IBM Integrated Analytics System 1.0.25.0 release notes (April 2021)
Version 1.0.25.0 introduces a number of enhancements, such as a tool to change the
root
password, Pod Manager (Podman) support, and more.
- If you are on IAS 1.0.19.2 or lower, you must upgrade to IAS 1.0.19.7 before you can upgrade to IAS 1.0.2x.x.
- The upgrade to IAS 1.0.25.0 cannot be a partial one. You must do a complete upgrade of the whole system.
- To get information about upgrade times for upgrading to version 1.0.25.0 from versions 1.0.19.7, 1.0.21.3, 1.0.22.1, 1.0.23.2, and 1.0.24.0 and different system types, see 1.0.25.0 upgrade times.
- If you want to preserve SSL certificate files during upgrade, you must specify the old
certificates by using SSL environment variables in the
dashdb.env
file. For more information, see Preserving old certificate files during upgrade.
What's new
- RHEL
- Upgraded RHEL to 7.9.
- FSN
- Updated the FSN firmware to ISKLM 3.0.
- root password
- Added a utility to change the
root
user password on all connected IAS nodes. For more information, see aprootpwd utility. - Pod Manager (Podman)
-
- Replaced Docker with Podman. On IAS, all the docker commands work without any changes.
- Right now, all output messages that are Podman-related still use the word
docker
. -
In Podman-based containers, data cannot be copied from the host system into the container's /tmp partition. Use other partitions to copy any data from the host into the containers. Although the copy command (docker cp) does not throw any errors when copying the data into /tmp from the host system, no data is actually copied.
- DSX
- With the upgrade to Podman, DSX is no longer supported on IAS. DSX is supported only through an external connection.
- Archive logs
- Moved archive logs from scratch to local.
- Guardium S-TAP
- Updated Guardium S-TAP to 11.3.
- STIG compliance
- Added options to enable and disable audit rules. For more information, see Security hardening with the security_compliance_manager tool.
- LDAP certificates
- Added support for generating internal LDAP certificates. For more information, see Generating and updating internal LDAP certificates.
- Archive log pruning
-
- During the upgrade procedure,
logarchmeth1
indb cfg
is updated from/scratch/db2archive/archive_log/
to/local/db2archive/archive_log/
. - The apupgrade command moves the older archive logs from
/scratch
to/local
and the new archive logs are generated under/local
. - Revised the archive log pruning mechanism to retain twice as many logs that are set for
LOGPRIMARY
andLOGSECOND
indb cfg
.
- During the upgrade procedure,
- Security patch
- Introduced a monthly security patch infrastructure.
- Backup and restore
- Added an integrity verification option for schema-level backups. You can use -image-check rowcount to ensure schema-level backup files can be processed by Db2 without errors during backup or before restore. When used during backup, -image-check hash size causes restore to be blocked if the backup image was modified. -image-check rowcount is not applicable to tables with large binary objects under some circumstances.
Components
- Db2 Warehouse 11.5.5.1
- See What's New in Db2 Warehouse.
- Db2 Engine 11.5.5.1
- Introduced defect fixes. To learn more about the changes that are introduced in Db2 11.5.4.0, read What's new in the Db2 IBM Knowledge Center.
- IBM Data Replication for Availability
-
- Console and API support for Db2 SSL certificate
- In the web console, when you add a replication target you can now click
Trust Target
to configure the source database to trust the target Db2 SSL security certificate. After this step, you can use the console to create replication sets, add tables, and start replication. You can also use the replication REST API to update the Db2 SSL certificate in the Bludr-REST truststore. - Ability to monitor performance of target table loading
- You can better track the performance of the target table loading process by using four new
columns that are added to the replication control table that stores monitoring statistics. The
TABLES_LOADED
,ROWS_LOADED
,TABLES_LOADED_PHYSICAL_SIZE
, andTABLES_LOADED_LOGICAL_SIZE
columns now store these statistics for each monitoring interval in theIBMQREP_APPLYMON
table. - Customer LDAP admin username
- When you are configuring external LDAP to manage access to the replicated databases, you can now
use a custom
bluadmin
username such asbluadmin.iias
to improve management of users and groups.
- After you upgrade from IAS 1.0.23.2 to 1.0.25, the replication web console does not open on the upgraded source or target system because of a problem with the Db2 SSL certificate exchange.
- For more information and a workaround, see the Known issues in the IBM Data Replication for Availability documentation.
Known issues
- FIPS and SELinux settings must be disabled before upgrading to 1.0.25.0
- If FIPS is enabled on your system or
SELinux
is set to enforcing, you must disable FIPS and set SELinux to permissive before you can upgrade to 1.0.25.0. Upgrade does not preserve this configuration and fails if not disabled. The apupgrade command verifies this before the upgrade procedure is started. The settings must be reenabled after the upgrade. - Backing up with IBM Spectrum Protect (TSM)
- Backing up with IBM Spectrum Protect (TSM) is not supported from the web console. You can use the db_backup command instead.
- Node booting and rebooting taking more than 45 minutes
- If a node is booted and rebooted, and it
takes more than 45 minutes for the node to come up, Platform Manager marks the node as
Disabled
. The node is markedDisabled
even if the node comes up after 45 minutes. If this happens, you must enable the node manually. Follow the steps described in the workaround. - rsyslog fails to restart
- When you issue apstop --service, Platform Managers stops its services and
restarts the rsyslog service. Sometimes,
rsyslog
fails to restart and the following message is displayed:[root@node0101 ~]# systemctl status rsyslog rsyslog.service - System Logging Service Loaded: loaded (/usr/lib/systemd/system/rsyslog.service; enabled; vendor preset: enabled) Active: failed (Result: start-limit) since pon 2021-02-08 11:31:55 UTC; 2min 39s ago Docs: man:rsyslogd(8) http://www.rsyslog.com/doc/ Process: 128335 ExecStart=/usr/sbin/rsyslogd -n $SYSLOGD_OPTIONS (code=exited, status=219/CGROUP) Main PID: 128335 (code=exited, status=219/CGROUP) Tasks: 0 CGroup: /system.slice/rsyslog.service lut 08 11:31:55 node0101 systemd[1]: rsyslog.service: main process exited, code=exited, status=219/CGROUP lut 08 11:31:55 node0101 systemd[1]: Failed to start System Logging Service. lut 08 11:31:55 node0101 systemd[1]: Unit rsyslog.service entered failed state. lut 08 11:31:55 node0101 systemd[1]: rsyslog.service failed. lut 08 11:31:55 node0101 systemd[1]: rsyslog.service holdoff time over, scheduling restart. lut 08 11:31:55 node0101 systemd[1]: Stopped System Logging Service. lut 08 11:31:55 node0101 systemd[1]: start request repeated too quickly for rsyslog.service lut 08 11:31:55 node0101 systemd[1]: Failed to start System Logging Service. lut 08 11:31:55 node0101 systemd[1]: Unit rsyslog.service entered failed state. lut 08 11:31:55 node0101 systemd[1]: rsyslog.service failed.
- Error No such file or directory for the ibm-ca-os-custom-service in the upgrade log but the rpm is installed on the system
- In the upgrade log, the following message is displayed for
node0105
,node0104
,u'node0107
,u'node0106
, andnode0103
.error: open of /install/rhel7.4/ppc64le/netezza/packages/ibm-ca-os-custom-service-1.0.25.0.noarch.rpm failed: No such file or directory
- After node reboot, the system is stuck
- The system is stuck in the following
state:
2021-04-11 19:29:42 --> bundle appears to already be extracted -- skipping 2021-04-11 19:29:42 Running preliminary check 2021-04-11 19:29:42 Verifying bundle integrity and authenticity 2021-04-11 19:31:43 Bundle integrity and authenticity verification succeeded. 2021-04-11 19:31:43 INFO: Retrieving installed version from aphistory. 2021-04-11 19:31:43 INFO: Retrieving latest successful upgrade log message from aphistory 2021-04-11 19:31:46 INFO: Latest successful upgrade log message retrieved 'Completed upgrade from 1.0.19.7-20200522105916b7 to 1.0.25.0-20210409.205743-435-release' 2021-04-11 19:31:46 INFO: Building the installed version based on the last successful upgrade log message from aphistory 2021-04-11 19:31:46 INFO: Checking upgrade version. 2021-04-11 19:31:46 INFO: Checking upgrade version. 2021-04-11 19:31:46 A direct upgrade from the current software version 0.1.0.0 to the target software version 1.0.25.0-20210409131801b20285 is not allowed. This system must first be upgraded to 1.0.15 before continuing. (END)
WORKAROUND:
Restart the upgrade process.
- Error invalid arithmetic operator for the OTHER METADATA/CACHE/CONFIG FILES row if the size of bludb or schema is in floating value
- The error occurs when the size
BLUDB
orSUM(SCHEMA)
is in decimal values.[root@node0101-fab - Db2wh /]# db_size Object | Name | Bytes | KB | MB | GB | TB -----------+-----------------------------------+----------------------+------------------+--------------+------------+------------ Database |BLUDB | 203,558,158,336 | 198,787,264 | 194,128 | 189.578 | .185 MQTable |DB2GSE.GSE_SRS_REPLICATED_AST | 6,815,744 | 6,656 | 7 | .006 | .000 Table |ASN.IBMQREP_RESTAPI_JOBS | 262,144 | 256 | 0 | .000 | .000 Table |AUDIT.AUDIT | 556,924,928 | 543,872 | 531 | .519 | .001 Table |AUDIT.CHECKING | 31,802,130,432 | 31,056,768 | 30,329 | 29.618 | .029 ... ----------------------------------------- **/opt/ibm/migration_tools/db_toolkit/db_size: line 441: let: diff=194128.1875-187335.75: syntax error: invalid arithmetic operator (error token is ".1875-187335.75")** BLUDB = 194128.1875 MB SUM(SCHEMA) = 187335.75 MB OTHER METADATA/CACHE/CONFIG FILES = MB -----------------------------------------
- Restoring to a new schema by using the db_restore command with the
-target-schema
- Restoring to a new schema by using the db_restore command with the
-target-schema
option is not supported for the following DDL statements:CREATE INDEX
ALTER TABLE - ADD CONSTRAINT
- Schema backup images taken on IAS 1.0.24 or DB2 Warehouse may contain inaccurate data for tables that contain the BINARY or VARBINARY data type
- A backup operation that is taken on IAS 1.0.24 captures data for tables that contain the
BINARY
orVARBINARY
data type as of timestamp when an individual table is processed by the backup operation. All other tables are captured as of timestamp when the db_backup command is issued. - Podman
-
- Right now, all output messages that are Podman-related still use the word
docker
. -
In Podman-based containers, data cannot be copied from the host system into the container's /tmp partition. Use other partitions to copy any data from the host into the containers. Although the copy command (docker cp) does not throw any errors when copying the data into /tmp from the host system, no data is actually copied.
- Right now, all output messages that are Podman-related still use the word
- Getting Error: unknown shorthand flag: 'f' for /usr/bin/docker image prune -a -f
- When you issue /usr/bin/docker image prune -a -f, in the upgrade log you can see Error: unknown shorthand flag: 'f'.
- An error during copying files from bundle to dashDB container causes upgrade failure
- WORKAROUND:
Restart docker service on
node0101
. - After you upgrade from IAS 1.0.23.2 to 1.0.25, the replication web console does not open on the upgraded source or target system because of a problem with the Db2 SSL certificate exchange.
- For more information and a workaround, see the Known issues in the IBM Data Replication for Availability documentation.