Installing DB2 Warehouse on IBM Cloud Pak For Data - Manually
Complete this task to install DB2 Warehouse on IBM Cloud Pak For Data as your database.
About this task
For more information about DB2 Warehouse on
IBM Cloud Pak For Data, see:
Procedure
- Create the OpenShift projects by running the following commands:
oc new-project ibm-common-services oc new-project ibm-cpd
- Enable the IBM operator catalog by running the following command:
cat <<EOF |oc apply -f - apiVersion: operators.coreos.com/v1alpha1 kind: CatalogSource metadata: name: ibm-operator-catalog namespace: openshift-marketplace spec: displayName: "IBM Operator Catalog" publisher: IBM sourceType: grpc image: icr.io/cpopen/ibm-operator-catalog:latest updateStrategy: registryPoll: interval: 45m EOF
- Install CP4D Operator.
- Create the operator group by running the following command:
cat <<EOF |oc apply -f - apiVersion: operators.coreos.com/v1alpha2 kind: OperatorGroup metadata: name: operatorgroup namespace: ibm-common-services spec: targetNamespaces: - ibm-common-services EOF
- Install CP4D operators by running the following command. This command installs the following operators:
- Cloud Pak for Data Operator
- IBM Cloud Pak foundational services
- IBM NamespaceScope Operator
- Operand Deployment Lifecycle Manager
cat <<EOF |oc apply -f - apiVersion: operators.coreos.com/v1alpha1 kind: Subscription metadata: name: cpd-operator namespace: ibm-common-services # Pick the project that contains the Cloud Pak for Data operator spec: channel: v3.2 installPlanApproval: Automatic name: cpd-platform-operator source: ibm-operator-catalog sourceNamespace: openshift-marketplace EOF
- Install DB2 operator by running the following command:
cat <<EOF |oc apply -f - apiVersion: operators.coreos.com/v1alpha1 kind: Subscription metadata: name: ibm-db2uoperator-catalog-subscription namespace: ibm-common-services # Pick the project that contains the Cloud Pak for Data operator spec: channel: v2.2 name: db2u-operator installPlanApproval: Automatic source: ibm-operator-catalog sourceNamespace: openshift-marketplace EOF
- Install DB2WH operator by running the following command:
cat <<EOF |oc apply -f - apiVersion: operators.coreos.com/v1alpha1 kind: Subscription metadata: name: ibm-db2wh-cp4d-operator-catalog-subscription namespace: ibm-common-services # Pick the project that contains the Cloud Pak for Data operator spec: channel: v2.2 name: ibm-db2wh-cp4d-operator installPlanApproval: Automatic source: ibm-operator-catalog sourceNamespace: openshift-marketplace EOF
- Install Data Management Console (DMC) operator by running the following command:
cat <<EOF |oc apply -f - apiVersion: operators.coreos.com/v1alpha1 kind: Subscription metadata: name: ibm-dmc-operator-subscription namespace: ibm-common-services # Pick the project that contains the Cloud Pak for Data operator spec: channel: v1.7 installPlanApproval: Automatic name: ibm-dmc-operator source: ibm-operator-catalog sourceNamespace: openshift-marketplace EOF
- Create the operator group by running the following command:
- Create the IBM entitlement secret.
- Obtain your IBM entitlement registry from the Container software library. Click Copy key and substitute the value
as
<ENTITLEMENT_KEY>
in the next step of this task. - Create the secret by running the following command:
oc create secret docker-registry ibm-entitlement --docker-server=cp.icr.io --docker-username=cp --docker-password="$ENTITLEMENT_KEY" -n ibm-cpd
- Obtain your IBM entitlement registry from the Container software library. Click Copy key and substitute the value
as
- Create a function that adds the secret ibm-entitlement to the service account by running
the following command:
function addSecretinSA { if ! $(oc get sa $1 -n ibm-cpd -o jsonpath='{.imagePullSecrets}{"\n"}' | grep -q ibm-entitlement); then echo "Adding imagePullSecret ibm-entitlement to service account $1" oc patch serviceaccount/$1 -n ibm-cpd --type='json' -p='[{"op":"add","path":"/imagePullSecrets/-","value":{"name":"ibm-entitlement"}}]' fi }
-
Install CP4D 4.6.x.
Create an empty request to link the namespaces:
cat <<EOF |oc apply -f - apiVersion: operator.ibm.com/v1alpha1 kind: OperandRequest metadata: name: empty-request namespace: ibm-cpd # Replace with the project where you will install Cloud Pak for Data spec: requests: [] EOF
TheIbmcpd
custom resource installs the following operators:- IBM Cert Manager
- IBM Zen Service
It also creates a
ZenService
custom resource calledlite-cr
.Replaceibmc-file-gold-gid
with the available storage class in the cluster.cat <<EOF |oc apply -f - apiVersion: cpd.ibm.com/v1 kind: Ibmcpd metadata: name: ibmcpd-cr # This is the recommended name, but you can change it namespace: ibm-cpd # Replace with the project where you will install Cloud Pak for Data spec: license: accept: true license: Standard # Specify the Cloud Pak for Data license you purchased storageClass: ibmc-file-gold-gid # Replace with the name of a RWX storage class zenCoreMetadbStorageClass: ibmc-file-gold-gid # (Recommended) Replace with the name of a RWO storage class version: "4.5.3" EOF
Important: Immediately run the following command to addibm-entitlement
to the service accounts that are being created:ZENSERVICE=$(oc get ZenService lite-cr -n ibm-cpd -o jsonpath="{.status.zenStatus}{'\n'}") while [ "$ZENSERVICE" != "Completed" ] do for i in $(oc get sa -n ibm-cpd | grep -v NAME | awk '{print $1}'); do addSecretinSA $i done ZENSERVICE=$(oc get ZenService lite-cr -n ibm-cpd -o jsonpath="{.status.zenStatus}{'\n'}") echo "Installing CP4D.." $ZENSERVICE sleep 20 done
The installation takes approximately 40 minutes to install after showing errors such as the following examples:
the server doesn't have a resource type "ZenService"
andzenservices.zen.cpd.ibm.com "lite-cr" not found
. - Install Db2whService by running the following command:
cat <<EOF |oc apply -f - apiVersion: databases.cpd.ibm.com/v1 kind: Db2whService metadata: name: db2wh-cr # This is the recommended name, but you can change it namespace: ibm-cpd # Replace with the project where you will install Db2 Warehouse spec: license: accept: true license: Standard # Specify the license you purchased EOF
Important: Immediately run the following command to addibm-entitlement
to the service accounts that are being created:DB2WHSERVICE=$(oc get Db2whService db2wh-cr -n ibm-cpd -o jsonpath='{.status.db2whStatus}{"\n"}') while [ "$DB2WHSERVICE" != "Completed" ] do for i in $(oc get sa -n ibm-cpd | grep -v NAME | awk '{print $1}'); do addSecretinSA $i done DB2WHSERVICE=$(oc get Db2whService db2wh-cr -n ibm-cpd -o jsonpath='{.status.db2whStatus}{"\n"}') echo "Installing DB2WH.." $DB2WHSERVICE sleep 20 done
This step take approximately 15 minutes to install.
Complete the following additional DB2WH configuration if using IBM ibmc-file-storage as the storage class:oc create -f - << EOF apiVersion: v1 kind: ServiceAccount metadata: name: norootsquash namespace: kube-system EOF oc adm policy add-scc-to-user privileged system:serviceaccount:kube-system:norootsquash
export DOMAIN_NAME=slnfsv4.com oc create -f - << EOF apiVersion: apps/v1 kind: DaemonSet metadata: name: norootsquash namespace: kube-system labels: tier: management app: norootsquash spec: selector: matchLabels: name: norootsquash template: metadata: labels: name: norootsquash spec: serviceAccountName: norootsquash initContainers: - resources: requests: cpu: 0.1 securityContext: privileged: true image: alpine:3.6 name: unrootsquash command: ["chroot", "/host", "sh", "-c"] args: - > grep "^Domain = ${DOMAIN_NAME}" /etc/idmapd.conf; if [ "\$?" -ne "0" ] ; then sed -i 's/.*Domain =.*/Domain = ${DOMAIN_NAME}/g' /etc/idmapd.conf; nfsidmap -c; rpc.idmapd fi; volumeMounts: - name: host mountPath: /host containers: - resources: requests: cpu: 0.1 image: alpine:3.6 name: sleep command: ["/bin/sh", "-c"] args: - > while true; do sleep 100000; done volumes: - hostPath: path: / type: Directory name: host EOF
- Install Data Management Console by running the following command:
cat <<EOF |oc apply -f - apiVersion: dmc.databases.ibm.com/v1 kind: Dmcaddon metadata: name: dmc-addon # This is the recommended name, but you can change it namespace: ibm-cpd # Replace with the project where you will install Db2 Data Management Console spec: license: accept: true license: Standard # Specify the license you purchased version: 4.5.3 EOF
Important: Immediately run the following command to addibm-entitlement
to the service accounts that are being created:DMCSERVICE=$(oc get $(oc get Dmcaddon -o name -n ibm-cpd) -n ibm-cpd -o jsonpath='{.status.dmcAddonStatus}{"\n"}') while [ "$DMCSERVICE" != "Completed" ] do for i in $(oc get sa -n ibm-cpd | grep -v NAME | awk '{print $1}'); do fixSAImagePullSecret $i done DMCSERVICE=$(oc get $(oc get Dmcaddon -o name -n ibm-cpd) -n ibm-cpd -o jsonpath='{.status.dmcAddonStatus}{"\n"}') echo "Installing DMC.." $DMCSERVICE sleep 20 done
- Resolve CPU and memory issues in the cluster privileges by running the following
command:
oc adm policy add-cluster-role-to-user system:controller:persistent-volume-binder system:serviceaccount:ibm-cpd:zen-databases-sa
- Optional: Set up a dedicated node for DB2Warehouse:
- Get the nodes by running the following command:
oc get nodes
- Select the node name to be dedicated for DB2wh and run the following commands:
oc adm taint node <node_name> icp4data=database-db2wh:NoSchedule --overwrite oc adm drain <node_name> oc adm uncordon <node_name> oc label node <node_name> icp4data=database-db2wh --overwrite
- Get the nodes by running the following command:
- Secure the CP4D Console by running the following command:
oc project ibm-cpd openssl genrsa -out cp4d.key 4096 openssl req -new -x509 -days 3650 -key cp4d.key -reqexts v3_req -extensions v3_ca -out cp4d.pem -subj "/C=US/ST=NY/L=New York/O=AIAPPS/OU=TAS/CN=TAS" oc create secret generic external-tls-secret --from-file=cert.crt=cp4d.pem --from-file=cert.key=cp4d.key --dry-run=client -o yaml | oc apply -f - for i in `oc get pods | grep ibm-nginx | cut -f1 -d\ `; do oc exec ${i} -- /scripts/reload.sh; done oc delete route cpd oc create route reencrypt cpd --service=ibm-nginx-svc --port=ibm-nginx-https-port --dest-ca-cert=cp4d.pem oc annotate route cpd --overwrite haproxy.router.openshift.io/timeout=3600s
- Log in to the CP4D Web Console.
- Get the URL of the CP4D installation by running the following command:
oc get ZenService lite-cr -o jsonpath="{.status.url}{'\n'}"
- Get the initial administrator password of the CP4D installation by running the
following command:
oc extract secret/admin-user-details --keys=initial_admin_password --to=-
- Go to the URL of the CP4D installation and log in with the
admin
user and the password that you retrieved.
- Get the URL of the CP4D installation by running the following command: