What authentication does dbadmin need to startup a cluster?

This question pertains to a DR situation. I have a three-node cluster. I'm restricting the authentication for dbadmin to localhost (and local subnet - do I even need this?). Suppose our local site is unavailable and I restore the cluster on a DR site where the IP addresses will have changed. I will need to re-ip the cluster before I can start it. If I defined the authentication for dbadmin to be only localhost, will the cluster be able to start up? I can't update the authentication until the db has started. We will have passwordless ssh of course.

Answers

  • Sudhakar_BSudhakar_B Vertica Customer ✭✭
    edited December 2020

    @mgroesbeek ,
    When you define dbadmin user's authentication with LOCAL and trust , it does not depend on the actual IP address values for DB operations/authentications.
    When you are logged into the cluster locally, Vertica DB will TRUST that you (dbadmin) have been authenticated at OS level. This is very powerful authentication.
    I am not sure about local subnet though. Never tried that.
    To answer you question, Yes you'll be able to perform all admin functions (including startup/shutdown) on your DR even if IP addresses are different.
    Hope this clarifies.

  • Sudhakar_BSudhakar_B Vertica Customer ✭✭
    edited December 2020

    When you define dbadmin with authentication as LOCAL and TRUST, Vertica DB does NOT care about actual IP address values. It trusts that OS has already authenticated you!
    So to answer you question, Yes you'll be able to do all dbadmin function on DR cluster once you are logged into the cluster.
    Not sure about local subnet never done that.

  • Enabling TRUST and LOCAL has side effects
    Anybody logged into cluster node can login into database as dbadmin
    vsql -U dbadmin
    There is no check for os account name or os group membership
    Yes I do enable trust for local in my databases, but you should be aware of consequences

  • SergeBSergeB - Select Field - Employee

    If you also want a check on which user is logged in on the cluster, you could use IDENT and LOCAL.

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file