This is a cache of https://docs.openshift.com/acs/3.73/upgrading/upgrade-operator.html. It is a snapshot of the page at 2024-11-26T17:38:10.302+0000.
Upgrading using the Operator | Upgrading | Red Hat Advanced Cluster Security for Kubernetes 3.73
×

Upgrades through the Red Hat Advanced Cluster Security for Kubernetes (RHACS) Operator are performed automatically or manually, depending on the Update approval option you chose at installation.

If you installed RHACS using the Operator and selected Automatic in the Update approval field, RHACS is automatically updated when a new software version is released. If you selected Manual, you must approve subsequent Operator updates by using Operator Lifecycle Manager (OLM). For more information, see Manually approving a pending Operator update.

To roll back an Operator upgrade, you must perform the steps described in one of the following sections. You can roll back an Operator upgrade by using the CLI or the OpenShift Container Platform web console.

Rolling back an Operator upgrade by using the CLI

You can roll back the Operator version by using CLI commands.

Procedure
  1. Delete the OLM subscription by running the following command:

    • For OpenShift Container Platform, run the following command:

      $ oc -n rhacs-operator delete subscription rhacs-operator
    • For Kubernetes, run the following command:

      $ kubectl -n rhacs-operator delete subscription rhacs-operator
  2. Delete the cluster service version (CSV) by running the following command:

    • For OpenShift Container Platform, run the following command:

      $ oc -n rhacs-operator delete csv -l operators.coreos.com/rhacs-operator.rhacs-operator
    • For Kubernetes, run the following command:

      $ kubectl -n rhacs-operator delete csv -l operators.coreos.com/rhacs-operator.rhacs-operator
  3. Determine the previous version you want to roll back to by choosing one of the following options:

    • If the current Central instance is running, query the RHACS API to get the rollback version by running the following command:

      $ curl -k -s -u <user>:<password> https://<central hostname>/v1/centralhealth/upgradestatus | jq -r .upgradeStatus.forceRollbackTo
    • If the current Central instance is not running, perform the following steps:

      This procedure can only be used for RHACS release 3.74 and earlier when the rocksdb database is installed.

      1. Ensure the Central deployment is scaled down by running the following command:

        • For OpenShift Container Platform, run the following command:

          $ oc scale -n <central namespace> –replicas=0 deploy/central
        • For Kubernetes, run the following command:

          $ kubectl scale -n <central namespace> –replicas=0 deploy/central
      2. Save the following pod spec as a YAML file:

        apiVersion: v1
        kind: Pod
        metadata:
          name: get-previous-db-version
        spec:
          containers:
          - name: get-previous-db-version
            image: registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8:<rollback version>
            command:
            - sh
            args:
            - '-c'
            - "cat /var/lib/stackrox/.previous/migration_version.yaml | grep '^image:' | cut -f 2 -d : | tr -d ' '"
            volumeMounts:
            - name: stackrox-db
              mountPath: /var/lib/stackrox
          volumes:
          - name: stackrox-db
            persistentVolumeClaim:
              claimName: stackrox-db
      3. Create a pod in your Central namespace by running the following command using the YAML file that you saved:

        • For OpenShift Container Platform, run the following command:

          $ oc create -n <central namespace> -f pod.yaml
        • For Kubernetes, run the following command:

          $ kubectl create -n <central namespace> -f pod.yaml
      4. After pod creation is complete, get the version by running the following command:

        • For OpenShift Container Platform, run the following command:

          $ oc logs -n <central namespace> get-previous-db-version
        • For Kubernetes, run the following command:

          $ kubectl logs -n <central namespace> get-previous-db-version
  4. Edit the central-config.yaml ConfigMap to set the maintenance.forceRollBackVersion:<version> parameter by running the following command:

    • For OpenShift Container Platform, run the following command:

      $ oc get configmap -n <central namespace> central-config -o yaml | sed -e "s/forceRollbackVersion: none/forceRollbackVersion: <version>/" | oc -n <central namespace> apply -f -
    • For Kubernetes, run the following command:

      $ kubectl get configmap -n <central namespace> central-config -o yaml | sed -e "s/forceRollbackVersion: none/forceRollbackVersion: <version>/" | kubectl -n <central namespace> apply -f -
  5. Set the image for the Central deployment using the version string shown in Step 3 as the image tag. For example, run the following command:

    • For OpenShift Container Platform, run the following command:

      $ oc set image -n <central namespace> deploy/central central=registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8:<version>
    • For Kubernetes, run the following command:

      $ kubectl set image -n <central namespace> deploy/central central=registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8:<version>
Verification
  1. Ensure that the Central pod starts and has a ready status. If the pod crashes, check the logs to see if the backup was restored. A successful log message appears similar to the following example:

    Clone to Migrate ".previous", ""
  2. Reinstall the Operator on the rolled back channel. For example, 3.71.3 is installed on the rhacs-3.71 channel.

Rolling back an Operator upgrade by using the web console

You can roll back the Operator version by using the OpenShift Container Platform web console.

Prerequisites
  • You have access to an OpenShift Container Platform cluster web console using an account with cluster-admin permissions.

Procedure
  1. Navigate to the OperatorsInstalled Operators page.

  2. Locate the RHACS Operator and click on it.

  3. On the Operator Details page, select Uninstall Operator from the Actions list. Following this action, the Operator stops running and no longer receives updates.

  4. Determine the previous version you want to roll back to by choosing one of the following options:

    • If the current Central instance is running, you can query the RHACS API to get the rollback version by running the following command from a terminal window:

      $ curl -k -s -u <user>:<password> https://<central hostname>/v1/centralhealth/upgradestatus | jq -r .upgradeStatus.forceRollbackTo
    • You can create a pod and extract the previous version by performing the following steps:

      This procedure can only be used for RHACS release 3.74 and earlier when the rocksdb database is installed.

      1. Navigate to Workloadsdeploymentscentral.

      2. Under deployment details, click the down arrow next to the pod count to scale down the pod.

      3. Navigate to WorkloadsPodsCreate Pod and paste the contents of the pod spec as shown in the following example into the editor:

        apiVersion: v1
        kind: Pod
        metadata:
          name: get-previous-db-version
        spec:
          containers:
          - name: get-previous-db-version
            image: registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8:<rollback version>
            command:
            - sh
            args:
            - '-c'
            - "cat /var/lib/stackrox/.previous/migration_version.yaml | grep '^image:' | cut -f 2 -d : | tr -d ' '"
            volumeMounts:
            - name: stackrox-db
              mountPath: /var/lib/stackrox
          volumes:
          - name: stackrox-db
            persistentVolumeClaim:
              claimName: stackrox-db
      4. Click Create.

      5. After the pod is created, click the Logs tab to get the version string.

  5. Update the rollback configuration by performing the following steps:

    1. Navigate to WorkloadsConfigMapscentral-config and select Edit ConfigMap from the Actions list.

    2. Find the forceRollbackVersion line in the value of the central-config.yaml key.

    3. Replace none with 3.73.3, and then save the file.

  6. Update Central to the earlier version by performing the following steps:

    1. Navigate to Workloadsdeploymentscentral and select Edit deployment from the Actions list.

    2. Update the image name, and then save the changes.

Verification
  1. Ensure that the Central pod starts and has a ready status. If the pod crashes, check the logs to see if the backup was restored. A successful log message appears similar to the following example:

    Clone to Migrate ".previous", ""
  2. Reinstall the Operator on the rolled back channel. For example, 3.71.3 is installed on the rhacs-3.71 channel.