1. Cloud Native Policy Control Function Installation and Upgrade Guide
  2. Upgrading Policy Control Function

4 Upgrading Policy Control Function

This chapter describes the Policy Control Function (PCF) upgrade strategies and procedures to upgrade from PCF 1.5.x to 1.6.x.

Upgrading from PCF 1.5.x to 1.6.x

To upgrade from PCF 1.5.x to 1.6.x:

  1. Login to the server where the ssh keys are stored and SQL nodes are accessible.
  2. Connect to the SQL nodes.
  3. Login to the database as a root user.
  4. Create an admin user and grant all the permissions to the admin user by executing the following command:
    CREATE USER 'username'@'%' IDENTIFIED BY 'password';
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, ALTER, REFERENCES, INDEX ON pcf_smservice.* TO 'username'@'%';
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, ALTER, REFERENCES, INDEX ON pcf_amservice.* TO 'username'@'%';
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, ALTER, REFERENCES, INDEX ON pcf_userservice.* TO 'username'@'%';
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, ALTER, REFERENCES, INDEX ON ocpm_config_server.* TO 'username'@'%';
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, ALTER, REFERENCES, INDEX ON oc5g_audit_service.* TO 'username'@'%';
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, ALTER, REFERENCES, INDEX ON pcf_release.* TO 'username'@'%';
FLUSH PRIVILEGES;
    where:

    username is the username and password is the password for MYSQL admin user.

    For Example: In the below example "pcfadminusr" is used as username, "pcfadminpasswd" is used as password and granting all the permissions to "pcfadminusr".
    CREATE USER 'pcfadminusr'@'%' IDENTIFIED BY 'pcfadminpasswd';
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, ALTER, REFERENCES, INDEX ON pcf_smservice.* TO 'pcfadminusr'@'%';
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, ALTER, REFERENCES, INDEX ON pcf_amservice.* TO 'pcfadminusr'@'%';
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, ALTER, REFERENCES, INDEX ON pcf_userservice.* TO 'pcfadminusr'@'%';
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, ALTER, REFERENCES, INDEX ON ocpm_config_server.* TO 'pcfadminusr'@'%';
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, ALTER, REFERENCES, INDEX ON oc5g_audit_service.* TO 'pcfadminusr'@'%';
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, ALTER, REFERENCES, INDEX ON pcf_release.* TO 'pcfadminusr'@'%';
FLUSH PRIVILEGES;
  5. Execute the command, show grants for pcfadminusr, to confirm that admin user has all the permission.
  6. Run below SQL commands to create service-specific release entries for upgrade:
    CREATE DATABASE IF NOT EXISTS `pcf_release`;
CREATE TABLE IF NOT EXISTS `pcf_release`.`release_config` ( `cfg_key` varchar(255) COLLATE utf8_unicode_ci NOT NULL, `cfg_value` mediumtext COLLATE utf8_unicode_ci, PRIMARY KEY (`cfg_key`))  DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;
INSERT INTO `pcf_release`.`release_config` values('public.hook.configserver','{"currentVersion" : 100500,"rollbackVersion" : -1}');
INSERT INTO `pcf_release`.`release_config` values('public.hook.smservice','{"currentVersion" : 100500,"rollbackVersion" : -1}');
INSERT INTO `pcf_release`.`release_config` values('public.hook.amservice','{"currentVersion" : 100500,"rollbackVersion" : -1}');
INSERT INTO `pcf_release`.`release_config` values('public.hook.auditservice','{"currentVersion" : 100500,"rollbackVersion" : -1}');
INSERT INTO `pcf_release`.`release_config` values('public.hook.userservice','{"currentVersion" : 100500,"rollbackVersion" : -1}');
  7. Execute the command, select * from pcf_release.release_config;, to verify the release informtaion.
  8. Exit from database and logout from MYSQL node.
  9. Create a yaml file with the username and password with the syntax shown below: 
    apiVersion: v1
kind: Secret
metadata:
  name: pcf-admin-db-pass
type: Opaque
data:
  mysql-username: <base64 encoded mysql username>
  mysql-password: <base64 encoded mysql password>

    Note:

    The values for mysql-username and mysql-password should be base64 encoded.
  10. Add the created secret in an existing namespace which needs an upgradation
    kubectl create -f yaml_file_name -n release_namespace
    where:

    release_namespace is the deployment namespace used by the helm command.

    yaml_file_name is a name of the yaml file that is created in step 9.

  11. Update the customize ocpcf-custom-values.yaml file with the required input parameters. To customize the file, see Customizing Policy Control Function.

    Note:

    Before running the upgrade command, you should have pushed all the required Docker images for PCF release 1.5.x to the bastion server. To push the required docker images, see Installation Tasks
    1. Upgrade PCF by using helm 2 upgrade command:
      helm upgrade <release-namespace> <helm-chart> -f <custom-file>
    2. Upgrade PCF by using helm 3 upgrade command:
      helm upgrade <release-name> <helm-chart> -f <custom-file> -n <release-namespace>
      where:

      helm-chartis the location of the helm chart extracted from ocpcf-pkg-1.5.0.tgz file

      custom-file - is the name of the custom values yaml file (including location).

      Caution:

      Do not exit from "helm upgrade" manually. After running "helm install" command, it takes some time to install all the services. In the meantime, you must not press "ctrl+c" to come out from "helm upgrade" command. It leads to some anomalous behavior.
  13. Execute the following command to get status of jobs and pods:
    kubectl get jobs,pods -n <release-namespace>
    where:

    release-namespace is the name space in which to create PCF Kubernetes objects. All the PCF microservices are deployed in this kubernetes namespace.

    You will see the status as Running for all the nodes if the deployment has been done successfully.