Version 1.0.22.1 release notes (April 2020)

Version 1.0.22.1 replaces version 1.0.22.0, fixing switch firmware, Call Home and node recovery issues. The list of features and improvements is the same as in 1.0.22.0, including upgrade, backup and restore, support tools enhancements and more.

Important: If you are on IAS 19.0.2 or lower, you must upgrade to IAS 1.0.19.7 before you can upgrade to IAS 1.0.2x.x.
  • Version 1.0.22.1 replaces version 1.0.22.0, fixing the following issues:
    • Switch firmware breaking console, SNMP, alerts.
    • Call Home issues. Alerts for which logs other than general were collected wouldn't get accepted by Call Home and PMRs weren't raised for them. This applies to both automatically and manually filed PMRs.
    • Node recovery issues on multi-rack HA. When a node was disabled and rebooted, there was a risk of the GPFS filesystems partitions not being mounted from the OS point of view. Due to this, the recovery was not triggered.
  • If you are on IAS 1.0.22.0, upgrade to version 1.0.22.1. The upgrade will be complete in about 60 to 90 minutes.

What's new

apupgrade
  • Added a --security option which applies only security related fixes on top of a full release. The base IAS version cannot go back more than 3 full versions. The --essentials and --security features are interdependent. For example, if the base version is 1.0.22.1 and a 1.0.24.0 --essentials is applied, a 1.0.23.0 --security isn't allowed. The security version is required to be no more than 3 times greater than the base version and must be at least equal to any --essentials applied. The same requirement should be there for essentials in the other direction as well, it cannot be applied as a version lower than any applied security option.
  • Added a --database-and-console option which upgrades just the dashdb and web_console from within the provided upgrade bundle.
  • Enhanced the --database-image option. --database-image upgrades just the container and is to be used primarily for special builds. This option allows you to upgrade to special builds and not require support. The path parameter is required.
  • Added a hidden option to apupgrade and bundle_upgrade which warns only about moderate level prechecks for some nodeOS related cases. Some of the prechecks are allowed to fail and the upgrade proceeds as usual.
Backup and restore
  • Version 1.0.22 provides enhancements to the incremental schema backup feature, including improved support for migration of existing schemas. A description of the feature, its scope and 1.0.22 enhancements are provided here: https://www.ibm.com/support/pages/node/2877819.
  • db_backup -history now includes sessions column to display the number of sessions used for a TSM/EMC backup. And for EMC restore, it is recommended to use the same number of sessions during restore as well.
GPFS
  • Upgraded GPFS from 4.2.3.16 to 4.2.3.20.
  • Added GPFS tracing.
Disk firmware
  • When you run sys_hw_check, a list of the disk drive firmware included in the bundle is displayed.
ts_prime_session login during direct port access
Raritan 2.3 no longer requires your login during direct port access and it is now modified not to prompt for your login during direct port access.
mgtsw support
  • Removed mgtsw support from the sys_hw_util power control.
  • Added mgtsw support for mandatory default password change on initial login.
FOS 8.2.1 support

Added support for FOS 8.2.1c which supports the CA SB 327 internet device security requirements that you must change your password on first login. These changes allow both downgrade as well as full support for v 8.2.1 if and when it's required.

The auto reboot functionality is no longer supported. Single mode is now used and reboot is performed manually once all packages are updated, regardless of the version or span.

mfg can now utilize FC switches with the code that is compliant with CA SB 327.

This enhancement also addresses any FRU related issues.

Removed local IP address from the device getaway parameter
For devices which prompt for a gateway parameter during IP configuration, the local IP address is no longer used, it is now set to 0.0.0.0 since all devices on the internal appliance bridge are local subnet traffic only. To implement this, the following changes were introduced:
  • The platform object now applies the quad-zero address to all device gateways when building the local network attributes from /etc/hosts.
  • Call platform method get_<comp>_gateway from all affected objects to get proper value. This is used in all devices except mgtsw/fabw.
  • Modified the terminal server _ip_config() method to use the required delay/retry when setting multiple network parameters. Internally, the network service is restarted with every interface parameter change and must wait for it to finish before the next parameter can be set.
  • For FC switch, separated the switch initial/general configuration from zoning. The IP parameters can be updated without having to reconfigure zoning.
  • Updated FSN and DSN code to check and verify all netmask and gateway values on all interfaces. The code already supports IP reconfiguration without making any other changes.
Db2 Support Tools
db_check_views
Added a db_check_views utility. You ca run the script to find stale views in databases and schemas. For more information, see db_check_views.
db_query_history
Added a db_query_history utility. You can run the script to capture Db2 query history or package-cache information in persistent tables. For more information, see db_query_history.
db_table_skew
Added a db_table_skew utility. You can run the script to get the skew ratio for all the tables specified in the schema. For more information, see db_table_skew.
db_tables_row_count
Added a db_tables_row_count utility. You can run the script to get the row count for all of the specified tables or tables in a schema. For more information, see db_tables_row_count.
db_ddl_compare
Added a db_ddl_compare utility. You can run the script to see the DDL differences between the Netezza/Oracle and DB2 tables after migration. For more information, see db_ddl_compare
db_get_exfmt
Added a db_get_exfmt utility. You can run the script to obtain the table format. For more information, see db_get_exfmt.
analyse_plan
Added an analyse_plan utility. You can run the script to analyze output of the db_get_exfmt.py command. For more information, see analyse_plan.
dbsql
  • Added a -ssl option to enable an ssl-secured connection.
  • The --caCertFile option is now supported for the command.
For more information, see dbsql.
dbload
  • The command now supports a KEEP value for -ignoreZero.
  • Added an -sts option for backward compatibility with nzload. The option is accepted by dbload but it has no effect on the execution of the dbload program.
  • The combination -format internal -compress true can be now used to load Netezza binary data.
For more information, see dbload.
db_migrate
  • Added a -nz_ssl <yes | no> option. This option is used to enable SSL support to connect to the Netezza host. The default securityLevel is preferredUnSecured. On Yes, it will be preferredSecured. The following nz_cert option is not necessary with this option.
  • Added a -nz_cert <certificate file> option. It's a ROOT CA certificate file for Netezza. The default value is NULL.
  • Added a -skip_numeric_check option. It allows you to skip the initial check for numeric values in a source table. The maximum precision of NUMERIC/DECIMAL datatype is higher (38) on performing checks for potential migration problems with numeric columns.
  • Added a ParallelTargetNodes {yes | no} option. It providestab support for parallel load of data to multiple target IAS nodes. If the target machine is a multinode system, the script uses all the available nodes to migrate the data.
For more information, see db_migrate.
db_migrate_iias
  • Added a --force-continue option. It forces the migration to run regardless of error severity. The script normally tries to continue on error, but there are some critical cases when it chooses to abort.
  • Added a truncateTable option. It cleans all the data from the target table prior to the migration.
  • Added a --count_rows option. It calculates the number of rows in the source/target tables before and after migration.
  • Added a --socketbufsize option. It specify the TCP socket buffer size in bytes.
  • Removed the -compress GZIP option. LZ4 compression is used instead.
  • Added -c | --checksum and -columnslist options to calculate and compare checksum on the source/target tables after migration.
  • Added a -ts | --tablespace option. It specifies a case-sensitive table space for new target tables so they can be migrated to a different table space on the target machine.
  • You can now run db_migrate_iias as the root user.
  • Changed default location for logs and temporary files to ~logs/db_migrate_iias. It is now consistent with other migration/compatibility tools.
For more information, see Migrating data with db_migrate_iias command - examples.
db_table_restruct
  • Added a new db_table_restruct script for table optimization. The utility reorganizes tables in the IAS database. The command reloads the data in an ordered manner providing better performance results for queries executed against reorganized tables. The command addresses a common performance issue which is observed after migration of data from one machine to another. For more information, see db_table_restruct.
db_build_dictionary iias
  • Added a -ts | --tablespace option. It specifies table space for new target tables.
For more information, see db_build_dictionary command
db_build_dictionary
You no longer have to use the .sh extension when running db_build_dictionary. For command help, see db_build_dictionary.
db_ddl_object
Added a -cor option. It generates DDL with CREATE OR REPLACE clause for applicable statements.
For more information, see db_ddl_object.
db_get_table_info
The script provides metadata for the provided table(s). For more, see db_get_table_info
db_sort_order
The script provides the percentage of the data sorted on the filesystem with the help of the synopsis table. For more, see db_sort_order
dbpassword
Added a new dbpassword script to store passwords to Db2 systems. The command can be used to store passwords to Db2 systems in an encrypted keystore on a local client machine. For more information, see dbpassword
Note: The dbsql, dbload, db_migrate, and db_migrate_iias support reading passwords from the keystore.
Root lock-down
Root lock-down is disabled during upgrade by default. After the upgrade, it is recommended that you change the root password.
High availability improvements
Security improvements:
  • Generating HA REST server SSL certificates instead of using static certificates.
  • Change to run etcd using stronger cipher suites instead of defaults (includes an etcd upgrade).
Recovery performance improvements:
  • Improved Db2 restart time by killing processes running in parallel across all nodes in the system.
  • Enabled partial recovery. MLNs are restarted only on nodes with failed MLNs (instead of all MLNs).
Support data collection improvement:
  • Introduced new internal APIs to access Db2 transactions and dynamic cache data (from the HA REST API). Used when Platform Manager detects filesystem usage thresholds to help understand the current activity.
Checking for False db activate failures - Ignore all SQL warnings exceptions when re-activating Db2 on recovery.
FCM improved availability
In an MPP environment, the database manager is now able to recover a failed node without having to restart the entire cluster. This reduces the downtime and disruption caused by a node failure.
Diagnostics
Added a --debug flag to all diagnostic modules.

Previously, some modules lacked debug mode support, others (serial) had it permanently enabled. A standard --debug flag support to diagnostic application and ability to pass into all modules is introduced.

Python
Added Python 3 support.
File system replication based disaster recovery REST
The apdr command enhancements
Platform Management
  • Events are now displayed in the ap issues list and they must be manually acknowledged.

    The default ap issues behavior is changed - the command displays all open issues and all unacknowledged events, with additional column indicating acknowledgment state. Once you acknowledge the event, it is no longer displayed in the ap issues list. Acknowledging is done via ap issues --ack <event_id> or ap events --ack <event_id> (similarly to closing stateful alerts). Note that both acknowledged and unacknowledged events are still visible in ap events or ap issues -e.

  • Introduced SNMP v1 and v2c support, in addition to v3. You can set version when running ap config --set snmp with snmp_version and snmp_community parameters.
    If snmp_version is set to 1 or 2, you have to set the following parameters:
    • snmp_community
    • snmp_ip_address
    • snmp_port
    If snmp_version is set to 3, you also have to set following parameters:
    • snmp_engine_id
    • snmp_security_name
    • snmp_security_level
    • snmp_auth_protocol
    • snmp_auth_key
    • snmp_enc_protocol
    • snmp_enc_key
    • snmp_ip_address
    • snmp_port

    If you switch between versions 3 and 1 or 2c, the configuration parameters are preserved in the system. For more information, see Configuring SNMP trap notifications

FODC dumps
You can now manage FODC dumps via the dbdiag path.

Components

IBM® Integrated Analytics System 1.0.22.1 includes the following components:
Db2 Warehouse 11.5.3
See What's New in Db2 Warehouse.
Db2 Engine 11.5.3
To learn more about the new features and changes introduced in Db2 11.5.3, read What's new in the Db2 Knowledge Center.
IBM Data Replication for Availability
  • Support for replication of binary format for supplemental logs:

    When DATA CAPTURE CHANGES is enabled on a column-organized table, the supplemental logs that Db2 creates are read by the replication capture process and transmitted to the target system. Replication now uses binary format for the supplemental logs, significantly reducing the size of the data that is sent from the source to the target when massive transactions of the type that are typical in large data warehouses are performed.

  • Faster file transfer by using parallel processing:

    Replication uses a more robust file transfer method of data transmission for column-organized tables, and you can now increase performance for this method by creating multiple pipelines for file transfer. The parallel degree feature enables you to create up to four sets of IBM MQ send queues, receive queues, and channels to fully saturate the bandwidth between the source and target systems. Parallel transmission can be especially effective when the systems are separated by long distances.

  • Alert monitoring for changes in replication environment:

    You can now receive an email alert when something changes in the status of your replication environment by setting up the Replication Alert Monitor within IBM Data Replication for Availability. The monitor program runs in the source database and monitors the status of the replication capture and apply programs. It monitors for conditions in the replication environment and sends email alerts to a specified list of addresses when an alert condition is met. For more details, see What's new in the IBM Data Replication for Availability Knowledge Center.

FODC dumps
You can now manage FODC dumps via the dbdiag path.
NodeOS
Added a cron script that restarts services if their mount points exceed the threshold. The script resolves the following issues:
  • no space error error/job failure.
  • Problems with starting containers due to mount failure (can be observed in /var/log/messages.)
  • Dangling dm devices with lots of hanging kdmflush and bioset threads which impact system performance (mostly observed on system (i.e. node0101) running DSX.
  • The docker cp command failure.
Call Home
Enhanced the Call Home notification email to support CSP (Salesforce). Support requests are now referred to as cases.

Resolved issues

  • Replaced device mapper storage driver with overlay2 storage driver. This fixes any future thinpool issues during upgrades. With upgrading to version 1.0.21.3, DSX reinstall might still be required.
  • Fixed an upgrade issue with Docker not starting.
  • Fixed an issue with upgrade removing EMC NetWorker configuration. EMC NetWorker package and configuration are now retained after the upgrade.
  • Fixed the following issues with static routing:
    • Fixed issue with static routes and nodes losing their fbond/mbond network interfaces.
    • Static routes can now be deleted on every node using the apsetup utility. For more information, see Deleting static routes
  • sys_hw_diags network no longer crashes on a 4 HA or above systems.
  • db_restore will not be transferring the ownership for system-generated sequences, only for user-defined sequences.
  • Resolved the issue with Platform Manager not being able to establish a master.
  • Resolved issues with node not coming up on the mgt interface after reboot.

    When apupgrade resumed after a node reboot, the node failed to come up on the mgt interface. Now apupgrade attempts to confirm it can communicate over the management network with all of the nodes. If any nodes are unreachable, it attempts to restart the network.

  • Resolved issues related to the netbackup-server/-nb option for schema-level backup.
  • DSX is not enabled during the final stages of the upgrade procedure if you disabled DSX on your machine.
    Note: If you want to disable DSX, you have to uninstall it. To uninstall DSX, run ./InstallPackages/utils/uninstall.sh from the directory where install was run. Usually, the install directory is located in /opt/ibm/appliance/storage/platform. If you can't find the directory, contact IBM Support.
  • FOS 8.2.1 support
    • In upgrade only mode, rev firmware was generating an error and preventing update. This mode was added to the criteria for allowing update.
    • The quiet mode in the _fcsw_restart method was not being propagated to _wait_reboot and this was causing two countdown timers to appear in the same location.
  • Resolved issues with _syshw_int_hndlr() taking exactly 1 argument (2 given).

    The required frame argument passed to the interrupt handler assigned to a signal is put back. Also, the cleanup_and_exit API is now consistent across all calls. To avoid putting pylint ignore rules in the code, the unused arguments are used in a NOP clause.

  • Resolved issues with sys_hw_check fsn

    When ethernet was removed from both FSN canisters, a FAIL was printed and no details about the FSN were provided. It now falls back to serial connections to gather component information and print a WARN message about the ethernet connection not being present.

  • Fixed the security vulnerability issue with the remote NPS server responding to mode 6 queries. Before devices that responded to the queries could have been used in NTP amplification attacks.

Known issues

Schema enabled for row modification tracking (RMT schema)
When you back up RMT schema tables with the db_backup command on IAS 1.0.21 and restore them to either IAS 1.0.22 or 1.0.23, the SYSROWID is not restarted properly.
apafmdr service
After upgrading to 1.0.22.1, the apafmdr service is stopped. As a result, you're not able to run the apdrupgrade command. The WORKAROUND for this is to run the following commands before running apdrupgrade: 
apdr certificate --create 
apdr disable 
apdr enable
-ssl Db2 tools support issues
The Db2 support tools -ssl parameter might not work for users other than db2inst1 when SSL_CLNT_KEYDB and SSL_CLNT_STASH are set in Database Manager Configuration. This is because non db2inst1 users might not have access to the keystore database and keystore stash files. The WORKAROUND for all the non db2inst1 tools: change privileges to at least 654 on /mnt/blumeta0/db2/ssl_keystore/bludb_ssl.kdb (or relevant SSL_CLNT_KEYDB path) and /mnt/blumeta0/db2/ssl_keystore/bludb_ssl.sth (or relevant SSL_CLNT_STASH path).
Common container start_cc_services issue
After a head node failure/failback, the system is waiting for the node recovery process to complete and is stuck in the Recovering state. The WORKAROUND is to kill the start_cc_services child process.
ap issues listing many events
In versions 1.0.22.X, all events are now shown on the ap issues list until you acknowledge them manually one by one. For that purpose, run the ap issues --ack <event_id> or ap events --ack <event_id> for each event, providing its ID.
Call Home
After updating platform configuration in console, even if the update is successful, old data might be visible for up to 30 seconds. On the next refresh after that time, all displayed data is expected to be up-to-date.
EMC NetWorker backup/restore fails
EMC NetWorker backup/restore fails with SQL2062N. An error occurred while accessing the /usr/lib/libnsrdb2.so media. Reason code is 0. This is occurring due to two parameters that are added in the nmda_db2.cfg file on each node.
Workaround:
  1. As the root user, edit the /nsr/apps/config/nmda_db2.cfg file and comment out the NSR_LIBNSRDB2_DEBUG_LEVEL=9 and NSR_DEBUG_LEVEL=9 parameters. This must be done on every node in the container.
  2. Rerun backup/restore.
dbload -v parameter issue
Instead of displaying additional information about the load session, the -v parameter prints details about the version, similarly to the -V parameter.
Issues with schema restore
  • Alias objects present in a schema are lost after a schema restore. Warnings for aliases that won't be backed up during backup and showing warnings during restore are displayed.
  • Schema restore for ownership of objects includes both db2inst1 and original owner.

    Workaround: Revoke db2inst1 as owner of the objects, for those that have two owners after the restore.

db_restore
The db_restore command fails for tables defined as external tables. Tables defined as external tables are not assigned a path and are assumed to be empty.
IBM Spectrum Protect backups fail with Kernel issues
When using the IBM Spectrum Protect client for backup and restore, the Kernel issues might occur, which cause the backups to fail.

Workaround:

  1. Edit all dsm.sys files in /opt/ibm/appliance/storage/head/tsm/api/node010X-fab, where X is a node number. Add the following lines to all these dsm.sys files:
    tcpbuffsize 512
tcpwindowsize 1024
tcpnodelay no
  2. Start the backup again.
Platform Manager reports storage utilization above threshold

The following alert related to fs.sda8 might be opened for every node after upgrading to 1.0.21.3: STORAGE_UTILIZATION | 901: Storage utilization above threshold | sw://fs.sda8/hadomain1.node1 | WARNING |

You can ignore these warnings.

DSX
You have to reinstall DSX, as all DSX containers are gone after upgrade. This is connected to the conversion from the device mapper storage driver to overlay2 storage. The upgrade procedure removes all docker containers when it changes to overlay from device-mapper. The DSX containers are part of the separate DSX installation bundle, not part of the IAS upgrade image.

Workaround:

Back up and restore DSX/ Watson Studio Local as described in https://content-dsxlocal.mybluemix.net/docs/content/SSAS34_current/local/backup.html.

Note: If you want to disable DSX, you have to uninstall it. To uninstall DSX, run ./InstallPackages/utils/uninstall.sh from the directory where install was run. Usually, the install directory is located in /opt/ibm/appliance/storage/platform. If you can't find the directory, contact IBM Support.