Online upgrade of Spectrum Scale security update packages for a Db2 pureScale cluster

Steps

Before you begin

Prior to starting the Spectrum Scale security update, ensure:

• Your instance must be a Db2 pureScale instance.
• You must have root user authority.

Restrictions

• The Spectrum Scale security update must be applied with the supplied packages from the IBM Security Bulletin. See the following link for more details: https://www.ibm.com/security/secure-engineering/bulletins.html

• The procedures documented in this topic cannot be used to move up the Spectrum Scale base and efix level.
• The procedure described below should only be used for Spectrum Scale security update which are not included in any Db2 fixpack.  Regular Spectrum Scale upgrade must follow existing online or offline Db2 upgrade methods.

Procedure

1.    Download the target security update package files locally on each host in the cluster.

2.    Log on to a host in the cluster and perform the following steps as Db2 instance owner.

3.    Stop all Db2 processes on the host. Use one of the following depending on whether the host is a member or CF:
db2stop member <member_id>  quiesce <quiesce_timeout>
or
db2stop CF <cf_id>

4.    Stop the instance on the host:
db2stop instance on <hostname>

5.    Switch to the root ID on the same host and perform the following:

6.    Enter maintenance mode on the host:
<DB2_install_dir>/bin/db2cluster -cm -enter -maintenance
<DB2_install_dir>/bin/db2cluster -cfs -enter -maintenance
where <Db2_install_dir> is Db2 installation path.

Proceed to subsequent steps only if the above command returns successfully.

7.    Stop the Spectrum Scale trace with the following:
/usr/lpp/mmfs/bin/mmtracectl --stop -N <hostname for current node>

8.    Unload Spectrum Scale kernel and verify the result:
/usr/lpp/mmfs/bin/mmfsenv -u
echo $?

A zero return value from the "echo $?" command indicates a successful unload. A non-zero value means the unload has failed. In that case, a reboot of the host must be performed before proceeding.

9.    Upgrade the provided Spectrum Scale security update packages:

i. On AIX

• Change directory to where the security update packages are located:

cd <Security update package location>

• Upgrade the target Spectrum Scale security update packages:

smitty update_all

• Verify the installation by:

lslpp -L | grep -i <security update package name>

ii. On Linux

• Proceed to the directory with the new Spectrum Scale security update packages. For each provided package run the following to install it:

rpm -Uvh --force <security update package filename>

• Verify the installation by:

rpm -qa | grep -i < security update package name>

• Run the following command to compile the Spectrum Scale Portability Layer (GPL) module:

cd /usr/lpp/mmfs/src
make Autoconfig
make World
make InstallImages
echo $?       
A zero return value from "echo $?" indicates a successful compilation. Do not proceed unless the compilation is successful.

10.    Exit the maintenance mode:
<DB2_install_dir>/bin/db2cluster -cm -exit -maintenance
<DB2_install_dir>/bin/db2cluster -cfs -exit -maintenance

11.    Switch back to the Db2 instance owner for the following steps:

12.    Start the instance on the host:
db2start instance on <hostname>

13.    Start the member or CF on the host:
db2start member <member_id>
or
db2start CF <cf_id>

14.    Repeat the above steps on the rest of the hosts in the same cluster.