Additional Agent Configuration

Enterprise Proxy Configuration

The Loome Integrate Online Agent supports connecting to the internet through an Enterprise Proxy.

Proxy Support in the Loome Integrate Agent

The Loome Integrate Agent supports the following properties for proxy configuration in the appsettings.json file:

Property Description Required? Example Value/s
"UseSystemProxy" It is recommended that you use a System Proxy rather than the Proxy. If this is set to “true”, Integrate will use the default system proxy in the networking service. This is the same proxy that is configured for the host’s web browser. Yes UseSystemProxy: "true"
"UseProxy" If set to “true”, proxy settings will be applied to all requests from the agent. You will have to provide all details manually. Yes UseProxy: "true"
"UseSSL" If set to “true”, the proxy being used is utilizes HTTPS. Yes "UseSSL": "true"
"Host" The host of the proxy Yes "Host": "127.0.0.1"
"Port" The port of the proxy, often 8888 Yes "Port": "8888"
"Credentials" The credentials for the proxy, if not provided default credentials will be utilized for proxy connections. Note that username, password and/or domain can be omitted in instances where you wish to fallback to the default for certain parts of the credentials. No "Credentials": { "Username": "1", "Password": "1", "Domain": "test.com"}

Manually configuring through App Settings

To configure enterprise proxy credentials through the application settings, open up the appsettings.json and ensure the following Proxy object is included:

"Proxy": {
    "UseProxy": "true",
    "UseSSL": "false",
    "Host": "127.0.0.1",
    "Port": "8888",
    "Credentials": {
        "Username": "1",
        "Password": "1",
        "Domain": "test.com"
    }
}

In a configuration file this would look like the following (take note of the proceeding comma before the proxy object and how the object is within the braces.)

{
    "dataGovernorHostUrl": "...",
    "ida": {
        "authority": "...",
        "clientId": "...",
        "secret": "..."
    },
    "Proxy": {
        "UseProxy": "true",
        "UseSSL": "false",
        "Host": "127.0.0.1",
        "Port": "8888",
        "Credentials": {
            "Username": "1",
            "Password": "1",
            "Domain": "test.com"
        }
    }
}

Once this object is included, you can configure details from that object. Note that any changes will require a a restart of the agent service.

Kerberos Keytab Detection

Many Hadoop services and programs support authentication through Kerberos/SPNEGO. Loome Integrate Agents define conventions for working with kerberos keytabs so that the agent can easily impersonate a user in a Kerberos Realm without an explicit kinit.

To allow for Keytab detection in the agent, save any keytabs to /.dgaent/keys with the convention of USERNAME@DOMAIN.keytab (eg. for user TEST in domain COMPANY the keytab would be saved as /.dgagent/keys/TEST@COMPANY.keytab).

Ensure that the .keytab extension is included in the file as Loome Integrate will ignore any files that do not contain that extension in the /keys directory.

Kerberos Keytab Instructions

These instructions are available in the Linux installation steps within Loome Integrate.

  1. Run ktutil as a super user. As was the case with installing the agent, you must be a super user to create keytabs for Loome Integrate Agents.

  2. Create a valid keytab using the following commands. These will need to be ran one-by-one, you will need replace USERNAME and DOMAIN with your Kerberos username and domain respectively as well as enter the password when prompted.

    addent -password -p USERNAME@DOMAIN -k 1 -e rc4-hmac
    addent -password -p USERNAME@DOMAIN -k 1 -e aes256-cts
    wkt /.dgagent/keys/USERNAME@DOMAIN.keytab
    quit
    
  3. Use the Username & Domain in Connections Requiring the Keytab Connections that utilize Kerberos can now automatically create tickets assuming you provide the username and domain used in the keytab to the connection.