ACE PlatformApplicationsAlatation

Alation

Alation is a data catalog application supporting collaboration, data analysis, and data governance. It links to Oracle’s legacy and a Redshift data warehousing backend.

Responsible Teams

The IMO team use this tool. And the Infra Team is responsible for the infra side of it.

The deployment of this application was carried out by Xander from the IMO team. Since he has left the company, our understanding of this application remains limited. As the Infra team, we strive to keep it up and running on the legacy EC2 instance until the IMO team transitions to other tools or the SaaS Alation.

Contacts:

  • IMO Team: Rhoanna Perez
  • Infra Team: Slack: #ecdi-ace-infra-support
    • Parthi
    • Saeedeh

Quick Start

We have two Alation instances: UAT and Prod. Their data are detailed below:

EnvironmentInstanceIPURL
UATalation-upgrade110.158.21.143https://alation-upgrade1.ecd-ai.com/
Prodecd-alation-prod10.158.21.158https://ecd-alation.gene.com/

How to Log Into the Alation App?

  1. Click on the URL
  2. Log in with your UnixID
  3. You may encounter a “Login Not Allowed” message
  4. Inform Rhoanna Perez from the IMO team to give you access
  5. Once you’ve been granted access, you’ll be able to log in

History of Upgrades

We have upgraded these instances a few times over the years. Here are some of the most recent upgrade records.

General Note:

  1. Always check the upgrade compatibility—this is usually mentioned in the upgrade documentation.
  2. Always take a backup of PostgreSQL and the instance.
  3. Begin with the UAT upgrade, verify its success, and then plan for the Prod upgrade.

Upgrade to Version 2023.3 - Aug 2023

Date: August 2023. Update Instruction Document: update-alation-to-2023-3-x

Notes:

  1. In step 3, we followed the Manual Software Update for Standalone Systems instruction since we are using a single-stand server.
  2. Before step 3, we requested that the Alation release to be updated was pushed to the Alation Customer Portal (https://customerportal.alationdata.com/) for download.
  3. As we are not using the Alation Connector Manager, we skipped step 4.

Issues faced:

  • None

Update Kernel on Jan 2024

Date: EC2 kernel update performed in January 2024. Update Instruction Document: update-kernel Github Issue: #1248

Issues faced: None

Upgrade Version to 2024.1 - March 2024

Date: March 19, 2024. Update Instruction Document: Updateto20241

Notes:

  1. Before step 3, we requested that the Alation release to be updated was pushed to the Alation Customer Portal (https://customerportal.alationdata.com/) for download.
  2. In step 3, we followed the Manual Software Update for Standalone Systems instruction since we are using a single-stand server.
  3. As we are not using the Alation Connector Manager, we skipped step 4.

Issues faced: No specific issues were faced and we followed the six steps described in the document. However, in April 2024, Rohanna requested patching for a known issue in this version, which is explained in this document. The company reorganization and layoffs have delayed this step, and it has not been completed yet.

The patch applied on 25 June 2024, one both UAT and Prod. - Related Alation Ticket: case 500Dm00000TKlcmIAD

How to Update TLS Certificates

Alation has a built-in Nginx, so the SSL public-private key for the domain resides on the server and the public key needs to be signed by the Roche CA and put inside the instance. The following manual steps are required:

In April 2023, Hooman updated the certificate. For more information, refer to ticket #901.

  1. Generate self signed certificate for existing private key.
openssl req \
       -key /opt/alation/site/ssl/ssl.key \
       -new -out /opt/alation/site/ssl/ecd-alation-2023.crt

  1. Create a new request in https://roche.service-now.com to sign the public key.

  2. Confirm that Alation is started

sudo service alation status

  1. Rename the new certificate and key as ssl.crt and ssl.key and copy them to /opt/alation/alation/data1/site_data/ssl/

Note: Ensure the ssl.key is unencrypted without a password and ssl.crt file is in x509 base64 pem encoded format and the key and cert match .

5.Change ownership to alation and change the permission of the files to 600

sudo chown alation:alation /opt/alation/alation/data1/site_data/ssl/ssl.*
sudo chmod 600 /opt/alation/alation/data1/site_data/ssl/ssl.
  1. Enter Alation shell

sudo service alation shell

  1. Redeploy the configuration

alation_action deploy_conf_nginx

  1. Restart nginx and uwsgi
alation_action stop_nginx 
alation_action start_nginx 
alation_supervisor restart web:uwsgi
  1. Access the Alation instance URL in a Chrome browser and confirm the new certificates have been updated and reflect the Alation URL by clicking on the Lock icon -> Connection is secure -> Certificate is valid and viewing the certificates from the top left side of the URL address bar.

Legacy Troubleshooting

Despite nearly two years of working at this company, I have not faced these issues requiring troubleshooting. However, I have retained these points from the previous version of the document in case we need them in the future.

Disclaimer: Please recheck these steps before using them, as they have been copied and pasted from old documents and their validity has not been confirmed.

Support Dump

  1. SSH to server and enter the alation shell by running sudo service alation shell
  2. In the alation shell, enter alation_action create_dump

The zip’s naming convention is dump_<YYYY-MM-DD_hh-mm-ss>.tgz. The zip can be found in /data1/site_data/logs/ inside the shell, and /opt/alation/alation/data1/site_data/logs/ outside the shell

Users unable to Use Alation compose (Alation SQL Editor)

Users were unable to authenticate their gcore credentials in compose. Users had to use dbeaver instead

  1. ssh to Alation Server. Change the key location ssh -i ~/.ssh/us_west_2_prod ec2-user@ecd-alation.gene.com

  2. Connect to Alation Shell sudo /etc/init.d/alation shell

  3. Perform java restart alation_supervisor restart java:*

  4. If the query queue is still stuck, can restart the task server as well alation_supervisor restart java:taskserver

Users unable to logon to Alation UAT https://alation-upgrade1.ecd-ai.com/

  1. Users get the web page error “Login not allowed.Your account is not active, please contact the site admin”

  2. Interim Fix - Logon to UAT Alation Server ssh -i ~/.ssh/us_west_2_prod ec2-user@10.158.21.143

  3. Run sudo service alation shell

  4. Run alation_psql

  5. Add email address of the user and run the below query. Get id from first query and change it next queries

select id, username, is_active, last_login, email from auth_user where lower(email) = lower('perezr38@gene.com');
select user_id, display_name, is_suspended,is_admin,user_type from rosemeta_userprofile where user_id = 108;
select * from simple_email_confirmation_emailaddress where user_id=108;

  1. If user status is suspended on second query. Logon again UAT Alation Server ssh -i ~/.ssh/us_west_2_prod ec2-user@10.158.21.143

  2. Run sudo service alation shell

  3. alation_django_shell

  4. Using user_id from above query, run the below command

from rosemeta.models import *
users = [106]
for user in users:
    u = User.objects.get(id=user)
    up = u.profile
    up.activate()
  1. From the first shell, run the below query and make sure the account is active
select user_id, display_name, is_suspended,is_admin,user_type from rosemeta_userprofile where user_id = 108;

  1. Request users to logon to https://alation-upgrade1.ecd-ai.com/, it should trigger an access email to Kioma Palkhivala

  2. Permanent Fix - Already applied but listed it for others to know

    Logon to https://alation-upgrade1.ecd-ai.com/. Click on Settings, select Authentication. (only Admins can do it. If you don’t see it reach out to Kioma Palkhivala to get access) Under User Signup Moderation Preference, Enable “Require Server Admin’s approval before new accounts becomes active” and refresh the web page Logon to UAT Alation Server ssh -i ~/.ssh/us_west_2_prod ec2-user@10.158.21.143 Run sudo service alation shell alation_supervisor restart web:*

Restore Instructions in Case of Rollback

Follow this document for instructions: https://docs2.alationdata.com/en/latest/installconfig/BackupandRestore/RestoreFromBackup/RestoreAlation.html

FAQ

Open Support case

To open a support case, visit the Alation Support Portal. After registration, you will have sufficient access to create support cases. If you experience any issues, please reach out to Parthi.

References

TODO

  1. Implement a valid SSL Certificate for https://alation-upgrade1.ecd-ai.com/; however, since it’s internal, this has not been a high priority yet.
  2. Patch Alation as mentioned in the “Upgrade to Version 2024.1 - March 2024” section.
  3. Discuss with the IMO team about moving to SaaS Alation.
OverviewEyenotate App Rap Migration