Upgrading your server when connected to a remote Db2 server
If you are completing a side-by-side upgrade, and the V8.1.3 Cloud APM server that you are upgrading from is connected to an existing remote Db2 server instead of the default local Db2 server, you must back up the databases separately to avoid any issues between the existing V8.1.3 server and the new V8.1.4 server that use these databases.
Before you begin
-
When you perform the Cloud APM server upgrade, the Db2 server for the Cloud APM server V8.1.4.0 must be at the same version as the Db2 server used by the Cloud APM server V8.1.3. Check the Db2 version that is in use by the Cloud APM server V8.1.3:
- If Db2 is installed on the same system as the
Cloud
APM server, enter the following command to check
the Db2
version:
where install_dir is the directory where Db2 is installed.install_dir/db2/V10.5/bin/db2level
- If Db2 is installed on a remote system, ask the Db2 administrator to check the Db2 server version.
Important:The Db2 server for your V8.1.4 Cloud APM server must be at the same version as your V8.1.3 Cloud APM server during the Cloud APM server upgrade.
If the Db2 version for your V8.1.3 Cloud APM server is Db2 Advanced Enterprise Server Edition V10.5 fix pack 9 (or later), complete the steps in this technote Upgrading your Cloud APM server from V8.1.3 to V8.1.4 when your Db2 server is running V10.5 fix pack 9 or a later fix pack now to continue your Cloud APM server upgrade from V8.1.3 to V8.1.4.
If you want to use Db2 V11.1 for your V8.1.4 Cloud APM server, you can upgrade your Db2 server to a supported version of Db2 V11.1 after the Cloud APM server upgrade completes. Follow the procedure in Upgrading the Db2 server to Db2 version 11.5.x.
- If Db2 is installed on the same system as the
Cloud
APM server, enter the following command to check
the Db2
version:
- If your Cloud APM server is connected to a remote Db2 server, Db2 Advanced Workgroup Server Edition V11.1 is supported when you are upgrading your Cloud APM server from V8.1.3 to V8.1.4.
- If you are upgrading the Cloud APM server on the same system and you have a remote Db2 server, follow the instructions in Upgrading the server on the same system.
- If your V8.1.3 Cloud APM server is connected to a remote MongoDB, install MongoDB V3.2.12. For more information, see Installing MongoDB V3.2.12 on your remote system.
- The backup.sh script is not supported on AIX. Use the Db2 utilities to back up your databases. For more information, see Backup overview and BACKUP DATABASE command in the Db2 V10.5.0 topic collection on IBM® Knowledge Center.
- The restore.sh script is not supported on AIX. Use the Db2 utilities to restore your databases. For more information, see RESTORE DATABASE command.
-
If LDAP is enabled on your V8.1.3 Cloud APM server to authenticate Cloud APM console users, complete the following steps on your V8.1.3 Cloud APM server before you back up your V8.1.3 data:
- Retrieve the value of the realm attribute from the install_dir/wlp/usr/shared/config/ldapRegistry.xml file.
- Check the value of the oauthRealm attribute in the install_dir/wlp/usr/shared/config/oauthVariables-onprem.xml file. If the value of oauthRealm attribute does not match the value of the realm attribute in the ldapRegistry.xml file, update the value of the oauthRealm attribute to match the value of the realm attribute.
- Complete the following steps to update the
install_dir/wlp/usr/servers/apmui/server-oauth2-tai.xml file to add the user
from the install_dir/wlp/usr/servers/server1/cscs/conf/cscsRoleAdmin.conf file:
- Find the properties line <properties, and identify the systemUser parameter, if it does not exist you will need to add it in the next step. Identify the closing tag /> for the properties line.
- Add a new line or edit the existing line before the /> closing tag as
follows:
wheresystemUser="testuser LDAP distinguished name"
testuser
matches the user string from the cscsRoleAdmin.conf file, for example:systemUser="CN=testuser,CN=users,dc=adtest,dc=mycity,dc=mycompany,dc=com"
Note: Do not include the user:prefix or realm name that was specified in cscsRoleAdmin.conf. - Confirm that the /> closing tag was not deleted, then save and close the file.
- If you modified the trust store password for your Cloud APM server V8.1.3, change the password back to the default password before performing the server upgrade. After the upgrade completes, you can change the password back to your custom trust store password. For details, Changing the password for the shared truststore.
- If
a custom password is configured for MongoDB on your V8.1.3 Cloud
APM server, you must set the MongoDB password back to the
default value before running
backup.sh
. After the upgrade to version 8.1.4.0 is complete, you can set the MongoDB password back to a custom password. For more information, see Default users and passwords.
About this task
- The Cloud APM server stores data in the WAREHOUS, SCR32, and DATAMART databases on the Db2 server. Before you install V8.1.4 of the Cloud APM server on the system that you are using for the upgrade, you must create copies of these three databases with names different from the names that were used for the V8.1.3 server.
- In this procedure, the names of the three Db2
databases are referenced as follows:
Different names can be used for the V8.1.4 databases by substituting the desired name for the name that is listed in Table 1 in the following procedure.
Table 1. Db2 database names V8.1.3 Database Name New V8.1.4 Database Name Warehouse WAREHOUS W1 Datamart DATAMART D1 SCR SCR32 S1 - In
the V8.1.4 release, if your Cloud
APM server is connected to a remote Db2 server that is also running on a V8.1.4 Cloud
APM server, you can create a custom
name for the Db2 instance user or you can accept
the default
db2apm
name. In previous Cloud APM releases, thedb2apm
instance user name only was supported. For the V8.1.4 release, because the steps in this procedure refer to an existing remote Db2 server, which is a pre-V8.1.4 remote Db2 server, you must complete these steps as thedb2apm
user. - Most steps are run as a root user. Some steps are run as the Db2 instance user
db2apm
and include an su to the Db2 instance user and a subsequent exit to return to the root user.
Procedure
Complete the following steps as a root user to clone the WAREHOUS, SCR32, and DATAMART databases before the upgrade and to back up these databases separately.
Results
What to do next
- If you are using the default out of the box certificates for accessing the Cloud APM console, you must complete the steps in this technote V8.1.4 Application Performance Management UI certificates are expiring in upgraded environments to update the default certificates to prevent them from expiring in April 2019.
- Before you use the Cloud APM console that you upgraded, clear your web browser cache and restart your browser. Clearing the cache avoids display issues that new capabilities in this update introduced to some of the user interfaces.
- If you want to use the old agent
configuration packages from a previous installation for agent installations, complete these steps:
- Go to the install_dir/ccm directory.
- Delete the agentconfig file.
- Change the name of the agentconfig.old file to agentconfig.
- If you configured
HTTPS communication between the Cloud
APM server and
agents in your V8.1.3 Cloud
APM server, you must change
clientAuthentication to true. Copy the
<ssl>
xml element that contains the enabledCiphers attribute from the install_dir/wlp/usr/servers/min/server.xml file to the install_dir/wlp/usr/servers/min/user-exit.xml file if it does not already exist in the user-exit.xml file. Then add thisclientAuthentication="true"
line after the enabledCiphers line in the user-exit.xml file. Remove the<ssl>
xml element from the server.xml file. The following code example shows you where to add theclientAuthentication="true"
line in the user-exit.xml.<ssl id="defaultSSLConfig" sslProtocol="TLSv1.2" enabledCiphers="TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256" clientAuthentication="true" serverKeyAlias="server_key" clientKeyAlias="IBM_Tivoli_Monitoring_Certificate" keyStoreRef="defaultKeyStore"/>
- If you configured HTTPS communication between the Cloud APM server and agents in your V8.1.3 Cloud APM server and used the default certificates, change the communication protocol that the Cloud APM server agents use to HTTPS. For instructions, see Configuring the communications protocol for server agents.
- If you configured HTTPS communication
between the Cloud
APM server and agents in your V8.1.3
Cloud
APM server and did not use the default
certificates, complete these steps:
- Encode the (xor) server keystore password that you used when you created certificates for
the V8.1.3 Cloud
APM server:
/opt/ibm/wlp/bin/securityUtility encode
- Copy the
<keyStore>
xml element from the install_dir/ibm/wlp/usr/servers/min/server.xml to the install_dir/wlp/usr/servers/min/user-exit.xml file if it does not already exist in the user-exit.xml file. Then in the user-exit.xml file, replace the value of the password attribute with the newly encoded password from the step 1. Remove the<keyStore>
xml element from the server.xml file. - Go to the install_dir directory.
- Delete the keyfiles directory.
- Change the name of the keyfiles.old directory to keyfiles.
- Update the certificates that are used by the monitoring agents to connect to the Cloud APM server to use the new keystore. For instructions, see Configuring certificates between the server and agents for HTTPS communication.
- Update the communication protocol and certificates that are used by the Cloud APM server agents. For instructions, see Configuring the communications protocol for server agents.
- Encode the (xor) server keystore password that you used when you created certificates for
the V8.1.3 Cloud
APM server:
- If the system where you installed the Cloud
APM server is using LDAP to authenticate the root user or
Db2 users, and you updated the passwords for the
itmuser
and the Db2 instances users when following the procedure referenced in step 9.a, then complete step 9 in the Installing on a system using an external directory service topic. - Review the WAREHOUS
database settings tat were applied by the restore process.
Cloud APM does not support pruning of database logs, as a result, theupdate database config for warehous using DFT_DEGREE any update database config for warehous using LOGBUFSZ 1024 update database config for warehous using LOCKLIST AUTOMATIC update database config for warehous using SORTHEAP AUTOMATIC update database config for warehous using SHEAPTHRES_SHR AUTOMATIC update database config for warehous using NUM_IOCLEANERS AUTOMATIC update database config for warehous using NUM_IOSERVERS AUTOMATIC update database config for warehous using LOGFILSIZ 4096 update database config for warehous using LOGPRIMARY 10 update database config for warehous using DBHEAP AUTOMATIC update database config for warehous using LOGSECOND 40 update database config for warehous using AVG_APPLS AUTOMATIC update database config for warehous using logarchmeth1 OFF update database config for warehous using logarchmeth2 OFF update database config for warehous using DATABASE_MEMORY 250000 AUTOMATIC
logarchmeth1
andlogarchmeth2
settings are set toOFF
. If you back up your Warehouse database and you support log pruning in your environment, modify these settings. - Most V8.1.3 Cloud APM agents are compatible with the
V8.1.4 Cloud APM server. However, you must upgrade the following agents after you upgrade the Cloud
APM server to version 8.1.4.0:
- If you are using the Synthetic Playback agent, you must upgrade the agent by using the latest agent package on Passport Advantage. To view the Passport Advantage part numbers for the agent packages, see: Part numbers. Then, you must apply the latest Cloud APM 8.1.4.0 server interim fix that is available from Fix Central.
- The Monitoring Agent for WebSphere Applications must be upgraded by using the latest agent package on Passport Advantage. To view the Passport Advantage part numbers for the agent packages, see: Part numbers.
- The Monitoring Agent for MongoDB must be upgraded by using the latest agent package on Passport Advantage. To view the Passport Advantage part numbers for the agent packages, see: Part numbers.