Hi @Jim Creasman,
We have also created a similar db2 non root image. It works as expected when creating docker containers. However, when we use this image for deploying db2 container on kubernetes, we get the following error when we try to connect to container with username and password:
DB2 SQL Error: SQLCODE=-1639, SQLSTATE=08001, SQLERRMC=null
Everything else looks fine in container except for some reason authentication seems to be broken. db2rfe file was used to enable OS_authentication. We even tried fix suggested here: https://www.ibm.com/support/pages/database-connection-fails-authentication-error-sql1639n but it did not help.
Did you face similar issue before/ do you have any idea what might be the rootcause?
------------------------------
Siddhant Saha
------------------------------
Original Message:
Sent: Wed September 13, 2023 02:44 PM
From: Jim Creasman
Subject: How to run Docker ibmcom/db2 image as non-root
Mauno,
These are the ones I'm using. Hope they help.
Jim
db2rfe.cfg
INSTANCENAME=db2inst1
ENABLE_OS_AUTHENTICATION=YES
db2server.rsp
PROD = DB2_SERVER_EDITION
LIC_AGREEMENT = ACCEPT ** ACCEPT or DECLINE
INSTALL_TYPE = COMPACT ** TYPICAL, COMPACT, CUSTOM
INTERACTIVE = YES ** YES to provide feedback as install runs
services.db2
db2c_db2inst1 50000/tcp
db2c_db2inst1_ssl 50001/tcp
db2j_db2inst1 55000/tcp
DB2_db2inst1 60000/tcp
DB2_db2inst1_1 60001/tcp
DB2_db2inst1_2 60002/tcp
DB2_db2inst1_3 60003/tcp
DB2_db2inst1_4 60004/tcp
DB2_db2inst1_END 60005/tcp
------------------------------
Jim Creasman
Original Message:
Sent: Tue September 12, 2023 02:59 AM
From: Mauno Haukila
Subject: How to run Docker ibmcom/db2 image as non-root
Hi @jim-creasman
Could you please provide those rsp files? Im having huge difficulty installing and no matter how I configure RSP files. They end up in error:
Installing: ITLM
Installing: CLPPLUS
Installing: ESE_PRODUCT_SIGNATURE
Installing DB2 file sets :.......Success
Executing control tasks :.......Success
Updating global registry :.......Success
Registering DB2 licenses :.......Success
Setting default global profile registry variables :.......Success
Initializing instance list :.......Success
ERROR: DBI1084E An attempt to create /home/db2inst1/sqllib/db2dump failed.
Explanation:
An error occurred when creating the given file or directory.
User response:
Check that there is enough space in the file system and that you have
write permission for the required directory. Suggested directory
permissions are u=rwx,go=rx.
.
And /home/db2inst1 sure has privileges for the db2inst1 user. chmod -R a+wrx /home/db2inst1;chown -R db2inst1 /home/db2inst1
------------------------------
Mauno Haukila
Original Message:
Sent: Mon December 27, 2021 07:41 PM
From: Jim Creasman
Subject: How to run Docker ibmcom/db2 image as non-root
Hi Pablo,
Yes, I was able (eventually) to get this to work. In our case we only run DB2 in a container for development and testing purposes, and not in a production setting. Below is the Dockerfile I created. I haven't built this in several months since the image runs and meets our requirements. You may need to make some updates for your local environment.
Hope it helps,
Jim
FROM <<<Your Ubuntu image here. I used ubuntu:18.04>>>USER root# Copy and extract DB2 installation files.RUN mkdir -p /tmp/db2ADD "<<<Path to DB2 install image., eg., <root>/com.ibm.db2/11.5.5/com.ibm.db2-11.5.5.tar.gz>>>" /tmp/db2/RUN cd /tmp/db2 \ && tar -zxf ./*.tar.gz \ && chmod -R a+rx /tmp/db2# Add local DB2 response files.COPY "install/db2server.rsp" /tmp/db2/COPY "install/services.db2" /tmp/db2/COPY "install/db2rfe.cfg" /tmp/db2/RUN mkdir -p /var/custom/sqlCOPY "setup/*.sh" /var/custom/RUN chmod -R a+rwx /var/custom# Install required pre-req packagesRUN apt-get update -y \ && apt update && apt upgrade -y \ && apt-get install -y libnuma1 \ && apt-get install -y libaio1 \ && apt-get install -y file \ && apt-get install -y binutils \ && apt-get install -y lib32stdc++6 \ && apt-get install -y libxml2# Fix up services fileRUN touch /etc/services \ && cat /tmp/db2/services.db2 >> /etc/services# Create the users and groups needed.RUN groupadd -g 3000 db2iadm1 \ && groupadd -g 998 db2fadm1 \ && groupadd -g 997 dasadm1RUN useradd -u 1000 -g db2iadm1 -m -d /home/db2inst1 db2inst1 \ && useradd -u 1003 -g db2fadm1 -m -d /home/db2fenc1 db2fenc1 \ && useradd -u 1002 -g dasadm1 -m -d /home/dasusr1 dasusr1ENV initial_password=<<<some-password>>>RUN echo 'db2inst1:<<<new-password>>>' | chpasswd# Docker startup and runtime scripts.COPY docker-entrypoint.sh /usr/local/bin/COPY docker-db2cfg.sh /usr/local/bin/RUN chmod +x /usr/local/bin/docker-*.sh# Install DB2 as non-rootUSER db2inst1RUN /tmp/db2/server_dec/db2setup -r /tmp/db2/db2server.rsp# Run below commands as root before switching back to instance user.USER root# -- Create and activate DB2 databaseRUN echo "0 "$HOSTNAME" 0" > /home/db2inst1/sqllib/db2nodes.cfg \ && cat /home/db2inst1/sqllib/db2nodes.cfg \ && cd /home/db2inst1/sqllib/instance && ./db2rfe -f /tmp/db2/db2rfe.cfg \ && su - db2inst1 -c "db2start" \ && su - db2inst1 -c "db2 create db psdb using codeset utf-8 territory us collate using identity" \ && su - db2inst1 -c "db2 activate db psdb" \ && su - db2inst1 -c "db2stop" # -- Remove DB2 install binariesRUN rm -rf /tmp/db2# -- Enable password to be changed by user.RUN pam-auth-update --packageUSER db2inst1ENTRYPOINT [ "docker-entrypoint.sh" ]
------------------------------
Jim Creasman
Original Message:
Sent: Mon December 27, 2021 03:49 AM
From: Pablo Ojea
Subject: How to run Docker ibmcom/db2 image as non-root
Hi Jim,
I have the same problem. Were you able to build a DB2 image that did not use root?
Thanks
Pablo
------------------------------
Pablo Ojea
Original Message:
Sent: Mon February 08, 2021 10:27 AM
From: Jim Creasman
Subject: How to run Docker ibmcom/db2 image as non-root
Is it possible to build an image from the DB2 Docker image that can run as non-root? Though we have a production DB2 server deployed on-prem, I would like to create a simple cloud image that can be deployed to our Kubernetes environment for test and development purposes. The catch is we are restricted to deploy our services as non-root.
I've looked at the ibmcom/db2 image a bit. It seems the non-root support was either not installed, or perhaps removed before publishing. For example, one of the steps for non-root setup is to run the db2rfe command, but I'm not able to find this command on the image.
Thanks,
Jim
------------------------------
Jim Creasman
------------------------------
#Db2