Complete the PrivateLink endpoint creation on VantageCloud Lake and external Vantage system.
- Enable PrivateLink Endpoint on VantageCloud Lake
- Set Up PrivateLink Endpoint on an External Vantage System
Download the agent bundle from the Connect Environment form.
For VantageCloud Enterprise
- Sign into Teradata support (https://support.teradata.com).
- Select Request a Change.
- Provide the following information:
- Purpose: Request for installing Data Copy Agent on VantageCloud Enterprise
- The downloaded Agent Bundle tarball
- DNS name of the site on which the agent must be installed
For VantageCore
- Download the latest version of the dbinterceptor-agent RPM from the Teradata Software Server (TSS).
- Copy the package to the primary external DB Node..
- Login to the primary node of the external DB system where you downloaded the dbinterceptor-agent package.
- Unzip the downloaded package and extract the RPM tarball.
- Install the RPM:
rpm -Uvh dbinterceptor-agent-<version>.x86_64.rpm
- Create a CSR to Request an Entrust SSL Certificate.
- To request the certificate, first generate a CSR (Certificate Signing Request) using the following script /opt/teradata/dbinterceptor-agent/scripts/create_agent_csr.sh.
- For more information, see the usage statement and example from the script:
./create_agent_csr.sh Used to generate an SSL CSR to request an Entrust SSL certificate for the Data Copy Agent Service (dbinterceptor-agent) running on an external database system Usage: create_agent_csr.sh -d <certs dir> - Directory where the certs files are written to - **REQUIRED** -c <company name> - Company name for the external system - Used to construct the Common Name if the CN is not explicitly set - Ignored if '-n <common name>' used - Alphanumeric only, will be downcased - Defaults to 'teradata' -s <system name> - Database system name - Used to construct the Common Name if the CN is not explicitly set - Best if it is based on the external system name configured by the Data Copy Service (but not necessary) - Ignored if '-n <common name>' used - Alphanumeric only, will be downcased - Defaults to current hostname, 'sdt49786' -n <common name> - Common Name (CN) for the CSR - Must be a Fully Qualified Domain Name (FQDN) - Good if the system name component is based on the external system name configured by the Data Copy Service (but not necessary) - Use if the default CN is not appropriate - Defaults to <system name>.<company name>.copyagent.vcl.teradata.com sdt49786.teradata.copyagent.vcl.teradata.com -D <distinguished name> - Distinguished Name (DN) for the CSR - Defaults to /C=US/ST=California/L=San Diego/O=Teradata Corporation/CN=sdt49786.teradata.copyagent.vcl.teradata.com -f (force) - Force overwrite certs directory if it already exists -h (help) - Displays this usage statement Note: The Common Name FQDN used for the CSR does not need to be resolvable (via DNS or /etc/hosts), but it is best if it clearly identifies that it is tied to the given database system name Example: Create a CSR in /root/SSL using a custom Common Name and Distinguished Name for company XYZ that wishes to obtain its own Entrust certificate using its own domain name: create_agent_csr.sh -d /root/SSL -n teradatadb1.internal.xyz.com -D '/C=US/ST=Georgia/L=Atlanta/O=XYX Corporation' Results in a CSR with the following Distinguished Name: /C=US/ST=Georgia/L=Atlanta/O=XYX Corporation/CN=teradatadb1.internal.xyz.com - Request your certificate via Entrust’s website using the generated server.csr file.
- After receiving the certificate from Entrust, copy the entrust.zip file to the primary node of the external DB system into the /root/SSL directory where you generated the CSR.
- Install the Entrust SSL Certificate.
cd /root/SSL # Extract zip unzip entrust.zip # Verify it contains the expected 4 files: ls *.crt Intermediate1.crt Intermediate2.crt Root.crt ServerCertificate.crt # Install Entrust certs /opt/teradata/dbinterceptor-agent/scripts/configure_agent.sh -c ca -d /root/SSL -f
- Configure /etc/hosts with the configure_agent.sh script.
/opt/teradata/dbinterceptor-agent/scripts/configure_agent.sh -b <PrivateLink Endpoint Service FQDN or IP>
- Install the Agent Bundle that was downloaded from the VantageCloud Lake UI.
tar xvfz <bundle>.tgz cd <bundle directory> ./install_agent_bundle.sh
The output of the script should state that the installation was successful. Here is an example of the expected output:
./install_agent_bundle.sh [Installing dbinterceptor-agent bundle] Updating BROKER_PASSWORD in /etc/opt/teradata/dbinterceptor-agent/dbinterceptor-agent.yml... Copying kafka.key to /etc/opt/teradata/dbinterceptor-agent... Copying cachain.pem to /etc/opt/teradata/dbinterceptor-agent/certs/cacert.pem... Restarting dbinterceptor-agent... Stopping Database Interceptor Agent (dbinterceptor-agent) dbinterceptor-agent) stopped successfully Verifying the dbinterceptor Kafka broker connection on port 19092: The /etc/hosts entry for dbinterceptor-broker is: 10.90.12.204 dbinterceptor-broker dbinterceptor-broker host is accessible on port 19092 Starting Database Interceptor Agent (dbinterceptor-agent) dbinterceptor-agent started successfully with pid 17048 Bundle installation complete!