【问题标题】:Snowflake PrivateLink Setup雪花 PrivateLink 设置
【发布时间】:2021-06-07 20:33:30
【问题描述】:

我正在为 Snowflake PrivateLink 设置 VPC 端点。我正在关注https://docs.snowflake.com/en/user-guide/admin-security-privatelink.htmlhttps://community.snowflake.com/s/article/Invalid-certificate-error-reported-for-PrivateLink-hosts

在我配置了 VPC 终端节点和 Route 53 私有托管区域之后。我通过提供一个 ec2 实例来测试连接,将其 sshed 到该实例并运行以下命令

  1. nslookup {my-account}.{region}.privatelink.snowflakecomputing.com,我得到了
Server:         10.0.0.2
Address:        10.0.0.2#53

Non-authoritative answer:
<my-account>.<region>.privatelink.snowflakecomputing.com   canonical name = prod2-wildcard-1407098313.<region>.elb.amazonaws.com.
Name:   prod2-wildcard-1407098313.<region>.elb.amazonaws.com
Address: ...
Name:   prod2-wildcard-1407098313.<region>.elb.amazonaws.com
Address: ...
Name:   prod2-wildcard-1407098313.<region>.elb.amazonaws.com
Address: ...
  1. 运行SELECT SYSTEM$WHITELIST_PRIVATELINK();并将结果存储到whitelist.json,然后运行snowcd whitelist.json,我得到了
Error: x509: certificate is valid for *.<region>.snowflakecomputing.com, *.snowflakecomputing.com, *.global.snowflakecomputing.com, *.prod1.<region>.aws.snowflakecomputing.com, *.prod2.<region>.aws.snowflakecomputing.com, *.<region>.aws.snowflakecomputing.com, not <my-account>.<region>.privatelink.snowflakecomputing.com
  1. 然后我运行 curl -v ..privatelink.snowflakecomputing.com,我得到了
* Server certificate:
*  subject: CN=*.<region>.snowflakecomputing.com
*  start date: Jul 21 00:00:00 2020 GMT
*  expire date: Aug 21 12:00:00 2021 GMT
*  subjectAltName does not match <my-account>.<region>.privatelink.snowflakecomputing.com
* SSL: no alternative certificate subject name matches target host name '<my-account>.<region>.privatelink.snowflakecomputing.com'
  1. 然后我运行sudo openssl s_client -connect &lt;my-account&gt;.&lt;region&gt;.privatelink.snowflakecomputing.com:443 -showcerts,我得到了
depth=4 ...
verify return:1
depth=3 ...
verify return:1
depth=2 ...
verify return:1
depth=1 ...
verify return:1
depth=0 CN = *.<region>.snowflakecomputing.com
verify return:1

有谁知道我在这里错过了什么?谢谢

【问题讨论】:

  • 这可能是一个愚蠢的问题,但您是否与 Snowflake 支持部门合作在 Snowflake 端设置 PrivateLink?

标签: snowflake-cloud-data-platform


【解决方案1】:

对于私人链接设置,需要由 Snowflake 支持团队完成一些步骤,详见此处:https://docs.snowflake.com/en/sql-reference/sql/copy-into-location.html

Non-authoritative answer:
<my-account>.<region>.privatelink.snowflakecomputing.com   canonical name = prod2-wildcard-1407098313.<region>.elb.amazonaws.com.
Name:   prod2-wildcard-1407098313.<region>.elb.amazonaws.com

此错误表示配置不完整,否则通配符将不会在结果中列出。

【讨论】:

    猜你喜欢
    • 2021-05-19
    • 2023-01-29
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 2022-01-10
    • 2021-07-22
    相关资源
    最近更新 更多