From b437bdadda2c26019adf51d5b780c9c5f7f5bc99 Mon Sep 17 00:00:00 2001 From: Marbin Tan Date: Wed, 17 May 2017 17:56:39 -0700 Subject: [PATCH] gpperfmon: update gpperfmon install user doc IPv6 (#2468) * gpperfmon: update gpperfmon install user docs IPv6 Follow up for commit c52c768edf022217947ed3439a927d8fa971ee23 [ci-skip] --- .../admin_utilities/gpperfmon_install.xml | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/gpdb-doc/dita/utility_guide/admin_utilities/gpperfmon_install.xml b/gpdb-doc/dita/utility_guide/admin_utilities/gpperfmon_install.xml index cfeddd02f3..7b88fef026 100644 --- a/gpdb-doc/dita/utility_guide/admin_utilities/gpperfmon_install.xml +++ b/gpdb-doc/dita/utility_guide/admin_utilities/gpperfmon_install.xml @@ -35,8 +35,9 @@ Greenplum Database master instance.
  • Updates the $MASTER_DATA_DIRECTORY/pg_hba.conf file. The utility adds the following lines to the host-based authentication file - (pg_hba.conf):local gpperfmon gpmon md5 -host all gpmon 127.0.0.1/28 md5 + (pg_hba.conf):local gpperfmon gpmon md5 +host all gpmon 127.0.0.1/28 md5 +host all gpmon ::1/128 md5

    It may be necessary to edit the pg_hba.conf file after running the gpperfmon_install utility to limit the gpmon role's access to databases or to change the authentication method. After you edit the @@ -45,10 +46,11 @@ host all gpmon 127.0.0.1/28 md5

  • To limit access to just the gpperfmon database edit the pg_hba.conf file and in the host entry for the gpmon user change the second field from all to - gpperfmon:host gpperfmon gpmon 127.0.0.1/28 md5
    • + gpperfmon:host gpperfmon gpmon 127.0.0.1/28 md5 +host gpperfmon gpmon ::1/128 md5

  • The gpperfmon_install utility assumes the default MD5 - authentication method. Greenplum Database may optionally be configured to use the + authentication method. Greenplum Database can optionally be configured to use the SHA-256 or SHA-256-FIPS hash algorithm to compute the password hashes saved in the system catalog. This is incompatible with the MD5 authentication method, which expects an MD5 hash or clear text password in the system catalog. Because of this, @@ -56,16 +58,16 @@ host all gpmon 127.0.0.1/28 md5 you must edit the pg_hba.conf file after running the gpperfmon_install utility to change the authentication method for the gpmon role from md5 to - password:local gpperfmon gpmon md5 -host all gpmon 127.0.0.1/28 password

    + password:local gpperfmon gpmon md5 +host all gpmon 127.0.0.1/28 password +host all gpmon ::1/128 password

    The password authentication method submits the user's clear text password for authentication and should not be used on an untrusted network. See "Protecting Passwords in Greenplum Database" in the Greenplum Database Administrator Guide for more information about configuring password hashing.

    • - - +
  • Updates the password file (.pgpass). In order to allow the data collection agents to connect as the gpmon role without a password prompt, you must have a password file that has an entry for the -- GitLab