Versions Compared

Old Version 9

changes.mady.by.user Potter (Esteban Alvarado)

Saved on

compared with

New Version 10

changes.mady.by.user Luis Valverde

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

There are 3 different ways to connect with authentication: with Basic Authentication and Amazon Web Services (AWS).

Or, if you don't want any authentication, you can set that as well.

Table of Contents

Base Configuration (Without Authentication)

Parameters

  • Parameter
    summaryThe name of the provider, used in the pipeline configuration when required by stages.
    defaultsaga-provider
    namename
    requiredtrue
  • Parameter
    summaryThe provider type.
    defaultOpenSearch
    nametype
    requiredtrue
     See Resources for more information.
  • Parameter
    summary Name for the prefix for each index used in the OpenSearch server.
    defaultsaga
    nameindexName
  • Parameter
    summaryList of OpenSearch hosts and ports (including schema)
    defaulthttp://localhost:9200
    namenodeUrls
  • Parameter
    summaryAuthentication to use, it could be basic, aws or azure.
    defaultnone
    nameauthentication
     
    • Tip

      If none, it can be omitted 

  • Parameter
    summaryField in indices used as timestamp, automatically included when fetching data.
    nametimestamp
  • Parameter
    summaryTime in seconds, of how much to wait between retries
    default5
    namedelay
  • Parameter
    summaryIn case of a connection issue, how many time it will try before throwing an error
    default3
    nameretries
  • Parameter
    summaryFields in indices to include when fetching data.
    nameinclude
  • Parameter
    summaryFields in indices to exclude when fetching data.
    nameexclude
  • Parameter
    summaryMaximum amount of results to return per request. By default is -1, which means the engine's default will be not overwritten
    default-1
    namemaxResults
    typeinteger
  • Parameter
    summaryIndicates, if the engine must track always the real total of results available, otherwise it will return an estimated beyond certain point (e.g. gt 10000))
    defaulttrue
    nametrack_total_hits
    typeboolean


Saga_jsoncode
"providers": [
	{
		"name": "saga-provider",
  		"type": "OpenSearch",
		"nodeUrls": ["http://localhost:9200"],
		"timestamp": "updatedAt",
		"indexName": "saga",
		"timeout": 90,
		"delay": 5,
		"retries": 3,
		"include": [],
		"exclude": [],
		"track_total_hits": true,
		"maxResults": 10000
	}
]



Step-by-step guide (Basic Authentication)

To connect to an Elasticsearch with basic authentication you will need to encrypt your password and add the right values to the configuration.

Follow the next steps:

  1. Encrypt the password.
    1. Locate on <saga>/bin the file saga-secure-<version>.jar

    2. In a terminal run, in Saga's root folder.

      Code Block
      languagetext
      titleConsole / Terminal / Command
      java -jar bin/saga-secure-<version>.jar -ep=<password> -config="config/config.json"
    3. Keep the generated pwd.txt file at hand, you'll need to reference it in the configuration.
  2. Update the configuration in <saga>/config/config.json.

    1. Update "providers" using authentication factor as "basic".

      Saga_json
      "providers": [
	{
		"name": "saga-provider",
  		"type": "OpenSearch",
		"nodeUrls": ["http://localhost:9200"],
		"timestamp": "updatedAt",
		"indexName": "saga",
		"encryptionKeyFile" : "./bin/saga.ek",
		"authentication": "basic",
		"user": "<username>",
		"password": "<path_to_pwd_file>",
		"timeout": 90,
		"delay": 5,
		"retries": 3,
		"exclude": [
			"updatedAt",
			"createdAt"
		]
	}
]
      Note

      Notice the values of "user" and "password" and "encryptionKeyFile"

Step-by-step guide (AWS)

To connect to an Elasticsearch with AWS authentication you will need to set your Amazon Web Services credentials locally as environmental variables or get them from the ECS or EC2 credentials.

Follow the next steps:

  1. Set your AWS credentials.
    1. Set your credentials using the AWS CLI. You can see how to do that here.
    2. Or, you can load credentials from you ECS or EC2 instance. With IAM roles for Amazon ECS Tasks, you can specify an IAM role that can be used by the containers in a task to access AWS resources.


      Info
      titleNote

      SagaElasticIndexer gets the credentials automatically by getting the credentials file. That is why you only need to specify region and service in the config file which is below this note.

  2. Update the configuration in <saga>/config/config.json.

    1. Update "providers" using authentication factor as "aws".

    2. Then we have 2 options with Credential Chain Provider, or with Access & Secret Keys

      1. With Credential Chain Provider

        Saga_json
        "providers": [
	{
		"name": "saga-provider",
		"type": "OpenSearch",
		"nodeUrls": ["http://localhost:9200"],
		"timestamp": "updatedAt",
		"indexName": "saga",
		"encryptionKeyFile" : "./bin/saga.ek",
		"authentication": "aws",
		"awsRegion": "<region_where_the_aws_service_is_located>",
		"awsService": "<aws_service>",
		"useCredentialsProviderChain": true,
		"timeout": 90,
		"delay": 5,
		"retries": 3,
		"exclude": [
			"updatedAt",
			"createdAt"
		]
	}
]
        Note

        Notice the values of "awsService", "awsRegion" and "useCredentialsProviderChain"

      2. With Access & Secret Keys

        Saga_json
        "providers": [
	{
		"name": "saga-provider",
		"type": "OpenSearch",
		"nodeUrls": ["http://localhost:9200"],
		"timestamp": "updatedAt",
		"indexName": "saga",
		"encryptionKeyFile" : "./bin/saga.ek",
		"authentication": "aws",
		"awsRegion": "<region_where_the_aws_service_is_located>",
		"awsService": "<aws_service>",
		"awsAccessKey": "<service_access_key>",
  		"awsSecretKey": "<service_secret_key>",
		"useCredentialsProviderChain": false,
		"timeout": 90,
		"delay": 5,
		"retries": 3,
		"exclude": [
			"updatedAt",
			"createdAt"
		]
	}
]
        Note

        Notice that now we also have the values of "awsAccessKey" and "awsSecretKey". You can ommit "useCredentialsProviderChain" if you want to

In case of Aspire Saga Parse (or any component using Saga)

If you are using Saga within Aspire, the configurations are the same for providers, but you will need to:

  1. Copy Saga's encryption key file to <aspire>/bin/

  2. Copy pwd.txt to <aspire>/bin/ as well.

  3. Update the Saga's config file (the one within the Aspire configuration folder) to reflect the relative path of those files:

    Saga_json
    {
	"config": {
    	"security": {
			"encryptionKeyFile": "./bin/saga.ek"
        },
    	"libraryJars": [
            "./lib"
        ],
		...
	"providers": [
     	{
			"name": "filesystem-provider",
			"type": "FileSystem",
			"baseDir": "./config"
		},
 		{
			"name": "saga-provider",
  			"type": "OpenSearch",
			"nodeUrls": ["http://localhost:9200"],
			"timestamp": "updatedAt",
			"indexName": "saga",
			"encryptionKeyFile" : "./bin/saga.ek",
			"authentication": "basic",
			"user": "<username>",
			"password": "<path_to_pwd_file>",
			"timeout": 90,
			"delay": 5,
			"retries": 3,
 			"maxResults": 2000000 
			"exclude": [
				"updatedAt",
				"createdAt"
			]
		} 

	]
}

Content by Label
showLabelsfalse
max5
spacessaga131
showSpacefalse
sortmodified
reversetrue
typepage
cqllabel in ("configuration","authentication","aspire","providers","opensearch","aws") and type = "page" and space = "saga131"
labelsElasticsearch

Page properties
hiddentrue

Related issues

Saga Configuration