Home

Configuring Log Receiver (LR) authentication

LR (LogReceiver) is the single entry point for all HTTP-based messages from Unravel sensors to the Unravel server. If you have a setup without authentication where the LR host and port are public, foreign clients can push data to LR, even if you enable Transport Layer Security (TLS). Therefore, for secure access, Unravel supports LR authentication with TLS enabled.

Note

Currently, this support can be enabled only for Databricks.

You can configure LR authentication when you do a fresh Unravel installation or upgrade from a previous version of Unravel to the current version.

Configuring LR authentication during Unravel installation

When you install Unravel using the configuration file derived from the Interactive precheck, ensure to answer the following Interactive precheck prompts as specified:

  • Specify Databricks as the platform for the following prompt:

    Which data platform are you installing for?
       1- Hadoop
       2- EMR
       3- HDI
       4- Databricks
       5- Dataproc
  • Answer with Yes for the following prompt:

    Use HTTPS to access unravel? (y/n) [Yes]:  

    When you answer with a Yes, you are prompted for the path to the certificate and key. Unravel uses this information to configure TLS during installation. Authentication will be enabled automatically. If you answer with a No, you are shown a warning message for confirmation.

Configuring LR authentication during Unravel upgrade

Interactive precheck is not available during the upgrade. Therefore, you must run the following steps after running the manager activate command to complete the upgrade. Also, refer to Upgrading Unravel.

  1. Enable TLS, if it is not done already. Refer to Enable TLS for Unravel.

  2. Enable LR authentication:

    <unravel_installation_directory>/unravel/manager config databricks authentication enable
  3. Set LR hostname and set LR port number to default as follows:

    <unravel_installation_directory>/unravel/manager config databricks set-lr-endpoint <hostname> ''
    
    ##For example:
    /opt/unravel/manager config databricks set-lr-endpoint <hostname> ''
    

    After you run this command, you are prompted to specify the port number. Ensure to press ENTER and leave it empty.

  4. Apply configuration changes and refresh configuration of Databricks sensors:

    <unravel_installation_directory>/unravel/manager config apply
    <unravel_installation_directory>/unravel/manager refresh databricks

    After the TLS feature is activated, the LR with HTTPS protocol is started and listens on the 4443 port (by default). The LR also listens on non-protected HTTP port 4043 to support clusters not configured for TLS communication.

  5. After you restart all the clusters, you can disable the non-protected HTTP port 4043 with the following command:

    <unravel_installation_directory>/unravel/manager config properties set 'logreceiver.http.port' -1
    <unravel_installation_directory>/unravel/manager config apply

    Warning

    If you enable the authentication before you restart the clusters, the sensors cannot publish data to the LR service because it will require credentials. You can also lose data if you disable the port before restarting the clusters.

  6. After you apply all the configuration settings and start the LR, execute the following command to verify the TLS configuration:

    <unravel_installation_directory>/unravel/manager verify connect <LR-hostname> <LR-TLS-port>