About this task
Db2 Data Management
Console uses the database administration account to retrieve monitoring data
through JDBC connection. If you update the database administration accounts password, ensure to
update the password secrets that are managed by Db2 Data Management
Console.
Variables |
Description |
NAMESPACE |
The namespace where your Db2® instance is
running. |
DB_TYPE |
The database must be one of the following types:
|
INSTANCE_ID |
Db2 instance identifier. For more information, see
Updating the Db2
password secrets. |
INSTANCE_NEW_PASSWORD
|
The new password for the database instance. |
DMC_INSTANCE_ID |
Db2 Data Management
Console instance identifier. Run the following command to get the value for
DMC_INSTANCE_ID .oc get pods -n ${PROJECT_CPD_INSTANCE} |grep ibm-dmc |grep monitor-0 | cut -d '-' -f3
|
CPD_USER |
IBM Cloud Pak® for Data login username. |
CPD_PASSWORD |
IBM Cloud Pak for Data login user
password. |
CLUSTER_ACCESSIBLE_IP |
IBM Cloud Pak for Data web URL. |
Procedure
To update the password secrets that are managed by Db2 Data Management
Console:
- From the home page of the IBM Cloud Pak for Data
web client, on the navigation menu go to .
- On the Instances page, to open the Db2 Data Management
Console instance,
click Open on the overflow menu.
The console discovers all the Db2
instances that are on the same cluster as the console.
- Check whether the Db2 instance with the updated
password exists.
- If the Db2 instance (
db2inst1
) with
the updated password exists, do the following steps:
- Run the following kubectl commands from your command line to update the
password in the secret
object.
kubectl patch -n NAMESPACE secret/DB_TYPE-INSTANCE_ID \
-p $"{\"data\":{\"password\": \"$(echo INSTANCE_NEW_PASSWORD | base64)\"}}"
- The Db2 Data Management
Console credential cache is refreshed every ten minutes. Therefore, you must
wait for a minimum of ten minutes for the new password to take effect.
To make the password
change take effect immediately in Db2 Data Management
Console, you can delete the monitor pod by using the
following command:
oc delete pod ibm-dmc-DMC_INSTANCE_ID-monitor-0 -n ${PROJECT_CPD_INSTANCE}
However,
if multiple databases are managed in Db2 Data Management
Console, the monitor functions for all the
databases might be impacted when a monitor pod is deleted and brought back to function. Note: If the
connection to the Db2 database fails because the user is
account locked out, complete steps 3 to 4 in
Updating the
password secrets.
- If the Db2 instance (
db2inst1
) with
the updated password does not exist, do the following steps:
- Run the following command to get
TOKEN
.curl --location --request GET 'https://CLUSTER_ACCESSIBLE_IP/v1/preauth/validateAuth' --header 'Content-Type: application/json' --header 'username: CPD_USER' --header 'password: CPD_PASSWORD' --insecure
- Run the following command to get the values for
SUB_TYPE
and
DISPLAY_NAME
.curl --location --request GET 'https://CLUSTER_ACCESSIBLE_IP/zen-data/v3/service_instances/INSTANCE_ID' --header 'Content-Type: application/json' --header 'Authorization: Bearer TOKEN' --insecure
- Run the following command to add database profile.
Note: Call the following API only if the
status of Db2 Data Management
Console instance is running in IBM
Cloud Pak for
Data.
curl --location --request POST 'https://CLUSTER_ACCESSIBLE_IP/addon-dmc/v1/profiles' --insecure --header 'Authorization: Bearer TOKEN' --header 'Content-Type: application/json' --data '{"dbInstanceId":"INSTANCE_ID",
"display_name": "DISPLAY_NAME",
"host":"c-DB_TYPE-INSTANCE_ID-db2u-engn-svc",
"databaseName":"BLUDB",
"dbType":"DB_TYPE",
"port":50001,
"plan":"SUB_TYPE",
"sslConnection":true,
"sslCertLocation":"/opt/ibm-datasrvrmgr/Config/DB_TYPE-internal-tls/ca.crt",
"collectionCred":
{"user":"db2inst1",
"password":"INSTANCE_NEW_PASSWORD",
"securityMechanism":"9"}}'