Skip to main content

Running the Amazon Managed Streaming for Kafka (MSK) collector on-premise

Note

The latest version of the Collector is 2.251. To view the release notes for this version and all previous versions, please go here.

Generating the command or YAML file

This section walks you through the process of generating the command or YAML file for running the collector from Windows or Linux or MAC OS.

To generate the command or YAML file:

Important

We will use the Confluent Platform Collector to generate the Command or YAML file for Amazon Managed Streaming for Kafka collector.

  1. On the Organization profile page, go to the Settings tab > Metadata collectors section.

  2. Click the Add a collector button.

    add_a_collector.png
  3. On the Choose metadata collector screen, select the correct metadata source. Click Next.

  4. On the Choose where the collector will run screen, in the On-premise section, select if you will be running the collector on Windows or Mac OS or Linux. This will determine the format of the YAML and CLI that is generated in the end. Click Next.

    select_an_os.png
  5. On the On-prem collector setup prerequisites screen, read the pre-requisites and click Next.

  6. On the Configure an on-premises Confluent Platform Collector screen, set the following properties and click Next.

  7. On the next screen, set the following properties and click Next.

    Table 2.

    Field name

    Corresponding parameter name

    Description

    Required?

    Bootstrap server and port

    --kafka-bootstrap-server-port= <boostrapServerPort>

    A bootstrap server:port for the cluster to be cataloged. The port is optional if the server is listening on the default port 9092.

    Yes

    Cluster username

    --kafka-cluster-username= <clusterUsername>

    The username to use in authenticating to the Kafka cluster.

    Yes

    Cluster password

    --kafka-cluster-password= <clusterPassword>

    The password to use in authenticating to the Kafka cluster.

    Yes



  8. On the next screen, set the following advanced properties and click Next.

    Table 3.

    Field name

    Corresponding parameter name

    Description

    Required?

    SSL flag

    --kafka-cluster-sasl-ssl

    Please ensure that the SSL flag box is checked. This setting is commonly required in most environments to establish a secure connection.

    No

    Confluent Schema Registry API base URL

    --confluent-schema-registry-api-url= <confluentSchemaRegistryApiUrl>

    Do not set this parameter for Amazon Managed Streaming for Kafka (MSK) collector.

    No

    Confluent Schema Registry username

    --confluent-schema-registry-username= <confluentSchemaRegistryUsername>

    Do not set this parameter for Amazon Managed Streaming for Kafka (MSK) collector.

    No

    Confluent Schema Registry password

    --confluent-schema-registry-password= <confluentSchemaRegistryPassword>

    Do not set this parameter for Amazon Managed Streaming for Kafka (MSK) collector.

    No

    SASL mechanism for authentication

    --kafka-cluster-sasl-type

    Specify the SASL mechanism for the Kafka cluster. Provide plain or scram-sha-512. If not specified, default value is plain.

    No

    Kafka Include Topic Filter

    --include-topic= <kafkaTopicInclude>

    Specify topics to include. You can either provide the topic name or a regular expression to be matched on the topic names.

    Note: No topic is included if the parameter is not set.

    No

    Kafka Exclude Topic Filter

    --exclude-topic= <kafkaTopicExclude>

    Specify topics to exclude. You can either provide the topic name or a regular expression to be matched on the topic names.

    Note: All topics are excluded if the parameter is not set.

    No



  9. On the next screen, provide the Collector configuration name. This is the name used to save the configuration details. The configuration is saved and made available on the Metadata collectors summary page from where you can edit or delete the configuration at a later point. Click Save and Continue.

  10. On the Finalize your Confluent Platform Collector configuration screen, you are notified about the environment variables and directories you need to setup for running the collector. Select if you want to generate a Configuration file (YAML) or Command line arguments (CLI). Click Next

  11. The next screen gives you an option to download the YAML configuration file or copy the CLI command. Click Done. If you are generating a YAML file, click Next.

  12. The Confluent Platform command screen gives you the command to use for running the collector using the YAML file.

  13. You will notice that the YAML/CLI has following additional parameters that are automatically set for you.

    Important

    Except for the collector version, you should not change the values of any of the parameter listed here.

    Table 4.

    Parameter name

    Details

    Required?

    -a= <agent>

    --agent= <agent>

    --account= <agent>

    The ID for the data.world account into which you will load this catalog - this is used to generate the namespace for any URIs generated.

    Yes

    --site= <site>

    This parameter should be set only for Private instances. Do not set it for public instances and single-tenant installations. Required for private instance installations.

    Yes (required for private instance installations)

    -U

    --upload

    Whether to upload the generated catalog to the  organization account's catalogs dataset.

    Yes

    dwcc: <CollectorVersion>

    The version of the collector you want to use (For example, datadotworld/dwcc:2.168)

    Yes



  14. Add the following additional parameter to test run the collector.

    • --dry-run: If specified, the collector does not actually harvest any metadata, but just checks the connection parameters provided by the user and reports success or failure at connecting.

  15. We recommend enabling debug level logs when running the collector for the first time. This approach aids in swiftly troubleshooting any configuration and connection issues that might arise during collector runs. Add the following parameter to your collector command:

    • -e log_level=DEBUG: Enables debug level logging for collectors.

Verifying environment variables and directories

  1. Verify that you have set up all the required environment variables that were identified by the Collector Wizard before running the collector. Alternatively, you can set these credentials in a credential vault and use a script to retrieve those credentials.

  2. Verify that you have set up all the required directories that were identified by the Collector Wizard.

Running the collector

Important

Before you begin running the collector make sure you have completed all the pre-requisite tasks.

Running collector using YAML file

  1. Go to the machine where you have setup docker to run the collector.

  2. Place the YAML file generated from the Collector wizard to the correct directory.

  3. From the command line, run the command generated from the application for executing the YAML file.

    Caution

    Note that is just a sample command for showing the syntax. You must generate the command specific to your setup from the application UI.

    docker run -it --rm --mount type=bind,source=${HOME}/dwcc,target=/dwcc-output \
      --mount type=bind,source=${HOME}/dwcc,target=/app/log -e DW_AUTH_TOKEN=${DW_AUTH_TOKEN} \
      -e DW_CONFLUENT_LOCAL_PASSWORD=${DW_CONFLUENT_LOCAL_PASSWORD} \
      datadotworld/dwcc:2.199 --config-file=/dwcc-output/config-confluent_local.yml
  4. If you are running the collector using Jar files, be sure to edit the command as instructed on this page.

  5. The collector automatically uploads the file to the specified dataset and you can also find the output at the location you specified while running the collector. Similarly, the log files are uploaded to the specified dataset and can be found in the directory mounted to target=/app/log specified in the command.

  6. If you decide in the future that you want to run the collector using an updated version, simply modify the collector version in the provided command. This will allow you to run the collector with the latest version.

Running collector without the YAML file

  1. Go to the machine where you have setup docker to run the collector.

  2. From the command line, run the command generated from the application. Here is a sample command.

    Caution

    Note that is just a sample command for showing the syntax. You must generate the command specific to your setup from the application UI.

    docker run -it --rm --mount type=bind,source=${HOME}/dwcc,target=/dwcc-output \
      --mount type=bind,source=${HOME}/dwcc,target=/app/log datadotworld/dwcc:2.199 \
      catalog-confluent-local --agent=8bank --output=/dwcc-output --api-token=${DW_AUTH_TOKEN} \
      --upload=true --name=8bank-collection --upload-location=ddw-catalogs \
      --kafka-bootstrap-server-port=8bank_server --kafka-cluster-username=8bank_user \
      --kafka-cluster-password=${DW_CONFLUENT_LOCAL_PASSWORD} --kafka-cluster-sasl-ssl=true \
    
  3. If you are running the collector using Jar files, be sure to edit the command as instructed on this page.

  4. The collector automatically uploads the file to the specified dataset and you can also find the output at the location you specified while running the collector. Similarly, the log files are uploaded to the specified dataset and can be found in the directory mounted to target=/app/log specified in the command.

  5. If you decide in the future that you want to run the collector using an updated version, simply modify the collector version in the provided command. This will allow you to run the collector with the latest version.

Automating updates to your metadata catalog

Maintaining an up-to-date metadata catalog is crucial and can be achieved by employing Azure Pipelines, CircleCI, or any automation tool of your preference to execute the catalog collector regularly.

There are two primary strategies for setting up the collector run times:

  • Scheduled: You can configure the collector according to the anticipated frequency of metadata changes in your data source and the business need to access updated metadata. It's necessary to account for the completion time of the collector run (which depends on the size of the source) and the time required to load the collector's output into your catalog. This could be for instance daily or weekly. We recommend scheduling the collector run during off-peak times for optimal performance.

  • Event-triggered: If you have set up automations that refresh the data in a source technology, you can set up the collector to execute whenever the upstream jobs are completed successfully. For example, if you're using Airflow, Github actions, dbt, etc., you can configure the collector to automatically run and keep your catalog updated following modifications to your data sources.

Managing collector runs and configuration details

Overview

Some enterprise systems support the use of Secure Sockets Layer (SSL) encrypted communications on all external traffic. If you are harvesting metadata from a source system that requires SSL, you will need to add a CA certificate or self-signed certificate.

Obtaining the Custom SSL Certificate

  • Obtain the root certificate for your source system issued by your company. Typically your system administrator should be able to provide you with this.

Extending Docker to use custom SSL certificates

If the collector is run via Docker, extend the Docker image and install the custom certificate.

STEP 1: Prepare the Docker File

First, prepare a Dockerfile with the instructions for Docker to install the custom certificate and extend the Docker image.

  1. Ensure you are on the machine where you have downloaded the Docker Image and plan to execute the Collector.

  2. In a directory create the new Dockerfile with the following parameters for your custom SSL Certificate:

    Important

    The file should be named exactly Dockerfile [without any extensions].

    FROM datadotworld/dwcc:<collector_version>
    ADD ./<custom_certificate_file_path> <custom_certificate_file_name>
    RUN keytool -importcert -alias startssl -cacerts -storepass changeit 
    -noprompt -file <custom_certificate_file_name>
    • Replace <collector_version> with the version of the Collector you want to use (For example, datadotworld/dwcc:2.120)

    • Replace <custom_certificate_file_path> with the path to the custom SSL Certificate.

    • Replace <custom_certificate_file_name> with the name of your custom SSL Certificate file.

    For example, the command will look like:

    FROM datadotworld/dwcc:2.120
    ADD ./ca.der certificate
    RUN keytool -importcert -alias startssl -cacerts -storepass changeit 
    -noprompt -file certificate

STEP 2: Install the certificate and extend the docker image

Next, execute the the Dockerfile to install the certificate and extend the data.world Collector Docker Image.

  1. Using your terminal of choice, ensure you are in the directory containing the Dockerfile created in step 1.

  2. Next, create the new extended Docker image, called dwcc-cert in this example, by executing the following command:

    docker build -t dwcc-cert .

    Important things to note:

    • The command must be all lowercase.

    • The command must include the period (.) at the end, which directs Docker to use the local directory for the Dockerfile created above.

    • For the new image, the command uses the name dwcc-cert You can change the name if you want.

STEP 3: Run collector using the custom certificate

Finally, run the collector using the custom Certificate.

  1. Get the standard docker run command for the Data Source you are collecting from.

  2. Change the docker run command to use dwcc-cert image instead of dwcc image.

    Sample command for Tableau.

    docker run -it --rm --mount type=bind,source=/tmp,target=/dwcc-output \
    --mount type=bind,source=/tmp,target=/app/log dwcc-cert \
    catalog-tableau --tableau-api-base-url <baseUrl> \
    --tableau-password <password> --tableau-username <username> \
    -a <account> -n <catalogName> -o "/dwcc-output"

    If you are using YAML file for running the collector, edit the command to use dwcc-cert image instead of dwcc image.

    docker run -it --rm --mount type=bind,source=${HOME}/dwcc,target=/dwcc-output \ 
     --mount type=bind,source=${HOME}/dwcc,target=/app/log -e DW_AUTH_TOKEN=${DW_AUTH_TOKEN} \
      -e DW_TABLEAU_PASSWORD=${DW_TABLEAU_PASSWORD} dwcc-cert \ 
     --config-file=/dwcc-output/config-tableau.yml

Adding custom SSL certificates when using jar

If the collector is run via jar, add the certificate to the JVM truststore.

  1. From the terminal, navigate to the directory containing the certificate.

  2. Run the following command to add the SSL certificate to the truststore:

    keytool -importcert -alias startssl -cacerts -storepass changeit -noprompt -file <custom_certificate_file_path>

    Replace <custom_certificate_file_path> with the path to the custom SSL Certificate.

    For example, the command will look like:

    keytool -importcert -alias startssl -cacerts -storepass changeit -noprompt -file ca.der
  3. Finally, run the collector using the original jar file command. Note that this command does not need any modifications.

Troubleshooting SSL certificate issues

Issue: Error observed while building the Docker image

Issue

  • The following error message occurs when building the Docker image:

ERROR: failed to solve: failed to read dockerfile

Description

  • The Docker file is not named correctly.

Solution

  1. Ensure that the file created in Step 1 is called exactly Dockerfile without any extensions.

  2. Ensure that you are in the same directory as the Dockerfile when running the docker build <custom_image_name> . command.

Issue: Invalid certificate found error while running the collector

Issue

  • The following error occurs while running the collector:

Caused by: javax.ws.rs.ProcessingException: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Description

  • There was an issue connecting to the source system using the SSL certificate.

Solution

  1. Check to make sure the SSL certificate has not expired.

  2. Ensure you have the correct SSL certificate for the source system.