Search code examples
dockerdb2systemdinitautostart

DB2 in Docker container. Problem with autostart of SSL configuration after restarting of Docker container

I have a docker container, that started from image – https://hub.docker.com/r/ibmcom/db2/

Everything is ok, but I need to make few experiments with SSL-connection. I entered inside container.

docker exec -it my_container /bin/bash

I have switched to needed user

su - db2inst1

And I made changes, that needed for implementing of SSL configuration

gsk8capicmd_64 -keydb -create -db "server.kdb" -pw "my_secret_password" -stash
gsk8capicmd_64 -cert -create -db "server.kdb" -pw "my_secret_password" -label "my_company" -dn "CN=my_company" -size 2048 -sigalg SHA256_WITH_RSA
gsk8capicmd_64 -cert -extract -db "server.kdb" -pw "my_secret_password" -label "my_company" -target "server.arm" -format ascii -fips
gsk8capicmd_64 -cert -details -db "server.kdb" -pw "my_secret_password" -label "my_company"
db2 update dbm cfg using SSL_SVR_KEYDB /database/config/db2inst1/server.kdb
db2 update dbm cfg using SSL_SVR_STASH /database/config/db2inst1/server.sth
db2 update dbm cfg using SSL_SVCENAME 50002
db2set DB2COMM=SSL,TCPIP
db2stop force
db2start

Let's check

netstat -nlp

Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:50000           0.0.0.0:*               LISTEN      17030/db2sysc 0
tcp        0      0 0.0.0.0:50002           0.0.0.0:*               LISTEN      17030/db2sysc 0

Everything is works. I tested SSL, everything is fine. But after, when I am making

docker stop my_container 
docker start my_container

My SSL-port is not up. In netstat, I see only:

netstat -nlp

Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:50000           0.0.0.0:*               LISTEN      17030/db2sysc 0

When I am going to the docker container, and when I am making

db2set DB2COMM=SSL,TCPIP
db2stop force
db2start

SSL-port is up and everything is fine.

The question. Should I autostart above commands ? Or it can be implemented via some configs in DB2 ?

Solution

  • I found file, that is making rewriting of profile.env
    This file /var/db2_setup/include/db2_common_functions, where this string:

    su - ${DB2INSTANCE?} -c ". sqllib/db2profile; db2set DB2COMM=TCPIP && db2 UPDATE DBM CFG USING DFTDBPATH $DATA_DIR IMMEDIATE"

    I have replaced on this:

    su - ${DB2INSTANCE?} -c ". sqllib/db2profile; db2set DB2COMM='TCPIP,SSL' && db2 UPDATE DBM CFG USING DFTDBPATH $DATA_DIR IMMEDIATE"