在更新 Cloud Pak for Data 自簽憑證之後更新 Db2 SSL 憑證 (Watson Knowledge Catalog)

當更新 Cloud Pak for Data 自簽憑證時,必須重新整理 Watson Knowledge Catalog 所使用的 SSL 憑證,以維護與服務的連線功能。

開始之前

SSL 憑證到期的症狀是 wdp-policy-servicewkc-workflow-servicewdp-business-glossaorywdp-lineage-service 都失敗,且發生下列 Db2 錯誤:
“[jcc][t4][2030][11211][4.21.29] A communication error occurred during operations on the connection’s underlying socket, socket input stream, \
nor socket output stream. Error location: Reply.fill() - socketInputStream.read (-1). Message: Remote host terminated the handshake. ERRORCODE=-4499, SQLSTATE=08001",“thread”:“Default Executor-thread-22",“exception”:“\ncom.ibm.db2.jcc.am.DisconnectNonTransientConnectionException: [jcc][t4][2030][11211][4.21.29] A communication error occurred during operations on the connection’s underlying socket, socket input stream, \
nor socket output stream. Error location: Reply.fill() - socketInputStream.read (-1). Message: Remote host terminated the handshake. ERRORCODE=-4499, SQLSTATE=08001
WKC 使用的兩個 Db2u 實例如下:
c-db2oltp-wkc-db2u-0
c-db2oltp-iis-db2u-0 (this is ommited if `install_wkc_core_only: True` is used)

關於本作業

請遵循下列步驟來更新 SSL 憑證。

程序

  1. 在 Db2u 儲存器內執行下列指令,以驗證 Db2 憑證的到期日:
    oc exec c-db2oltp-wkc-db2u-0 -- ksh -lc "cd /mnt/blumeta0/db2/ssl_keystore; gsk8capicmd_64 -cert -details -db bludb_ssl.kdb -stashed -label CN=zen-ca-cert" 2>&1
oc exec c-db2oltp-iis-db2u-0 -- ksh -lc "cd /mnt/blumeta0/db2/ssl_keystore; gsk8capicmd_64 -cert -details -db bludb_ssl.kdb -stashed -label CN=zen-ca-cert" 2>&1
  2. 執行下列指令來更新 Db2 憑證:
    oc exec -it c-db2oltp-wkc-db2u-0 -- bash -lic "/db2u/scripts/db2_rotate_ssl_certs.sh"
oc exec -it c-db2oltp-iis-db2u-0 -- bash -lic "/db2u/scripts/db2_rotate_ssl_certs.sh"