Chapter 1. Migrating your data during an upgrade
With the release of Red Hat Trusted Profile Analyzer (RHTPA) version 1.2, we implemented a new schema for ingested software bill of materials (SBOM) and vulnerability exploitability exchange (VEX) data. Before upgrading, you must configure the RHTPA 1.2 values file to do a data migration to this new schema for your SBOM and VEX data. This data migration happens during the upgrade process to RHTPA version 1.2.
Prerequisites
- Installation of RHTPA 1.1.2 on Red Hat OpenShift.
- A new PostgreSQL database.
-
A workstation with the
oc, andhelmbinaries installed.
Procedure
On your workstation, open a terminal, and log in to OpenShift by using the command-line interface:
Syntax
oc login --token=TOKEN --server=SERVER_URL_AND_PORTExample
$ oc login --token=sha256~ZvFDBvoIYAbVECixS4-WmkN4RfnNd8Neh3y1WuiFPXC --server=https://example.com:6443
NoteYou can find your login token and URL from the OpenShift web console to use on the command line. Log in to the OpenShift web console. Click your user name, and click Copy login command. Offer your user name and password again, and click Display Token to view the command.
Export the RHTPA project namespace:
Syntax
export NAMESPACE=RHTPA_NAMESPACEExample
$ export NAMESPACE=trusted_profile_analyzer
Verify that the RHTPA 1.1.2 installation is in the project namespace:
Example
$ helm list -n $NAMESPACE
Uninstall RHTPA 1.1.2:
Example
$ helm uninstall redhat-trusted-profile-analyzer -n $NAMESPACE
Open for editing the RHTPA 1.2 values file, and change the following things:
- Reference the new PostgreSQL database instance.
- Reference the same simple storage service (S3) storage used for version 1.1.2.
- Reference the same messaging queues used for version 1.1.2.
Set the
modules.vexinationCollector.recollectVEXandmodules.bombasticCollector.recollectSBOMoptions to a value oftrue.NoteSee the Deployment Guide appendixes for value file templates used with RHTPA deployments on OpenShift.
Start the upgrade by using the updated RHTPA 1.2 Helm chart for OpenShift:
Syntax
helm install redhat-trusted-profile-analyzer openshift-helm-charts/redhat-trusted-profile-analyzer -n $NAMESPACE --values PATH_TO_VALUES_FILE --set-string appDomain=$APP_DOMAIN_URLExample
$ helm install redhat-trusted-profile-analyzer openshift-helm-charts/redhat-trusted-profile-analyzer -n $NAMESPACE --values values-rhtpa.yaml --set-string appDomain=$APP_DOMAIN_URL
NoteYou can run this Helm chart many times to apply the currently configured state from the values file.
Verify the data migration was successful.
View the SBOM and VEX indexer logs, looking for the
Reindexing all documentsandReindexing finishedmessages:Example
$ oc logs bombastic-indexer -n $NAMESPACE $ oc logs vexination-indexer -n $NAMESPACE
You will also see the following error messages:
Error syncing index: Open("Schema error: 'An index exists but the schema does not match.'"), keeping old Error loading initial index: Open("Schema error: 'An index exists but the schema does not match.'")Because of this schema mismatch, the
bombastic-collectorandvexination-collectorpods start the recollect containers to gather all the existing SBOM and VEX data. Bothrecollect-sbomandrecollect-vexinit-containers should complete and stop successfully. Once the migration finishes, you can see all your existing SBOM and VEX data in RHTPA console.
