Updating the database password secrets managed by Db2 Data Management Console

About this task

Db2 Data Management Console uses the database administration account to retrieve monitoring data through JDBC connection. If you update the database administration accounts password, ensure to update the password secrets that are managed by Db2 Data Management Console.
Variables Description
NAMESPACE The namespace where your Db2® instance is running.
DB_TYPE The database must be one of the following types:
  • db2wh
  • db2oltp
  • dv
  • bigsql
INSTANCE_ID Db2 instance identifier. For more information, see Updating the Db2 password secrets.
INSTANCE_NEW_PASSWORD The new password for the database instance.
DMC_INSTANCE_ID Db2 Data Management Console instance identifier. Run the following command to get the value for DMC_INSTANCE_ID.
oc get pods -n ${PROJECT_CPD_INSTANCE} |grep ibm-dmc |grep monitor-0 | cut -d '-' -f3
CPD_USER IBM Cloud Pak® for Data login username.
CPD_PASSWORD IBM Cloud Pak for Data login user password.
CLUSTER_ACCESSIBLE_IP IBM Cloud Pak for Data web URL.

Procedure

To update the password secrets that are managed by Db2 Data Management Console:

  1. From the home page of the IBM Cloud Pak for Data web client, on the navigation menu go to Services > Instances .
  2. On the Instances page, to open the Db2 Data Management Console instance, click Open on the overflow menu.
    The console discovers all the Db2 instances that are on the same cluster as the console.
  3. Check whether the Db2 instance with the updated password exists.
    • If the Db2 instance (db2inst1) with the updated password exists, do the following steps:
      1. Run the following kubectl commands from your command line to update the password in the secret object.
        kubectl patch -n NAMESPACE secret/DB_TYPE-INSTANCE_ID \
        -p $"{\"data\":{\"password\": \"$(echo INSTANCE_NEW_PASSWORD | base64)\"}}"
      2. The Db2 Data Management Console credential cache is refreshed every ten minutes. Therefore, you must wait for a minimum of ten minutes for the new password to take effect.

        To make the password change take effect immediately in Db2 Data Management Console, you can delete the monitor pod by using the following command:

        oc delete pod ibm-dmc-DMC_INSTANCE_ID-monitor-0 -n ${PROJECT_CPD_INSTANCE}
        However, if multiple databases are managed in Db2 Data Management Console, the monitor functions for all the databases might be impacted when a monitor pod is deleted and brought back to function.
        Note: If the connection to the Db2 database fails because the user is account locked out, complete steps 3 to 4 in Updating the password secrets.
    • If the Db2 instance (db2inst1) with the updated password does not exist, do the following steps:
      1. Run the following command to get TOKEN.
        curl --location --request GET 'https://CLUSTER_ACCESSIBLE_IP/v1/preauth/validateAuth' --header 'Content-Type: application/json' --header 'username: CPD_USER' --header 'password: CPD_PASSWORD' --insecure
      2. Run the following command to get the values for SUB_TYPE and DISPLAY_NAME.
        curl --location --request GET 'https://CLUSTER_ACCESSIBLE_IP/zen-data/v3/service_instances/INSTANCE_ID' --header 'Content-Type: application/json' --header 'Authorization: Bearer TOKEN' --insecure
      3. Run the following command to add database profile.
        Note: Call the following API only if the status of Db2 Data Management Console instance is running in IBM Cloud Pak for Data.
        curl --location --request POST 'https://CLUSTER_ACCESSIBLE_IP/addon-dmc/v1/profiles' --insecure --header 'Authorization: Bearer TOKEN' --header 'Content-Type: application/json' --data '{"dbInstanceId":"INSTANCE_ID",
         "display_name": "DISPLAY_NAME",
         "host":"c-DB_TYPE-INSTANCE_ID-db2u-engn-svc",
         "databaseName":"BLUDB",
         "dbType":"DB_TYPE",
         "port":50001,
         "plan":"SUB_TYPE",
         "sslConnection":true,
         "sslCertLocation":"/opt/ibm-datasrvrmgr/Config/DB_TYPE-internal-tls/ca.crt",
         "collectionCred":
           {"user":"db2inst1",
            "password":"INSTANCE_NEW_PASSWORD",
            "securityMechanism":"9"}}'