Base cluster database requirements for Cloudera Data Warehouse Private Cloud

You must be aware of the requirements for the database that is used for the Hive Metastore on the base cluster (Cloudera Manager side) for Cloudera Data Warehouse (CDW) Private Cloud.

CDW supports MariaDB, MySQL, PostgreSQL version 12, and Oracle databases for the Hive Metastore (HMS) on the base CDP cluster (Cloudera Manager side). Support for Oracle database (whether SSL-enabled or not) is in technical preview. Cloudera recommends that you use the Oracle database for HMS on base cluster only in test or development environments.

On a non-default Database Catalog, HMS, Hue, and DAS use an embedded or external PostgreSQL database that is defined when you install CDP Private Cloud. On a default Database Catalog, Hue and DAS use an embedded or external PostgreSQL database that is defined when you install CDP Private Cloud, and HMS can use either MariaDB, MySQL, Oracle, or PostgreSQL databases.

If you are using PostgreSQL, MySQL, MariaDB, or Oracle database for the Hive Metastore on the base cluster, then it must meet the following requirements:
  • SSL-enabled.
  • Uses the same keystore containing an embedded certificate as Ranger and Atlas.
To use the same keystore with an embedded certificate for Ranger and Atlas:
  • If you are using Auto-TLS:

    In the Management Console Administration page, go to the CA Certificates tab and select External Database from the CA Certificate Type drop-down menu. Upload the CA certificates either by uploading a file or by direct input.

  • If you are not using Auto-TLS:

    Ensure that the public certificate of the certificate authority (CA) that signed the Hive metastore database's certificate is present in Cloudera Manager's JKS truststore. If the certificate is self-signed, import that certificate into Cloudera Manager's JKS truststore: In the Management Console Administration page, find the path to Cloudera Manager's JKS truststore by navigating to Administration > Settings > Security > Cloudera Manager TLS/SSL Client Trust Store File. Import the CA's certificate into that JKS file.

    To add the certificate name to an existing or a new JKS file, use the following keytool command, which uses the same example certificate name:

    keytool -import -alias postgres -file /path/to/postgres.pem -storetype JKS -keystore /path/to/cm.jks

    Where /path/to/cm.jks is the JKS file that is configured by Cloudera Manager.

    This ensures that the file specified for Cloudera Manager TLS/SSL Client Trust Store File is passed to Management Console and workloads.