Specifying the privileges that Db2U runs with

If you install services with a dependency on Db2U, create a db2u-product-cm ConfigMap to specify whether Db2U runs with limited privileges or elevated privileges.

Installation phase
  • You are not here. Setting up a client workstation
  • You are not here. Setting up a cluster
  • You are not here. Collecting required information
  • You are not here. Preparing to run installs in a restricted network
  • You are not here. Preparing to run installs from a private container registry
  • You are not here. Preparing the cluster for IBM Software Hub
  • You are not here. Preparing to install an instance of IBM Software Hub
  • You are not here. Installing an instance of IBM Software Hub
  • You are not here. Setting up the control plane
  • You are here icon. Installing solutions and services
Who needs to complete this task?

Instance administrator An instance administrator can complete this task.

When do you need to complete this task?

Complete this task if you are installing one or more of the following services:

  • Data Product Hub
  • Data Virtualization
  • Db2
  • Db2 Big SQL
  • IBM Knowledge Catalog
  • Db2 Warehouse
  • IBM Knowledge Catalog Premium
  • IBM Knowledge Catalog Standard
  • OpenPages with an embedded Db2 database.

Repeat as needed Complete this task for each instance of IBM Software Hub on your cluster.

Before you begin

Best practice: You can run the commands in this task exactly as written if you set up environment variables. For instructions, see Setting up installation environment variables.

Ensure that you source the environment variables before you run the commands in this task.

Work with a cluster administrator to answer the following questions. The answers determine the contents of the ConfigMap.

1. Is the cluster managed OpenShift® or self-managed OpenShift?
  • If the cluster is a managed OpenShift cluster, you must allow Db2U to run with elevated privileges.

    Set DB2U_RUN_WITH_LIMITED_PRIVS: false in the db2u-product-cm ConfigMap.

  • If the cluster is a self-managed OpenShift cluster, proceed to the next question.
2. Did the cluster administrator change the kernel parameter settings?
On a self-managed OpenShift cluster, a cluster administrator can change kernel parameter settings to allow Db2U to run with limited privileges.
  • If the cluster administrator did not change the kernel parameter settings, you must allow Db2U to run with elevated privileges.

    Set DB2U_RUN_WITH_LIMITED_PRIVS: false in the db2u-product-cm ConfigMap.

  • If the cluster administrator changed the kernel parameter settings, choose whether to run Db2U with elevated privileges or limited privileges.

Procedure

  1. Log in to Red Hat OpenShift Container Platform as a user with sufficient permissions to complete the task. 
    ${OC_LOGIN}
  2. Create the appropriate db2u-product-cm ConfigMap for your environment:
    Elevated privileges (DB2U_RUN_WITH_LIMITED_PRIVS: false) 
    oc apply -f - <<EOF
apiVersion: v1
data:
  DB2U_RUN_WITH_LIMITED_PRIVS: "false"
kind: ConfigMap
metadata:
  name: db2u-product-cm
  namespace: ${PROJECT_CPD_INST_OPERATORS}
EOF
    Limited privileges (DB2U_RUN_WITH_LIMITED_PRIVS: true) 
    oc apply -f - <<EOF
apiVersion: v1
data:
  DB2U_RUN_WITH_LIMITED_PRIVS: "true"
kind: ConfigMap
metadata:
  name: db2u-product-cm
  namespace: ${PROJECT_CPD_INST_OPERATORS}
EOF

Results

When you install services with a dependency on Db2U, the service uses the information in the db2u-product-cm ConfigMap.

What to do next

Now that you've specified the privileges that Db2U runs with, you're ready to complete Running a batch installation of solutions and services.