Readme file for IBM® Spectrum Conductor 2.4.1 Interim Fix 601055
Readme
file for: IBM
Spectrum Conductor
Product release: 2.4.1
Update name: Interim Fix 601055
Fix
ID: sc-2.4.1-build601055
Publication date: March 18, 2022
This fix supports
enabling encryption for all LIM communication (UDP and TCP) messages.
1.
List of fixes
2.
Download location
3.
Product and components affected
4.
Installation
5.
Uninstallation
6.
List of files
7.
Product notifications
8.
Copyright and trademark information
1. List of fixes
RFE 149436
Download interim fix 601055 from the following
location: http://www.ibm.com/eserver/support/fixes/.
Component name,
Platform, Fix ID:
EGO, Linux
x86_64, sc-2.4.1-build601055
Follow the instructions in this section to download and install this
interim fix on hosts in your cluster.
System requirements
Linux x86_64
Configuration
LIM uses a
hybrid combination of RSA and AES to encrypt UDP and TCP traffic. The current
version utilizes an AES (Advanced Standard Encryption) 256 byte (2048 bit) key
length and requires generating and deploying the RSA key pair.
1. Generate the RSA key pair (which must be 2048 bits) in PEM format:
> openssl genrsa
-out private.key 2048
> openssl rsa -in private.key -outform PEM -pubout -out public.key
2. Ensure
that both RSA public and private keys are readable by LIM processes (both on management
and compute nodes).
3. Add new configuration to the $EGO_CONFDIR/ego.conf file:
EGO_LIM_TRANSPORT_SECURITY=AES
EGO_LIM_DEFAULT_TS_PARAMS="SSL[PUBLIC_KEY=/shared/public.key,PRIVATE_KEY=/secured/private.key]"
EGO_LIM_CLIENT_TS_PARAMS="SSL[PUBLIC_KEY=/shared/public.key]"
Installation
a. Log on to the primary
host as the cluster administrator, stop all EGO services and shut down all hosts
in the cluster:
>
egosh user logon -u Admin -x $PWD
>
egosh service stop all
>
egosh ego shutdown all
b. Source your environment:
(BASH) . $EGO_TOP/profile.platform
(CSH) source $EGO_TOP/cshrc.platform
c. Download the egocore-3.8.0.1_x86_64_build601055.tar.gz
package to
each of your host (or just one host if you are using a shared file system), for
example, to a /conductorfixes directory.
d. Run the egoinstallfixes command to install
the egocore-3.8.0.1_x86_64_build601055.tar.gz package:
> egoinstallfixes
/conductorfixes/egocore-3.8.0.1_x86_64_build601055.tar.gz
Note: Running the egoinstallfixes command automatically
backs up the current binary files to a fix backup directory for recovery
purposes. Do not delete this backup directory; you will need it if you want to
recover the original files. For more information on using this command,
see the egoinstallfixes command reference.
e. Run the pversions command to verify the installation:
> pversions -b 601055
f. Update EGO configuration file.
g. Download the sparklibrary_build601055.tar.gz package and extract the
binary file libSparkVEMApi.so. Replace the libSparkVEMApi.so file within the Spark
archive for each Spark version. Here is an example for Spark 2.4.3:
$ mkdir /tmp/Spark2.4.3-Conductor2.4.1
$ tar xzf $EGO_CONFDIR/../../conductorspark/conf/packages/Spark2.4.3-Conductor2.4.1/Spark2.4.3.tgz
-C /tmp/Spark2.4.3-Conductor2.4.1
$ cd /tmp/Spark2.4.3-Conductor2.4.1
$ tar xzf spark-2.4.3-hadoop-2.7.tgz
$ cp NEWBINARYPATH/libSparkVEMApi.so
spark-2.4.3-hadoop-2.7/jars/native/x86_64
$ tar czf spark-2.4.3-hadoop-2.7.tgz
spark-2.4.3-hadoop-2.7
$ tar czf Spark2.4.3.tgz
spark-2.4.3-hadoop-2.7.tgz scripts deployment.xml
$ cp Spark2.4.3.tgz $EGO_CONFDIR/../../conductorspark/conf/packages/Spark2.4.3-Conductor2.4.1
$ cd /tmp
$ rm -rf /tmp/Spark2.4.3-Conductor2.4.1
h. For each deployed instance group, replace the libSparkVEMApi.so file:
$
find DEPLOY_HOME -name libSparkVEMApi.so | xargs cp
NEWBINARYPATH/libSparkVEMApi.so
j.
Start the primary, primary
candidate hosts and all compute hosts:
>
egosh ego start hostname
If required, follow the instructions in this section to uninstall this
interim fix from hosts in your cluster.
a. Log on to the primary
host as the cluster administrator, stop all EGO services and shut down all hosts
in the cluster:
>
egosh user logon -u Admin -x $PWD
>
egosh service stop all
>
egosh ego shutdown all
b. Manually restore the binary libSparkVEMApi.so from your backup.
c. On each of
your host (or just one host if you are using a shared file system), roll back
this interim fix:
> egoinstallfixes -r 601055
d. Start the primary, primary candidate hosts and all
compute hosts:
> egosh ego start hostname
3.8/linux-x86_64/lib/jni/libLIMApiCommon.so
3.8/linux-x86_64/lib/jni/libVEMApiCommon.so
3.8/linux-x86_64/etc/vemkd
3.8/linux-x86_64/etc/pim
3.8/linux-x86_64/etc/pem
3.8/linux-x86_64/etc/lim
3.8/linux-x86_64/etc/egosc
3.8/linux-x86_64/etc/melim
3.8/linux-x86_64/etc/elim.sa
3.8/linux-x86_64/etc/elim.icp.uploader
3.8/linux-x86_64/etc/elim.nvidia
3.8/linux-x86_64/etc/wsm
3.8/linux-x86_64/bin/egosh
libSparkVEMApi.so
To receive information about product solution and patch updates
automatically, subscribe to product notifications on the My Notifications
page http://www.ibm.com/support/mynotifications/ on the IBM Support
website (http://support.ibm.com). You can edit your subscription settings to
choose the types of information you want to get notification about, for
example, security bulletins, fixes, troubleshooting, and product enhancements
or documentation changes.
© Copyright IBM Corporation 2022
U.S. Government Users Restricted Rights - Use,
duplication or disclosure restricted by GSA ADP Schedule Contract with IBM
Corp.
IBM®, the IBM logo, and ibm.com® are trademarks of
International Business Machines Corp., registered in many jurisdictions
worldwide. Other product and service names might be trademarks of IBM or other
companies. A current list of IBM trademarks is available on the Web at
"Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.