Migrating to another instance with an internal database
You can migrate IBM® OpenPages® for IBM Cloud Pak for Data from one instance to another with an internal database.
Procedure
- In your source environment, log in to your Red Hat®
OpenShift® cluster as a project
administrator:
oc login OpenShift_URL:port
- Change to the project where OpenPages is installed:
oc project <Project>
- Back up the encryption keys and secrets in the source environment. Do these steps so that the backup files can be decrypted in the target environment and so that the target environment has the same secrets as the source environment.
- Log in to the database server pod. Do one of the following steps:
- Run the following
command:
oc exec -it c-db2oltp-<*>-db2u-0 -- /bin/bash
To find the name of the pod, run
oc get sts
and look for a name with the patternc-db2oltp-*-db2u-0
.For example,
c-db2oltp-1601355983782494-db2u-0
- Or, in the OpenShift console, go to the Db2® server pod and open a terminal.
- Run the following
command:
- Switch to the
db2inst1
user by running the following command:su - db2inst1
- Locate the encryption keys by running the following command:
gsk8capicmd_64 -cert -list -db /mnt/blumeta0/db2/keystore/keystore.p12 -stashed
Look for a result that is similar to the following text:* default, - personal, ! trusted, # secret key # DB2_SYSGEN_db2inst1_OPX_2020-10-19-17.51.55_81D83D47 # DB2_SYSGEN_db2inst1_OPX_2020-10-19-17.56.05_AF8AC2F5
- Extract the keys from the keystore by running the following command:
gsk8capicmd_64 -secretkey -extract -db /mnt/blumeta0/db2/keystore/keystore.p12 -stashed -target <label>.sec -format pkcs12 -label <label>
- Note the <label> of each key. You need this information later.
- Log in to the database server pod.
- Run the following commands. Note the secret that is returned by each command. You need
this information later.
oc get secret openpages-instance_name-platform-secret -o jsonpath="{.data.encryption-key-pw}" oc get secret openpages-instance_name-platform-secret -o jsonpath="{.data.keystore-pw}" oc get secret openpages-instance_name-platform-secret -o jsonpath="{.data.opsystem-pw}"
In addition, you can migrate the initial secrets for the out-of-the-box user accounts. Do this, for example, if you did not change the initial password of a user account and you want to migrate the initial secret to your new instance. To get the secret, run the following command for each secret that you want to migrate:oc get secret openpages-instance_name-initialpw-secret -o jsonpath="{.data.<user name>}"
Replace the following values:
Variable Replace with <instance_name> The name of your Red Hat OpenShift instance. <user name> A user account The encoded password of the account is displayed. Save the password. - Back up your source environment by doing an offline backup. See Configuring OpenPages.
- Copy the backup files to the target environment.
- Copy the database backup to the /mnt/backup directory in the database server pod.
- Copy the extracted encryption key files to the database server pod.
- Copy the op_backup_<timestamp>.zip file from step 5 to one of the application server pods and place it in the /opt/ibm/OpenPages/openpages-backup-restore directory.
- Move all other op_backup_<timestamp>.zip files to a subfolder under /opt/ibm/OpenPages/openpages-backup-restore.
- In your target environment, log in to your Red Hat
OpenShift cluster as a project
administrator:
oc login OpenShift_URL:port
- Change to the project where OpenPages is installed:
oc project <Project>
- Import the encryption keys to the target environment.
- Log in to the database server pod. Do one of the following steps:
- Run the following
command:
oc exec -it c-db2oltp-<*>-db2u-0 -- /bin/bash
To find the name of the pod, run
oc get sts
and look for a name with the patternc-db2oltp-*-db2u-0
.For example,
c-db2oltp-1601355983782494-db2u-0
- Or, in the OpenShift console, go to the Db2 server pod and open a terminal.
- Run the following
command:
- Switch to the
db2inst1
user by running the following command:su - db2inst1
- Import the encryption keys by running the following command for each key:
The <label> must match the <label> from the source environment.
gsk8capicmd_64 -secretkey -add -db /mnt/blumeta0/db2/keystore/keystore.p12 -stashed -label <label> -format pkcs12 -file <key file path>
For example:gsk8capicmd_64 -secretkey -add -db /mnt/blumeta0/db2/keystore/keystore.p12 -stashed -label DB2_SYSGEN_db2inst1_OPX_2020-10-12-20.09.20_9F1D9078 -format pkcs12 -file /tmp/seckey/DB2_SYSGEN_db2inst1_OPX_2020-10-12-20.09.20_9F1D9078.sec
- Log in to the database server pod.
- Scale to 1 replica.
oc scale --replicas=1 sts/openpages-<instance_name>-sts
To find the name of the StatefulSet (
sts
), runoc get sts
and look for a name that starts withopenpages-
. For example,openpages-opinst-sts
- Log in to the application server pod and open a
terminal.
oc exec -it openpages-<instance_name>-sts-0 -- /bin/bash
To find the pod name, run
oc get sts
and look for a name that starts withopenpages-
. - Go to the /opt/ibm/OpenPages/openpages-backup-restore directory.
- Locate the op_backup_<timestamp>.zip file that you copied from your source environment. Use this file in step 14.
- Restore the backup.
- Get the database password by running the following command:
export OPDB_PASSWORD="$(cat "${SECRETS_PATH}/op-db-secret/openpage-pw")"
- Run the following commands:
cd /opt/ibm/OpenPages/aurora/bin ./OPRestore.sh <backup_filename_without_the_file_extension>
For example:cd /opt/ibm/OpenPages/aurora/bin export OPDB_PASSWORD="$(cat "${SECRETS_PATH}/op-db-secret/openpage-pw")" ./OPRestore.sh op_backup_2023_01_20_21_43_04
- Get the database password by running the following command:
- Stop the application server pods.
- Scale down to 0 replicas.
oc scale --replicas=0 sts/openpages-<instance_name>-sts
To find the name of the StatefulSet (
sts
), runoc get sts
and look for a name that starts withopenpages-
. For example,openpages-instance_name-sts
- Wait until all application server pods are deleted.
- Scale down to 0 replicas.
- Log in to the database server pod. Do one of the following steps:
- Run the following
command:
oc exec -it c-db2oltp-<*>-db2u-0 -- /bin/bash
To find the name of the pod, run
oc get sts
and look for a name with the patternc-db2oltp-*-db2u-0
.For example,
c-db2oltp-1601355983782494-db2u-0
- Or, in the Red Hat OpenShift console, go to the Db2 server pod and open a terminal.
- Run the following
command:
- Restore the database. Do the steps in the following task: Restoring a Db2 database.
- Replace the database name
BLUDB
withOPX
. - Replace
backup_dir
with /mnt/backup
Do the steps in the following task: Restoring a Db2 database.- Replace the database name
BLUDB
withOPX
. - Replace
backup_dir
with /mnt/backup
For more information, see Restoring an encrypted backup image to a different system with a local key manager
- Replace the database name
- Restore the secrets into the target environment.
- Log in to your Red Hat
OpenShift
cluster as a project administrator:
oc login OpenShift_URL:port
- Change to the project where OpenPages is installed:
oc project <Project>
- Run the following command:
oc edit secrets openpages-<instance_name>-platform-secret
- Update the values for each secret based on the values in your source
environment. For more information, see Secrets in the Kubernetes documentation.
- If you want to restore the initial secrets for the out-of-the-box user accounts, run
the following command:
oc edit secrets openpages-<instance_name>-initialpw-secret
Do this, for example, if you did not change the initial password of an out-of-the-box user account and you want to migrate the account's initial secret from your old instance to your new instance.
- Log in to your Red Hat
OpenShift
cluster as a project administrator:
- Scale up to the number of replicas you want to use for the application
server by running the following command:
oc scale --replicas=<#_of_replicas> sts/openpages-<instance_name>-sts
Replace the following values:
Variable Replace with <#_of_replicas> Specify the number of replicas. Can be 1 or more.
<StatefulSet_name> Specify the name of the StatefulSet for the application. To find the name of the StatefulSet, run
oc get sts
and look for a name that starts withopenpages-
.For example,
openpages-opinst-sts