The Db2 Data Gate server pod cannot be started

One or more containers in the Db2 Data Gate server pod (group of containers) do not start.

Symptoms

The start of one or more containers in the server pod fails. The result is that the Db2 Data Gate server pod cannot be started as a whole.

Causes

The containers lack a required privilege (mkfifo) on the shared Db2 storage.

Diagnosing the problem

  1. Check the Db2 Data Gate server pod by running the appropriate command as user root from the command-line of the machine where Cloud Pak for Data is installed. Example:
    oc get po|grep dg
dg-1591613435477-data-gate-64d8bb54dc-2t687

    To use this example, replace the Db2 Data Gate instance ID dg-1591613435477-data-gate-64d8bb54dc-2t687 with your Db2 Data Gate instance ID.

    The command output shows you how many containers in the pod were started, out of the total number of containers. You might, for example, see a response like this
    0/4     Init:Error

    This means that the pod consists of four containers, and that none of these could be started.

  2. Show the log of the pod by running the following command:
    oc logs dg-1591654351332-data-gate-ccf779c9b-r9jvb -c config-db2u

    If you see an output like the following, it means that one or more containers do not have sufficient mkfifo privileges on the shared storage:

    + (( 1 != 1 ))
+ id=db2oltp-1591653032619
+ db2uPodID=db2oltp-1591653032619-db2u-0
++ date
Mon Jun  8 22:12:49 UTC 2020: Config db2 instance db2oltp-1591653032619-db2u-0
+ echo 'Mon Jun  8 22:12:49 UTC 2020: Config db2 instance db2oltp-1591653032619-db2u-0'
+ oc cp /home/dwaadmin/config_db2u db2oltp-1591653032619-db2u-0:/tmp
+ oc exec -it db2oltp-1591653032619-db2u-0 -- bash -c 'su - db2inst1 -c '\''cp -r /tmp/config_db2u /mnt/blumeta0/home/db2inst1/'\'''
Unable to use a TTY - input is not a terminal or the right kind of file
++ date
Mon Jun  8 22:12:56 UTC 2020: Copy config_db2u to db2oltp-1591653032619-db2u-0
+ echo 'Mon Jun  8 22:12:56 UTC 2020: Copy config_db2u to db2oltp-1591653032619-db2u-0'
+ oc exec -it db2oltp-1591653032619-db2u-0 -- bash -c 'su - db2inst1 -c '\''cd /mnt/blumeta0/home/db2inst1/config_db2u; ./check_storage_cfg.sh db2oltp-1591653032619-db2u-0'\'''
Unable to use a TTY - input is not a terminal or the right kind of file
Storage is not configured correctly for DataGate
mkfifo: cannot create fifo 'dg_pipe': Permission denied
command terminated with exit code 1
+ (( 1!=0 ))
+ exit 1

Resolving the problem

  1. See Requirements for Db2 on SELinux. The same instructions also apply to Db2 Warehouse.
  2. Create a SELinux policy module according to the instructions on the website and install it on all of the nodes that are hosting Db2 or Db2 Warehouse.

    For NFS and Portworx storage, add the following rule to the module:

    module db2u-nfs 1.0;

require {
  type nfs_t;
  type container_t;
  class fifo_file { create open read unlink write ioctl getattr setattr };
}

allow container_t nfs_t:fifo_file { create open read unlink write ioctl getattr setattr };

    For Portworx, also add sharedv4: "true" to the storage class definition.

    For OpenShift® Container Storage, add the following rule to the module:
    module db2u-cephfs 1.0;

require {
	type cephfs_t;
	type container_t;
	class fifo_file { create open read unlink write ioctl getattr setattr };
}

#============= container_t ==============
allow container_t cephfs_t:fifo_file { create open read unlink write ioctl getattr setattr };
  3. After installing the module, delete your current Db2 Data Gate instances and re-create these.