Options
What authentication does dbadmin need to startup a cluster?
mgroesbeek
Vertica Customer ✭
This question pertains to a DR situation. I have a three-node cluster. I'm restricting the authentication for dbadmin to localhost (and local subnet - do I even need this?). Suppose our local site is unavailable and I restore the cluster on a DR site where the IP addresses will have changed. I will need to re-ip the cluster before I can start it. If I defined the authentication for dbadmin to be only localhost, will the cluster be able to start up? I can't update the authentication until the db has started. We will have passwordless ssh of course.
0
Answers
@mgroesbeek ,
When you define dbadmin user's authentication with LOCAL and trust , it does not depend on the actual IP address values for DB operations/authentications.
When you are logged into the cluster locally, Vertica DB will TRUST that you (dbadmin) have been authenticated at OS level. This is very powerful authentication.
I am not sure about local subnet though. Never tried that.
To answer you question, Yes you'll be able to perform all admin functions (including startup/shutdown) on your DR even if IP addresses are different.
Hope this clarifies.
When you define dbadmin with authentication as LOCAL and TRUST, Vertica DB does NOT care about actual IP address values. It trusts that OS has already authenticated you!
So to answer you question, Yes you'll be able to do all dbadmin function on DR cluster once you are logged into the cluster.
Not sure about local subnet never done that.
Enabling TRUST and LOCAL has side effects
Anybody logged into cluster node can login into database as dbadmin
vsql -U dbadmin
There is no check for os account name or os group membership
Yes I do enable trust for local in my databases, but you should be aware of consequences
If you also want a check on which user is logged in on the cluster, you could use IDENT and LOCAL.