Chapter 1. Migrating your data before an upgrade

Procedure

1. On your workstation, open a terminal, and log in to OpenShift by using the command-line interface:

   Syntax

   oc login --token=TOKEN --server=SERVER_URL_AND_PORT

   Example

   $ oc login --token=sha256~ZvFDBvoIYAbVECixS4-WmkN4RfnNd8Neh3y1WuiFPXC --server=https://example.com:6443

   Note

   You can find your login token and URL from the OpenShift web console to use on the command line. Log in to the OpenShift web console. Click your user name, and click Copy login command. Offer your user name and password again, and click Display Token to view the command.

2. Export the RHTPA project namespace:

   Syntax

   export NAMESPACE=RHTPA_NAMESPACE

   Example

   $ export NAMESPACE=trusted_profile_analyzer

3. Verify that the RHTPA 1.1.2 installation is in the project namespace:

   Example

   $ helm list -n $NAMESPACE

4. Uninstall RHTPA 1.1.2:

   Example

   $ helm uninstall redhat-trusted-profile-analyzer -n $NAMESPACE

5. Open for editing the RHTPA 1.2 values file, and change the following things:

   • Reference the new PostgreSQL database instance.
   • Reference the same simple storage service (S3) storage used for version 1.1.2.
   • Reference the same messaging queues used for version 1.1.2.

   • Set the modules.vexinationCollector.recollectVEX and modules.bombasticCollector.recollectSBOM options to a value of true.

     Note

     See the Deployment Guide appendixes for value file templates used with RHTPA deployments on OpenShift.

6. Start the upgrade by using the updated RHTPA 1.2 Helm chart for OpenShift:

   Syntax

   helm install redhat-trusted-profile-analyzer openshift-helm-charts/redhat-trusted-profile-analyzer -n $NAMESPACE --values PATH_TO_VALUES_FILE --set-string appDomain=$APP_DOMAIN_URL

   Example

   $ helm install redhat-trusted-profile-analyzer openshift-helm-charts/redhat-trusted-profile-analyzer -n $NAMESPACE --values values-rhtpa.yaml --set-string appDomain=$APP_DOMAIN_URL

   Note

   You can run this Helm chart many times to apply the currently configured state from the values file.

7. Verify the data migration was successful.

   1. View the SBOM and VEX indexer logs, looking for the Reindexing all documents and Reindexing finished messages:

      Example

      $ oc logs bombastic-indexer -n $NAMESPACE
      $ oc logs vexination-indexer -n $NAMESPACE

      You will also see the following error messages:

      Error syncing index: Open("Schema error: 'An index exists but the schema does not match.'"), keeping old
      Error loading initial index: Open("Schema error: 'An index exists but the schema does not match.'")

      Because of this schema mismatch, the bombastic-collector and vexination-collector pods start the recollect containers to gather all the existing SBOM and VEX data. Both recollect-sbom and recollect-vex init-containers should complete and stop successfully. Once the migration finishes, you can see all your existing SBOM and VEX data in RHTPA console.