Skip to main content

Running the Manta collector on-premise

Note

The latest version of the Collector is 2.235. To view the release notes for this version and all previous versions, please go here.

Generating the command or YAML file

This section walks you through the process of generating the command or YAML file for running the collector from Windows or Linux or MAC OS.

To generate the command or YAML file:

  1. On the Organization profile page, go to the Settings tab > Metadata collectors section.

  2. Click the Add a collector button.

    add_a_collector.png
  3. On the Choose metadata collector screen, select the correct metadata source. Click Next.

  4. On the Choose where the collector will run screen, in the On-premise section, select if you will be running the collector on Windows or Mac OS or Linux. This will determine the format of the YAML and CLI that is generated in the end. Click Next.

    select_an_os.png
  5. On the On-prem collector setup prerequisites screen, read the pre-requisites and click Next.

  6. On the Configure an on-premises Manta Collector screen, set the following properties and click Next.

  7. On the next screen, set the following properties and click Next.

    Table 2.

    Field name

    Corresponding parameter name

    Description

    Required?

    Authentication

    Select from:

    • Authentication using a MANTA Token

    • Authentication using username and password

    Authentication using MANTA Token

    Yes

    (or set the Authentication using Username and Password parameters)

    MANTA Token URL

    --manta-token-url= <mantaTokenUrl>

    URL to obtain a jwt token to authenticate with manta.

    Example: 

    http://localhost:9090/auth/realms/manta/protocol/openid-connect/token.

    MANTA ClientId

    --manta-client-id= <mantaClientId>

    Client ID name for the oauth connection.

    MANTA Client Secret

    --manta-client-secret= <mantaClientSecret>

    Client Secret used to obtain a jwt authentication token.

    Authentication using Username and Password

    Yes

    (or set the Authentication using MANTA Token parameters)

    MANTA Username

    --manta-user= <mantaUse>

    MANTA user to use for API authentication

    MANTA Password

    --manta-password= <mantaPassword>

    Password to use for API authentication

    MANTA Admin API URL (applies to both types of authentication)

    MANTA Admin API URL

    --manta-api-url= <mantaAdminApiBaseUrl>

    URL of MANTA Admin API, for example: http://host:8181/manta-admin-gui/public/process-manager/v1/

    Yes



  8. On the next screen, set the following advanced properties and click Next.

    Table 3.

    Field name

    Corresponding parameter name

    Description

    Required?

    Perform Manta Analysis Scan

    --manta-scan= <true_or_false>

    If present, have MANTA perform an analysis scan to refresh the MANTA graph prior to exporting (default  is to catalog existing repository contents without a new MANTA scan)

    No

    MANTA viewer URL

    --manta-viewer-url= <mantaViewerUrl>

    URL of MANTA Viewer UI, for example: http://host/manta-dataflow-server/viewer

    No

    Manta max parallel scenarios

    --manta-max-parallel-scenarios= <maxParallelScenarios>

    Maximum number of scenarios to extract from the MANTA graph at once to optimize performance. Specifying this option and passing an integer value will configure the MANTA API to export the specified number of scenarios in the MANTA graph in parallel. The default value is 4; adjusting this up or down can improve performance.

    No

    MANTA database ID mappings

    --manta-db-id-mapping= <databaseIdMappings>

    Mappings of the form [server]/[database name]=[database-id], used to associate a database-id  with a database found in the MANTA graph that has the specified server and database names. (You only need provide to this if the database name in the MANTA graph  is not sufficiently unique to completely  identify the database.)

    No

    MANTA port mappings

    --manta-port-mapping= <portMappings>

    Mappings of the form [server]/[database name]=[port], used to associate a port  with a database found in the MANTA graph that has the specified server and database names. (You only need provide to this if the database listens on a port other than the default port  for that type of database.)

    No



  9. On the next screen, provide the Collector configuration name. This is the name used to save the configuration details. The configuration is saved and made available on the Metadata collectors summary page from where you can edit or delete the configuration at a later point. Click Save and Continue.

  10. On the Finalize your Manta Collector configuration screen, you are notified about the environment variables and directories you need to setup for running the collector. Select if you want to generate Configuration file ( YAML) or Command line arguments (CLI). Click Next.

  11. The next screen gives you an option to download the YAML configuration file or copy the CLI command. Click Done. If you are generating a YAML file, click Next.

  12. The Manta command screen gives you the command to use for running the collector using the YAML file.

  13. You will notice that the YAML/CLI has following additional parameters that are automatically set for you.

    Important

    Except for the collector version, you should not change the values of any of the parameter listed here.

    Table 4.

    Parameter name

    Details

    Required?

    -a= <agent>

    --agent= <agent>

    --account= <agent>

    The ID for the data.world account into which you will load this catalog - this is used to generate the namespace for any URIs generated.

    Yes

    --site= <site>

    This parameter should be set only for Private instances. Do not set it for public instances and single-tenant installations. Required for private instance installations.

    Yes

    (required for private instance installations)

    -U

    --upload

    Whether to upload the generated catalog to the organization account's catalogs dataset.

    Yes

    -L

    --no-log-upload

    Do not upload the log of the Collector run to the organization account's catalogs dataset.

    Yes

    dwcc: <CollectorVersion>

    The version of the collector you want to use (For example, datadotworld/dwcc:2.113)

    Yes



  14. Add the following additional parameter to test run the collector.

    • --dry-run: If specified, the collector does not actually harvest any metadata, but just checks the database connection parameters provided by the user and reports success or failure at connecting.

Verifying environment variables and directories

  1. Verify that you have set up all the required environment variables that were identified by the Collector Wizardbefore running the collector. Alternatively, you can set these credentials in a credential vault and use a script to retrieve those credentials.

  2. Verify that you have set up all the required directories that were identified by the Collector Wizard.

Running the collector

Important

Before you begin running the collector make sure you have completed all the pre-requisite tasks.

Running collector using YAML file

  1. Go to the machine where you have setup docker to run the collector.

  2. Place the YAML file generated from the Collector wizard to the correct directory.

  3. From the command line, run the command generated from the application for executing the YAML file.

    Caution

    Note that is just a sample command for showing the syntax. You must generate the command specific to your setup from the application UI.

    docker run -it --rm --mount type=bind,source=${HOME}/dwcc,target=/dwcc-output \
      --mount type=bind,source=${HOME}/dwcc,target=/app/log -e DW_AUTH_TOKEN=${DW_AUTH_TOKEN} \
      -e DW_MANTA_SECRET=${DW_MANTA_SECRET} datadotworld/dwcc:2.124 --config-file=/dwcc-output/config-manta.yml
  4. If you are running the collector using Jar files, be sure to edit the command as instructed on this page.

  5. The collector automatically uploads the file to the specified dataset and you can also find the output at the location you specified while running the collector.

  6. If you decide in the future that you want to run the collector using an updated version, simply modify the collector version in the provided command. This will allow you to run the collector with the latest version.

Running collector without the YAML file

  1. Go to the machine where you have setup docker to run the collector.

  2. From the command line, run the command generated from the application. Here is a sample command.

    Caution

    Note that is just a sample command for showing the syntax. You must generate the command specific to your setup from the application UI.

    Sample command with username and password parameters.

    docker run -it --rm --mount type=bind,source=${HOME}/dwcc,target=/dwcc-output \
      --mount type=bind,source=${HOME}/dwcc,target=/app/log datadotworld/dwcc:2.124 \
      catalog-manta --agent=8bank-catalog-sources --site=solutions --no-log-upload=false \
      --upload=true --api-token=${DW_AUTH_TOKEN} --output=/dwcc-output \
      --name=8bank-catalog-sources-collection --upload-location=ddw-catalogs \
      --manta-user=8bank-user --manta-password=${DW_MANTA_PASSWORD} \
      --manta-api-url=http://host:8181/manta-admin-gui/public/process-manager/v1/ \
      --manta-viewer-url=http://host/manta-dataflow-server/viewer --manta-scan=false

    Sample command with MANTA Token parameters.

    docker run -it --rm --mount type=bind,source=${HOME}/dwcc,target=/dwcc-output \
      --mount type=bind,source=${HOME}/dwcc,target=/app/log datadotworld/dwcc:2.124 \
      catalog-manta --agent=8bank-catalog-sources --site=solutions --no-log-upload=false \
      --upload=true --api-token=${DW_AUTH_TOKEN} --output=/dwcc-output \
      --name=8bank-catalog-sources-collection --upload-location=ddw-catalogs \
      --manta-token-url=http://localhost:9090/auth/realms/manta/protocol/openid-connect/token \
      --manta-client-id=SampleClientID --manta-client-secret=${DW_MANTA_SECRET} \
      --manta-api-url=http://host:8181/manta-admin-gui/public/process-manager/v1/ \
      --manta-viewer-url=http://host/manta-dataflow-server/viewer --manta-scan=false
  3. If you are running the collector using Jar files, be sure to edit the command as instructed on this page.

  4. The collector automatically uploads the file to the specified dataset and you can also find the output at the location you specified while running the collector.

  5. If you decide in the future that you want to run the collector using an updated version, simply modify the collector version in the provided command. This will allow you to run the collector with the latest version.

Collector runtime and troubleshooting

The catalog collector may run in several seconds to many minutes depending on the size and complexity of the system being crawled.

  • If the catalog collector runs without issues, you should see no output on the terminal, but a new file that matching *.dwec.ttl should be in the directory you specified for the output.

  • If there was an issue connecting or running the catalog collector, there will be either a stack trace or a *.log file. Both of those can be sent to support to investigate if the errors are not clear.

A list of common issues and problems encountered when running the collectors is available here.

Automating updates to your metadata catalog

Maintaining an up-to-date metadata catalog is crucial and can be achieved by employing Azure Pipelines, CircleCI, or any automation tool of your preference to execute the catalog collector regularly.

There are two primary strategies for setting up the collector run times:

  • Scheduled: You can configure the collector according to the anticipated frequency of metadata changes in your data source and the business need to access updated metadata. It's necessary to account for the completion time of the collector run (which depends on the size of the source) and the time required to load the collector's output into your catalog. This could be for instance daily or weekly. We recommend scheduling the collector run during off-peak times for optimal performance.

  • Event-triggered: If you have set up automations that refresh the data in a source technology, you can set up the collector to execute whenever the upstream jobs are completed successfully. For example, if you're using Airflow, Github actions, dbt, etc., you can configure the collector to automatically run and keep your catalog updated following modifications to your data sources.

Managing collector runs and configuration details

Overview

Some enterprise systems support the use of Secure Sockets Layer (SSL) encrypted communications on all external traffic. If you are harvesting metadata from a source system that requires SSL, you will need to add a CA certificate or self-signed certificate.

Obtaining the Custom SSL Certificate

  • Obtain the root certificate for your source system issued by your company. Typically your system administrator should be able to provide you with this.

Extending Docker to use custom SSL certificates

If the collector is run via Docker, extend the Docker image and install the custom certificate.

STEP 1: Prepare the Docker File

First, prepare a Dockerfile with the instructions for Docker to install the custom certificate and extend the Docker image.

  1. Ensure you are on the machine where you have downloaded the Docker Image and plan to execute the Collector.

  2. In a directory create the new Dockerfile with the following parameters for your custom SSL Certificate:

    Important

    The file should be named exactly Dockerfile [without any extensions].

    FROM datadotworld/dwcc:<collector_version>
    ADD ./<custom_certificate_file_path> <custom_certificate_file_name>
    RUN keytool -importcert -alias startssl -cacerts -storepass changeit 
    -noprompt -file <custom_certificate_file_name>
    • Replace <collector_version> with the version of the Collector you want to use (For example, datadotworld/dwcc:2.120)

    • Replace <custom_certificate_file_path> with the path to the custom SSL Certificate.

    • Replace <custom_certificate_file_name> with the name of your custom SSL Certificate file.

    For example, the command will look like:

    FROM datadotworld/dwcc:2.120
    ADD ./ca.der certificate
    RUN keytool -importcert -alias startssl -cacerts -storepass changeit 
    -noprompt -file certificate

STEP 2: Install the certificate and extend the docker image

Next, execute the the Dockerfile to install the certificate and extend the data.world Collector Docker Image.

  1. Using your terminal of choice, ensure you are in the directory containing the Dockerfile created in step 1.

  2. Next, create the new extended Docker image, called dwcc-cert in this example, by executing the following command:

    docker build -t dwcc-cert .

    Important things to note:

    • The command must be all lowercase.

    • The command must include the period (.) at the end, which directs Docker to use the local directory for the Dockerfile created above.

    • For the new image, the command uses the name dwcc-cert You can change the name if you want.

STEP 3: Run collector using the custom certificate

Finally, run the collector using the custom Certificate.

  1. Get the standard docker run command for the Data Source you are collecting from.

  2. Change the docker run command to use dwcc-cert image instead of dwcc image.

    Sample command for Tableau.

    docker run -it --rm --mount type=bind,source=/tmp,target=/dwcc-output \
    --mount type=bind,source=/tmp,target=/app/log dwcc-cert \
    catalog-tableau --tableau-api-base-url <baseUrl> \
    --tableau-password <password> --tableau-username <username> \
    -a <account> -n <catalogName> -o "/dwcc-output"

    If you are using YAML file for running the collector, edit the command to use dwcc-cert image instead of dwcc image.

    docker run -it --rm --mount type=bind,source=${HOME}/dwcc,target=/dwcc-output \ 
     --mount type=bind,source=${HOME}/dwcc,target=/app/log -e DW_AUTH_TOKEN=${DW_AUTH_TOKEN} \
      -e DW_TABLEAU_PASSWORD=${DW_TABLEAU_PASSWORD} dwcc-cert \ 
     --config-file=/dwcc-output/config-tableau.yml

Adding custom SSL certificates when using jar

If the collector is run via jar, add the certificate to the JVM truststore.

  1. From the terminal, navigate to the directory containing the certificate.

  2. Run the following command to add the SSL certificate to the truststore:

    keytool -importcert -alias startssl -cacerts -storepass changeit -noprompt -file <custom_certificate_file_path>

    Replace <custom_certificate_file_path> with the path to the custom SSL Certificate.

    For example, the command will look like:

    keytool -importcert -alias startssl -cacerts -storepass changeit -noprompt -file ca.der
  3. Finally, run the collector using the original jar file command. Note that this command does not need any modifications.

Troubleshooting SSL certificate issues

Issue: Error observed while building the Docker image

Issue

  • The following error message occurs when building the Docker image:

ERROR: failed to solve: failed to read dockerfile

Description

  • The Docker file is not named correctly.

Solution

  1. Ensure that the file created in Step 1 is called exactly Dockerfile without any extensions.

  2. Ensure that you are in the same directory as the Dockerfile when running the docker build <custom_image_name> . command.

Issue: Invalid certificate found error while running the collector

Issue

  • The following error occurs while running the collector:

Caused by: javax.ws.rs.ProcessingException: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Description

  • There was an issue connecting to the source system using the SSL certificate.

Solution

  1. Check to make sure the SSL certificate has not expired.

  2. Ensure you have the correct SSL certificate for the source system.