Migrating to another instance with an internal database

You can migrate IBM® OpenPages® for IBM Cloud Pak for Data from one instance to another with an internal database.

Procedure

  1. In your source environment, log in to your Red Hat® OpenShift® cluster as a project administrator:
    oc login OpenShift_URL:port
  2. Change to the project where OpenPages is installed:
    oc project <Project>
  3. Back up the encryption keys and secrets in the source environment.
    Do these steps so that the backup files can be decrypted in the target environment and so that the target environment has the same secrets as the source environment.
    1. Log in to the database server pod.
      Do one of the following steps:
      • Run the following command:
        oc exec -it c-db2oltp-<*>-db2u-0 -- /bin/bash

        To find the name of the pod, run oc get sts and look for a name with the pattern c-db2oltp-*-db2u-0.

        For example, c-db2oltp-1601355983782494-db2u-0

      • Or, in the OpenShift console, go to the Db2® server pod and open a terminal.
    2. Switch to the db2inst1 user by running the following command:
      su - db2inst1
    3. Locate the encryption keys by running the following command:
      gsk8capicmd_64 -cert -list -db /mnt/blumeta0/db2/keystore/keystore.p12 -stashed
      Look for a result that is similar to the following text:
      * default, - personal, ! trusted, # secret key
      #       DB2_SYSGEN_db2inst1_OPX_2020-10-19-17.51.55_81D83D47
      #       DB2_SYSGEN_db2inst1_OPX_2020-10-19-17.56.05_AF8AC2F5
      
    4. Extract the keys from the keystore by running the following command:
      gsk8capicmd_64 -secretkey -extract -db /mnt/blumeta0/db2/keystore/keystore.p12 -stashed -target <label>.sec -format pkcs12 -label <label>
    5. Note the <label> of each key. You need this information later.
  4. Run the following commands. Note the secret that is returned by each command. You need this information later.
    oc get secret openpages-instance_name-platform-secret -o jsonpath="{.data.encryption-key-pw}"
    oc get secret openpages-instance_name-platform-secret -o jsonpath="{.data.keystore-pw}"
    oc get secret openpages-instance_name-platform-secret -o jsonpath="{.data.opsystem-pw}"
    In addition, you can migrate the initial secrets for the out-of-the-box user accounts. Do this, for example, if you did not change the initial password of a user account and you want to migrate the initial secret to your new instance. To get the secret, run the following command for each secret that you want to migrate:
    oc get secret openpages-instance_name-initialpw-secret -o jsonpath="{.data.<user name>}"

    Replace the following values:

    Variable Replace with
    <instance_name> The name of your Red Hat OpenShift instance.
    <user name> A user account
    The encoded password of the account is displayed. Save the password.
  5. Back up your source environment by doing an offline backup. See Configuring OpenPages.
  6. Copy the backup files to the target environment.
    • Copy the database backup to the /mnt/backup directory in the database server pod.
    • Copy the extracted encryption key files to the database server pod.
    • Copy the op_backup_<timestamp>.zip file from step 5 to one of the application server pods and place it in the /opt/ibm/OpenPages/openpages-backup-restore directory.
    • Move all other op_backup_<timestamp>.zip files to a subfolder under /opt/ibm/OpenPages/openpages-backup-restore.
  7. In your target environment, log in to your Red Hat OpenShift cluster as a project administrator:
    oc login OpenShift_URL:port
  8. Change to the project where OpenPages is installed:
    oc project <Project>
  9. Import the encryption keys to the target environment.
    1. Log in to the database server pod.
      Do one of the following steps:
      • Run the following command:
        oc exec -it c-db2oltp-<*>-db2u-0 -- /bin/bash

        To find the name of the pod, run oc get sts and look for a name with the pattern c-db2oltp-*-db2u-0.

        For example, c-db2oltp-1601355983782494-db2u-0

      • Or, in the OpenShift console, go to the Db2 server pod and open a terminal.
    2. Switch to the db2inst1 user by running the following command:
      su - db2inst1
    3. Import the encryption keys by running the following command for each key:

      The <label> must match the <label> from the source environment.

      gsk8capicmd_64 -secretkey -add -db /mnt/blumeta0/db2/keystore/keystore.p12 -stashed -label <label> -format pkcs12 -file <key file path>
      For example:
      gsk8capicmd_64 -secretkey -add -db /mnt/blumeta0/db2/keystore/keystore.p12 -stashed -label DB2_SYSGEN_db2inst1_OPX_2020-10-12-20.09.20_9F1D9078 -format pkcs12 -file /tmp/seckey/DB2_SYSGEN_db2inst1_OPX_2020-10-12-20.09.20_9F1D9078.sec
  10. Scale to 1 replica.
    oc scale --replicas=1 sts/openpages-<instance_name>-sts

    To find the name of the StatefulSet (sts), run oc get sts and look for a name that starts with openpages-. For example, openpages-opinst-sts

  11. Log in to the application server pod and open a terminal.
    oc exec -it openpages-<instance_name>-sts-0 -- /bin/bash

    To find the pod name, run oc get sts and look for a name that starts with openpages-.

  12. Go to the /opt/ibm/OpenPages/openpages-backup-restore directory.
  13. Locate the op_backup_<timestamp>.zip file that you copied from your source environment. Use this file in step 14.
  14. Restore the backup.
    1. Get the database password by running the following command:
      export OPDB_PASSWORD="$(cat "${SECRETS_PATH}/op-db-secret/openpage-pw")"
    2. Run the following commands:
      cd /opt/ibm/OpenPages/aurora/bin
      ./OPRestore.sh <backup_filename_without_the_file_extension> 
    For example:
    cd /opt/ibm/OpenPages/aurora/bin
    export OPDB_PASSWORD="$(cat "${SECRETS_PATH}/op-db-secret/openpage-pw")"
    ./OPRestore.sh op_backup_2023_01_20_21_43_04
  15. Stop the application server pods.
    1. Scale down to 0 replicas.
      oc scale --replicas=0 sts/openpages-<instance_name>-sts

      To find the name of the StatefulSet (sts), run oc get sts and look for a name that starts with openpages-. For example, openpages-instance_name-sts

    2. Wait until all application server pods are deleted.
  16. Log in to the database server pod.
    Do one of the following steps:
    • Run the following command:
      oc exec -it c-db2oltp-<*>-db2u-0 -- /bin/bash

      To find the name of the pod, run oc get sts and look for a name with the pattern c-db2oltp-*-db2u-0.

      For example, c-db2oltp-1601355983782494-db2u-0

    • Or, in the Red Hat OpenShift console, go to the Db2 server pod and open a terminal.
  17. Restore the database.
    Do the steps in the following task: Restoring a Db2 database.
    • Replace the database name BLUDB with OPX.
    • Replace backup_dir with /mnt/backup
    Do the steps in the following task: Restoring a Db2 database.
    • Replace the database name BLUDB with OPX.
    • Replace backup_dir with /mnt/backup

    For more information, see Restoring an encrypted backup image to a different system with a local key manager

  18. Restore the secrets into the target environment.
    1. Log in to your Red Hat OpenShift cluster as a project administrator:
      oc login OpenShift_URL:port
    2. Change to the project where OpenPages is installed:
      oc project <Project>
    3. Run the following command:
      oc edit secrets openpages-<instance_name>-platform-secret
    4. Update the values for each secret based on the values in your source environment.
      For more information, see Secrets in the Kubernetes documentation.
    5. If you want to restore the initial secrets for the out-of-the-box user accounts, run the following command:
       oc edit secrets openpages-<instance_name>-initialpw-secret

      Do this, for example, if you did not change the initial password of an out-of-the-box user account and you want to migrate the account's initial secret from your old instance to your new instance.

  19. Scale up to the number of replicas you want to use for the application server by running the following command:
    oc scale --replicas=<#_of_replicas> sts/openpages-<instance_name>-sts

    Replace the following values:

    Variable Replace with
    <#_of_replicas> Specify the number of replicas.

    Can be 1 or more.

    <StatefulSet_name> Specify the name of the StatefulSet for the application.

    To find the name of the StatefulSet, run oc get sts and look for a name that starts with openpages-.

    For example, openpages-opinst-sts