How To

Summary

This page describes how to install Db2 fix pack when IBM Security Guardium Key Lifecycle Manager (GKLM) is installed.

Objective

To install Db2 fix pack.

Steps

Contents:

Before you begin
Installing Db2 fix pack
Installing Db2 fix pack in a multi-master setup
Post-installation tasks
Verify Db2 fix pack installation

Before you begin

Ensure that GKLM base version is installed and its latest backup exists.
Stop the agent service if it is running.
- Windows
```
cd SKLM_INSTALL_HOME\agent
stopAgent.bat
```
- Linux or AIX
```
cd SKLM_INSTALL_HOME/agent
./stopAgent.sh
```
Where, SKLM_INSTALL_HOME is the directory that contains the GKLM license and migration files. For more information, see the Definitions for HOME and other directory variables topic for the relevant GKLM version.

Stop WebSphere Application Server or WebSphere Liberty.
- Windows
  For 4.1.1 and later:
```
cd WAS_HOME\bin
server.bat stop
```
  For 4.1.x.x and earlier versions:
```
cd WAS_HOME\bin
stopServer.bat server1 -username WAS_ADMIN -password WAS_PASSWORD
```
- Linux or AIX
  For 4.1.1 and later:
```
cd WAS_HOME/bin/
./server.sh stop
```
  For 4.1.x.x and earlier versions:
```
cd WAS_HOME/bin
./stopServer.sh server1 -username WAS_ADMIN -password WAS_PASSWORD
```
Where,
- WAS_HOME is the WebSphere Liberty or WebSphere Application Server home directory. For more information, see the Definitions for HOME and other directory variables topic for the relevant GKLM version.
- WAS_ADMIN is the WebSphere Liberty or WebSphere Application Server administrator username.
- WAS_PASSWORD is the password for the WebSphere Liberty or WebSphere Application Server administrator username.

Complete the Db2 pre-installation steps in Preparing to install a fix pack.
On Windows, stop the Windows Management Instrumentation service.
```
net stop winmgmt
```
On Linux or AIX, run the following command to stop all the related processes.
```
ipcrm -a
```
(Applicable for GKLM 4.1.1 and 4.1 installed on Linux or AIX) After you stop WebSphere Liberty, run the following commands:
```
chown -R root  DB_HOME
chmod -R 755 DB_HOME
```
Where, DB_HOME is the directory that contains the Db2 application for GKLM. For example, /opt/IBM/DB2GKLMV411. For more information, see Definitions for HOME and other directory variables.

Note: On all operating systems, ensure that all Db2 and Java processes are stopped before you install the Db2 fix pack.

Installing Db2 fix pack on a stand-alone server

Depending on your host operating system, complete the applicable fix pack installation steps:

Windows

Change to the folder where the extracted fix pack installer files are located.
The setup command is located under the folder labeled with the abbreviated product name. For example, Db2 Enterprise Server Edition is under SERVER.
Double-click the setup.exe file to start the Db2 Setup wizard.
The Db2 Setup wizard launchpad opens.
Click Install a Product and the Install a Product window displays the products available for installation.
Click Work with Existing to update an existing Db2 copy.
Online help is available to guide you through the wizard. To invoke online help, click Help or press F1.

For more information, see Installing a fix pack for a single database product (Windows).

Linux or AIX

Log in as the root user and open a command line.
Change to the directory where the extracted fix pack installer files are located.
Install the fix pack by using the installFixPack command.
```
./installFixPack -f install -b DB_HOME
```
Where, DB_HOME is the directory that contains the Db2 application for GKLM. For example, /opt/IBM/DB2GKLMV411. For more information, see Definitions for HOME and other directory variables.
Update the instance by issuing the db2iupdt command from the fix pack directory.
```
DB_HOME/instance/db2iupdt DB_INSTANCE_NAME
```
Where,
- DB_HOME is the directory that contains the Db2 application for GKLM. For example, /opt/IBM/DB2GKLMV411. For more information, see Definitions for HOME and other directory variables.
- DB_INSTANCE_NAME is the Db2 instance name. For example, sklmdb41 or klmdb411.
For more information, see Installing offline fix pack updates to existing Db2 database products (Linux® and UNIX).

Installing Db2 fix pack in a multi-master setup

Prerequisites

If the original primary master server is acting as a standby master server, promote it to primary and then, install the fix pack. Otherwise, the database updates are not applied to the cluster.

To promote a master server to primary, see Promote to primary.

To install the Db2 fix pack

Stop WebSphere Liberty or WebSphere Application Server on all the master servers, in any sequence.
Stop the agent service on all the master servers, in any sequence.
Apply Db2 fix pack on each master server.
Complete this step in the following sequence:
- Primary master server
- Principal standby master server
- Auxiliary standby master servers
- Non-HADR master servers
  For steps to install the fix pack, see Installing the fix pack.

Post-installation tasks

(Applicable for GKLM 4.1.1 and 4.1 installed on AIX or Linux ) After Db2 fix pack is installed, run the following command:
```
chown -R klmdb411 DB_HOME
```
Where, DB_HOME is the directory that contains the Db2 application for GKLM. For example, /opt/IBM/DB2GKLMV411. For more information, see Definitions for HOME and other directory variables.
Start Db2.
```
db2start
```

Start WebSphere Liberty or WebSphere Application Server.

Windows

For 4.1.1 and later:

cd WAS_HOME\bin
server.bat start

For 4.1.x.x and earlier versions:

cd WAS_HOME\bin
startServer.bat server1 -username WAS_ADMIN -password WAS_PASSWORD

Linux or AIX

For 4.1.1 and later:

cd WAS_HOME/bin/
./server.sh start

For 4.1 and earlier versions:

cd WAS_HOME\bin
./startServer.sh server1 -username WAS_ADMIN -password WAS_PASSWORD

Where,

WAS_HOME is the WebSphere Liberty or WebSphere Application Server home directory. For more information, see the Definitions for HOME and other directory variables topic for the relevant GKLM version.
WAS_ADMIN is the WebSphere Liberty or WebSphere Application Server administrator username.
WAS_PASSWORD is the password for the WebSphere Liberty or WebSphere Application Server administrator username.

Note: If WebSphere Liberty or WebSphere Application Server doesn't start, complete the following steps: Take a backup of the security.xml file and keep it at some safe location. You can find security.xml at the following path: `WAS_HOME/profiles/KLMProfile/config/cells/SKLMCell` Where, WAS_HOME is the WebSphere Liberty or WebSphere Application Server home directory. For more information, see the Definitions for HOME and other directory variables topic for the relevant GKLM version. In the security.xml file, find and remove this cipher: "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA". Save the file. Start WebSphere Liberty or WebSphere Application Server. For commands, see step 4.

Start the agent service if it was running initially.

Windows

cd SKLM_INSTALL_HOME\agent
startAgent.bat

Linux or AIX

cd SKLM_INSTALL_HOME/agent
./startAgent.sh

Where SKLM_INSTALL_HOME is the directory that contains the GKLM license and migration files. For more information, see the Definitions for HOME and other directory variables topic for the relevant GKLM version.

Verify Db2 fix pack installation

You can verify the Db2 version by using the following ways:

Graphical user interface:

Log in to the GKLM user interface.
On the header bar, click the help icon.
Click About.
Check the Db2 version.

Command-line interface:

Open a Db2 console.
Run the following command as a Db2 user:
```
db2level
```
Sample output:

Document Location

Worldwide

[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSTJE47","label":"IBM Security Guardium Key Lifecycle Manager"},"ARM Category":[{"code":"a8m0z000000cvdlAAA","label":"SKLM-\u003EDB2"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]

Tips

How to install Db2 fix pack when IBM Security Guardium Key Lifecycle Manager is installed