D04 - Big - DB2 LUW Meta Data Repositories - A Field Guide for DBA's & Managers Speaker: A l e x a n d e K o p a

Session Code: D04 Room: Sabine

Date/Time: Monday, May 23, 2016 (05:00 PM - 06:00 PM)

Platform: DB2 for LUW

Renaissance Austin Hotel 9721 Arboretum Boulevard Austin, TX 78759, USA Photo by Steve from Austin, TX, USA Abstract For more than a decade, Big Data has been described by "Volume, Variety, and Velocity (or the Three V's)". DB2 practitioners are in a position to help provide and sustain the fourth and fifth V's that are Veracity and Value. With the advent of IBM Big Data systems, there are many new DB2 LUW repository buzzwords including IIS, SPSS, C&DS, ADM to name a few that database practitioners will soon be familiar. These acronym heavy systems include Statistical Package for the Social Sciences (SPSS), IBM SPSS Modeler (SPSS), SPSS Collaboration and Decision Support (C&DS) Modeler, Analytical Decision Management (ADM), and IBM Infosphere Information Server (IIS) DataStage to name several. All of them require attention to detail. This session is designed to highlight many of the items that DBA's and managers care most to help reduce or eliminate the late night phone calls and keep your companies lights on.

2 Overall Session Objectives

1) Database system builds & configuration challenges 2) Security options discussion - root /non-root installation 3) Database maintenance, alerts, and utility operations 4) DB2 LUW Fixpack migration 'opportunities' 5) Summary

3 D04 - “Big Data - DB2 LUW Meta Data Repositories - A Field Guide for DBA's & Managers ()

Abstract Number: 1340 Track: DB2 for LUW - Track II Session Type: Podium Presentation Primary Presenter: A L E X A N D E R K O P A C a l e x a n d e r _ k o p a c @ h o t m a i l . c o m Room(s): Sabine Time(s): Monday, May 23, 2016 (05:00 PM - 06:00 PM)

4 D04 - “Big Data - DB2 LUW Meta Data Repositories - A Field Guide for DBA's & Managers”

Sub-Title: What Big Data Padawans need to know . . .

Background Info OS Components SuSE 11 WAS 8.5.5.4 SuSE 11 DB2 V10.5.* SuSE 11 IIS SuSE 11 CDC OCFS2 / NFS Shared file systems RedHat 6.5 WAS 8.5.5.4 RedHat 6.5 WAS 8.5.5.4 5 Presentation Legend This presentation is designed for beginners & for the 40% of folks who are visual learners; (visual repetitions & practice make for easier learning). The subject matter is complex; this presentation only scratches the surface. GENERICS used throughout this presentation: • Server name: serverxx, serverxy • Database name: sampdb • Instance Name: db2instx, samp01, samp01f • Tablespace Name: TBSPNAME • name: ACRONYNM • Schema name: MUSER

• User name: MUSER01 6

Where Are We . . .

1) Introduction 2) Database system builds & configuration challenges 3) Security options discussion - root /non-root installation 4) Database maintenance, alerts, and utility operations 5) DB2 LUW Fixpack migration 'opportunities' 6) Summary

7 Introduction

“Any sufficiently advanced technology is indistinguishable from magic.”

Sir Arthur C. Clarke (1917 - 2008)

8 “Terms of Endearment”

IBM Big Data Sstems Buzzwords

1. Statistical Package for the Social Sciences (SPSS) 2. IBM SPSS Modeler (SPSS) 3. SPSS Collaboration and Decision Support (C&DS) Modeler 4. Analytical Decision Management (ADM) 5. IBM Infosphere Information Server (IIS) DataStage

9 More Info - Redbooks

Big Data • Information Governance Principles and Practices for a Big Data Landscape Published: 31 March 2014 - 280 pages http://www.redbooks.ibm.com/abstracts/sg248165.html?Open • Implementing IBM InfoSphere BigInsights on IBM System x • Published: March 27, 2014 http://www.redbooks.ibm.com/abstracts/sg248077.html?Open • Performance and Capacity Implications for Big Data Published: January, 2014 http://www.redbooks.ibm.com/redpapers/abstracts/redp5070.html?Open

10 Where Are We . . .

1) Introduction 2) Database system builds & configuration challenges 3) Security options discussion - root /non-root installation 4) Database maintenance, alerts, and utility operations 5) DB2 LUW Fixpack migration 'opportunities' 6) Summary

11 Redefinition needed in Webster's for knee jerk reactions to include …

Blame the RDMS Database/DBA

Knee jerk reaction

Also found in: Thesaurus, Medical, Wikipedia1. . Related to Knee jerk reaction: Knee jerk reflex Webster's Revised Unabridged Dictionary, published 1913 by C. & G. Merriam Co. an immediate unthinking emotional reaction produced by an event or statement to which the reacting person is highly sensitive; - in persons with strong feelings on a topic, it may be very predictable.

12 Pointing the finger away from DB2

• Train your WebSphere / Application folks to first choose to bounce the JVMs / Application when their log shows that they are unable to connect !

• App logs are normally generally not accessible on WebSphere / Application servers to the DBA Team. • TIP: Get read access to WebSphere / Application server logs at a minimum 13 HADR & TSAMP alarm perplexity amazement terror anxiety trepidation awe distraction bewilderment fear confusion muddle consternation shock dread stupefaction fright wonder horror muddlement panic trepidity 14

Avoid connection issues finger pointing with Application team

• Place DB2 ‘client’ software on the WebSphere tier, Engine Tier, Application Tier, and C&DS Tier servers ; build an intermittent crontab script call to simply “connect” to the active database repository servers & send txt msg or email alert when connect attempt fails.

• db2pd -osinfo is a resource cheap alternative in a WebSphere tier, Engine Tier, Application Tier, and C&DS Tier servers script:

Consider sending an alert from the WebSphere tier, Engine Tier, Application Tier, and C&DS Tier servers sent for FreeMem memory say less than 2000 mg to HADR Primary/Standby servers and for connect failures as well:

• Physical Memory and Swap (Megabytes): Healthy Memory • TotalMem FreeMem AvailMem TotalSwap FreeSwap • 20480 6972 n/a 8192 8169 15

Know Location of the WebSphere/App Logs Obtain Read Access WebSphere Application Server IIS (IBM Information Server)

 SystemOut*.log & SystemErr*.logs  Always sent/attached to PMR’S

 Send Server version.

 Send a description of the queries executed

 Send screenshots of errors coupled with timestamp of when the errors occurred

16 Sample location of Logs

/tstapps/IBM/WebSphere/AppServer/profiles/AppSrv01/logs/serverxy/SystemOut*.log

/tstapps/IBM/WebSphere/AppServer/profiles/AppSrv01/logs/serverxz/SystemErr*.log

17 Where Are We . . .

1) Introduction 2) Database system builds & configuration challenges 3) Security options discussion - root /non-root installation 4) Database maintenance, alerts, and utility operations 5) DB2 LUW Fixpack migration 'opportunities' 6) Summary

18 As a Matter of Fact . . .

• Security Always Matters • Veracity Always Matters • Backups & Log Health Always Matters • Uptime Always Matters • Performance Always Matters • Value to the Business Always Matters

19 root /non-root installation

• Avoid root installation – installs instance defaults :<( • OK for POC only – (no backup; backups are after thoughts) • Drop DB2 Instance / server as soon as reasonable !

• Non-root installation preferred :>)

• Choose your both instance – fenced id names wisely! • Establish sudo access to install DB2 engine • Establish sudo access to perform specific DB2 functions • Establish sudo access to perform normal TSAMP functions • Establish sudo access to perform TSAMP getsadata traces 20

Refreshing/Copying data to Test Systems

Become familiar with SSL Certificates

Become familiar with the various hash algorithms

Employ SHA-256; (not SHA-1)

Root will normally install SSL Certificates as separation of duties task.

21 Change All Defaults

• Change all defaults to be unique for your application • Do not DB2 Instance or name for both Test & Production • Change the Default DB2 Instance Owner id & fenced-id name • from & to something unique • Change the Default Port used for the DB2 Instance from 50000 • Employ sudo for DB2 Instance Owner id and for IBM TSAMP ‘getsadata’ logs and tools

Attend Dave Beulke’s Session A14 - DB2 Security Best Practices: Protecting your system from the Legions of Doom Thu, May 26, 2016 (08:00 AM - 09:00 AM) 22 Change All Defaults Prior to DB2 instance installation

echo "AIX" ; hostname ; date ; sudo /opt/IBM/db2/V10.5.7/instance/db2icrt -u db2fencx db2instx to echo "AIX" ; hostname ; date ; sudo /opt/IBM/db2/V10.5.7/instance/db2icrt -u samp01f samp01

echo "" ; hostname ; date ; sudo /opt/IBM/DB2/V10.5.7/instance/db2icrt -u db2fencx db2instx to echo "LINUX" ; hostname ; date ; sudo /opt/IBM/DB2/V10.5.7/instance/db2icrt -u samp01f samp01

23 Sample sudo -l (non-root installs) practicing injection prevention Mon Jan 25 06:15:31 EST 2016 serverxx samp01 SAMPDB No more wildcarding sudo

/db2home/db2instx=> sudo -l

User db2instx may run the following commands on this host:

(ALL) NOPASSWD: /usr/bin/getsadata, /bin/rm -rf /tmp/*serverxx*, /bin/cat /tmp/db2icrt*, /bin/rm /tmp/db2icrt*, /usr/bin/addrgmbr, /usr/bin/addrpnode,

/usr/bin/cfgsamadapter, /usr/sbin/rsct/bin/chequ, /usr/sbin/rsct/bin/chrel, /usr/sbin/rsct/bin/chrg, /usr/sbin/rsct/bin/chrgmbr,

/usr/sbin/rsct/bin/chrsrc, /usr/sbin/rsct/bin/lsequ, /usr/sbin/rsct/bin/lsrel, /usr/sbin/rsct/bin/lsrg, /usr/sbin/rsct/bin/lsrgreq,

/usr/sbin/rsct/bin/lsrpdomain, /usr/sbin/rsct/bin/lsrpnode, /usr/sbin/rsct/bin/lsrsrc, /usr/sbin/rsct/bin/lssam, /usr/sbin/rsct/bin/lssamctrl,

/usr/bin/lssrc, /usr/sbin/rsct/bin/mkequ, /usr/sbin/rsct/bin/mkrel, /usr/sbin/rsct/bin/mkrg, /usr/sbin/rsct/bin/mkrpdomain, /usr/sbin/rsct/bin/mkrsrc,

/usr/sbin/rsct/bin/pidmon, /usr/sbin/rsct/bin/preprpnode, /usr/sbin/rsct/bin/resetrsrc, /usr/sbin/rsct/bin/rgmbrreq, /usr/sbin/rsct/bin/rgreq,

/usr/sbin/rsct/bin/rmequ, /usr/sbin/rsct/bin/rmrel, /usr/sbin/rsct/bin/rmrg, /usr/sbin/rsct/bin/rmrgmbr, /usr/sbin/rsct/bin/rmrpdomain,

/usr/sbin/rsct/bin/rmrpnode, /usr/sbin/rsct/bin/rmrsrc, /usr/sbin/rsct/bin/runact, /usr/bin/samadapter, /usr/sbin/rsct/bin/samctrl,

/usr/sbin/rsct/bin/samdiag, /usr/sbin/rsct/bin/samlicm, /usr/sbin/rsct/bin/samlog, /usr/sbin/rsct/bin/sampolicy, /usr/sbin/rsct/bin/samsimul,

/usr/sbin/rsct/bin/startrpdomain, /usr/sbin/rsct/bin/startrpnode, /usr/sbin/rsct/bin/startrsrc, /usr/sbin/rsct/bin/stoprpdomain,

/usr/sbin/rsct/bin/stoprpnode, /usr/sbin/rsct/bin/stoprsrc, /bin/rm /tmp/*sa_data.tar.gz, /usr/bin/tail -f /tmp/db2icrt*, /bin/chmod 644 /tmp/db2*.log*,

/bin/chmod 644 /tmp/db2*.trc*, /utility/scripts/getsadata/getsadata, /utility/scripts/getsadata/db2tsacheck, /bin/cat /var/log/messages, /usr/bin/rpttr

-odtic /var/ct/*domain*/log/mc/IBM.RecoveryRM/trace_summary, /bin/chmod 644 /tmp/trace.out, /usr/sbin/sar 24

(db2instx) NOPASSWD: ALL

(ALL) NOPASSWD: /usr/local/scripts/rpttr.sh

(ALL) NOPASSWD: /opt/IBM/db2/V10.5.5/instance/dasupdt, /opt/IBM/db2/V10.5.5/instance/dasmigr, /opt/IBM/db2/V10.5.5/instance/dasdrop,

/opt/IBM/db2/V10.5.5/instance/db2ilist, /opt/IBM/db2/V10.5.5/instance/db2iauto, /opt/IBM/db2/V10.5.5/instance/db2ckupgrade,

/opt/IBM/db2/V10.5.5/instance/db2iupgrade, /opt/IBM/db2/V10.5.5/instance/db2iupdt, /opt/IBM/db2/V10.5.5/instance/db2idrop,

/opt/IBM/db2/V10.5.5/instance/db2icrt, /opt/IBM/db2/V10.5.5/bin/db2help, /opt/IBM/db2/V10.5.5/bin/db2ilist, /opt/IBM/db2/V10.5.5/bin/clpplus,

/opt/IBM/db2/V10.5.5/bin/db2cos_perf, /opt/IBM/db2/V10.5.5/bin/db2cos_hadr, /opt/IBM/db2/V10.5.5/bin/db2cos, /opt/IBM/db2/V10.5.5/bin/db2cos_trap,

/opt/IBM/db2/V10.5.5/bin/db2cos_threshold, /opt/IBM/db2/V10.5.5/bin/db2ckupgrade, /opt/IBM/db2/V10.5.5/bin/db2cos_clp, /opt/IBM/db2/V10.5.5/bin/db2_ps,

/opt/IBM/db2/V10.5.5/bin/db2_local_ps, /opt/IBM/db2/V10.5.5/bin/db2cos_hang, /opt/IBM/db2/V10.5.5/bin/db2cos_preupgrade,

/opt/IBM/db2/V10.5.5/bin/db2cos_datacorruption, /opt/IBM/db2/V10.5.5/bin/dart_all, /opt/IBM/db2/V10.5.5/bin/db2latchtrace,

/opt/IBM/db2/V10.5.5/bin/db2cos_member, /opt/IBM/db2/V10.5.5/bin/db2iauto, /opt/IBM/db2/V10.5.5/bin/db2nkill, /opt/IBM/db2/V10.5.5/bin/db2nps,

/opt/IBM/db2/V10.5.5/bin/db2fs, /opt/IBM/db2/V10.5.5/bin/db2jdbcbind, /opt/IBM/db2/V10.5.5/bin/db2_kill, /opt/IBM/db2/V10.5.5/bin/db2_all,

/opt/IBM/db2/V10.5.5/bin/db2rc, /opt/IBM/db2/V10.5.5/bin/ipclean, /opt/IBM/db2/V10.5.5/bin/db2, /opt/IBM/db2/V10.5.5/bin/db2top,

/opt/IBM/db2/V10.5.5/bin/db2support, /opt/IBM/db2/V10.5.5/bin/db2sampl, /opt/IBM/db2/V10.5.5/bin/db2relocatedb, /opt/IBM/db2/V10.5.5/bin/db2rbind,

/opt/IBM/db2/V10.5.5/bin/db2mtrk, /opt/IBM/db2/V10.5.5/bin/db2move, /opt/IBM/db2/V10.5.5/bin/db2lspwd, /opt/IBM/db2/V10.5.5/bin/db2look,

/opt/IBM/db2/V10.5.5/bin/db2inspf, /opt/IBM/db2/V10.5.5/bin/db2haicu, /opt/IBM/db2/V10.5.5/bin/db2greg, /opt/IBM/db2/V10.5.5/bin/db2fodc,

/opt/IBM/db2/V10.5.5/bin/db2fmd, /opt/IBM/db2/V10.5.5/bin/db2fmcu, /opt/IBM/db2/V10.5.5/bin/db2fmcd, /opt/IBM/db2/V10.5.5/bin/db2fm,

/opt/IBM/db2/V10.5.5/bin/db2flsn, /opt/IBM/db2/V10.5.5/bin/db2fedgentf, /opt/IBM/db2/V10.5.5/bin/db2expln, /opt/IBM/db2/V10.5.5/bin/db2exmig,

/opt/IBM/db2/V10.5.5/bin/db2exfmt, /opt/IBM/db2/V10.5.5/bin/db2evtbl, /opt/IBM/db2/V10.5.5/bin/db2evmon, /opt/IBM/db2/V10.5.5/bin/db2empfa,

/opt/IBM/db2/V10.5.5/bin/db2diag, /opt/IBM/db2/V10.5.5/bin/db2dclgn, /opt/IBM/db2/V10.5.5/bin/db2convert, /opt/IBM/db2/V10.5.5/bin/db2cmnclp,

/opt/IBM/db2/V10.5.5/bin/db2cluster, /opt/IBM/db2/V10.5.5/bin/db2cli, /opt/IBM/db2/V10.5.5/bin/db2ckupgrade64_exe,

/opt/IBM/db2/V10.5.5/bin/db2ckupgrade32_exe, /opt/IBM/db2/V10.5.5/bin/db2ckrst, /opt/IBM/db2/V10.5.5/bin/db2cklog, /opt/IBM/db2/V10.5.5/bin/db2ckbkp,

/opt/IBM/db2/V10.5.5/bin/db2cfimp, /opt/IBM/db2/V10.5.5/bin/db2cfexp, /opt/IBM/db2/V10.5.5/bin/db2cat, /opt/IBM/db2/V10.5.5/bin/db2caem,

/opt/IBM/db2/V10.5.5/bin/db2bp, /opt/IBM/db2/V10.5.5/bin/db2bfd, /opt/IBM/db2/V10.5.5/bin/db2batch, /opt/IBM/db2/V10.5.5/bin/db2advis,

/opt/IBM/db2/V10.5.5/bin/db2val, /opt/IBM/db2/V10.5.5/bin/db2updv105, /opt/IBM/db2/V10.5.5/bin/db2untag, /opt/IBM/db2/V10.5.5/bin/db2ts,

/opt/IBM/db2/V10.5.5/instance/native/install/db2prereqcheck

(ALL) NOPASSWD: /opt/IBM/db2/V10.5.6/instance/dasupdt, /opt/IBM/db2/V10.5.6/instance/dasmigr, /opt/IBM/db2/V10.5.6/instance/dasdrop,

/opt/IBM/db2/V10.5.6/instance/db2ilist, /opt/IBM/db2/V10.5.6/instance/db2iauto, /opt/IBM/db2/V10.5.6/instance/db2ckupgrade,

/opt/IBM/db2/V10.5.6/instance/db2iupgrade, /opt/IBM/db2/V10.5.6/instance/db2iupdt, /opt/IBM/db2/V10.5.6/instance/db2idrop,

/opt/IBM/db2/V10.5.6/instance/db2icrt, /opt/IBM/db2/V10.5.6/bin/db2help, /opt/IBM/db2/V10.5.6/bin/db2ilist, /opt/IBM/db2/V10.5.6/bin/clpplus,

/opt/IBM/db2/V10.5.6/bin/db2cos_perf, /opt/IBM/db2/V10.5.6/bin/db2cos_hadr, /opt/IBM/db2/V10.5.6/bin/db2cos, /opt/IBM/db2/V10.5.6/bin/db2cos_trap,

/opt/IBM/db2/V10.5.6/bin/db2cos_threshold, /opt/IBM/db2/V10.5.6/bin/db2ckupgrade, /opt/IBM/db2/V10.5.6/bin/db2cos_clp, /opt/IBM/db2/V10.5.6/bin/db2_ps,

/opt/IBM/db2/V10.5.6/bin/db2_local_ps, /opt/IBM/db2/V10.5.6/bin/db2cos_hang, /opt/IBM/db2/V10.5.6/bin/db2cos_preupgrade,

/opt/IBM/db2/V10.5.6/bin/db2cos_datacorruption, /opt/IBM/db2/V10.5.6/bin/dart_all, /opt/IBM/db2/V10.5.6/bin/db2latchtrace,

/opt/IBM/db2/V10.5.6/bin/db2cos_member, /opt/IBM/db2/V10.5.6/bin/db2iauto, /opt/IBM/db2/V10.5.6/bin/db2nkill, /opt/IBM/db2/V10.5.6/bin/db2nps,

/opt/IBM/db2/V10.5.6/bin/db2fs, /opt/IBM/db2/V10.5.6/bin/db2jdbcbind, /opt/IBM/db2/V10.5.6/bin/db2_kill, /opt/IBM/db2/V10.5.6/bin/db2_all,

/opt/IBM/db2/V10.5.6/bin/db2rc, /opt/IBM/db2/V10.5.6/bin/ipclean, /opt/IBM/db2/V10.5.6/bin/db2, /opt/IBM/db2/V10.5.6/bin/db2top,

/opt/IBM/db2/V10.5.6/bin/db2support, /opt/IBM/db2/V10.5.6/bin/db2sampl, /opt/IBM/db2/V10.5.6/bin/db2relocatedb, /opt/IBM/db2/V10.5.6/bin/db2rbind,

/opt/IBM/db2/V10.5.6/bin/db2mtrk, /opt/IBM/db2/V10.5.6/bin/db2move, /opt/IBM/db2/V10.5.6/bin/db2lspwd, /opt/IBM/db2/V10.5.6/bin/db2look,

/opt/IBM/db2/V10.5.6/bin/db2inspf, /opt/IBM/db2/V10.5.6/bin/db2haicu, /opt/IBM/db2/V10.5.6/bin/db2greg, /opt/IBM/db2/V10.5.6/bin/db2fodc,

/opt/IBM/db2/V10.5.6/bin/db2fmd, /opt/IBM/db2/V10.5.6/bin/db2fmcu, /opt/IBM/db2/V10.5.6/bin/db2fmcd, /opt/IBM/db2/V10.5.6/bin/db2fm,

/opt/IBM/db2/V10.5.6/bin/db2flsn, /opt/IBM/db2/V10.5.6/bin/db2fedgentf, /opt/IBM/db2/V10.5.6/bin/db2expln, /opt/IBM/db2/V10.5.6/bin/db2exmig,

/opt/IBM/db2/V10.5.6/bin/db2exfmt, /opt/IBM/db2/V10.5.6/bin/db2evtbl, /opt/IBM/db2/V10.5.6/bin/db2evmon, /opt/IBM/db2/V10.5.6/bin/db2empfa,

/opt/IBM/db2/V10.5.6/bin/db2diag, /opt/IBM/db2/V10.5.6/bin/db2dclgn, /opt/IBM/db2/V10.5.6/bin/db2convert, /opt/IBM/db2/V10.5.6/bin/db2cmnclp,

/opt/IBM/db2/V10.5.6/bin/db2cluster, /opt/IBM/db2/V10.5.6/bin/db2cli, /opt/IBM/db2/V10.5.6/bin/db2ckupgrade64_exe,

/opt/IBM/db2/V10.5.6/bin/db2ckupgrade32_exe, /opt/IBM/db2/V10.5.6/bin/db2ckrst, /opt/IBM/db2/V10.5.6/bin/db2cklog, /opt/IBM/db2/V10.5.6/bin/db2ckbkp,

/opt/IBM/db2/V10.5.6/bin/db2cfimp, /opt/IBM/db2/V10.5.6/bin/db2cfexp, /opt/IBM/db2/V10.5.6/bin/db2cat, /opt/IBM/db2/V10.5.6/bin/db2caem,

/opt/IBM/db2/V10.5.6/bin/db2bp, /opt/IBM/db2/V10.5.6/bin/db2bfd, /opt/IBM/db2/V10.5.6/bin/db2batch, /opt/IBM/db2/V10.5.6/bin/db2advis,

/opt/IBM/db2/V10.5.6/bin/db2val, /opt/IBM/db2/V10.5.6/bin/db2updv105, /opt/IBM/db2/V10.5.6/bin/db2untag, /opt/IBM/db2/V10.5.6/bin/db2ts,

/opt/IBM/db2/V10.5.6/instance/native/install/db2prereqcheck

Sample sudo -l (non-root installs) practicing injection prevention – No Wildcarding sudo Mon Jan 25 06:15:31 EST 2016 Mon Jan 25 06:15:31 EST 2016 serverxx samp01 SAMPDB serverxx samp01 SAMPDB

/db2home/db2instx=> sudo -l /db2home/db2instx=> sudo -l

User db2instx may run the following commands on this host: User db2instx may run the following commands on this host:

(ALL) NOPASSWD: /usr/bin/getsadata, /bin/rm -rf /tmp/*serverxx*, /bin/cat /tmp/db2icrt*, /bin/rm /tmp/db2icrt*, /usr/bin/addrgmbr, (ALL) NOPASSWD: /usr/bin/getsadata, /bin/rm -rf /tmp/*serverxx*, /bin/cat /tmp/db2icrt*, /bin/rm /usr/bin/addrpnode, /tmp/db2icrt*, /usr/bin/addrgmbr, /usr/bin/addrpnode,

/usr/bin/cfgsamadapter, /usr/sbin/rsct/bin/chequ, /usr/sbin/rsct/bin/chrel, /usr/sbin/rsct/bin/chrg, /usr/sbin/rsct/bin/chrgmbr, /usr/bin/cfgsamadapter, /usr/sbin/rsct/bin/chequ, /usr/sbin/rsct/bin/chrel, /usr/sbin/rsct/bin/chrg, /usr/sbin/rsct/bin/chrgmbr, /usr/sbin/rsct/bin/chrsrc, /usr/sbin/rsct/bin/lsequ, /usr/sbin/rsct/bin/lsrel, /usr/sbin/rsct/bin/lsrg, /usr/sbin/rsct/bin/lsrgreq, /usr/sbin/rsct/bin/chrsrc, /usr/sbin/rsct/bin/lsequ, /usr/sbin/rsct/bin/lsrel, /usr/sbin/rsct/bin/lsrg, /usr/sbin/rsct/bin/lsrgreq, /usr/sbin/rsct/bin/lsrpdomain, /usr/sbin/rsct/bin/lsrpnode, /usr/sbin/rsct/bin/lsrsrc, /usr/sbin/rsct/bin/lssam, /usr/sbin/rsct/bin/lssamctrl,

/usr/sbin/rsct/bin/lsrpdomain, /usr/sbin/rsct/bin/lsrpnode, /usr/sbin/rsct/bin/lsrsrc, /usr/bin/lssrc, /usr/sbin/rsct/bin/mkequ, /usr/sbin/rsct/bin/mkrel, /usr/sbin/rsct/bin/mkrg, /usr/sbin/rsct/bin/mkrpdomain, /usr/sbin/rsct/bin/mkrsrc, /usr/sbin/rsct/bin/lssam, /usr/sbin/rsct/bin/lssamctrl,

/usr/sbin/rsct/bin/pidmon, /usr/sbin/rsct/bin/preprpnode, /usr/sbin/rsct/bin/resetrsrc, /usr/sbin/rsct/bin/rgmbrreq, /usr/sbin/rsct/bin/rgreq, /usr/bin/lssrc, /usr/sbin/rsct/bin/mkequ, /usr/sbin/rsct/bin/mkrel, /usr/sbin/rsct/bin/mkrg, /usr/sbin/rsct/bin/mkrpdomain, /usr/sbin/rsct/bin/mkrsrc, /usr/sbin/rsct/bin/rmequ, /usr/sbin/rsct/bin/rmrel, /usr/sbin/rsct/bin/rmrg, /usr/sbin/rsct/bin/rmrgmbr, /usr/sbin/rsct/bin/rmrpdomain, /usr/sbin/rsct/bin/pidmon, /usr/sbin/rsct/bin/preprpnode, /usr/sbin/rsct/bin/resetrsrc, /usr/sbin/rsct/bin/rmrpnode, /usr/sbin/rsct/bin/rmrsrc, /usr/sbin/rsct/bin/runact, /usr/bin/samadapter, /usr/sbin/rsct/bin/samctrl, /usr/sbin/rsct/bin/rgmbrreq, /usr/sbin/rsct/bin/rgreq,

/usr/sbin/rsct/bin/samdiag, /usr/sbin/rsct/bin/samlicm, /usr/sbin/rsct/bin/samlog, /usr/sbin/rsct/bin/sampolicy, /usr/sbin/rsct/bin/samsimul, /usr/sbin/rsct/bin/rmequ, /usr/sbin/rsct/bin/rmrel, /usr/sbin/rsct/bin/rmrg, /usr/sbin/rsct/bin/rmrgmbr, /usr/sbin/rsct/bin/rmrpdomain, /usr/sbin/rsct/bin/startrpdomain, /usr/sbin/rsct/bin/startrpnode, /usr/sbin/rsct/bin/startrsrc, /usr/sbin/rsct/bin/stoprpdomain, /usr/sbin/rsct/bin/rmrpnode, /usr/sbin/rsct/bin/rmrsrc, /usr/sbin/rsct/bin/runact, /usr/bin/samadapter, /usr/sbin/rsct/bin/samctrl, /usr/sbin/rsct/bin/stoprpnode, /usr/sbin/rsct/bin/stoprsrc, /bin/rm /tmp/*sa_data.tar.gz, /usr/bin/tail -f /tmp/db2icrt*, /bin/chmod 644 /tmp/db2*.log*,

/usr/sbin/rsct/bin/samdiag, /usr/sbin/rsct/bin/samlicm, /usr/sbin/rsct/bin/samlog, /bin/chmod 644 /tmp/db2*.trc*, /utility/scripts/getsadata/getsadata, /utility/scripts/getsadata/db2tsacheck, /bin/cat /var/log/messages, /usr/bin/rpttr /usr/sbin/rsct/bin/sampolicy, /usr/sbin/rsct/bin/samsimul,

-odtic /var/ct/*domain*/log/mc/IBM.RecoveryRM/trace_summary, /bin/chmod 644 /tmp/trace.out, /usr/sbin/sar /usr/sbin/rsct/bin/startrpdomain, /usr/sbin/rsct/bin/startrpnode, /usr/sbin/rsct/bin/startrsrc, /usr/sbin/rsct/bin/stoprpdomain, (db2instx) NOPASSWD: ALL /usr/sbin/rsct/bin/stoprpnode, /usr/sbin/rsct/bin/stoprsrc, /bin/rm /tmp/*sa_data.tar.gz, /usr/bin/tail -f (ALL) NOPASSWD: /usr/local/scripts/rpttr.sh /tmp/db2icrt*, /bin/chmod 644 /tmp/db2*.log*,

(ALL) NOPASSWD: /opt/IBM/db2/V10.5.5/instance/dasupdt, /opt/IBM/db2/V10.5.5/instance/dasmigr, /opt/IBM/db2/V10.5.5/instance/dasdrop, /bin/chmod 644 /tmp/db2*.trc*, /utility/scripts/getsadata/getsadata, /utility/scripts/getsadata/db2tsacheck, /bin/cat /var/log/messages, /usr/bin/rpttr /opt/IBM/db2/V10.5.5/instance/db2ilist, /opt/IBM/db2/V10.5.5/instance/db2iauto, /opt/IBM/db2/V10.5.5/instance/db2ckupgrade, -odtic /var/ct/*domain*/log/mc/IBM.RecoveryRM/trace_summary, /bin/chmod 644 /tmp/trace.out, 25 /usr/sbin/sar /opt/IBM/db2/V10.5.5/instance/db2iupgrade, /opt/IBM/db2/V10.5.5/instance/db2iupdt, /opt/IBM/db2/V10.5.5/instance/db2idrop,

(db2instx) NOPASSWD: ALL /opt/IBM/db2/V10.5.5/instance/db2icrt, /opt/IBM/db2/V10.5.5/bin/db2help, /opt/IBM/db2/V10.5.5/bin/db2ilist, /opt/IBM/db2/V10.5.5/bin/clpplus,

(ALL) NOPASSWD: /usr/local/scripts/rpttr.sh /opt/IBM/db2/V10.5.5/bin/db2cos_perf, /opt/IBM/db2/V10.5.5/bin/db2cos_hadr, /opt/IBM/db2/V10.5.5/bin/db2cos, /opt/IBM/db2/V10.5.5/bin/db2cos_trap, (ALL) NOPASSWD: /opt/IBM/db2/V10.5.5/instance/dasupdt, /opt/IBM/db2/V10.5.5/instance/dasmigr, /opt/IBM/db2/V10.5.5/instance/dasdrop, /opt/IBM/db2/V10.5.5/bin/db2cos_threshold, /opt/IBM/db2/V10.5.5/bin/db2ckupgrade, /opt/IBM/db2/V10.5.5/bin/db2cos_clp, /opt/IBM/db2/V10.5.5/bin/db2_ps, /opt/IBM/db2/V10.5.5/instance/db2ilist, /opt/IBM/db2/V10.5.5/instance/db2iauto, /opt/IBM/db2/V10.5.5/instance/db2ckupgrade, /opt/IBM/db2/V10.5.5/bin/db2_local_ps, /opt/IBM/db2/V10.5.5/bin/db2cos_hang, /opt/IBM/db2/V10.5.5/bin/db2cos_preupgrade,

/opt/IBM/db2/V10.5.5/instance/db2iupgrade, /opt/IBM/db2/V10.5.5/instance/db2iupdt, /opt/IBM/db2/V10.5.5/bin/db2cos_datacorruption, /opt/IBM/db2/V10.5.5/bin/dart_all, /opt/IBM/db2/V10.5.5/bin/db2latchtrace, /opt/IBM/db2/V10.5.5/instance/db2idrop,

/opt/IBM/db2/V10.5.5/bin/db2cos_member, /opt/IBM/db2/V10.5.5/bin/db2iauto, /opt/IBM/db2/V10.5.5/bin/db2nkill, /opt/IBM/db2/V10.5.5/bin/db2nps, /opt/IBM/db2/V10.5.5/instance/db2icrt, /opt/IBM/db2/V10.5.5/bin/db2help, /opt/IBM/db2/V10.5.5/bin/db2ilist, /opt/IBM/db2/V10.5.5/bin/clpplus, /opt/IBM/db2/V10.5.5/bin/db2fs, /opt/IBM/db2/V10.5.5/bin/db2jdbcbind, /opt/IBM/db2/V10.5.5/bin/db2_kill, /opt/IBM/db2/V10.5.5/bin/db2_all, /opt/IBM/db2/V10.5.5/bin/db2cos_perf, /opt/IBM/db2/V10.5.5/bin/db2cos_hadr, /opt/IBM/db2/V10.5.5/bin/db2rc, /opt/IBM/db2/V10.5.5/bin/ipclean, /opt/IBM/db2/V10.5.5/bin/db2, /opt/IBM/db2/V10.5.5/bin/db2top, /opt/IBM/db2/V10.5.5/bin/db2cos, /opt/IBM/db2/V10.5.5/bin/db2cos_trap,

/opt/IBM/db2/V10.5.5/bin/db2support, /opt/IBM/db2/V10.5.5/bin/db2sampl, /opt/IBM/db2/V10.5.5/bin/db2relocatedb, /opt/IBM/db2/V10.5.5/bin/db2cos_threshold, /opt/IBM/db2/V10.5.5/bin/db2ckupgrade, /opt/IBM/db2/V10.5.5/bin/db2rbind, /opt/IBM/db2/V10.5.5/bin/db2cos_clp, /opt/IBM/db2/V10.5.5/bin/db2_ps,

/opt/IBM/db2/V10.5.5/bin/db2mtrk, /opt/IBM/db2/V10.5.5/bin/db2move, /opt/IBM/db2/V10.5.5/bin/db2lspwd, /opt/IBM/db2/V10.5.5/bin/db2look, /opt/IBM/db2/V10.5.5/bin/db2_local_ps, /opt/IBM/db2/V10.5.5/bin/db2cos_hang, /opt/IBM/db2/V10.5.5/bin/db2cos_preupgrade,

/opt/IBM/db2/V10.5.5/bin/db2inspf, /opt/IBM/db2/V10.5.5/bin/db2haicu, /opt/IBM/db2/V10.5.5/bin/db2greg, /opt/IBM/db2/V10.5.5/bin/db2fodc, /opt/IBM/db2/V10.5.5/bin/db2cos_datacorruption, /opt/IBM/db2/V10.5.5/bin/dart_all, /opt/IBM/db2/V10.5.5/bin/db2latchtrace, /opt/IBM/db2/V10.5.5/bin/db2fmd, /opt/IBM/db2/V10.5.5/bin/db2fmcu, /opt/IBM/db2/V10.5.5/bin/db2fmcd, /opt/IBM/db2/V10.5.5/bin/db2fm,

/opt/IBM/db2/V10.5.5/bin/db2cos_member, /opt/IBM/db2/V10.5.5/bin/db2iauto, /opt/IBM/db2/V10.5.5/bin/db2flsn, /opt/IBM/db2/V10.5.5/bin/db2fedgentf, /opt/IBM/db2/V10.5.5/bin/db2expln, /opt/IBM/db2/V10.5.5/bin/db2exmig, /opt/IBM/db2/V10.5.5/bin/db2nkill, /opt/IBM/db2/V10.5.5/bin/db2nps,

/opt/IBM/db2/V10.5.5/bin/db2exfmt, /opt/IBM/db2/V10.5.5/bin/db2evtbl, /opt/IBM/db2/V10.5.5/bin/db2evmon, /opt/IBM/db2/V10.5.5/bin/db2empfa, /opt/IBM/db2/V10.5.5/bin/db2fs, /opt/IBM/db2/V10.5.5/bin/db2jdbcbind, /opt/IBM/db2/V10.5.5/bin/db2_kill, /opt/IBM/db2/V10.5.5/bin/db2_all, /opt/IBM/db2/V10.5.5/bin/db2diag, /opt/IBM/db2/V10.5.5/bin/db2dclgn, /opt/IBM/db2/V10.5.5/bin/db2convert, /opt/IBM/db2/V10.5.5/bin/db2cmnclp, /opt/IBM/db2/V10.5.5/bin/db2rc, /opt/IBM/db2/V10.5.5/bin/ipclean, /opt/IBM/db2/V10.5.5/bin/db2, /opt/IBM/db2/V10.5.5/bin/db2cluster, /opt/IBM/db2/V10.5.5/bin/db2cli, /opt/IBM/db2/V10.5.5/bin/db2ckupgrade64_exe, /opt/IBM/db2/V10.5.5/bin/db2top,

/opt/IBM/db2/V10.5.5/bin/db2ckupgrade32_exe, /opt/IBM/db2/V10.5.5/bin/db2ckrst, /opt/IBM/db2/V10.5.5/bin/db2cklog, /opt/IBM/db2/V10.5.5/bin/db2support, /opt/IBM/db2/V10.5.5/bin/db2sampl, /opt/IBM/db2/V10.5.5/bin/db2ckbkp, /opt/IBM/db2/V10.5.5/bin/db2relocatedb, /opt/IBM/db2/V10.5.5/bin/db2rbind,

/opt/IBM/db2/V10.5.5/bin/db2cfimp, /opt/IBM/db2/V10.5.5/bin/db2cfexp, /opt/IBM/db2/V10.5.5/bin/db2cat, /opt/IBM/db2/V10.5.5/bin/db2caem, /opt/IBM/db2/V10.5.5/bin/db2mtrk, /opt/IBM/db2/V10.5.5/bin/db2move, /opt/IBM/db2/V10.5.5/bin/db2lspwd, /opt/IBM/db2/V10.5.5/bin/db2look,

/opt/IBM/db2/V10.5.5/bin/db2bp, /opt/IBM/db2/V10.5.5/bin/db2bfd, /opt/IBM/db2/V10.5.5/bin/db2batch, /opt/IBM/db2/V10.5.5/bin/db2advis, /opt/IBM/db2/V10.5.5/bin/db2inspf, /opt/IBM/db2/V10.5.5/bin/db2haicu, /opt/IBM/db2/V10.5.5/bin/db2greg, /opt/IBM/db2/V10.5.5/bin/db2fodc, /opt/IBM/db2/V10.5.5/bin/db2val, /opt/IBM/db2/V10.5.5/bin/db2updv105, /opt/IBM/db2/V10.5.5/bin/db2untag, /opt/IBM/db2/V10.5.5/bin/db2ts,

/opt/IBM/db2/V10.5.5/bin/db2fmd, /opt/IBM/db2/V10.5.5/bin/db2fmcu, /opt/IBM/db2/V10.5.5/instance/native/install/db2prereqcheck /opt/IBM/db2/V10.5.5/bin/db2fmcd, /opt/IBM/db2/V10.5.5/bin/db2fm,

(ALL) NOPASSWD: /opt/IBM/db2/V10.5.6/instance/dasupdt, /opt/IBM/db2/V10.5.6/instance/dasmigr, /opt/IBM/db2/V10.5.6/instance/dasdrop, /opt/IBM/db2/V10.5.5/bin/db2flsn, /opt/IBM/db2/V10.5.5/bin/db2fedgentf, /opt/IBM/db2/V10.5.5/bin/db2expln, /opt/IBM/db2/V10.5.5/bin/db2exmig, /opt/IBM/db2/V10.5.6/instance/db2ilist, /opt/IBM/db2/V10.5.6/instance/db2iauto, /opt/IBM/db2/V10.5.6/instance/db2ckupgrade, /opt/IBM/db2/V10.5.5/bin/db2exfmt, /opt/IBM/db2/V10.5.5/bin/db2evtbl, /opt/IBM/db2/V10.5.6/instance/db2iupgrade, /opt/IBM/db2/V10.5.6/instance/db2iupdt, /opt/IBM/db2/V10.5.6/instance/db2idrop, /opt/IBM/db2/V10.5.5/bin/db2evmon, /opt/IBM/db2/V10.5.5/bin/db2empfa,

/opt/IBM/db2/V10.5.6/instance/db2icrt, /opt/IBM/db2/V10.5.6/bin/db2help, /opt/IBM/db2/V10.5.6/bin/db2ilist, /opt/IBM/db2/V10.5.6/bin/clpplus, /opt/IBM/db2/V10.5.5/bin/db2diag, /opt/IBM/db2/V10.5.5/bin/db2dclgn, /opt/IBM/db2/V10.5.5/bin/db2convert, /opt/IBM/db2/V10.5.5/bin/db2cmnclp,

/opt/IBM/db2/V10.5.6/bin/db2cos_perf, /opt/IBM/db2/V10.5.6/bin/db2cos_hadr, /opt/IBM/db2/V10.5.6/bin/db2cos, /opt/IBM/db2/V10.5.6/bin/db2cos_trap, /opt/IBM/db2/V10.5.5/bin/db2cluster, /opt/IBM/db2/V10.5.5/bin/db2cli, /opt/IBM/db2/V10.5.5/bin/db2ckupgrade64_exe,

/opt/IBM/db2/V10.5.6/bin/db2cos_threshold, /opt/IBM/db2/V10.5.6/bin/db2ckupgrade, /opt/IBM/db2/V10.5.6/bin/db2cos_clp, /opt/IBM/db2/V10.5.6/bin/db2_ps, /opt/IBM/db2/V10.5.5/bin/db2ckupgrade32_exe, /opt/IBM/db2/V10.5.5/bin/db2ckrst, /opt/IBM/db2/V10.5.5/bin/db2cklog, /opt/IBM/db2/V10.5.5/bin/db2ckbkp,

/opt/IBM/db2/V10.5.6/bin/db2_local_ps, /opt/IBM/db2/V10.5.6/bin/db2cos_hang, /opt/IBM/db2/V10.5.6/bin/db2cos_preupgrade, /opt/IBM/db2/V10.5.5/bin/db2cfimp, /opt/IBM/db2/V10.5.5/bin/db2cfexp, /opt/IBM/db2/V10.5.5/bin/db2cat, /opt/IBM/db2/V10.5.5/bin/db2caem, /opt/IBM/db2/V10.5.6/bin/db2cos_datacorruption, /opt/IBM/db2/V10.5.6/bin/dart_all, /opt/IBM/db2/V10.5.6/bin/db2latchtrace,

/opt/IBM/db2/V10.5.5/bin/db2bp, /opt/IBM/db2/V10.5.5/bin/db2bfd, /opt/IBM/db2/V10.5.6/bin/db2cos_member, /opt/IBM/db2/V10.5.6/bin/db2iauto, /opt/IBM/db2/V10.5.6/bin/db2nkill, /opt/IBM/db2/V10.5.6/bin/db2nps, /opt/IBM/db2/V10.5.5/bin/db2batch, /opt/IBM/db2/V10.5.5/bin/db2advis,

/opt/IBM/db2/V10.5.6/bin/db2fs, /opt/IBM/db2/V10.5.6/bin/db2jdbcbind, /opt/IBM/db2/V10.5.6/bin/db2_kill, /opt/IBM/db2/V10.5.6/bin/db2_all, /opt/IBM/db2/V10.5.5/bin/db2val, /opt/IBM/db2/V10.5.5/bin/db2updv105, /opt/IBM/db2/V10.5.5/bin/db2untag, /opt/IBM/db2/V10.5.5/bin/db2ts, /opt/IBM/db2/V10.5.6/bin/db2rc, /opt/IBM/db2/V10.5.6/bin/ipclean, /opt/IBM/db2/V10.5.6/bin/db2, /opt/IBM/db2/V10.5.6/bin/db2top, /opt/IBM/db2/V10.5.5/instance/native/install/db2prereqcheck /opt/IBM/db2/V10.5.6/bin/db2support, /opt/IBM/db2/V10.5.6/bin/db2sampl, /opt/IBM/db2/V10.5.6/bin/db2relocatedb, /opt/IBM/db2/V10.5.6/bin/db2rbind, (ALL) NOPASSWD: /opt/IBM/db2/V10.5.6/instance/dasupdt, /opt/IBM/db2/V10.5.6/instance/dasmigr, /opt/IBM/db2/V10.5.6/instance/dasdrop, /opt/IBM/db2/V10.5.6/bin/db2mtrk, /opt/IBM/db2/V10.5.6/bin/db2move, /opt/IBM/db2/V10.5.6/bin/db2lspwd, /opt/IBM/db2/V10.5.6/bin/db2look, /opt/IBM/db2/V10.5.6/instance/db2ilist, /opt/IBM/db2/V10.5.6/instance/db2iauto, /opt/IBM/db2/V10.5.6/bin/db2inspf, /opt/IBM/db2/V10.5.6/bin/db2haicu, /opt/IBM/db2/V10.5.6/bin/db2greg, /opt/IBM/db2/V10.5.6/bin/db2fodc, /opt/IBM/db2/V10.5.6/instance/db2ckupgrade,

/opt/IBM/db2/V10.5.6/bin/db2fmd, /opt/IBM/db2/V10.5.6/bin/db2fmcu, /opt/IBM/db2/V10.5.6/bin/db2fmcd, /opt/IBM/db2/V10.5.6/bin/db2fm, /opt/IBM/db2/V10.5.6/instance/db2iupgrade, /opt/IBM/db2/V10.5.6/instance/db2iupdt, /opt/IBM/db2/V10.5.6/instance/db2idrop,

/opt/IBM/db2/V10.5.6/bin/db2flsn, /opt/IBM/db2/V10.5.6/bin/db2fedgentf, /opt/IBM/db2/V10.5.6/bin/db2expln, /opt/IBM/db2/V10.5.6/bin/db2exmig, /opt/IBM/db2/V10.5.6/instance/db2icrt, /opt/IBM/db2/V10.5.6/bin/db2help, /opt/IBM/db2/V10.5.6/bin/db2ilist, /opt/IBM/db2/V10.5.6/bin/clpplus, /opt/IBM/db2/V10.5.6/bin/db2exfmt, /opt/IBM/db2/V10.5.6/bin/db2evtbl, /opt/IBM/db2/V10.5.6/bin/db2evmon, /opt/IBM/db2/V10.5.6/bin/db2empfa, /opt/IBM/db2/V10.5.6/bin/db2cos_perf, /opt/IBM/db2/V10.5.6/bin/db2cos_hadr, /opt/IBM/db2/V10.5.6/bin/db2diag, /opt/IBM/db2/V10.5.6/bin/db2dclgn, /opt/IBM/db2/V10.5.6/bin/db2convert, /opt/IBM/db2/V10.5.6/bin/db2cmnclp, /opt/IBM/db2/V10.5.6/bin/db2cos, /opt/IBM/db2/V10.5.6/bin/db2cos_trap,

/opt/IBM/db2/V10.5.6/bin/db2cluster, /opt/IBM/db2/V10.5.6/bin/db2cli, /opt/IBM/db2/V10.5.6/bin/db2ckupgrade64_exe, /opt/IBM/db2/V10.5.6/bin/db2cos_threshold, /opt/IBM/db2/V10.5.6/bin/db2ckupgrade, /opt/IBM/db2/V10.5.6/bin/db2cos_clp, /opt/IBM/db2/V10.5.6/bin/db2_ps, /opt/IBM/db2/V10.5.6/bin/db2ckupgrade32_exe, /opt/IBM/db2/V10.5.6/bin/db2ckrst, /opt/IBM/db2/V10.5.6/bin/db2cklog, /opt/IBM/db2/V10.5.6/bin/db2ckbkp, /opt/IBM/db2/V10.5.6/bin/db2_local_ps, /opt/IBM/db2/V10.5.6/bin/db2cos_hang, /opt/IBM/db2/V10.5.6/bin/db2cos_preupgrade, /opt/IBM/db2/V10.5.6/bin/db2cfimp, /opt/IBM/db2/V10.5.6/bin/db2cfexp, /opt/IBM/db2/V10.5.6/bin/db2cat, /opt/IBM/db2/V10.5.6/bin/db2caem, /opt/IBM/db2/V10.5.6/bin/db2cos_datacorruption, /opt/IBM/db2/V10.5.6/bin/dart_all, /opt/IBM/db2/V10.5.6/bin/db2bp, /opt/IBM/db2/V10.5.6/bin/db2bfd, /opt/IBM/db2/V10.5.6/bin/db2batch, /opt/IBM/db2/V10.5.6/bin/db2advis, /opt/IBM/db2/V10.5.6/bin/db2latchtrace,

/opt/IBM/db2/V10.5.6/bin/db2val, /opt/IBM/db2/V10.5.6/bin/db2updv105, /opt/IBM/db2/V10.5.6/bin/db2untag, /opt/IBM/db2/V10.5.6/bin/db2ts, /opt/IBM/db2/V10.5.6/bin/db2cos_member, /opt/IBM/db2/V10.5.6/bin/db2iauto, /opt/IBM/db2/V10.5.6/bin/db2nkill, /opt/IBM/db2/V10.5.6/bin/db2nps,

/opt/IBM/db2/V10.5.6/instance/native/install/db2prereqcheck /opt/IBM/db2/V10.5.6/bin/db2fs, /opt/IBM/db2/V10.5.6/bin/db2jdbcbind, /opt/IBM/db2/V10.5.6/bin/db2_kill, /opt/IBM/db2/V10.5.6/bin/db2_all,

/opt/IBM/db2/V10.5.6/bin/db2rc, /opt/IBM/db2/V10.5.6/bin/ipclean, /opt/IBM/db2/V10.5.6/bin/db2, /opt/IBM/db2/V10.5.6/bin/db2top, /opt/IBM/db2/V10.5.6/bin/db2support, /opt/IBM/db2/V10.5.6/bin/db2sampl, /opt/IBM/db2/V10.5.6/bin/db2relocatedb, /opt/IBM/db2/V10.5.6/bin/db2rbind,

/opt/IBM/db2/V10.5.6/bin/db2mtrk, /opt/IBM/db2/V10.5.6/bin/db2move, /opt/IBM/db2/V10.5.6/bin/db2lspwd, /opt/IBM/db2/V10.5.6/bin/db2look,

/opt/IBM/db2/V10.5.6/bin/db2inspf, /opt/IBM/db2/V10.5.6/bin/db2haicu, /opt/IBM/db2/V10.5.6/bin/db2greg, /opt/IBM/db2/V10.5.6/bin/db2fodc,

/opt/IBM/db2/V10.5.6/bin/db2fmd, /opt/IBM/db2/V10.5.6/bin/db2fmcu, /opt/IBM/db2/V10.5.6/bin/db2fmcd, /opt/IBM/db2/V10.5.6/bin/db2fm,

/opt/IBM/db2/V10.5.6/bin/db2flsn, /opt/IBM/db2/V10.5.6/bin/db2fedgentf, /opt/IBM/db2/V10.5.6/bin/db2expln, /opt/IBM/db2/V10.5.6/bin/db2exmig,

/opt/IBM/db2/V10.5.6/bin/db2exfmt, /opt/IBM/db2/V10.5.6/bin/db2evtbl, /opt/IBM/db2/V10.5.6/bin/db2evmon, /opt/IBM/db2/V10.5.6/bin/db2empfa,

/opt/IBM/db2/V10.5.6/bin/db2diag, /opt/IBM/db2/V10.5.6/bin/db2dclgn, /opt/IBM/db2/V10.5.6/bin/db2convert, /opt/IBM/db2/V10.5.6/bin/db2cmnclp,

/opt/IBM/db2/V10.5.6/bin/db2cluster, /opt/IBM/db2/V10.5.6/bin/db2cli, /opt/IBM/db2/V10.5.6/bin/db2ckupgrade64_exe,

/opt/IBM/db2/V10.5.6/bin/db2ckupgrade32_exe, /opt/IBM/db2/V10.5.6/bin/db2ckrst, /opt/IBM/db2/V10.5.6/bin/db2cklog, /opt/IBM/db2/V10.5.6/bin/db2ckbkp,

/opt/IBM/db2/V10.5.6/bin/db2cfimp, /opt/IBM/db2/V10.5.6/bin/db2cfexp, /opt/IBM/db2/V10.5.6/bin/db2cat, /opt/IBM/db2/V10.5.6/bin/db2caem,

/opt/IBM/db2/V10.5.6/bin/db2bp, /opt/IBM/db2/V10.5.6/bin/db2bfd, /opt/IBM/db2/V10.5.6/bin/db2batch, /opt/IBM/db2/V10.5.6/bin/db2advis,

/opt/IBM/db2/V10.5.6/bin/db2val, /opt/IBM/db2/V10.5.6/bin/db2updv105, /opt/IBM/db2/V10.5.6/bin/db2untag, /opt/IBM/db2/V10.5.6/bin/db2ts,

/opt/IBM/db2/V10.5.6/instance/native/install/db2prereqcheck

Sample sudo -l (non-root installs) practicing injection prevention– No Wildcarding sudo Mon Jan 25 06:15:31 EST 2016 serverxx samp01 SAMPDB

/db2home/db2instx=> sudo -l

User db2instx may run the following commands on this host:

(ALL) NOPASSWD: /usr/bin/getsadata, /bin/rm -rf /tmp/*serverxx*, /bin/cat /tmp/db2icrt*, /bin/rm /tmp/db2icrt*, /usr/bin/addrgmbr, /usr/bin/addrpnode,

/usr/bin/cfgsamadapter, /usr/sbin/rsct/bin/chequ, /usr/sbin/rsct/bin/chrel, /usr/sbin/rsct/bin/chrg, /usr/sbin/rsct/bin/chrgmbr,

/usr/sbin/rsct/bin/chrsrc, /usr/sbin/rsct/bin/lsequ, /usr/sbin/rsct/bin/lsrel, /usr/sbin/rsct/bin/lsrg, /usr/sbin/rsct/bin/lsrgreq,

/usr/sbin/rsct/bin/lsrpdomain, /usr/sbin/rsct/bin/lsrpnode, /usr/sbin/rsct/bin/lsrsrc, /usr/sbin/rsct/bin/lssam, /usr/sbin/rsct/bin/lssamctrl,

/usr/bin/lssrc, /usr/sbin/rsct/bin/mkequ, /usr/sbin/rsct/bin/mkrel, /usr/sbin/rsct/bin/mkrg, /usr/sbin/rsct/bin/mkrpdomain, /usr/sbin/rsct/bin/mkrsrc,

/usr/sbin/rsct/bin/pidmon, /usr/sbin/rsct/bin/preprpnode, /usr/sbin/rsct/bin/resetrsrc, /usr/sbin/rsct/bin/rgmbrreq, /usr/sbin/rsct/bin/rgreq,

/usr/sbin/rsct/bin/rmequ, /usr/sbin/rsct/bin/rmrel, /usr/sbin/rsct/bin/rmrg, /usr/sbin/rsct/bin/rmrgmbr, /usr/sbin/rsct/bin/rmrpdomain,

/usr/sbin/rsct/bin/rmrpnode, /usr/sbin/rsct/bin/rmrsrc, /usr/sbin/rsct/bin/runact, /usr/bin/samadapter, /usr/sbin/rsct/bin/samctrl,

/usr/sbin/rsct/bin/samdiag, /usr/sbin/rsct/bin/samlicm, /usr/sbin/rsct/bin/samlog, /usr/sbin/rsct/bin/sampolicy, /usr/sbin/rsct/bin/samsimul,

/usr/sbin/rsct/bin/startrpdomain, /usr/sbin/rsct/bin/startrpnode, /usr/sbin/rsct/bin/startrsrc, /usr/sbin/rsct/bin/stoprpdomain,

/usr/sbin/rsct/bin/stoprpnode, /usr/sbin/rsct/bin/stoprsrc, /bin/rm /tmp/*sa_data.tar.gz, /usr/bin/tail -f /tmp/db2icrt*, /bin/chmod 644 /tmp/db2*.log*,

/bin/chmod 644 /tmp/db2*.trc*, /utility/scripts/getsadata/getsadata, /utility/scripts/getsadata/db2tsacheck, /bin/cat /var/log/messages, /usr/bin/rpttr

-odtic /var/ct/*domain*/log/mc/IBM.RecoveryRM/trace_summary, /bin/chmod 644 /tmp/trace.out, /usr/sbin/sar 26 (db2instx) NOPASSWD: ALL

(ALL) NOPASSWD: /usr/local/scripts/rpttr.sh

(ALL) NOPASSWD: /opt/IBM/db2/V10.5.5/instance/dasupdt, /opt/IBM/db2/V10.5.5/instance/dasmigr, /opt/IBM/db2/V10.5.5/instance/dasdrop,

/opt/IBM/db2/V10.5.5/instance/db2ilist, /opt/IBM/db2/V10.5.5/instance/db2iauto, /opt/IBM/db2/V10.5.5/instance/db2ckupgrade,

/opt/IBM/db2/V10.5.5/instance/db2iupgrade, /opt/IBM/db2/V10.5.5/instance/db2iupdt, /opt/IBM/db2/V10.5.5/instance/db2idrop,

/opt/IBM/db2/V10.5.5/instance/db2icrt, /opt/IBM/db2/V10.5.5/bin/db2help, /opt/IBM/db2/V10.5.5/bin/db2ilist, /opt/IBM/db2/V10.5.5/bin/clpplus,

/opt/IBM/db2/V10.5.5/bin/db2cos_perf, /opt/IBM/db2/V10.5.5/bin/db2cos_hadr, /opt/IBM/db2/V10.5.5/bin/db2cos, /opt/IBM/db2/V10.5.5/bin/db2cos_trap,

/opt/IBM/db2/V10.5.5/bin/db2cos_threshold, /opt/IBM/db2/V10.5.5/bin/db2ckupgrade, /opt/IBM/db2/V10.5.5/bin/db2cos_clp, /opt/IBM/db2/V10.5.5/bin/db2_ps,

/opt/IBM/db2/V10.5.5/bin/db2_local_ps, /opt/IBM/db2/V10.5.5/bin/db2cos_hang, /opt/IBM/db2/V10.5.5/bin/db2cos_preupgrade,

/opt/IBM/db2/V10.5.5/bin/db2cos_datacorruption, /opt/IBM/db2/V10.5.5/bin/dart_all, /opt/IBM/db2/V10.5.5/bin/db2latchtrace,

/opt/IBM/db2/V10.5.5/bin/db2cos_member, /opt/IBM/db2/V10.5.5/bin/db2iauto, /opt/IBM/db2/V10.5.5/bin/db2nkill, /opt/IBM/db2/V10.5.5/bin/db2nps,

/opt/IBM/db2/V10.5.5/bin/db2fs, /opt/IBM/db2/V10.5.5/bin/db2jdbcbind, /opt/IBM/db2/V10.5.5/bin/db2_kill, /opt/IBM/db2/V10.5.5/bin/db2_all,

/opt/IBM/db2/V10.5.5/bin/db2rc, /opt/IBM/db2/V10.5.5/bin/ipclean, /opt/IBM/db2/V10.5.5/bin/db2, /opt/IBM/db2/V10.5.5/bin/db2top,

/opt/IBM/db2/V10.5.5/bin/db2support, /opt/IBM/db2/V10.5.5/bin/db2sampl, /opt/IBM/db2/V10.5.5/bin/db2relocatedb, /opt/IBM/db2/V10.5.5/bin/db2rbind,

/opt/IBM/db2/V10.5.5/bin/db2mtrk, /opt/IBM/db2/V10.5.5/bin/db2move, /opt/IBM/db2/V10.5.5/bin/db2lspwd, /opt/IBM/db2/V10.5.5/bin/db2look,

/opt/IBM/db2/V10.5.5/bin/db2inspf, /opt/IBM/db2/V10.5.5/bin/db2haicu, /opt/IBM/db2/V10.5.5/bin/db2greg, /opt/IBM/db2/V10.5.5/bin/db2fodc,

/opt/IBM/db2/V10.5.5/bin/db2fmd, /opt/IBM/db2/V10.5.5/bin/db2fmcu, /opt/IBM/db2/V10.5.5/bin/db2fmcd, /opt/IBM/db2/V10.5.5/bin/db2fm,

/opt/IBM/db2/V10.5.5/bin/db2flsn, /opt/IBM/db2/V10.5.5/bin/db2fedgentf, /opt/IBM/db2/V10.5.5/bin/db2expln, /opt/IBM/db2/V10.5.5/bin/db2exmig,

/opt/IBM/db2/V10.5.5/bin/db2exfmt, /opt/IBM/db2/V10.5.5/bin/db2evtbl, /opt/IBM/db2/V10.5.5/bin/db2evmon, /opt/IBM/db2/V10.5.5/bin/db2empfa,

/opt/IBM/db2/V10.5.5/bin/db2diag, /opt/IBM/db2/V10.5.5/bin/db2dclgn, /opt/IBM/db2/V10.5.5/bin/db2convert, /opt/IBM/db2/V10.5.5/bin/db2cmnclp,

/opt/IBM/db2/V10.5.5/bin/db2cluster, /opt/IBM/db2/V10.5.5/bin/db2cli, /opt/IBM/db2/V10.5.5/bin/db2ckupgrade64_exe,

/opt/IBM/db2/V10.5.5/bin/db2ckupgrade32_exe, /opt/IBM/db2/V10.5.5/bin/db2ckrst, /opt/IBM/db2/V10.5.5/bin/db2cklog, /opt/IBM/db2/V10.5.5/bin/db2ckbkp,

/opt/IBM/db2/V10.5.5/bin/db2cfimp, /opt/IBM/db2/V10.5.5/bin/db2cfexp, /opt/IBM/db2/V10.5.5/bin/db2cat, /opt/IBM/db2/V10.5.5/bin/db2caem,

/opt/IBM/db2/V10.5.5/bin/db2bp, /opt/IBM/db2/V10.5.5/bin/db2bfd, /opt/IBM/db2/V10.5.5/bin/db2batch, /opt/IBM/db2/V10.5.5/bin/db2advis,

/opt/IBM/db2/V10.5.5/bin/db2val, /opt/IBM/db2/V10.5.5/bin/db2updv105, /opt/IBM/db2/V10.5.5/bin/db2untag, /opt/IBM/db2/V10.5.5/bin/db2ts,

/opt/IBM/db2/V10.5.5/instance/native/install/db2prereqcheck

(ALL) NOPASSWD: /opt/IBM/db2/V10.5.6/instance/dasupdt, /opt/IBM/db2/V10.5.6/instance/dasmigr, /opt/IBM/db2/V10.5.6/instance/dasdrop,

/opt/IBM/db2/V10.5.6/instance/db2ilist, /opt/IBM/db2/V10.5.6/instance/db2iauto, /opt/IBM/db2/V10.5.6/instance/db2ckupgrade,

/opt/IBM/db2/V10.5.6/instance/db2iupgrade, /opt/IBM/db2/V10.5.6/instance/db2iupdt, /opt/IBM/db2/V10.5.6/instance/db2idrop,

/opt/IBM/db2/V10.5.6/instance/db2icrt, /opt/IBM/db2/V10.5.6/bin/db2help, /opt/IBM/db2/V10.5.6/bin/db2ilist, /opt/IBM/db2/V10.5.6/bin/clpplus,

/opt/IBM/db2/V10.5.6/bin/db2cos_perf, /opt/IBM/db2/V10.5.6/bin/db2cos_hadr, /opt/IBM/db2/V10.5.6/bin/db2cos, /opt/IBM/db2/V10.5.6/bin/db2cos_trap,

/opt/IBM/db2/V10.5.6/bin/db2cos_threshold, /opt/IBM/db2/V10.5.6/bin/db2ckupgrade, /opt/IBM/db2/V10.5.6/bin/db2cos_clp, /opt/IBM/db2/V10.5.6/bin/db2_ps,

/opt/IBM/db2/V10.5.6/bin/db2_local_ps, /opt/IBM/db2/V10.5.6/bin/db2cos_hang, /opt/IBM/db2/V10.5.6/bin/db2cos_preupgrade,

/opt/IBM/db2/V10.5.6/bin/db2cos_datacorruption, /opt/IBM/db2/V10.5.6/bin/dart_all, /opt/IBM/db2/V10.5.6/bin/db2latchtrace,

/opt/IBM/db2/V10.5.6/bin/db2cos_member, /opt/IBM/db2/V10.5.6/bin/db2iauto, /opt/IBM/db2/V10.5.6/bin/db2nkill, /opt/IBM/db2/V10.5.6/bin/db2nps,

/opt/IBM/db2/V10.5.6/bin/db2fs, /opt/IBM/db2/V10.5.6/bin/db2jdbcbind, /opt/IBM/db2/V10.5.6/bin/db2_kill, /opt/IBM/db2/V10.5.6/bin/db2_all,

/opt/IBM/db2/V10.5.6/bin/db2rc, /opt/IBM/db2/V10.5.6/bin/ipclean, /opt/IBM/db2/V10.5.6/bin/db2, /opt/IBM/db2/V10.5.6/bin/db2top,

/opt/IBM/db2/V10.5.6/bin/db2support, /opt/IBM/db2/V10.5.6/bin/db2sampl, /opt/IBM/db2/V10.5.6/bin/db2relocatedb, /opt/IBM/db2/V10.5.6/bin/db2rbind,

/opt/IBM/db2/V10.5.6/bin/db2mtrk, /opt/IBM/db2/V10.5.6/bin/db2move, /opt/IBM/db2/V10.5.6/bin/db2lspwd, /opt/IBM/db2/V10.5.6/bin/db2look,

/opt/IBM/db2/V10.5.6/bin/db2inspf, /opt/IBM/db2/V10.5.6/bin/db2haicu, /opt/IBM/db2/V10.5.6/bin/db2greg, /opt/IBM/db2/V10.5.6/bin/db2fodc,

/opt/IBM/db2/V10.5.6/bin/db2fmd, /opt/IBM/db2/V10.5.6/bin/db2fmcu, /opt/IBM/db2/V10.5.6/bin/db2fmcd, /opt/IBM/db2/V10.5.6/bin/db2fm,

/opt/IBM/db2/V10.5.6/bin/db2flsn, /opt/IBM/db2/V10.5.6/bin/db2fedgentf, /opt/IBM/db2/V10.5.6/bin/db2expln, /opt/IBM/db2/V10.5.6/bin/db2exmig,

/opt/IBM/db2/V10.5.6/bin/db2exfmt, /opt/IBM/db2/V10.5.6/bin/db2evtbl, /opt/IBM/db2/V10.5.6/bin/db2evmon, /opt/IBM/db2/V10.5.6/bin/db2empfa,

/opt/IBM/db2/V10.5.6/bin/db2diag, /opt/IBM/db2/V10.5.6/bin/db2dclgn, /opt/IBM/db2/V10.5.6/bin/db2convert, /opt/IBM/db2/V10.5.6/bin/db2cmnclp,

/opt/IBM/db2/V10.5.6/bin/db2cluster, /opt/IBM/db2/V10.5.6/bin/db2cli, /opt/IBM/db2/V10.5.6/bin/db2ckupgrade64_exe,

/opt/IBM/db2/V10.5.6/bin/db2ckupgrade32_exe, /opt/IBM/db2/V10.5.6/bin/db2ckrst, /opt/IBM/db2/V10.5.6/bin/db2cklog, /opt/IBM/db2/V10.5.6/bin/db2ckbkp,

/opt/IBM/db2/V10.5.6/bin/db2cfimp, /opt/IBM/db2/V10.5.6/bin/db2cfexp, /opt/IBM/db2/V10.5.6/bin/db2cat, /opt/IBM/db2/V10.5.6/bin/db2caem,

/opt/IBM/db2/V10.5.6/bin/db2bp, /opt/IBM/db2/V10.5.6/bin/db2bfd, /opt/IBM/db2/V10.5.6/bin/db2batch, /opt/IBM/db2/V10.5.6/bin/db2advis,

/opt/IBM/db2/V10.5.6/bin/db2val, /opt/IBM/db2/V10.5.6/bin/db2updv105, /opt/IBM/db2/V10.5.6/bin/db2untag, /opt/IBM/db2/V10.5.6/bin/db2ts,

/opt/IBM/db2/V10.5.6/instance/native/install/db2prereqcheck

Your trusty DB2 LUW Get Out of Jail Free card

sudo /opt/IBM/DB2/V10.5.*/instance/db2iupdt -u samp01f samp01

27 Attend Session A14 DB2 Security Best Practices: Protecting your system from the Legions of Doom

Session Number: 3199

Track: DB2 for z/OS - I

Primary Presenter: Dave Beulke [Dave Beulke and Associates]

Room(s)/Time(s):

Trinity A => Thu, May 26, 2016 (08:00 AM - 09:00 AM)

28 DBADM provides explicit create schema privilege needed for configuring IBM SPSS Collaboration & Deployment Services Repository. Requirements for DB2 for the SPSS C&DS install:

Database permissions The user must have the following general database permissions to configure and start IBM SPSS Collaboration and Deployment Services Repository: Authorities:  CREATE SESSION

 CREATE TABLE  BINDADD  DROP TABLE  CONNECT  CREATE VIEW  CREATETAB  DROP VIEW  CREATE_EXTERNAL_ROUTINE  CREATE_NOT_FENCED_ROUTINE  CREATE FUNCTION  DATAACCESS  CREATE PROCEDURE  EXPLAIN  SELECT  IMPLICIT_SCHEMA  INSERT  DBADM  UPDATE

 DELETE  EXECUTE  PROCEDURE 29

Remember to change the DB2 fenced id too serverxx samp01 SAMPDB /db2home/samp01=> hostname ; date ; db2caem -d SAMPDB -o /db2home/$DB2INSTANCE -tbspname TSOPERATIONS -sf select1. ; ls -latr

Thu Apr 16 08:39:42 EST 2016 ______D B 2 C A E M _____ DB2 Capture Activity Event Monitor data tool I B M The DB2CAEM Tool is a utility for capturing the activity event monitor data with details, section and values, as well as actuals. ______DBT7041I "db2caem": The db2caem utility is connecting to the following database: "SAMPDB". DBT7038I "db2caem": The db2caem utility successfully connected to the following database: "SAMPDB". DBT7042I "db2caem": The SQL statement "select 1 from sysibm.sysdummy1 for read only with ur" is being issued. DBT7043I "db2caem": The db2caem utility is disconnecting from the following database: "SAMPDB". DBT7039I "db2caem": The db2caem utility successfully disconnected from the following database: "SAMPDB". DBT7000I db2caem completed. Output path: "/db2home/samp01/DB2CAEM_2016-01-28-08.39.42.349110". drwxr-xr-x 3 samp01 db2grpxx 256 Jan 28 08:39 DB2CAEM_2016-01-28-08.39.42.349110 serverxx samp01 SAMPDB /db2home/samp01=> cd DB2CAEM_2016-01-28-08.39.42.349110 serverxx samp01 SAMPDB /db2home/samp01/DB2CAEM_2016-01-28-08.39.42.349110=> lll No Arguments total 40 drwxr-xr-x 9 samp01 db2grpxx 4096 Jan 28 08:39 .. -rw-r----- 1 samp01f db2grpxx 76 Jan 28 08:39 db2caem_options.in -rw-r----- 1 samp01f db2grpxx 2054 Jan 28 08:39 db2caem.log -rw-r----- 1 samp01f db2grpxx 3845 Jan 28 08:39 db2caem.exfmt.1 drwxr-xr-x 3 samp01f db2grpxx 256 Jan 28 08:39 . drwxrwxrwx 2 samp01f db2grpxx 4096 Jan 28 08:39 EXPORTS 30 Remember to change the DB2 fenced id too serverxx samp01 SAMPDB /db2home/samp01/DB2CAEM_2016-01-28-08.39.42.349110=> cd EXPORTS serverxx samp01 SAMPDB /db2home/samp01/DB2CAEM_2016-04-13-11.47.55.290323/EXPORTS=> ls -latr No Arguments total 336 drwxr-xr-x 3 samp01 db2grpxx 256 Apr 13 2016 .. -rw-r----- 1 samp01f db2grpxx 11829 Apr 13 2016 activity_details_xml.stmt1.001.lob -rw-r----- 1 samp01f db2grpxx 2810 Apr 13 2016 activity_details_xml.stmt1.ixf -rw-r----- 1 samp01f db2grpxx 12093 Apr 13 2016 activity_all_lob.stmt1.001.lob -rw-r----- 1 samp01f db2grpxx 84448 Apr 13 2016 activity_all.stmt1.ixf -rw-r----- 1 samp01f db2grpxx 5180 Apr 13 2016 activitystmt_all_lob.stmt1.001.lob -rw-r----- 1 samp01f db2grpxx 30400 Apr 13 2016 activitystmt_all.stmt1.ixf drwxrwxrwx 2 samp01 db2grpxx 4096 Apr 13 2016 . -rw-r----- 1 samp01f db2grpxx 12237 Apr 13 2016 activityvals_all.stmt1.ixf

31

31 As a Matter of Fact . . .

• Security Always Matters • Veracity Always Matters • Backups & Log Health Always Mattera • Uptime Always Matters • Performance Always Matters • Value to the Business Always Matters

32 Alerts are Requisite. . .

Scrape your db2diag.log

Scrape your .nfy log

• Send alert on ssh failures & security breaches to Security team ! • (3rd party tools are notorious for false security alerts during usual vulnerability testing) • Ensure alerts are sent to Security team not your DBA team ! • Alerts on password failures . . . Scrape your db2diag.log • Avoid local accounts on the servers

33

33 Establish Alert Mechanisms

with crontab scripts or 3rd part vendor products such as SCOM™(report), DBI Brother-Hawk™(report, act), etc

• Server down /instance down • Establish alerts on db2diag.log &

34

34 As a Matter of Fact . . .

• Security Always Matters • Veracity Always Matters • Backups & Log Health Always Matters • Uptime Always Matters • Performance Always Matters • Value to the Business Always Matters

35 For starters, active/mirror logs 20-40g each:

Archive logs double-or- triple the active/mirror logs Start with 40-120g df –g | grep db2 or df –h | grep db2 :

/dev/mapset/vg_sdb-lv_mlogsampdb 20G 281M 19G 2% /db2mlog/samp01/SAMPDB /dev/mapset/vg_sdb-lv_alogsampdb 20G 19G 263M 99% /db2alog/samp01/SAMPDB /dev/mapset/vg_sdb-lv_plogsampdb 20G 281M 19G 2% /db2plog/samp01/SAMPDB

Preparation is Key

TIP: For Landed & Cloud Servers, hold backups/logs 14 days max Avoid NFS Shared file system mounts for DB2 HADR shared server backups Use OCFS2 (Oracle Cluster File System Version 2) instead (Due to monthly/frequent server upgrades/issues)

36 Create and send Monitoring Alerts

db2diag.log scrapes needed 2016-04-09-12.49.43.997290-240 I12428546E559 LEVEL: Severe 2016-04-09-12.49.43.997966-240 I12429106E1251 LEVEL: Warning PID : 29659 TID : 47956979869440 PROC : db2sysc 0 PID : 29659 TID : 47956979869440 PROC : db2sysc 0 INSTANCE: db2inst1 NODE : 000 DB : XMETA INSTANCE: db2inst1 NODE : 000 DB : XMETA APPHDL : 0-94 APPID: *LOCAL.DB2.150409164448 APPHDL : 0-94 APPID: *LOCAL.DB2.150409164448 HOSTNAME: frun5529 HOSTNAME: frun5529 EDUID : 39 EDUNAME: db2agent (XMETA) 0 EDUID : 39 EDUNAME: db2agent (XMETA) 0 FUNCTION: DB2 UDB, base sys utilities, sqeLocalDatabase::TermDbConnect, FUNCTION: DB2 UDB, base sys utilities, sqeApplication::AppStopUsing, probe:12127 probe:6934 MESSAGE : Database is being forced to shut down. ID of force db shutdown agent MESSAGE : ZRC=0x8610000D=-2045771763=SQLP_BADLOG "Log File cannot is: be used" DATA #1 : unsigned integer, 4 bytes DIA8414C Logging can not continue due to an error. 108 CALLSTCK: (Static functions may not be resolved correctly, as they are resolved to the nearest symbol) [0] 0x00002B9DC0203538 _ZN16sqeLocalDatabase13TermDbConnectEP8sqeAgentP5sqlcai + 0x1DE8 [1] 0x00002B9DC0194996 _ZN14sqeApplication12AppStopUsingEP8sqeAgenthP5sqlca + 0xBD6 [2] 0x00002B9DC0169B11 /db2home/samp01/sqllib/lib64/libdb2e.so.1 + 0x3C28B11 [3] 0x00002B9DC016820C _Z26sqleIndCoordProcessRequestP8sqeAgent + 0x29C [4] 0x00002B9DC01778D6 _ZN8sqeAgent6RunEDUEv + 0x2B6 [5] 0x00002B9DC16D7344 _ZN9sqzEDUObj9EDUDriverEv + 0xF4 [6] 0x00002B9DC0F32D05 sqloEDUEntry + 0x2F5 [7] 0x00002B9DBC32B806 /lib64/libpthread.so.0 + 0x7806 37 [8] 0x00002B9DC9908E8D clone + 0x6D

2016-04-09-12.49.44.082736-240 I12436395E547 LEVEL: Severe PID : 29659 TID : 47956979869440 PROC : db2sysc 0 INSTANCE: db2inst1 NODE : 000 DB : XMETA APPHDL : 0-94 APPID: *LOCAL.DB2.150409164448 HOSTNAME: frun5529 EDUID : 39 EDUNAME: db2agent (XMETA) 0 FUNCTION: DB2 UDB, oper system services, sqlogctGlobalInit, probe:5 RETCODE : ZRC=0x8610000D=-2045771763=SQLP_BADLOG "Log File cannot be used" DIA8414C Logging can not continue due to an error.

Create and send Monitoring Alert for backup failures

SQL based alert or db2diag.log scrapes needed

SELECT 'SAMPDB' AS DBNAME , dbpartitionnum, DATE(CAST(START_TIME AS TIMESTAMP)) AS START_DATE, DATE(CAST(END_TIME AS TIMESTAMP)) AS END_DATE, TIME(CAST(START_TIME AS TIMESTAMP)) AS START_TIME, TIME(CAST(END_TIME AS TIMESTAMP)) AS END_TIME, TIMESTAMPDIFF (4, CHAR(TIMESTAMP(END_TIME)- TIMESTAMP(START_TIME))) AS DURATION_MINUTES , TIMESTAMPDIFF (8, CHAR(TIMESTAMP(END_TIME)- TIMESTAMP(START_TIME))) AS DURATION_HOURS , SQLSTATE , SUBSTR(FIRSTLOG,1,8) AS FIRSTLOG, SUBSTR(LASTLOG,1,8) AS LASTLOG, DECODE (OPERATIONTYPE, 'D', 'Delta Offline', 'E', 'Delta Online', 'F', 'Offline', 'I', 'Incr Offline', 'N', 'Full Online', 'O', 'Incr Online') AS BACKUP_TYPE, DECODE (SQLCODE, NULL, SUBSTR(LOCATION, 1,38) , SUBSTR(CHAR(SQLCODE), 1,7)) AS SQLCODE FROM SYSIBMADM.DB_HISTORY WHERE OPERATION = 'B' and TIMESTAMP(END_TIME) > CURRENT_TIMESTAMP - 30 DAYS ORDER BY START_DATE, START_TIME WITH UR

DBNAME DBPARTITIONNUM START_DATE END_DATE START_TIME END_TIME DURATION_MINUTES DURATION_HOURS SQLSTATE FIRSTLOG LASTLOG BACKUP_TYPE SQLCODE ------SAMPDB 0 07/07/2016 07/07/2016 08:08:27 08:17:32 9 0 S0146109 S0146110 Full Online -2428 SAMPDB 2 07/07/2016 07/07/2016 08:08:27 08:17:33 9 0 S0013957 S0013957 Full Online -2001 SAMPDB 1 07/07/2016 07/07/2016 08:08:27 08:17:32 9 0 S0013343 S0013343 Full Online -2001

SAMPDB 0 07/07/2016 07/07/2016 08:41:47 08:49:25 7 0 - S0146110 S0146111 Full Online /usr/openv/backup/bin/nbdb2.sl64 SAMPDB 2 07/07/2016 07/07/2016 08:41:47 08:49:25 7 0 - S0013958 S0013958 Full Online /usr/openv/backup/bin/nbdb2.sl64 SAMPDB 1 07/07/2016 07/07/2016 08:41:47 08:49:25 7 0 - S0013344 S0013344 Full Online /usr/openv/backup/bin/nbdb2.sl64

6 record(s) selected. 38

Create and send Monitoring Alerts

db2diag.log scrapes needed

2016-08-24-14.49.39.386077-240 E679123E681 LEVEL: Error PID : 9257 TID : 139684168591104 PROC : db2sysc 0 INSTANCE: samp01 NODE : 000 DB : SAMPDB HOSTNAME: serverxx EDUID : 200 EDUNAME: db2logmgr (SAMPDB) 0 FUNCTION: DB2 UDB, data protection services, sqlpgArchiveLogFile, probe:3160 MESSAGE : ZRC=0x870F0011=-2029060079=SQLO_PATH "an invalid path" DIA8514C An invalid file path, "", was specified. DATA #1 : Failed to archive log file S0012910.LOG to /db2alog/samp01/SAMPDB/NODE0000/LOGSTREAM0000/C0000000/ from /db2mlog/samp01/SAMPDB/NODE0000/LOGSTREAM0000

39 As a Matter of Fact . . .

• Security Always Matters • Veracity Always Matters • Backups & Log Health Always Matters • Uptime Always Matters • Performance Always Matters • Value to the Business Always Matters

40 Setup for DB2 HADR Check for Memory and SWAP - Same Size ! AIX db2pd -db -osinfo | grep -ip swap

/db2home/samp01=> db2pd -db -osinfo | grep -ip swap

Physical Memory and Swap (Megabytes): TotalMem FreeMem AvailMem TotalSwap FreeSwap 20480 7057 n/a 8192 8169 Healthy AIX

/db2home/samp01=> db2pd -db -osinfo | egrep 'Physical Memory and Swap|TotalMem|n/a 8192' Physical Memory and Swap (Megabytes): TotalMem FreeMem AvailMem TotalSwap FreeSwap 20480 1057 n/a 8192 2169 Un-Healthy AIX

41 Build monitoring alert for swap memory Linux | vmstat 1 5 & cat /proc/swaps

[root@serverxx /]# vmstat 1 5 Un-Healthy LINUX procs ------memory------swap------io------system------cpu----- r b swpd free buff cache si so bi bo in cs us sy id wa st 0 0 1048568 252040 357520 5640804 0 0 2 6 1 1 4 3 93 0 0 0 0 1048568 252032 357520 5640804 0 0 0 0 581 1192 0 0 100 0 0 0 0 1048568 251908 357528 5640804 0 0 0 24 573 1182 0 0 100 0 0 0 0 1048568 251964 357536 5640804 0 0 0 56 585 1183 0 0 100 0 0 0 0 1048568 251964 357536 5640804 0 0 0 20 552 1159 0 0 100 0 0

[root@serverxx /]# vmstat procs ------memory------swap------io------system------cpu----- r b swpd free buff cache si so bi bo in cs us sy id wa st 1 0 1048568 252856 357552 5640820 0 0 2 6 1 1 4 3 93 0 0

[root@serverxx /]# cat /proc/swaps Un-Healthy LINUX Filename Type Size Used Priority /dev/dm-0 1048568 1048552 0

42 Build monitoring alerts for swap memory Linux | vmstat 1 5 & cat /proc/swaps serverxx samp01 XMETA /db2home/db2instx=> vmstat 1 5 Healthy LINUX procs ------memory------swap------io---- -system------cpu------r b swpd free buff cache si so bi bo in cs us sy id wa st 0 0 4532 2635336 807200 12477800 0 0 12 43 4 7 24 1 75 0 0 0 0 4532 2635552 807200 12477836 0 0 0 16 550 834 4 3 94 0 0 0 0 4532 2647860 807200 12477856 0 0 25 2262 1193 2063 5 2 92 1 0 1 0 4532 2648180 807200 12477880 0 0 0 456 383 568 0 0 100 0 0 1 0 4532 2643232 807208 12477872 0 0 0 36 2167 2644 18 8 73 0 0

serverxx samp01 XMETA /db2home/db2instx=> cat /proc/swaps Healthy LINUX Filename Type Size Used Priority /dev/dm-2 partition 8392700 4532 -1

43 Build Monitoring Alerts for swap memory Linux | free -m serverxx samp01 XMETA /db2home/db2instx=> free -m total used free shared buffers cached Mem: 16081 13176 2905 4164 784 11869 -/+ buffers/cache: 521 15559 Swap: 8195 4 8191 Healthy Linux serverxx samp01 XMETA /db2home/db2instx=> free –m

total used free shared buffers cached Mem: 7830 7583 246 0 349 5508 -/+ buffers/cache: 1726 6103 Swap: 1023 1023 0 Un-Healthy Linux

44 Build Monitoring Alerts for swap memory AIX db2pd -db -osinfo | grep -ip swap

/db2home/db2instx=> db2pd -db -osinfo | grep -ip swap

Physical Memory and Swap (Megabytes): TotalMem FreeMem AvailMem TotalSwap FreeSwap 20480 7057 n/a 8192 8169 Healthy AIX

/db2home/db2instx=> db2pd -db -osinfo | egrep 'Physical Memory and Swap|TotalMem|n/a 8192'

Physical Memory and Swap (Megabytes): TotalMem FreeMem AvailMem TotalSwap FreeSwap 20480 1057 n/a 8192 2169 Un-Healthy AIX

45 Build monitoring alerts for db2diag.log

2016-03-16-14.19.13.941573-300 E22404841A686 LEVEL: Error PID : 21299448 TID : 1543 PROC : db2sysc 0 2016-03-16-14.19.13.977855-300 I22405528A402 LEVEL: Severe INSTANCE: ecmd01 NODE : 000 PID : 21299448 TID : 1543 PROC : db2sysc 0 HOSTNAME: serverxx.geico.net INSTANCE: ecmd01 NODE : 000 EDUID : 1543 EDUNAME: db2ipccm 0 HOSTNAME: serverxx.geico.net FUNCTION: DB2 UDB, oper system services, EDUID : 1543 EDUNAME: db2ipccm 0 sqloEDUSIGDANGERHandler, probe:40 FUNCTION: DB2 UDB, oper system services, MESSAGE : ADM0505E DB2 received a SIGDANGER signal from sqloEDUSIGDANGERHandler, probe:10 the . DATA #1 : String, 42 bytes This signal indicates that the system is running low on SIGDANGER received. Increase paging space paging space.

If the paging space gets too low, the operating system will forcibly terminate user processes. Contact your system administrator to increase your paging space.

46 Build monitoring alerts for db2diag.log

2016-03-22-10.47.45.076090-240 E930512A560 LEVEL: 2016-03-22-10.47.45.076760-240 E931073A693 LEVEL: Warning Warning PID : 10682544 TID : 35145 PROC : db2sysc 0 PID : 10682544 TID : 35145 PROC : db2sysc 0 INSTANCE: edwr01 NODE : 000 DB : COLDB INSTANCE: edwr01 NODE : 000 DB : COLDB APPHDL : 0-8735 APPID: *LOCAL.edwr01.160322144743 APPHDL : 0-8735 APPID: *LOCAL.edwr01.160322144743 AUTHID : EDWR01 HOSTNAME: edwds1 AUTHID : EDWR01 HOSTNAME: edwds1 EDUID : 35145 EDUNAME: db2agent (COLDB) 0 EDUID : 35145 EDUNAME: db2agent (COLDB) 0 FUNCTION: DB2 UDB, data management, sqldLoadTCB, FUNCTION: DB2 UDB, relation data serv, probe:10797 sqlrreorg_inx_cleanup_and_or_reclaim, probe:150 MESSAGE : ADM5572I One or more indexes on table MESSAGE : ADM9513W Online index reorganization on table "EDW_PRM .ERND_PRM_FA" are "EDW_PRM .ERND_PRM_FA" marked invalid and require rebuilding. (ID "4") in table space "*N" (ID "3") found one or more indexes that are marked invalid and cannot proceed until they are rebuilt.

47 Build monitoring alerts for db2diag.log

2016-01-25-22.36.39.191863-300 E8518470A833 LEVEL: Warning PID : 9830576 TID : 50799 PROC : db2sysc 0 INSTANCE: db2inst1 NODE : 000 DB : TPCDB APPHDL : 0-59596 APPID: 10.250.61.141.45489.160126031504 AUTHID : DB2INST1 HOSTNAME: serverxx EDUID : 50799 EDUNAME: db2agent (TPCDB) 0 FUNCTION: DB2 UDB, data management, sqldSetupSQLCA, probe:3 MESSAGE : ADM5570W Access was attempted on an unavailable object with id "3345" in tablespace "6" for table "TRAP.T_RPT_SUBSYSTEM_KEYS". If the object is a table it will have to be dropped. If the object is a partition it will have to be detached. If the object is a non-partitioned index the index will have to be dropped.

48 Build monitoring alerts for db2diag.log (Note: TSAMP automatic failover does not occur)

2016-03-20-18.01.04.132893-240 E20268637E618 2016-03-20-18.01.04.134323-240 I20269256E914 LEVEL: Error LEVEL: Severe PID : 9741 TID : 47232954918656 PROC : db2sysc 0 PID : 9741 TID : 47232954918656 PROC : db2sysc 0 INSTANCE: db2instx NODE : 000 DB : XMETA INSTANCE: db2instx NODE : 000 DB : XMETA APPHDL : 0-4753 APPID: APPHDL : 0-4753 APPID: *LOCAL.db2instx.160320220105 *LOCAL.db2instx.160320220105 AUTHID : db2instx HOSTNAME: serverxx AUTHID : db2instx HOSTNAME: serverxx EDUID : 36 EDUNAME: db2agent (XMETA) 0 EDUID : 36 EDUNAME: db2agent (XMETA) 0 FUNCTION: DB2 UDB, base sys utilities, sqledint, probe:2535 FUNCTION: DB2 UDB, base sys utilities, MESSAGE : SQL1015N The database is in an inconsistent sqeLocalDatabase::FirstConnect, probe:10151 state. DATA #1 : SQLCA, PD_DB2_TYPE_SQLCA, 136 bytes DATA #1 : String, 91 bytes sqlcaid : SQLCA sqlcabc: 136 sqlcode: -1015 sqlerrml: 0 Crash Recovery is needed. sqlerrmc: Issue RESTART DATABASE on this node before issuing this sqlerrp : SQLEDINT command. sqlerrd : (1) 0x00000000 (2) 0x00000000 (3) 0x00000000 (4) 0x00000000 (5) 0x00000000 (6) 0x00000000 sqlwarn : (1) (2) (3) (4) (5) (6) (7) (8) (9) (10) (11) sqlstate: DATA #2 : Boolean, 1 bytes

false 49

Build monitoring alerts for db2diag.log (Note: TSAMP automatic failover can not occur)

2016-04-07-12.44.56.516869-240 I355803E510 LEVEL: Severe PID : 6697 TID : 47758912251648 PROC : db2sysc 0 INSTANCE: db2instx NODE : 000 DB : XMETA HOSTNAME: serverx EDUID : 62 EDUNAME: db2agent (idle) 0 FUNCTION: DB2 UDB, base sys utilities, sqleIndCoordProcessRequest, probe:1100 RETCODE : ZRC=0xFFFFFBF6=-1034 SQL1034C The database is damaged. All applications processing the database have been stopped.

50 More Sample Alert Criteria for crontab scripts or 3rd part vendor products such as SCOM™, DBI Brother-Hawk™, etc

Active DB Log Space Used Filesystem Utilization - Archive Log Files Active log monitoring Number of Long Transactions Filesystem Utilization - Data Files Admin Server/Service Number of Users connections Filesystem Utilization - LogFiles Application Connections used Package Cache Overflows Flash Recovery area viability BACKUPS - Check backup process for excessive durations Process db2sysc not running High I/O counts BACKUPS - Check backup process for Abnormal SQL Codes Runstats Long Duration High I/O Wait Time Bufferpool Hit Ratio Runstats -911 Errors Iostat count monitoring Busy w/ No I/O Server Diagnostics (AIX) - errpt file - (LINUX) dmesg Iostat wait monitoring Connect to DATABASE viability &/var/adm/syslog/syslog.log LINUX - " ps -ef |grep pmon " shows running database instances Context Switching overhead Server Percent Busy Sustained Lock Escalation Monitor - db2diag.log or sysibmadm.snapdb CPU Load Server Up/Down Lock Timeout Counts CPU Utilization Services - Down Lock Wait Counts Crontab running check for instance owner Services - Hung Locks (Total and X Locks) Daily Incremental Backup Space - /backup Disk Space Log Space Used Database Availability Space - /db2alog Disk Space Max Number of Agents Waiting Database Space Allocated Space - /db2home instance Disk Space Max Number of Concurrent Agents Database Space Used Space - /db2mlog Disk Space Memory Utilization (Physical) Database Table/Index Reorg Space - /db2plog Disk Space Memory utilization by DB2 process DB2 HADR Long Log Apply Time Space - /tmp Disk Space Memory utilization by instance DB2 HADR Monitor State SQL Replication Capture monitoring - Event Log DB2 HADR Monitor Heart Beat SQL Replication Log Apply monitor Monitor Application Connections used DB2 HADR Monitor Log Gap SQL Replication Log Capture monitor Monitor for Database High Availability - (HA status ) DB2 HADR STANDBY Database Server Down Swap System utilization - memory Monitor for Database High Availability - (HADR status) DB2 Server Status Swapping Monitor for high percentage of aborted connections db2diag.log scraper (diagnostics log counts ) – LEVEL Severe ; LEVEL Error Table Space Pages Used Monitor for Listener down db2diag.log Deadlocks Table Space State Monitor for long running db2 application threads. Device Up/Down Tablespace Status Monitor for low Buffer Pool Hit Rate Diagnostic Log Filesystem Space Tablespace Utilization Monitor Instance Active Diagnostic Log Size Top 20 processes Monitor Number of Agents Disk 100% Full Transaction Log Filesystem Space Monitor Number of User Connections Extents per Table Transaction log monitor Monitor Number of Users connections Filesystem Usage – Database Engine vmstat monitoring Monitor Server for db2sysc suspected memory Leak Wait Time monitoring 51

Monitor creation of FODC_Trap directories /db2home/$DB2INSTANCE/sqllib/db2dump cd /db2home/$DB2INSTANCE/sqllib/db2dump ; db2support . -alldbs samp01@serverxx db2dump]$ ll total 55836 -rw-rw-rw- 1 samp01 db2grpxx 2447711 Aug 25 03:25 db2diag.log -rw-rw-rw- 1 samp01 db2grpxx 1764779 Aug 24 15:57 db2diag.log_2016-08-24-15.57.24 -rw-rw-rw- 1 samp01 db2grpxx 1897708 Aug 24 18:05 db2diag.log_2016-08-24-18.05.40 -rw-r----- 1 samp01 db2grpxx 6291316 Aug 24 18:10 db2eventlog.000 -rw-rw-rw- 1 samp01 db2grpxx 41639187 Aug 25 01:00 db2instx.nfy -rw-r--r-- 1 samp01 db2grpxx 3061984 Aug 24 11:20 db2support.zip drwxrwxrwx 2 samp01 db2grpxx 4096 Aug 24 18:27 events drwxrwxrwx 2 samp01 db2grpxx 4096 Aug 25 00:02 FODC_Trap_2016-08-23-01.00.03.236392_0000 drwxr-x--- 4 samp01 db2grpxx 4096 Aug 25 01:00 FODC_Trap_2016-08-25-01.00.02.858098_0000 drwxrwxr-t 2 samp01 db2grpxx 4096 Aug 25 00:02 stmmlog

52 As a Matter of Fact . . .

• Security Always Matters • Veracity Always Matters • Backups & Log Health Always Matters • Uptime Always Matters • Performance Always Matters • Value to the Business Always Matters

53 Test systems vs Productions systems

Landed & Cloud

Your experience/mileage may vary:

Test Systems 3x DBA effort vs Production systems

Test Systems 3x Team Usage vs Production systems

Much More Later . . .

54 As a Matter of Fact . . .

• Security Always Matters • Veracity Always Matters • Backups & Log Health Always Matters • Uptime Always Matters • Performance Always Matters • Value to the Business always Matters • Big Data is Here to Stay - Exceeding Expectations!

55 Preparation, Preparation, Preparation

Test vs Productions

Landed & Cloud

Mileage - Experience:

Test Systems 3x DBA effort Test Systems 3x Team Usage vs Production systems

56 Where Are We . . .

1) Introduction 2) Database system builds & configuration challenges 3) Security options discussion - root /non-root installation 4) Database maintenance, alerts, and utility operations 5) DB2 LUW Fixpack migration 'opportunities' 6) Summary

57 Potential In-house Script Table Maintenance Issues

Expect Monster Table Name Lengths

Curmudgeon Speak: (A bad-tempered or surly person might say...)

“Why is anything automatic – automatic misery…” 58 As a Matter of Fact . . .

• Security Always Matters • Veracity Always Matters • Backups & Log Health Always Matters • Uptime Always Matters • Performance Always Matters • Value to the Business Always Matters

59 Poor Performance Was Reported…

DBA checked Table Runstats as Step 1

‘NPAGES, MPAGES, FREEPAGES = -1 STATS_TIME were Blanks… ?

/db2home/samp01 => db2 "runstats on table "SPSS"."TrapScoreWindow" with distribution and indexes all allow write access set profile util_impact_priority 50" SQL2306N The table or index "SPSS.TRAPSCOREWINDOW" does not exist.

60 Potential In-house Script Table Maintenance Issues

Expect Mixed Case DDL object names

“Even though it’s a best practice to use all caps, it’s not enforced. “

\ Double Quote the object names “as needed”.

/db2home/samp01=> db2 list tables for all | grep -i trap

TrapScoreWindow SPSS T 2016-08-05-10.39.11.390413

/db2home/samp01=> db2 describe table SPSS.\"TrapScoreWindow\" Column Column name schema Data type name Length Scale Nulls ------Trap_Number SYSIBM VARCHAR 255 0 Yes Keep_Score SYSIBM BIGINT 8 0 Yes Pass_Score SYSIBM BIGINT 8 0 Yes Decide_Score SYSIBM BIGINT 8 0 Yes Big_Score SYSIBM BIGINT 8 0 Yes 61 Potential In-house Script Table Maintenance Issues

Expect Mixed Case DDL object names

“Even though it’s a best practice to use all caps, it’s not enforced. “

\ Double Quote the object names “as needed”.

/db2home/samp01 => db2 "select count(*) from SPSS.TrapScoreWindow with ur “ SQL0204N "SPSS.ApplScoreWINDOW" is an undefined name. SQLSTATE=42704  SNAG

/db2home/samp01 => db2 "select count(*) from SPSS.\"TrapScoreWindow\""  NO SNAG db2 "runstats on table SPSS.\"TrapScoreWindow\" with distribution and indexes all allow write access set profile util_impact_priority 50"

62 Poor Performance Reported…

DBA checked Table Runstats as Step 1

‘NPAGES, MPAGES,FREEPAGES = -1 STATS_TIME were Blanks . . . ?

/db2home/samp01 => db2 "runstats on table "SPSS"."TrapScoreWindow" with distribution and indexes all allow write access set profile util_impact_priority 50" SQL2306N The table or index "SPSS.TRAPSCOREWINDOW" does not exist.

/db2home/samp01 => db2 "runstats on table "SPSSAPP".\"TrapScoreWindow\" with distribution and indexes all allow write access set profile util_impact_priority 50" DB20000I The RUNSTATS command completed successfully. 63 Frequent FixPack Upgrade Maintenance issue Scrape your .nfy log

2016-02-28-1.24.02.767958 Instance:db2inst1 Node:000 2016-10-23-08.27.26.895913 Instance:edwd01 Node:001 PID:31750(db2agent (XMETA) PID:15007968(db2agntp (EDWD01) 1) TID:6427 0) TID:2386552576 Appid:*LOCAL.db2inst1.1602280624 Appid:*N0.edwd01. 02 141023122718 database monitor sqmSqlTarget::validateTable database monitor sqmSqlTarget::validateTable Probe:60 Probe:60 Database:XMETA Database:EDWD01

ADM2014W The Event Monitor "CHANGE_HISTORY" ADM2014W The Event Monitor "DB2ACTIVITIES" detected detected on table on table "EVENT_MONITOR_CHANGE_HISTORY_UTILLOCATION" "ACTIVITY_DB2ACTIVITIES" (ID "275") that the size of the (ID "12") that the size of the column column "LOCATION" is smaller than the default size of "TPMON_ACC_STR" "2097152". Therefore, contents will be truncated to the is smaller than the default size of "255". Therefore, contents user specified size. will be truncated to the user specified size.

64 Applying Patches

Cloud Servers: Implementation considerations

Vendor scheduled… Downtime for Users ;<(

No rolling upgrades of Operating system software No rolling upgrades of DB2 software

Generally No HADR knowledge or No TSAMP knowledge…

After patching, autorestarts are NOT advisable ([i] DB2AUTOSTART=NO)

Application server restart needed after DB2 LUW are up;

(frequent non-database causes failures). 65 Applying Patches

Landed Servers: Implementation considerations

4:00 AM – WebSphere Team bring down Application/WebSphere Servers 4:10 AM – DB2 LUW DBAs shutdown DB2 databases 4:15 AM – Handoff both DB2 HADR Servers to Vendor 5:00 AM – Vendor completes OS patch 5:05 AM – DB2 LUW DBAs Start database 5:15 AM – WebSphere Team start C&DS servers 5:30 AM – Application Team verifies Application is accessible 5:45 AM – 7:00 AM verification and signoff by Users. 66 Applying Patches

Landed Servers: Implementation considerations

No Downtime needed for Users with DB2 HADR :>)

After patching, autorestarts – NOT advisable ([i] DB2AUTOSTART=NO) Internal HADR/TSAMP knowledge permits:

Rolling upgrades of Operating System software – Day one - HADR Standby – Day Two - HADR Primary after takeover Rolling upgrades of DB2 software – day one Standby db2haicu -disable (Both sides of HADR pair) 67 Normal Maintenance

Landed Servers: Implementation considerations

No Downtime with HADR

Internal HADR/TSAMP knowledge permits: autorestarts of DB2 server after any patching – NOT advisable Rolling upgrades of Operating system software – Day one - HADR Standby – Day Two - HADR Primary after takeover Rolling upgrades of DB2 software – day one Standby db2haicu -disable (both sides of HADR pair)

68 Applying Patches

Landed Servers: Implementation considerations

4:00 AM – WebSphere Team bring down Application/WAS Servers 4:10 AM – DB2 LUW DBAs shutdown 4:15 AM – Handoff current Standby server to Systems folks (root) 5:00 AM – Systems folks (root) start complete OS patching 5:05 AM – DB2 LUW DBAs Start database, Start HADR, enable TSAMP 5:15 AM – WebSphere Team starts Application/WebSphere Servers 5:30 AM – Application Team verify application is accessible 5:45 AM – 7:00 AM verification and signoff by Users.

69 Turning off alerts now crontab -r

• crontab -r • db2haicu -delete • db2 deactivate db database1 , database2 • db2stop force

70 Where Are We . . .

1) Introduction 2) Database system builds & configuration challenges 3) Security options discussion - root /non-root installation 4) Database maintenance, alerts, and utility operations 5) DB2 LUW Fixpack migrations 'opportunities' 6) Summary

71 db2diag.log scrape Monitoring Alerts needed (TSAMP automatic failover does not occur) 2016-04-07-12.44.56.516869-240 I355803E510 LEVEL: Severe PID : 6697 TID : 47758912251648 PROC : db2sysc 0 INSTANCE: db2instx NODE : 000 DB : XMETA HOSTNAME: serverx EDUID : 62 EDUNAME: db2agent (idle) 0 FUNCTION: DB2 UDB, base sys utilities, sqleIndCoordProcessRequest, probe:1100 RETCODE : ZRC=0xFFFFFBF6=-1034 SQL1034C The database is damaged. All applications processing the database have been stopped.

72 Where Are We . . .

1) Introduction 2) Database system builds & configuration challenges 3) Security options discussion - root /non-root installation 4) Database maintenance, alerts, and utility operations 5) DB2 LUW Fixpack migration 'opportunities' 6) Summary

73 Best Practices

• Avoid NFS mounts for /backup; use OCFS2 instead or other method to avoid downtime & avoid server upgrade conflicts. • Determine if you have tables without primary keys, indexes & fix! • update_insert SQL are disallowed without primary keys • Establish alerts on Server/instance down • Establish alerts on db2diag.log &

74 Best Practices

• Establish alerts on crontab down • Establish alert on sudden uptime change in database servers • Establish DB2 client on WebSphere/applications and frequently cronatb connect to database servers • Triple archive logs to active and mirror logs ; 20-40 – 60-120gb for starters and monitor growth daily • Establish alerts on mount points ; especially db2 log mounts change

75 Audience Poll

Regarding the material presented…

How much did you already know before this presentation? a) Most of the material was new to me. b) I already understood about half of it. c) I already understood most but learned something new d) I already understood 100% of the material

76 Audience Poll

Regarding the material presented…

How much did you already know before this presentation? a) Most of the material was new to me. b) I already understood about half of it. c) I already understood most but learned something new d) I already understood 100% of the material

77 Audience Poll

Regarding the material presented…

How much did you already know before this presentation? a) Most of the material was new to me. b) I already understood about half of it. c) I already understood most but learned something new d) I already understood 100% of the material

78 Audience Poll

Regarding the material presented…

How much did you already know before this presentation? a) Most of the material was new to me. b) I already understood about half of it. c) I already understood most but learned something new d) I already understood 100% of the material

79 Future Questions: Session: D04

“Big Data - DB2 LUW Meta Data Repositories - A Field Guide for DBA's & Managers”

| \|/ Please fill out your session \\|// evaluation before leaving! \\\|/// \\~~ ~~// ( @ @ ) +------(_)------+ | | | | | A L E X A N D E R _ K O P A C @ H O T M A I L . C O M | | oooO | +------( )---Oooo------+ \ ( ( ) \_) ) / (_/

Every day above ground IS a good one…!

THANK YOU FOR ATTENDING ! 80 A L E X A N D E R

K O P A C

•Session D04 Please fill out your session

•Title - “Big Data - DB2 LUW Meta Data Repositories - A evaluation before leaving! Field Guide for DBA's & Managers (DB2 for LUW - I)”

81 Insert Name Here Insert Company Name Here Please fill out your session Insert E-mail here evaluation before leaving!

Session Title

Photo by Steve from Austin, TX, USA “Big Data - DB2 LUW Meta Data Repositories - A Field Guide for DBA's & Managers

APPENDIX

83 Legal

The information contained herein should be deemed as reliable but not guaranteed. The author has made every attempt to provide current and accurate information as well as crediting the appropriate sources. If you have any comments or suggestions, please contact the author at A L E X A N D E R _ K O P A C @ H O T M A I L . C O M

Only IDUG North America 2016 has been granted permission to reprint and distribute this presentation. Others may request redistribution permission from A L E X A N D E R _ K O P A C @ H O T M A I L . C O M

Copyright © 2016 84