雪花 PrivateLink 设置

时间:2021-06-07 20:33:30

标签: snowflake-cloud-data-platform

我正在为 Snowflake PrivateLink 设置 VPC 端点。我正在关注https://docs.snowflake.com/en/user-guide/admin-security-privatelink.htmlhttps://community.snowflake.com/s/article/Invalid-certificate-error-reported-for-PrivateLink-hosts

在我配置 VPC 终端节点和 Route 53 私有托管区域之后。我通过提供一个 ec2 实例来测试连接,进入该实例并运行以下命令

  1. nslookup {my-account}.{region}.privatelink.snowflakecomputing.com,我得到了
Server:         10.0.0.2
Address:        10.0.0.2#53

Non-authoritative answer:
<my-account>.<region>.privatelink.snowflakecomputing.com   canonical name = prod2-wildcard-1407098313.<region>.elb.amazonaws.com.
Name:   prod2-wildcard-1407098313.<region>.elb.amazonaws.com
Address: ...
Name:   prod2-wildcard-1407098313.<region>.elb.amazonaws.com
Address: ...
Name:   prod2-wildcard-1407098313.<region>.elb.amazonaws.com
Address: ...
  1. 运行SELECT SYSTEM$WHITELIST_PRIVATELINK();并将结果存储到whitelist.json,然后运行snowcd whitelist.json,我得到
Error: x509: certificate is valid for *.<region>.snowflakecomputing.com, *.snowflakecomputing.com, *.global.snowflakecomputing.com, *.prod1.<region>.aws.snowflakecomputing.com, *.prod2.<region>.aws.snowflakecomputing.com, *.<region>.aws.snowflakecomputing.com, not <my-account>.<region>.privatelink.snowflakecomputing.com
  1. 然后我运行 curl -v ..privatelink.snowflakecomputing.com,我得到了
* Server certificate:
*  subject: CN=*.<region>.snowflakecomputing.com
*  start date: Jul 21 00:00:00 2020 GMT
*  expire date: Aug 21 12:00:00 2021 GMT
*  subjectAltName does not match <my-account>.<region>.privatelink.snowflakecomputing.com
* SSL: no alternative certificate subject name matches target host name '<my-account>.<region>.privatelink.snowflakecomputing.com'
  1. 然后我运行 sudo openssl s_client -connect <my-account>.<region>.privatelink.snowflakecomputing.com:443 -showcerts,我得到了
depth=4 ...
verify return:1
depth=3 ...
verify return:1
depth=2 ...
verify return:1
depth=1 ...
verify return:1
depth=0 CN = *.<region>.snowflakecomputing.com
verify return:1

有谁知道我在这里错过了什么?谢谢

1 个答案:

答案 0 :(得分:0)

对于私有链接设置,Snowflake 支持团队需要完成一些步骤,详情如下:https://docs.snowflake.com/en/sql-reference/sql/copy-into-location.html

Non-authoritative answer:
<my-account>.<region>.privatelink.snowflakecomputing.com   canonical name = prod2-wildcard-1407098313.<region>.elb.amazonaws.com.
Name:   prod2-wildcard-1407098313.<region>.elb.amazonaws.com

此错误表示配置不完整,否则通配符不会在结果中列出。

相关问题
最新问题