Base cluster database requirements for Cloudera Data Warehouse Private Cloud
You must be aware of the requirements for the database that is used for the Hive Metastore on the base cluster (Cloudera Manager side) for Cloudera Data Warehouse (CDW) Private Cloud.
CDW supports MariaDB, MySQL, PostgreSQL, and Oracle databases for the Hive Metastore (HMS) on the base CDP cluster (Cloudera Manager side). On a default Database Catalog, Hue and HMS use an embedded PostgreSQL database that is defined when you install CDP Private Cloud.
- Uses the same keystore containing an embedded certificate as Ranger and Atlas.
If your HMS database is not SSL/TLS-enabled and you want to continue using CDW, then you must disable the SSL requirement in CDW, so that the Database Catalog does not fail to start in an attempt to establish a secure connection with an unsecured database. For instructions, see Disable the SSL or TLS requirement for HMS database.
- If you are using Auto-TLS:
In the Management Console Administration page, go to the CA Certificates tab and select External Database from the CA Certificate Type drop-down menu. Upload the CA certificates either by uploading a file or by direct input.
- If you are not using Auto-TLS:
Ensure that the public certificate of the certificate authority (CA) that signed the Hive metastore database's certificate is present in Cloudera Manager's JKS truststore. If the certificate is self-signed, import that certificate into Cloudera Manager's JKS truststore: In the Management Console Administration page, find the path to Cloudera Manager's JKS truststore by navigating to. Import the CA's certificate into that JKS file.
To add the certificate name to an existing or a new JKS file, use the following
keytoolcommand, which uses the same example certificate name:
keytool -import -alias postgres -file /path/to/postgres.pem -storetype JKS -keystore /path/to/cm.jks
/path/to/cm.jksis the JKS file that is configured by Cloudera Manager.
This ensures that the file specified for Cloudera Manager TLS/SSL Client Trust Store File is passed to Management Console and workloads.