Please take this survey to help us learn more about how you use third party tools. Your input is greatly appreciated!

What authentication does dbadmin need to startup a cluster?

This question pertains to a DR situation. I have a three-node cluster. I'm restricting the authentication for dbadmin to localhost (and local subnet - do I even need this?). Suppose our local site is unavailable and I restore the cluster on a DR site where the IP addresses will have changed. I will need to re-ip the cluster before I can start it. If I defined the authentication for dbadmin to be only localhost, will the cluster be able to start up? I can't update the authentication until the db has started. We will have passwordless ssh of course.

Answers

  • Sudhakar_BSudhakar_B ✭✭
    edited December 2020

    When you define dbadmin with authentication as LOCAL and TRUST, Vertica DB does NOT care about actual IP address values. It trusts that OS has already authenticated you!
    So to answer you question, Yes you'll be able to do all dbadmin function on DR cluster once you are logged into the cluster.
    Not sure about local subnet never done that.

  • Enabling TRUST and LOCAL has side effects
    Anybody logged into cluster node can login into database as dbadmin
    vsql -U dbadmin
    There is no check for os account name or os group membership
    Yes I do enable trust for local in my databases, but you should be aware of consequences

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file

Can't find what you're looking for? Search the Vertica Documentation, Knowledge Base, or Blog for more information.