Chinaunix首页 | 论坛 | 博客
  • 博客访问: 2373569
  • 博文数量: 200
  • 博客积分: 2413
  • 博客等级: 大尉
  • 技术积分: 3067
  • 用 户 组: 普通用户
  • 注册时间: 2011-04-01 22:07
文章分类

全部博文(200)

文章存档

2018年(2)

2017年(8)

2016年(35)

2015年(14)

2014年(20)

2013年(24)

2012年(53)

2011年(44)

分类: Mysql/postgreSQL

2015-12-03 17:27:50


greenplum的客户端访问Greenplum服务器,要满足以下两点,否则会报错
psql: FATAL:  no pg_hba.conf entry for host "192.168.1.172", user "gpadmin", database "testDB", SSL off

一、用户要创建密码
testDB=# alter role gpadmin with password 'gpadmin';
ALTER ROLE

二、master节点的$MASTER_DATA_DIRECTORY/pg_hba.conf中添加新客户端服务器信息
master节点的pg_hba.conf配置文件控制客户端访问Greenplum系统。
segment节点也有pg_hba.conf配置文件,它只能控制master节点能否访问segment,决不能运行客户端连接。不要修改segment的pg_hba.conf文件!!

格式:
host        database        role    CIDR-address     authentication-method

如果使用scoket访问greenplum系统则用下面的格式
local database role     authentication-method
详见下面表格的参数介绍。


pg_hba.conf中记录是被顺序读取的,所有记录的顺序是有象征性意义的。
 通常前面的记录匹配更少的连接但要求较弱的认证,后面的记录匹配更多的连接但要求更严格的认证。 比如:

# allow the gpadmin user local access to all databases 
# using ident authentication
local   all   gpadmin   ident         sameuser
host    all   gpadmin   127.0.0.1/32  ident
host    all   gpadmin   ::1/128       ident
# allow the 'dba' role access to any database from any 
# host with IP address 192.168.x.x and use md5 encrypted 
# passwords to authenticate the user
# Note that to use SHA-256 encryption, replace md5 with 
# password in the line below
host    all   dba   192.168.0.0/32  md5
# allow all roles access to any database from any 
# host and use ldap to authenticate the user. Greenplum role 
# names must match the LDAP common name.
host    all   all   192.168.0.0/32  ldap ldapserver=usldap1 
ldapport=1389 ldapprefix="cn=" 
ldapsuffix=",ou=People,dc=company,dc=com"

个人案例:允许gpadmin用户在192.168.1.x网段访问所有数据库,使用md5验证。
#add
host     all         gpadmin         192.168.1.0/24         md5


三、生效
在master 执行gpstop -u重新加载pg_hba.conf文件,并不会shutdown Greenplum系统。
$ gpstop -u


四、验证
$ psql -h 192.168.1.171 -p 5432 -d postgres -U gpadmin -W 
Password for user gpadmin: 


附英文介绍
Field Description
local Matches connection attempts using UNIX-domain sockets. Without a
record of this type, UNIX-domain socket connections are disallowed.
适用于socket方式。
host Matches connection attempts made using TCP/IP. Remote TCP/IP connections will not be possible unless the server is started with an appropriate value for thelisten_addresses server configuration parameter.
TCP/IP方式访问Greenplum系统。
hostssl Matches connection attempts made using TCP/IP, but only when the connection is made with SSL encryption. SSL must be enabled at server start time by setting the sslconfiguration parameter
TCP/IP+ssl(加密)方式访问Greenplum系统。
hostnossl Matches connection attempts made over TCP/IP that do not use SSL.
database Specifies which database names this record matches. The value all specifies that it matches all databases. Multiple database names can be supplied by separating them with commas. A separate file containing database names can be specified by preceding the file name with @.
数据库名。
role Specifies which database role names this record matches. The value all specifies that it matches all roles. If the specified role is a group and you want all members of that group to be included, precede the role name with a +. Multiple role names can be supplied by separating them with commas. A separate file containing role names can be specified by preceding the file name with @.
角色。
CIDR-address Specifies the client machine IP address range that this record matches. It contains an IP address in standard dotted decimal notation and a CIDR mask length. IP addresses can only be specified numerically, not as domain or host names. The mask length indicates the number of high-order bits of the client IP address that must match. Bits to the right of this must be zero in the given IP address. There must not be any white space between the IP address, the /, and the CIDR mask length.

Typical examples of a CIDR-address are 172.20.143.89/32 for a single host, or 172.20.143.0/24 for a small network, or 10.6.0.0/16 for a larger one. To specify a single host, use a CIDR mask of 32 for IPv4 or 128 for IPv6. In a network address, do not omit trailing zeroes.

IP-address

IP-mask

These fields can be used as an alternative to the CIDR-address notation. Instead of specifying the mask length, the actual mask is specified in a separate column. For example, 255.0.0.0 represents an IPv4 CIDR mask length of 8, and 255.255.255.255 represents a CIDR mask length of 32. These fields only apply to host, hostssl, and hostnossl records.
authentication-method Specifies the authentication method to use when connecting. Greenplum supports the  supported by PostgreSQL 9.0.
来源: <>
 



转载请注明:
十字螺丝钉
http://blog.chinaunix.net/uid/23284114.html

QQ:463725310
E-MAIL:houora#gmail.com(#请自行替换为@)


阅读(8160) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~