Forum: Managing VoltDB

Post: Enterprise Manager and Security Enabled

Enterprise Manager and Security Enabled
Feb 11, 2014
I'm testing out various deployment management options for an eventual live deployment of voltdb. I'd obviously like to use the enterprise manager product to do so due to the ease of multi node management.

However, it's behaviour in handling security enabled and the user lists seems to be unreliable so is making EM a non starter option here, is this a known bug?

What I'm seeing is if I deploy from scratch to fresh nodes, with security enabled and an uploaded user xml, it will always correctly set the security enabled flag but not always reliably deploy the users (seems to be roughly 50% sucessfull). This affects both inital deployments and subsequent catalog updates.

With security enabled and when it successfully deploys the users, the logs themselves show the enterprise manager trying to log in to the deployed database without a username and password and obviously failing (although it is reporting data sizes/invocations correctly). I cant see any settings to allow me to control who EM tries to talk to the databases as.

if I turn the security enabled option off, but still use a user list, it always correctly deploys the users and there are no errors in the logs from enterprise managers interactions. Although obviously, this leaves me with a database that is accessable with an empty user/password combo which we do not want to deploy.

db and EM are ee trial.
Feb 11, 2014

There is no configuration to indicate to VEM which user account to use, but it should choose one of the users in the file that has sufficient privileges. I'd like to try to reproduce the issue with the same configuration of roles and users that you are using. Please send the DDL, users file (feel free to rename users and remove passwords, just want to see the role assignments and check syntax), and the log files to bballard (at) voltdb (dot) com.

Feb 11, 2014
Thanks for the files. For the benefit of forum readers, here is a summary of the issue.

When security is enabled, VEM should automatically choose a user from the xml file that it will use itself to authenticate when opening a database connection to the cluster as it starts. It needs a user with the sysproc privilege. There is currently a limitation that VEM will not select a user for this purpose if the user is assigned to more than one role. This can be resolved with a configuration that meets these guidelines:
- in DDL, create a role that has the sysproc privilege. It may optionally have other additional privileges.
- in the users.xml file, configure a user that is assigned to the role that provides the sysproc privilege. The user must only be assigned to this one role, otherwise VEM will not use the account.

If there is no user that meets these requirements, then VEM will revert to trying to authenticate with empty username and password, which is what it does when security is disabled. This will result in some warnings that VEM failed to authenticate, but the cluster will still complete initialization. However, this is a state in which VEM is not authenticated and has no database connection, and is only able to do things that it controls using SSH, so administrative operations like updating the catalog will fail. To correct this, the cluster can be stopped using VEM, the configuration can be corrected by updating the users file and/or catalog file, and then the cluster can be restarted and VEM should authenticate successfully.