After you enable and activate replication, you need to use the replication REST API to
trust the target and exchange SSL certificates between the source and target systems.
About this task
This task can be performed on the cluster host after you have added the
replication target. You must collect the following information before running the
curl commands:
- Target database host name
- Target database user name
- Target database user password
- Target replication REST API server external port number
- Source database host name
- Source database user name
- Source database user password
- Source replication REST API server external port number
Perform these steps at the replication source database.
Note: Replication must run in Security Enhanced Linux (SELinux) enforcing mode.
Procedure
-
Run the following curl command to prompt the source to trust the target:
- curl -X --insecure POST "https://source_hostname:{source_rest_external_port}/dr/v2/target/trust-target?targetEnvironment=DB2U-db2oltp" -H "accept: application/json" -H "Content-Type: application/json" -d "{ "targetDatabaseHost": "{target_hostname}", "targetDatabaseUsername": "{user_name}", "targetDatabasePassword": "{password}", "targetRestServerPort": {target_rest_external_port}"
To find the REST external port number, run the following
command:
oc get svc -n ${PROJECT_CPD_INSTANCE} | grep db2oltp
The
results should be similar to the following
example:
[root@api.db2u-dr4.cp.fyre.ibm.com ~]# oc get svc | grep db2
c-db2oltp-1630636239936781-db2u ClusterIP 172.30.56.242 <none> 50000/TCP,50001/TCP,25000/TCP,25001/TCP,25002/TCP,25003/TCP,25004/TCP,25005/TCP 33d
c-db2oltp-1630636239936781-db2u-engn-svc NodePort 172.30.33.105 <none> 50000:30350/TCP,50001:31715/TCP 33d
c-db2oltp-1630636239936781-db2u-internal ClusterIP None <none> 50000/TCP,9443/TCP,50052/TCP 33d
c-db2oltp-1630636239936781-etcd ClusterIP None <none> 2379/TCP,2380/TCP 33d
c-db2oltp-1630636239936781-qrep-mq-svc NodePort 172.30.91.42 <none> 1414:31535/TCP,1415:31667/TCP 33d
c-db2oltp-1630636239936781-qrep-rest-svc NodePort 172.30.89.122 <none> 9444:31313/TCP
Look
for the
c-instance-ID-qrep-rest-svc
entry. The value in the
right column contains the replication port number, which in this example is
9444:31313/TCP
. The
31313
portion is the replication port
number.
-
The following curl command exchanges the db2 ssl certificate between the source and target
databases.
Upon successful completion of this command, the
replication REST API server is restarted after 60 seconds on both the source and target replication
containers.
- curl -X --insecure PUT "https://{source_hostname}:{source_rest_external_port}/dr/v1/target/configure_db2_ssl/{source_database_name}/{target_database_name}/{target_db2_ssl_external_port}/BLUDB/{target_rest_external_port}?restartOption=Y" -H "accept: application/json" -H "Content-Type: application/json" -d "{ "dbUsername": "target_database_user_name", "dbPassword": "{password}"}"
The restart might take up to 10 minutes.
Verify if
the replication REST API server is active by running the following
commands:
oc exec -i {<source_replication_podname>} -- /opt/ibm/bludr/scripts/bin/bludr-status.sh
oc exec -i {<target_replication_podname>} -- /opt/ibm/bludr/scripts/bin/bludr-status.sh
-
Schedule the Db2 source and target servers to be restarted for the exchanged
certificates to take effect inside the source and target Db2 pods.