4 Upgrading Policy Control Function
This chapter describes the Policy Control Function (PCF) upgrade strategies and procedures to upgrade from PCF 1.5.x to 1.6.x.
Upgrading from PCF 1.5.x to 1.6.x
To upgrade from PCF 1.5.x to 1.6.x:
- Login to the server where the ssh keys are stored and SQL nodes are accessible.
- Connect to the SQL nodes.
- Login to the database as a root user.
- Create an admin user and grant all the permissions
to the admin user by executing the following
command:
where:CREATE USER 'username'@'%' IDENTIFIED BY 'password'; GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, ALTER, REFERENCES, INDEX ON pcf_smservice.* TO 'username'@'%'; GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, ALTER, REFERENCES, INDEX ON pcf_amservice.* TO 'username'@'%'; GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, ALTER, REFERENCES, INDEX ON pcf_userservice.* TO 'username'@'%'; GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, ALTER, REFERENCES, INDEX ON ocpm_config_server.* TO 'username'@'%'; GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, ALTER, REFERENCES, INDEX ON oc5g_audit_service.* TO 'username'@'%'; GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, ALTER, REFERENCES, INDEX ON pcf_release.* TO 'username'@'%'; FLUSH PRIVILEGES;
username is the username and password is the password for MYSQL admin user.
For Example: In the below example "pcfadminusr" is used as username, "pcfadminpasswd" is used as password and granting all the permissions to "pcfadminusr".CREATE USER 'pcfadminusr'@'%' IDENTIFIED BY 'pcfadminpasswd'; GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, ALTER, REFERENCES, INDEX ON pcf_smservice.* TO 'pcfadminusr'@'%'; GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, ALTER, REFERENCES, INDEX ON pcf_amservice.* TO 'pcfadminusr'@'%'; GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, ALTER, REFERENCES, INDEX ON pcf_userservice.* TO 'pcfadminusr'@'%'; GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, ALTER, REFERENCES, INDEX ON ocpm_config_server.* TO 'pcfadminusr'@'%'; GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, ALTER, REFERENCES, INDEX ON oc5g_audit_service.* TO 'pcfadminusr'@'%'; GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, ALTER, REFERENCES, INDEX ON pcf_release.* TO 'pcfadminusr'@'%'; FLUSH PRIVILEGES;
- Execute the command,
show grants for pcfadminusr
, to confirm that admin user has all the permission. - Run below SQL commands to create service-specific release entries for
upgrade:
CREATE DATABASE IF NOT EXISTS `pcf_release`; CREATE TABLE IF NOT EXISTS `pcf_release`.`release_config` ( `cfg_key` varchar(255) COLLATE utf8_unicode_ci NOT NULL, `cfg_value` mediumtext COLLATE utf8_unicode_ci, PRIMARY KEY (`cfg_key`)) DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci; INSERT INTO `pcf_release`.`release_config` values('public.hook.configserver','{"currentVersion" : 100500,"rollbackVersion" : -1}'); INSERT INTO `pcf_release`.`release_config` values('public.hook.smservice','{"currentVersion" : 100500,"rollbackVersion" : -1}'); INSERT INTO `pcf_release`.`release_config` values('public.hook.amservice','{"currentVersion" : 100500,"rollbackVersion" : -1}'); INSERT INTO `pcf_release`.`release_config` values('public.hook.auditservice','{"currentVersion" : 100500,"rollbackVersion" : -1}'); INSERT INTO `pcf_release`.`release_config` values('public.hook.userservice','{"currentVersion" : 100500,"rollbackVersion" : -1}');
- Execute the command,
select * from pcf_release.release_config;
, to verify the release informtaion. - Exit from database and logout from MYSQL node.
- Create a yaml file with the username and password with the syntax shown below:
apiVersion: v1 kind: Secret metadata: name: pcf-admin-db-pass type: Opaque data: mysql-username: <base64 encoded mysql username> mysql-password: <base64 encoded mysql password>
Note:
The values for mysql-username and mysql-password should be base64 encoded. - Add the created secret in an existing namespace which needs an
upgradation
where:kubectl create -f yaml_file_name -n release_namespace
release_namespace is the deployment namespace used by the helm command.
yaml_file_name is a name of the yaml file that is created in step 9.
- Update the customize ocpcf-custom-values.yaml file with the required input parameters. To
customize the file, see Customizing Policy Control Function.
Note:
Before running the upgrade command, you should have pushed all the required Docker images for PCF release 1.5.x to the bastion server. To push the required docker images, see Installation Tasks -
- Upgrade PCF by using helm 2 upgrade
command:
helm upgrade <release-namespace> <helm-chart> -f <custom-file>
- Upgrade PCF by using helm 3 upgrade
command:
where:helm upgrade <release-name> <helm-chart> -f <custom-file> -n <release-namespace>
helm-chartis the location of the helm chart extracted from ocpcf-pkg-1.5.0.tgz file
custom-file - is the name of the custom values yaml file (including location).
Caution:
Do not exit from "helm upgrade" manually. After running "helm install" command, it takes some time to install all the services. In the meantime, you must not press "ctrl+c" to come out from "helm upgrade" command. It leads to some anomalous behavior.
- Upgrade PCF by using helm 2 upgrade
command:
- Execute the following command to get status of jobs and
pods:
where:kubectl get jobs,pods -n <release-namespace>
release-namespace is the name space in which to create PCF Kubernetes objects. All the PCF microservices are deployed in this kubernetes namespace.
You will see the status as Running for all the nodes if the deployment has been done successfully.