. Upgrade the chart:
    helm upgrade my-release ibm-connect-direct-1.4.x.tgz -f myvalues.yaml --reuse-values
    Refer steps mentioned in Validating the Installation for validating the upgrade.
Note: For both online and offline processes:
  • Always upgrade from one consecutive release to the next (e.g., from 6.1 to 6.2, then from 6.2 to 6.3) rather than skipping releases (e.g., from 6.1 directly to 6.3).
  • Do not change/update the values of Connect Direct configuration parameters.
  • If any new parameters are introduced in the new chart and you are upgrading using new chart. Then, all those new parameters should be either passed with "--set" option or using a yaml file with "-f" option. The parameter can have default values as specified in the new chart or you can change the values as per your configuration requirement.
  • For root squash NFS deployment with custom UID/GID, let's suppose UID/GID was 1010/1010, then while upgrading to 1.3.x helm chart, update supplemental groups with 1010 also. Do not delete supplemental group already present in values.yaml file, just add 1010 also to its list. Then, trigger helm upgrade.
  • The Ordinary User Mode (OUM) feature is not available in older releases of the IBM Sterling Connect:Direct. So, the upgrade from older releases should be done by disabling this feature by setting oum.enabled="n" in values.yaml file to avoid unexpected behavior.

Rollback – Recovering on Failure

Procedure

  1. To rollback a chart with release name my-release to a previous revision invoke the following command:
    helm rollback my-release <previous revision number>
  2. To get the revision number execute the following command:
    helm history my-release
    Note: The rollback is only supported to a previous release. Subsequent rollbacks are not supported.

    Rollback from Connect Direct Unix v6.1 is only supported if it was upgraded from Connect Direct Unix 6.0 iFix026 and later releases.

Uninstall – Uninstalling a Release

To uninstall/delete a Chart with release name my-release invoke the following command:
Helm version 2
helm delete --purge my-release
Helm version 3
helm delete my-release
Note:
This command removes all the Kubernetes components associated with the Chart and deletes the Release. Certain Kubernetes resources created as an installation prerequisite for the Chart and a helm hook ie ConfigMap will not be deleted using the helm delete command. Delete these resources only if they are not required for further deployment of IBM Certified Container Software for Connect:Direct UNIX. If deletion is required, you have to manually delete the following resources:
  • The persistent volume
  • The secret
  • The Config Map