Others

Note: Some of the properties reflected are not feasible with Multi-Cloud version of Gathr. These properties are marked with **

Miscellaneous configurations properties left of the Web Studio. This category is further divided into various sub-categories.

LDAP

FieldDescription
PasswordPassword against which the user will be authenticated in LDAP Server.
Group Search BaseDefines the part of the directory tree under which group searches will be performed.
User Search BaseDefines the part of the directory tree under which DN searches will be performed.
User Search FilterThe filter which will be used to search DN within the User Search Base defined above.
Group Search FilterThe filter which is used to search for group membership. The default is member={0 corresponding to the groupOfMembers LDAP class. In this case, the substituted parameter is the full distinguished name of the user. The parameter {1} can be used if you want to filter on the login name.
Admin Group NameLDAP group name which maps to application’s Admin role.
Developer Group NameLDAP group name which maps to application’s Developer role.
Devops Group NameLDAP group name which maps to application’s Devops role.
Tier-II Group NameLDAP group name which maps to application’s Tier-II role.
LDAP Connection URLURL of the LDAP server is a string that can be used to encapsulate the address and port of a directory server. For e.g. - ldap://host:port.
User Distinguished NameA unique name which is used to find the user in LDAP Server.

Okta

FieldDescription
redirectUriComplete Gathr URL where user lands after successfully authenticate on Okta.
baseUrlOkta base URL where Gathr application is configured for SSO authentication.
clientId.passwordClient Id of registered Gathr application on Okta.
clientSecret.passwordClient Secret of registered application on Okta.
apiToken.passwordAPI Token generated from Okta for REST API communication.
ScopeSpace-separated list of scopes to define permissions: openid email profile offline_access.
oktaGroupsOnlyEnable to restrict access to users/groups belonging to Okta groups only, excluding users/groups from other providers like LDAP.
singleSignOutEnable single sign-out (SLO) functionality with Okta. It ensures user logged out from all Okta authenticated applications when logging out from Gathr.
groupname.admin.roleOkta group name which maps to application’s Admin role. Example SAX-PROD-SUPER
Single Sign Out (SLO) FunctionalityWe have added support single Sign out functionality on Gathr, by default it false. To make it enable, we need to set singleSignOut: true in env-config.yaml.

If SLO is enabled and user logout from any okta application and those applications invalidated the user session then, he/she will logout from Gathr application as well and vise versa.

Next, enter the Configuration page from the main menu and navigate to Security tab.

Update the below fields by selecting Okta from the drop-down menu.

FieldDescription
User Authentication SourceSelect Okta from the drop-down list.
User Authorization SourceSelect Okta from the drop-down list.
Superuser (Seed User) Authentication SourceSelect Okta from the drop-down list.
Superuser Email IDSelect Okta from the drop-down list.

Click Save.

Start Gathr using the below command.

./startServicesServer.sh -config.reload=true -auth.source=sso

Activiti

FieldDescription
Alert Email Character SetThe character set used for sending emails.
Alert Sender EmailThe email address from which mails must be sent.
JDBC Driver ClassThe database driver used for activity setup.
JDBC URLThe database URL for activity database.
JDBC UserThe database user name.
JDBC PasswordJDBC Password.
HostThe email server host from which emails will be sent
PortThe email server port.
UserThe email id from which emails will be sent.
PasswordThe Password of the email account from which emails will be sent.
Default Sender EmailThe default email address from which mails will be sent if you do not provide one in the UI.
Enable SSLIf SSL (Secure Sockets Layer) is enabled for establishing an encrypted link between server and client.
Enable TSLIf Transport Layer Security (TLS) enables the encrypted communication of messages between hosts that support TLS and can also allow one host to verify the identity of another.
HistoryActiviti history is needed or not.
DatabaseThe database used for activity setup.

Couchbase

FieldDescription
Max Pool Size **The Couchbase Max Pool Size.
Default Bucket Memory Size **The memory size of default bucket in Couchbase.
Password **The Couchbase password.
Default Bucket Replica No **The Couchbase default bucket replication number.
Host Port **The port no. of Couchbase.
Host Name **The host on which the Couchbase is running.
HTTP URL **The Couchbase http URL.
Bucket List **The Couchbase bucket list.
Polling timeout **The polling timeout of Couchbase.
Polling sleeptime **The sleep time between each polling.
User Name **The username of the Couchbase user.

Kerberos

FieldDescription
Hadoop NameNode Kerberos PrincipalService principal of name node.
Kerberos Configuration File OverrideSet to true if you want the keytab_login.conf file to be (re)created for every running pipeline when Kerberos security is enabled.
Hadoop Core Site LocationThe property should be used when trying to connect HDFS from two different realms. This property signifies the path of Hadoop core-site.xml containing roles for cross-realm communications.
Hbase Master Kerberos PrincipalService principal of HBase master.
ResourceManager Kerberos PrincipalService principal of resource manager
Hbase Regionserver Kerberos PrincipalService principal of region server.
Hive Metastore Kerberos principalService principal of Hive metastore.
HiveServer2 Kerberos PrincipalService principal of hive server 2

Configuring Kerberos

You can add extra Java options for any Spark Superuser pipeline in following way:

Login as Superuser and click on Data Pipeline and edit any pipeline.

  • Kafka

  • HDFS

  • HBASE

  • SOLR

  • Zookeeper

Configure Kerberos

Once Kerberos is enabled, go to Superuser UI > Configuration > Environment > Kerberos to configure Kerberos.

kerberso

Configure Kerberos in Components

Go to Superuser UI > Connections, edit the component connection settings as explained below:

HBase, HDFS

co

FieldDescription
Key Tab Select Option

A Keytab is a file containing pair of Kerberos principals and encrypted keys. You can use Keytab to authenticate various remote systems. It has two options:

Specify Keytab File Path: Path where Keytab file is stored

Upload Keytab File: Upload Keytab file from your local file system.

Specify Keytab File PathIf the option selected is Specify** Keytab File Path,** system will display the field** KeyTab File Path where you will specify the keytab file location.
Upload Keytab FileIf the option selected is Upload** Keytab File**,** system will display the** field** Upload Keytab File that will enable you to upload the Keytab file.

By default, Kerberos security is configured for these components: Solr, Kafka and Zookeeper. No manual configuration is required.

Jupyter

FieldDescription
jupyter.hdfs.portHDFS Http port.
jupyter.hdfs.dirHDFS location where uploaded data will be saved.
jupyter.dirLocation where notebooks will be created.
jupyter.notebook.service.portPort on which Auto create Notebook service is running.
jupyter.hdfs.connection.nameHDFS connection name use to connect HDFS (from gathr connection tab).
jupyter.urlURL contains IP address and port where Jupyter services are running.

Cloudera

PropertyDescription
Navigator URLThe Cloudera Navigator URL.
Navigator API VersionThe Cloudera Navigator API version used.
Navigator Admin UserThe Cloudera navigator Admin user.
Navigator User PasswordThe Cloudera navigator Admin user password.
Autocommit EnabledSpecifies of the auto-commit of entities is required.

Airflow

PropertyDescription
Enable AWS MWAAOption to enable AWS Managed Airflow for gathr. It is disabled by default.

If Enable AWS MWAA is check-marked, additional fields will be displayed as given below:

RegionAWS region should be provided where MWAA environment is created.
Provider TypeOption to choose AWS credentials provider type.
AWS Access Key IDAWS account access key ID should be provided for authentication if Provider Type is selected as AWS keys.
AWS Secret Access KeyAWS account secret access key should be provided for the Access Key ID specified above. The available options to choose from the drop-down list are: None, AWS Keys and Instance Profile.
Environment NameExact AWS environment name should be provided that is required to be integrated with gathr.
Gathr Service URLDefault URL where gathr application is installed. This should be updated for any modifications done to the gathr base URL.
DAG Bucket NameExact DAG bucket name should be provided that is configured in the environment specified above.
DAG PathDAG path should be provided for the bucket name specified above.

If Enable AWS MWAA is un-check, the below fields will be displayed:

Airflow Server Token NameIt is the key that is used to authenticate a request. It should be same as the value given in section Plugin Installation>Authentication for property ‘sax_request_http_token_name’
Airflow Server Token RequiredCheck if the token is required.
Airflow Server Token ValueHTTP token to authenticate request. It should be same as the value given in section Plugin Installation > Authentication for property ‘sax_request_http_token_value’
Airflow Server URLAirflow URL to connect to Airflow.

If you have any feedback on Gathr documentation, please email us!

← Hadoop
Default →