Versions Compared

Old Version 8

changes.mady.by.user Morgan Mackeson-Ellis

Saved on

compared with

New Version Current

changes.mady.by.user Morgan Mackeson-Ellis

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Like the RED Client, Azkaban Executor Servers create and use an in-memory Profile at runtime for access to the required runtime credentials for the Metadata, Sources and Target connections. Since an Azkaban job can be run on any Executor on any machine we store any required credentials (passwords encrypted) and connection strings in a central location under the "redaminredadmin"."ws_scheduler_profile" table of the RED metadata repository database.

The Azkaban Executor Servers retrieve credentials and connection strings from the "redaminredadmin"."ws_scheduler_profile" at job runtime and merges any connections missing from the profile records with those found in the RED metadata. This merging process allows for Windows style authentication to work without the need to maintain the Scheduler Profile.

...

Scheduler Profile Record Structure

The Table structure of the profile records in "redaminredadmin"."ws_scheduler_profile" is like sotable:

FieldDescriptionExample
sp_con_nameLowercased connection name, used as saltrepository
sp_con_stringODBC Connection String
RED Connection Name (lowercased)ODBC Connection StringUser NameWhereScape Encrypted Password
repositorydsn=$DSN$;uid=$USER$;pwd=$PASSWORD$;
sp_user_nameUser Nameredscheduler_user
sp_encrypted_pwdEncrypted PasswordVTj0Q2xapJEWpQed8DJYvBEEnRedR94NstiHJUlLt0gC

...

Maintaining the Scheduler Profile 

The "redaminredadmin"."ws_scheduler_profile" table should be secured from regular users of the RED client and therefore maintenance of the records stored in this table will normally be done by an administrator user or a user with the specific permissions described below.

Minimum database permissions required:<insert user permissions here>

  • SELECT on the ‘red’ schema objects of the RED metadata database.
  • SELECT, INSERT, UPDATE, DELETE on the ‘redadmin’ schema objects of the RED metadata database.

To add encrypted profile rows to the scheduler profile RED provides a script with the metadata installation which is designed to be run from within the RED UI by a user with the minimum required permissions mentioned above.

For new installs, from RED 10.2.+, you will have find the wsl_scheduler_profile_maintenance host script under your Host Script's in your RED metadata repository. For upgraded repositories you will need to load this script into RED manually from <RED_Installation_Directory>\Administrator\Scripts\wsl_scheduler_profile_maintenance.ps1

...

Once you execute the script you will be presented with a dialog where you can enter the Profile Password (used to encrypt any passwords entered) and each connection's credentials as well as an appropriate connection string for use by your scheduler service.

Tip
titleProfile PasswordEncryption Secret

It is important that you enter and use the same Profile Password Encryption Secret as you provided in your Azkaban installations otherwise Azkaban will not be able to decrypt these profile records.


     Image RemovedImage Added

Once you have done entering your Scheduler Profile for each connection, click OK.

...

Next the script attempts to update the "redaminredadmin"."ws_scheduler_profile" with the Profile details provided and outputs the result and the insert statement to the results pane of RED.

...

Info
This script will need to be run every time you add a new connection to RED, so that the Scheduler Profile is kept in-sync. The subsequent times you run this script the UI will be prepopulated with any existing records in the "redaminredadmin"."ws_scheduler_profile" so that you do not have to re-enter them but allows updating any records as required.

Running the script stand-alone

If you prefer to run the script stand-alone outside of RED then you will need to set the required environment variables prior to running the script, an example follows:

Code Block
languagetext
titleExample env. variable setup
REM set required env vars
SET WSL_BINDIR=C:\Program Files\WhereScape\RED
SET WSL_META_DSN=Metadata ODBC DSN
SET WSL_META_USER=redadmin_user
SET WSL_META_PWD=pwd
SET WSL_META_CONSTRING=dsn=Metadata ODBC DSN;uid=redadmin_user;pwd=pwd;

REM run the script
powershell -executionpolicy bypass -f "%WSL_BINDIR%\Administrator\Scripts\wsl_scheduler_profile_maintenance.ps1"