$ oc -n rhacs-operator delete subscription rhacs-operator
×
Upgrading by using the Operator
Upgrades through the Red Hat Advanced Cluster Security for Kubernetes (RHACS) Operator are performed automatically or manually, depending on the Update approval option you chose at installation.
If you installed RHACS using the Operator and selected Automatic in the Update approval field, RHACS is automatically updated when a new software version is released. If you selected Manual, you must approve subsequent Operator updates by using Operator Lifecycle Manager (OLM). For more information, see Manually approving a pending Operator update.
To roll back an Operator upgrade, you must perform the steps described in one of the following sections. You can roll back an Operator upgrade by using the CLI or the OpenShift Container Platform web console.
Rolling back an Operator upgrade by using the CLI
You can roll back the Operator version by using CLI commands.
Procedure
-
Delete the OLM subscription by running the following command:
-
For OpenShift Container Platform, run the following command:
-
For Kubernetes, run the following command:
$ kubectl -n rhacs-operator delete subscription rhacs-operator
-
-
Delete the cluster service version (CSV) by running the following command:
-
For OpenShift Container Platform, run the following command:
$ oc -n rhacs-operator delete csv -l operators.coreos.com/rhacs-operator.rhacs-operator -
For Kubernetes, run the following command:
$ kubectl -n rhacs-operator delete csv -l operators.coreos.com/rhacs-operator.rhacs-operator
-
-
Determine the previous version you want to roll back to by choosing one of the following options:
-
If the current Central instance is running, query the RHACS API to get the rollback version by running the following command:
$ curl -k -s -u <user>:<password> https://<central hostname>/v1/centralhealth/upgradestatus | jq -r .upgradeStatus.forceRollbackTo -
If the current Central instance is not running, perform the following steps:
This procedure can only be used for RHACS release 3.74 and earlier when the
rocksdbdatabase is installed.-
Ensure the Central deployment is scaled down by running the following command:
-
For OpenShift Container Platform, run the following command:
$ oc scale -n <central namespace> –replicas=0 deploy/central -
For Kubernetes, run the following command:
$ kubectl scale -n <central namespace> –replicas=0 deploy/central
-
-
Save the following pod spec as a YAML file:
apiVersion: v1 kind: Pod metadata: name: get-previous-db-version spec: containers: - name: get-previous-db-version image: registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8:<rollback version> command: - sh args: - '-c' - "cat /var/lib/stackrox/.previous/migration_version.yaml | grep '^image:' | cut -f 2 -d : | tr -d ' '" volumeMounts: - name: stackrox-db mountPath: /var/lib/stackrox volumes: - name: stackrox-db persistentVolumeClaim: claimName: stackrox-db -
Create a pod in your Central namespace by running the following command using the YAML file that you saved:
-
For OpenShift Container Platform, run the following command:
$ oc create -n <central namespace> -f pod.yaml -
For Kubernetes, run the following command:
$ kubectl create -n <central namespace> -f pod.yaml
-
-
After pod creation is complete, get the version by running the following command:
-
For OpenShift Container Platform, run the following command:
$ oc logs -n <central namespace> get-previous-db-version -
For Kubernetes, run the following command:
$ kubectl logs -n <central namespace> get-previous-db-version
-
-
-
-
Edit the
central-config.yamlConfigMapto set themaintenance.forceRollBackVersion:<version>parameter by running the following command:-
For OpenShift Container Platform, run the following command:
$ oc get configmap -n <central namespace> central-config -o yaml | sed -e "s/forceRollbackVersion: none/forceRollbackVersion: <version>/" | oc -n <central namespace> apply -f - -
For Kubernetes, run the following command:
$ kubectl get configmap -n <central namespace> central-config -o yaml | sed -e "s/forceRollbackVersion: none/forceRollbackVersion: <version>/" | kubectl -n <central namespace> apply -f -
-
-
Set the image for the Central deployment using the version string shown in Step 3 as the image tag. For example, run the following command:
-
For OpenShift Container Platform, run the following command:
$ oc set image -n <central namespace> deploy/central central=registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8:<version> -
For Kubernetes, run the following command:
$ kubectl set image -n <central namespace> deploy/central central=registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8:<version>
-
Verification
-
Ensure that the Central pod starts and has a
readystatus. If the pod crashes, check the logs to see if the backup was restored. A successful log message appears similar to the following example:Clone to Migrate ".previous", ""
-
Reinstall the Operator on the rolled back channel. For example,
3.71.3is installed on therhacs-3.71channel.
Rolling back an Operator upgrade by using the web console
You can roll back the Operator version by using the OpenShift Container Platform web console.
Prerequisites
-
You have access to an OpenShift Container Platform cluster web console using an account with
cluster-adminpermissions.
Procedure
-
Navigate to the Operators → Installed Operators page.
-
Locate the RHACS Operator and click on it.
-
On the Operator Details page, select Uninstall Operator from the Actions list. Following this action, the Operator stops running and no longer receives updates.
-
Determine the previous version you want to roll back to by choosing one of the following options:
-
If the current Central instance is running, you can query the RHACS API to get the rollback version by running the following command from a terminal window:
$ curl -k -s -u <user>:<password> https://<central hostname>/v1/centralhealth/upgradestatus | jq -r .upgradeStatus.forceRollbackTo -
You can create a pod and extract the previous version by performing the following steps:
This procedure can only be used for RHACS release 3.74 and earlier when the
rocksdbdatabase is installed.-
Navigate to Workloads → Deployments → central.
-
Under Deployment details, click the down arrow next to the pod count to scale down the pod.
-
Navigate to Workloads → Pods → Create Pod and paste the contents of the pod spec as shown in the following example into the editor:
apiVersion: v1 kind: Pod metadata: name: get-previous-db-version spec: containers: - name: get-previous-db-version image: registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8:<rollback version> command: - sh args: - '-c' - "cat /var/lib/stackrox/.previous/migration_version.yaml | grep '^image:' | cut -f 2 -d : | tr -d ' '" volumeMounts: - name: stackrox-db mountPath: /var/lib/stackrox volumes: - name: stackrox-db persistentVolumeClaim: claimName: stackrox-db -
Click Create.
-
After the pod is created, click the Logs tab to get the version string.
-
-
-
Update the rollback configuration by performing the following steps:
-
Navigate to Workloads → ConfigMaps → central-config and select Edit ConfigMap from the Actions list.
-
Find the
forceRollbackVersionline in the value of thecentral-config.yamlkey. -
Replace
nonewith3.73.3, and then save the file.
-
-
Update Central to the earlier version by performing the following steps:
-
Navigate to Workloads → Deployments → central and select Edit Deployment from the Actions list.
-
Update the image name, and then save the changes.
-
Verification
-
Ensure that the Central pod starts and has a
readystatus. If the pod crashes, check the logs to see if the backup was restored. A successful log message appears similar to the following example:Clone to Migrate ".previous", ""
-
Reinstall the Operator on the rolled back channel. For example,
3.71.3is installed on therhacs-3.71channel.