EC2 - regenerate install.ini file - prompted for Dataiku password

stanislas
Level 1
EC2 - regenerate install.ini file - prompted for Dataiku password

hi,

I've setup the EC2 Dataiku AMI and all is working fine (DSS running & SSH access).

I'm new to Dataiku and I'm also not technical - via Google search I was able to find most info on EC2/SSH/... but now I'm stuck at following step:

I'm trying to install/link the Let's encrypt SSL certificate.

One of final required steps is to adjust the install.ini file (add SSL details) and regenerate the install.ini file (after stopping the DSS service).

https://doc.dataiku.com/dss/latest/installation/custom_install.html

but when I try to execute the DSS Stop service I get prompted for the Dataiku password (see below -sorry for Dutch).

 

[dataiku@ip-172-31-4-187 bin]$ dss stop

bash: dss: opdracht niet gevonden

[dataiku@ip-172-31-4-187 bin]$ sudo dss stop

Als het goed is hebt u de gebruikelijke informatie ontvangen van uw

systeembeheerder. Gewoonlijk komt het neer op de volgende drie punten:

    1. Respecteer de privacy van anderen.

    2. Denk na voordat u iets doet.

    3. Veel mogelijkheden betekent veel verantwoordelijkheid.

[sudo] wachtwoord voor dataiku: 

 

does someone know:

1) what the default password is for this user

2) how I can change this?

3) if there is another way to stop/regenerate/start?

 

thanks.

0 Kudos
6 Replies
ATsao
Dataiker

Hi,

From the DSS data directory, could you try running the following command?

./bin/dss stop

If that doesn't work for you, please let me know what error you get. 

Thanks,

Andrew

0 Kudos
stanislas
Level 1
Author

@ATsao 

 

thanks for the quick reply.

following your input, I could stop/regenerate/start the DSS service & install.ini file without issues.

 

however, after this I got following error when I try to access the DSS Design console via dataiku.h2sa.be (domain pointed to my EC2 elastic IP):

502 Bad Gateway

nginx/1.16.1

 

Not sure if you can help me with this error as well - what has been done:

1) via letsencrypt package I could create my keys in following folder:

/etc/letsencrypt/live/dataiku.h2sa.be

with following 4 files:
cert.pem chain.pem fullchain.pem privkey.pem README

2) in the install.ini file I added following 4 lines

[server]
ssl = true
ssl_certificate = /etc/letsencrypt/live/dataiku.h2sa.be
ssl_certificate_key = /etc/letsencrypt/live/dataiku.h2sa.be
ssl_ciphers = recommended

3) if these 4 lines are commented (current situation) this works as expected (but without the SSL certificate) but when i uncomment these lines i get the Bad Gateway error.


any suggestions on what could be the issue?

thanks,
Stanislas

0 Kudos
ATsao
Dataiker

Hi Stanislas,

The issue is indeed with the SSL certificates you are trying to configure DSS to use. In your install.ini, you need to actually specify the full path to the certificate file (which is usually in PEM, PKCS12, or CER format) and to the private key file (usually ending in .key) whereas you are simply pointing to the directory containing these files. Additionally, it is a bit strange that your private key is a .pem file where I would expect it to be a .key file so you may need to first convert it using the steps provided here:

https://stackoverflow.com/questions/19979171/how-to-convert-pem-into-key

Afterwards, you could try something like the following:

[server]
ssl = true
ssl_certificate = /etc/letsencrypt/live/dataiku.h2sa.be/cert.pem
ssl_certificate_key = /etc/letsencrypt/live/dataiku.h2sa.be/privkey.key
ssl_ciphers = recommended

Though you may want to consider moving the ssl certificate and key file to some other directory (or checking the permissions to make sure the DSS unix user has read access to this location). 

Also, I am a bit unfamiliar with the letsencrypt package, but if you are simply trying to test connecting to DSS using https and you are okay using a self-signed certificate, you can find instructions in this Community thread about how to set it up on your local DSS. 

Thanks,

Andrew

stanislas
Level 1
Author

@ATsao 

thanks for the input - I'll have a detailed look at this later this week/weekend. 🙂

0 Kudos
stanislas
Level 1
Author

@ATsao 

I'm back... 🙂

unfortunately I still couldn't get the SSL/https working as I want to...

some remarks:

1) the self-signed certificate is not an option as I want to remove the 'not safe' label when I access my DSS instance via Dataiku.h2sa.be

2) therefore I've tried to use the CA letsencrypt certificate (free) that is being used for millions of websites (eg wordpress/magento).

3) so this has been done (partially recap of my first post)

- generated the cert.pem and privkey.pem (via letsencript package)

- converted privkey.pem to .key (via openssl rsa -in privkey.pem -out private.key)

- made sure both files were readable by the Dataiku linux user

- added following lines in the install.ini file:

ssl = true

ssl_certificate = /home/dataiku/dss/keys/cert.pem

ssl_certificate_key = /home/dataiku/dss/keys/private.key

ssl_ciphers = recommended

- stopped the DSS service, regenerated the install file & restarted the DSS service

 

After the above steps, the Dataiku.h2sa.be URL is not opening (https://dataiku.h2sa.be:10000 is not responding message).

 

Any ideas on how to fix this?

or are there other CA certificates that should do the trick?

 

thanks,

Stanislas

0 Kudos
ATsao
Dataiker

Hi Stanislas, 

The issue is almost certainly still related to the SSL certificates that are being used, whether it's some kind of misconfiguration or the incorrect certificates are being used. In terms of if there are any other CA certificates you should be using, this is something better following up on with your sysadmins. In the case of your DSS instance, you should be able to find more information to help you debug the issue by looking at the nginx.log that can be found in the <DSS_DATA_DIR>/run folder. 

Best,

Andrew

0 Kudos