Configuring the DB2 server
Set up the DB2® database to install the IBM® Security Identity Governance and Intelligence database on the DB2 server.
Before you begin
- You must have the DB2 server installed.
- You must know the common database parameters such as the IP address or server port. See Table 1.
- This procedure works only on DB2 Enterprise Server Edition (DB2 ESE), Version 10.5.0.3 or later.
- If you want to change the default password - ideas - required to access the Identity Governance and Intelligence schemas, you must do so before you create the database. See Changing the default password for the database schemas.
- Make understand and comply with the Hardware and software requirements.
About this task
Use the following tags to
customize the DB2 database.
| Tags | Description |
|---|---|
| DBServer | DB2 Server IP address or DNS name |
| DBPort | DB2 instance
port Important: Make sure you know what the actual port
number is. You can verify it at /etc/services.
|
| IGI_DB | DB2 database name |
| INSTANCE_OWNER | DB2 instance owner of the database instance |
| PASSWORD | DB2 instance owner password |
| FQ_IGI_DB | <DBServer>:<DBPort>/<IGI_DB> |
Procedure
- Log in as the instance owner.
On Windows, the instance owner must be a member of the DB2ADMNS and Administrator groups.
If you need to create an instance for IBM Security Identity Governance and Intelligence Virtual Appliance on UNIX do the following:- Create an operating system user. For example, add the user as igiinst and
assign the password as ideas as in the following
commands. Note: You must add the user to the root group when you create the operating system user.
useradd -g root igiinst passwd igiinst - use "ideas" for new password - Create an igiinst folder under the /home directory
and make user igiinst as the owner. Run the following
commands:
cd /home mkdir igiinst chown igiinst igiinst - Run the following command to create a database instance:
DB2_Install_Location/instance/db2icrt -u igiinst igiinstFor example, /opt/IBM/db2/V10.5/instance/db2icrt -u igiinst igiinst.
- Run the following commands to set up the instance:
su - igiinst . ~igiinst/sqllib/db2profile db2 update dbm cfg using SVCENAME <DBPort_value> db2set DB2COMM=tcpip db2set -all DB2COMM db2startThe instance for IBM Security Identity Governance and Intelligence Virtual Appliance is now created.
- Create an operating system user. For example, add the user as igiinst and
assign the password as ideas as in the following
commands.
- From the instance, create the database by using the following
statements:
db2set DB2_COMPATIBILITY_VECTOR=ORA db2set DB2_RESTRICT_DDF=TRUE db2stop force db2start db2 create database IGI_DB db2 connect to IGI_DB db2 update db cfg using LOGFILSIZ 5000 LOGPRIMARY 50 LOGSECOND 50 db2 create bufferpool IDEAS_BP IMMEDIATE PAGESIZE 32K db2 create system temporary tablespace IDEAS_SYS_TEMP pagesize 32k bufferpool IDEAS_BP db2 create user temporary tablespace IDEAS_TEMP pagesize 32k bufferpool IDEAS_BP db2stop force db2start - Depending on your operating system, complete one of the following
sets of instructions.
- On UNIX:
- Log in with root privileges.
- Unpack the following compressed file from the product package
image or DVD and unzip the subdirectory for DB2 into a directory of
your choice in your database server; for example, SCRIPT:
Where xxx can be CMP, ANL, LFC, or IEE, depending on which product media type that includes the IBM Security Identity Governance and Intelligence V5.2 Database Installation Scripts file you are using.SEC_IDNTY_GVN_INTL_xxx_V5.2_DT_IN_.zipChange the path to this directory (SCRIPT in the example).
- Run the chmod -R 777 * command.
- Change the directory to <SCRIPT>/__FOR_DBAs__.
- Run the dos2unix unix_create_users.sh script.
- Run the unix_create_users.sh script.
- On Windows:
- Log in as Administrator.
- Unpack the following compressed file from the product package
image or DVD and unzip the subdirectory for DB2 into a directory of
your choice in your database server; for example, SCRIPT:
Where xxx can be CMP, ANL, LFC, or IEE, depending on which product media type that includes the IBM Security Identity Governance and Intelligence V5.2 Database Installation Scripts file you are using.SEC_IDNTY_GVN_INTL_xxx_V5.2_DT_IN_.zipChange the path to this directory (SCRIPT in the example).
- Change the directory to <SCRIPT>\__FOR_DBAs__ and
run the win_create_users.bat command.
Verify that there are no restrictive password creation policies that inhibit user creation.
- On UNIX:
- Apply the schema to the DB2 database.If you are applying the schema from a remote DB2 installation, complete these steps:
- Install the DB2 Client library for DB2 server Version 10.5.0.3 or later.
- Unpack the following compressed file from the product package
image or DVD and unzip the subdirectory for DB2 into a directory of
your choice in your database server; for example, SCRIPT:
Where xxx can be CMP, ANL, LFC, or IEE, depending on which product media type that includes the IBM Security Identity Governance and Intelligence V5.2 Database Installation Scripts file you are using.SEC_IDNTY_GVN_INTL_xxx_V5.2_DT_IN_.zip - Change the path to <SCRIPT>/DB_INSTALLATION (UNIX) or <SCRIPT>\DB_INSTALLATION (Windows).
- Modify the login.sql file by setting the
appropriate connection string. See the following string:
DEFINE IGI_DB = xxx.xxx.xxx.xxx:yyyyy/zzz xxx.xxx.xxx.xxx – DB2 Server IP address or DNS name yyyyy - DB2 instance port zzz - DB2 Database name - Choose and run the appropriate database creation script.The following database scripts address different customer requirements and access restrictions to DB2 system accounts. The scripts that are specified in Table 2 are stored in the DB_INSTALLATION directory.
Table 2. Database scripts for different environments and access restrictions File name Description 01-FULL-TBLS_USER_AND_OBJ-CREATION.sql Interactive full database creation. 02-FULL-TBLS_AND_USER-CREATION.sql DBA service script. Table space and database user creation only. 02-FULL-TBLS_AND_USER-SIMULATION.sql DBA service script. Generate as output the DB2 version-specific database installation script. 03-FULL-OBJ-CREATION.sql DBA service script. Object creation only. 04-ADD_REALM-USER_AND_OBJ-CREATION.sql Interactive full database creation for adding a Realm. 05-ADD_REALM-USER-CREATION.sql DBA service script. New Realm object creation only. 05-ADD_REALM-USER-SIMULATION.sql DBA service script. Generate as output the DB2 version-specific database installation script to create a Realm. Only the first script (01-FULL-TBLS_USER_AND_OBJ-CREATION.sql) is necessary for a common database configuration scenario with the following attributes:- Installation with a single realm.
- Installation by using DB2 system accounts for the entire installation. Subsequent points are referred to this case.
- Run the following command to prepare the database: Important: You cannot use the –nw switch for the clpplus command.
- On UNIX, as the root user:
. ~igiinst/sqllib/db2profile clpplus <INSTANCE_OWNER>/<INSTANCE_OWNER_PASSWORD>@<FQ_IGI_DB> @01-FULL-TBLS_USER_AND_OBJ-CREATION.sql - On Windows:
clpplus <INSTANCE_OWNER>\<INSTANCE_OWNER_PASSWORD>@<FQ_IGI_DB> @01-FULL-TBLS_USER_AND_OBJ-CREATION.sql
For example, your command may be like this in Unix:clpplus igiinst/ideas@<db2hostname>:50000/igidb @01-FULL-TBLS_USER_AND_OBJ-CREATION.sqlWhen the script is complete, at the SQL prompt run the Exit command.
If an error occurs during the run of this script, see the log file:- UNIX
- <SCRIPT>/DB_INSTALLATION/IGI_V5_2_0_Installation.log
- Windows
- <SCRIPT>\DB_INSTALLATION\IGI_V5_2_0_Installation.log
- On UNIX, as the root user:
- Depending on your operating system, specify one of the following
commands when prompted for a path:
or<INSTANCE_OWNER_HOME>/<INSTANCE_OWNER>/<NODE_DB>/<IGI_DB>
For example: /home/db2inst1/db2inst1/NODE0000/IGI_DB<INSTANCE_OWNER_HOME>\<INSTANCE_OWNER>\<NODE_DB>\<IGI_DB> - Select one of these options when prompted for a table size:
- Medium
- Small