Fix Readme
Abstract
Readme file for IBM Security Guardium Key Lifecycle Manager for Distributed and Containerized Platforms, Version 4.1.0 Fix Pack 1 (4.1.0.1) including installation-related instructions, prerequisites and corequisites, and a list of fixes.
Content
Download instructions
Supported platforms
Prerequisites
Known limitations
Installation information
Variable definitions
Installing the fix pack on IBM Security Guardium Key Lifecycle Manager traditional
Uninstalling the fix pack
Installing the fix pack on IBM Security Guardium Key Lifecycle Manager container
List of features and fixes
Features included in Guardium Key Lifecycle Manager Traditional Version 4.1.0.1
- Improved Multi-Master cluster management.
- Enabling password-less authentication with the database (Db2) by using Kerberos.
- Enhanced data migration functionality when using the cross-platform restore utility.
For more information, see IBM Security Guardium Key Lifecycle Manager Version 4.1.0 Fix Packs.
Features included in Guardium Key Lifecycle Manager Container Version 4.1.0.1
None
Internal fixes included in Version 4.1.0.1- In a replication setup, Db2 password change from UI does not work on clone server.
- Multiple issues around full and incremental replication are fixed, which include
- Client device connecting to clone first and then master server might lead to replication failure.
- SKLMConfig.properties file gets corrupted causing incremental replication failure.
- Only applicable for Guardium Key Lifecycle Manager Traditional: Cross migration to V4.1 might lead to duplicate key exception during restore operation.
APAR fixes included in Version 4.1.0.1
None
Download instructions
- Go to IBM Fix Central home page: http://www.ibm.com/support/fixcentral/
- In the Product selector field, type IBM Security Key Lifecycle Manager, and select the product name when it appears.
- From the Installed Version list, select 4.1.0.
- From the Platform list, select the appropriate platform, and click Continue.
- On the Identify Fixes page, ensure that the Browse for Fixes is selected, and click Continue.
- On the Select Fixes page, select fix pack 4.1.0-ISS-GKLM-FP0001, and click Continue.
You might be prompted to Sign In. If you do not have an ID, click the Register now link and follow the registration steps. - On the Download options page, select a download method (default is Download using Download Director).
- Select the associated files and README for fix pack: 4.1.0-ISS-GKLM-FP0001 and click Download now.
Supported platforms
See IBM Security Guardium Key Lifecycle Manager Support Matrix.
Fix pack files per platform for IBM Security Guardium Key Lifecycle Manager
Fix pack files for IBM Security Guardium Key Lifecycle Manager container
- Ensure that IBM Security Guardium Key Lifecycle Manager is not in use.
- Back up the IBM Security Guardium Key Lifecycle Manager server. For instructions, see Configuring backup and restore.
- (Only on IBM Security Guardium Key Lifecycle Manager traditional) Ensure the following prerequisites:
- Ensure that IBM Security Guardium Key Lifecycle Manager, Version 4.1.0 (GA version) is already installed.
- Ensure that /tmp directory does not contain klmPrev.properties. If present, rename or remove this file before you start applying fix pack.
Also, ensure that the /tmp directory has all the permissions and does not have noexec set. - On Linux for System z server, ensure that gtk 2 libraries are installed. Also, add following parameter in IM_INSTALL_DIR/eclipse/IBMIM.ini file. Add the following properties just before "--launcher.appendVmargs" in IBMIM.ini file.
--launcher.GTK_version
2 - Ensure that umask is set to 0022.
- Back up the WebSphere Application Server files. For instructions, see the following table:
S.No. |
Instruction |
Windows Commands |
UNIX/Linux Commands |
1. |
Windows - Open command line. Linux / AIX - Open a ksh or bash shell. |
Click Start > Run, type cmd, and click OK. |
If your default shell is not ksh or bash, run "exec ksh" or "exec bash". |
2. |
Stop WebSphere Application Server. |
WAS_HOME\bin\stopServer.bat server1 -username WAS_ADMIN -password WAS_PASSWORD |
WAS_HOME/bin/stopServer.sh server1 -username WAS_ADMIN -password WAS_PASSWORD |
3. |
Make a temporary directory. |
mkdir WAS_BACKUP_DIRECTORY |
mkdir WAS_BACKUP_DIRECTORY |
4. |
Change directory to the temporary directory. |
cd C:\wasbackup |
cd /tmp/wasbackup |
5. |
Copy or archive the files from the directory where WebSphere Application Server is installed. |
xcopy /y /e /d WAS_HOME C:\wasbackup |
tar -cvf wasbackup.tar WAS_HOME/* |
6. |
Start WebSphere Application Server. |
WAS_HOME\bin\startServer.bat server1 |
WAS_HOME/bin/startServer.sh server1 |
- Rollback of installed fix pack is not supported.
- Only applicable for Linux for System z platform: After you apply the fix pack, the graphical user interface of Guardium Key Lifecycle Manager does not start.
Workaround:- Stop WebSphere Application Server.
- Stop Db2.
- Start Db2.
- Start WebSphere Application Server.
Installing the fix pack on IBM Security Guardium Key Lifecycle Manager traditional
Installing a fix pack involves the following steps:
1. Complete the prerequisites.
2. Prepare to install the fix pack.
3. Install the fix pack.
4. Complete the post fix-pack installation tasks.
Prepare to install the fix pack
- Open the command line.
- Create a temporary directory to extract the fix pack installer files.
Windows
mkdir C:\sklminstall_windowsfp
UNIX/Linux
mkdir /sklminstall_linuxfp - Change directory to this temporary directory.
Windows
cd C:\sklminstall_windowsfp
UNIX/Linux
cd /sklminstall_linuxfp - Download the fix pack installer files into the directory. See Download Instructions.
- Extract the downloaded files.
For example:Windows: 4.1.0-ISS-GKLM-FP0001-Windows.zip [Right-click and extract all]
UNIX/Linux: tar -xvf 4.1.0-ISS-GKLM-FP0001-Linux.tar.gz
Note: Use the platform-specific file.
Installing the fix pack by using the graphical user interface
S. No. |
Instruction |
Steps |
1. |
Stop WebSphere Application Server, update Java SDK, and then start Installation Manager in GUI mode. |
Windows
For example: UNIX/Linux
chmod +x ./updateSKLM.sh ./updateSKLM.sh IM_INSTALL_LOCATION WAS_HOME WAS_ADMIN WAS_PASSWORD For example: |
2. |
Select the IBM Security Guardium Key Lifecycle Manager, Version 4.1.0 software package group. |
1. Select the base offering software package group (IBM Security Guardium Key Lifecycle Manager, Version 4.1.0). 2. Click Next. 3. In the Update Packages pane, select Version 4.1.0.1, and click Next. |
3. |
Provide credentials for |
|
4. |
Complete the final step. |
In the Update Packages > Summary pane, review the software packages that you want to install, and click Update. |
Installing the fix pack silently
S. No. |
Instruction |
Steps |
1. |
Start the Installation Manager utility to encrypt the passwords for users as required. |
Windows Run the following command to generate an encrypted password: UNIX/LINUX Run the following command to generate an encrypted password: |
2. |
Back up the response file. |
Rename the original response file to create a backup of the file: |
3. |
Edit the response file. |
Windows Edit the response file SKLM_Silent_Update_platform_Resp.xml.
UNIX/Linux Edit the response file: SKLM_Silent_Update_platform_Resp.xml
|
4. |
Install the fix pack. |
Windows
silent_updateSKLM.bat IM_INSTALL_LOCATION WAS_HOME WAS_ADMIN WAS_PASSWORD For example: silent_updateSKLM.bat "C:\Program Files\IBM\Installation Manager" "C:\Program Files \IBM\WebSphere\AppServer" wasadmin wasadminpwd UNIX/Linux
chmod +x ./silent_updateSKLM.sh ./silent_updateSKLM.sh IM_INSTALL_LOCATION WAS_HOME WAS_ADMIN WAS_PASSWORD For example: ./silent_updateSKLM.sh /opt/IBM/InstallationManager /opt/IBM/WebSphere/AppServer wasadmin wasadminpwd |
Installing the fix pack when a Multi-Master environment is set up
Prerequisites
To install the fix pack
- Stop WebSphere Application Server on all the master servers, in any sequence.
- Open a command line.
- Go to the WAS_HOME\bin directory.
Windows
C:\Program Files\IBM\WebSphere\AppServer\bin
Linux
/opt/IBM/WebSphere/AppServer/bin
- Stop the IBM Security Guardium Key Lifecycle Manager server.
Windows
stopServer.bat server1 -username wasadmin -password mypwd
Linux
./stopServer.sh server1 -username wasadmin -password mypwd
- Stop Agent on all the master servers, in any sequence.
- Open a command line.
- Go to the GKLM_INSTALL_HOME\agent directory.
Windows
C:\Program Files\IBM\SKLMV41\agent
Linux
/opt/IBM/SKLMV41/agent - Stop the Agent.
Windows
stopAgent.bat WAS_HOME
For example: stopAgent.bat "C:\Program Files\IBM\WebSphere\AppServer"
Linux
./stopAgent.sh WAS_HOME
For example: ./stopAgent.sh /opt/IBM/WebSphere/AppServer
- Apply fix pack on each master server and verify the installation.
Complete this step in the following sequence:- Primary master server
- Principal standby master server
- Auxiliary standby master servers
- Non-HADR master servers
For steps to install the fix pack, see Installing the fix pack.
To verify the installation:- Log in to IBM Security Guardium Key Lifecycle Manager and check the version number.
- Ensure that the master server is running and available for use.
- Use one of the following methods to verify the installation.
- Using graphical user interface:
a. Log in to the graphical user interface.
b. On the Welcome page header bar, click the Help (?) icon.
c. Click About.
The page displays the version details. - Using REST interface:
Run the Version Info REST Service. For more information, see Swagger UI. - Using command line:
Only for Guardium Key Lifecycle Manager traditional:- Windows
a. Open the command line.
b. Run the command: cd WAS_HOME\bin
c. Run the command:
wsadmin -lang jython -username sklmadminUserID -password sklmadminPassword
For example: wsadmin.bat -lang jython -username sklmadmin -password sklmpassword
d. At the wsadmin> prompt, type: print AdminTask.tklmVersionInfo() - UNIX/Linux
a. Run the commands:
cd WAS_HOME/bin/
./wsadmin.sh -lang jython -username sklmadminUserID -password sklmadminPassword
For example: ./wsadmin.sh -lang jython -username sklmadmin -password sklmpassword
b. At the wsadmin> prompt, type:
print AdminTask.tklmVersionInfo()
Check the output of the tklmVersionInfo command:IBM Security Guardium Key Lifecycle Manager Version = 4.1.0.1 IBM Security Guardium Key Lifecycle Manager Build Level = 202103261338 WebSphere Application Server Version = 9.0.5.5 DB2 Version = DB2/LINUXX8664 SQL110540 Java Version = JRE 1.8.0_261 IBM J9 VM 2.9 Operating System Version = Linux:3.10.0-957.21.3.el7.x86_64:amd64 Agent Version : 2.0 [Click and drag to move]
- Windows
- Using graphical user interface:
- Back up the IBM Security Guardium Key Lifecycle Manager server. For more information, see Configuring backup and restore.
- Only applicable on Windows: Complete the following steps to fix the intermittent database crash issue.
- Go to the C:\Windows\System32\drivers\etc\ directory and open services file in edit mode.
- Remove duplicate entry for the Db2 service:
DB2_db2_instance_name db2_port/tcp
For example: DB2_sklmdb41 60000/tcp - Save the services file and close it.
Important: The following steps uninstall the entire product package, including IBM Security Guardium Key Lifecycle Manager, IBM Db2, and WebSphere Application Server, and all your data is lost. Take a backup before uninstalling.
Uninstalling IBM Security Guardium Key Lifecycle Manager with the fix pack by using the graphical user interface
S. No. |
Instruction |
Steps |
1. |
Complete the prerequisites |
Stop the WebSphere Application Server. |
2. |
Uninstall IBM Security Guardium Key Lifecycle Manager. |
Windows
Unix/Linux
|
Uninstalling IBM Security Guardium Key Lifecycle Manager with the fix pack silently
S. No. |
Instruction |
Steps |
1. |
Edit the silent response file. |
1. Go to the directory that contains the installer files. 2. Back up the original response file SKLM_Uninstall_platform_Resp.xml by renaming it to SKLM_Uninstall_platform_Resp_original.xml. 3. Edit the silent response file SKLM_Uninstall_platform_Resp.xml. |
2. |
Uninstall IBM Security Guardium Key Lifecycle Manager. |
Windows
UNIX/Linux
|
Where:
PATH_TO_UNINSTALL_RESPONSE_FILE refers to the uninstallation response file provided or bundled with the fix pack installer.
platform refers to the operating system where the fix pack is being installed or uninstalled. For example: SKLM_Uninstall_platform_Resp.xml on Linux will be SKLM_Uninstall_Linux_Resp.xml
Installing the fix pack on IBM Security Guardium Key Lifecycle Manager container
Installing on a Kubernetes cluster
Installing on a Red Hat OpenShift Container Platform cluster
http://www.ibm.com/legal/copytrade.shtml
Notices
INTERNATIONAL BUSINESS MACHINES CORPORATION PROVIDES THIS PUBLICATION "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Some jurisdictions do not allow disclaimer of express or implied warranties in certain transactions, therefore, this statement might not apply to you.
This information could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein; these changes will be incorporated in new editions of the publication. IBM may make improvements and/or changes in the product(s) and/or the program(s) described in this publication at any time without notice.
Linux is a registered trademark of Linus Torvalds in the United States, other countries, or both.
Microsoft and Windows are trademarks of Microsoft Corporation in the United States, other countries, or both.
Other company, product, or service names may be trademarks or service marks of others.
THIRD-PARTY LICENSE TERMS AND CONDITIONS, NOTICES AND INFORMATION
The license agreement for this product refers you to this file for details concerning terms and conditions applicable to third party software code included in this product, and for certain notices and other information IBM must provide to you under its license to certain software code. The relevant terms and conditions, notices and other information are provided or referenced below. Please note that any non-English version of the licenses below is unofficial and is provided to you for your convenience only. The English version of the licenses below, provided as part of the English version of this file, is the official version.
Notwithstanding the terms and conditions of any other agreement you may have with IBM or any of its related or affiliated entities (collectively "IBM"), the third party software code identified below are "Excluded Components" and are subject to the following terms and conditions:
-
the Excluded Components are provided on an "AS IS" basis.
-
IBM DISCLAIMS ANY AND ALL EXPRESS AND IMPLIED WARRANTIES AND CONDITIONS WITH RESPECT TO THE EXCLUDED COMPONENTS, INCLUDING, BUT NOT LIMITED TO, THE WARRANTY OF NON-INFRINGEMENT OR INTERFERENCE AND THE IMPLIED WARRANTIES AND CONDITIONS OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
-
IBM will not be liable to you or indemnify you for any claims related to the Excluded Components.
-
IBM will not be liable for any direct, indirect, incidental, special, exemplary, punitive or consequential damages with respect to the Excluded Components.
End of Document
Was this topic helpful?
Document Information
Modified date:
13 September 2021
UID
ibm16424525