IBM Support

Readme for IBM Business Automation Insights 23.0.2 IF002

Fix Readme


Abstract

This readme is for IBM Business Automation Insights 23.0.2 IF002 released to resolve security vulnerabilities, as well as other defects. It includes information about the download, installation, and other information about interim fixes for the V.R.M release.

Content

Readme file for IBM Business Automation Insights
Product release 23.0.2
Publication date 1 March 2024

Contents

Prerequisites and superseding fixes

  • Each interim fix typically supersedes all other previous interim fixes shipped for 23.0.2
  • Business Automation Insights includes container images that include operating system level and other open source libraries. Vulnerabilities (CVEs) for these libraries are published regularly. These interim fixes include fixes for these libraries.

Components impacted

  • Business Automation Insights

Before installation

  1. Ensure you take regular backups of any databases associated with the environment.
  2. Ensure your operators are in a healthy state, before upgrading.
    If one or more operators are failing, then it can prevent the system from completing an upgrade.
    It is recommended to check a few of the important CR statuses to ensure there are not failures and the statuses appear ready for the various installed components. Check the status of the following CRs when they exist:
  3. oc get icp4acluster -o yaml
oc get insightsengine -o yaml
  4. Remove any image settings in CRs
    If you used any individual image tag settings in your CRs, it could prevent the operator from updating the images to the appropriate version. Ensure you remove any of these settings when you upgrade. This doesn't apply to starter installation as it requires a new install.

Installing IF002

 
This interim fix contains the following version of Business Automation Insights and Cloud Pak Foundational Services (CPFS):
  • Business Automation Insights 23.0.2-IF002
  • Cloud Pak Foundational Services 4.4
Note:  This interim fix only supports the Cloud Pak Foundational Services listed above. It is important that you deploy or upgrade Business Automation Insights using the catalog sources in this readme document (the same catalog sources are also in the referenced CASE package).  If you have other Cloud Paks installed on the same OCP cluster, be sure to check the compatibility of the Cloud Pak Foundational Services versions, listed above, with other Cloud Paks' specifications.
 
Important interim fix details:
Business Automation Insights 23.0.2 IF002 is released to the v23.2 operator channel. Once the operators are upgraded, it triggers rolling updates for all the pods it manages to ensure they are updated to the appropriate version to match the operator.
Step 1: Setup the CASE package
  1. Download the CASE package provided with this interim fix to a Linux based machine (RHEL or macOS).
  2. Use the tar command to extract the cert-kubernetes directory.
tar -xvzf ibm-cp-automation-5.1.2.tgz
cd ibm-cp-automation/inventory/cp4aOperatorSdk/files/deploy/crs
tar -xvf cert-k8s-23.0.2.tar
cd cert-kubernetes
 
Step 2:  Perform the installation or update the existing deployment
 
Depending on the current setup and state of your existing environment, there are various upgrade actions that need to be taken. The following scenarios cover what actions might be needed for a particular setup.
  
  • Scenario 1: You are installing a Production deployment
    Actions: 
    You can use this interim fix content to perform a Production deployment.  To deploy a Production deployment using the content of this interim fix, please see install a new Production environment  and use the CASE package from this interim fix.
    Note: If you have an existing Cloud Pak Foundation Services instance installed in the cluster or in the namespace where CP4BA is being installed, then it is not supported.  The Production deployment of CP4BA is only supported when deploying into a new namespace without CPFS.
  • Scenario 2:  Your installed Production deployment is 23.0.2 GA and is online.
    Actions: 
    Perform the following steps and then the upgrade of operators and deployments will start.
    1. Upgrade the CP4BA operators using one of two methods. 
      • Option 1: Running the operator upgrade script from the case package. 
        ./scripts/cp4a-deployment.sh -m upgradeOperator -n <project_name>
      • Option 2: Manually deploy the catalog source and update the CPFS channels using the CPFS upgrade script.
        1. Apply the new catalog sources. 
          oc apply -f ./descriptors/op-olm/catalog_source.yaml
        2. Update the cert manager and license service channels to the appropriate level with this script: 
          ./scripts/cpfs/installer_scripts/cp3pt0-deployment/setup_singleton.sh --enable-licensing --cert-manager-source ibm-cert-manager-catalog --licensing-source ibm-licensing-catalog --license-accept -v 1 -c v4.2
        3. Update the channels to the appropriate levels for the rest of the CPFS subscriptions. 
          ./scripts/cpfs/installer_scripts/cp3pt0-deployment/setup_tenant.sh --operator-namespace <CP4BA Namespace> -s opencloud-operators-v4-4 -c v4.4 --license-accept -v 1
          Note: Be sure to replace the namespace with the appropriate CP4BA namespace.
    2. Wait for the operators to complete their upgrades.
      By default all subscriptions are set to automatic, but if you have any subscriptions set to manual then you need to approve any pending InstallPlans.
      Use the below command to see the current status of the install plans. 
      oc get installPlan
      The upgrade will be blocked, if any of the needed InstallPlans are not approved. It is not recommended to set subscriptions to manual as this makes the upgrade more error prone.
    3. You can use the following scripts to check the status of the upgrades.
      1. Run the script in [upgradeOperatorStatus] mode to check that the upgrade of the CP4BA operator and its dependencies is successful. 
        ./scripts/cp4a-deployment.sh -m upgradeOperatorStatus -n <project_name>
        Warning: The script will scale the CP4BA deployments down to zero. You must execute the upgradeDeploymentStatus command to scale them back up.
      2. Run the script in [upgradeDeploymentStatus] mode to check that the upgrade of the CP4BA deployment is successful. 
        ./scripts/cp4a-deployment.sh -m upgradeDeploymentStatus -n <project_name>
  • Scenario 3:  Your installed Production deployment is 23.0.2 GA and using airgap/offline.
    Actions: 
    Perform the following steps and then the upgrade of operators and deployments will start.
    1. Download the case package mirror file, cp4ba-case-to-be-mirrored-23.0.2-IF002.txt, for this interim fix and you must rename the file to cp4ba-case-to-be-mirrored-23.0.2-IF002.yaml. Then execute this command to download the case files: 
      oc ibm-pak get -c file://(absolute path to file)/cp4ba-case-to-be-mirrored-23.0.2-IF002.yaml
      The (absolute path to file) needs to be a path starting from "/". For example, "/opt"
      For more information, see Downloading the CASE files.
    2. You will need to mirror the images associated with the new case package. Follow the instructions for either mirroring option in Mirroring images to the private registry using the new version values associated with this fix. 
      export CASE_NAME=ibm-cp-automation
export CASE_VERSION=5.1.2
    3. Update the catalog with the new version. 
      cat $HOME/.ibm-pak/data/mirror/$CASE_NAME/$CASE_VERSION/catalog-sources.yaml | sed 's/opencloud-operators/opencloud-operators-v4-4/g' | oc apply -f -
    4. Update the cert manager and license service channels to the appropriate level with this script: 
      ./scripts/cpfs/installer_scripts/cp3pt0-deployment/setup_singleton.sh --enable-licensing --cert-manager-source ibm-cert-manager-catalog --licensing-source ibm-licensing-catalog --license-accept -v 1 -c v4.2
    5. Update the channels to the appropriate levels for the rest of the CPFS subscriptions. 
      ./scripts/cpfs/installer_scripts/cp3pt0-deployment/setup_tenant.sh --operator-namespace <CP4BA Namespace> -s opencloud-operators-v4-4 -c v4.4 --license-accept -v 1
      Note: Be sure to replace the namespace with the appropriate CP4BA namespace.
    6. Wait for the operators to complete their upgrades.

      By default all subscriptions are set to automatic, but if you have any subscriptions set to manual then you need to approve any pending InstallPlans.
      Use oc get installPlan to see the current status of the install plans.
      The upgrade will be blocked, if any of the needed InstallPlans are not approved. It is not recommended to set subscriptions to manual as this can make the upgrade more error prone.

Performing the necessary tasks after installation

Uninstalling

For example, ordered or un-ordered list. If there are no steps that can be taken, then state "There is no procedure to uninstall the interim fix."

List of fixes

The following lists of resolved Known Issues are specific to Business Automation Insights. Fixes that have been identified as correcting security vulnerabilities are indicated with an X mark.
Business Automation Insights
23.0.2 IF002
Known Issue Security Behavior change Title
N/A X
Business Automation Insights is delivered with container images that include operating system level and other open source libraries. Vulnerabilities (CVEs) for these libraries are published regularly. This interim fix includes fixes for these libraries to address:
CVE-2023-49568, CVE-2023-45285, CVE-2023-45284, CVE-2023-45283, CVE-2023-39326, and GHSA-7ww5-4wqc-m92cd on must-gather image
DBACLD-119396 N/A
InsightEngine fails with NetworkPolicy Error
This problem will block progress
DBACLD-119610 N/A
BPC is does not restart when Kafka certificate changes
Has the potential to affect progress
DBACLD-121805 N/A
BAI management pod fails with OOM on OCP 4.14
Has the potential to affect progress
DBACLD-117593 N/A
Update bai annotations when deploy as bai-standalone
This problem will block progress
DBACLD-121597 N/A
update BTS to 3.32.0 in 23.0.2 IF001
This problem will block progress
DBACLD-120602 N/A
Add possibility to use Elasticsearch internal URL and Kafka internal bootstrap servers in BAI
Has the potential to affect progress
DBACLD-120408 N/A
Update operator to get zenStatus for zen version 5.1.0
Has the potential to affect progress
DBACLD-120887 N/A
Update the image path for iaf-flink , iaf-eventprocessing-proxy image
Has the potential to affect progress
DBACLD-120968 N/A
Update cert-k8s to consume CPFS 4.4
Has the potential to affect progress
DBACLD-119812 N/A
Permission denied when running migrate_tenant.sh
Has the potential to affect progress
DBACLD-121581 N/A
Intermittently ansible task failed on "Launch temporary ibm-cp4a-operator-pod-tmp pod and wait 180s at most for it to be ready" only in first and second CP4BA operator reconcile
Has the potential to affect progress
DBACLD-121284 N/A
some ansible task failed when trying to change the permission of files or directories using AzureFile storageclass
Has the potential to affect progress

Back to top

Document change history
  • 29 February 2024: Initial publish.

    • [{"Type":"MASTER","Line of Business":{"code":"LOB10","label":"Data and AI"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSHDI1U","label":"IBM Business Automation Insights"},"ARM Category":[{"code":"a8m50000000L1SIAA0","label":"Business Console-\u003ESecurity"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]

    Document Information

    Modified date:
    01 March 2024

    UID

    ibm17123897

    Page Feedback