In order to disable HA in SCH, we need first to change the endpoint URL the application will use. This can be changed in $DPM_CONF/common-to-all-apps.properties file and update the following properties:
dpm.base.url=https://<sch-loadbalancer-url>to
dpm.base.url=https://<sch-host-url>
Also in the same file, we need to verify that the below properties are commented or have the same value as dpm.base.url:
# Internal app endpoints
dpm.app.messaging.url=https://<sch-host-url>
dpm.app.security.url=https://<sch-host-url>
dpm.app.timeseries.url=https://<sch-host-url>
dpm.app.jobrunner.url=https://<sch-host-url>
dpm.app.notification.url=https://<sch-host-url>
dpm.app.pipelinestore.url=https://<sch-host-url>
dpm.app.policy.url=https://<sch-host-url>
dpm.app.provisioning.url=https://<sch-host-url>
dpm.app.reporting.url=https://<sch-host-url>
dpm.app.scheduler.url=https://<sch-host-url>
dpm.app.sdp_classification.url=https://<sch-host-url>
dpm.app.topology.url=https://<sch-host-url>
dpm.app.sla.url=https://<sch-host-url>
Once these changes have been applied we need to re-generate the application tokens. First, we need to remove the old ones. The application tokens can be found in $DPM_CONF folder:
$ ls -lrt *auth-token.txt
-rw-r--r-- 1 mel staff 221 May 27 13:01 security-auth-token.txt
-rw-r--r-- 1 mel staff 221 May 27 13:01 jobrunner-auth-token.txt
-rw-r--r-- 1 mel staff 221 May 27 13:01 messaging-auth-token.txt
-rw-r--r-- 1 mel staff 221 May 27 13:01 pipelinestore-auth-token.txt
-rw-r--r-- 1 mel staff 221 May 27 13:01 provisioning-auth-token.txt
-rw-r--r-- 1 mel staff 221 May 27 13:01 timeseries-auth-token.txt
-rw-r--r-- 1 mel staff 221 May 27 13:01 topology-auth-token.txt
-rw-r--r-- 1 mel staff 221 May 27 13:01 notification-auth-token.txt
-rw-r--r-- 1 mel staff 221 May 27 13:02 sla-auth-token.txt
-rw-r--r-- 1 mel staff 221 May 27 13:02 scheduler-auth-token.txt
-rw-r--r-- 1 mel staff 221 May 27 13:02 reporting-auth-token.txt
-rw-r--r-- 1 mel staff 221 May 27 13:02 sdp_classification-auth-token.txt
-rw-r--r-- 1 mel staff 221 May 27 13:02 policy-auth-token.txt
-rw-r--r-- 1 mel staff 221 May 27 13:02 dynamic_preview-auth-token.txt
-rw-r--r-- 1 mel staff 221 May 27 13:02 dpm-auth-token.txt
Use the command below to remove them:
rm -f *auth-token.txt
Now in order to generate them again, we need to execute one of the scripts provided with the SCH binaries. First, we need to configure the environment variables below:
export DPM_CONF=/etc/dpm
export DPM_HOME=/opt/streamsets-dpm
We need to be sure that the SCH service is stopped and that our current directory is $DPM_HOME and we can execute the script:
$ pwd
/opt/streamsets-dpm
The script dev/02-initsecurity.sh has as parameter the componentID configured in any of the *app-properties files. If the componentID is different than 000 we need to be sure to add is as a parameter when executing the script. E.g.:
dev/02-initsecurity.sh 001As an output for this script, we should see the new SCH URL configured in the common-to-all-apps.properties file and confirm that the configuration changes have been applied.
Created SAML configuration for DPM:
-----------------------------------------------------
{
"type" : "SpSelfConfig",
"bean" : {
"sp.uri" : [ "uri:https://<sch-host-url>/security", "(FROM CONFIGS)" ],
"sp.organizationName" : [ "?", "(FROM CONFIGS)" ],
"sp.organizationDisplayName" : [ "?", "(FROM CONFIGS)" ],
"sp.organizationUrl" : [ "?", "(FROM CONFIGS)" ],
"sp.supportEmail" : [ "?", "(FROM CONFIGS)" ],
After this, we can bring up again the SCH service. The application should be reachable using the SCH-host URL instead of the HA (High Availability) one.
