Hi Ricardo,
I don't have IIAS but Db2 Warehouse on premises, which is basically is the same.
In my case, i have created dedicated os user "db2admin" for admin tasks that must be performed from OS, but maybe this can help you to figure out best approach for your environments/policies.
Basically, if you need to have host os user equivalent to db2inst1 user within db2 container, you need to match their group id's on host user creation. For eg.:
--check db2inst1 in container (it is standard db2 story)
[root@dwh-db2whs ~]$ docker exec -it --user db2inst1 Db2wh /usr/bin/bash -c "id db2inst1"
uid=500(db2inst1) gid=1003(db2iadm1)
groups=1003(db2iadm1),1004(guardium),3000(bluadmin)
--create your user
[root@dwh-db2whs ~]# useradd db2admin -c 'mgm user for db2 container' -m
[root@dwh-db2whs ~]# usermod -u 888 db2admin
[root@dwh-db2whs ~]# groupmod -g 1003 db2admin -- this is the same group id as db2iadm1 within container. That is the key, because i don't want to run or change anything within container, but use docker exec command from host
[root@dwh-db2whs ~]# usermod -aG docker db2admin -- adding user to docker group because i don't want to mess around with root user, so i can run docker commands with db2admin user
[root@dwh-db2whs ~]# id db2admin
uid=888(db2admin) gid=1003(db2admin)
groups=1003(db2admin),983(docker)
Then you can try this:
[db2admin@dwh-db2whs scripts]$ docker exec -it --user db2inst1 Db2wh /usr/bin/bash -c "/mnt/blumeta0/home/db2inst1/sqllib/bin/db2 get db cfg for bludb | grep EXTBL_LOCATION"
Strict I/O for EXTBL_LOCATION (EXTBL_STRICT_IO) = NO
Allowed paths for external tables (EXTBL_LOCATION) = /mnt/blumeta0/home/db2inst1;/mnt/blumeta0/home;/mnt/bludata0/scratch;/mnt/external
[db2admin@dwh-db2whs ~]$ mkdir -p /mnt/clusterfs/scratch/schema_bkp
[db2admin@dwh-db2whs ~]$ chmod 774 /mnt/clusterfs/scratch/schema_bkp
[db2admin@dwh-db2whs scripts]$ docker exec -t Db2wh /usr/bin/bash -lc "/usr/bin/db_backup -path /mnt/bludata0/scratch/schema_bkp -type onl -schema syscat -compress gzip"
Checking if Backup or Restore is in progress.
Performing System Health Check...
Checking if backup path is configured under EXTBL_LOCATION paths...
Checking if the schema "SYSCAT" exists
Checking for available space for path: /mnt/bludata0/scratch/schema_bkp/20190321102833/BLUDB/ONL
Sufficient space available.
Identifying views..
Identifying stored procedures..
Identifying tables..
Identifying tables with large objects..
Identifying tables with spatial data..
Identifying tables with binary data..
Backing up schema "SYSCAT"
WARNING: No tables were found for schema "SYSCAT"
Backing up "SYSCAT" schema objects
___________________________________________________________________
Backup successful. The timestamp for this backup is: 20190321102833
Backup path(s): /mnt/bludata0/scratch/schema_bkp
___________________________________________________________________
For more info see /mnt/bludata0/scratch/bluadmin_BNR/logs/backup20190321102833.log
[db2admin@dwh-db2whs scripts]$
Regards,
Ivan
------------------------------
Ivan Milojevic
Comtrade System Integration
Belgrade
------------------------------
Original Message:
Sent: 03-20-2019 06:16 PM
From: RICARDO Pedraza
Subject: Backup with LDAP Admin user defined in admin group
Ok, I found the syntax issue, but still not able to run schema level backups from here. That is the reason I was using db_backup command. So regular backup as db2inst1 works:
[db2inst1@node0101-fab - Db2wh backup]$ db2 backup db bludb on all dbpartitionnums online to /scratch/backup include logs
(. . .)
Backup successful. The timestamp for this backup image is : 20190320174441
But the db_backup command fails as shown in a post before:
[bluadmdev@node0101-fab - Db2wh backup]$ sudo -E db_backup -schema testschm -path /scratch/ -type onl
Checking if Backup or Restore is in progress.
(. . .)
2019-03-20 13:08:11.385348 ERROR: su: user bluadmin does not exist
2019-03-20 13:08:11.385498 ERROR:
So I still have this issue of not being able to run schema level backups because of the BLUADMIN limitation.
And even worst not being able to restore tables from backups.
thanks
------------------------------
RICARDO Pedraza
Original Message:
Sent: 03-20-2019 12:28 PM
From: RICARDO Pedraza
Subject: Backup with LDAP Admin user defined in admin group
Hello
We are using LDAP authentication with Active Directory. The customer decided to create three different user ids per environment, instead of having the same BLUADMIN for security reasons. But this brings the situation that backups can only be run as BLUADMIN user as per documentation.
I am able to run backups from the Console, but we need to run schema level backups, so I am trying to urn the backups from the container as db2inst1 user, but the regular db2 backup command is not working.
Does anyone know how to run schema level backups from the container?
For now, I just tried a full online as follows:
[db2inst1@node0101-fab - Db2wh ~]$ db2 backup database bludb online to /scratch
SQL2032N The "DBPARTITIONNUMS" parameter is not valid. SQLSTATE=22531
Thanks
------------------------------
RICARDO Pedraza
------------------------------
#IntegratedAnalyticsSystem