Configure the config.sh file
config.sh file for installing the
application, perform the following steps:
- Log in to the server as a non-root user.
- Navigate to the
<installation directory>/OFS_MMG/MMG/OFS_MMG/bindirectory. - Configure the following applicable
config.shattributes (clickconfig.shto view a sample of theconfig.shfile.) as tabulated in the following table:Note:
DTP related parameters have been added in theconfig.shfile. To support these parameters, themmg-dtpfolder has been added and thedtp-pipeline-logsfolder has been added that contains all the DTP pipeline related logs.Note:
The following are the accepted values for the
AUTH_SAML_SIGN_ALGORITHMproperty:http://www.w3.org/2001/04/xmldsig-more#rsa-sha512http://www.w3.org/2001/04/xmldsig-more#rsa-sha384http://www.w3.org/2001/04/xmldsig-more#rsa-sha256http://www.w3.org/2000/09/xmldsig#rsa-sha1
Note:
Only tokens (classic) is supported. Fine grained is not yet supported.Note:
Ensure thatDATASTUDIO_ZPLN_SCHED_THREADPOOL_SIZEis greater thanDATASTUDIO_SERVER_TOMCAT_THREADS_MAX+DATASTUDIO_SERVER_ASYNC_THREADPOOL_SIZENote:
Gateway is enabled by default and the gateway port is mandatory to access gateway enabled UI.Table 5-1 config.sh File Parameters and Descriptions
Parameter Description Is Mandatory Comments ##APPLICATION_NAME## Title of the application. If it is not replaced, then the default value is : Model Management and Governance.
YES
The defaults value is "Model Management and Governance."
Note: Provide double quotes for the application name if it is long or contains spaces.
##MMG_DB_WALLET_PATH## The wallet is the folder that contains the
sqlnet.ora,wallet.sso, and.p12files.YES
/scratch/users/wallet##MMG_DB_TNS_ADMIN_PATH## The folder that contains the tnsnames.orafile.YES
/scratch/users/tns##MMG_DB_SCHEMA_WALLET_ALIAS## The wallet alias name that is configured for the MMG application config schema. YES MMG CONFIG
##MMG_LOG_DIR## A writable folder designated for storing application and MMG Studio logs. YES
/scratch/users/logsNote: Ensure that the log folder is created before installation.
##FTPSHARE_DIR## This can be any writable folder accessible to the process owner. YES
/scratch/users/ftpshareEnsure that the ftpshare folder is created before installation.
This should be same as the metadata directory mentioned above.
##MMG_LOG_TIMEZONE## Specifies the timezone used for displaying log timestamps YES GMT+05:30, GMT-04:00, Asia/Kolkata ##DATASTUDIO_URL## URL for MMG Studio. YES
By default, Data Studio is assumed to run on the same server. If it is running on a different host, uncomment the line below and provide the appropriate URL. https://<hostname/IP>:7008/<contextpath>
NOTE: The default port for MMG Studio is 7008 and should not be modified.
##MMG_SERVICE_HOST## Hostname on which the backend service (mmg-service) runs.
Use the same hostname wherever applicable.
YES
HostIP or FQDN ##MMG_SERVICE_PORT## Port on which the backend service (mmg-service) needs to be run. YES
7002 ##EMAIL_SMTP_HOST## Hostname of the SMTP server used for email notification service. This value will be populated in the AAICL_SC_COMPONENT_DETAILS table. YES
Defaults to localhost. Provide SMTP server hostname is external mail server is used. ##EMAIL_SMTP_PORT## Port number for the SMTP server used for email notification service. This value will be populated in the AAICL_SC_COMPONENT_DETAILS table. YES
Defaults to 25. Update this if your SMTP service listens on a different port. ##MMG_UI_PORT## Port on which the UI service (mmg-ui) needs to run. YES
7001 ##MMG_SCHEMA_CREATOR_PORT## Port on which the Schema Creator service needs to run. YES
7003 ##WEB_CONTEXT## Context path of the application. YES
MMG ##DATASTUDIO_AUTH_TYPE## - FCC_SSO – for SAMLRealm based authentication in FCC Studio
- MMG_AAI- AAI based authentication for MMG Studio
YES
Can be either MMG_AAI or FCC_SSO RESTRICT_UNMAPPED_DATASTORES_ACCESS Restriction of users access to Data Stores from a workspace for unmapped datasources: If the value is set as True, then only the current workspace attached data stores will get a connection in the notebook sessions using get_conn(). This will only work if the session-mode in the application.yml is set to NOTEBOOK_USER. Only True/False is allowed. Yes The default value is False ##MMG_SSL_ENABLED## This enables HTTPS. YES
Example: true##SSL_KEYSTORE_PATH## Absolute path for the keystore file.
Note: Run the following command to create a keystore:
keytool -genkey -v -alias demoalias -keyalg RSA -keysize 2048 -keystore server.keystore -validity 3650 -keypass secret -storepass secret -storetype PKCS12
YES
../conf/server.keystore. Include the file name in the path.
NOTE:
If ##MMG_SSL_ENABLED## is set to false, then you must configure the keystore for mmg-studio, as it is SSL-enabled by default. MMG application and MMG Studio can share the same SSL configuration if set up on the same server.
##SSL_KEYSTORE_PASSWORD## Keystore secret
The value passed in the aforementioned command for -keypass
YES
Example: secret ##SSL_KEYSTORE_TYPE## Keystore type
The value passed in the aforementioned command for -storetype.
Can be either JKS or PKCS12
YES
Example: PKCS12 ##SSL_CERT_ALIAS## Keystore alias
The value passed in the aforementioned command for -alias.
YES
Example: demoalias ##MMG_SESSION_SECRET## The password used to generate the Authorization header token to communicate with mmg-services.
YES
NOTE: If not applicable, enter NA ##MMG_API_USERNAME## API user for FCC Studio.
YES
NOTE: If not applicable, enter NA ##MMG_CONFIG_DATASOURCE_MAX_POOL_SIZE## Maximum connection pool size allowed for Config Datasource.
YES
The default value is 80. You can set this to any one of the following values: - Low concurrency (10 users) + Normal usage (low cpu): 16
- Low concurrency (10 users)+High usage (time intensive): 80
- High concurrency (50 users) + Normal usage (low cpu): 80
##MMG_CONFIG_DATASOURCE_MIN_IDLE## Hikari minimum idle is a configuration property for the HikariCP database connection pool that sets the minimum number of idle connections the pool should maintain. Its default value is 10, and it ensures that there are always a certain number of connections ready for use, which helps reduce latency when new requests arrive. If the number of idle connections falls below this value, HikariCP will quickly create new ones to restore the desired minimum. YES
##MMG_EXT_DATASOURCE_MIN_IDLE## Hikari minimum idle is a configuration property for the HikariCP database connection pool that sets the minimum number of idle connections the pool should maintain. Its default value is 10, and it ensures that there are always a certain number of connections ready for use, which helps reduce latency when new requests arrive. If the number of idle connections falls below this value, HikariCP will quickly create new ones to restore the desired minimum. YES
##MMG_CONFIG_DATASOURCE_IDLE_TIMEOUT_MS## Idle timeout for config Datasource.
YES
It defaults to 30000. You can edit it if required. ##MMG_CONFIG_DATASOURCE_CONN_TIMEOUT_MS## Connection timeout for Config Datasource.
YES
It defaults to 80000. You can edit it if required. ##MMG_EXT_DATASOURCE_MAX_POOL_SIZE## Maximum connection pool size allowed for meta/data schemas.
YES
It defaults to 10. You can edit it if required. ##MMG_EXT_DATASOURCE_IDLE_TIMEOUT_MS## Idle timeout for meta/data schemas.
YES
It defaults to 30000. You can edit it if required. ##MMG_EXT_DATASOURCE_CONN_TIMEOUT_MS## Connection timeout for meta/data schemas.
YES
It defaults to 80000. You can edit it if required. ##MMG_HTTP_CLIENT_MAX_CONN## The maximum number of connections allowed across all routes.
YES
The default value is 200. Set this to any one of the following values: - Low concurrency (10 users) + Normal usage (low cpu): 50
- Low concurrency (10 users)+High usage (time intensive): 100
- High concurrency (50 users) + Normal usage (low cpu): 200
## MMG_HTTP_CLIENT_MAX_CONN_PER_ROUTE## The maximum number of HTTP connections allowed for a route.
YES
It defaults to 100. - Low concurrency (10 users) + Normal usage (low cpu): 40
- Low concurrency (10 users)+High usage (time intensive): 50
- High concurrency (50 users) + Normal usage (low cpu): 100
##MMG_HTTP_CLIENT_CONN_TIMEOUT_MS## The connection timeout for HTTP connection. A timeout value of 0 specifies an infinite timeout.
YES
The default value is 30000. ##MMG_HTTP_CLIENT_READ_TIMEOUT_MS## The socket read timeout for HTTP connection. A timeout value of 0 specifies an infinite timeout.
YES
The default value is 120000. ##APPLICATION_ID## The id will be stored as app_id and must be the same as mentioned in the APP_ID column of MMG_PATCHES table. Currently the UI displays the MMG Version <version number of application> and last applied MMG version.
YES
The APPLICATION_ID should be without spaces. ##MMG_UI_FAVICON_PATH## Icon for the application. If not specified, it will default to the icon at the following location:
css/images/favicon.icoNO
css/images/favicon.ico##MMG_UI_AUTH_TYPE## aai – if using an existing AAI instance as the identity provider.
saml – for saml based authentication
ldap – for ldap based authentication
NOTE: This is case sensitive.
YES
Can be one of the following: aai, or saml or ldap. ##AUTH_AAI_AUTH_URL## Base URL of the AAI instance.
Will be used for ##UI_AUTH_TYPE## = aai
Note: If the target AAI is https, then it is necessary to import the AAI host certificate into the MMG server Java keystore.
YES
http(s)://whfxxxxx.in.oracle.com:7110/mmg ##AUTH_SAML_IDP_URL## This is the endpoint on the IDP side where SAML requests are posted. The Service Provider (SP) needs to obtain this information from the Identity Provider (IDP). Yes http(s)://idcs-xxxx.com/fed/v1/idp/sso
This is used only if ##MMG_UI_AUTH_TYPE## is SAML.
##AUTH_SAML_SP_ENTITY_URL## Enter a globally unique name for SAML entity. It typically takes the URL of an identity provider or a service provider as a value. http(s)://<UI_HOST>:<MMG_UI_PORT>/mmg
This is used only if ##MMG_UI_AUTH_TYPE## is SAML.
##AUTH_SAML_ACS_URL## UI Landing Page URL. YES http(s)://<UI_HOST>:<MMG_UI_PORT>/mmg/home
This is used only if ##MMG_UI_AUTH_TYPE## is SAML.
##AUTH_SAML_LOGOUT_URL## Initiated SAML Single Logout URL. Yes http(s)://idcs-xxxx.com/sso/v1/user/logout
This is used only if ##MMG_UI_AUTH_TYPE## is SAML.
##AUTH_SAML_SIGN_AUTHN_REQ## NA Yes NA ##AUTH_SAML_SP_KEY_PATH## NA NA /scratch/mmg8131/config/sp-privatekey.pem ##AUTH_SAML_SP_X509_CERT_PATH## NA NA /scratch/mmg8131/config/sp-certificate.cer ##AUTH_SAML_SIGN_ALGORITHM## NA NA ##AUTH_SAML_SIGN_ALGORITHM## ##AUTH_SAML_BINDING_TYPE## This can be set to REDIRECT (default) /POST.
NA
NA ##AUTH_SAML_INCLUDE_SP_CERT## This can be set to True/False (default).
NA
NA ##AUTH_LDAP_URL## LDAP URL
Will be used for ##MMG_UI_AUTH_TYPE## = LDAP
YES
ldap://whf00xyz:3060/
##AUTH_LDAP_SEARCH_BASE_DN## LDAP Search Base
Will be used for ##MMG_UI_AUTH_TYPE## = LDAP
YES
"cn=Users,dc=oracle,dc=com"
##AUTH_LDAP_USER_FILTER## LDAP User Filter
Will be used for ##MMG_UI_AUTH_TYPE## = LDAP
YES
"cn={0}"
#AUTH_LDAP_USER_SEARCH_FILTER## LDAP User Search Filter
Will be used for ##MMG_UI_AUTH_TYPE## = LDAP
YES
NA
##AUTH_LDAP_GROUP_FILTER## LDAP Group Search Filter
Will be used for ##MMG_UI_AUTH_TYPE## = LDAP
YES
NA
##AUTH_LDAP_GROUP_BASE_DN## LDAP Group Search Base
Will be used for ##MMG_UI_AUTH_TYPE## = LDAP
YES
NA
##AUTH_LDAP_GROUP_MEMBER_ATTR# LDAP Group Member
Will be used for ##MMG_UI_AUTH_TYPE## = LDAP
YES
NA
##DATASTUDIO_SERVER_COOKIE_DOMAIN## The domain name.
YES
This should be the domain name of the host server.
Example: .in.xyz.com
Note: If the MMG application is configured with the IP address, then provide the same.
##DATASTUDIO_SERVER_COOKIE_NAME## The name for the cookie.
YES
If not set it will default to ORA_OLDS_SESSION
##DATASTUDIO_SERVER_COOKIE_TIMEOUT## Timeout/expiry duration in seconds.
YES
If not set, it defaults to 999999
##DATASTUDIO_SERVER_COOKIE_IS_SECURE## Specifies if we are using cookies to add an additional security layer to prevent cross-origin requests.
Can be either true or false
YES
If not set, it defaults to true.
##IS_USER_AUTHZ_FROM_AAI## This is disabled and is set to False by default. Set IS_USER_AUTHZ_FROM_AAI to True to enable. YES
##AUTH_AAI_OAUTH_CLIENT_ID## Create this in the OFSAA application in the location where you had configured the AAI Auth URL.- Login as sysadmn in OFSAA
- From System Configuration, navigate to Configure Instance Access Token
- Add a new access token.
YES
##AUTH_AAI_OAUTH_CLIENT_SECRET## YES
##DATASTUDIO_SERVER_COOKIE_DOMAIN## YES
##DATASTUDIO_SERVER_COOKIE_NAME## YES
##DATASTUDIO_SERVER_COOKIE_TIMEOUT## YES
##DATASTUDIO_SERVER_COOKIE_IS_SECURE## ##MMG_SERVICE_AUTH_TYPE## Auth Type on which the backend service (mmg-service) runs. YES
It defaults to public.
##MMG_PYTHON_INTERPRETER_LIST## A comma separated value without whitespaces that specifies python interpreter
python,fcc-ml4aml
YES
If not set, it defaults to python.
##DATACATALOG_SERVICE_URL## Only used when EST application is integrated with MMG. NO
NA
##STUDIO_WALLET_ENABLED## Set as true when using a wallet for the MMG Studio Schema.
Can be either true/TRUE or false/FALSE (all caps or all small)
YES
true/TRUE
##DATASTUDIO_SHOW_LOGIN## Can be either true/TRUE or false/FALSE (all caps or all small)
Note: Set as true when the login screen of Studio is required. This property should be set as true if MMG application is non-SSL.
YES
It defaults to true.
##DATASTUDIO_SESSION_MODE## Can be either NOTEBOOK or NOTEBOOK_USER.
YES
If not set, it defaults to NOTEBOOK. ##DATASTUDIO_AUTH_REALM## Can be either OFSAARealm or saml.OFSAASamlRealm
YES
OFSAARealm – the default realm for studio auth type FCC_AAI, MMG_AAI.
.auth.saml.OFSAASamlRealm – for SAML specific studio authentication
##DATASTUDIO_AAI_URL## AAI login IDM Service URL. This is applicable only if ## DATASTUDIO_AUTH_TYPE ## is " MMG_AAI ".
YES
Format: http://<ofsa-web-host>:<port>/<context>/rest-api
For example, http://ABC00abc:4325/LLFP/rest-api
The /rest-api is mandatory for OFSAA URL.
##DATASTUDIO_API_USERNAMES## This is the API user with which the token is generated; if not set, it defaults to MMG_API_USER.
Note: Use the same <API_USER> as given in the ##SSO_TOKEN##
YES
MMG_API_USER
##DATASTUDIO_VALID_ROLES_LIST## MDLUSR,MDLREV,MDLAPPR
The comma separated values for Studio-related roles in USER-ROLE mapping.
YES
MDLBATCHUSR, DSUSRGRP, DSREDACTGRP
##DATASOURCE_URL## The connection address to the database where the MMG Studio Schema is created.
When ##WALLET_ENABLED## is false-
jdbc:oracle:thin:@<Host>:<Port>/<Service_Name>
When ##WALLET_ENABLED## is true-
jdbc:oracle:thin:@<DS ALIAS>
where <DS_ALIAS> is the wallet alias configured for the MMG Studio Schema.
YES
NA
##DATASOURCE_USERNAME## MMG Studio Schema/User name; required only when ##WALLET_ENABLED## is false
YES
dsschema
##DATASOURCE_PASSWORD## MMG Studio Schema/User Password; required only when ##WALLET_ENABLED## is false
YES
password
##DATASOURCE_DRIVER## Database Driver used in connection
YES
oracle.jdbc.OracleDriver
##JPA_DB_PLATFORM## Hibernate Class or SQL Dialect used in Database
YES
org.hibernate.dialect.Oracle12cDialect
##DATASTUDIO_LOG_LEVEL## Logging level for logs.
YES
info, warn, debug or error logs
##DATASTUDIO_PYTHON_BINARY## Home Path of Python Library.
It defaults to python3 during installation.
For a custom installation of python3 where the soft link is not configured, you can mention the complete path up to python3.
YES
python3
##DATASTUDIO_SPARK_HOME## Absolute path of Apache Spark Library.
NO
NA
##DATASTUDIO_R_ENABLED## This can be set to TRUE/true or FALSE/false depending on which R interpreter will be started and will be present in the interpreters list.
Note:
If you are using an older Studio schema with an R-interpreter already present and then install with DATASTUDIO_R_ENABLED set as FALSE; the R- interpreter will remain in the interpreter’s menu of Studio and must be deleted from there.
YES
The default is False.
##RS_CONF_PATH## Absolute path to Rserve.conf file for running Rserve. YES
/scratch/users/datastudio/conf/Rserve.conf
##RS_KEYSTORE## Absolute path for the Keystore file made for Rserve.conf. YES
/scratch/users/datastudio/conf/rinterpreterkeystore
##RS_KS_SECRET## Keypass for rinterpreterkeystore. YES
Example: changeit
##CS_TEMPLATE_CONFIG_PATH## Configuration path of the Template. NO
NA
##CS_TEMPLATE_DEFAULT_LINK## Default link of the template. NO
NA
##CS_AUTH_SERVICE_URL## The AUTH service URL that is activated after the fccstudio.sh file runs. NO
Example: https://<hostname>:7041/authservice
##CS_META_SERVICE_URL## The metaservice URL that is activated after the fccstudio.sh file runs. NO
Example: https://<hostname>:7045/metaservice
##CS_ER_SERVICE_URL## Used for the entity resolution service. NO
Example: https://<hostname>:<port>
##CS_BATCH_SERVICE_URL## Used for the batch service. NO
Example: https://<hostname>:<port>/batchservice
##AUTH_SAML_DS_ISSUER## The SAML entity ID (Studio URL) configured in the IDP. YES
https://<hostname>.xyz.com:7008
##AUTH_SAML_DS_DESTINATION## The SAML IDP URL that the Identity Provider provides after creating the SAML application. YES
https://idcs-xyzgvh.com/fed/v1/idp/sso
##AUTH_SAML_DS_ASSERTION_CONSUMER_URL## The SAML Consume URL (Studio/URL/saml/consume) that is configured in IDP. YES
https://<hostname>.xyz.com:7008/saml/consume
##AUTH_SAML_DS_ROLE_ATTRIBUTE## The SAML client identifier provided by the SAML Administrator for the role and attributes information while creating the SAML application for MMG Studio.
The attribute will contain the role required for the application.
YES
Example: group
##AUTH_SAML_DS_STUDIO_LOGOUT_URL## The SAML client identifier provided by the SAML Administrator for the Logout URL information, while creating the SAML application for MMG Studio.
YES
https://idcs-xyzgvh.com/sso/v1/user/logout
##AUTH_SAML_DS_COOKIE_DOMAIN## Domain of the server.
YES
Example: in.xyz.com
Pipeline Services Specific Configurations ##DATAPIPELINE_SERVICE_PORT1## The port where the pipeline service resides.
YES
By default, it is set as 18005.
##DATAPIPELINE_SERVICE_PORT2## The port where the data pipeline service resides.
YES
By default, it is set as 18006.
##DATA PIPELINE_METADATA_ARCHIVE_PATH## The dump path for the pipeline service.
YES
/OFS_MMG/mmg-pipeline/pipeline/pipeline-service-x.x.x.x.x.
##DATA PIPELINE_METADATA_IMPORT_SERVICE_PORT## Meta data import service port.
YES
By default, it is set as 18007.
##DATAPIPELINE_ERXMLPATH## The XML path in which the schema details are stored.
NO
NA
##DATAPIPELINE_GATEWAY_SERVICE_PORT## Data pipeline gateway service port.
YES
NA
##DATAPIPELINE_PIPELINE_UI_SERVICE_PORT## Pipeline UI service port.
YES
NA
##DATAPIPELINE_DATA_PIPELINE_UI_SERVICE_PORT## Data pipeline UI service port
YES
NA
##CS_MATCHRULE_BASE_URL## The host and port where the match rule service resides.
NO
http(s)://abc.in.xyz.com:7051
##CS_LOADGRAPH_BASE_URL## The host and port where the load graph service resides.
YES
http(s)://abc.in.xyz.com: 7059/graph-service
##CS_MATCHSRVC_UI_URL## Matching Service UI resource path.
NO
NA
##GRAPH_INDEX_BASE_URL## Indicates the Graph Index resource path.
NO
NA
http(s)://<hostname>xyz.com:7053/load-to-elastic-search ##GRAPH_LOAD_INDEX_UI_URL## Indicates the Graph Load Index UI resource path.
NO
NA
##GRAPH_MATCHING_MECHANISM## Indicates the matching mechanism for Entity Resolution and Graph
Enter the value that is used for matching mechanism for Entity Resolution and Graph. The options are OS, and OT. Where OS refers to OpenSearch 2.7.0, and OT refers to Candidate Selection with Oracle Text matching. By default, the value of the parameter is OT.
For GRAPH_MATCHING_MECHANISM = OT, no additional installation or configuration is required as it is part of the Oracle Database.
NOTE: This is applicable for Compliance Studio.
NO
NA
##GRAPH_CANDIDATE_SELECTION_SERVICE_URL## Enable this service for Entity Resolution and Graph use cases when GRAPH_MATCHING_MECHANISM is set to OT. NOTE: This is applicable for Compliance Studio.
NO
NA
##GRAPH_LOAD_TO_OS_URL## Provide the URL for Entity Resolution and Graph use cases when GRAPH_MATCHING_MECHANISM is set to OT. NOTE: This is applicable for Compliance Studio.
NO
NA
##AUTH_AAI_COOKIE_DOMAIN## The domain of the server. YES
Example: in.xyz.com
##AUTH_MMG_KEYS_DIR## Indicates public and private key location. YES
Example:< MMG Installation Path> /OFS_MMG/conf
##GRAPH_INSTALLATION_PATH## The installation path of the Graph. YES
<MMG Installation Path>/ OFS_MMG/mmg-load-to-graph/graph-service
##GRAPH_KEYSTORE_PASSWORD## Graph Keystore Password. YES
Password
##GRAPH_SERVICE_PORT## Graph Service Port YES
By default, it is set as 7059.
You should not modify the Graph Service Port if graphs are already created and executed.
##GRAPH_HIKARI_CP_MIN_IDLE## Defines the minimum number of idle connections that HikariCP maintains in the pool. YES
##GRAPH_HIKARI_CP_MAX_POOL_SIZE## Specifies the maximum number of total connections (active + idle) allowed in the pool. YES
##GRAPH_HIKARI_CP_IDLE_TIMEOUT## Sets the maximum time a connection can remain idle before being removed from the pool. YES
##GRAPH_HIKARI_CP_MAX_LIFETIME## Determines the maximum lifetime of a connection before it is retired and replaced. YES
##GRAPH_HIKARI_CP_TIMEOUT## Defines how long HikariCP waits for a connection from the pool before timing out. YES
##GRAPH_DB_SERVER_NAME## Name of the MMG Database Server. YES
NA
##GRAPH_DB_PORT## The port of the MMG database server. YES
NA
##GRAPH_DB_SERVICE_NAME## Name of the MMG Database Service. YES
NA
##PGX_SERVER_URLS## Indicates the pgx server resource path.
Skip this if not installing pgx.
YES
http(s)://<hostname>.xyz.com:<pgx port>/<pgx context name>
##GRAPH_MAX_TOTAL_SHARED_DATA_MEMORY_SIZE## Maximum total shared data memory size. YES
Edit if required; default value is 20 GB.
##GRAPH_MAX_TOTAL_PRIVATE_DATA_MEMORY_SIZE## Maximum total private data memory size. YES
Edit if required; default value is 8 GB.
##GRAPH_MAX_PER_SESSION_DATA_MEMORY_SIZE## Maximum per session data memory size. YES
Edit if required; default value is 700 MB.
##GRAPH_MAX_DATA_MEMORY_SIZE_DSUSRGRP## Maximum data memory size allowed for DSUSRGRP. YES
Edit if required; default value is 10 GB.
##GRAPH_MAX_DATA_MEMORY_SIZE_DSBATCH## Maximum data memory size allowed for DSBATCH. YES
Edit if required; default value is 10 GB.
##GRAPH_MAX_DATA_MEMORY_SIZE_DSINTER## Maximum data memory size allowed for DSINTER. YES
Edit if required; default value is 5 GB.
##GRAPH_MAX_DATA_MEMORY_SIZE_DSAPPROVER## Maximum data memory size allowed for DSAPPROVER. YES
Edit if required; default value is 5 GB.
##GRAPH_MAX_DATA_MEMORY_SIZE_DSUSER## Maximum data memory size allowed for DSUSER. YES
Edit if required; default value is 5 GB.
##GRAPH_SCHEMA_WALLET_ALIAS## Wallet alias created for the Graph Schema. YES
NA
##GRAPH_SCHEMA_DB_SCHEMA_NAME## Name of the Graph schema. YES
NA
##EST_ENABLED## Only used when EST application is integrated with MMG. YES
The default value is FALSE.
##EST_UI_URL## The URL of EST application. This is set based on ##EST_ENABLED## property. NO
NA
##DATASTUDIO_SERVER_PORT## The port of the Data Studio server. NO
The default value is 7008.
##DATASTUDIO_MARKDOWN_INTERPRETER_PORT## The port of the Data Studio Markdown Interpreter. NO
The default values are 7009, 7029.
##DATASTUDIO_PYTHON_INTERPRETER_PORT## The port of the Data Studio Python Interpreter. NO
The default values are 7012, 7032, 6012.
##DATASTUDIO_JDBC_INTERPRETER_PORT## The port of the Data Studio JDBC Interpreter. NO
The default values are 7011, 7031.
##DATASTUDIO_PYTHON_INTERPRETER_REST_SERVER_PORT## The port of the Data Studio Python Interpreter Rest server. NO
The default value is 6012
##DATASTUDIO_PGX_PYTHON_INTERPRETER_REST_SERVER_PORT## The port of the Data Studio PGX Python Interpreter Rest server. NO
The default value is 6022
##DATASTUDIO_THRIFT_EVENT_HANDLER_PORT## The port of the Data Studio Thrift Event handler. NO
The default value is 8432
##DATASTUDIO_PGX_INTERPRETER_PORT## The port of the Data Studio PGX Interpreter. NO
The default value is 7022.
##MMG_COHERENCE_CLUSTER_PORT## This is the port where the Coherence Cluster for the Notification service runs. By default, this value is 7574. YES
NA
MMG Gateway Configuration ##MMG_GATEWAY_ENABLED## Enables or disables the MMG Gateway. By default, this is set to 'self'.
Note:
Gateway is enabled by default and gateway port is mandatory to access gateway enabled UI.YES
NA
##MMG_GATEWAY_PORT## Specifies the port on which the MMG Gateway will run. YES
NA
##MMG_CSP_FRAME_ANCESTORS## Configure this attribute to all or the AAI origin when MMG has to be embedded from AAI. By default, MMG pages cannot be embedded if Gateway is enabled. This is to prevent CLickjacking vulnerability. YES
NA
##DATASTUDIO_CSP_FRAME_ANCESTORS## If the Gateway is enabled, this property can be set to control the pages where Data Studio can be embedded: - Set to '*' to allow embedding from any origin (less secure).
- Set to a comma-separated list of origins to allow embedding from those specified origins and from the same origin.
By default, this is set to MMG Gateway URL.
YES
NA
##DATASTUDIO_JOBS_INCOMPLETE_TIMEOUT## You can configure how often a cleanup job will be run to mark unfinished jobs as incomplete by setting studio-server.jobs.incomplete.scheduled-cleanup-delay value. A job can be in incomplete state if the server restarts in the middle of a Job execution or if it takes longer the specified timeout (studio-server.jobs.incomplete.timeout). Yes NA ##DATASTUDIO_JOBS_INCOMPLETE_SCHEDULED_CLEANUP_DELAY## You can configure how often a cleanup job will be run to mark unfinished jobs as incomplete by setting studio-server.jobs.incomplete.scheduled-cleanup-delay value. A job can be in incomplete state if the server restarts in the middle of a Job execution or if it takes longer the specified timeout (studio-server.jobs.incomplete.timeout). Yes NA ##DATASTUDIO_SECURITY_SESSION_TIMEOUT_MS## You can configure user login sessions to be renewed by activity. The number specifies the amount of milliseconds a user session will be renewed after activity. When there is no user-activity within the specified relative timeout, the session expires and is no longer valid. Here activity means edit of paragraph content, addition or deletion of paragraph, execution of paragraph, etc. Yes 43200000 ##DATASTUDIO_SECURITY_ABSOLUTE_SESSION_TIMEOUT_MS## You can configure user login sessions to be logged out automatically after a set amount of time. The number specifies the amount of milliseconds to pass after a session is created. When the timeout expires, the session is no longer valid Here login means when the user logs in to the Compliance Studio. When a user session ends, all associate executions will also be killed. Yes It is recommended to set this. A value of 0 means that the sessions will never time out. Users can set this to 86400000 to set a timeout of 24 hours or it can be set to 234000000 to set a timeout of 65 hours, in case the jobs are needed to be run the entire weekend. ##DATASTUDIO_INTERPRETER_IDLE_SESSION_TIMEOUT## The amount of time an interpreter session can stay idle before getting invalidated by the application to free resources. An interpreter session is considered idle while it isn't running any tasks. Example values are: 1h (one hour), or use ISO 8601 duration format for more complex values like PT2H30M (2h30m). NA ##DATASTUDIO_INTERPRETER_EXECUTION_RUN_TIMEOUT## You can configure to automatically cancel a paragraph execution after a set amount of time. When the timeout expires, Data Studio will automatically interrupt the execution of the paragraph. Yes NA ##DATASTUDIO_HIKARI_CONN_TIMEOUT_MS## This setting controls the maximum time (in milliseconds) that the HikariCP connection pool will wait for an available database connection. If no connection is available within that time frame, it will throw an error. Yes NA
##DATASTUDIO_HIKARI_MINIMUM_IDLE## This determines the minimum number of idle connections HikariCP will maintain in the connection pool at all times. Even if there are no active requests for database connections, HikariCP will ensure that at least this number of idle connections remain open, ready to be used. NA ##DATASTUDIO_ZPLN_SCHED_THREADPOOL_SIZE## This controls the number of threads in the ZPLN scheduler’s thread pool, determining how many concurrent tasks the system can handle Yes NA
##DATASTUDIO_SERVER_TOMCAT_THREADS_MAX## This controls the maximum number of concurrent threads that the Tomcat server can use to process incoming requests. Yes Set this to any one of the following values: - Low concurrency (10 users) + Normal usage (low cpu): 100
- Low concurrency (10 users)+High usage (time intensive): 200
- High concurrency (50 users) + Normal usage (low cpu): 200
- High concurrency (50 users) + High usage (time intensive): 500
DTP_PIPELINE_SERVICE_PORT This is the port for the backend DTP Pipeline Service. NA NA DTP_PIPELINE_FILES The absolute file system path for the pipeline files directory that is used by the DTP pipeline service. NA NA DTP_DATA_PIPELINE_SERVICE_PORT This is the port for the backend DTP data pipeline service. NA NA DTP_SCENARIO_PIPELINE_SERVICE_PORT This is the port for the backend DTP scenario pipeline service. NA NA DTP_SCENARIO_METADATA_JOB_PORT This is the port used by the scenario metadata job component. NA NA DTP_PIPELINE_SCHEMA_ALIAS The database TNS alias or service name for the DTP schema connection. NA NA DTP_DATA_PIPELINE_SERVICE_UI_PORT This is the port for the DTP data pipeline service UI. NA NA DTP_PIPELINE_SERVICE_UI_PORT This is the port for the DTP pipeline service UI. NA NA DTP_SCENARIO_PIPELINE_SERVICE_UI_PORT This is the port for the DTP scenario pipeline service UI. NA NA DTP_GATEWAY_SERVICE_PORT This is the port for the DTP gateway. NA NA ##AUTH_SAML_SIGN_AUTHN_REQ## NA
YES
NA
##AUTH_SAML_SP_KEY_PATH## NA
NA
/scratch/mmg8133/config/sp-privatekey.pem
##AUTH_SAML_SP_X509_CERT_PATH## NA
NA
/scratch/mmg8133/config/sp-certificate.cer
##AUTH_SAML_SIGN_ALGORITHM## NA
NA
##AUTH_SAML_SIGN_ALGORITHM##
##AUTH_SAML_BINDING_TYPE## NA
NA
##AUTH_SAML_BINDING_TYPE##
##AUTH_SAML_INCLUDE_SP_CERT## NA
NA
##AUTH_SAML_INCLUDE_SP_CERT##
##GIT_ENV_ID## This variable represents the environment in which your GIT operations or deployments are being performed. Common environment names include dev (development), QA (quality assurance), SIT (system integration testing), PROD (production), and so on. It helps you to understand with which branch you need to work. NA ##GIT_ENV_ID## A new group GIT ADMIN is created which is mapped to GIT_ADV role which is mapped to below functions. Kindly map the above group to the user to access the required GIT functionality:- GITVIEW
- GITPUSH
- GITPULL
##GIT_USERNAME## This is your GitHub username. NA ##GIT_USERNAME## ##GIT_PAT_SECRET## This variable stores your GitHub Personal Access Token (PAT). A PAT is a secret token used for authenticating API requests or GIT operations over HTTPS instead of a password. NA ##GIT_PAT_SECRET## ##GIT_PROXY_URL## If your environment requires you to access external resources like GitHub through a proxy server, this variable defines the proxy server's hostname or IP Address. NA ##GIT_PROXY_URL## ##GIT_PROXY_PORT## This defines the port number on which the proxy server listens. It works together with GIT_PROXY_URL to route your Git traffic through the proxy. NA ##GIT_PROXY_PORT## ##DATASTUDIO_INTERPRETER_CLEANUP_ENABLED## Idle sessions will never get invalidated if cleanup is not enabled by the additional settings described below, or when the idle-session-timeout value is set to 0. Yes False ##DATASTUDIO_INTERPRETER_CLEANUP_CRON## Refers to a scheduled cleanup task for an interpreter (such as the one that executes reports or queries) within a system like Data Studio, which helps optimize system performance by clearing out temporary or unused data at regular intervals. Yes ##DATASTUDIO_SERVER_ASYNC_THREADPOOL_SIZE## This is a configuration parameter for controlling the number of concurrent threads allocated to handle asynchronous tasks (like data processing, report rendering, etc.) on a Data Studio (or similar) server. It helps manage system performance, especially when many users are interacting with the system or large amounts of data need to be processed. Yes The default value is 128. Set this to any one of the following values: - Low concurrency (10 users) + Normal usage (low cpu): 32
- Low concurrency (10 users)+High usage (time intensive): 128
- High concurrency (50 users) + Normal usage (low cpu): 128
##DATASTUDIO_SERVER_SCHED_THREADPOOL_SIZE## This is a setting that controls the number of concurrent threads available for executing scheduled tasks on the Data Studio server. By adjusting this, you can manage how many tasks, such as data refreshes or scheduled reports, can be processed in parallel. Yes The default value is 128. Set this to any one of the following values: - Low concurrency (10 users) + Normal usage (low cpu): 32
- Low concurrency (10 users)+High usage (time intensive): 128
- High concurrency (50 users) + Normal usage (low cpu): 128
##DATASTUDIO_HIKARI_MAXPOOLSIZE## This setting controls the maximum number of database connections that can be maintained by the HikariCP connection pool in the Data Studio server. When the system needs to interact with a database (for data fetching, report generation, etc.), it requests a connection from the pool. Yes The default value is 650. Set this to any one of the following values: - Low concurrency (10 users) + Normal usage (low cpu): 250
- Low concurrency (10 users)+High usage (time intensive): 350
- High concurrency (50 users) + Normal usage (low cpu): 650
SCHEDULER_TIMEZONE This displays the timezone ID for the respective region. SCHEDULER_TIMEZONE_DISPLAY_NAME This property is used to display the time zone region information in the Schedule screen. Note:
If changes are done directly on the UI and then restarted, then the overwrite will not be triggered and the configuration will not change. It is only dependent on the file system JSON.Note:
- In case of ##DATASTUDIO_AAI_URL## and ##MMG_SVC_URL##, do not add any ending ‘/’ in the URLs
- If the pool size, connection timeout and idle timeout are not configured, then it will proceed with the default Hikari Configurations.
- The default session timeout is 3600 seconds (60 mins). You can configure the timeout by using the server.servlet.session.timeout property.
- If the AUTH type specified is AAI, make sure the AAI System has appropriate user groups mapped for the users. WKSPADMIN, IDNTYADMN, IDNTYAUTH need to be present for a successful subsequent logins.
- The name for the MMG Studio cookie is ORA_OLDS_SESSION.
- If the ##MMG_SSL_ENABLED## is set to false, the keystore configuration must be done for mmg-studio as it is SSL enabled by default. MMG application and MMG Studio can use the same SSL configuration if configured in the same server.
- The wallet is the same for all the MMG services including MMG Studio. Hence, if you want to use MMG Studio with wallet configurations, then configure it in the same wallet.
- If MMG Studio is remotely configured, then the MMG
Application Configuration Schema wallet alias and
tnsnames.orafile entries need to be added to the MMG Studio configured wallet andtnsnames.orafile. - If the MMG application is Non SSL, set the below
property to “false” in the
application.ymlfile inside MMG Studio and restart the services.security:cookies:secure: false
Note:
The flag*IS_SELF_USR_GRP_AUTH_ALLOWED*in the NEXTGENEMF_CONFIG table is used to check if the Self Groups Approvers/Reviewers are allowed or not. If it is 'Y', then the Requested User as well Approvers and Reviewers can belong to the same user group. Otherwise, 'Self User Group Authorization is not allowed' is returned.Support of Alphanumeric Name in SAML Entity ID for SAML ConfigurationMMG Application:mmg_ui/application.propertiesfile contains SAML entitysaml.auth.sp.entityplaceholder that contains values likehttps://<FQDN of compliance server>:7001/csHowever, the requirement is to have this parameter value asamlcs8126i.e. support of SAML Entity ID as alphanumeric name.The expected value from SAML team:saml.auth.sp.entity="amlcs8126":Entity ID should not contain below special character as per ForgeRock MF Authentication (Policy sets in the UI: ForgeRock Identity Cloud docs).
The regex allowed is:
^[A-Za-z0-9,.\\/:@&?\\-_]+$, and it should be passed in a string.