Installing Db2 Warehouse on IBM Cloud Pak For Data - Manually

Complete this task to install IBM® Db2® Warehouse on IBM Cloud Pak® For Data as your database.

About this task

For more information about Db2 Warehouse on IBM Cloud Pak For Data, see IBM Cloud Pak for Data Pre-installation tasks.

Procedure

  1. Create two Red Hat® OpenShift® projects by running the following commands:
    
    oc new-project ibm-common-services
    oc new-project ibm-cpd
    
  2. Enable the IBM operator catalog by running the following command:
    cat <<EOF |oc apply -f -
    apiVersion: operators.coreos.com/v1alpha1
    kind: CatalogSource
    metadata:
      name: ibm-operator-catalog
      namespace: openshift-marketplace
    spec:
      displayName: "IBM Operator Catalog" 
      publisher: IBM
      sourceType: grpc
      image: icr.io/cpopen/ibm-operator-catalog:latest
      updateStrategy:
        registryPoll:
          interval: 45m
    EOF
    
  3. Install CP4D Operator.
    1. Create the operator group by running the following command:
      cat <<EOF |oc apply -f -
      apiVersion: operators.coreos.com/v1alpha2
      kind: OperatorGroup
      metadata:
        name: operatorgroup
        namespace: ibm-common-services
      spec:
        targetNamespaces:
        - ibm-common-services
      EOF
      
    2. Install CP4D operators by running the following command.
      This command installs the following operators:
      • Cloud Pak for Data Operator
      • IBM Cloud® Pak foundational services
      • IBM NamespaceScope Operator
      • Operand Deployment Lifecycle Manager
      
      cat <<EOF |oc apply -f -
      apiVersion: operators.coreos.com/v1alpha1
      kind: Subscription
      metadata:
        name: cpd-operator
        namespace: ibm-common-services    # Pick the project that contains the Cloud Pak for Data operator
      spec:
        channel: v3.2
        installPlanApproval: Automatic
        name: cpd-platform-operator
        source: ibm-operator-catalog
        sourceNamespace: openshift-marketplace
      EOF
      
    3. Install the IBM Db2 operator by running the following command:
      
      cat <<EOF |oc apply -f -
      apiVersion: operators.coreos.com/v1alpha1
      kind: Subscription
      metadata:
        name: ibm-db2uoperator-catalog-subscription
        namespace: ibm-common-services    # Pick the project that contains the Cloud Pak for Data operator
      spec:
        channel: v2.2
        name: db2u-operator
        installPlanApproval: Automatic
        source: ibm-operator-catalog
        sourceNamespace: openshift-marketplace
      EOF
      
    4. Install the DB2WH operator by running the following command:
      
      cat <<EOF |oc apply -f -
      apiVersion: operators.coreos.com/v1alpha1
      kind: Subscription
      metadata:
        name: ibm-db2wh-cp4d-operator-catalog-subscription
        namespace: ibm-common-services    # Pick the project that contains the Cloud Pak for Data operator
      spec:
        channel: v2.2
        name: ibm-db2wh-cp4d-operator
        installPlanApproval: Automatic
        source: ibm-operator-catalog
        sourceNamespace: openshift-marketplace
      EOF
      
    5. Install the Data Management Console (DMC) operator by running the following command:
      
      cat <<EOF |oc apply -f -
      apiVersion: operators.coreos.com/v1alpha1
      kind: Subscription
      metadata:
        name: ibm-dmc-operator-subscription
        namespace: ibm-common-services    # Pick the project that contains the Cloud Pak for Data operator
      spec:
        channel: v1.7
        installPlanApproval: Automatic
        name: ibm-dmc-operator
        source: ibm-operator-catalog
        sourceNamespace: openshift-marketplace
      EOF
      
  4. Create the IBM entitlement secret.
    1. Obtain your IBM entitlement registry from the Container software library. Click Copy key and substitute the value as <ENTITLEMENT_KEY> in the next step of this task.
    2. Create the secret by running the following command:
      
      oc create secret docker-registry ibm-entitlement --docker-server=cp.icr.io --docker-username=cp --docker-password="$ENTITLEMENT_KEY" -n ibm-cpd
      
  5. Create a function that adds the secret ibm-entitlement to the service account by running the following command:
    
    function addSecretinSA {
      if ! $(oc get sa $1 -n ibm-cpd -o jsonpath='{.imagePullSecrets}{"\n"}' | grep -q ibm-entitlement); then
        echo "Adding imagePullSecret ibm-entitlement to service account $1"
        oc patch serviceaccount/$1 -n ibm-cpd --type='json' -p='[{"op":"add","path":"/imagePullSecrets/-","value":{"name":"ibm-entitlement"}}]'
      fi
    }
    
  6. Install CP4D 4.6.x.
    Create an empty request to link the namespaces:
    
    cat <<EOF |oc apply -f -
    apiVersion: operator.ibm.com/v1alpha1
    kind: OperandRequest
    metadata:
      name: empty-request
      namespace: ibm-cpd        # Replace with the project where you will install Cloud Pak for Data
    spec:
      requests: []
    EOF
    
    The Ibmcpd custom resource installs the following operators:
    • IBM Cert Manager
    • IBM Zen Service

    It also creates a ZenService custom resource called lite-cr.

    Replace ibmc-file-gold-gid with the available storage class in the cluster.
    
    cat <<EOF |oc apply -f -
    apiVersion: cpd.ibm.com/v1
    kind: Ibmcpd
    metadata:
      name: ibmcpd-cr                                     # This is the recommended name, but you can change it
      namespace: ibm-cpd                             # Replace with the project where you will install Cloud Pak for Data
    spec:
      license:
        accept: true
        license: Standard                      # Specify the Cloud Pak for Data license you purchased
      storageClass: ibmc-file-gold-gid                     # Replace with the name of a RWX storage class
      zenCoreMetadbStorageClass: ibmc-file-gold-gid        # (Recommended) Replace with the name of a RWO storage class
      version: "4.5.3"
    EOF
    
    Important: Immediately run the following command to add ibm-entitlement to the service accounts that are being created:
    
    ZENSERVICE=$(oc get ZenService lite-cr -n ibm-cpd -o jsonpath="{.status.zenStatus}{'\n'}")
    while [ "$ZENSERVICE" != "Completed" ]
      do
        for i in $(oc get sa -n ibm-cpd | grep -v NAME | awk '{print $1}'); do
          addSecretinSA $i
        done
        ZENSERVICE=$(oc get ZenService lite-cr -n ibm-cpd -o jsonpath="{.status.zenStatus}{'\n'}")
        echo "Installing CP4D.." $ZENSERVICE
        sleep 20
      done
    

    The installation takes approximately 40 minutes to install after showing errors such as the following examples: the server doesn't have a resource type "ZenService" and zenservices.zen.cpd.ibm.com "lite-cr" not found.

  7. Install Db2whService by running the following command:
    
    cat <<EOF |oc apply -f -
    apiVersion: databases.cpd.ibm.com/v1
    kind: Db2whService
    metadata:
      name: db2wh-cr     # This is the recommended name, but you can change it
      namespace: ibm-cpd     # Replace with the project where you will install Db2 Warehouse
    spec:
      license:
        accept: true
        license: Standard     # Specify the license you purchased
    EOF
    
    Important: Immediately run the following command to add ibm-entitlement to the service accounts that are being created:
    
    DB2WHSERVICE=$(oc get Db2whService db2wh-cr -n ibm-cpd -o jsonpath='{.status.db2whStatus}{"\n"}')
    while [ "$DB2WHSERVICE" != "Completed" ]
      do
        for i in $(oc get sa -n ibm-cpd | grep -v NAME | awk '{print $1}'); do
          addSecretinSA $i
        done
        DB2WHSERVICE=$(oc get Db2whService db2wh-cr -n ibm-cpd -o jsonpath='{.status.db2whStatus}{"\n"}')
        echo "Installing DB2WH.." $DB2WHSERVICE
        sleep 20
      done
    

    This step takes approximately 15 minutes to install.

    If you use IBM ibmc-file-storage as the storage class, complete the following extra DB2WH configuration:
    
    oc create -f - << EOF
    apiVersion: v1
    kind: ServiceAccount
    metadata:
      name: norootsquash
      namespace: kube-system
    EOF
    
    oc adm policy add-scc-to-user privileged system:serviceaccount:kube-system:norootsquash
    
    
    export DOMAIN_NAME=slnfsv4.com
    
    oc create -f - << EOF
    apiVersion: apps/v1
    kind: DaemonSet
    metadata:
      name: norootsquash
      namespace: kube-system
      labels:
        tier: management
        app: norootsquash
    spec:
      selector:
        matchLabels:
          name: norootsquash
      template:
        metadata:
          labels:
            name: norootsquash
        spec:
          serviceAccountName: norootsquash
          initContainers:
            - resources:
                requests:
                  cpu: 0.1
              securityContext:
                privileged: true
              image: alpine:3.6
              name: unrootsquash
              command: ["chroot", "/host", "sh", "-c"]
              args:
                - >
                  grep "^Domain = ${DOMAIN_NAME}" /etc/idmapd.conf;
                  if [ "\$?" -ne "0" ] ; then
                    sed -i 's/.*Domain =.*/Domain = ${DOMAIN_NAME}/g' /etc/idmapd.conf;
                    nfsidmap -c;
                    rpc.idmapd
                  fi;
              volumeMounts:
                - name: host
                  mountPath: /host
          containers:
            - resources:
                requests:
                  cpu: 0.1
              image: alpine:3.6
              name: sleep
              command: ["/bin/sh", "-c"]
              args:
                - >
                  while true; do
                    sleep 100000;
                  done
          volumes:
            - hostPath:
                path: /
                type: Directory
              name: host
    EOF
    
  8. Install the Data Management Console by running the following command:
    
    cat <<EOF |oc apply -f -
    apiVersion: dmc.databases.ibm.com/v1
    kind: Dmcaddon
    metadata:
      name: dmc-addon                  # This is the recommended name, but you can change it
      namespace: ibm-cpd                             # Replace with the project where you will install Db2 Data Management Console
    spec:
      license:
        accept: true
        license: Standard           # Specify the license you purchased
      version: 4.5.3
    EOF
    
    Important: Immediately run the following command to add ibm-entitlement to the service accounts that are being created:
    
    DMCSERVICE=$(oc get $(oc get Dmcaddon -o name -n ibm-cpd) -n ibm-cpd -o jsonpath='{.status.dmcAddonStatus}{"\n"}')
    while [ "$DMCSERVICE" != "Completed" ]
      do
        for i in $(oc get sa -n ibm-cpd | grep -v NAME | awk '{print $1}'); do
          fixSAImagePullSecret $i
        done
        DMCSERVICE=$(oc get $(oc get Dmcaddon -o name -n ibm-cpd) -n ibm-cpd -o jsonpath='{.status.dmcAddonStatus}{"\n"}')
        echo "Installing DMC.." $DMCSERVICE
        sleep 20
      done
    
  9. Resolve CPU and memory issues in the cluster privileges by running the following command:
    
    oc adm policy add-cluster-role-to-user system:controller:persistent-volume-binder system:serviceaccount:ibm-cpd:zen-databases-sa
    
  10. Optional: Set up a dedicated node for IBM Db2 Warehouse:
    1. Get the nodes by running the following command:
      
      oc get nodes
      
    2. Select the node name to be dedicated for IBM Db2 Warehouse and run the following commands:
      
      oc adm taint node <node_name> icp4data=database-db2wh:NoSchedule --overwrite
      oc adm drain <node_name>
      oc adm uncordon <node_name>
      oc label node <node_name> icp4data=database-db2wh --overwrite
      
  11. Secure the CP4D Console by running the following command:
    
    oc project ibm-cpd
    openssl genrsa -out cp4d.key 4096
    openssl req -new -x509 -days 3650 -key cp4d.key  -reqexts v3_req -extensions v3_ca -out cp4d.pem   -subj "/C=US/ST=NY/L=New York/O=AIAPPS/OU=TAS/CN=TAS"
    oc create secret generic external-tls-secret --from-file=cert.crt=cp4d.pem --from-file=cert.key=cp4d.key --dry-run=client -o yaml | oc apply -f -
    for i in `oc get pods | grep ibm-nginx |  cut -f1 -d\ `; do oc exec ${i} -- /scripts/reload.sh; done
    oc delete route cpd
    oc create route reencrypt cpd --service=ibm-nginx-svc --port=ibm-nginx-https-port --dest-ca-cert=cp4d.pem
    oc annotate route cpd --overwrite haproxy.router.openshift.io/timeout=3600s
    
  12. Log in to the CP4D Web Console.
    1. Get the URL of the CP4D installation by running the following command:
      
      oc get ZenService lite-cr -o jsonpath="{.status.url}{'\n'}"
      
    2. Get the initial administrator password of the CP4D installation by running the following command:
      
      oc extract secret/admin-user-details --keys=initial_admin_password --to=-
      
    3. Go to the URL of the CP4D installation and log in with the admin user and the password that you retrieved.