Page History
Preliminaries
Create two IAM accounts as described in SHRINE 4.1.0 Chapter 8 - SHRINE's Configuration .
Set up a Kafka server. TODO.
Security configuration for Kafka. TODO
Configuring users for Kafka TODO
Configure the Hub's shrine.conf
...
Tomcat will need the hub's AWS SQS Kafka credentials to send and receive messages . Add your access ID and secret to in tomcat's password.conf:
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
shrine.aws.accessKeyId = "HUBAWSKEYID" //the hub's AWS access key id - usually all capitals and numbers shrine.aws.secretAccessKey = "hubAwsSecretKey" //the hub's AWS secret key - very long, mixed case letters and numbersTODO |
Configure shrineNetworkLifecycle
The shrineNetworkLifecycle needs the admin AWS Kafka credentials to create, modify, and delete AWS SQS QueuesKafka topics. Add that to the shrineNetworkLifecycle's conf/password.conf :
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
shrine.aws.accessKeyId = "ADMINAWSKEYID" //the admin AWS access key id - usually all capitals and numbers shrine.aws.secretAccessKey = "AdminAwsSecretKey" //the admin AWS secret key - very long, mixed case letters and numbers TODO |
network.conf
To use AWS SQSKafka: in network.conf, specify an aws.sqs a Kafka section with the specifics to share with downstream nodes:
Code Block | ||||
---|---|---|---|---|
| ||||
shrine { network { network { name = "Network Name" hubQueueName = "hub" adminEmail = "yourEmail@yourhospital.edu" momId = "arn:aws:iam::1234567890:user/your-hub" aws.sqskafka = { queueOwnerAWSAccountId = "1234567890" //Digits networkPrefix = "best-network" region = "us-east-1" } todo } nodes = [ { name = "Hub's node" key = "hub-node" userDomainName = "network-hub" queueName = "hubNode" sendQueries = "false" adminEmail = "yourEmail@yourhospital.edu" momId = "arn:aws:iam::1234567890:user/your-hubtodo" } ] } } |
The hub owns all of the AWS SQS queues. Find the queue owner's account ID - all digits - in the upper right corner of the AWS IAM console page.controls the Kafka topics. TODO
Choose a network prefix. This will be prepended to queue names to allow managing multiple networks in on the same AWS accountKafka cluster.
Use AWS IAM identity names the Kafka user name of the account to receive the messages for the momId. Find this on the AWS IAM > Users > user page.TODO
Note that the network's momId is the same as hub's node momId. Each downstream node will have its own AWS AIM identity from its own AWS accountThe Kafka admin will make a Kafka account for each downstream node.