Configuring a Data Source in the Linux OS
The ODBC DRIVER (psqlodbcw.so) provided by openGauss can be used after it has been configured in a data source. To configure a data source, you must configure the odbc.ini and odbcinst.ini files on the server. The two files are generated during the unixODBC compilation and installation, and are saved in the /usr/local/etc directory by default.
Procedure
Obtain the source code package of unixODBC by following link:
https://sourceforge.net/projects/unixodbc/files/unixODBC/2.3.9/unixODBC-2.3.9pre.tar.gz/download
After the download, validate the integrity based on the integrity validation algorithm provided by the community.
Install unixODBC. It does not matter if unixODBC of another version has been installed.
Currently, unixODBC-2.2.1 is not supported. For example, to install unixODBC-2.3.0, run the commands below. unixODBC is installed in the /usr/local directory by default. The data source file is generated in the /usr/local/etc directory, and the library file is generated in the /usr/local/lib directory.
tar zxvf unixODBC-2.3.0.tar.gz cd unixODBC-2.3.0 # Modify the configure file. (If it does not exist, modify the configure.ac file.) Find LIB_VERSION. # Change the value of LIB_VERSION to 1:0:0 to compile a *.so.1 dynamic library with the same dependency on psqlodbcw.so. vim configure ./configure --enable-gui=no #To perform compilation on an ARM server, add the configure parameter --build=aarch64-unknown-linux-gnu. make # The installation may require root permissions. make installReplace the openGauss client driver.
- Decompress the openGauss-x.x.x-ODBC.tar.gz package. After the decompression, the lib and odbc folders are generated. The odbc folder contains another lib folder. Copy the psqlodbca.la, psqlodbca.so, psqlodbcw.la, and psqlodbcw.so files from /odbc/lib to /usr/local/lib.
- Copy the library in the lib directory obtained after decompressing openGauss-x.x.x-ODBC.tar.gz to the /usr/local/lib directory.
Configure a data source.
Configure the ODBC driver file.
Add the following content to the /usr/local/etc/odbcinst.ini file:
[GaussMPP] Driver64=/usr/local/lib/psqlodbcw.so setup=/usr/local/lib/psqlodbcw.soFor descriptions of the parameters in the odbcinst.ini file, see Table 1.
Table 1 odbcinst.ini configuration parameters
Driver installation path, which is the same as the dynamic library path in Driver64.
Configure the data source file.
Add the following content to the /usr/local/etc/odbc.ini file:
[MPPODBC] Driver=GaussMPP Servername=10.145.130.26 (IP address of the server where the database resides) Database=postgres (database name) Username=omm (database username) Password= (user password of the database) Port=8000 (listening port of the database) Sslmode = allowFor descriptions of the parameters in the odbc.ini file, see Table 2.
Table 2 odbc.ini configuration parameters
NOTE:After a user established a connection, the ODBC driver automatically clears their password stored in memory.
However, if this parameter is configured, UnixODBC will cache data source files, which may cause the password to be stored in the memory for a long time.
When you connect to an application, you are advised to send your password through an API instead of writing it in a data source configuration file. After the connection has been established, immediately clear the memory segment where your password is stored.
If this parameter is set to 1, the mylog file of the PostgreSQL ODBC driver will be printed. The directory generated for storing logs is /tmp/. If this parameter is set to 0, no directory is generated.
Whether to enable the extended query protocol for the database.
The value can be 0 or 1. The default value is 1, indicating that the extended query protocol is enabled.
Whether to enable the batch query protocol. If it is enabled, DML performance can be improved. The value can be 0 or 1. The default value is 1.
If this parameter is set to 0, the batch query protocol is disabled (mainly for communication with earlier database versions).
If this parameter is set to 1 and support_batch_bind is set to on, the batch query protocol is enabled.
Each time SQLFreeHandle is invoked to release statements, ODBC sends a Deallocate plan_name statement to the server. A large number of such statements exist in the service. To reduce the number of the statements to be sent, stmt->plan_name is left empty so that the database can identify them as unnamed statements. This parameter is added to control the threshold for unnamed statements.
Whether to display the driver deployment path and process owner in the connection_info parameter mentioned in connection_info.
NOTE:The default value is 0. If this parameter is set to 1, the ODBC driver reports the driver deployment path and process owner to the database and displays the information in the connection_info parameter (see connection_info). In this case, you can query the information from PG_STAT_ACTIVITY.
If this parameter is set to Yes, the Boolean value is mapped to the SQL_CHAR type. If this parameter is not set, the value is mapped to the SQL_BIT type.
When an attempt is made to update a row of data, setting this parameter to Yes allows the application to detect whether the data has been modified by other users.
By default, the driver regards the system table as a common SQL table.
The valid values of Sslmode are as follows:
Table 3 Sslmode options
(Optional) Generate an SSL certificate. For details, see Generating Certificates. This step and step 6 are required only when the server and client are connected in SSL mode. Skip the two steps if the non-SSL connection mode is used.
(Optional) Replace an SSL certificate. For details, see Replacing Certificates.
Enable SSL mode.
Declare the following environment variables and ensure that the permission for the client.key* series files is set to 600.
Go back to the root directory, create the .postgresql directory, and save root.crt, client.crt, client.key, client.key.cipher, client.key.rand, client.req, server.crt, server.key, server.key.cipher, server.key.rand, and server.req to the .postgresql directory. In the Unix OS, server.crt and server.key must deny the access from the external or any group. Run the following command to set this permission: chmod 0600 server.key Copy the certificate files whose names start with root.crt and server to the install/data directory of the database (the directory is the same as that of the postgresql.conf file). Modify the postgresql.conf file. ssl = on ssl_cert_file = 'server.crt' ssl_key_file = 'server.key' ssl_ca_file = 'root.crt' After modifying the parameters, restart the database. Set the sslmode parameter to require or verify-ca in the odbc.ini file.Configure the database server.
Log in as the OS user omm to the primary node of the database.
Run the following command to add NIC IP addresses or host names, with values separated by commas (,). The NICs and hosts are used to provide external services. In the following command, NodeName specifies the name of the current node.
gs_guc reload -N NodeName -I all -c "listen_addresses='localhost,192.168.0.100,10.11.12.13'"If direct routing of LVS is used, add the virtual IP address (10.11.12.13) of LVS to the server listening list.
You can also set listen_addresses to * or 0.0.0.0 to listen to all NICs, but this incurs security risks and is not recommended.
Run the following command to add an authentication rule to the configuration file of the primary database node. In this example, the IP address (10.11.12.13) of the client is the remote host IP address.
gs_guc reload -N all -I all -h "host all jack 10.11.12.13/32 sha256"
NOTE:- -N all indicates all hosts in openGauss.
- -I all indicates all instances of the host.
- -h specifies statements that need to be added in the pg_hba.conf file.
- all indicates that a client can connect to any database.
- jack indicates the user that accesses the database.
- _10.11.12.13/_32 indicates hosts whose IP address is 10.11.12.13 can be connected. Configure the parameter based on your network conditions. 32 indicates that there are 32 bits whose value is 1 in the subnet mask. That is, the subnet mask is 255.255.255.255.
- sha256 indicates that the password of user jack is encrypted using the SHA-256 algorithm.
If the ODBC client and the primary database node to connect are deployed on the same machine, you can use the local trust authentication mode. Run the following command:
local all all trustIf the ODBC client and the primary database node to connect are deployed on different machines, use the SHA-256 authentication mode. Run the following command:
host all all xxx.xxx.xxx.xxx/32 sha256Restart openGauss.
gs_om -t stop gs_om -t start
Configure the environment variables on the client.
vim ~/.bashrcAdd the following information to the configuration file:
export LD_LIBRARY_PATH=/usr/local/lib/:$LD_LIBRARY_PATH export ODBCSYSINI=/usr/local/etc export ODBCINI=/usr/local/etc/odbc.iniRun the following command to validate the addition:
source ~/.bashrc
Verifying the Data Source Configuration
Run the ./isql -v MPPODBC command (MPPODBC is the data source name).
If the following information is displayed, the configuration is correct and the connection succeeds.
+---------------------------------------+ | Connected! | | | | sql-statement | | help [tablename] | | quit | | | +---------------------------------------+ SQL>If error information is displayed, the configuration is incorrect. Check the configuration.
FAQs
[UnixODBC][Driver Manager]Can't open lib 'xxx/xxx/psqlodbcw.so' : file not found.
Possible causes:
The path configured in the odbcinst.ini file is incorrect.
Run ls to check the path in the error information, and ensure that the psqlodbcw.so file exists and you have execute permissions on it.
The dependent library of psqlodbcw.so does not exist or is not in system environment variables.
Run ldd to check the path in the error information. If libodbc.so.1 or other UnixODBC libraries do not exist, configure UnixODBC again following the procedure provided in this section, and add the lib directory under its installation directory to LD_LIBRARY_PATH. If other libraries do not exist, add the lib directory under the ODBC driver package to LD_LIBRARY_PATH.
[UnixODBC]connect to server failed: no such file or directory
Possible causes:
An incorrect or unreachable database IP address or port was configured.
Check the Servername and Port configuration items in data sources.
Server monitoring is improper.
If Servername and Port are correctly configured, ensure the proper network adapter and port are monitored by following the database server configurations in the procedure in this section.
Firewall and network gatekeeper settings are improper.
Check firewall settings, and ensure that the database communication port is trusted.
Check to ensure network gatekeeper settings are proper (if any).
[unixODBC]The password-stored method is not supported.
Possible causes:
The sslmode configuration item is not configured in the data sources.
Solution:
Set the configuration item to allow or a higher level. For details, see Table 3.
Server common name “xxxx” does not match host name “xxxxx”
Possible causes:
When verify-full is used for SSL encryption, the driver checks whether the host name in certificates is the same as the actual one.
Solution:
To solve this problem, use verify-ca to stop checking host names, or generate a set of CA certificates containing the actual host names.
Driver's SQLAllocHandle on SQL_HANDLE_DBC failed
Possible causes:
The executable file (such as the isql tool of unixODBC) and the database driver (psqlodbcw.so) depend on different library versions of ODBC, such as libodbc.so.1 and libodbc.so.2. You can verify this problem by using the following method:
ldd `which isql` | grep odbc ldd psqlodbcw.so | grep odbcIf the suffix digits of the outputs libodbc.so are different or indicate different physical disk files, this problem exists. Both isql and psqlodbcw.so load libodbc.so. If different physical files are loaded, different ODBC libraries with the same function list conflict with each other in a visible domain. As a result, the database driver cannot be loaded.
Solution:
Uninstall the unnecessary unixODBC, such as libodbc.so.2, and create a soft link with the same name and the .so.2 suffix for the remaining libodbc.so.1 library.
FATAL: Forbid remote connection with trust method!
For security purposes, the primary database node forbids access from other nodes in openGauss without authentication.
To access the primary database node from inside openGauss, deploy the ODBC program on the host where the primary database node is located and set the server address to 127.0.0.1. It is recommended that the service system be deployed outside openGauss. If it is deployed inside, database performance may be affected.
[unixODBC][Driver Manager]Invalid attribute value
The unixODBC version may not be the recommended one. You are advised to run the odbcinst --version command to check the unixODBC version in the environment.
authentication method 10 not supported.
If this error occurs on an open-source client, the cause may be:
The database stores only the SHA-256 hash of the password, but the open-source client supports only MD5 hashes.
NOTE:- The database stores the hashes of user passwords instead of actual passwords.
- If a password is updated or a user is created, both types of hashes will be stored, compatible with open-source authentication protocols.
- An MD5 hash can only be generated using the original password, but the password cannot be obtained by reversing its SHA-256 hash. Passwords in the old version will only have SHA-256 hashes and not support MD5 authentication.
- The MD5 encryption algorithm has lower security and poses security risks. Therefore, you are advised to use a more secure encryption algorithm.
To solve this problem, you can update the user password (see ALTER USER) or create a user (see CREATE USER) having the same permissions as the faulty user.
unsupported frontend protocol 3.51: server supports 1.0 to 3.0
The database version is too early or the database is an open-source database. Use the driver of the required version to connect to the database.
FATAL: GSS authentication method is not allowed because XXXX user password is not disabled.
In pg_hba.conf of the target primary database node, the authentication mode is set to gss for authenticating the IP address of the current client. However, this authentication algorithm cannot authenticate clients. Change the authentication algorithm to sha256 and try again. For details, see 8.