Linux-UNIX: Copying a K-TAP module with GIM

If you build a custom K-TAP module for a Linux database server, you can use GIM to copy that module to other servers that are running the same Linux distribution. For example, you can build a K-TAP on a test system and then copy it to one or more production database servers after testing.

Before you begin

  • Verify that STAP_UPLOAD_FEATURE=1 on the database on which you are going to build the custom module. By default, the parameter STAP_UPLOAD_FEATURE is 1. The default enables automatic upload of the newly built K-TAP module to the Guardium® system that hosts the GIM server that manages the S-TAP bundle. This setting does not affect S-TAP diagnostic files. They are uploaded to the Guardium system that the S-TAP is registered with.
  • Set GIM_ALLOW_CUSTOMED_BUNDLES=1 on each DB server that you want to copy the K-TAP module to. For security reasons, this parameter must be set manually on each DB server. GIM_ALLOW_CUSTOMED_BUNDLES=1 cannot be changed from 0 to 1 in the GUI or the API. Only the operating system admin can change the value from 0 to 1 after GIM is installed. This parameter can be set to either 1 or 0 when you use the configurator utility on the DB server. This functionality is checked during the K-TAP installation (on the DB server). It is not checked while you are assigning or scheduling a bundle installation or a parameter update (like all the other parameters are validated). (You can set GIM_ALLOW_CUSTOMED_BUNDLES=0 from the Guardium system. )
  • The GIM client is installed and points to the central manager.
Note: The S-TAP bundle is always visible in the GIM GUI. However, the S-TAP console displays only the S-TAP agent if sqlguard_tapip (in guard_tap.ini) points to the same IP that is listed in the GIM configuration 'gim_url'.

If sqlguard_tapip points to a different IP address, then the S-TAP agent does not display in the S-TAP console.

About this task

The custom K-TAP module is built when you install the S-TAP on a Linux server for which no pre-built K-TAP exists for the current kernel, but only if the kernel-devel package is installed. The S-TAP bundle is visible in the GIM GUI, regardless of which appliance the S-TAP agent points to. Uploading this module initiates creation of a custom S-TAP bundle. Bundle numbers have an appended suffix that starts with _800 and increases by 1 with each additional bundle, for example BUNDLE_STAP (10.1.4_r102728_800).

Procedure

  1. Use GIM to install the S-TAP on the Linux database server. Set the parameter STAP_SQLGUARD_IP=IP of the MU. The installer determines that a custom K-TAP module is required and builds it.
  2. Transfer this bundle to other managed units:
    1. On the central manager, go to Manage > Central Management > Central Management
    2. In the table of managed units, select the managed units that you want to copy the bundle to.
    3. Click Distribute GIM bundles.
  3. Use Set up by Client to install the bundle on the managed units.