Databricks workspace setup guide

Home

Databricks workspace setup guide

Configuring a Databricks Workspace

This section provides instructions to connect a Databricks workspace to Unravel SaaS.

Enable Personal Access Token in Databricks.
Note
If you are using Service Principals for generating the Personal Access Token (PAT), refer to Manage service principals for the steps to enable the PAT on Databricks for AWS and Manage service principals for the steps to enable PAT on Databricks for Azure.
1. Enable personal access token authentication for the workspace.
  1. Go to your workspace, and from the dropdown located in the upper right corner, select Settings.
  2. Click the Advanced tab and click the Personal Access Tokens toggle. For more details, refer to Manage personal access tokens.
2. Create a Databricks personal access token for your Databricks workspace user.
  1. Go to your workspace, and from the dropdown located in the upper right corner, select Settings.
  2. Click Developer > Access Tokens > Manage. The Access Tokens page is displayed.
  3. Click the Generate New Token button. The new token is generated. You must save this token and keep it handy to register a new Databricks workspace. For more details, refer to Authentication using Databricks personal access tokens.

Click Add Workspace. The Add Workspace dialog box is displayed. Enter the following details:

Field	Description
Workspace Id	Databricks workspace ID can be found in the Databricks URL. The numbers shown after o= in the Databricks URL become the workspace ID. For example, in this URL:https://<databricks-instance>/?o=3205148689792956, the Databricks workspace ID is the number after o=, which is 3205148689792956.
Workspace Name	Databricks workspace name. A name for the workspace. For example, `ACME-Workspace`. The Workspace name can be got from the Azure portal.
Instance (Region) URL	Regional URL where the Databricks workspace is deployed. Specify the complete URL. The expected format is protocol://dns or ip(:port). Ensure that the URL does not end with a slash. For example, a valid input is: https://eastus.azuredatabricks.net. An invalid input is: https://eastus.azuredatabricks.net/. The URL can be got from the Azure portal.
Tier	Select a subscription option from: Standard, Premium, Enterprises, and Dedicated. For Databricks Azure, you can get the pricing information from the Azure portal. For Databricks AWS you can get detailed information about pricing tiers from Databricks AWS pricing.
Token	Use the personal access token to secure authentication to the Databricks APIs. You can generate the token from your Databricks workspace. Contact Unravel support for generating a personal access token through SPN on Databricks for AWS and Azure. See Authentication using Databricks personal access tokens for more details. Note Users with admin or non-admin roles can create personal access tokens. Non-admin users must ensure to fulfill certain requirements before creating personal access tokens.

Note

After you click Add, it takes around 2-3 minutes to register the Databricks Workspace with Unravel.

Configure the Databricks cluster with Unravel using Global init script:
Global init script applies the Unravel configurations to all clusters in a workspace. The following steps take you through the cluster configuration with Global init. If you are configuring the clusters without Global init, proceed to the next step.
Global init is deployed automatically on the Workspace and needs to be enabled manually from the location shown in the following image:
1. Go to your workspace, and from the dropdown located in the upper right corner, select Admin Settings.
2. From Settings, click Compute and then click Manage next to Global init scripts. The Global init scripts page is shown.
3. Use the toggle key under the Enabled column to enable the Global init scripts.
  You can also find the Global initialization script in your workspace at this path: /Workspace/Unravel/install-unravel.sh
  If it is not deployed automatically, you can do one of the following
  Use this script as a Cluster init script.
  Add Unravel configuration to Databricks clusters using the Global init script by referring to these instructions.
Note
Cluster logging should be enabled at the cluster level. See Logging in Cluster init script for instructions.

Configuring Databricks clusters without Global init

Under Logging, set Destination to DBFS and copy the below snippet as Cluster Log Path.
Under Init Script, set Destination to Workspace, copy the snippet below as the Init Script Path, and click Add.

From your Azure Workspace, access Settings > Advanced and apply the following settings:

Requirements for non-admin tokens

Set the following permissions to use a non-admin token with Unravel:

In Admin Settings, the Token Usage must have CAN USE permission either as a user or as a group or All Users, or SP for the non-admin user; otherwise, an error is shown.
If in the Admin Settings, the Workspace Access Control is enabled, create the Unravel folder at the workspace root file system, and ensure that the CAN MANAGE permission is granted on the Unravel folder for the non-admin user/group/SP used by Unravel.
If, in the Admin Settings, Workspace Visibility Control is enabled, Unravel User/group/SP needs to have Workspace access and Databricks SQL access permission
Create init script manually; see Connect Databricks cluster to Unravel for setting up Unravel sensor via Global init script or Cluster init script.
If in the Admin Settings, the Cluster Visibility Control is enabled, you must grant the Unravel token the CAN ATTACH permission to all the clusters (per cluster) manually.
If in the Admin Settings, the Job Visibility Control is enabled, you must grant Unravel token with the CAN ATTACH permission to all the jobs (per job) manually.

The following API endpoint permissions should be also granted:

Endpoint	Permission
`/api/2.0/workspace/mkdirs`	CAN MANAGE permission in the parent folder.
`/api/2.0/clusters/get?cluster_id`	No extra permission
`/api/2.0/clusters/events`	No extra permission
`/api/2.0/clusters/list-node-types`	No extra permission
`/api/2.0/clusters/list`	CAN ATTACH permission is needed to be granted per cluster to see the clusters
`/api/2.0/clusters/events`	CAN ATTACH permission is needed to be granted per cluster to see the clusters
`/api/2.0/jobs/runs/get?run_id`	CAN VIEW permission is needed to be granted per job run
`/api/2.0/jobs/runs/list`	CAN VIEW permission is needed to be granted per job run
`/api/2.0/sql/history/queries`	Only two permissions admin can see all, user can only see their queries.
`/api/2.0/sql/warehouses`	CAN USE permission required per warehouse
`/api/2.1/unity-catalog/catalogs`	USE CATALOG permission to see the catalog.
`/api/2.1/unity-catalog/metastores`	admin only
`/api/2.1/unity-catalog/schemas`	USE_SCHEMA permission per schema or catalog.
`/api/2.1/unity-catalog/tables`	USE_SCHEMA permission per schema or catalog.
`/api/2.1/unity-catalog/storage-credentials`	Storage credentials the caller has permission to access. If the caller is a metastore admin, all storage credentials will be retrieved.
`/api/2.0/workspace/import`	admin only
`/api/2.0/global-init-scripts`	admin only

Note

If you are using Service Principals for generating the Personal Access Token (PAT), refer to Manage service principals for the steps to enable the PAT on Databricks for AWS and Manage service principals for the steps to enable PAT on Databricks for Azure.

In this section:

Would you like to provide feedback? Just click here to suggest edits.

Home

Databricks workspace setup guide

Note

Note

Note

Note

Configuring Databricks clusters without Global init

Requirements for non-admin tokens

Note

Search results