Configure

The configuration process takes place in your terminal. You will respond to a series of prompts that will result in the generation of .mdl files. The .mdl files will be used during the installation process. Default responses are in [brackets].

1. Troubleshooting

As you work through the configuration process, respond to the prompts carefully. It is much easier to make a correction before moving on to the next prompt.

If you make a mistake, follow these instructions.
  1. Close the installer.

  2. Delete the .mdl file that contains the mistake.

  3. Relaunch the installer.

  4. Continue following the prompts.

2. Launch the installer

Launch the installer, then respond to every prompt.

Each prompt is described in detail in the sections below. Follow along with this document as you complete the configuration process.

To launch the installer, run the following command:

./bin/saagiectl configure

3. Deployment mode

What is your K8s provider ? (valid answers: gke, eks, aks, custom) [custom]:
  • gke: Google Cloud

  • eks: Amazon Web Services

  • aks: Microsoft Azure

  • custom: any other type of Kubernetes cluster management

What is the type of registry? (valid answers: 'OFFICIAL', 'CUSTOM') [OFFICIAL]:
  • If OFFICIAL, Docker images are pulled from the Saagie Docker registry.

  • If CUSTOM, Docker images are pulled from your Docker registry.

Authentication Mode (valid answers: LDAP, STANDARD) [STANDARD]:
  • Select LDAP to rely on your corporate LDAP for identity and access management.

  • Select STANDARD to rely on Saagie’s built-in user management.

File generated: deploymentmode.mdl

4. Settings

Metric data is mandatory for billing. It is also sent to the Saagie server. To opt out of sending anonymous data, choose false. (valid answers: 'true' or 'false') [true]:
  • Respond true to keep anonymous data tracking

  • Respond false to avoid sending anonymous data

Do you need a custom extra volume for FluentBit ? (valid answers: 'true' or 'false') [false]:
  • Respond true to customize the Fluent Bit volume.

  • Respond false to keep the default volume.

Expose Prometheus endpoint ? (valid answers: 'true' or 'false') [false]:
  • We use Prometheus for monitoring purposes.

  • Respond true to expose Prometheus metrics via HTTP.

  • If you respond true, you will be asked for your username and password later.

Do you need to define a HTTP/HTTPS proxy ? (valid answers: 'true' or 'false') [false]:
  • Respond true to define HTTP/HTTPS proxy

  • If true, you will be asked for HTTP/HTTPS proxy and related credentials if any.

Define node label for deployment ? (valid answers: 'true' or 'false') [false]:
  • We recommend responding true so that you have a node dedicated to running Saagie.

File generated: settings.mdl

5. URL

The responses to these prompts must match what you determined for your DNS entry when verifying your prerequisites.

Platform url prefix:
  • This is the same prefix you will use for your DNS entry.

    We strongly suggest to use your company name or a shortened version of your company name.
  • Example: dunder

Platform url suffix:
  • This is the same suffix you will use for your DNS entry.

  • Example: workspace

Platform url domain:
  • The DNS entry under which your Saagie instance will be hosted.

  • Example: dundermifflin.com

The example above results in the URL dunder-workspace.dundermifflin.com.

File generated: url.mdl

6. SMTP

SMTP Host:
  • IP or DNS name of SMTP host

  • Example: smtp.mailgun.org

SMTP Port (number required) [25]:
  • Usually 25, 465, or 587.

SMTP: Enable authentication (valid answers: 'true' or 'false') [true]:
  • If SMTP has authentication.

SMTP: Transport protocol (valid answers: smtp, smtps) [smtp]:
  • SMTP or SMTPS.

SMTP: Enable starttls (valid answers: 'true' or 'false') [true]:
  • Respond true to allow the SMTP server to negotiate the use of TLS.

SMTP username:
SMTP password:
Repeat for confirmation:
  • The username and password for the account from which Saagie emails will be sent.

  • Password must contain at least eight characters from three of the following four categories:

    • Uppercase characters A-Z

    • Lowercase characters a-z

    • Digits 0-9

    • Special characters (!, $, #, %, etc.)

Platform email sender ? (your SMTP gateway must allow this email address as the sender):
  • The email address used to send emails from Saagie (for example, for job alerts and resetting your password).

File generated: smtp.mdl

7. Platforms

How many platform(s) do you want to create/configure/install? (number required) [1]: 2
  • Number of platforms you want.

What is the Platform name?:
  • You can choose whatever works for your needs.

  • The Platform name will be displayed in the Platforms menu

What is the Platform authorized egress CIDR block? [0.0.0.0/0]:
  • Define a destination network authorized for platform egress (outgoing) communication.

Do you want to enable GPU option ? (valid answers: 'true' or 'false') [false]:
  • Enable the GPU option (mandatory to be able to run processes across GPU nodes).

Do you want to customize the datalake url ? (valid answers: 'true' or 'false') [false]
Custom datalake url: http://www.mydatalakeurl.com
  • Define a custom url for this platform’s datalake.

File generated: platforms.mdl

8. Kubernetes CIDR

K8S CIDR IP Range [0.0.0.0/0]:
  • This is the IP address or range where you join your Kubernetes API server.

  • You must use the physical network interface IP/range of your master server, not the clusterip of the Kubernetes service in the default namespace.

  • Remember to add /32 as a netmask if you specify a single address.

File generated: k8scidr.mdl

9. Deploy labels

Node custom labels
  • Responding true will lead to prompts about Node label key for deployment and Node label value for deployment:. This loop will continue until you have completed your custom labels and respond false.

Node label key for deployment:
Node label value for deployment:
Set another value ? (valid answers: 'true' or 'false') [false]: true
Node label key for deployment:
Node label value for deployment:
Set another value ? (valid answers: 'true' or 'false') [false]: false

File generated: deploylabels.mdl

10. Fluentbit volume

You will only respond to these prompts if you responded true to the Fluentbit volume prompt in the settings section.

Fluentbit volume mountPath:

File generated: fluentbit.mdl

11. Standard access

You will only respond to these prompts if you responded STANDARD to the Authentication Mode prompt in the Deployment mode section.

Standard Password:
Repeat for confirmation:
  • Password used by M2M user for internal communication.

Password must use all of the following types of characters: uppercase letters, lowercase letters, numbers, special characters.
  • This is the default user with administrative rights that will be used for Saagie internal services communication.

File generated: keycloakaccess.mdl

12. Customer access

You will only respond to these prompts if you responded STANDARD to the Authentication Mode prompt in the Deployment mode section.

Customer Password:
Repeat for confirmation:
  • Password for customer_admin user.

  • This is the default user with administrative rights that you will use to connect to Saagie UI for the first time.

File generated: customeraccess.mdl

13. LDAP access

LDAP Login:
LDAP Password:
Repeat for confirmation:
  • Your LDAP Login is the User DN that Saagie components will use to communicate with your LDAP service.

LDAP Admin group:
  • This is your Admin group name.

File generated: ldapaccess.mdl

14. LDAP

LDAP Vendor (valid answers: ldap, ad, other) [ad]:
  • ldap for LDAP

  • ad for Active Directory

  • other for other vendor

LDAP Host:
  • Description: IP or hostname of the LDAP server

  • Example: ldap.priv.company.com

LDAP Base DN:
  • Base DN of LDAP directory.

  • Example: dc=company,dc=com

LDAP User DN [CN=Users]:
  • Prefix where to look for users.

  • Do not add the baseDN here

LDAP User Object Classes (expecting a comma-separated list) [person, organizationalperson, user]:
  • Comma-separated list of expected object classes for user.

LDAP Username Attribute [cn]:
  • Attribute used to identify an user.

LDAP RDN Attribute [cn]:
  • Attribute used for user’s RDN.

LDAP UUID Attribute [objectGUID]:
  • Operational attribute that is unique across the whole directory.

LDAP Bind DN attribute [cn]:
  • User and the location of the user in the LDAP directory.

LDAP Group Membership Attribute Type (valid answers: DN, UID) [DN]:
  • How group members are defined in LDAP Directory.

  • Must be either dn or uid.

LDAP Group Name Attribute [cn]:
  • Attribute used to identify a group.

LDAP Group DN [ou=Groups]:
  • Directory prefix where to search for groups.

  • Do not add the baseDN here.

LDAP Group Membership Attribute [member]:
  • Attribute used by a group to declare members.

LDAP Group Object Classes (expecting a comma-separated list) [group]:
  • Comma-separated list of expected object classes for groups.

File generated: ldap.mdl

15. Prometheus

You will only respond to these prompts if you responded true to the Prometheus prompt in the settings section.

Prometheus endpoint HTTP Basic Authentication - Set user name [monitoring]:
Prometheus endpoint HTTP Basic Authentication - Set user password:
Repeat for confirmation:
  • Set username and password for Prometheus HTTP monitoring.

File generated: prometheus.mdl

16. HTTP proxy

You will only respond to these prompts if you responded true to the HTTP proxy prompt in the settings section.

Do you want to define a HTTP Proxy directive ? (valid answers: 'true' or 'false') [false]:
HTTP Proxy [http://proxy.saagie.com:3128]:
Do you want to define a HTTPS Proxy directive ? (valid answers: 'true' or 'false') [false]:
HTTPS Proxy [https://proxy.saagie.com:3128]:
Do you want to define a NO Proxy directive ? (valid answers: 'true' or 'false') [false]:
No Proxy [saagie.com, 10.0.0.0/8]:

File generated: proxy.mdl

17. Settings service

Settings Max storage size for apps (in MB) (number required) [128]:
  • Set the storage size limit in MB for an app volume.

File generated: settingsservice.mdl

18. EKS Configuration (Amazon EKS only)

For security matter, provide the ARN of the role to assign to the Saagie jobs (see documentation):
Restrict to private network (private network needed on VPC - internal load balancer) (valid answers: 'true' or 'false') [false]:
  • Respond true if the load balancer for the Saagie frontend should not be exposed to the internet.

File generated: eksconfig.mdl

19. Ingress configuration

You will only respond to these prompts if you responded custom to the K8s provider prompt in the deployment mode section.

You also need to configure your cluster to collect user IP addresses. Saagie will block IP addresses when there have been too many failed login attempts.

Does the cluster support load balancer auto-provisioning? (valid answers: 'true' or 'false') [true]:
What kind of loadbalancer is in front of k8s cluster? (valid answers: 'L3' or 'L4' or 'L7') [L4]:
  • Respond L3 if Saagie is deployed behind an Network load balancer.

  • Respond L4 if Saagie is deployed behind an TCP load balancer.

  • Respond L7 if Saagie is deployed behind an HTTP load balancer.

File generated: ingressconfig.mdl

20. Docker registry (dedicated mode only)

Docker registry:
  • Set the Docker registry used to pull the image inside Kubernetes.

File generated: registry.mdl

21. Technologies repository (dedicated mode only)

Is the technologies repository an internal one, for offline deployment ? (valid answers: 'true' or 'false') [false]:
  • Respond true if your cluster is offline and you provided your technologies.zip file using the saagiectl command.

  • Respond false if the technologies.zip will be downloaded via a URL.

Url of the technology repository:
  • Set the URL of the technologies repository.

Does the technology repository use a different Docker registry than the product ? (valid answers: 'true' or 'false') [false]:
  • Respond true if the Docker images for the technology repository are hosted on a different Docker registry than the Docker registry for the product.

Docker registry for the technologies repository:
  • Set the Docker registry of the technologies repository.

  • Respond false if the Docker images for the technology repository and the product are hosted on the same Docker registry.

File generated: technologiesrepository.mdl

22. Saagie file

This file is generated automatically and compiles all of the information from the configuration process.

If you find an error after the saagie.mdl file is generated, you do not need to delete it to correct it. Follow the process outlined above. Once you’ve fixed the mistake and the new file is generated, the saagie.mdl file is updated automatically.

File generated: saagie.mdl