Creating a service instance for Db2 with the OpenShift command line

After you install Db2, you can optionally create more Db2 service instances in the operands project. If you are a IBM® Software Hub user, you can use the oc create command to create service instances after you install Db2.

Who needs to complete this task?

Instance administrator To create a service instance by using the OpenShift oc create command, you must be an instance administrator. An instance administrator has permission to install software in any projects that are associated with an instance of IBM Software Hub.

When do you need to complete this task?
Complete this task only if you want to create a service instance by using the oc create command.
Alternative methods for creating a service instance

Information you need to complete this task

Review the following information before you create a service instance for Db2:

Version requirements

All of the components that are associated with an instance of IBM Software Hub must be installed or created at the same release. For example, if Db2 is installed at Version 5.4.0, you must create the service instance at Version 5.4.0.

Environment variables

The commands in this task use environment variables so that you can run the commands exactly as written.

  • If you don't have the script that defines the environment variables, see Setting up installation environment variables.
  • To use the environment variables from the script, you must source the environment variables before you run the commands in this task. For example, run:
    source ./cpd_vars.sh

Before you begin

This task assumes that the following prerequisites are met:

Prerequisite Where to find more information
Db2 is installed. If this task is not complete, see Installing Db2.
If you plan to deploy on a dedicated node, you must label the node. You will enter the label during the deployment process. If this task is not complete, see Setting up dedicated nodes for your Db2 deployment.
Optional: You can upgrade your license from Db2 Community Edition to Db2 Advanced Edition.

With Db2 Advanced Edition, you can get the following benefits:

  • No resource limits: Db2 Advanced Edition has no restrictions on resources including CPU and memory.

  • Support High Availability and Disaster Recovery (HADR): Advanced Edition supports HADR which is not available in the Community Edition.

  • Access IBM Support: Unlike the Community Edition, Db2 Advanced Edition provides access to IBM's support services.

 To learn more about upgrading your license, see Upgrading the license before you deploy Db2.

Procedure

Complete the following tasks to create a service instance:

  1. Creating a service instance
  2. Validating that the service instance was created
  3. What to do next

Creating a service instance

To create a service instance:

  1. Create a custom resource db2oltp.yaml file to define the database for your environment.

    Refer the following custom resource example and specify the parameters in your custom resource:

    apiVersion: db2u.databases.ibm.com/v1
kind: Db2uInstance
metadata:
  labels:
    cpd_db2: db2oltp
    db2u/cpdbr: db2u
    icpdsupport/addOnId: db2oltp
    icpdsupport/app: db2oltp-21212121
  name: db2oltp-21212121
  namespace: zen
spec:
  account:
    imagePullSecrets:
    - <db2u_sa_pullsecret>
    securityConfig:
      privilegedSysctlInit: true
  advOpts:
    db2SecurityPlugin: cloud_gss_plugin
    zenControlPlaneNamespace: zen
  affinity:
    nodeAffinity: {}
  environment:
    authentication:
      ldap:
        enabled: false
    databases:
    - name: BLUDB
      settings:
        dftPageSize: "16384"
      storage:
      - name: data
        spec:
          accessModes:
          - ReadWriteOnce
          resources:
            requests:
              storage: 100Gi
          storageClassName: <yourStorageClass>
        type: template
      - name: activelogs
        spec:
          accessModes:
          - ReadWriteOnce
          resources:
            requests:
              storage: 100Gi
          storageClassName: <yourStorageClass>
        type: template
      - name: tempts
        spec:
          accessModes:
          - ReadWriteOnce
          resources:
            requests:
              storage: 100Gi
          storageClassName: <yourStorageClass>
        type: template
    dbType: db2oltp
    instance:
      dbmConfig:
        SRVCON_PW_PLUGIN: IBMIAMauthpwfile
        group_plugin: IBMIAMauthgroup
        srvcon_auth: GSS_SERVER_ENCRYPT
        srvcon_gssplugin_list: IBMIAMauth
      password:
        value: 'password'
      registry:
        DB2_FMP_RUN_AS_CONNECTED_USER: "NO"
        DB2AUTH: OSAUTHDB,ALLOW_LOCAL_FALLBACK,PLUGIN_AUTO_RELOAD
    partitionConfig:
      total: 1
    ssl:
      allowSslOnly: false
      certLabel: CN=zen-ca-cert
      secretName: 'db2oltp-internal-tls'
  license:
    accept: true
  nodes: 1
  podTemplate:
    db2u:
      resource:
        db2u:
          limits:
            cpu: 2100m
            memory: 5632Mi
  storage:
  - name: meta
    spec:
      accessModes:
      - ReadWriteMany
      resources:
        requests:
          storage: 100Gi
      storageClassName: <yourStorageClass>
    type: create
  - name: backup
    spec:
      accessModes:
      - ReadWriteMany
      resources:
        requests:
          storage: 100Gi
      storageClassName: <yourStorageClass>
    type: create
  - name: archivelogs
    spec:
      accessModes:
      - ReadWriteMany
      resources:
        requests:
          storage: 100Gi
      storageClassName: <yourStorageClass>
    type: create
  version: <database_version>
  volumeSources:
  - visibility:
    - db2u
    volumeSource:
      secret:
        secretName: zen-service-broker-secret
  - visibility:
    - db2u
    volumeSource:
      configMap:
        name: management-ingress-ibmcloud-cluster-info
    Required format
    The name of the db2uinstance must have the following format: db2oltp-<numeric_number>. The <numeric_number> must fit these criteria:
    • It must be unique and not copied from another instance.
    • It cannot start with 0.
    • The ID cannot begin with 0

    For example, name: db2oltp-21212121

    Required labels
    • cpd_db2: db2oltp
    • db2u/cpdbr: db2u
    • icpdsupport/addOnId: db2oltp
    Optional labels
    The cpd_display_name label can be added if you want a custom display name for the database tile. The display name must be unique in order for the tile to show on the Databases page.

    For example, cpd_display_name: <unique_web_console_database_tile_name>

  2. Specify the following parameters in your custom resource. For more information about the custom resource definition and configuration options, see Deploying Db2 using the Db2uInstance custom resource:

    1. To set a timezone for your deployment, set the timezone field to your choice of timezone under advopts. For more information, see Setting a time zone for new or existing Db2 deployments.
    2. Replace <yourStorageClass> with a valid storage class for your cluster.
    3. Replace <db2u_sa_pullsecret> with the imagePullSecrets associated with your db2u service account.
      Tip: You can run the following command to find your imagePullSecrets:
      oc get sa db2u -oyaml
    4. Use the existing claim name, <existing_pv_claim_name>, or use type: create and use the storage class name as other storage types, such as meta, data, and tempts specified in the db2oltp.yaml file.
    5. Specify a size needed for your database instance. podTemplate.db2u.resource.db2u.limits.cpu/memory is a sample value.
    6. Replace <database_version> with the available current version of the your database instance.
    7. If you are setting up dedicated nodes for your deployment, the dedicated deployment must include the following changes in the CR:
      • A section under spec: for tolerations:
          
tolerations:
  - effect: NoSchedule
    key: icp4data
    operator: Equal
    value: <dedicated_specifier>
        where <dedicated_specifier> is replaced with the node label entered in the Value for node label field of the web console.
      • A section under spec: for affinity:
        
affinity:
  nodeAffinity:
    requiredDuringSchedulingIgnoredDuringExecution:
      nodeSelectorTerms:
      - matchExpressions:
        - key: icp4data
          operator: In
          values:
          - <dedicated_specifier>
        where <dedicated_specifier> is replaced with the node label entered in the Value for node label field of the web console.
    8. Set spec.environment.ssl.allowSslOnly to true to disable the TCP/IP port. This will only allow SSL connections to the database.
    9. Set spec.environment.instance.registry.DB2_4K_DEVICE_SUPPORT: "ON" when using a storage device that uses 4 KB sector size, as in Portworx storage for example. If it's not set, Db2 uses a default 512-byte sector size.
    10. Set .spec.environment.databases.settings.encrypt to "NO" to disable Db2 native encryption in your database.
    11. Deploy Db2 with no privileges in a restricted-v2 environment
      1. Set the UID/GID range and MCS label on the target namespace to annotate it in compliance with the restricted-v2 requirements.
        uidGidRange='1001000000/10000'
        oc annotate namespace ${namespace} --overwrite openshift.io/sa.scc.supplemental-groups=${uidGidRange} openshift.io/sa.scc.uid-range=${uidGidRange} openshift.io/sa.scc.mcs=s0:c27,c512
      2. Configure the deployment CR to request the restricted-v2 SCC and enforce non-root installation.
        metadata:
  annotations:
    openshift.io/required-scc: "restricted-v2"
spec:
  account:
    securityConfig:
      privilegedSysctlInit: false
      nonRootInstall: true

      For more information, see Deploying Db2 with non-root access in a restricted-v2 SCC on IBM Software Hub.

  3. To create the database, run the following command :
    oc create -f db2oltp.yaml
  4. Monitor the deployment status by running the following command and wait for the state to be Ready, or you can monitor the status in the web console:
    oc get db2uinstance db2oltp-<numeric_number>

Validating that the service instance was created

To validate that the service instance was created, run the following command:

cpd-cli service-instance status ${INSTANCE_NAME --profile=${CPD_PROFILE_NAME} --service-type=db2oltp

What to do next

As a database administrator, you can: