on 07-18-2017 1:13 PM
I have my python program which will connect using python dbapi and fetch the results :
import dbapi conn = dbapi.connect('linux',31515,'SYSTEM','*****')
cur=conn.cursor()
query="select GRANTEE,GRANTEE_TYPE,PRIVILEGE from GRANTED_PRIVILEGES "
ret = cur.execute(query)
ret = cur.fetchall()
I am validating the possibility of running it from non sidadm user.
Is it valid to run it from non sidadm user. Should that user have HANA env set up ?
What is the general process that should be followed ?
I have faced troubles in connecting with ssl enabled.
conn = dbapi.connect('linux.site',30015,'SYSTEM','*****',encrypt='True')
It works if I load the environment variables using -
". /usr/sap/<SID>/home/.sapenv.sh".
Is this the norm ?
These are the steps that I followed.
I have put the steps in a script which is run from sidadm -
#/bin/bash
# Do all activities in a client directory, so that we donot accidently delete any certificate - Run this from sidadm.
set -x
rm -rf ./client
mkdir client
cd client
#copy server certificate and extract public/private keys
cp $SECUDIR/sapsrv.pse ./
sapgenpse export_own_cert -p sapsrv.pse > serv.cer
sapgenpse export_p12 -p sapsrv.pse SID_priv.p12 <<EOF
EOF
openssl pkcs12 -nodes -nocerts -in SID_priv.p12 -out serv.key
# create a client certificate and certificate request
mv $SECUDIR/sapcli.pse ./sapcli.pse_bkp
sapgenpse gen_pse -p sapcli.pse -r sapcli.req <<EOF
cn=client
EOF
cp $SECUDIR/sapcli.pse ./
# now sign the client certificate
openssl x509 -req -days 365 -in sapcli.req -sha1 -extensions usr_cert -CA serv.cer -CAkey serv.key -CAcreateserial -out sapcli.crt
cat serv.cer>>sapcli.crt
# import this certificate to SAP HANA
sapgenpse import_own_cert -p sapcli.pse -c sapcli.crt
Different scenario's :
1. While using sidadm to connect post this :
Works perfectly fine.
2. Using root to connect :
Followed below steps post above script.
a. Copied the file sapcli.pse to /root/pse/
b. Set $SECUDIR to point to /root/pse/
c. Added /usr/sap/SID/HDB00/exe: to LD_LIBRARY_PATH.
It works fine after the steps b and c are added.
3. While using a normal user - mashood :
a. Copied the file sapcli.pse to /home/mashood/pse/
b. Set $SECUDIR to point to /home/mashood/pse/
c. Added /usr/sap/SID/HDB00/exe: to LD_LIBRARY_PATH.
When running the program i get the error :
python dbapi_test.py
Traceback (most recent call last):
File "dbapi_test.py", line 9, in <module>
conn = dbapi.connect('linux.site',30015,'SYSTEM','*******',encrypt='True') #,encrypt='True')
File "/usr/sap/hdbclient/hdbcli/dbapi.py", line 82, in __init__
self.__connection = pyhdbcli.connect("%s:%d" % (address, port), 'HDB', user, password, self.__properties)
dbapi.Error: (-10709, 'Connection failed (RTE:[300010] Cannot create SSL context: SSL key store cannot be found: /home/mashood/.ssl/key.pem (linux.site:30015))')
I thought it is directory permission stuff and added the user to "sapsys" group - It works fine after this.
1. Are the steps correct ?
2. What is the recommended way to get dbapi connect through ssl from user mashood.
Regards,
Mashood
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
87 | |
10 | |
10 | |
10 | |
7 | |
6 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.