IBM Support

Readme for IBM Business Automation Insights 23.0.2 IF003

Fix Readme


Abstract

This readme is for IBM Business Automation Insights 23.0.2 IF003 released to resolve security vulnerabilities, as well as other defects. It includes information about the download, installation, and other information about interim fixes for the V.R.M release.

Content

Readme file for IBM Business Automation Insights
Product release 23.0.2
Publication date 28 March 2024

Contents

Prerequisites and superseding fixes

  • Each interim fix typically supersedes all other previous interim fixes shipped for 23.0.2
  • Business Automation Insights includes container images that include operating system level and other open source libraries. Vulnerabilities (CVEs) for these libraries are published regularly. These interim fixes include fixes for these libraries.

Components impacted

  • Business Automation Insights

Before installation

  1. Ensure you take regular backups of any databases associated with the environment.
  2. Ensure your operators are in a healthy state, before upgrading.
    If one or more operators are failing, then it can prevent the system from completing an upgrade.
    It is recommended to check a few of the important CR statuses to ensure there are not failures and the statuses appear ready for the various installed components. Check the status of the following CRs when they exist:
  3. oc get icp4acluster -o yaml
oc get insightsengine -o yaml
  4. Remove any image settings in CRs
    If you used any individual image tag settings in your CRs, it could prevent the operator from updating the images to the appropriate version. Ensure you remove any of these settings when you upgrade. This doesn't apply to starter installation as it requires a new install.

Installing IF003

 
This interim fix contains the following version of Business Automation Insights and Cloud Pak Foundational Services (CPFS):
  • Business Automation Insights 23.0.2-IF003
  • Cloud Pak Foundational Services 4.4
Note:  This interim fix only supports the Cloud Pak Foundational Services listed above. It is important that you deploy or upgrade Business Automation Insights using the catalog sources in this readme document (the same catalog sources are also in the referenced CASE package).  If you have other Cloud Paks installed on the same OCP cluster, be sure to check the compatibility of the Cloud Pak Foundational Services versions, listed above, with other Cloud Paks' specifications.
 
Important interim fix details:
Business Automation Insights 23.0.2 IF003 is released to the v23.2 operator channel. Once the operators are upgraded, it triggers rolling updates for all the pods it manages to ensure they are updated to the appropriate version to match the operator.
Step 1: Setup the CASE package
  1. Download the CASE package provided with this interim fix to a Linux based machine (RHEL or macOS).
  2. Use the tar command to extract the cert-kubernetes directory.
tar -xvzf ibm-cp-automation-5.1.3.tgz
cd ibm-cp-automation/inventory/cp4aOperatorSdk/files/deploy/crs
tar -xvf cert-k8s-23.0.2.tar
cd cert-kubernetes
 
Step 2:  Perform the installation or update the existing deployment
 
Depending on the current setup and state of your existing environment, there are various upgrade actions that need to be taken. The following scenarios cover what actions might be needed for a particular setup.
  
  • Scenario 1: You are installing a Production deployment
    Actions: 
    You can use this interim fix content to perform a Production deployment.  To deploy a Production deployment using the content of this interim fix, please see Installing a Business Automation Insights production environment  and use the CASE package from this interim fix.
    Note: If you have an existing Cloud Pak Foundation Services instance installed in the cluster or in the namespace where CP4BA is being installed, then it is not supported.  The Production deployment of CP4BA is only supported when deploying into a new namespace without CPFS.
  • Scenario 2:  Your installed Production deployment is 23.0.2 GA and is online.
    Actions: 
    Perform the following steps and then the upgrade of operators and deployments will start.
    1. Upgrade the CP4BA operators using one of two methods. 
      • Option 1: Running the operator upgrade script from the case package. 
        ./scripts/cp4a-deployment.sh -m upgradeOperator -n <project_name>
      • Option 2: Manually deploy the catalog source and update the CPFS channels using the CPFS upgrade script.
        1. Apply the new catalog sources. 
          oc apply -f ./descriptors/op-olm/catalog_source.yaml
        2. Update the cert manager and license service channels to the appropriate level with this script: 
          ./scripts/cpfs/installer_scripts/cp3pt0-deployment/setup_singleton.sh --enable-licensing --cert-manager-source ibm-cert-manager-catalog --licensing-source ibm-licensing-catalog --license-accept -v 1 -c v4.2
        3. Update the channels to the appropriate levels for the rest of the CPFS subscriptions. 
          ./scripts/cpfs/installer_scripts/cp3pt0-deployment/setup_tenant.sh --operator-namespace <CP4BA Namespace> -s opencloud-operators-v4-4 -c v4.4 --license-accept -v 1
          Note: Be sure to replace the namespace with the appropriate CP4BA namespace.
    2. Wait for the operators to complete their upgrades.
      By default all subscriptions are set to automatic, but if you have any subscriptions set to manual then you need to approve any pending InstallPlans.
      Use the below command to see the current status of the install plans. 
      oc get installPlan
      The upgrade will be blocked, if any of the needed InstallPlans are not approved. It is not recommended to set subscriptions to manual as this makes the upgrade more error prone.
    3. You can use the following scripts to check the status of the upgrades.
      1. Run the script in [upgradeOperatorStatus] mode to check that the upgrade of the CP4BA operator and its dependencies is successful. 
        ./scripts/cp4a-deployment.sh -m upgradeOperatorStatus -n <project_name>
        Warning: The script will scale the CP4BA deployments down to zero. You must execute the upgradeDeploymentStatus command to scale them back up.
      2. Run the script in [upgradeDeploymentStatus] mode to check that the upgrade of the CP4BA deployment is successful. 
        ./scripts/cp4a-deployment.sh -m upgradeDeploymentStatus -n <project_name>
  • Scenario 3:  Your installed Production deployment is 23.0.2 GA and using airgap/offline.
    Actions: 
    Perform the following steps and then the upgrade of operators and deployments will start.
    1. Download the CASE package mirror file cp4ba-case-to-be-mirrored-23.0.2-IF003.txt for this interim fix and you must rename the file to cp4ba-case-to-be-mirrored-23.0.2-IF003.yaml. Then execute this command to download the case files: 
      oc ibm-pak get -c file://(absolute path to file)/cp4ba-case-to-be-mirrored-23.0.2-IF003.yaml
      The (absolute path to file) needs to be a path starting from "/". For example, "/opt"
      For more information, see Downloading the CASE files.
    2. You will need to mirror the images associated with the new case package. Follow the instructions for either mirroring option in Mirroring images to the private registry using the new version values associated with this fix. 
      export CASE_NAME=ibm-cp-automation
export CASE_VERSION=5.1.3
    3. Update the catalog with the new version. 
      cat $HOME/.ibm-pak/data/mirror/$CASE_NAME/$CASE_VERSION/catalog-sources.yaml | sed 's/opencloud-operators/opencloud-operators-v4-4/g' | oc apply -f -
    4. Update the cert manager and license service channels to the appropriate level with this script: 
      ./scripts/cpfs/installer_scripts/cp3pt0-deployment/setup_singleton.sh --enable-licensing --cert-manager-source ibm-cert-manager-catalog --licensing-source ibm-licensing-catalog --license-accept -v 1 -c v4.2
    5. Update the channels to the appropriate levels for the rest of the CPFS subscriptions. 
      ./scripts/cpfs/installer_scripts/cp3pt0-deployment/setup_tenant.sh --operator-namespace <CP4BA Namespace> -s opencloud-operators-v4-4 -c v4.4 --license-accept -v 1
      Note: Be sure to replace the namespace with the appropriate CP4BA namespace.
    6. Wait for the operators to complete their upgrades.

      By default all subscriptions are set to automatic, but if you have any subscriptions set to manual then you need to approve any pending InstallPlans.
      Use oc get installPlan to see the current status of the install plans.
      The upgrade will be blocked, if any of the needed InstallPlans are not approved. It is not recommended to set subscriptions to manual as this can make the upgrade more error prone.

Performing the necessary tasks after installation

Uninstalling

For example, ordered or un-ordered list. If there are no steps that can be taken, then state "There is no procedure to uninstall the interim fix."

List of fixes

The following lists of resolved Known Issues are specific to Business Automation Insights. Fixes that have been identified as correcting security vulnerabilities are indicated with an X mark.
Business Automation Insights
23.0.2 IF003
Known Issue Security Behavior change Title
DBACLD-127387 N/A
[BTS] Disable FIPS mode according to CPfS 4.5 Black Box FIPS approach
Has the potential to affect progress
DBACLD-125232 N/A
[CP4BA 2400] BAI Standalone - DBA operator does not deploy BTS when no deployment pattern is specified
Has the potential to affect progress
DBACLD-126325 N/A
[CP4BA 2400] BAI Standalone - DBA operator does not deploy BTS when no deployment pattern is specified
Has the potential to affect progress
DBACLD-128606 N/A
[BAI S]should remove enable_fips from template
Has the potential to affect progress

Back to top

Document change history
  • 28 March 2024: Initial publish.

    • [{"Type":"MASTER","Line of Business":{"code":"LOB10","label":"Data and AI"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSHDI1U","label":"IBM Business Automation Insights"},"ARM Category":[{"code":"a8m50000000L1SIAA0","label":"Business Console-\u003ESecurity"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]

    Document Information

    Modified date:
    28 March 2024

    UID

    ibm17145329

    Page Feedback