Base cluster database requirements for Cloudera Data Warehouse Private Cloud

You must be aware of the requirements for the database that is used for the Hive Metastore on the base cluster (Cloudera Manager side) for Cloudera Data Warehouse (CDW) Private Cloud.

CDW supports MariaDB databases in addition to the PostgreSQL database for the Hive Metastore (HMS) on the base CDP cluster (Cloudera Manager side). This feature is in Technical Preview and is not ready for production deployment. Cloudera encourages you to explore these technical preview features in non-production environments and provide feedback on your experiences. On a non-default Database Catalog, HMS, Hue, and DAS use an embedded or external PostgreSQL database that is defined when you install CDP Private Cloud. On a default Database Catalog, Hue and DAS use an embedded or external PostgreSQL database that is defined when you install CDP Private Cloud.

If you are using PostgreSQL database for the Hive Metastore on the base cluster, then it must meet the following requirements::
  • SSL-enabled.
  • Uses the same keystore containing an embedded certificate as Ranger and Atlas.
To use the same keystore with embedded certificate for Ranger and Atlas:
  • If you are using Auto-TLS:

    In the Management Console Administration page, navigate to Security > Enable Auto-TLS and add the certificate name (for example, /path/to/postgres.pem) in the Trusted CA Certificate option.

  • If you are not using Auto-TLS:

    Ensure that the public certificate of the certificate authority (CA) that signed the Hive metastore database's certificate is present in Cloudera Manager's JKS truststore. If the certificate is self-signed, import that certificate into Cloudera Manager's JKS truststore: In the Management Console Administration page, find the path to Cloudera Manager's JKS truststore by navigating to Administration > Settings > Security > Cloudera Manager TLS/SSL Client Trust Store File. Import the CA's certificate into that JKS file.

    To add the certificate name to an existing or a new JKS file, use the following keytool command, which uses the same example certificate name:

    keytool -import -alias postgres -file /path/to/postgres.pem -storetype JKS -keystore /path/to/cm.jks

    Where /path/to/cm.jks is the JKS file that is configured by Cloudera Manager.

    This ensures that the file specified for Cloudera Manager TLS/SSL Client Trust Store File is passed to Management Console and workloads.