Preparing to install Netezza Performance Server Replication Services 3.0.X.X

Complete the steps to prepare to install Netezza Performance Server Replication Services 3.0.X.X on Cloud Pak for Data System 1.0.8.0 and later.

Note:

Fresh installations or upgrades to NRS version 3.0.x.x are not currently supported on Cloud Pak for Data System version 1.0.9.0 and above. However, if NRS is already installed and running on version 1.0.8.x, it will continue to function after upgrading the Cloud Pak for Data System to version 1.0.9.x or later.
If base node expansion is enabled, you cannot deploy Netezza Performance Server Replication Services 3.0.X.X.
Do all of the following steps on each Cloud Pak for Data System, one at a time, as root on e1n1, unless it is specified otherwise.

Procedure

Ensure that you are on Netezza Performance Server that supports Cloud Pak for Data System 1.0.8.0 and later.
Identify the Cloud Pak for Data Systems that you want to use for replication.
You can assign a primary or replica role to databases from any of these systems.
Determine what network VIP (floating IP address) you want to use.
- If you want to set up Netezza Performance Server Replication Services without a dedicated replication network, use the same VIP as the one that is used to access Netezza Performance Server that runs on these Cloud Pak for Data Systems.
- If you want to set up Netezza Performance Server Replication Services with a dedicated replication network, use a dedicated VIP. For adding a new application VLAN, refer Adding application network.
Open the following ports in your data center firewall so that your local Cloud Pak for Data System can contact the remote Cloud Pak for Data System and the other way round:
- 29092
- 6000
Retrieve the DNS host names (appliance host name and replication hostname) which correspond to the system VIPs.
Verify whether an appliance hostname is configured for the system in your DNS to access the Netezza Performance Server.

If you use a dedicated VIP, verify whether the DNS hostname corresponds to the replication VIP.
Ensure that you configured the fully qualified domain name that correspond to the system VIP as a backup hostname in /nz/data/config/backupHostname.txt.
```
grep HOSTNAME /nz/data/config/backupHostname.txt
```
Example:
```
[nz@npshost ~]$ grep vip_hostname.mycompany.com /nz/data/config/backupHostname.txt
```
Ensure that you have the infrastructure that is necessary to take a full backup of your primary database, and that you can restore it on the remote replica systems. You can use any type of backup storage that is supported by Netezza Performance Server.
Download the Netezza Performance Server Replication Services 3.0.X.X installation bundle unpack it.
1. Create a sample nps-replication folder.
```
mkdir nps-replication
```
  Example:
```
[root@e1n1 ~]# mkdir nps-replication
```
2. Copy the Netezza Performance Server Replication Services 3.0.X.X installation bundle that you got from IBM Support to nps-replication.
3. Unpack the installation bundle.
```
tar -xvf NRS 3.0 VERSION.tar.gz
```
  Example:
```
[root@e1n1 nps-replication~]# tar -xvf nrs-3.0.0.0-VERSION FEATURE.tar.gz
```
  In the bundle, you can find the following items:
  - The nrscertmgr script for generating SSL certificates. For more information, see The nrscertmgr script.
  - The cpds_deploynrs script for deploying Netezza Performance Server Replication Services 3.0.X.X. For more information, see The cpds_deploynrs command.
  - The nrs_logcollector script under for collecting diagnostic logs.
  - Command-line tools for interacting with Netezza Performance Server Replication Software 3.0.X.X.
  - Docker images that are related to the Netezza Performance Server Replication Services software components.
Generate certificate authority (CA) files to use with all of the systems in the cluster.
Important: Generate the certificate authority (CA) files on one Cloud Pak for Data System. Then, copy the generated files to the other systems before you deploy Netezza Performance Server Replication Services on them.
- Generating self-signed certificates:
  1. Select a Cloud Pak for Data System from which you want to generate the certificate authority (CA) files.
  2. Create a password for the certificate authority's key (cacert.pem) and save it in password_file.
```
echo -n PASSWORD > PASSWORD FILE PATH
```
    The password must not have any leading or trailing whitespace charatcers. Passwords with leading or trailing whitespace character are rejected by the nrscertmgr script.
    
    Ensure that the file and related certificates are placed in a known directory on all systems, for example /root/mycerts.
    
    Tip:
    Make sure that you include -n in the command. With this parameter, the password file does not have a terminating new line. With a new line at the end of the password file, the setup might fail.
  3. Run the nrscertmgr script.
```
nrscertmgr generate-cacert --passfile /path/to/password_file
```
    Example:
```
[root@exegeses1 certs]# ./nrscertmgr generate-cacert --passfile ca_pass

Running command: 'openssl genrsa -out cakey.pem -aes256 -passout file:ca_pass 4096'

Running command: 'openssl req -new -subj /C=US/ST=CA/CN=localhost -x509 -days 3650 -key cakey.pem -out cacert.pem -passin file:ca_pass'
```
    For more information, see The nrscertmgr script.
  4. Copy cakey.pem, cacert.pem, and password_file that you generated in substeps b and c to the other Cloud Pak for Data System.
    Ensure that the files are placed in a known directory on all systems, for example /root/mycerts.
- Using custom certificates:
  1. Select a Cloud Pak for Data System from which you want to generate the certificate authority (CA) files.
  2. Create a index.yaml file.
    Populate the file as in the example index.yaml:
```
certs:
  cacert:
    cert: /path/to/cacert.pem
  nodes:
    replication-node-1.fqdn:
      cert: /path/to/rn1-ccertfile.pem
      key: /path/to/rn1-ckeyfile.pem
      password: /path/to/rn1-cpassword
    replication-node-2.fqdn:
      cert: /path/to/rn2-certfile.pem
      key: /path/to/rn2-ckeyfile.pem
      password: /path/to/rn2-cpassword
```
    The passwords must not have any trailing whitespace characters. Use absolute paths.
  3. Copy index.yaml that you generated in substeps b to the other Cloud Pak for Data System.
    Ensure that the files are placed in a known directory on all systems, for example /root/mycerts.
To determine whether Netezza Performance Server is configured to use lowercase or uppercase, run following command against your Netezza Performance Server instance.
```
$ nzsql -c "select identifier_case;"
 identifier_case
-----------------
 lowercase
(1 row)
```
Note: By default, Netezza Performance Server is typically set to uppercase. This configuration detail is important when installing NRS for the first time on your system.

What to do next

If you decided to use the same network VIP as the one that is used to access Netezza Performance Server, follow the steps that are described in Installing Netezza Performance Server Replication Services without a dedicated replication network.
If you decided to use a dedicated replication network VIP, follow the steps that are described in Installing Netezza Performance Server Replication Services with a dedicated replication network.