Registry Services requirements
Registry Services has requirements in addition to the primary Registry Services requirements.
- Registry Services application
- Ensure that your localhost network address resolves to an IPV6
address if required. Edit the /etc/hosts file
and uncomment the relevant line, for example:
Also ensure that the file resolves to the canonical domain name and IP address for your host machines.::1 localhost ipv6-localhost ipv6-loopback
- Ensure that your localhost network address resolves to an IPV6
address if required. Edit the /etc/hosts file
and uncomment the relevant line, for example:
- Registry Services database
- Ensure that Open Secure Shell (OpenSSH)
is set up and the sshd process is running. To set up OpenSSH, complete
the following steps:
- On the database server on which DB2® is
installed, uncomment the following entries in the ssh configuration
files.
File: /etc/ssh/ssh_config Port 22 Protocol 2 File: /etc/ssh/sshd_config PermitRootLogin yes PasswordAuthentication no
- Set up public key-based authentication. Public key-based authentication
enables a single user ID to log in as that same user ID on each host
machine for the DB2 instance
without being prompted for a password. Public key-based authentication
must be enabled for the root ID to use passwordless SSH.
If the user ID has a ~/.ssh directory, ensure that it does not allow group or other write access. Ensure that the home directory for the user does not allow group or other write access. SSH views this situation as a security exposure and if the directory permissions are not restrictive enough, it does not allow public key-based authentication.
An existing ~/.ssh directory is not required as the ssh-keygen command creates this directory if it does not exist and sets up the appropriate access.
From your ~/.ssh directory, generate a public key/private key pair:$ ssh-keygen -t dsa
When prompted for input, press Enter to accept the default value. Ensure that no passphrase is entered otherwise SSH challenges each authentication attempt and expects the same passphrase as a response from the user. However, DB2 does not allow remote shell utilities to prompt for additional verification. This action generates two new files in the ~/.ssh directory, id_dsa (the private key) and id_dsa.pub (the public key) for DSA encryption.
- You must generate the public key on each host machine for the DB2 instance and append the contents of each public key from each host to a single file called authorized_keys. Then, copy the authorized_keys file to the user's $HOME/.ssh directory on each host machine and run the chmod 644 authorized_keys command.
- On the database server on which DB2® is
installed, uncomment the following entries in the ssh configuration
files.
- Ensure that the expect package is installed on the Jazz™ for Service Management database. The expect.base package is shipped as a file set on the installation media of the AIX® version 6.1.2 or later. You can also download the expect-5.42.1-4.aix6.1.ppc.rpm package from the tcltk directory on IBM® AIX Toolbox FTP site. To install the expect package, you must first install the rpm package manager, rpm.rte. You can download this package from the IBM AIX Toolbox download information page.