Preparing to patch or upgrade Guardium Data Security Center

As of IBM Guardium Data Security Center Version 3.6.0, OCP and OpenShift® Data Foundation (ODF) Version 4.16 are now supported.

Before you begin

Attention: Identify the correct upgrade path for your version of Guardium Data Security Center.
  • Version 3.2.x can be upgraded to a maximum of version 3.3.0.
  • Version 3.3.x can be patched to latest version 3.3.y (where y is greater than x). Do not shut down Guardium Insights when you patch the product.
In both cases, any patch in between can be skipped. To go from version 3.2.x to version 3.3.1, you must first upgrade to version 3.3.0 and then apply patch 3.3.1.

Procedure

  1. If you are running Guardium Insights Version 3.2.0 or 3.2.1, patch your environment to Guardium Insights Version 3.2.2.
    This update includes changes to the data ingestion pipeline, performance improvements, and schema changes.

    After you complete this step, your environment consists of:

    • Guardium Insights Version 3.2.2
    • IBM Cloud Pak® foundational services Version 3.19
    • OCP Version 4.10
    • ODF Version 4.10
  2. If you are running Guardium Insights Version 3.2.2 to 3.2.7, patch your environment to Guardium Insights Version 3.2.8.
    This update includes support for OCP Version 4.12.

    After you complete this step, your environment consists of:

    • Guardium Insights Version 3.2.8
    • Cloud Pak foundational services Version 3.19
    • OCP Version 4.10
    • ODF Version 4.10
  3. Upgrade OCP to Version 4.12 and upgrade ODF to Version 4.11.

    After you complete this step, your environment consists of:

    • Guardium Insights Version 3.2.8
    • Cloud Pak foundational services Version 3.19
    • OCP Version 4.12
    • ODF Version 4.11
  4. If you are running Guardium Insights Version 3.2.8 to 3.2.11, patch your environment to Guardium Insights Version 3.2.12.
    This patch includes an upgrade of Db2® to Version 11.5.8.cn3.

    After you complete this step, your environment consists of:

    • Guardium Insights Version 3.2.12
    • Cloud Pak foundational services Version 3.19
    • OCP Version 4.12
    • ODF Version 4.11
  5. If you are running Guardium Insights Version 3.2.12 or 3.2.13, upgrade your environment to Guardium Insights Version 3.3.0 by following these instructions.
    1. Download the 2.3.0 CASE bundle. In these instructions, replace 2.2.0 with 2.3.0.
    2. Patch Guardium Insights. In Step 16, edit the CR version to 3.3.0.

    After you complete this step, your environment consists of:

    • Guardium Insights Version 3.3.0
    • Cloud Pak foundational services Version 3.19
    • OCP Version 4.12
    • ODF Version 4.11
    Important: After you complete this step, you can skip Step 6 and proceed directly to Step 7.
  6. If you are running Guardium Insights Version 3.2.14 and later versions of 3.2.x, upgrade your environment to Guardium Insights Version 3.3.0 by completing the following instructions.
    1. Download the 2.3.3 CASE bundle. For more information, see Downloading the CASE bundle.
    2. Patch Guardium Insights. In Step 16, edit the CR version to 3.3.0.

    After you complete this step, your environment consists of:

    • Guardium Insights Version 3.3.0
    • Cloud Pak foundational services Version 3.19
    • OCP Version 4.12
    • ODF Version 4.11
    Important: After you complete this step, you can skip Step 6 and proceed directly to Step 7.
  7. If you want to update Guardium Insights to the latest version of Version 3.3.x, complete the following steps.
    1. Patch Guardium Insights from Version 3.3.0 to Version 3.3.4 or later.
      Important:
      • Version 3.4When you run the pre-install script for Guardium Insights installation, you need to prepare your Guardium Insights for ODF Version 4.14 if you are using ODF by setting the -q | --custom-scc parameter to true:
        -q | --custom-scc:
        If you specify 'true', Guardium Insights pods will use a custom scc with a default name of 
        'gi-odf-scc'. If you pass in another value, it will apply that value as the scc name. 
        For a list of available SCCs you can run 'oc get scc'. Guardium Insights normally runs in 
        restricted-v2 SCC. Defaults to 'false' with no custom scc applied.

        This parameter is only required for Guardium Insights installations that resides on ODF installations with non-ROSA and non-ARO deployments.

      • Edit the custom resource (CR) and update the version number.
      • Add this to the CR ssh-service:
        serviceAccount: insights-odf-ssh-service-sa
      • Upgrade ODF to Version 4.12.

      After you complete this step, your environment consists of:

      • Guardium Insights Version 3.3.4 or later
      • Tenant Minisnif and Tenant GUC Custom Resources Version 3.3.4 or later
      • Cloud Pak foundational services Version 3.19
      • OCP Version 4.12
      • ODF Version 4.12
    2. Manually shut down Guardium Insights.
    3. Upgrade OCP and ODF to Version 4.13.
      When prompted, run this script:
      oc -n openshift-config patch cm admin-acks \
      --patch '{"data":{"ack-4.12-kube-1.26-api-removals-in-4.13":"true"}}' --type=merge
      Important: When you run this script, the OpenShift console displays a command that you must run to proceed with the upgrade.

      After you complete this step, your environment consists of:

      • Guardium Insights Version 3.3.4
      • Cloud Pak foundational services Version 3.19
      • OCP Version 4.13
      • ODF Version 4.13
    4. Upgrade OCP and ODF to Version 4.14.
      When prompted, run the following script.
      oc -n openshift-config patch cm admin-acks \ 
      --patch '{"data":{"ack-4.13-kube-1.27-api-removals-in-4.14":"true"}}' \ 
      --type=merge
      Important: When you run this script, the OpenShift console displays a command that you must run to proceed with the upgrade.

      After you complete this step, your environment consists of:

      • Guardium Insights Version 3.3.4
      • Cloud Pak foundational services Version 3.19
      • OCP Version 4.14
      • ODF Version 4.14
  8. If you want to update Guardium Insights to Version 3.4.0, complete the following steps.
    1. Upgrade from Version 3.3.0 to Version 3.4.0 or later.
      1. Download the 2.4.0 CASE bundle. For more information, see Downloading the CASE bundle.
      2. Patch Guardium Insights. In Step 13, edit the CR version to 3.4.0.

    After you complete this step, your environment consists of:

    • Guardium Insights Version 3.4.0
    • IBM Cloud Pak foundational services Version 4.5.x (where x is the latest released version)
    • OCP Version 4.14
    • ODF Version 4.14
  9. If you want to update Guardium Insights to Version 3.5.0, complete the following steps.
    1. Download the 2.5.0 CASE bundle. For more information, see Downloading the Guardium Insights CASE file.
    2. Upgrade to Guardium Insights Version 3.5.0.
    3. Shut down Guardium Insights.
    4. Upgrade OCP and ODF to Version 4.13.

      After you complete this step, your environment consists of:

      • Guardium Insights Version 3.5.0
      • Cloud Pak foundational services Version 4.6.x
      • OCP Version 4.15
      • ODF Version 4.15
    5. Upgrade OCP and ODF to Version 4.16.

      After you complete this step, your environment consists of:

      • Guardium Insights Version 3.5.0
      • Cloud Pak foundational services Version 4.6.x
      • OCP Version 4.16
      • ODF Version 4.16
  10. If you want to update Guardium Data Security Center to Version 3.6.0, complete the following steps.
    1. Download the 2.6.0 CASE bundle. For more information, see Downloading the Guardium Data Security Center CASE file and set up your environment for dependencies.
    2. Upgrade to Guardium Insights Version 3.5.0.

    After you complete this step, your environment consists of:

    • Guardium Data Security Center Version 3.6.0
    • Cloud Pak foundational services Version 4.6.x
    • OCP Version 4.16
    • ODF Version 4.16
  11. Restart Guardium Data Security Center and monitor for errors.