Because of issues discovered with AzureFile and RabbitMQ, it is necessary to create a new custom StorageClass when upgrading to Black Duck 2021.2.1.
For customers who have installs managed by synopsysctl
, a fresh install is required, targeting existing Persistent Volumes.
1. If your StorageClass doesn't set retention by default, set the retention policy to retain
for all required PersistentVolumes
if this hasn't already been done:
kubectl get pv | awk '/pvc/{print$1}' | xargs -I{} kubectl patch pv {} -p '{"spec":{"persistentVolumeReclaimPolicy":"Retain"}}' |
2. Create the required StorageClass to facilitate the new pod
kind: StorageClass apiVersion: storage.k8s.io/v1 metadata: name: bd-rabbitmq-azurefile provisioner: kubernetes.io/azure-file reclaimPolicy: Retain mountOptions: - dir_mode=0700 - file_mode=0700 - uid=100 - gid=101 - mfsymlinks - cache=strict - actimeo=30 parameters: skuName: Standard_LRS |
3. Scale the RabbitMQ
deployment to 0 so that the existing PersistentVolume can be removed
kubectl scale deploy <release-name>-blackduck-rabbitmq --replicas=0 |
4. Remove the current PVC for rabbitmq
kubectl delete pvc <pvc-id> |
5. Remove the current PV for rabbitmq
kubectl delete pv <pv-id> |
6. Create the securityContext.json and pvcResources.json files, which will do the following:
a. Generates a podSecurityContext for the RabbitMQ
pod
b. Generates a PVC Resources file which re-binds to existing PersistentVolumes
and creates a new PV with the custom StorageClass
{ "rabbitmq": { "fsGroup": 101, "runAsUser": 100 } } |
[ { "name": "rabbitmq", "size": "2Gi", "storageClass": "bd-rabbitmq-azurefile" }, { "name": "blackduck-cfssl", "size": "2Gi", "storageClass": "azurefile", "volumeName": "pvc-d774108d-f0f9-4848-8149-48954bc5fffc" }, { "name": "blackduck-registration", "size": "2Gi", "storageClass": "azurefile", "volumeName": "pvc-c965680b-c8dd-4a3d-b06c-23c73c6f7fac" }, { "name": "blackduck-authentication", "size": "2Gi", "storageClass": "azurefile", "volumeName": "pvc-9cda7de0-f49a-45b4-98b4-1d8ec5de95a0" }, { "name": "blackduck-webapp", "size": "2Gi", "storageClass": "azurefile", "volumeName": "pvc-98b9e63e-335e-447a-bfb0-60edf013b54f" }, { "name": "blackduck-logstash", "size": "20Gi", "storageClass": "azurefile", "volumeName": "pvc-f38c8486-3d8e-4918-a29e-173d1e4eb746" }, { "name": "blackduck-uploadcache-data", "size": "100Gi", "storageClass": "azurefile", "volumeName": "pvc-aa539cd4-3045-4817-a8cf-03a1a3a4e1a2" } ] |
Note that the The RabbitMQ element does not have a |
7. Execute a delete blackduck command on your current install
./synopsysctl delete blackduck <release-name> -n <namespace> |
8. Your PV's will now show up with a status of RELEASED
. Run the following command to put them into an AVAILABLE
state so that we can rebind them.
kubectl get pv | awk '/pvc/{print$1}' | xargs -I{} kubectl patch pv {} -p '{"spec":{"claimRef": null}}' |
9. Run the synopsysctl install
command to bind the changes, making sure to configure the parameters to your existing configuration.
./synopsysctl create blackduck <release-name> \ ... ... --version 2021.2.1 \ --security-context-file-path securityContext.json \ --pvc-file-path pvcResources.json \ |
10. Verify that a new PV and PVC have been created for rabbitmq with a storageClass of bd-rabbitmq-azurefile
kubectl get pvc |
11. Scale the rabbitmq
deployment to 0 and back to 1 as shown in step 3.
The bomengine should reconnect successfully. This can be verified by running the following command to interrogate rabbitmqctl
kubectl get po -o=name | awk '/blackduck-rabbitmq/{print$0}' | xargs -I{} kubectl exec {} -- sh -c "export RABBITMQ_CTL_ERL_ARGS=\"-proto_dist inet_tls\" && rabbitmqctl list_queues --vhost blackduck" |
You should see an output similar to the following:
Listing queues for vhost blackduck ... name messages bd-data-bom-bomengine-hub-k8s-blackduck-bomengine-7c9dcf7f6f-jj8l5-1 0 bd-data-bom-bomengine-hub-k8s-blackduck-bomengine-7c9dcf7f6f-jj8l5-3 0 bd-data-scan-bomengine-hub-k8s-blackduck-bomengine-7c9dcf7f6f-jj8l5-1 0 bd-data-bom-bomengine-hub-k8s-blackduck-bomengine-7c9dcf7f6f-jj8l5-5 0 bd-data-bom-bomengine-hub-k8s-blackduck-bomengine-7c9dcf7f6f-jj8l5-2 0 bd-data-bom-bomengine-hub-k8s-blackduck-bomengine-7c9dcf7f6f-jj8l5-4 0 bd-data-scan-bomengine-hub-k8s-blackduck-bomengine-7c9dcf7f6f-jj8l5-2 0 bd-dead-letter 0 |