diff --git a/openmetadata-docs/content/v1.4.x/connectors/database/glue/index.md b/openmetadata-docs/content/v1.4.x/connectors/database/glue/index.md index f9b245b00f5..b8ad1f4210f 100644 --- a/openmetadata-docs/content/v1.4.x/connectors/database/glue/index.md +++ b/openmetadata-docs/content/v1.4.x/connectors/database/glue/index.md @@ -20,7 +20,7 @@ Configure and schedule Glue metadata and profiler workflows from the OpenMetadat - [Metadata Ingestion](#metadata-ingestion) - [dbt Integration](/connectors/ingestion/workflows/dbt) -{% partial file="/v1.4/connectors/ingestion-modes-tiles.md" variables={yamlPath: "/connectors/database/athena/yaml"} /%} +{% partial file="/v1.4/connectors/ingestion-modes-tiles.md" variables={yamlPath: "/connectors/database/glue/yaml"} /%} ## Requirements diff --git a/openmetadata-docs/content/v1.4.x/connectors/database/postgres/troubleshooting.md b/openmetadata-docs/content/v1.4.x/connectors/database/postgres/troubleshooting.md index f0e296ddd5a..55031d3c59b 100644 --- a/openmetadata-docs/content/v1.4.x/connectors/database/postgres/troubleshooting.md +++ b/openmetadata-docs/content/v1.4.x/connectors/database/postgres/troubleshooting.md @@ -47,3 +47,32 @@ LINE 2: SELECT relispartition as is_partition Then you might be using an unsupported postgres version. If we double-check the requirements for the postgres connector: Note that we only support officially supported Postgres versions. You can check the version list [here](https://www.postgresql.org/support/versioning/). + +## Error: `no pg_hba.conf entry for host` + +When trying to connect to a PostgreSQL server hosted on Azure/AWS using basic authentication, the connection may fail with the following error message: + +``` +(psycopg2.OperationalError) FATAL: no pg_hba.conf entry for host "x.xx.xxx.x", user "xxxxxx", database "xxxxx", no encryption +``` + + +This error generally indicates that the host trying to access the Postgres server is not permitted according to the server's `pg_hba.conf` configuration, which manages authentication. + +1. **Whitelist the IP address** + Ensure that the IP address provided by the OpenMetadata Service wizard is whitelisted in the Azure network firewall rules. You should also verify that the correct IP is added in the firewall for the database to allow connections from OpenMetadata. + +2. **Check pg_hba.conf File** + While Azure-managed PostgreSQL doesn't allow direct access to modify the `pg_hba.conf` file, you can control access using Azure Firewall rules. Ensure that the IP address attempting to connect is allowed. + +3. **Verify Network Access** + Ensure that the PostgreSQL server is accessible from the internet for the allowed IP addresses. If the server is behind a VPN or private network, adjust the network settings accordingly. + +4. **Adjust SSL Mode** + The error could also be related to SSL settings. Setting the SSL mode to `allow` can help resolve this issue. Modify the connection settings in the OpenMetadata Service configuration to: + +``` +SSL Mode: Allow +``` + +This will allow the connection even if SSL is not enforced by the server. diff --git a/openmetadata-docs/content/v1.4.x/connectors/pipeline/openlineage/index.md b/openmetadata-docs/content/v1.4.x/connectors/pipeline/openlineage/index.md index af9e15824d5..b38bd53622f 100644 --- a/openmetadata-docs/content/v1.4.x/connectors/pipeline/openlineage/index.md +++ b/openmetadata-docs/content/v1.4.x/connectors/pipeline/openlineage/index.md @@ -63,9 +63,9 @@ To Configure your Airflow instance file="/v1.4/connectors/metadata-ingestion-ui.md" variables={ connector: "Openlineage", - selectServicePath: "/images/v1.3/connectors/openlineage/select-service.webp", - addNewServicePath: "/images/v1.3/connectors/openlineage/add-new-service.webp", - serviceConnectionPath: "/images/v1.3/connectors/openlineage/service-connection.webp", + selectServicePath: "/images/v1.4/connectors/openlineage/select-service.png", + addNewServicePath: "/images/v1.4/connectors/openlineage/add-new-service.png", + serviceConnectionPath: "/images/v1.4/connectors/openlineage/service-connection.png", } /%} diff --git a/openmetadata-docs/content/v1.4.x/deployment/kubernetes/values.md b/openmetadata-docs/content/v1.4.x/deployment/kubernetes/values.md index c88735b5f0a..146386f1737 100644 --- a/openmetadata-docs/content/v1.4.x/deployment/kubernetes/values.md +++ b/openmetadata-docs/content/v1.4.x/deployment/kubernetes/values.md @@ -76,7 +76,7 @@ This page list all the supported helm values for OpenMetadata Helm Charts. | openmetadata.config.authentication.saml.idp.idpX509Certificate.secretKey | string | `Empty` | SAML_IDP_CERTIFICATE | | openmetadata.config.authentication.saml.idp.authorityUrl | string | `http://openmetadata:8585/api/v1/saml/login` | SAML_AUTHORITY_URL | | openmetadata.config.authentication.saml.idp.nameId | string | `urn:oasis:names:tc:SAML:2.0:nameid-format:emailAddress` | SAML_IDP_NAME_ID | -| openmetadata.config.authentication.saml.sp.entityId | string | `http://openmetadata:8585/api/v1/saml/metadata` | SAML_SP_ENTITY_ID | +| openmetadata.config.authentication.saml.sp.entityId | string | `http://openmetadata:8585/api/v1/saml/acs` | SAML_SP_ENTITY_ID | | openmetadata.config.authentication.saml.sp.acs | string | `http://openmetadata:8585/api/v1/saml/acs` | SAML_SP_ACS | | openmetadata.config.authentication.saml.sp.spX509Certificate.secretRef | string | `Empty` | SAML_SP_CERTIFICATE | | openmetadata.config.authentication.saml.sp.spX509Certificate.secretKey | string | `Empty` | SAML_SP_CERTIFICATE | diff --git a/openmetadata-docs/content/v1.4.x/deployment/security/saml/aws.md b/openmetadata-docs/content/v1.4.x/deployment/security/saml/aws.md index d4053e09407..da6f259b7a8 100644 --- a/openmetadata-docs/content/v1.4.x/deployment/security/saml/aws.md +++ b/openmetadata-docs/content/v1.4.x/deployment/security/saml/aws.md @@ -63,7 +63,7 @@ Security requirements for your **production** environment: authorityUrl: ${SAML_AUTHORITY_URL:-"http://localhost:8585/api/v1/saml/login"} nameId: ${SAML_IDP_NAME_ID:-"urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"} sp: - entityId: ${SAML_SP_ENTITY_ID:-"http://localhost:8585/api/v1/saml/metadata"} + entityId: ${SAML_SP_ENTITY_ID:-"http://localhost:8585/api/v1/saml/acs"} acs: ${SAML_SP_ACS:-"http://localhost:8585/api/v1/saml/acs"} spX509Certificate: ${SAML_SP_CERTIFICATE:-""} callback: ${SAML_SP_CALLBACK:-"http://localhost:8585/saml/callback"} @@ -94,7 +94,7 @@ Security requirements for your **production** environment: `authorityUrl` -> set as {http}/{https}://{domain}:{port}/api/v1/saml/login - SP Config - `entityId` -> -> set as {http}/{https}://{domain}:{port}/api/v1/saml/metadata + `entityId` -> -> set as {http}/{https}://{domain}:{port}/api/v1/saml/acs `acs` -> Assertion Consumer Url , set as {http}/{https}://{domain}:{port}/api/v1/saml/acs `spX509Certificate` -> set to your X509 Signing Key `callback` -> set as {http}/{https}://{domain}/api/v1/saml/callback diff --git a/openmetadata-docs/content/v1.4.x/deployment/security/saml/bare-metal.md b/openmetadata-docs/content/v1.4.x/deployment/security/saml/bare-metal.md index 3414e434c5c..865ef8d86f7 100644 --- a/openmetadata-docs/content/v1.4.x/deployment/security/saml/bare-metal.md +++ b/openmetadata-docs/content/v1.4.x/deployment/security/saml/bare-metal.md @@ -26,7 +26,7 @@ are divided into the following three sections:- ```yaml sp: - entityId: ${SAML_SP_ENTITY_ID:-"http://localhost:8585/api/v1/saml/metadata"} + entityId: ${SAML_SP_ENTITY_ID:-"http://localhost:8585/api/v1/saml/acs"} acs: ${SAML_SP_ACS:-"http://localhost:8585/api/v1/saml/acs"} spX509Certificate: ${SAML_SP_CERTIFICATE:-""} callback: ${SAML_SP_CALLBACK:-"http://localhost:8585/saml/callback"} diff --git a/openmetadata-docs/content/v1.4.x/deployment/security/saml/docker.md b/openmetadata-docs/content/v1.4.x/deployment/security/saml/docker.md index fdc17b77727..95a9184cd15 100644 --- a/openmetadata-docs/content/v1.4.x/deployment/security/saml/docker.md +++ b/openmetadata-docs/content/v1.4.x/deployment/security/saml/docker.md @@ -29,7 +29,7 @@ SAML_AUTHORITY_URL=http://localhost:8585/api/v1/saml/login SAML_IDP_NAME_ID=urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress # OpenMetadata Server SP Configuration -SAML_SP_ENTITY_ID=http://localhost:8585/api/v1/saml/metadata +SAML_SP_ENTITY_ID=http://localhost:8585/api/v1/saml/acs SAML_SP_ACS=http://localhost:8585/api/v1/saml/acs SAML_SP_CERTIFICATE=/path/to/the/certificate SAML_SP_CALLBACK=http://localhost:8585/saml/callback diff --git a/openmetadata-docs/content/v1.4.x/deployment/security/saml/index.md b/openmetadata-docs/content/v1.4.x/deployment/security/saml/index.md index ac72215e802..b186daa0e68 100644 --- a/openmetadata-docs/content/v1.4.x/deployment/security/saml/index.md +++ b/openmetadata-docs/content/v1.4.x/deployment/security/saml/index.md @@ -49,7 +49,7 @@ To add a private key, you need to include it in the keystore and update the conf {% /note %} -SP Metadata XML is available at "http://localhost:8585/api/v1/saml/metadata", `localhost` needs to be updated with the correct URI. +SP Metadata XML is available at "http://localhost:8585/api/v1/saml/acs", `localhost` needs to be updated with the correct URI. ### Security Configuration diff --git a/openmetadata-docs/content/v1.4.x/deployment/security/saml/kubernetes.md b/openmetadata-docs/content/v1.4.x/deployment/security/saml/kubernetes.md index 7af26f49187..9af9ac2d498 100644 --- a/openmetadata-docs/content/v1.4.x/deployment/security/saml/kubernetes.md +++ b/openmetadata-docs/content/v1.4.x/deployment/security/saml/kubernetes.md @@ -20,7 +20,7 @@ openmetadata: nameId: ${SAML_IDP_NAME_ID:-"urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"} sp: - entityId: ${SAML_SP_ENTITY_ID:-"http://localhost:8585/api/v1/saml/metadata"} + entityId: ${SAML_SP_ENTITY_ID:-"http://localhost:8585/api/v1/saml/acs"} acs: ${SAML_SP_ACS:-"http://localhost:8585/api/v1/saml/acs"} spX509Certificate: ${SAML_SP_CERTIFICATE:-""} callback: ${SAML_SP_CALLBACK:-"http://localhost:8585/saml/callback"} diff --git a/openmetadata-docs/content/v1.5.x/connectors/database/glue/index.md b/openmetadata-docs/content/v1.5.x/connectors/database/glue/index.md index 0f2ee47cccb..87c93812bb7 100644 --- a/openmetadata-docs/content/v1.5.x/connectors/database/glue/index.md +++ b/openmetadata-docs/content/v1.5.x/connectors/database/glue/index.md @@ -20,7 +20,7 @@ Configure and schedule Glue metadata and profiler workflows from the OpenMetadat - [Metadata Ingestion](#metadata-ingestion) - [dbt Integration](/connectors/ingestion/workflows/dbt) -{% partial file="/v1.5/connectors/ingestion-modes-tiles.md" variables={yamlPath: "/connectors/database/athena/yaml"} /%} +{% partial file="/v1.5/connectors/ingestion-modes-tiles.md" variables={yamlPath: "/connectors/database/glue/yaml"} /%} ## Requirements diff --git a/openmetadata-docs/content/v1.5.x/connectors/database/postgres/troubleshooting.md b/openmetadata-docs/content/v1.5.x/connectors/database/postgres/troubleshooting.md index f0e296ddd5a..55031d3c59b 100644 --- a/openmetadata-docs/content/v1.5.x/connectors/database/postgres/troubleshooting.md +++ b/openmetadata-docs/content/v1.5.x/connectors/database/postgres/troubleshooting.md @@ -47,3 +47,32 @@ LINE 2: SELECT relispartition as is_partition Then you might be using an unsupported postgres version. If we double-check the requirements for the postgres connector: Note that we only support officially supported Postgres versions. You can check the version list [here](https://www.postgresql.org/support/versioning/). + +## Error: `no pg_hba.conf entry for host` + +When trying to connect to a PostgreSQL server hosted on Azure/AWS using basic authentication, the connection may fail with the following error message: + +``` +(psycopg2.OperationalError) FATAL: no pg_hba.conf entry for host "x.xx.xxx.x", user "xxxxxx", database "xxxxx", no encryption +``` + + +This error generally indicates that the host trying to access the Postgres server is not permitted according to the server's `pg_hba.conf` configuration, which manages authentication. + +1. **Whitelist the IP address** + Ensure that the IP address provided by the OpenMetadata Service wizard is whitelisted in the Azure network firewall rules. You should also verify that the correct IP is added in the firewall for the database to allow connections from OpenMetadata. + +2. **Check pg_hba.conf File** + While Azure-managed PostgreSQL doesn't allow direct access to modify the `pg_hba.conf` file, you can control access using Azure Firewall rules. Ensure that the IP address attempting to connect is allowed. + +3. **Verify Network Access** + Ensure that the PostgreSQL server is accessible from the internet for the allowed IP addresses. If the server is behind a VPN or private network, adjust the network settings accordingly. + +4. **Adjust SSL Mode** + The error could also be related to SSL settings. Setting the SSL mode to `allow` can help resolve this issue. Modify the connection settings in the OpenMetadata Service configuration to: + +``` +SSL Mode: Allow +``` + +This will allow the connection even if SSL is not enforced by the server. diff --git a/openmetadata-docs/content/v1.5.x/connectors/pipeline/openlineage/index.md b/openmetadata-docs/content/v1.5.x/connectors/pipeline/openlineage/index.md index b2fcdeb8df0..a9e624e87c3 100644 --- a/openmetadata-docs/content/v1.5.x/connectors/pipeline/openlineage/index.md +++ b/openmetadata-docs/content/v1.5.x/connectors/pipeline/openlineage/index.md @@ -63,9 +63,9 @@ To Configure your Airflow instance file="/v1.5/connectors/metadata-ingestion-ui.md" variables={ connector: "Openlineage", - selectServicePath: "/images/v1.3/connectors/openlineage/select-service.webp", - addNewServicePath: "/images/v1.3/connectors/openlineage/add-new-service.webp", - serviceConnectionPath: "/images/v1.3/connectors/openlineage/service-connection.webp", + selectServicePath: "/images/v1.5/connectors/openlineage/select-service.png", + addNewServicePath: "/images/v1.5/connectors/openlineage/add-new-service.png", + serviceConnectionPath: "/images/v1.5/connectors/openlineage/service-connection.png", } /%} diff --git a/openmetadata-docs/content/v1.5.x/deployment/kubernetes/values.md b/openmetadata-docs/content/v1.5.x/deployment/kubernetes/values.md index 1a50c909dab..fbe8986b68a 100644 --- a/openmetadata-docs/content/v1.5.x/deployment/kubernetes/values.md +++ b/openmetadata-docs/content/v1.5.x/deployment/kubernetes/values.md @@ -77,7 +77,7 @@ This page list all the supported helm values for OpenMetadata Helm Charts. | openmetadata.config.authentication.saml.idp.idpX509Certificate.secretKey | string | `Empty` | SAML_IDP_CERTIFICATE | | openmetadata.config.authentication.saml.idp.authorityUrl | string | `http://openmetadata:8585/api/v1/saml/login` | SAML_AUTHORITY_URL | | openmetadata.config.authentication.saml.idp.nameId | string | `urn:oasis:names:tc:SAML:2.0:nameid-format:emailAddress` | SAML_IDP_NAME_ID | -| openmetadata.config.authentication.saml.sp.entityId | string | `http://openmetadata:8585/api/v1/saml/metadata` | SAML_SP_ENTITY_ID | +| openmetadata.config.authentication.saml.sp.entityId | string | `http://openmetadata:8585/api/v1/saml/acs` | SAML_SP_ENTITY_ID | | openmetadata.config.authentication.saml.sp.acs | string | `http://openmetadata:8585/api/v1/saml/acs` | SAML_SP_ACS | | openmetadata.config.authentication.saml.sp.spX509Certificate.secretRef | string | `Empty` | SAML_SP_CERTIFICATE | | openmetadata.config.authentication.saml.sp.spX509Certificate.secretKey | string | `Empty` | SAML_SP_CERTIFICATE | diff --git a/openmetadata-docs/content/v1.5.x/deployment/security/saml/aws.md b/openmetadata-docs/content/v1.5.x/deployment/security/saml/aws.md index 6751f5e40a6..8603a2a915b 100644 --- a/openmetadata-docs/content/v1.5.x/deployment/security/saml/aws.md +++ b/openmetadata-docs/content/v1.5.x/deployment/security/saml/aws.md @@ -64,7 +64,7 @@ Security requirements for your **production** environment: authorityUrl: ${SAML_AUTHORITY_URL:-"http://localhost:8585/api/v1/saml/login"} nameId: ${SAML_IDP_NAME_ID:-"urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"} sp: - entityId: ${SAML_SP_ENTITY_ID:-"http://localhost:8585/api/v1/saml/metadata"} + entityId: ${SAML_SP_ENTITY_ID:-"http://localhost:8585/api/v1/saml/acs"} acs: ${SAML_SP_ACS:-"http://localhost:8585/api/v1/saml/acs"} spX509Certificate: ${SAML_SP_CERTIFICATE:-""} callback: ${SAML_SP_CALLBACK:-"http://localhost:8585/saml/callback"} @@ -95,7 +95,7 @@ Security requirements for your **production** environment: `authorityUrl` -> set as {http}/{https}://{domain}:{port}/api/v1/saml/login - SP Config - `entityId` -> -> set as {http}/{https}://{domain}:{port}/api/v1/saml/metadata + `entityId` -> -> set as {http}/{https}://{domain}:{port}/api/v1/saml/acs `acs` -> Assertion Consumer Url , set as {http}/{https}://{domain}:{port}/api/v1/saml/acs `spX509Certificate` -> set to your X509 Signing Key `callback` -> set as {http}/{https}://{domain}/api/v1/saml/callback diff --git a/openmetadata-docs/content/v1.5.x/deployment/security/saml/azure.md b/openmetadata-docs/content/v1.5.x/deployment/security/saml/azure.md index b90337ed7e7..5592724270c 100644 --- a/openmetadata-docs/content/v1.5.x/deployment/security/saml/azure.md +++ b/openmetadata-docs/content/v1.5.x/deployment/security/saml/azure.md @@ -89,7 +89,7 @@ openssl x509 -in saml.crt -out samlCER.cer -outform DER authorityUrl: ${SAML_AUTHORITY_URL:-"http://localhost:8585/api/v1/saml/login"} nameId: ${SAML_IDP_NAME_ID:-"urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"} sp: - entityId: ${SAML_SP_ENTITY_ID:-"http://localhost:8585/api/v1/saml/metadata"} + entityId: ${SAML_SP_ENTITY_ID:-"http://localhost:8585/api/v1/saml/acs"} acs: ${SAML_SP_ACS:-"http://localhost:8585/api/v1/saml/acs"} spX509Certificate: ${SAML_SP_CERTIFICATE:-""} callback: ${SAML_SP_CALLBACK:-"http://localhost:8585/saml/callback"} @@ -118,7 +118,7 @@ openssl x509 -in saml.crt -out samlCER.cer -outform DER `authorityUrl` -> set as {http}/{https}://{domain}:{port}/api/v1/saml/login - SP Config - `entityId` -> -> set as {http}/{https}://{domain}:{port}/api/v1/saml/metadata + `entityId` -> -> set as {http}/{https}://{domain}:{port}/api/v1/saml/acs `acs` -> Assertion Consumer Url , set as {http}/{https}://{domain}:{port}/api/v1/saml/acs `spX509Certificate` -> set to your X509 Signing Key `callback` -> set as {http}/{https}://{domain}/api/v1/saml/callback diff --git a/openmetadata-docs/content/v1.5.x/deployment/security/saml/bare-metal.md b/openmetadata-docs/content/v1.5.x/deployment/security/saml/bare-metal.md index d503a311374..433b2d93b5d 100644 --- a/openmetadata-docs/content/v1.5.x/deployment/security/saml/bare-metal.md +++ b/openmetadata-docs/content/v1.5.x/deployment/security/saml/bare-metal.md @@ -27,7 +27,7 @@ are divided into the following three sections:- ```yaml sp: - entityId: ${SAML_SP_ENTITY_ID:-"http://localhost:8585/api/v1/saml/metadata"} + entityId: ${SAML_SP_ENTITY_ID:-"http://localhost:8585/api/v1/saml/acs"} acs: ${SAML_SP_ACS:-"http://localhost:8585/api/v1/saml/acs"} spX509Certificate: ${SAML_SP_CERTIFICATE:-""} callback: ${SAML_SP_CALLBACK:-"http://localhost:8585/saml/callback"} diff --git a/openmetadata-docs/content/v1.5.x/deployment/security/saml/docker.md b/openmetadata-docs/content/v1.5.x/deployment/security/saml/docker.md index f7b40958cf2..ae143fbfc32 100644 --- a/openmetadata-docs/content/v1.5.x/deployment/security/saml/docker.md +++ b/openmetadata-docs/content/v1.5.x/deployment/security/saml/docker.md @@ -30,7 +30,7 @@ SAML_AUTHORITY_URL=http://localhost:8585/api/v1/saml/login SAML_IDP_NAME_ID=urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress # OpenMetadata Server SP Configuration -SAML_SP_ENTITY_ID=http://localhost:8585/api/v1/saml/metadata +SAML_SP_ENTITY_ID=http://localhost:8585/api/v1/saml/acs SAML_SP_ACS=http://localhost:8585/api/v1/saml/acs SAML_SP_CERTIFICATE=/path/to/the/certificate SAML_SP_CALLBACK=http://localhost:8585/saml/callback diff --git a/openmetadata-docs/content/v1.5.x/deployment/security/saml/index.md b/openmetadata-docs/content/v1.5.x/deployment/security/saml/index.md index 5aaf6fc9986..502d5e856bd 100644 --- a/openmetadata-docs/content/v1.5.x/deployment/security/saml/index.md +++ b/openmetadata-docs/content/v1.5.x/deployment/security/saml/index.md @@ -50,7 +50,7 @@ To add a private key, you need to include it in the keystore and update the conf {% /note %} -SP Metadata XML is available at "http://localhost:8585/api/v1/saml/metadata", `localhost` needs to be updated with the correct URI. +SP Metadata XML is available at "http://localhost:8585/api/v1/saml/acs", `localhost` needs to be updated with the correct URI. ### Security Configuration diff --git a/openmetadata-docs/content/v1.5.x/deployment/security/saml/kubernetes.md b/openmetadata-docs/content/v1.5.x/deployment/security/saml/kubernetes.md index 3d9f10cdd3a..3b540c21d32 100644 --- a/openmetadata-docs/content/v1.5.x/deployment/security/saml/kubernetes.md +++ b/openmetadata-docs/content/v1.5.x/deployment/security/saml/kubernetes.md @@ -21,7 +21,7 @@ openmetadata: nameId: ${SAML_IDP_NAME_ID:-"urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"} sp: - entityId: ${SAML_SP_ENTITY_ID:-"http://localhost:8585/api/v1/saml/metadata"} + entityId: ${SAML_SP_ENTITY_ID:-"http://localhost:8585/api/v1/saml/acs"} acs: ${SAML_SP_ACS:-"http://localhost:8585/api/v1/saml/acs"} spX509Certificate: ${SAML_SP_CERTIFICATE:-""} callback: ${SAML_SP_CALLBACK:-"http://localhost:8585/saml/callback"} diff --git a/openmetadata-docs/content/v1.6.x-SNAPSHOT/connectors/database/glue/index.md b/openmetadata-docs/content/v1.6.x-SNAPSHOT/connectors/database/glue/index.md index 0f2ee47cccb..87c93812bb7 100644 --- a/openmetadata-docs/content/v1.6.x-SNAPSHOT/connectors/database/glue/index.md +++ b/openmetadata-docs/content/v1.6.x-SNAPSHOT/connectors/database/glue/index.md @@ -20,7 +20,7 @@ Configure and schedule Glue metadata and profiler workflows from the OpenMetadat - [Metadata Ingestion](#metadata-ingestion) - [dbt Integration](/connectors/ingestion/workflows/dbt) -{% partial file="/v1.5/connectors/ingestion-modes-tiles.md" variables={yamlPath: "/connectors/database/athena/yaml"} /%} +{% partial file="/v1.5/connectors/ingestion-modes-tiles.md" variables={yamlPath: "/connectors/database/glue/yaml"} /%} ## Requirements diff --git a/openmetadata-docs/content/v1.6.x-SNAPSHOT/connectors/database/postgres/troubleshooting.md b/openmetadata-docs/content/v1.6.x-SNAPSHOT/connectors/database/postgres/troubleshooting.md index f0e296ddd5a..55031d3c59b 100644 --- a/openmetadata-docs/content/v1.6.x-SNAPSHOT/connectors/database/postgres/troubleshooting.md +++ b/openmetadata-docs/content/v1.6.x-SNAPSHOT/connectors/database/postgres/troubleshooting.md @@ -47,3 +47,32 @@ LINE 2: SELECT relispartition as is_partition Then you might be using an unsupported postgres version. If we double-check the requirements for the postgres connector: Note that we only support officially supported Postgres versions. You can check the version list [here](https://www.postgresql.org/support/versioning/). + +## Error: `no pg_hba.conf entry for host` + +When trying to connect to a PostgreSQL server hosted on Azure/AWS using basic authentication, the connection may fail with the following error message: + +``` +(psycopg2.OperationalError) FATAL: no pg_hba.conf entry for host "x.xx.xxx.x", user "xxxxxx", database "xxxxx", no encryption +``` + + +This error generally indicates that the host trying to access the Postgres server is not permitted according to the server's `pg_hba.conf` configuration, which manages authentication. + +1. **Whitelist the IP address** + Ensure that the IP address provided by the OpenMetadata Service wizard is whitelisted in the Azure network firewall rules. You should also verify that the correct IP is added in the firewall for the database to allow connections from OpenMetadata. + +2. **Check pg_hba.conf File** + While Azure-managed PostgreSQL doesn't allow direct access to modify the `pg_hba.conf` file, you can control access using Azure Firewall rules. Ensure that the IP address attempting to connect is allowed. + +3. **Verify Network Access** + Ensure that the PostgreSQL server is accessible from the internet for the allowed IP addresses. If the server is behind a VPN or private network, adjust the network settings accordingly. + +4. **Adjust SSL Mode** + The error could also be related to SSL settings. Setting the SSL mode to `allow` can help resolve this issue. Modify the connection settings in the OpenMetadata Service configuration to: + +``` +SSL Mode: Allow +``` + +This will allow the connection even if SSL is not enforced by the server. diff --git a/openmetadata-docs/content/v1.6.x-SNAPSHOT/connectors/pipeline/openlineage/index.md b/openmetadata-docs/content/v1.6.x-SNAPSHOT/connectors/pipeline/openlineage/index.md index b2fcdeb8df0..f6db4556d70 100644 --- a/openmetadata-docs/content/v1.6.x-SNAPSHOT/connectors/pipeline/openlineage/index.md +++ b/openmetadata-docs/content/v1.6.x-SNAPSHOT/connectors/pipeline/openlineage/index.md @@ -63,9 +63,9 @@ To Configure your Airflow instance file="/v1.5/connectors/metadata-ingestion-ui.md" variables={ connector: "Openlineage", - selectServicePath: "/images/v1.3/connectors/openlineage/select-service.webp", - addNewServicePath: "/images/v1.3/connectors/openlineage/add-new-service.webp", - serviceConnectionPath: "/images/v1.3/connectors/openlineage/service-connection.webp", + selectServicePath: "/images/v1.6/connectors/openlineage/select-service.png", + addNewServicePath: "/images/v1.6/connectors/openlineage/add-new-service.png", + serviceConnectionPath: "/images/v1.6/connectors/openlineage/service-connection.png", } /%} diff --git a/openmetadata-docs/content/v1.6.x-SNAPSHOT/deployment/kubernetes/values.md b/openmetadata-docs/content/v1.6.x-SNAPSHOT/deployment/kubernetes/values.md index 1a50c909dab..fbe8986b68a 100644 --- a/openmetadata-docs/content/v1.6.x-SNAPSHOT/deployment/kubernetes/values.md +++ b/openmetadata-docs/content/v1.6.x-SNAPSHOT/deployment/kubernetes/values.md @@ -77,7 +77,7 @@ This page list all the supported helm values for OpenMetadata Helm Charts. | openmetadata.config.authentication.saml.idp.idpX509Certificate.secretKey | string | `Empty` | SAML_IDP_CERTIFICATE | | openmetadata.config.authentication.saml.idp.authorityUrl | string | `http://openmetadata:8585/api/v1/saml/login` | SAML_AUTHORITY_URL | | openmetadata.config.authentication.saml.idp.nameId | string | `urn:oasis:names:tc:SAML:2.0:nameid-format:emailAddress` | SAML_IDP_NAME_ID | -| openmetadata.config.authentication.saml.sp.entityId | string | `http://openmetadata:8585/api/v1/saml/metadata` | SAML_SP_ENTITY_ID | +| openmetadata.config.authentication.saml.sp.entityId | string | `http://openmetadata:8585/api/v1/saml/acs` | SAML_SP_ENTITY_ID | | openmetadata.config.authentication.saml.sp.acs | string | `http://openmetadata:8585/api/v1/saml/acs` | SAML_SP_ACS | | openmetadata.config.authentication.saml.sp.spX509Certificate.secretRef | string | `Empty` | SAML_SP_CERTIFICATE | | openmetadata.config.authentication.saml.sp.spX509Certificate.secretKey | string | `Empty` | SAML_SP_CERTIFICATE | diff --git a/openmetadata-docs/content/v1.6.x-SNAPSHOT/deployment/security/saml/aws.md b/openmetadata-docs/content/v1.6.x-SNAPSHOT/deployment/security/saml/aws.md index 6751f5e40a6..8603a2a915b 100644 --- a/openmetadata-docs/content/v1.6.x-SNAPSHOT/deployment/security/saml/aws.md +++ b/openmetadata-docs/content/v1.6.x-SNAPSHOT/deployment/security/saml/aws.md @@ -64,7 +64,7 @@ Security requirements for your **production** environment: authorityUrl: ${SAML_AUTHORITY_URL:-"http://localhost:8585/api/v1/saml/login"} nameId: ${SAML_IDP_NAME_ID:-"urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"} sp: - entityId: ${SAML_SP_ENTITY_ID:-"http://localhost:8585/api/v1/saml/metadata"} + entityId: ${SAML_SP_ENTITY_ID:-"http://localhost:8585/api/v1/saml/acs"} acs: ${SAML_SP_ACS:-"http://localhost:8585/api/v1/saml/acs"} spX509Certificate: ${SAML_SP_CERTIFICATE:-""} callback: ${SAML_SP_CALLBACK:-"http://localhost:8585/saml/callback"} @@ -95,7 +95,7 @@ Security requirements for your **production** environment: `authorityUrl` -> set as {http}/{https}://{domain}:{port}/api/v1/saml/login - SP Config - `entityId` -> -> set as {http}/{https}://{domain}:{port}/api/v1/saml/metadata + `entityId` -> -> set as {http}/{https}://{domain}:{port}/api/v1/saml/acs `acs` -> Assertion Consumer Url , set as {http}/{https}://{domain}:{port}/api/v1/saml/acs `spX509Certificate` -> set to your X509 Signing Key `callback` -> set as {http}/{https}://{domain}/api/v1/saml/callback diff --git a/openmetadata-docs/content/v1.6.x-SNAPSHOT/deployment/security/saml/azure.md b/openmetadata-docs/content/v1.6.x-SNAPSHOT/deployment/security/saml/azure.md index b90337ed7e7..5592724270c 100644 --- a/openmetadata-docs/content/v1.6.x-SNAPSHOT/deployment/security/saml/azure.md +++ b/openmetadata-docs/content/v1.6.x-SNAPSHOT/deployment/security/saml/azure.md @@ -89,7 +89,7 @@ openssl x509 -in saml.crt -out samlCER.cer -outform DER authorityUrl: ${SAML_AUTHORITY_URL:-"http://localhost:8585/api/v1/saml/login"} nameId: ${SAML_IDP_NAME_ID:-"urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"} sp: - entityId: ${SAML_SP_ENTITY_ID:-"http://localhost:8585/api/v1/saml/metadata"} + entityId: ${SAML_SP_ENTITY_ID:-"http://localhost:8585/api/v1/saml/acs"} acs: ${SAML_SP_ACS:-"http://localhost:8585/api/v1/saml/acs"} spX509Certificate: ${SAML_SP_CERTIFICATE:-""} callback: ${SAML_SP_CALLBACK:-"http://localhost:8585/saml/callback"} @@ -118,7 +118,7 @@ openssl x509 -in saml.crt -out samlCER.cer -outform DER `authorityUrl` -> set as {http}/{https}://{domain}:{port}/api/v1/saml/login - SP Config - `entityId` -> -> set as {http}/{https}://{domain}:{port}/api/v1/saml/metadata + `entityId` -> -> set as {http}/{https}://{domain}:{port}/api/v1/saml/acs `acs` -> Assertion Consumer Url , set as {http}/{https}://{domain}:{port}/api/v1/saml/acs `spX509Certificate` -> set to your X509 Signing Key `callback` -> set as {http}/{https}://{domain}/api/v1/saml/callback diff --git a/openmetadata-docs/content/v1.6.x-SNAPSHOT/deployment/security/saml/bare-metal.md b/openmetadata-docs/content/v1.6.x-SNAPSHOT/deployment/security/saml/bare-metal.md index d503a311374..433b2d93b5d 100644 --- a/openmetadata-docs/content/v1.6.x-SNAPSHOT/deployment/security/saml/bare-metal.md +++ b/openmetadata-docs/content/v1.6.x-SNAPSHOT/deployment/security/saml/bare-metal.md @@ -27,7 +27,7 @@ are divided into the following three sections:- ```yaml sp: - entityId: ${SAML_SP_ENTITY_ID:-"http://localhost:8585/api/v1/saml/metadata"} + entityId: ${SAML_SP_ENTITY_ID:-"http://localhost:8585/api/v1/saml/acs"} acs: ${SAML_SP_ACS:-"http://localhost:8585/api/v1/saml/acs"} spX509Certificate: ${SAML_SP_CERTIFICATE:-""} callback: ${SAML_SP_CALLBACK:-"http://localhost:8585/saml/callback"} diff --git a/openmetadata-docs/content/v1.6.x-SNAPSHOT/deployment/security/saml/docker.md b/openmetadata-docs/content/v1.6.x-SNAPSHOT/deployment/security/saml/docker.md index f7b40958cf2..ae143fbfc32 100644 --- a/openmetadata-docs/content/v1.6.x-SNAPSHOT/deployment/security/saml/docker.md +++ b/openmetadata-docs/content/v1.6.x-SNAPSHOT/deployment/security/saml/docker.md @@ -30,7 +30,7 @@ SAML_AUTHORITY_URL=http://localhost:8585/api/v1/saml/login SAML_IDP_NAME_ID=urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress # OpenMetadata Server SP Configuration -SAML_SP_ENTITY_ID=http://localhost:8585/api/v1/saml/metadata +SAML_SP_ENTITY_ID=http://localhost:8585/api/v1/saml/acs SAML_SP_ACS=http://localhost:8585/api/v1/saml/acs SAML_SP_CERTIFICATE=/path/to/the/certificate SAML_SP_CALLBACK=http://localhost:8585/saml/callback diff --git a/openmetadata-docs/content/v1.6.x-SNAPSHOT/deployment/security/saml/index.md b/openmetadata-docs/content/v1.6.x-SNAPSHOT/deployment/security/saml/index.md index 5aaf6fc9986..502d5e856bd 100644 --- a/openmetadata-docs/content/v1.6.x-SNAPSHOT/deployment/security/saml/index.md +++ b/openmetadata-docs/content/v1.6.x-SNAPSHOT/deployment/security/saml/index.md @@ -50,7 +50,7 @@ To add a private key, you need to include it in the keystore and update the conf {% /note %} -SP Metadata XML is available at "http://localhost:8585/api/v1/saml/metadata", `localhost` needs to be updated with the correct URI. +SP Metadata XML is available at "http://localhost:8585/api/v1/saml/acs", `localhost` needs to be updated with the correct URI. ### Security Configuration diff --git a/openmetadata-docs/content/v1.6.x-SNAPSHOT/deployment/security/saml/kubernetes.md b/openmetadata-docs/content/v1.6.x-SNAPSHOT/deployment/security/saml/kubernetes.md index 3d9f10cdd3a..3b540c21d32 100644 --- a/openmetadata-docs/content/v1.6.x-SNAPSHOT/deployment/security/saml/kubernetes.md +++ b/openmetadata-docs/content/v1.6.x-SNAPSHOT/deployment/security/saml/kubernetes.md @@ -21,7 +21,7 @@ openmetadata: nameId: ${SAML_IDP_NAME_ID:-"urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"} sp: - entityId: ${SAML_SP_ENTITY_ID:-"http://localhost:8585/api/v1/saml/metadata"} + entityId: ${SAML_SP_ENTITY_ID:-"http://localhost:8585/api/v1/saml/acs"} acs: ${SAML_SP_ACS:-"http://localhost:8585/api/v1/saml/acs"} spX509Certificate: ${SAML_SP_CERTIFICATE:-""} callback: ${SAML_SP_CALLBACK:-"http://localhost:8585/saml/callback"} diff --git a/openmetadata-docs/images/v1.4/connectors/openlineage/add-new-service.png b/openmetadata-docs/images/v1.4/connectors/openlineage/add-new-service.png new file mode 100644 index 00000000000..7dd4e985bd2 Binary files /dev/null and b/openmetadata-docs/images/v1.4/connectors/openlineage/add-new-service.png differ diff --git a/openmetadata-docs/images/v1.4/connectors/openlineage/select-service.png b/openmetadata-docs/images/v1.4/connectors/openlineage/select-service.png new file mode 100644 index 00000000000..ad34456531a Binary files /dev/null and b/openmetadata-docs/images/v1.4/connectors/openlineage/select-service.png differ diff --git a/openmetadata-docs/images/v1.4/connectors/openlineage/service-connection.png b/openmetadata-docs/images/v1.4/connectors/openlineage/service-connection.png new file mode 100644 index 00000000000..ce292a2c85d Binary files /dev/null and b/openmetadata-docs/images/v1.4/connectors/openlineage/service-connection.png differ diff --git a/openmetadata-docs/images/v1.5/connectors/openlineage/add-new-service.png b/openmetadata-docs/images/v1.5/connectors/openlineage/add-new-service.png new file mode 100644 index 00000000000..7dd4e985bd2 Binary files /dev/null and b/openmetadata-docs/images/v1.5/connectors/openlineage/add-new-service.png differ diff --git a/openmetadata-docs/images/v1.5/connectors/openlineage/select-service.png b/openmetadata-docs/images/v1.5/connectors/openlineage/select-service.png new file mode 100644 index 00000000000..ad34456531a Binary files /dev/null and b/openmetadata-docs/images/v1.5/connectors/openlineage/select-service.png differ diff --git a/openmetadata-docs/images/v1.5/connectors/openlineage/service-connection.png b/openmetadata-docs/images/v1.5/connectors/openlineage/service-connection.png new file mode 100644 index 00000000000..ce292a2c85d Binary files /dev/null and b/openmetadata-docs/images/v1.5/connectors/openlineage/service-connection.png differ diff --git a/openmetadata-docs/images/v1.6/connectors/openlineage/add-new-service.png b/openmetadata-docs/images/v1.6/connectors/openlineage/add-new-service.png new file mode 100644 index 00000000000..7dd4e985bd2 Binary files /dev/null and b/openmetadata-docs/images/v1.6/connectors/openlineage/add-new-service.png differ diff --git a/openmetadata-docs/images/v1.6/connectors/openlineage/select-service.png b/openmetadata-docs/images/v1.6/connectors/openlineage/select-service.png new file mode 100644 index 00000000000..ad34456531a Binary files /dev/null and b/openmetadata-docs/images/v1.6/connectors/openlineage/select-service.png differ diff --git a/openmetadata-docs/images/v1.6/connectors/openlineage/service-connection.png b/openmetadata-docs/images/v1.6/connectors/openlineage/service-connection.png new file mode 100644 index 00000000000..ce292a2c85d Binary files /dev/null and b/openmetadata-docs/images/v1.6/connectors/openlineage/service-connection.png differ