Created 03-03-2018 01:06 AM
Hi
I have managed to have a successful deployment of a full blown ambari-stack using blueprints. As part of the next level of our security requirements I am attempting to make rangerkms run in its own database instance of postgres on a non-default port.
The corresponding blueprint entry
{ "dbks-site" : { "properties_attributes" : { }, "properties" : { "ranger.ks.hsm.enabled" : "false", "hadoop.kms.blacklist.DECRYPT_EEK" : "hdfs", "ranger.ks.jpa.jdbc.credential.alias" : "ranger.ks.jdbc.password", "ranger.ks.jpa.jdbc.url" : "jdbc:postgresql://mydb.server.com:7432/rangerkms", "ranger.ks.jpa.jdbc.driver" : "org.postgresql.Driver" } } }
During blueprint installation the jisql commands attempt to verify the connection to the database but it doesnt seem to take into account the port that i have configured
resource_management.core.exceptions.ExecutionFailed: Execution of 'ambari-python-wrap /usr/hdp/current/ranger-kms/db_setup.py' returned 1. 2018-03-03 00:22:47,004 [I] DB FLAVOR :POSTGRES 2018-03-03 00:22:47,005 [I] --------- Verifying Ranger DB connection --------- 2018-03-03 00:22:47,005 [I] Checking connection 2018-03-03 00:22:47,005 [JISQL] /usr/java/latest/bin/java -cp /usr/hdp/current/ranger-kms/ews/webapp/lib/postgresql-jdbc.jar:/usr/hdp/current/ranger-kms/jisql/lib/* org.apache.util.sql.Jisql -driver postgresql -cstring jdbc:postgresql://mydb.server.com/rangerkms -u rangerkms -p '********' -noheader -trim -c \; -query "SELECT 1;" SQLException : SQL state: 28000 org.postgresql.util.PSQLException: FATAL: no pg_hba.conf entry for host "192.168.10.21", user "rangerkms", database "rangerkms", SSL off ErrorCode: 0 2018-03-03 00:22:47,182 [E] Can't establish connection
However on the same host where kms is being attempted to install say foo.server.com if i specify the port the connection is successful
/usr/java/latest/bin/java -cp /usr/hdp/current/ranger-kms/ews/webapp/lib/postgresql-jdbc.jar:/usr/hdp/current/ranger-kms/jisql/lib/* org.apache.util.sql.Jisql -driver postgresql -cstring jdbc:postgresql://mydb.server.com:7432/rangerkms -u rangerkms -p 'rangerkms' -noheader -trim -c \; -query "SELECT 1;" 1 |
How do i get the db connection verifier to use the specified port in the blueprint ?
I do have an entry in my pg_hba conf for foo.server.com to access rangerkms db as user rangerkms ..
Created 03-03-2018 01:45 AM
As part of this design I want ranger-kms to be separated from the other databases. So obviously if I just switch ports then ranger-kms gets installed but ranger admin does not because it uses the same library without the port !
Created 03-03-2018 05:42 AM
As a hack I am specifying the port in the host name and that seems to work. Note the db_host below
{ "kms-properties" : { "properties" : { "KMS_MASTER_KEY_PASSWD" : "foo", "DB_FLAVOR" : "POSTGRES", "db_name" : "rangerkms", "db_user" : "rangerkms", "db_password" : "foo", "REPOSITORY_CONFIG_USERNAME" : "keyadmin", "db_host" : "mydb.server.com:7432" } } }