Setting up HMS

Learn how to setup HMS.

Prerequisites to get API key

  1. Go to https://cloud.ibm.com/.
  2. At the top of the page, from the Manage sub-menu, select Access (IAM).
  3. Click Service IDs and Create.
  4. Provide Create service ID details.
  5. On the Access tab, perform the following actions:
    1. Click Assign access.
    2. In the Service search field, type watsonx.data and click it. Click Next.
    3. In the Resources section, ensure that All resources is selected. Click Next.
    4. In the Roles and actions section, select MetastoreAccess and Administrator, and click Next.
    5. Click Add and Assign.
  6. Click the API keys tab and click Create.
  7. Provide Create API key details. You must name the API key as ibmlhapikey.
Note:
  • By default huser is ibmlhapikey.
  • Token is the API key obtained in Step 7.

Procedure to set up HMS

Note: Endpoint is the thrift endpoint url which you retrieve from watsonx.data instance. For more information, see Getting the HMS endpoint.

Ensure that the url is in thrift://<host>:<port> format, when you run nz setup-hms command.

Important: For on-prem deployment with self signed certificate, export certificates and use --cert somecert --truststore_pw {password} options.
  1. Run setup-ms script from NPS host
    setup-ms --help

    Usage:

    setup-ms [-h] {create,list,delete}
    Table 1. Positional arguments
    Argument Action
    create Create a connection.
    delete Delete a connection.
    list Lists connections.
    options {-h, --help} Show this help message and exit.
    --connection CONNECTION Name of connection.
    --huser HUSER HMS username.
    --token TOKEN Token of HMS user.
    --endpoint ENDPOINT Endpoint of thrift connection.
    --cert CERT Path of self signed cert.
    --truststore_pw TRUSTSTORE_PW The trust store password if provided.
  2. Create an HMS connection using following command:
    setup-ms create hms --connection <connection_name> --huser <hms_user> --token <token> --endpoint <thrift_endpoint> --cert <certificate_path>
    HMS config file not found, creating one.

Success!
  3. List existing HMS connections:
    setup-ms list

  4. To create the variance with and without custom truststore.

    Note: If you create a self-signed certificate and add it to a specific truststore (different from the default OS truststore), you will need to include the --cert and --truststore_pw arguments when running the application. Refer to the following example for proper usage.

    Example:

    With custom truststore:
    setup-ms create hms --connection test_nj --huser ibmlhapikey --token <removed> --endpoint thrift://10.0.0.1:9083 --cert "/usr/lib/jvm/jdk-17.0.7+7-jre/lib/security/cacerts" --truststore_pw changeit
    Without custom truststore:
    setup-ms create hms --connection test_nj --huser ibmlhapikey --token <removed> --endpoint thrift://10.0.0.1:9083 --cert "/usr/lib/jvm/jdk-17.0.7+7-jre/lib/security/cacerts"
    HMS config file not found, creating one.

Success!

Procedure to remove HMS setup

Delete an HMS connection:
setup-ms delete --connection fake-conn