Upgrading Guardium Data Security Center manually

You can upgrade Guardium® Data Security Center manually or by using the all-in-one script.

1. Switch to namespace for the Guardium Data Security Center deployment.

   oc project ${NAMESPACE}

2. Run the preinstall script. This script sets up secrets and parameters for the Guardium Data Security Center instance.

   export GDSC_INVENTORY_SETUP=install

3. Install the Guardium Insights catalog.

   oc ibm-pak launch $CASE_NAME \
   --version $CASE_VERSION \
   --inventory $GDSC_INVENTORY_SETUP \
   --action install-catalog \
   --namespace openshift-marketplace \
   --args "--inputDir ${LOCAL_CASE_DIR}"

4. Verify that the catalogs are installed.

   oc get pods -n openshift-marketplace

   The output is similar to:

   ibm-db2uoperator-catalog-mzvd7                        1/1     Running       0          73s
   ibm-guardium-insights-operator-catalog-n8qkr          0/1     Running       0          16s 

5. Install the operator.

   oc ibm-pak launch $CASE_NAME \
   --version $CASE_VERSION \
   --inventory $GDSC_INVENTORY_SETUP \
   --action install-operator \
   --namespace ${NAMESPACE} \
   --args "--registry cp.icr.io --user ${CP_REPO_USER} --pass ${CP_REPO_PASS} --secret ibm-entitlement-key --inputDir ${LOCAL_CASE_DIR}"

6. Verify the cluster service version for Guardium Data Security Center is present.

   oc get csv -w

   The following output example is for Guardium Data Security Center version 3.6.0. The displayed values in the output can vary based on the Guardium Data Security Center version that you are upgrading to.

   NAME                                                       DISPLAY                                VERSION      REPLACES                                      PHASE
   cloud-native-postgresql.v1.18.12                          EDB Postgres for Kubernetes            1.18.12      cloud-native-postgresql.v1.18.10              Succeeded
   db2u-operator.v110509.0.2                                 IBM Db2                                110509.0.2                                                 Succeeded
   ibm-cert-manager-operator.v4.2.7                          IBM Cert Manager                       4.2.7        ibm-cert-manager-operator.v4.2.1              Succeeded
   ibm-common-service-operator.v4.6.6                        IBM Cloud Pak foundational services    4.6.6        ibm-common-service-operator.v4.6.5            Succeeded
   ibm-commonui-operator.v4.4.5                              Ibm Common UI                          4.4.5        ibm-commonui-operator.v4.4.4                  Succeeded
   ibm-events-operator.v5.0.1                                IBM Events Operator                    5.0.1                                                      Succeeded
   ibm-guardium-data-security-center-operator.v3.6.0         IBM Guardium Data Security Center      3.6.0        ibm-guardium-insights-operator.v3.5.0         Succeeded
   ibm-iam-operator.v4.5.5                                   IBM IM Operator                        4.5.5        ibm-iam-operator.v4.5.4                       Succeeded
   ibm-redis-cp.v1.1.9                                       ibm-redis-cp-operator                  1.1.9                                                      Succeeded
   ibm-zen-operator.v5.1.8                                   IBM Zen Service                        5.1.8        ibm-zen-operator.v5.1.7                       Succeeded
   operand-deployment-lifecycle-manager.v4.3.5               Operand Deployment Lifecycle Manager   4.3.5        operand-deployment-lifecycle-manager.v4.3.4   Succeeded

7. Verify that the operators are installed.

   oc get pods -n ${NAMESPACE}

   The output is similar to:

   NAME                                                  READY   STATUS    RESTARTS   AGE 
   db2u-day2-ops-controller-manager-5488d5c844-8z568     1/1     Running   0          2m59s 
   db2u-operator-manager-5fc886d4bc-mvg98                1/1     Running   0          2m59s 
   ibm-cloud-databases-redis-operator-6d668d7b88-p69hm   1/1     Running   0          74s 
   mongodb-kubernetes-operator-856bc86746-8vsrg          1/1     Running   0          49s 

8. Prepare for a Guardium Data Security Center upgrade.
   1. Update the Guardium Data Security Center custom resource file by using the following command.

      oc edit guardiumdatasecuritycenter -n=${NAMESPACE}

   2. Change the version to the Guardium Data Security Center version that you want to upgrade to.
      For example, change the version to 3.6.0.
   3. Change the spec.guardiumGlobal.image.repository to http://cp.icr.io/cp/ibm-guardium-data-security-center.
   4. Change the license.licenseType to only one of the following values.
      • For Guardium Data Security 3.5.x, change the license.licenseType to L-YRPR-ZV3BA6.
      • For Guardium Data Security Suite license 3.6.x, change the license.licenseType to L-QABB-9QRLFB.
        Note: If you have purchased the new Guardium Data Security Center Suite license you can enable IBM Quantum Safe by running

        oc patch guardiumdatasecuritycenter <cr_name> -n $namespace --type "json" -p '[{"op":"add","path":"/spec/capabilities/-","value":{"name": "quantum-safe", "enabled": true, configurations: {}}}]'

   5. Change the guardiumGlobal.instance.ics.namespace to GDSC_NAMESPACE.
   6. Monitor the reconciliation by using the following command.

      oc get guardiumdatasecuritycenter –w 

      In the following output example, the DESIRED_VERSION is updated to 3.6.0. The displayed versions in the output vary based on the Guardium Data Security Center version that you want to upgrade to and the current version on your system.

      NAME      TYPE    STATUS   REASON      MESSAGE                    DESIRED_VERSION   INSTALLED_VERSION
      staging   Ready   True     Completed   Completed Reconciliation   3.6.0            3.6.0