Table of contents

Set up Watson Studio Local

After you install Watson Studio Local, you can configure it in the following ways.

Generating a self-signed certificate

If you need to enable an HTTPS connection to the Watson Studio Local web client with your own SSL certificate and private key (both in PEM format) rather than the default, complete the following steps:

  1. Generate a 2048 bit DES3 RSA key by entering the following command:
    # openssl genrsa -des3 -out server.key 2048
  2. Generate a certificate using the key that you just created earlier by entering the following command:
    # openssl req -new -key server.key -out server.csr
    Keep the challenge password entry blank by pressing Enter. Confirm that the server.key and server.csr were created.
  3. Create a new server.key based on the first server.key you created. This process eliminates the password. Use the following commands:
    # cp server.key server.key.org
    # openssl rsa -in server.key.org -out server.key
  4. Create a new certificate using the new key you created in the previous step by entering the following command:
    # openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
    Confirm that you now have a new server.key and a new server.crt that was created.
  5. Create a subdirectory called mycert and move both the certificate and key files to that directory.
To validate the certificate, view the information that is contained in the certificate by entering the following command:
# openssl x509 -noout -text -in ./cert.crty

Verify that the private key and the key used by the certificate match.

Configure Watson Studio Local settings and users

To configure Watson Studio Local, complete the following steps:

  1. By default, you can sign in to the Watson Studio Local client by using your high availability proxy IP address, for example, https://123.45.67.89.
    Optional: In the local DNS server, you can add an entry to resolve to the HA proxy IP address. For example: 123.45.67.89 ibm-nginx-svc. As a result, you are able to sign in to the Watson Studio Local client through the https://ibm-nginx-svc web address.
  2. Open the Admin Console by signing into the Watson Studio Local client from a web browser and switching to Admin Console.

    Context switcher to the admin console

  3. In the Admin Console, click the Menu icon ( The menu icon) and click User Management. Edit the admin user to set an email address and change the password for the primary administrator.
  4. You can configure a connection to your SMTP server so that Watson Studio Local can send email to users and admins. Watson Studio Local sends emails to users when they are given access to Watson Studio Local and to administrators when a new user signs up for Watson Studio Local, an alert is triggered, or an application setting, such as the alert threshold, is changed.

    To enable Watson Studio Local to send email:

    1. From your username, select Settings.
    2. In the SMTP settings section, specify the following information:
      • The SMTP mail server address.
      • The port number of your SMTP server.
        Important: If you specify a secure port, you must select Use SSL encryption. If you specify a secure port but do not select this option, Watson Studio Local cannot communicate with your SMTP server.
      • Depending on your SMTP server, you might need to specify your SMTP credentials:
        • If your SMTP server doesn't have a mailer daemon, you must specify an SMTP username and password.
        • If you SMTP server does have a mailer daemon, communications from Watson Studio Local are associated with the mailer daemon account automatically. To associate communications with a specific account instead, provide the credentials for that account.
    3. Click Save. If your SMTP configuration is successful, you receive a confirmation email.
  5. Add users or set up an LDAP server. See Manage users for details.
  6. Switch to the Watson Studio Local client.

    Context switcher to the admin dashboard

  7. Verify that the sample notebooks display successfully. Create a test project.

Configure Watson Studio Local to work with the HDP or CDH cluster

If your HDP or CDH cluster does not use security, then just ensure Watson Studio Local can access it. No additional configuration is needed.

Requirement: A secure HDP cluster or secure CDH cluster to work with Watson Studio Local.

To configure Watson Studio Local to work with a secure HDP or CDH cluster, complete the following steps:

  1. In the Watson Studio Local master node, run the /wdp/utils/add_endpoint.sh script to add the certificate to securely connect to the HDP or CDH cluster. Additionally, you can run the script to set up the default Livy endpoint for the Watson Studio Local cluster. Example:
    ./add_endpoint.sh --knox-url=https://9.87.654.323:8443 --addcert
    ./add_endpoint.sh --knox-url=https://9.87.654.323:8443 --livy-url=https://9.87.654.323:8443/gateway/dsx/livy/v1 --addcert

    where https://9.87.654.323:8443/gateway/dsx/livy2/v1 represents the secure Livy endpoint that is defined in dsx.xml. As a result, the script automatically creates a default_endpoints.conf file.

    Alternatively, in the Admin Console, click the menu icon ( The menu icon) and click Scripts. In the Script pull-down menu, select Add the default Livy endpoint for Watson Studio (add_endpoint.sh) to perform the same tasks.

    add_endpoint.sh

  2. Restart your Jupyter kernel and Zeppelin interpreter to pick up the new certificates.
  3. To ensure the same usernames exist in both Watson Studio Local and HDP or CDH, set up the HDP or CDH LDAP server in Watson Studio Local. See Manage users for details.

Configure Watson Studio Local to work with Microsoft Azure VMs

Requirement: Watson Studio Local must be installed on Microsoft Azure VMs.

For users to access the Watson Studio Local client, you must make all three private IP addresses for the three master nodes (either from the three node or nine node configuration) accessible. Complete the following steps on each master node:

  1. In the /wdp/k8s/dsx-local-proxy/k8s/ directory, back up nginx-service.yaml to nginx-service.yaml.orig.
  2. Edit nginx-service.yaml and change the IP addresses to the three private IP addresses of the three master nodes (follow the same format as in the file, and ensure each IP is on a separate line). Example:
    ( externalIPs:
    10.0.0.100
    10.0.0.7
    10.0.0.8
    10.0.0.9)
  3. Run the command: kubectl delete -f nginx-service.yaml.orig --namespace=ibm-private-cloud
  4. Run the command: kubectl create -f nginx-service.yaml --namespace=ibm-private-cloud
  5. Test for an HTML response by running the command: curl -k https://
  6. Order a Load Balancer within Azure, and set up the Load Balancer for HTTPs (port 443) to point to the three private IP interfaces of the three master nodes.

Optional configuration settings

In the Watson Studio Local client, an administrator can optionally adjust when alerts are generated, how long log files and metrics are stored, and how frequently the metrics on the dashboard are refreshed.

To configure refresh and retention settings:

  1. From the Admin user profile icon, select Settings.
  2. In the Refresh and alert settings, adjust the appropriate settings:
    Log retention (days)
    The number of days to keep logs before they are automatically deleted. The default is 10 days.
    Metrics retention (days)
    Number of days to keep metrics history (such as the CPU and memory usage shown in the dashboard) before they are automatically deleted. The default is 1 day. Note that if you increase the retention period and increase the frequency with which the dashboard metrics are refreshed, you use much storage in the Mongo database where metrics are stored.
    Dashboard refresh (seconds)
    The frequency with which the data in the admin dashboard is refreshed. The default is 10 seconds
    Alert threshold (%)
    The usage threshold at which an alert is triggered. When the usage reaches this threshold, the node color immediately changes to red. The alert is generated if the usage stays above the threshold longer than the time that is specified for the Alert length threshold setting. The default is 90%.
    Alert warning threshold (%)
    The usage threshold at which a warning is triggered and the node color changes to yellow. The default is 70%.
    Alert time threshold (minutes)
    The length of time that must elapse before an alert is generated. For example, if CPU usage goes above 90% for 30 seconds during a complex computation, you probably don't need to be alerted. But if CPU usage stays above 90% for 5 minutes, it might be cause for concern.
  3. Click Save.