APAR status
Closed as program error.
Error description
The documentation for the client configuration in a UNIX cluster is in some parts misleading and incorrect. 1) The following sub-section still contains some references to already outdated / removed (on UNIX & Linux only) CLUSTERNODE option: https://www.ibm.com/support/knowledgecenter/SSEQVQ_8.1.9/client/ t_bac_hacmpsched.html 2) There is no clear information about how to specify the directory location that can be used for the key database to store the server's public certificate in the dsmcert.kdb file e.g. similar to the CLUSTERSHAREDFOLDER option on Windows: https://www.ibm.com/support/knowledgecenter/SSEQVQ_8.1.9/client/ r_opt_clustersharedfolder.html Spectrum Protect Versions Affected: all 7.1.x and 8.1.x Initial Impact:: Low Additional Keywords: TS003354444, clusternode, C2S_CERTDIR
Local fix
In the dsm.opt, use the TESTFLAG C2S_CERTDIR which has been introduced by APAR IT27375 in order to specify the location for the dsmcert.* files: testflag C2S_CERTDIR:"/shared_folder/MY_CLIENT_TO_SERVER_CERT" Note: the testflag value is specified in the dsm.opt using the leading colon character. Also, string values should be enclosed with quotas.
Problem summary
**************************************************************** * USERS AFFECTED: * * IBM Spectrum Protect API and backup-archive clients versions * * 7.1.x and 8.1.x running on all Unix and Linux platforms. * **************************************************************** * PROBLEM DESCRIPTION: * * See ERROR DESCRIPTION. * **************************************************************** * RECOMMENDATION: * * Apply fixing level when available. This problem is projected * * to be fixed in level 8.1.11. Note that this is subject to * * change at the discretion of IBM. * **************************************************************** *
Problem conclusion
There was no reliable, documented way to configure the SSL communication protocol that is used between the client and the server in a clustered environment. In particular, the location that is used for the key database to store the server's public certificate (in the dsmcert.kdb file) has never been documented. Upon the fix, the PASSWORDDIR option implementation has been enhanced, so that this option can now specify both: - the directory location in which to store an encrypted password file; - the directory location in which to store the dsmcert.kdb file. The PASSWORDDIR option documentation will be updated appropriately: https://www.ibm.com/support/knowledgecenter/SSEQVQ_8.1.10/client /r_opt_passworddir.html
Temporary fix
Comments
APAR Information
APAR number
IT32920
Reported component name
TSM CLIENT
Reported component ID
5698ISMCL
Reported release
81L
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2020-05-19
Closed date
2020-09-16
Last modified date
2020-09-16
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Modules/Macros
dsmc
Fix information
Fixed component name
TSM CLIENT
Fixed component ID
5698ISMCL
Applicable component levels
[{"Line of Business":{"code":"LOB26","label":"Storage"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSGSG7","label":"Tivoli Storage Manager"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"81L"}]
Document Information
Modified date:
13 February 2021