After you upgrade your Db2®
Warehouse service to Cloud Pak for Data 3.5.0, you need to migrate the secure sockets
layer (SSL) certificate so that Db2
Warehouse uses the new Cloud Pak for Data certificate.
About this task
This procedure is only required when you upgrade the Db2
Warehouse service. For new Db2
Warehouse deployments on Cloud Pak for Data 3.5.0, you can download the correct SSL
certificate while you are deploying Db2
Warehouse by clicking
Download SSL Certificate on the Access Information section of the database
details page. You then install the certificate.
Procedure
-
Exec into the Db2
Warehouse
pod and run the following command to disable the Wolverine high availability monitoring
process:
wvcli system disable -m "Stop HA"
-
Rename the backup folder for the SSL key store:
sudo mv ${SSL_KEYSTORELOC}.bak ${SSL_KEYSTORELOC}.v300
-
As Db2
Warehouse instance
owner, deactivate the database, stop Db2
Warehouse, and clean up IPC
resources:
su - db2inst1
db2 deactivate db bludb
db2stop force
rah 'ipclean -a'
-
Clear the contents of the Db2
Warehouse SSL key store location:
sudo rm -fr ${SSL_KEYSTORELOC}/*
-
Reconfigure the Db2
Warehouse
SSL to use the Cloud Pak for Data SSL certificate:
/bin/bash -c 'source /db2u/scripts/include/db2_ssl_functions.sh && setup_db2_ssl'
-
Start Db2
Warehouse, activate
the database, and exit out of the Db2
Warehouse instance owner shell.
db2start
db2 activate db bludb
exit
-
From the Db2
Warehouse default
user, shell re-enable Wolverine and confirm that the high availability monitor reports Db2
Warehouse status to be
UP
:
wvcli system enable -m "Start HA after SSL cert update"
wvcli system ds
You should see results that are similar to the following
example:
+-----+----------------------------------------------------------------------+------+--------+
| MLN | Node | Port | Status |
+-----+----------------------------------------------------------------------+------+--------+
| 0 | c-db2wh-1604525501384-db2u-0.c-db2oltp-1604525501384-db2u-internal | 0 | UP |
+-----+----------------------------------------------------------------------+------+--------+