Chapter 1. Upgrading by using the Operator

Procedure

1. Delete the OLM subscription by running the following command:

   • For OpenShift Container Platform, run the following command:

     $ oc -n rhacs-operator delete subscription rhacs-operator

   • For Kubernetes, run the following command:

     $ kubectl -n rhacs-operator delete subscription rhacs-operator

2. Delete the cluster service version (CSV) by running the following command:

   • For OpenShift Container Platform, run the following command:

     $ oc -n rhacs-operator delete csv -l operators.coreos.com/rhacs-operator.rhacs-operator

   • For Kubernetes, run the following command:

     $ kubectl -n rhacs-operator delete csv -l operators.coreos.com/rhacs-operator.rhacs-operator

3. Determine the previous version you want to roll back to by choosing one of the following options:

   • If the current Central instance is running, query the RHACS API to get the rollback version by running the following command:

     $ curl -k -s -u <user>:<password> https://<central hostname>/v1/centralhealth/upgradestatus | jq -r .upgradeStatus.forceRollbackTo

   • If the current Central instance is not running, perform the following steps:

     Note

     This procedure can only be used for RHACS release 3.74 and earlier when the rocksdb database is installed.

     1. Ensure the Central deployment is scaled down by running the following command:

        • For OpenShift Container Platform, run the following command:

          $ oc scale -n <central namespace> –replicas=0 deploy/central

        • For Kubernetes, run the following command:

          $ kubectl scale -n <central namespace> –replicas=0 deploy/central

     2. Save the following pod spec as a YAML file:

        apiVersion: v1
        kind: Pod
        metadata:
          name: get-previous-db-version
        spec:
          containers:
          - name: get-previous-db-version
            image: registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8:<rollback version>
            command:
            - sh
            args:
            - '-c'
            - "cat /var/lib/stackrox/.previous/migration_version.yaml | grep '^image:' | cut -f 2 -d : | tr -d ' '"
            volumeMounts:
            - name: stackrox-db
              mountPath: /var/lib/stackrox
          volumes:
          - name: stackrox-db
            persistentVolumeClaim:
              claimName: stackrox-db

     3. Create a pod in your Central namespace by running the following command using the YAML file that you saved:

        • For OpenShift Container Platform, run the following command:

          $ oc create -n <central namespace> -f pod.yaml

        • For Kubernetes, run the following command:

          $ kubectl create -n <central namespace> -f pod.yaml

     4. After pod creation is complete, get the version by running the following command:

        • For OpenShift Container Platform, run the following command:

          $ oc logs -n <central namespace> get-previous-db-version

        • For Kubernetes, run the following command:

          $ kubectl logs -n <central namespace> get-previous-db-version

4. Edit the central-config.yaml ConfigMap to set the maintenance.forceRollBackVersion:<version> parameter by running the following command:

   • For OpenShift Container Platform, run the following command:

     $ oc get configmap -n <central namespace> central-config -o yaml | sed -e "s/forceRollbackVersion: none/forceRollbackVersion: <version>/" | oc -n <central namespace> apply -f -

   • For Kubernetes, run the following command:

     $ kubectl get configmap -n <central namespace> central-config -o yaml | sed -e "s/forceRollbackVersion: none/forceRollbackVersion: <version>/" | kubectl -n <central namespace> apply -f -

5. Set the image for the Central deployment using the version string shown in Step 3 as the image tag. For example, run the following command:

   • For OpenShift Container Platform, run the following command:

     $ oc set image -n <central namespace> deploy/central central=registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8:<version>

   • For Kubernetes, run the following command:

     $ kubectl set image -n <central namespace> deploy/central central=registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8:<version>

Verification

1. Ensure that the Central pod starts and has a ready status. If the pod crashes, check the logs to see if the backup was restored. A successful log message appears similar to the following example:

   Clone to Migrate ".previous", ""

2. Reinstall the Operator on the rolled back channel. For example, 3.71.3 is installed on the rhacs-3.71 channel.

Procedure

1. Navigate to the Operators Installed Operators page.
2. Locate the RHACS Operator and click on it.
3. On the Operator Details page, select Uninstall Operator from the Actions list. Following this action, the Operator stops running and no longer receives updates.

4. Determine the previous version you want to roll back to by choosing one of the following options:

   • If the current Central instance is running, you can query the RHACS API to get the rollback version by running the following command from a terminal window:

     $ curl -k -s -u <user>:<password> https://<central hostname>/v1/centralhealth/upgradestatus | jq -r .upgradeStatus.forceRollbackTo

   • You can create a pod and extract the previous version by performing the following steps:

     Note

     This procedure can only be used for RHACS release 3.74 and earlier when the rocksdb database is installed.

     1. Navigate to Workloads Deployments central.
     2. Under Deployment details, click the down arrow next to the pod count to scale down the pod.

     3. Navigate to Workloads Pods Create Pod and paste the contents of the pod spec as shown in the following example into the editor:

        apiVersion: v1
        kind: Pod
        metadata:
          name: get-previous-db-version
        spec:
          containers:
          - name: get-previous-db-version
            image: registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8:<rollback version>
            command:
            - sh
            args:
            - '-c'
            - "cat /var/lib/stackrox/.previous/migration_version.yaml | grep '^image:' | cut -f 2 -d : | tr -d ' '"
            volumeMounts:
            - name: stackrox-db
              mountPath: /var/lib/stackrox
          volumes:
          - name: stackrox-db
            persistentVolumeClaim:
              claimName: stackrox-db

     4. Click Create.
     5. After the pod is created, click the Logs tab to get the version string.

5. Update the rollback configuration by performing the following steps:

   1. Navigate to Workloads ConfigMaps central-config and select Edit ConfigMap from the Actions list.
   2. Find the forceRollbackVersion line in the value of the central-config.yaml key.
   3. Replace none with 3.73.3, and then save the file.

6. Update Central to the earlier version by performing the following steps:

   1. Navigate to Workloads Deployments central and select Edit Deployment from the Actions list.
   2. Update the image name, and then save the changes.

Verification

1. Ensure that the Central pod starts and has a ready status. If the pod crashes, check the logs to see if the backup was restored. A successful log message appears similar to the following example:

   Clone to Migrate ".previous", ""

2. Reinstall the Operator on the rolled back channel. For example, 3.71.3 is installed on the rhacs-3.71 channel.