Installing Db2 Warehouse on IBM Cloud Pak For Data - Manually
Complete this task to install IBM® Db2® Warehouse on IBM Cloud Pak® For Data as your database.
About this task
For more information about Db2 Warehouse on IBM Cloud Pak For Data, see IBM Cloud Pak for Data Pre-installation tasks.
Procedure
- Create two Red Hat®
OpenShift® projects by running the following
commands:
oc new-project ibm-common-services oc new-project ibm-cpd
- Enable the IBM operator catalog by running the following command:
cat <<EOF |oc apply -f - apiVersion: operators.coreos.com/v1alpha1 kind: CatalogSource metadata: name: ibm-operator-catalog namespace: openshift-marketplace spec: displayName: "IBM Operator Catalog" publisher: IBM sourceType: grpc image: icr.io/cpopen/ibm-operator-catalog:latest updateStrategy: registryPoll: interval: 45m EOF
- Install CP4D Operator.
- Create the operator group by running the following command:
cat <<EOF |oc apply -f - apiVersion: operators.coreos.com/v1alpha2 kind: OperatorGroup metadata: name: operatorgroup namespace: ibm-common-services spec: targetNamespaces: - ibm-common-services EOF
- Install CP4D operators by running the following command. This command installs the following operators:
- Cloud Pak for Data Operator
- IBM Cloud® Pak foundational services
- IBM NamespaceScope Operator
- Operand Deployment Lifecycle Manager
cat <<EOF |oc apply -f - apiVersion: operators.coreos.com/v1alpha1 kind: Subscription metadata: name: cpd-operator namespace: ibm-common-services # Pick the project that contains the Cloud Pak for Data operator spec: channel: v3.2 installPlanApproval: Automatic name: cpd-platform-operator source: ibm-operator-catalog sourceNamespace: openshift-marketplace EOF
- Install the IBM
Db2 operator by running the following command:
cat <<EOF |oc apply -f - apiVersion: operators.coreos.com/v1alpha1 kind: Subscription metadata: name: ibm-db2uoperator-catalog-subscription namespace: ibm-common-services # Pick the project that contains the Cloud Pak for Data operator spec: channel: v2.2 name: db2u-operator installPlanApproval: Automatic source: ibm-operator-catalog sourceNamespace: openshift-marketplace EOF
- Install the DB2WH operator by running the following command:
cat <<EOF |oc apply -f - apiVersion: operators.coreos.com/v1alpha1 kind: Subscription metadata: name: ibm-db2wh-cp4d-operator-catalog-subscription namespace: ibm-common-services # Pick the project that contains the Cloud Pak for Data operator spec: channel: v2.2 name: ibm-db2wh-cp4d-operator installPlanApproval: Automatic source: ibm-operator-catalog sourceNamespace: openshift-marketplace EOF
- Install the Data Management Console (DMC) operator by running the following
command:
cat <<EOF |oc apply -f - apiVersion: operators.coreos.com/v1alpha1 kind: Subscription metadata: name: ibm-dmc-operator-subscription namespace: ibm-common-services # Pick the project that contains the Cloud Pak for Data operator spec: channel: v1.7 installPlanApproval: Automatic name: ibm-dmc-operator source: ibm-operator-catalog sourceNamespace: openshift-marketplace EOF
- Create the operator group by running the following command:
- Create the IBM entitlement secret.
- Obtain your IBM entitlement registry from the Container software library. Click Copy key and substitute the value
as
<ENTITLEMENT_KEY>
in the next step of this task. - Create the secret by running the following command:
oc create secret docker-registry ibm-entitlement --docker-server=cp.icr.io --docker-username=cp --docker-password="$ENTITLEMENT_KEY" -n ibm-cpd
- Obtain your IBM entitlement registry from the Container software library. Click Copy key and substitute the value
as
- Create a function that adds the secret ibm-entitlement to the service account by running
the following command:
function addSecretinSA { if ! $(oc get sa $1 -n ibm-cpd -o jsonpath='{.imagePullSecrets}{"\n"}' | grep -q ibm-entitlement); then echo "Adding imagePullSecret ibm-entitlement to service account $1" oc patch serviceaccount/$1 -n ibm-cpd --type='json' -p='[{"op":"add","path":"/imagePullSecrets/-","value":{"name":"ibm-entitlement"}}]' fi }
-
Install CP4D 4.6.x.
Create an empty request to link the namespaces:
cat <<EOF |oc apply -f - apiVersion: operator.ibm.com/v1alpha1 kind: OperandRequest metadata: name: empty-request namespace: ibm-cpd # Replace with the project where you will install Cloud Pak for Data spec: requests: [] EOF
TheIbmcpd
custom resource installs the following operators:- IBM Cert Manager
- IBM Zen Service
It also creates a
ZenService
custom resource calledlite-cr
.Replaceibmc-file-gold-gid
with the available storage class in the cluster.cat <<EOF |oc apply -f - apiVersion: cpd.ibm.com/v1 kind: Ibmcpd metadata: name: ibmcpd-cr # This is the recommended name, but you can change it namespace: ibm-cpd # Replace with the project where you will install Cloud Pak for Data spec: license: accept: true license: Standard # Specify the Cloud Pak for Data license you purchased storageClass: ibmc-file-gold-gid # Replace with the name of a RWX storage class zenCoreMetadbStorageClass: ibmc-file-gold-gid # (Recommended) Replace with the name of a RWO storage class version: "4.5.3" EOF
Important: Immediately run the following command to addibm-entitlement
to the service accounts that are being created:ZENSERVICE=$(oc get ZenService lite-cr -n ibm-cpd -o jsonpath="{.status.zenStatus}{'\n'}") while [ "$ZENSERVICE" != "Completed" ] do for i in $(oc get sa -n ibm-cpd | grep -v NAME | awk '{print $1}'); do addSecretinSA $i done ZENSERVICE=$(oc get ZenService lite-cr -n ibm-cpd -o jsonpath="{.status.zenStatus}{'\n'}") echo "Installing CP4D.." $ZENSERVICE sleep 20 done
The installation takes approximately 40 minutes to install after showing errors such as the following examples:
the server doesn't have a resource type "ZenService"
andzenservices.zen.cpd.ibm.com "lite-cr" not found
. - Install Db2whService by running the following command:
cat <<EOF |oc apply -f - apiVersion: databases.cpd.ibm.com/v1 kind: Db2whService metadata: name: db2wh-cr # This is the recommended name, but you can change it namespace: ibm-cpd # Replace with the project where you will install Db2 Warehouse spec: license: accept: true license: Standard # Specify the license you purchased EOF
Important: Immediately run the following command to addibm-entitlement
to the service accounts that are being created:DB2WHSERVICE=$(oc get Db2whService db2wh-cr -n ibm-cpd -o jsonpath='{.status.db2whStatus}{"\n"}') while [ "$DB2WHSERVICE" != "Completed" ] do for i in $(oc get sa -n ibm-cpd | grep -v NAME | awk '{print $1}'); do addSecretinSA $i done DB2WHSERVICE=$(oc get Db2whService db2wh-cr -n ibm-cpd -o jsonpath='{.status.db2whStatus}{"\n"}') echo "Installing DB2WH.." $DB2WHSERVICE sleep 20 done
This step takes approximately 15 minutes to install.
If you use IBM ibmc-file-storage as the storage class, complete the following extra DB2WH configuration:oc create -f - << EOF apiVersion: v1 kind: ServiceAccount metadata: name: norootsquash namespace: kube-system EOF oc adm policy add-scc-to-user privileged system:serviceaccount:kube-system:norootsquash
export DOMAIN_NAME=slnfsv4.com oc create -f - << EOF apiVersion: apps/v1 kind: DaemonSet metadata: name: norootsquash namespace: kube-system labels: tier: management app: norootsquash spec: selector: matchLabels: name: norootsquash template: metadata: labels: name: norootsquash spec: serviceAccountName: norootsquash initContainers: - resources: requests: cpu: 0.1 securityContext: privileged: true image: alpine:3.6 name: unrootsquash command: ["chroot", "/host", "sh", "-c"] args: - > grep "^Domain = ${DOMAIN_NAME}" /etc/idmapd.conf; if [ "\$?" -ne "0" ] ; then sed -i 's/.*Domain =.*/Domain = ${DOMAIN_NAME}/g' /etc/idmapd.conf; nfsidmap -c; rpc.idmapd fi; volumeMounts: - name: host mountPath: /host containers: - resources: requests: cpu: 0.1 image: alpine:3.6 name: sleep command: ["/bin/sh", "-c"] args: - > while true; do sleep 100000; done volumes: - hostPath: path: / type: Directory name: host EOF
- Install the Data Management Console by running the following command:
cat <<EOF |oc apply -f - apiVersion: dmc.databases.ibm.com/v1 kind: Dmcaddon metadata: name: dmc-addon # This is the recommended name, but you can change it namespace: ibm-cpd # Replace with the project where you will install Db2 Data Management Console spec: license: accept: true license: Standard # Specify the license you purchased version: 4.5.3 EOF
Important: Immediately run the following command to addibm-entitlement
to the service accounts that are being created:DMCSERVICE=$(oc get $(oc get Dmcaddon -o name -n ibm-cpd) -n ibm-cpd -o jsonpath='{.status.dmcAddonStatus}{"\n"}') while [ "$DMCSERVICE" != "Completed" ] do for i in $(oc get sa -n ibm-cpd | grep -v NAME | awk '{print $1}'); do fixSAImagePullSecret $i done DMCSERVICE=$(oc get $(oc get Dmcaddon -o name -n ibm-cpd) -n ibm-cpd -o jsonpath='{.status.dmcAddonStatus}{"\n"}') echo "Installing DMC.." $DMCSERVICE sleep 20 done
- Resolve CPU and memory issues in the cluster privileges by running the following
command:
oc adm policy add-cluster-role-to-user system:controller:persistent-volume-binder system:serviceaccount:ibm-cpd:zen-databases-sa
- Optional: Set up a dedicated node for IBM
Db2
Warehouse:
- Get the nodes by running the following command:
oc get nodes
- Select the node name to be dedicated for IBM
Db2 Warehouse and run the
following commands:
oc adm taint node <node_name> icp4data=database-db2wh:NoSchedule --overwrite oc adm drain <node_name> oc adm uncordon <node_name> oc label node <node_name> icp4data=database-db2wh --overwrite
- Get the nodes by running the following command:
- Secure the CP4D Console by running the following command:
oc project ibm-cpd openssl genrsa -out cp4d.key 4096 openssl req -new -x509 -days 3650 -key cp4d.key -reqexts v3_req -extensions v3_ca -out cp4d.pem -subj "/C=US/ST=NY/L=New York/O=AIAPPS/OU=TAS/CN=TAS" oc create secret generic external-tls-secret --from-file=cert.crt=cp4d.pem --from-file=cert.key=cp4d.key --dry-run=client -o yaml | oc apply -f - for i in `oc get pods | grep ibm-nginx | cut -f1 -d\ `; do oc exec ${i} -- /scripts/reload.sh; done oc delete route cpd oc create route reencrypt cpd --service=ibm-nginx-svc --port=ibm-nginx-https-port --dest-ca-cert=cp4d.pem oc annotate route cpd --overwrite haproxy.router.openshift.io/timeout=3600s
- Log in to the CP4D Web Console.
- Get the URL of the CP4D installation by running the following command:
oc get ZenService lite-cr -o jsonpath="{.status.url}{'\n'}"
- Get the initial administrator password of the CP4D installation by running the
following command:
oc extract secret/admin-user-details --keys=initial_admin_password --to=-
- Go to the URL of the CP4D installation and log in with the
admin
user and the password that you retrieved.
- Get the URL of the CP4D installation by running the following command: