Linux-UNIX: Activating and deactivating A-TAP on all nodes of a Db2 Cluster

Learn how to activate and deactivate A-TAP on the nodes of a Db2 cluster that share a Db2 cluster.

About this task

Activate A-TAP to capture encrypted traffic and shared memory traffic in Linux.

Procedure

  1. Authorize Db2 user on all nodes by running the following command.
    <guardium_base>/xxx/guardctl authorize-user <user-name>
    In the following example, user db2inst1 is authorized.
    # /usr/local/guardium/bin/guardctl authorize-user db2inst1
    # /usr/local/guardium/bin/guardctl is_user_authorized db2inst1
  2. Configure A-TAP on all nodes.
  3. Shut down the active node (node 1).
  4. Activate A-TAP on node 1 by running the following command.
    <guardium_base>/xxx/guardctl db_instance=<instance> activate
    In the following example, db2inst1 is node 1 and it is activated.
    # /usr/local/guardium/guard_stap/guardctl db_instance=db2inst1 activate
    # /usr/local/guardium/guard_stap/guardctl list-active
  5. After you activate A-TAP on the original db2 server on node 1, do the following tasks:
    1. Restore the original Db2 server on node 1 so that other nodes can activate A-TAP. (All nodes share the executable).
    2. In the Db2 adm directory, copy db2sysc-guard-original over db2sysc (make a copy of each first and set them aside) by running the following command.
      # > cp db2sysc-guard-original db2sysc
  6. Delete db2sysc-guard-original (otherwise, it fails activation on node 2) by running the following command.
    # rm -rf db2sysc-guard-original
  7. Move cluster resources to node 2 by running the following command.
    # pcs resource move resource_id <destination node>
  8. Activate A-TAP on node 2. This step creates the libraries on node 2 and replaces db2sysc-guard-original.
    The following examples show the status for each node:

    Node 1:

    # /usr/local/guardium/guard_stap/guardctl list-active
    db2inst1
    Node 2:
    # /usr/local/guardium/guard_stap/guardctl list-active
    db2inst1

Deactivating A-TAP on the nodes of a Db2 Cluster

Deactivate A-TAP on the active and passive nodes of a Db2 cluster when you upgrade the database or an S-TAP agent.

Procedure

  1. Log in to the active node (node1).
  2. Shutdown the Db2 instance.
  3. Deactivate A-TAP on node 1.
    For example:
    # /usr/local/guardium/guard_stap/guardctl db_instance=db2inst1 deactivate
  4. Deactivate A-TAP on all passive nodes by using the force option.
    For example:
    /usr/local/guardium/guard_stap/guardctl db_instance=db2inst1 --force-action=yes deactivate