Version 1.0.22.1 release notes (April 2020)
Version 1.0.22.1 replaces version 1.0.22.0, fixing switch firmware, Call Home and node recovery issues. The list of features and improvements is the same as in 1.0.22.0, including upgrade, backup and restore, support tools enhancements and more.
- Version 1.0.22.1 replaces version 1.0.22.0, fixing the following issues:
- Switch firmware breaking console, SNMP, alerts.
- Call Home issues. Alerts for which logs other than general were collected wouldn't get accepted by Call Home and PMRs weren't raised for them. This applies to both automatically and manually filed PMRs.
- Node recovery issues on multi-rack HA. When a node was disabled and rebooted, there was a risk of the GPFS filesystems partitions not being mounted from the OS point of view. Due to this, the recovery was not triggered.
- If you are on IAS 1.0.22.0, upgrade to version 1.0.22.1. The upgrade will be complete in about 60 to 90 minutes.
What's new
- apupgrade
-
- Added a --security option which applies only security related fixes on top of a full release. The base IAS version cannot go back more than 3 full versions. The --essentials and --security features are interdependent. For example, if the base version is 1.0.22.1 and a 1.0.24.0 --essentials is applied, a 1.0.23.0 --security isn't allowed. The security version is required to be no more than 3 times greater than the base version and must be at least equal to any --essentials applied. The same requirement should be there for essentials in the other direction as well, it cannot be applied as a version lower than any applied security option.
- Added a --database-and-console option which upgrades just the
dashdb
andweb_console
from within the provided upgrade bundle. - Enhanced the --database-image option. --database-image upgrades just the container and is to be used primarily for special builds. This option allows you to upgrade to special builds and not require support. The path parameter is required.
- Added a hidden option to apupgrade and bundle_upgrade which warns only about moderate level prechecks for some nodeOS related cases. Some of the prechecks are allowed to fail and the upgrade proceeds as usual.
- Backup and restore
-
- Version 1.0.22 provides enhancements to the incremental schema backup feature, including improved support for migration of existing schemas. A description of the feature, its scope and 1.0.22 enhancements are provided here: https://www.ibm.com/support/pages/node/2877819.
- db_backup -history now includes sessions column to display the number of sessions used for a TSM/EMC backup. And for EMC restore, it is recommended to use the same number of sessions during restore as well.
- GPFS
-
- Upgraded GPFS from 4.2.3.16 to 4.2.3.20.
- Added GPFS tracing.
- Disk firmware
-
- When you run sys_hw_check, a list of the disk drive firmware included in the bundle is displayed.
- ts_prime_session login during direct port access
- Raritan 2.3 no longer requires your login during direct port access and it is now modified not to prompt for your login during direct port access.
- mgtsw support
-
- Removed
mgtsw
support from the sys_hw_util power control. - Added
mgtsw
support for mandatory default password change on initial login.
- Removed
- FOS 8.2.1 support
-
Added support for FOS 8.2.1c which supports the CA SB 327 internet device security requirements that you must change your password on first login. These changes allow both downgrade as well as full support for v 8.2.1 if and when it's required.
The auto reboot functionality is no longer supported. Single mode is now used and reboot is performed manually once all packages are updated, regardless of the version or span.
mfg
can now utilize FC switches with the code that is compliant with CA SB 327.This enhancement also addresses any FRU related issues.
- Removed local IP address from the device getaway parameter
- For devices which prompt for a
gateway
parameter during IP configuration, the local IP address is no longer used, it is now set to 0.0.0.0 since all devices on the internal appliance bridge are local subnet traffic only. To implement this, the following changes were introduced:- The platform object now applies the quad-zero address to all device gateways when building the
local network attributes from
/etc/hosts
. - Call platform method
get_<comp>_gateway
from all affected objects to get proper value. This is used in all devices exceptmgtsw
/fabw
. - Modified the terminal server
_ip_config()
method to use the required delay/retry when setting multiple network parameters. Internally, the network service is restarted with every interface parameter change and must wait for it to finish before the next parameter can be set. - For FC switch, separated the switch initial/general configuration from zoning. The IP parameters can be updated without having to reconfigure zoning.
- Updated FSN and DSN code to check and verify all netmask and gateway values on all interfaces. The code already supports IP reconfiguration without making any other changes.
- The platform object now applies the quad-zero address to all device gateways when building the
local network attributes from
- Db2 Support Tools
-
- db_check_views
- Added a db_check_views utility. You ca run the script to find stale views in databases and schemas. For more information, see db_check_views.
- db_query_history
- Added a db_query_history utility. You can run the script to capture Db2 query history or package-cache information in persistent tables. For more information, see db_query_history.
- db_table_skew
- Added a db_table_skew utility. You can run the script to get the skew ratio for all the tables specified in the schema. For more information, see db_table_skew.
- db_tables_row_count
- Added a db_tables_row_count utility. You can run the script to get the row count for all of the specified tables or tables in a schema. For more information, see db_tables_row_count.
- db_ddl_compare
- Added a db_ddl_compare utility. You can run the script to see the DDL differences between the Netezza/Oracle and DB2 tables after migration. For more information, see db_ddl_compare
- db_get_exfmt
- Added a db_get_exfmt utility. You can run the script to obtain the table format. For more information, see db_get_exfmt.
- analyse_plan
- Added an analyse_plan utility. You can run the script to analyze output of the db_get_exfmt.py command. For more information, see analyse_plan.
- dbsql
- Added a -ssl option to enable an ssl-secured connection.
- The --caCertFile option is now supported for the command.
- dbload
- The command now supports a
KEEP
value for -ignoreZero. - Added an -sts option for backward compatibility with nzload. The option is accepted by dbload but it has no effect on the execution of the dbload program.
- The combination -format internal -compress true can be now used to load Netezza binary data.
- The command now supports a
- db_migrate
- Added a -nz_ssl <yes | no> option. This option is used to enable SSL support to connect to the Netezza host. The default securityLevel is preferredUnSecured. On Yes, it will be preferredSecured. The following nz_cert option is not necessary with this option.
- Added a -nz_cert <certificate file> option. It's a ROOT CA certificate file for Netezza. The default value is NULL.
- Added a -skip_numeric_check option. It allows you to skip the initial check for numeric values in a source table. The maximum precision of NUMERIC/DECIMAL datatype is higher (38) on performing checks for potential migration problems with numeric columns.
- Added a ParallelTargetNodes {yes | no} option. It providestab support for parallel load of data to multiple target IAS nodes. If the target machine is a multinode system, the script uses all the available nodes to migrate the data.
- db_migrate_iias
- Added a --force-continue option. It forces the migration to run regardless of error severity. The script normally tries to continue on error, but there are some critical cases when it chooses to abort.
- Added a truncateTable option. It cleans all the data from the target table prior to the migration.
- Added a --count_rows option. It calculates the number of rows in the source/target tables before and after migration.
- Added a --socketbufsize option. It specify the TCP socket buffer size in bytes.
- Removed the -compress GZIP option. LZ4 compression is used instead.
- Added -c | --checksum and -columnslist options to calculate and compare checksum on the source/target tables after migration.
- Added a -ts | --tablespace option. It specifies a case-sensitive table space for new target tables so they can be migrated to a different table space on the target machine.
- You can now run db_migrate_iias as the
root
user. - Changed default location for logs and temporary files to ~logs/db_migrate_iias. It is now consistent with other migration/compatibility tools.
- db_table_restruct
-
- Added a new db_table_restruct script for table optimization. The utility reorganizes tables in the IAS database. The command reloads the data in an ordered manner providing better performance results for queries executed against reorganized tables. The command addresses a common performance issue which is observed after migration of data from one machine to another. For more information, see db_table_restruct.
- db_build_dictionary iias
- Added a -ts | --tablespace option. It specifies table space for new target tables.
- db_build_dictionary
- You no longer have to use the
.sh
extension when running db_build_dictionary. For command help, see db_build_dictionary. - db_ddl_object
- Added a -cor option. It generates DDL with CREATE OR REPLACE clause for applicable statements.
- db_get_table_info
- The script provides metadata for the provided table(s). For more, see db_get_table_info
- db_sort_order
- The script provides the percentage of the data sorted on the filesystem with the help of the synopsis table. For more, see db_sort_order
- dbpassword
- Added a new dbpassword script to store passwords to Db2 systems. The command
can be used to store passwords to Db2 systems in an encrypted keystore on a local client machine.
For more information, see dbpasswordNote: The dbsql, dbload, db_migrate, and db_migrate_iias support reading passwords from the keystore.
- Root lock-down
- Root lock-down is disabled during upgrade by default. After the upgrade, it is recommended that
you change the
root
password.
- High availability improvements
- Security improvements:
- Generating HA REST server SSL certificates instead of using static certificates.
- Change to run
etcd
using stronger cipher suites instead of defaults (includes anetcd
upgrade).
- FCM improved availability
- In an MPP environment, the database manager is now able to recover a failed node without having to restart the entire cluster. This reduces the downtime and disruption caused by a node failure.
- Diagnostics
- Added a --debug flag to all diagnostic modules.
Previously, some modules lacked debug mode support, others (serial) had it permanently enabled. A standard --debug flag support to diagnostic application and ability to pass into all modules is introduced.
- Python
- Added Python 3 support.
- File system replication based disaster recovery REST
-
- Added steps to make interfaces within and across IAS secure. For more information, see Setting up file system replication based DR solution on IAS, Upgrading the software in a File system replication environment. Important:
- After upgrading to IAS 1.0.22.1, the
apafmdr
service is stopped. As a result, you're not able to run the apdrupgrade command. The WORKAROUND for this is to run the following commands before running apdrupgrade:apdr certificate --create apdr disable apdr enable
- If certificates are deleted from the system, the service will not function properly until they are created again.
- After upgrading to IAS 1.0.22.1, the
- Added apdr certificate. The feature imports a certificate from the provided local path to the certificate directory. For more information, see apdr command.
- Added steps to monitor queue status after successful upgrade on both DR systems. For more information, see Upgrading the software in a File system replication environment and Failback to the old primary system.
- Added apdr changeRole for role reversal. For more information, see Failover when primary system crashes.
- Added apdr clean. The feature is used to uninstall the AFMDR service between two system. For more information, see Uninstalling file system replication.
- Added steps to make interfaces within and across IAS secure. For more information, see Setting up file system replication based DR solution on IAS, Upgrading the software in a File system replication environment.
- The apdr command enhancements
-
- Added a apdr diag command. This feature is used to run network diagnostics between the primary and secondary systems. For more, see apdr command and Testing network performance between the primary and secondary systems
- Added a --check-only parameter to the apdr config command. This parameter can be used to run network diagnostics between the systems before configuring DR solution. For more, see apdr command and Setting up file system replication based DR solution on IAS.
- Platform Management
-
- Events are now displayed in the ap issues list and they must be manually
acknowledged.
The default
ap issues
behavior is changed - the command displays all open issues and all unacknowledged events, with additional column indicating acknowledgment state. Once you acknowledge the event, it is no longer displayed in theap issues
list. Acknowledging is done viaap issues --ack <event_id>
orap events --ack <event_id>
(similarly to closing stateful alerts). Note that both acknowledged and unacknowledged events are still visible inap events
orap issues -e
. - Introduced SNMP v1 and v2c support, in addition to v3. You can set version when running
ap config --set snmp
with snmp_version and snmp_community parameters.If snmp_version is set to 1 or 2, you have to set the following parameters:- snmp_community
- snmp_ip_address
- snmp_port
If snmp_version is set to 3, you also have to set following parameters:- snmp_engine_id
- snmp_security_name
- snmp_security_level
- snmp_auth_protocol
- snmp_auth_key
- snmp_enc_protocol
- snmp_enc_key
- snmp_ip_address
- snmp_port
If you switch between versions 3 and 1 or 2c, the configuration parameters are preserved in the system. For more information, see Configuring SNMP trap notifications
- Events are now displayed in the ap issues list and they must be manually
acknowledged.
- FODC dumps
- You can now manage FODC dumps via the dbdiag path.
Components
- Db2 Warehouse 11.5.3
- See What's New in Db2 Warehouse.
- Db2 Engine 11.5.3
- To learn more about the new features and changes introduced in Db2 11.5.3, read What's new in the Db2 Knowledge Center.
- IBM Data Replication for Availability
-
- Support for replication of binary format for supplemental logs:
When DATA CAPTURE CHANGES is enabled on a column-organized table, the supplemental logs that Db2 creates are read by the replication capture process and transmitted to the target system. Replication now uses binary format for the supplemental logs, significantly reducing the size of the data that is sent from the source to the target when massive transactions of the type that are typical in large data warehouses are performed.
- Faster file transfer by using parallel processing:
Replication uses a more robust file transfer method of data transmission for column-organized tables, and you can now increase performance for this method by creating multiple pipelines for file transfer. The parallel degree feature enables you to create up to four sets of IBM MQ send queues, receive queues, and channels to fully saturate the bandwidth between the source and target systems. Parallel transmission can be especially effective when the systems are separated by long distances.
- Alert monitoring for changes in replication environment:
You can now receive an email alert when something changes in the status of your replication environment by setting up the Replication Alert Monitor within IBM Data Replication for Availability. The monitor program runs in the source database and monitors the status of the replication capture and apply programs. It monitors for conditions in the replication environment and sends email alerts to a specified list of addresses when an alert condition is met. For more details, see What's new in the IBM Data Replication for Availability Knowledge Center.
- Support for replication of binary format for supplemental logs:
- FODC dumps
- You can now manage FODC dumps via the dbdiag path.
- NodeOS
- Added a cron script that restarts services if their mount points exceed the threshold. The
script resolves the following issues:
- no space error error/job failure.
- Problems with starting containers due to mount failure (can be observed in /var/log/messages.)
- Dangling
dm
devices with lots of hangingkdmflush
andbioset
threads which impact system performance (mostly observed on system (i.e.node0101
) running DSX. - The docker cp command failure.
- Call Home
- Enhanced the Call Home notification email to support CSP (Salesforce). Support requests are now referred to as cases.
Resolved issues
- Replaced device mapper storage driver with overlay2 storage driver. This fixes any future
thinpool
issues during upgrades. With upgrading to version 1.0.21.3, DSX reinstall might still be required. - Fixed an upgrade issue with Docker not starting.
- Fixed an issue with upgrade removing EMC NetWorker configuration. EMC NetWorker package and configuration are now retained after the upgrade.
- Fixed the following issues with static routing:
- Fixed issue with static routes and nodes losing their fbond/mbond network interfaces.
- Static routes can now be deleted on every node using the apsetup utility. For more information, see Deleting static routes
- sys_hw_diags network no longer crashes on a 4 HA or above systems.
- db_restore will not be transferring the ownership for system-generated sequences, only for user-defined sequences.
- Resolved the issue with Platform Manager not being able to establish a master.
- Resolved issues with node not coming up on the mgt interface after reboot.
When apupgrade resumed after a node reboot, the node failed to come up on the mgt interface. Now apupgrade attempts to confirm it can communicate over the management network with all of the nodes. If any nodes are unreachable, it attempts to restart the network.
- Resolved issues related to the
netbackup-server/-nb
option for schema-level backup. - DSX is not enabled during the final stages of the upgrade procedure if you disabled DSX on your
machine. Note: If you want to disable DSX, you have to uninstall it. To uninstall DSX, run ./InstallPackages/utils/uninstall.sh from the directory where install was run. Usually, the install directory is located in /opt/ibm/appliance/storage/platform. If you can't find the directory, contact IBM Support.
- FOS 8.2.1 support
- In upgrade only mode, rev firmware was generating an error and preventing update. This mode was added to the criteria for allowing update.
- The quiet mode in the
_fcsw_restart
method was not being propagated to_wait_reboot
and this was causing two countdown timers to appear in the same location.
- Resolved issues with _syshw_int_hndlr() taking exactly 1 argument (2
given).
The required
frame
argument passed to the interrupt handler assigned to a signal is put back. Also, thecleanup_and_exit
API is now consistent across all calls. To avoid putting pylint ignore rules in the code, the unused arguments are used in a NOP clause. - Resolved issues with
sys_hw_check fsn
When ethernet was removed from both FSN canisters, a FAIL was printed and no details about the FSN were provided. It now falls back to serial connections to gather component information and print a WARN message about the ethernet connection not being present.
- Fixed the security vulnerability issue with the remote NPS server responding to mode 6 queries. Before devices that responded to the queries could have been used in NTP amplification attacks.
Known issues
- Schema enabled for row modification tracking (RMT schema)
- When you back up RMT schema tables with the db_backup command on IAS 1.0.21 and restore them to either IAS 1.0.22 or 1.0.23, the SYSROWID is not restarted properly.
- apafmdr service
- After upgrading to 1.0.22.1, the
apafmdr
service is stopped. As a result, you're not able to run the apdrupgrade command. The WORKAROUND for this is to run the following commands before running apdrupgrade:apdr certificate --create apdr disable apdr enable
- -ssl Db2 tools support issues
- The Db2 support tools -ssl parameter might not work for users other than
db2inst1
whenSSL_CLNT_KEYDB
andSSL_CLNT_STASH
are set in Database Manager Configuration. This is becausenon db2inst1
users might not have access to the keystore database and keystore stash files. The WORKAROUND for all the non db2inst1 tools: change privileges to at least 654 on /mnt/blumeta0/db2/ssl_keystore/bludb_ssl.kdb (or relevantSSL_CLNT_KEYDB
path) and/mnt/blumeta0/db2/ssl_keystore/bludb_ssl.sth
(or relevant SSL_CLNT_STASH path). - Common container
start_cc_services
issue - After a head node failure/failback, the system is waiting for the node recovery process to
complete and is stuck in the Recovering state. The WORKAROUND is to kill the
start_cc_services
child process. - ap issues listing many events
- In versions 1.0.22.X, all events are now shown on the ap issues list until
you acknowledge them manually one by one. For that purpose, run the
ap issues --ack <event_id>
orap events --ack <event_id>
for each event, providing its ID.
- Call Home
- After updating platform configuration in console, even if the update is successful, old data might be visible for up to 30 seconds. On the next refresh after that time, all displayed data is expected to be up-to-date.
- EMC NetWorker backup/restore fails
- EMC NetWorker backup/restore fails with SQL2062N. An error occurred while accessing the
/usr/lib/libnsrdb2.so
media. Reason code is0
. This is occurring due to two parameters that are added in the nmda_db2.cfg file on each node.Workaround:- As the
root
user, edit the /nsr/apps/config/nmda_db2.cfg file and comment out theNSR_LIBNSRDB2_DEBUG_LEVEL=9
andNSR_DEBUG_LEVEL=9
parameters. This must be done on every node in the container. - Rerun backup/restore.
- As the
- dbload -v parameter issue
- Instead of displaying additional information about the load session, the -v parameter prints details about the version, similarly to the -V parameter.
- Issues with schema restore
-
- Alias objects present in a schema are lost after a schema restore. Warnings for aliases that won't be backed up during backup and showing warnings during restore are displayed.
- Schema restore for ownership of objects includes both db2inst1 and original owner.
Workaround: Revoke db2inst1 as owner of the objects, for those that have two owners after the restore.
- db_restore
- The db_restore command fails for tables defined as external tables. Tables defined as external tables are not assigned a path and are assumed to be empty.
- IBM Spectrum Protect backups fail with Kernel issues
- When using the IBM Spectrum Protect client for backup and restore, the Kernel issues might
occur, which cause the backups to fail.
Workaround:
- Edit all dsm.sys files in
/opt/ibm/appliance/storage/head/tsm/api/node010X-fab, where X is a node number.
Add the following lines to all these dsm.sys
files:
tcpbuffsize 512 tcpwindowsize 1024 tcpnodelay no
- Start the backup again.
- Edit all dsm.sys files in
/opt/ibm/appliance/storage/head/tsm/api/node010X-fab, where X is a node number.
Add the following lines to all these dsm.sys
files:
- Platform Manager reports storage utilization above threshold
-
The following alert related to
fs.sda8
might be opened for every node after upgrading to 1.0.21.3: STORAGE_UTILIZATION | 901: Storage utilization above threshold | sw://fs.sda8/hadomain1.node1 | WARNING |You can ignore these warnings.
- DSX
- You have to reinstall DSX, as all DSX containers are gone after upgrade. This is connected to
the conversion from the device mapper storage driver to overlay2 storage. The upgrade procedure
removes all docker containers when it changes to overlay from device-mapper. The DSX containers are
part of the separate DSX installation bundle, not part of the IAS upgrade image.
Workaround:
Back up and restore DSX/ Watson Studio Local as described in https://content-dsxlocal.mybluemix.net/docs/content/SSAS34_current/local/backup.html.
Note: If you want to disable DSX, you have to uninstall it. To uninstall DSX, run ./InstallPackages/utils/uninstall.sh from the directory where install was run. Usually, the install directory is located in /opt/ibm/appliance/storage/platform. If you can't find the directory, contact IBM Support.