Requirements
- Set up the OS with the correct configuration. (ulimit, enough space, memory & CPU)
- Set up a load balancer with the correct target group
- Add load balancer DNS name into /etc/hosts as an alias of local IP address (not 127.0.0.1 but local ip -> ip addr will display the local IP address)
- Prepare warehouse configuration
-
If you plan to enable Kerberos vs. NTLM, make sure you have the ticket ready with the right SPN for PowerBI access and the correct encryptions
- SPN -> HTTP/<load balancer>@REALM
-
Set up a security group with correct configurations
- expose ports 10500,10502 & 11111 for BI tools access
- Expose port 10500-10600 for internal communication between atscale hosts
-
Certificate needed to access LDAP and TLS atscale
- The majority of LDAP is TLS. Add the certificate (root, chain & host if necessary) and rename them to <filename>.cer and place them in ‘/opt/atscale/data/security/crt’
- If atscale would be a TLS, please put the certificate in /opt/atscale/conf, including the private key. The certificate must be CN=<load balancer> and Alias DNS for the AtScale engine.
- Get LDAP/AD configuration so you can bind them after installation
- Verify communication between hosts by using nc
- Prepare the YAML file (JVM, load balancer, hosts)
- Prepare krb5.conf with correct parameters (default encryption needs to be specified)
Installation & Configuration
Install the RPM or DEB in all three hosts (no order on which one first)
Identify which of the three hosts is the coordinator and primary
Run configurator.sh on the coordinator host. (configurator.sh –first-time)
Then monitor the communication between the coordinator and primary by doing the following:
tail -f /opt/atscale/log/service_registry/<latest file>
Let it run while preparing for the primary engine configuration, and ignore all the error messages.
Run the same configuration step as the previous host. (configurator.sh –first-time)
After configuration on the primary host, you should see on the coordinator host messages that the primary has joined the cluster. If you do not see the primary host has registered to the cluster, stop and fix the port firewall rule.
Once the configuration is completed with no error. Point your browser to your load balancer DNS HTTP(s)://dnsname:10500
- The default login is admin. The password is admin
- Add license key and default port access 11111
- Setup your directory services (at this time, you can directly configure your LDAP/AD)
- Configure your data warehouse(s)
- Configure the engine with NTLM or Kerberos
- Configure LDAP mapping to AtScale Roles
Restart the engine
Watch the engine log (tail -F /opt/atscale/log/engine/engine.log) to ensure the engine runs and accepts connections.
Verify login in Excel or PowerBI using Windows login in Excel (you should see the Kerberos authentication pass through in the log or NTLM login in the log). If you see any error, go back and fix what the error indicated.
Possible errors are:
bind failure | Fix your bind login |
The user does have Roles | fix group mapping between atscale & LDAP (case sensitive) |
Kerberos Error | fix the ticket or encryption type mismatch between the ticket & and the allowable encryption type |
No error | check your DNS and name resolutions to make sure it returns what your DNS is using Wireshark |
After completion of all the initial tests (login with Excel & PowerBI successfully) then, continue to complete the configuration of the secondary node (configurator.sh –activate)