Step 1) Required Resources
Lakehouse Monitor requires the following resources to already be created:
TODO link to aws resource requirements
Step 2) Configuration Prerequisites
AWS Secrets Manager needs to be configured with the following secret key value pairs. Suggested name for the secret is ‘bplm-credentials’:
storage-access-key- DynamoDB access keystorage-secret-key- DynamoDB secret keyservice-account-username- Databricks service account usernameservice-account-password- Databricks service account passwordmssql-password- SQL admin passwordapplication-encryption-secret-
Step 3) Installation procedure
1. SSH into the BPLM VM configured at Step 1) Required Resources.
Download the install archive by running the following command:
wget https://bplmdemoappstg.blob.core.windows.net/deployment/vm-aws/archive.zipExtract the archive contents
unzip archive.zip
In the destination directory you should see the following files:
.env docker-compose.yml setup.sh start.sh
Before you start setup you need to fill out the .env file with the required information). Open the file in your editor of choice and fill in the values.
Please find a brief explanation of the .env values below
Lakehouse uses databricks authentication currently with an optional setup of Azure AD as the identity provider. If you will not be using AAD, you do not need to fill out SERVICE_PRINCIPAL_CLIENTID, SERVICE_PRINCIPAL_TENANTID,or SERVICE_PRINCIPAL_CLIENTSECRET
You can also remove “,active-directory" from AUTHENTICATION_PROVIDER
LOG_LEVEL=info LOG_LEVEL_APP=info LOG_LEVEL_HTTP_HEADERS=error APPSERVICE_URL=<eg:https://demo.aws-bplm.com> SQL_DATABASE=master SQL_SERVER_HOST=<eg:192.168.4.10> SQL_USER=<eg:sql_admin> STORAGE_AWS_REGION=<eg:us-west-1> STORAGE_AWS_TABLE_PREFIX=bplm AWS_SECRETS_MANAGER_ENABLED=true AWS_SECRETS_MANAGER_REGION=<eg:us-west-1> SERVER_SSL_ENABLED=true SERVER_SSL_KEY-STORE=/keystore/bplm.p12 SERVER_SSL_KEY-STORE-PASSWORD= SERVER_SSL_KEY-STORE-TYPE=PKCS12 SERVER_SSL_KEY-ALIAS=bplm SERVER_SSL_KEY-PASSWORD= SERVICE_PRINCIPAL_CLIENTID=<eg: 925accb1-8506-4ec4-a90b-b1b0e6d8a5eb> SERVICE_PRINCIPAL_TENANTID=<eg: 03786a4c-412b-4fac-a981-b4c5bcbc55b7> SERVICE_PRINCIPAL_CLIENTSECRET=<secret value> DATABRICKS_ACCOUNT_ID=<eg: 56293882-89e7-4ecd-a5f7-cb61e68a54f0> DATARICKS_SERVICE_PRINCIPAL=<eg: 48de6ad6-ff14-403d-b842-d4ce5da4662f> ACTIVE-DIRECTORY_HOST=https://login.microsoftonline.com ACTIVE-DIRECTORY_TOKEN-ENDPOINT=/oauth2/v2.0/token ACTIVE-DIRECTORY_AUTHORIZE-ENDPOINT=/oauth2/v2.0/authorize ACTIVE-DIRECTORY_JWK-ENDPOINT=/discovery/keys ACTIVE-DIRECTORY_USER-INFO-URI=https://graph.microsoft.com/oidc/userinfo CLOUD_PROVIDER=AWS AUTHENTICATION_PROVIDER=databricks-account,active-directory SPRING_PROFILES_ACTIVE=production-aws SERVER_SERVLET_SESSION_PERSISTENT=true SERVER_SERVLET_SESSION_STORE_DIR=<eg: /home/localuser/dockerless-env/spring-session/session> ADMIN_APP_ROLE=internal_user METRIC_PROCESSING_ENABLED=false #metric.queueMonitoring.compactionTimeout=PT25M
4. Run ./setup.sh providing the domain you wish to create an SSL cert for, the version of the lakehouse monitor, and an admin email that will be used to configure certbot’s notifications when creating an SSL certificate.
If you do not currently have a registered DNS entry for the lakehouse monitor, you can skip setting up SSL certs by not supplying the cert_domain or email_certbot arguments.
eg: ./setup.sh --cert_domain "lakehouse-monitor.company.com" --version 1.4.0 --email_certbot notifications@company.com
5. After the setup script completes, run start.sh to pull down the application container and start it
ACR username and ACR password to be used by docker to pull the BPLM images from the container registry:
bplm-acr-token / <password to be provided upon deployment>where
ACRUseris the Blueprint Docker Registry userwhere
ACRPassis the Blueprint Docker Registry password
eg: ./start.sh example-acr-user someStrongPassword
Add Comment