Upgrading Guardium Data Security Center by using the all-in-one script in an air-gaped environment

You can upgrade your Guardium Data Security Center instance in an air-gap or offline environment by downloading the CASE bundle file and running the all-in-one script.

Downloading the CASE bundle

Create the environment variables and save the CASE bundle file.

Procedure

Create these environment variables with the installer image name and version.
For example, for version 3.6.0, specify the 2.6.0 bundle file:
```
export CASE_NAME=ibm-guardium-data-security-center
export CASE_VERSION=2.6.0
export LOCAL_CASE_DIR=$HOME/.ibm-pak/data/cases/$CASE_NAME/$CASE_VERSION
export CASE_ARCHIVE=$CASE_NAME-$CASE_VERSION.tgz
```
Tip: The displayed versions in the output vary based on the Guardium Data Security Center version that you want to install and the current version on your system.
Save the CASE bundle locally:
```
oc ibm-pak get $CASE_NAME \
--version $CASE_VERSION \
--skip-verify
```
Tip: If you do not specify the CASE version, the latest CASE version downloads.
Note: If you encounter an error similar to this example:
```
No Case registries found for case ibm-cert-manager->=1.3.0 <1.3.1.tgz with the given repository URL information
FAILED
```
You might be experiencing a temporary communication problem with the remote repository. Wait a few minutes and try again.

Running the all-in-one script in an air-gaped environment

Upgrade your Guardium Data Security Center instance in an air-gap or offline environment by using the all-in-one script.

Procedure

Edit the $LOCAL_CASE_DIR/$CASE_NAME/inventory/automateInstall/files/values.conf file with the appropriate configuration details.
1. Set SKIP_INSTALL_ICS to false.
2. Set APPLY_CR to false as the Guardium Data Security Center instance exists on the system already.
3. Set SKIP_IBM_CERT_INSTALL to true.
4. In the ICS_POSTGRES_REGISTRY_URL parameter, enter the hostname of the remote registry that contains the installation images.
5. In the ICS_POSTGRES_REGISTRY_USER parameter, enter the user that you use to login to the entitled registry.
6. In the ICS_POSTGRES_REGISTRY_PASS parameter, enter the password or entitlement key that you use to login to the entitled registry.
7. Run the all-in-one script by using the following command.
```
oc ibm-pak launch $CASE_NAME \
  --version $CASE_VERSION \
  --namespace ${NAMESPACE} \
  --inventory automateInstall \
  --action autoInstall \
  --tolerance 1 | tee -a ${LOCAL_INSTALL_DIR}/installation.log
```
After the script runs successfully, edit the custom resource (CR) file by using the following command.
```
oc edit guardiumdatasecuritycenter -n $NAMESPACE
```
1. Change the version to the Guardium Data Security Center version that you want to upgrade to.
  For example, change the version to 3.6.0.
2. Change the license.licenseType to a value that works for the Guardium Data Security Center version that you want to upgrade to. For more information, see License options.
3. Change the guardiumGlobal.instance.ics.namespace to GDSC_NAMESPACE.

Check the status of the upgrade process.

oc get guardiumdatasecuritycenter –w

In the following output example, the DESIRED_VERSION is updated to 3.6.0.

NAME      TYPE    STATUS   REASON      MESSAGE                    DESIRED_VERSION   INSTALLED_VERSION
staging   Ready   True     Completed   Completed Reconciliation   3.6.0            3.6.0

What to do next

After you upgrade the Cloud Pak foundational services version, you can remove the older version of Cloud Pak foundational services by completing the following steps.

Verify that no other products use the Cloud Pak foundational services version that you want to remove.
Remove the ibm-common-services namespace by completing the steps in Uninstalling foundational services.
Remove the remaining resources in the cs-control namespace by completing the steps in Uninstalling the remaining resources after migrating to foundational services version 4.x.