Installing DB2 Warehouse on IBM Cloud Pak For Data - Manually

Complete this task to install DB2 Warehouse on IBM Cloud Pak For Data as your database.

About this task

For more information about DB2 Warehouse on IBM Cloud Pak For Data, see:

Procedure

  1. Create the OpenShift projects by running the following commands:
    
    oc new-project ibm-common-services
    oc new-project ibm-cpd
    
  2. Enable the IBM operator catalog by running the following command:
    cat <<EOF |oc apply -f -
    apiVersion: operators.coreos.com/v1alpha1
    kind: CatalogSource
    metadata:
      name: ibm-operator-catalog
      namespace: openshift-marketplace
    spec:
      displayName: "IBM Operator Catalog" 
      publisher: IBM
      sourceType: grpc
      image: icr.io/cpopen/ibm-operator-catalog:latest
      updateStrategy:
        registryPoll:
          interval: 45m
    EOF
    
  3. Install CP4D Operator.
    1. Create the operator group by running the following command:
      cat <<EOF |oc apply -f -
      apiVersion: operators.coreos.com/v1alpha2
      kind: OperatorGroup
      metadata:
        name: operatorgroup
        namespace: ibm-common-services
      spec:
        targetNamespaces:
        - ibm-common-services
      EOF
      
    2. Install CP4D operators by running the following command.
      This command installs the following operators:
      • Cloud Pak for Data Operator
      • IBM Cloud Pak foundational services
      • IBM NamespaceScope Operator
      • Operand Deployment Lifecycle Manager
      
      cat <<EOF |oc apply -f -
      apiVersion: operators.coreos.com/v1alpha1
      kind: Subscription
      metadata:
        name: cpd-operator
        namespace: ibm-common-services    # Pick the project that contains the Cloud Pak for Data operator
      spec:
        channel: v3.2
        installPlanApproval: Automatic
        name: cpd-platform-operator
        source: ibm-operator-catalog
        sourceNamespace: openshift-marketplace
      EOF
      
    3. Install DB2 operator by running the following command:
      
      cat <<EOF |oc apply -f -
      apiVersion: operators.coreos.com/v1alpha1
      kind: Subscription
      metadata:
        name: ibm-db2uoperator-catalog-subscription
        namespace: ibm-common-services    # Pick the project that contains the Cloud Pak for Data operator
      spec:
        channel: v2.2
        name: db2u-operator
        installPlanApproval: Automatic
        source: ibm-operator-catalog
        sourceNamespace: openshift-marketplace
      EOF
      
    4. Install DB2WH operator by running the following command:
      
      cat <<EOF |oc apply -f -
      apiVersion: operators.coreos.com/v1alpha1
      kind: Subscription
      metadata:
        name: ibm-db2wh-cp4d-operator-catalog-subscription
        namespace: ibm-common-services    # Pick the project that contains the Cloud Pak for Data operator
      spec:
        channel: v2.2
        name: ibm-db2wh-cp4d-operator
        installPlanApproval: Automatic
        source: ibm-operator-catalog
        sourceNamespace: openshift-marketplace
      EOF
      
    5. Install Data Management Console (DMC) operator by running the following command:
      
      cat <<EOF |oc apply -f -
      apiVersion: operators.coreos.com/v1alpha1
      kind: Subscription
      metadata:
        name: ibm-dmc-operator-subscription
        namespace: ibm-common-services    # Pick the project that contains the Cloud Pak for Data operator
      spec:
        channel: v1.7
        installPlanApproval: Automatic
        name: ibm-dmc-operator
        source: ibm-operator-catalog
        sourceNamespace: openshift-marketplace
      EOF
      
  4. Create the IBM entitlement secret.
    1. Obtain your IBM entitlement registry from the Container software library. Click Copy key and substitute the value as <ENTITLEMENT_KEY> in the next step of this task.
    2. Create the secret by running the following command:
      
      oc create secret docker-registry ibm-entitlement --docker-server=cp.icr.io --docker-username=cp --docker-password="$ENTITLEMENT_KEY" -n ibm-cpd
      
  5. Create a function that adds the secret ibm-entitlement to the service account by running the following command:
    
    function addSecretinSA {
      if ! $(oc get sa $1 -n ibm-cpd -o jsonpath='{.imagePullSecrets}{"\n"}' | grep -q ibm-entitlement); then
        echo "Adding imagePullSecret ibm-entitlement to service account $1"
        oc patch serviceaccount/$1 -n ibm-cpd --type='json' -p='[{"op":"add","path":"/imagePullSecrets/-","value":{"name":"ibm-entitlement"}}]'
      fi
    }
    
  6. Install CP4D 4.6.x.
    Create an empty request to link the namespaces:
    
    cat <<EOF |oc apply -f -
    apiVersion: operator.ibm.com/v1alpha1
    kind: OperandRequest
    metadata:
      name: empty-request
      namespace: ibm-cpd        # Replace with the project where you will install Cloud Pak for Data
    spec:
      requests: []
    EOF
    
    The Ibmcpd custom resource installs the following operators:
    • IBM Cert Manager
    • IBM Zen Service

    It also creates a ZenService custom resource called lite-cr.

    Replace ibmc-file-gold-gid with the available storage class in the cluster.
    
    cat <<EOF |oc apply -f -
    apiVersion: cpd.ibm.com/v1
    kind: Ibmcpd
    metadata:
      name: ibmcpd-cr                                     # This is the recommended name, but you can change it
      namespace: ibm-cpd                             # Replace with the project where you will install Cloud Pak for Data
    spec:
      license:
        accept: true
        license: Standard                      # Specify the Cloud Pak for Data license you purchased
      storageClass: ibmc-file-gold-gid                     # Replace with the name of a RWX storage class
      zenCoreMetadbStorageClass: ibmc-file-gold-gid        # (Recommended) Replace with the name of a RWO storage class
      version: "4.5.3"
    EOF
    
    Important: Immediately run the following command to add ibm-entitlement to the service accounts that are being created:
    
    ZENSERVICE=$(oc get ZenService lite-cr -n ibm-cpd -o jsonpath="{.status.zenStatus}{'\n'}")
    while [ "$ZENSERVICE" != "Completed" ]
      do
        for i in $(oc get sa -n ibm-cpd | grep -v NAME | awk '{print $1}'); do
          addSecretinSA $i
        done
        ZENSERVICE=$(oc get ZenService lite-cr -n ibm-cpd -o jsonpath="{.status.zenStatus}{'\n'}")
        echo "Installing CP4D.." $ZENSERVICE
        sleep 20
      done
    

    The installation takes approximately 40 minutes to install after showing errors such as the following examples: the server doesn't have a resource type "ZenService" and zenservices.zen.cpd.ibm.com "lite-cr" not found.

  7. Install Db2whService by running the following command:
    
    cat <<EOF |oc apply -f -
    apiVersion: databases.cpd.ibm.com/v1
    kind: Db2whService
    metadata:
      name: db2wh-cr     # This is the recommended name, but you can change it
      namespace: ibm-cpd     # Replace with the project where you will install Db2 Warehouse
    spec:
      license:
        accept: true
        license: Standard     # Specify the license you purchased
    EOF
    
    Important: Immediately run the following command to add ibm-entitlement to the service accounts that are being created:
    
    DB2WHSERVICE=$(oc get Db2whService db2wh-cr -n ibm-cpd -o jsonpath='{.status.db2whStatus}{"\n"}')
    while [ "$DB2WHSERVICE" != "Completed" ]
      do
        for i in $(oc get sa -n ibm-cpd | grep -v NAME | awk '{print $1}'); do
          addSecretinSA $i
        done
        DB2WHSERVICE=$(oc get Db2whService db2wh-cr -n ibm-cpd -o jsonpath='{.status.db2whStatus}{"\n"}')
        echo "Installing DB2WH.." $DB2WHSERVICE
        sleep 20
      done
    

    This step take approximately 15 minutes to install.

    Complete the following additional DB2WH configuration if using IBM ibmc-file-storage as the storage class:
    
    oc create -f - << EOF
    apiVersion: v1
    kind: ServiceAccount
    metadata:
      name: norootsquash
      namespace: kube-system
    EOF
    
    oc adm policy add-scc-to-user privileged system:serviceaccount:kube-system:norootsquash
    
    
    export DOMAIN_NAME=slnfsv4.com
    
    oc create -f - << EOF
    apiVersion: apps/v1
    kind: DaemonSet
    metadata:
      name: norootsquash
      namespace: kube-system
      labels:
        tier: management
        app: norootsquash
    spec:
      selector:
        matchLabels:
          name: norootsquash
      template:
        metadata:
          labels:
            name: norootsquash
        spec:
          serviceAccountName: norootsquash
          initContainers:
            - resources:
                requests:
                  cpu: 0.1
              securityContext:
                privileged: true
              image: alpine:3.6
              name: unrootsquash
              command: ["chroot", "/host", "sh", "-c"]
              args:
                - >
                  grep "^Domain = ${DOMAIN_NAME}" /etc/idmapd.conf;
                  if [ "\$?" -ne "0" ] ; then
                    sed -i 's/.*Domain =.*/Domain = ${DOMAIN_NAME}/g' /etc/idmapd.conf;
                    nfsidmap -c;
                    rpc.idmapd
                  fi;
              volumeMounts:
                - name: host
                  mountPath: /host
          containers:
            - resources:
                requests:
                  cpu: 0.1
              image: alpine:3.6
              name: sleep
              command: ["/bin/sh", "-c"]
              args:
                - >
                  while true; do
                    sleep 100000;
                  done
          volumes:
            - hostPath:
                path: /
                type: Directory
              name: host
    EOF
    
  8. Install Data Management Console by running the following command:
    
    cat <<EOF |oc apply -f -
    apiVersion: dmc.databases.ibm.com/v1
    kind: Dmcaddon
    metadata:
      name: dmc-addon                  # This is the recommended name, but you can change it
      namespace: ibm-cpd                             # Replace with the project where you will install Db2 Data Management Console
    spec:
      license:
        accept: true
        license: Standard           # Specify the license you purchased
      version: 4.5.3
    EOF
    
    Important: Immediately run the following command to add ibm-entitlement to the service accounts that are being created:
    
    DMCSERVICE=$(oc get $(oc get Dmcaddon -o name -n ibm-cpd) -n ibm-cpd -o jsonpath='{.status.dmcAddonStatus}{"\n"}')
    while [ "$DMCSERVICE" != "Completed" ]
      do
        for i in $(oc get sa -n ibm-cpd | grep -v NAME | awk '{print $1}'); do
          fixSAImagePullSecret $i
        done
        DMCSERVICE=$(oc get $(oc get Dmcaddon -o name -n ibm-cpd) -n ibm-cpd -o jsonpath='{.status.dmcAddonStatus}{"\n"}')
        echo "Installing DMC.." $DMCSERVICE
        sleep 20
      done
    
  9. Resolve CPU and memory issues in the cluster privileges by running the following command:
    
    oc adm policy add-cluster-role-to-user system:controller:persistent-volume-binder system:serviceaccount:ibm-cpd:zen-databases-sa
    
  10. Optional: Set up a dedicated node for DB2Warehouse:
    1. Get the nodes by running the following command:
      
      oc get nodes
      
    2. Select the node name to be dedicated for DB2wh and run the following commands:
      
      oc adm taint node <node_name> icp4data=database-db2wh:NoSchedule --overwrite
      oc adm drain <node_name>
      oc adm uncordon <node_name>
      oc label node <node_name> icp4data=database-db2wh --overwrite
      
  11. Secure the CP4D Console by running the following command:
    
    oc project ibm-cpd
    openssl genrsa -out cp4d.key 4096
    openssl req -new -x509 -days 3650 -key cp4d.key  -reqexts v3_req -extensions v3_ca -out cp4d.pem   -subj "/C=US/ST=NY/L=New York/O=AIAPPS/OU=TAS/CN=TAS"
    oc create secret generic external-tls-secret --from-file=cert.crt=cp4d.pem --from-file=cert.key=cp4d.key --dry-run=client -o yaml | oc apply -f -
    for i in `oc get pods | grep ibm-nginx |  cut -f1 -d\ `; do oc exec ${i} -- /scripts/reload.sh; done
    oc delete route cpd
    oc create route reencrypt cpd --service=ibm-nginx-svc --port=ibm-nginx-https-port --dest-ca-cert=cp4d.pem
    oc annotate route cpd --overwrite haproxy.router.openshift.io/timeout=3600s
    
  12. Log in to the CP4D Web Console.
    1. Get the URL of the CP4D installation by running the following command:
      
      oc get ZenService lite-cr -o jsonpath="{.status.url}{'\n'}"
      
    2. Get the initial administrator password of the CP4D installation by running the following command:
      
      oc extract secret/admin-user-details --keys=initial_admin_password --to=-
      
    3. Go to the URL of the CP4D installation and log in with the admin user and the password that you retrieved.