Конференция Arenadata
Новое время — новый Greenplum
Мы приглашаем вас принять участие в конференции, посвященной будущему Open-Source Greenplum 19 сентября в 18:00:00 UTC +3. Встреча будет проходить в гибридном формате — и офлайн, и онлайн. Онлайн-трансляция будет доступна для всех желающих.
Внезапное закрытие Greenplum его владельцем — компанией Broadcom - стало неприятным сюрпризом для всех, кто использует или планирует начать использовать решения на базе этой технологии. Многие ожидают выхода стабильной версии Greenplum 7 и надеются на её дальнейшее активное развитие.
Arenadata не могла допустить, чтобы разрабатываемый годами Open-Source проект Greenplum прекратил своё существование, поэтому 19 сентября мы представим наш ответ на данное решение Broadcom, а участники сообщества получат исчерпывающие разъяснения на все вопросы о дальнейшей судьбе этой технологии.

На конференции вас ждёт обсуждение следующих тем:

  • План возрождения Greenplum;
  • Дорожная карта;
  • Экспертное обсуждение и консультации.
Осталось до события

Accounts in ADB

This article lists all accounts that are used in Arenadata DB.

Linux users

The following accounts are created in a operating system during ADB installation (/etc/passwd).

Account Description Default password

adcm

The user that is used by ADCM to deploy clusters

Not set

gpadmin

The Linux user for ADB that is needed to start/stop a cluster and run all console utilities. Also, it has access to all cluster databases as superuser (with the trust method in pg_hba.conf)

Not set

abrt

The user for autocoredump. Assigned nologin in /etc/passwd

Not set

pxf

The user for PXF. Assigned nologin in /etc/passwd

Not set

dockerroot

The user for Docker. Assigned nologin in /etc/passwd

Not set

etcd

The user for etcd. No login abilities

Not set

diamond

The user for Diamond. Assigned nologin in /etc/passwd

Not set

Arenadata DB roles

The following accounts are created in the Arenadata DB database during ADB installation (via the CREATE ROLE command).

Account Description Default password How to change a password

gpadmin

The ADB cluster administrator. This role has access to all cluster databases as superuser

Not set

Via the psql utility:

ALTER ROLE gpadmin WITH ENCRYPTED PASSWORD '<new_password>';

There is no ability to set/change a password via ADCM

gpmon

The gpperfmon user

!QAZ1qaz

It is stored in the /home/gpadmin/.pgpass file

  1. Run the following command via the psql utility:

    ALTER ROLE gpmon WITH ENCRYPTED PASSWORD '<new_password>';
  2. Update the /home/gpadmin/.pgpass file.

adcc

The role that is used by ADB Control for connecting to ADB. Such access is required to obtain information about the cluster topology and to cancel requests initiated by users.

The username can be changed on the ADB Control configuration page during the primary ADB Control installation. Not possible to change after. For more information, see Configuration parameters (ADB Control → UI component parameters → ADB user name)

Not set by default.

Cannot be set during ADB installation.

A password is stored in pg_shadow

  1. Run the following command via the psql utility:

    ALTER ROLE adcc WITH ENCRYPTED PASSWORD '<new_password>';
  2. Change the password on the Configuration → Clusters tab in the ADB Control UI. For more information, see Edit a cluster connection.

There is no ability to set/change a password via ADCM

Accounts used in the ADB Control databases

The following accounts are created in the ADB Control databases (containerized or external) during ADB Control installation.

Account Description Default password How to change a password

postgres

The role name in the PostgreSQL database, which is used in ADB Control to store information on data queries (see Query DB).

The username can be changed on the ADB Control configuration page during ADB Control installation. For more information, see Configuration parameters (ADB Control → Database parameters → Username or ADB Control → External database parameters → Username for external PostgreSQL)

The default value is 123.

Can be set on the ADB Control configuration page during ADB Control installation. For more information, see Configuration parameters (ADB Control → Database parameters → Password or ADB Control → External database parameters → Password for external PostgreSQL)

For external PostgreSQL, you can change a password via ADCM anytime. For containerized PostgreSQL, you can set a password only during the primary ADB Control installation

default

The account name in the ClickHouse database, which is used in ADB Control to store information on metrics (see Metrics DB).

The username can be changed on the ADB Control configuration page during ADB Control installation. For more information, see Configuration parameters (ADB Control → ADQM database parameters → Username or ADB Control → External ADQM parameters → Username for external ClickHouse)

Not set by default.

Can be set on the ADB Control configuration page during ADB Control installation. For more information, see Configuration parameters (ADB Control → ADQM database parameters → Password or ADB Control → External ADQM parameters → Password for external ClickHouse).

If set, a password is stored in the ADCM vault and in ClickHouse

For external ClickHouse, you can change a password via ADCM anytime. For containerized ClickHouse, you can set a password only during the primary ADB Control installation

ADB Control UI users

The following users are created during ADB Control installation.

Account Description Default password How to change a password

admin

The ADB Control owner, which is used to work with ADB Control UI

The default value is 1234.

When you first log in to ADB Control, you should change a password. For more information, see Connect to ADB Control.

A password is stored in the adcc.user table of the PostgreSQL database (containerized or external):

$ psql -d adcc
SELECT * FROM adcc.user;

You can change a password on the Users → Management tab in the ADB Control UI. For more information, see Edit a user

adcm

The service API user (hidden administrator of the ADB Control UI)

Can be set on the ADB Control configuration page during ADB Control installation. For more information, see Configuration parameters (ADB Control → UI component parameters → Service password).

If not set, a secret password is generated. For backward compatibility, it is the same across all clusters.

A password is stored in encrypted form in the adcc_database_1 container:

SELECT password FROM adcc.system_user;

Password can be reset on the ADB Control configuration page (ADB Control → UI component parameters → Service password)

ADBM API user

The following user is created during ADBM installation.

Account Description Default password How to change a password

adcc

The user that is used for authentication in the ADBM CLI API

Stored as plaintext in the /opt/adbm/auth.properties file. The default value is 1234:

user.adcc = 1234

File permissions:

-rw-r--r-- 1 root root

Update the /opt/adbm/auth.properties file. The ADBM restart is required

Monitoring user

The following user is created in Grafana during monitoring installation.

Account Description Default password How to change a password

admin

Grafana administrator, which is used for cluster monitoring

No default. You should set a password on the Grafana configuration page during monitoring installation (Primary configuration → Configuration → Security → Password)

Currently, you should change a password for Grafana both in ADCM and in Grafana Admin:

  1. Change a password on the Grafana configuration page (Primary configuration → Configuration → Security → Password).

  2. Apply the Reconfigure action to Grafana.

  3. Change a password in Grafana Admin via the following link: <grafana_host>:<grafana_port>/profile.

ADCM user

The following user is created during ADCM installation.

Account Description Default password How to change a password

admin

ADCM admin

admin

After ADCM installation is complete, you can change a user password in the ADCM web UI. For more information, see Check the ADCM web-interface

LDAP accounts

When configuring LDAP authentication, you need to enter and store LDAP admin accounts. Passwords are stored as plaintext in specific files that should be secured with OS file permissions.

ADB

LDAP authentication in ADB is configured according to the LDAP authentication in ADB article. To specify the LDAP admin account and its password, fill in the SA Login and Password fields on the ADB configuration page.

LDAP credentials are stored in the following file on the ADB master host: $MASTER_DATA_DIRECTORY/pg_hba.conf.

File permissions:

-rw-r----- 1 gpadmin gpadmin

Synchronization of ADB users and groups with LDAP is performed automatically via the pg-ldap-sync utility. For more information, see Synchronize ADB and LDAP.

IMPORTANT

After syncing with the LDAP server, two ADB local roles are still required since they cannot be replaced with LDAP users (see Arenadata DB roles):

  • gpadmin

  • gpmon

All other users (including superusers) can be controlled via the LDAP server.

ADB Control

LDAP authentication in ADB Control is configured according to the LDAP authentication article. To specify the LDAP admin account and its password, fill in the Login and Password fields on the ADB Control configuration page.

LDAP credentials are stored in the following files on the ADB Control host:

  • /opt/adcc/docker-compose.yaml

  • /opt/adcc/adcc-ui-server-application.yml

File permissions for both files:

-rw-r--r--  1 root root

If LDAP authentication is configured, you need to map user groups of the selected LDAP server to roles in ADB Control. You can manage such mappings on the Users → LDAP group mapping tab in the ADB Control web interface. For more information, see Configure role mappings with LDAP groups.

IMPORTANT

After you assign the Administrator or Owner role to specific LDAP users and delete or block the default local user admin (see ADB Control UI users) in ADB Control, all authentication can be controlled via the LDAP server.

Found a mistake? Seleсt text and press Ctrl+Enter to report it