Db2 or Db2 Warehouse persistent storage requirements for NFS

For NFS version 3 you must create an SELinux policy module and install it on all of the nodes that are hosting Db2 requirements for persistent storage on SELinux.

Note: If your deployment uses the restricted-v2 SCC, commands that require switching users or elevated privileges are not supported. Perform all steps as the Db2 instance user within the container. For more information, see Deploying Db2 or Db2 Warehouse with non-root deployment.
  1. Add the following code to the db2u-nfs.te file and save the file to your desired location:
    module db2u-nfs 1.0;
require {
  type nfs_t;
  type container_t;
  class fifo_file { create open read unlink write ioctl getattr setattr };
}
allow container_t nfs_t:fifo_file { create open read unlink write ioctl getattr setattr };
  2. Transform the db2u-nfs.te file into the db2u-nfs.mod module file by following these steps:
    1. Ensure that the checkpolicy package is installed. If the package is not installed you will get this error:
      -bash: checkmodule: command not found

      To install the package, run this command:

      sudo yum install -y checkpolicy
    2. Run the following command to transform the db2u-nfs.te file:
      checkmodule -M -m -o db2u-nfs.mod db2u-nfs.te
  3. Compile the module file db2u-nfs.mod into the policy package file db2u-nfs.pp:
    semodule_package -o db2u-nfs.pp -m db2u-nfs.mod
  4. Install the policy package:
    semodule -i db2u-nfs.pp
  5. To confirm that the package was installed, you can run the following command:
    semodule -l

    The SE Linux module db2u-nfs should be shown.

Note: Only Step 4 is necessary to install the SELinux policy. You can perform the first three steps on a single node and transfer the policy package file db2u-nfs.pp to all of the other nodes and install it.
NFS version 3 is the only supported version for Db2 or Db2 Warehouse. You must run the following command to create the NFS storage class:
cat <<EOF |oc apply -f -
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
  name: ${NFS_STORAGE_CLASS}
provisioner: nfs-client-provisioner
parameters:
  archiveOnDelete: "false"
mountOptions:
- nfsvers=3
- nolock
EOF