Patching Guardium Insights to version 3.5.x

Apply a patch to upgrade to the next minor version in Guardium® Insights version 3.5.x.

About this task

In the following instructions, <current_version> refers to the version of Guardium Insights that is installed on your system, and <new_version> refers to the version of Guardium Insights that you are upgrading to.

Procedure

Download the catalog and operator from the CASE files to your local directory.

export ICS_USER=<ICS Admin User>
export ICS_PASS=<ICS PASS>
export NAMESPACE=<Namespace where GI is installed>
export CP_REPO_USER=cp
export CP_REPO_PASS=<cp key for ER>
export CASE_NAME=ibm-guardium-insights
export CASE_VERSION=<CASE_VERSION>
export LOCAL_CASE_DIR=$HOME/.ibm-pak/data/cases/$CASE_NAME/$CASE_VERSION

oc ibm-pak get $CASE_NAME \
--version $CASE_VERSION \
--skip-verify

Specify the CASE_VERSION for the version of Guardium Insights you are deploying.

oc login -u <KUBE_USER> -p <KUBE_PASS> [--insecure-skip-tls-verify=true]

For example,

oc login api.example.ibm.com:6443 -u kubeadmin -p xxxxx-xxxxx-xxxxx-xxxxx

Verify that Guardium Insights is reconciled to the previous version by running the following command.

oc get guardiuminsights

The following output example displays that the reconciliation is complete.

NAME      TYPE    STATUS   REASON     MESSAGE                    DESIRED_VERSION    INSTALLED_VERSION
staging   Ready   True     Complete   Completed Reconciliation   <current_version>  <current_version>

Determine the version of IBM Cloud Pak® foundational services that is installed on your system by running the following command.
```
oc get csv -n ibm-common-services | grep foundational
```
Note the <version_number> variable in the output.
```
ibm-common-service-operator.<version_number> IBM Cloud Pak foundational services <version_number> ibm-common-service-operator.<version_number> Succeeded
```
Guardium Insights requires IBM Cloud Pak foundational services Version 4.5.x (where x is the latest released version). If the version_number in the output is 4.5.x (where x is the latest released version), you can skip step .

Upgrade IBM® Common Services in the same namespace as your Guardium Insights installation.

Export the namespace where Guardium Insights is installed.
```
export NAMESPACE=<GI-NAMESPACE>
```

Set the environment variable for --inventory parameter.

export ICS_INVENTORY_SETUP=ibmCommonServiceOperatorSetup

Install the IBM Common Services catalog.

oc ibm-pak launch $CASE_NAME \
--version $CASE_VERSION \
--action install-catalog \
--inventory $ICS_INVENTORY_SETUP \
--namespace ${NAMESPACE} \
--args "--registry icr.io --recursive \
--inputDir ${LOCAL_CASE_DIR}"

If you are using an OpenShift Data Foundation (ODF) storage class, run the Guardium Insights preinstall script.
Draft comment: Rose.Kaur@ibm.com
Is this step required for 3.5.x?
```
oc ibm-pak launch $CASE_NAME \
 --version $CASE_VERSION \
 --namespace ${NAMESPACE} \
 --inventory install     \
 --action preInstall    \
 --tolerance 1 \
 --args "-n ${NAMESPACE} -h <DB_worker_host> -l true"
```
Important: When you run the preinstall script during a Guardium Insights patch, the Db2® worker node (<DB_worker_host>) must match the same set of nodes that were set during installation. If there is more than one, provide them in a comma-separated list.

Install the catalog.

oc ibm-pak launch $CASE_NAME \
 --version $CASE_VERSION \
--namespace openshift-marketplace \
--inventory install \
--action install-catalog \
--args "--inputDir ${LOCAL_CASE_DIR}" --tolerance 1

Install the operator.

oc ibm-pak launch $CASE_NAME \
 --version $CASE_VERSION \
 --namespace ${NAMESPACE} \
 --inventory install \
 --action install-operator \
 --tolerance 1 \
 --args "--registry cp.icr.io --user ${CP_REPO_USER} --pass ${CP_REPO_PASS} --secret ibm-entitlement-key --inputDir ${LOCAL_CASE_DIR}"

Update the Guardium Insights version in the custom resource (CR) file by completing the following steps.
1. To edit the guardiuminsights CR file, run the following command.
```
oc edit guardiuminsights
```
2. Locate the Version value.
```
Version: <current_version>
```
3. Change the Version value to the new version.
```
Version: <new_version>
```
4. If the following entry is in your Guardium Insights custom resource (CR) file, remove it.
```
spec:
 ssh-service:
   serviceAccount: insights-odf-ssh-service-sa
```
5. Save and exit the file.
  When you exit the file, the following message is displayed.
```
guardiuminsights.gi.ds.isc.ibm.com/staging edited
```
To verify that your environment was upgraded, complete the following steps.
1. Log in to check the version of Guardium Insights.
2. Verify the system reconciliation status by running the following command.
```
oc get guardiuminsights
```
  When the upgrade is complete, the output is similar to the following example.
```
NAME      TYPE    STATUS   REASON     MESSAGE                    DESIRED_VERSION   INSTALLED_VERSION
staging   Ready   True     Complete   Completed Reconciliation   <new_version>     <new_version>
```
3. Verify that the pods are in a Running or Completed state by running the following command.
  Draft comment: Rose.Kaur@ibm.com
  Should the pods be in a "Running" state or "Completed" state? Can we also get a output example for this?
```
oc get pods
```
To remove an unused mount point from the Guardium Insights user interface services that might cause stability problems, use only one of the following methods.
1. To edit the deployment file, run the following command.
```
oc edit deployment <gi_installation_name>-insights
```
  Locate and delete the following fields in the file, and then save the changes.
```
- mountPath: /node_app/src/static/insights_exports
 name: db2-scratch-mount
 subPath: scratch/insights-exports
```
2. To remap the extra mount to an unused location, run the following command.
```
oc get deployment -oyaml <gi install name>-insights | sed 's#/node_app/src/static/insights_exports#/tmp/ignore#g' | oc replace -f -
```