SAS administrators

Automatic cloning of SAS metadata user groups and roles

 metadata, SAS administrators, SAS programmers, Tech  No Responses »
1月 112023
 

Cloning SAS metadata user groups
In this blog post, we tackle automating the SAS Intelligence Platform administrator’s task of replicating (cloning) metadata users’ groups and roles from one user to another.

As more people become new SAS users or move to new projects or teams, their data and applications access credentials need to be set up or modified in SAS Metadata. In this scenario, a typical request to SAS platform administrators looks like one of the following:

  • Add Mr. A Smith as SAS user and make him a member of the groups and roles matching those of Ms. B. Brown.
  • For an existing SAS user Mr. A. Smith, replace his memberships of the groups and roles to mimic those of Ms. B. Brown.
  • For an existing SAS user Mr. A. Smith, add to his memberships of the groups and roles those that are missing from those of Ms. B. Brown.

SAS administrators routinely fulfill such requests by manually clicking through SAS Users plug-in in SAS Management Console. However, when a number of groups/roles to assign becomes rather large, this seemingly straightforward process can become overwhelming and error-prone.

Let's change the conventional practice of manually replicating group memberships from one user to another. Let's do it programmatically, which will make it easy, repeatable, fast, consistent, efficient and reliable.

Using SAS metadata functions to GET user-group associations

While you can employ macro %MDUEXTR to produce a list of groups for metadata users, here we are going to dive deeper and implement this task by using SAS data step metadata functions.

First, we connect to the SAS metadata server:

/* Connect to the SAS metadata server */
options
   metaserver = 'your_metadata_server'
   metaport = 8561
   metarepository = Foundation
   metauser = 'sasadm@saspw'
   metapass = '{SAS002}encrypted_password'
   ;
Then, let’s run the following code:
/* User Name (not Display Name) */ 
%let user_name = B Brown;
 
data USER_GROUPS;
   length UserName UserURI GroupURI GroupName GroupDisplayName $256;
   call missing(of _char_);
   UserName = "&user_name";
   UserURI = "omsobj:Person?@Name='&user_name'"; 
   do j=1 by 1 while(metadata_getnasn(UserURI, 'IdentityGroups', j, GroupURI)>0);
      rc = metadata_getattr(GroupURI, 'Name', GroupName); 
      rc = metadata_getattr(GroupURI, 'DisplayName', GroupDisplayName);
      output; 
   end;
run;

Code highlights

In this code, we loop through user’s groups while the following condition is true:

metadata_getnasn(UserURI, 'IdentityGroups', j, GroupURI) > 0

It is important to realize that function METADATA_GETNASN returns two values. Besides its return value (number of associated objects) referenced by the function itself, its 4-th argument (GroupURI) also returns a value of the j-th associated object of the specified association ('IdentityGroups') for the specified object (UserURI).  When j becomes greater than the number of groups associated with the user, this function returns value of -4 ( “j is out of range” ) which effectively stops further iterations of the do-loop.

Within the do-loop, we use function METADATA_GETATTR which returns the value (GroupName) of the specified attribute ('Name') for the specified object (GroupURI). Successful completion is indicated by its return value rc=0.

Similarly, the second call of the METADATA_GETATTR function returns GroupDisplayName.

Output

As a result, we are going to get the following USER_GROUPS table:

Metadata user groups inventory

Using SAS metadata functions to SET user-group associations

Analogous to retrieving user groups associations using METADATA_GETNASN function, we can SET (or assign) such associations using METADATA_SETASSN function.  For example, the following statement will modify existing list of members for the group referenced by the first argument (pguri) by adding a new user referenced by the 4-th argument (curi):

rc = metadata_setassn(pguri, 'MemberIdentities', 'Merge',curi);

SAS macro to automatically clone group memberships from one user to another

Now, let’s cut all the exploratory code and wrap everything together into a little nice macro:

%macro mm_clone_user_groups 
   (
   child_name=,  /* Child's User Name (not a Display Name)                   */
   parent_name=, /* Parent's User Name (not a Display Name)                  */
   mod=ADD       /* Modifier (optional, values – ADD or Replace, default=ADD */
   );
 
data _null_;
   length curi cguri puri pguri $256;
   call missing(of _char_);
   curi = "omsobj:Person?@Name='&child_name'";  /* Child's URI  */
   puri = "omsobj:Person?@Name='&parent_name'"; /* Parent's URI */
 
   /* Conditionally remove existing Child's Groups */
   if upcase("&mod")="REPLACE" then
   /* Loop through Child's Groups */
   do i=1 by 1 while(metadata_getnasn(curi,'IdentityGroups',i,cguri)>0);
      /* Remove Child User from each Child's Group */ 
      rc = metadata_setassn(cguri,'MemberIdentities','Remove',curi);
   end;
 
   /* Loop through Parent's Groups */
   do j=1 by 1 while(metadata_getnasn(puri,'IdentityGroups',j,pguri)>0);
      /* Add Child User to each Parent's Group */ 
      rc = metadata_setassn(pguri,'MemberIdentities','Merge',curi);
   end;
run;
 
%mend mm_clone_user_groups;

Code highlights

The first do-loop executes conditionally only when Modifier is REPLACE (case-insensitive). It iterates through all the groups that child user belongs to and remove that child user from each such a group. Please note that removing a user from a group’s “Current Members” list is equivalent to removing this group from the user’s “Member of” list.

Similarly, adding a group to a user’s “Member of” list is equivalent to adding this user to the group’s “Current Members” list. We use this fact in the second do-loop when for each group associated with the parent we add the child as the group member.

Unless we need to report on the groups we are “cloning” from the parent, we may skip capturing their attributes (like Name or Display Name) using METADATA_GETATTR function as we did in the previous section.

Macro usage

Here are a couple examples of the macro invocation:

Example 1

%mm_clone_user_groups(child_name=A. Smith, parent_name=B Brown, mod=replace)

In this example, the macro will remove all the child’s group associations and replace them by those of the parent user.

Example 2

%mm_clone_user_groups(child_name=A. Smith, parent_name=B Brown)

Here, by default mod=ADD and the macro will augment the child’s group associations by those of the parent user.

Note, that these two examples cover all three scenarios of the group membership cloning outlined in the beginning of this post.

Acknowledgement

Great thanks to Carl Sommer of SAS Technical Support for his invaluable assistance and guidance in navigating through the SAS metadata functions and metadata object associations.

Questions? Thoughts? Comments?

Do you find this blog post useful? How do you administer user group identities/memberships in SAS metadata? Do you have questions, concerns, suggestions, or comments? Please share with us below in the Comments section.

Additional Resources

Automatic cloning of SAS metadata user groups and roles was published on SAS Users.

New certification alert: SAS® Certified Specialist: Administration of SAS® Viya®

 SAS administrators, SAS Certification, SAS Viya, Tech  No Responses »
1月 042023
 

Thank you to my co-author Raymond Thomas for his assistance on this post.

Learn more about the SAS Certified Specialist: Administration of SAS Viya and how to prepare.

Certification overview

SAS is pleased to announce a new SAS Viya Administration certification. Recognizing the growing need of cloud computing and Kubernetes, this new credential will help create a standard of knowledge within these areas.

Because of the growing skills required in cloud computing and Kubernetes, it’s critical that users can validate the skills they’ve learned and acquired to represent their knowledge. SAS developed the exam to cover the following major content areas:

    • Manage a SAS Viya environment.
    • Monitor, log and troubleshoot a SAS Viya environment.
    • Manage identities and users.
    • Manage content and functionality.
    • Manage data in SAS Cloud Analytic Services (CAS).

View more details about the certification: SAS Viya Administration Specialist | SAS.

To see a full list of topics covered, select the “Exam Content Guide.”

Why it's so important

This certification validates SAS Viya administration skills you have with employers. Proving your skillset through a certification shows your knowledge of managing and troubleshooting in SAS Viya, which greatly increases the opportunity for advancement in your career as a SAS administrator. Also, this certification is recognized worldwide by many leading industries, and obtaining this certification shows employers you are proactive and committed to your career.

Related job roles & industries

SAS Viya Administration applies to job roles across many industries such as Pharmaceutical, Banking, and Government. A few examples of job roles that may benefit from using the SAS Viya Administration include System Architects, Cloud System Administrators, Systems Analyst, System Administrator, System Engineer, and Linux or Windows Administrators.

The certification is intended for anyone with direct responsibility in administering SAS Viya or anyone administering a SAS 9 environment migrating to SAS Viya. SAS Viya administrators support users across many industries and this skill is highly prevalent.

How to prepare

While there are no prerequisites to take this exam, students often use a combination of training and experience to study for this exam. To prepare for the exam, these resources are available:

Courses

There are two free e-learning courses that are no prerequisites that may also be beneficial during your exam preparation:

Practice exam

Sample questions

Registration details

Follow this link to create an account or access your existing account to register: Certification Manager.

For detailed exam topics, hit the "Exam Content Guide" links on each credential's web page. The content guides contain exam sections, objectives, and expanded detail about the important topics.

The Specialist exam is A00-451. There are no pre-requisites for this exam, so anyone who is interested in this credential can register.

Summary

You can learn more about these new credentials at the links above. There you will find detailed exam content guides, free sample questions, and free practice exams (yes - free full length practice exams!).

We hope you tackle the recommended training, develop your skills, and register soon to be the first candidates to earn these credentials. Good luck with your preparations!

If you have additional questions, please ask in the comments below.

New certification alert: SAS® Certified Specialist: Administration of SAS® Viya® was published on SAS Users.

ESM and S9CA: Useful Tools for Migration from SAS 9 to SAS Viya

 ESM, S9CA, SAS administrators, SAS Viya, Tech  No Responses »
12月 202022
 

Change is hard and can be a bit scary. We tend to resist change as we get comfortable with our routines and how things work. However, many times we fail to see the benefits of that something new. Imagine if we didn't move from MS DOS to Windows? If we'd chose beta over VHS? If we still drove station wagons instead of SUVs? I could go on, but I think you get the point. Change is many times beneficial and necessary, even if it's different.

So, this brings me to the topic of migrating from SAS 9 to SAS Viya. Much has been written on the benefits of SAS Viya, so I'll not cover that here. What I do plan to pass along is that SAS has created many helpful tools to ease the migration. I'll cover two of these tools in detail: the Enterprise Session Monitor and SAS 9 Content Assessment.

Enterprise Session Monitor (ESM) and SAS 9 Content Assessment (S9CA) are part of the Ecosystem Diagnostics Family providing glass view into your SAS Environment. 

Key features of ESM include maximizing resource utilization, substantially increasing your effective operating capacity through advanced batch schedule optimization, performance tuning, and enabling cooperative resource sharing. Moreover, S9CA is a collection of applications designed to help you understand your SAS 9.4 deployment and content, gather and prepare SAS 9.4 content for migration, and import SAS 9.4 content.

ESM and S9CA work together offering a complete picture of your SAS Environment, but can also work independently. ESM provides capacity planning information which helps in the sizing of SAS environments. The SAS 9 Content Assessment provides information on the types of artifacts in your SAS Environment.  Together, ESM and S9CA provide information on how to successfully migrate from SAS 9.4 to SAS Viya.

Let's explore some of the features of each tool.

Reports

ESM

ESM provides the following information:

  • Number of Distinct SAS Users
  • SAS Users consuming resources
  • Capacity Report – CPU. Memory, I/O and sessions
  • Sizing Reports
  • Reports for proactive migration of jobs and users to SAS Viya
  • SAS Jobs being executed
  • Real-time workload identification
  • Self-service administration

S9CA

S9CA provides the following information:

  • Counts and collects data about what exists on the SAS 9 system
  • Granular details about selected artifacts
  • Validates code will migrate to SAS Viya
  • Finds internationalization issues in SAS programs
  • Prepares results for reporting
  • Summaries SAS 9 logs steps to analyze SAS Code for optimization
  • Counts the number of users for SAS application on SAS Workspace Servers
  • Analyzes SAS 9.4 system and configuration details to identify known deployment issues.

How it works

ESM

A prerequisite for ESM installation and configuration is an ESM server and agent. The agents connect to the server. There are various tools like proc-mon to collect the data. The ESM server receives events from the ESM agents at a rate of every two seconds. The impact to the servers with ESM agents is less than 20 percent of one CPU. The ESM agent's data is stored in a Postgres database for historical reporting. The ESM Maintenance Utility is installed and used to extract data from the agents.

S9CA

There are many applications that make up the SAS Content Assessment Tool. For example, the inventory application counts SAS artifacts defined to the SAS Metadata Server, SAS Mid-tier and the file system. The profile application provides more granular details for the SAS artifacts i.e., Enterprise Guide Projects, Enterprise Miner, Stored Processes etc. After each application runs via the command line, the published application creates an aggregated data mart for reporting.  After each application runs, the published application is used to create an aggregated data mart for reporting.  By default, Personal Identifiable Information (PII) data is obfuscated when the publish application runs, so this information is protected.

Timeline

ESM

Customer and SAS Activities Time Commitment Notes
Install/Config 4 hours/per environment If SAS resource is involved.
ESM Extraction After 7 days/1 hour After 90 days/1 hour

 

S9CA

Customer and SAS Activities Time Commitment Notes
Install/Config 1 hour/per environment Ensure to get the latest version of the software
Execute each application Time depends on Data being scanned  

 

Data Collection

ESM

ESM collects data on these SAS platforms

  • SAS x
  • SAS Viya 3
  • SAS Viya 4

S9CA

SAS artifacts scanned by S9CA

  • SAS code
  • SAS Stored Process
  • SAS Enterprise Guide
  • SAS Enterprise Miner
  • SAS Catalogs
  • SAS Object Spawner
  • SAS Workspace Server
  • SAS Metadata Server
  • Number of SAS data sets

As mentioned earlier, they can work independently, but they are better together. Together, ESM and S9CA assist with knowing the state of your SAS Environment and make the migration process to SAS Viya from SAS 9.4 straightforward.

ESM and S9CA: Useful Tools for Migration from SAS 9 to SAS Viya was published on SAS Users.

SAS administrator tip: How to identify and prevent duplicate librefs in SAS metadata

 duplicate values, librefs, metadata, Metadata-based libraries, SAS administrators, sas programming, Tech  No Responses »
11月 092022
 

SAS Admin tips and Q&A
If you operate in SAS® Enterprise Business Intelligence environment, you must realize that many of your data and user access functionalities and scopes are defined in and handled by the SAS metadata. Therefore, SAS metadata health is a paramount for successful SAS operations in your organization.

As a SAS user, have you ever been annoyed by a pop-up window in SAS Enterprise Guide? It reads “Duplicate librefs detected. Multiple libraries were detected in metadata that use the same libref for server SASApp. This is not supported configuration and may cause problems. Please contact your SAS administrator.” Here’s how it looks:

Duplicate librefs are detected for libraries in SAS metadata

Of course, the suggested solution to “contact your SAS administrator” is easy, but what if the SAS administrator is YOU?

Unfortunately, this warning message does not specify the duplicated librefs. How do you know which librefs are duplicates? Data libraries are listed alphabetically in the Data Library Manager plug-in of the SAS Management Console, but they are listed by their library names, not by librefs. Certainly, you can look up each library’s libref by viewing their Properties or View Libname, but this might be a daunting task if you have a large number of libraries.

But fear this not! Here is how you can quickly find those pesky duplicate librefs.

Identifying duplicate LIBREFs in SAS Metadata

Fortunately, there is an assortment of SAS DATA step functions for reading and writing metadata. These metadata functions enable SAS administrators to programmatically retrieve (or set) various attributes, associations and properties of the metadata objects.

SAS program to list all metadata libraries and identify duplicate librefs

The following little program will 1) create a SAS data table listing all the metadata libraries; 2) create another data table specifically listing only libraries with duplicate librefs.

/* Connect to the SAS metadata server */
options
   metaserver = 'your_metadata_server'
   metaport = 8561
   metarepository = Foundation
   metauser = 'sasadm@saspw'
   metapass = '{SAS002}encrypted_password'
   ;
 
/* Create metadata libraries listing/inventory */
data META_LIBS (drop=i rc ouri);
   length NAME $256 LIBREF $8 ouri $35;
   call missing(of _char_);
   do i=1 by 1 while(metadata_getnobj("omsobj:SASLibrary?@Id contains '.'", i, ouri) > 0);
      rc = metadata_getattr(ouri, 'Name', NAME);
      rc = metadata_getattr(ouri, 'Libref', LIBREF);
      LIBREF = upcase(LIBREF);
      output;
   end;
run;
 
/* Output metadata libraries with duplicate librefs */
proc sort data=META_LIBS nouniquekey out=DUP_LIBREFS;
   by LIBREF;
run;

Code highlights

  • Connection OPTIONS statement makes sure you connect to the metadata server of your interest.
  • CALL MISSING makes sure that all character variables are initialized to blanks – to eliminate NOTES in the SAS log that variables are
  • DO-loop iterates through all the libraries in the metadata. Note, that we specify only a start-value (i=1), increment value (by 1) and WHILE-condition of entering into the DO-loop (metadata_getnobj("omsobj:SASLibrary?@Id contains '.'", i, ouri) > 0).
    Here we use METADATA_GETNOBJ function which produces the output URI (ouri) of the i-th object that matches the specified input URI ("omsobj:SASLibrary?@Id contains '.'").  Besides returning the output URI, the function’s return value represents the number of objects matching the specified input URI (that is why we have while-condition as "> 0").  When negative value -4 is returned, it means that all SAS library objects are exhausted and DO-loop stops its iterations.
  • METADATA_GETATTR function is used twice and it assigns values of 'Name' and 'Libref' attributes of the metadata library object identified by the ouri
  • Since librefs are case insensitive, in order to eliminate case sensitivity in the captured values of libref we simply convert all its characters to upper case using the UPCASE function.
  • Finally, we use PROC SORT with NOUNIQUEKEY option to extract all non-unique LIBREF values and output observations with found duplicates to the DUP_LIBREFS data table. (NOUNIQUEKEY checks for and eliminates observations from the output data set that have a unique sort key.)

Duplicate librefs output

Here is an example of the produced data table that lists library names and duplicated librefs:

Duplicate librefs report for SAS metadata libraries

In case of no duplicate librefs, you will get the following NOTE in the SAS log:

NOTE: The data set WORK.DUP_LIBREFS has 0 observations and 2 variables.

Remediation of the duplicate librefs

Now, when you know the culprit(s), you can easily modify your metadata library definition to change the duplicate librefs to unique names. That is how you fix already existing problem.

However, such a fix would not preclude you from falling into the same trap again. How do you know that your new libref is unique and not repeating some other libref? Here is how to assuredly prevent this from happening.

Prevention from assigning duplicate LIBREF

The above method allows you to catch those accidentally (or not) assigned duplicate librefs. In this section, we will show how to prevent creating that mess in the first place! Here is how we can check (validate) if a libref that we are about to assign to a new metadata library is unique and not being used in one of the libraries that have already been defined in the metadata.

Solution 1: Querying metadata libraries listing

One simple solution is to use the data table META_LIBS created in the previous section. In essence, this data table is a listing (inventory) of all the data libraries defined in the SAS metadata.  You can visually browse it or you can query it. For example, the following code will validate your new libref for exclusivity:

/* Libref to check for uniqueness */
%let NEW_LIBREF=Abc;
 
/* Libref available or taken */
data _null_;
   set META_LIBS end=eof;
   if LIBREF=upcase("&NEW_LIBREF") then taken + 1;
   if eof and taken then put "***Libref &NEW_LIBREF already taken.";
   if eof and not taken then put "***Libref &NEW_LIBREF available.";
run;

It will produce either of the following two “verdicts” in the SAS log:

***Libref Abc available.
or
***Libref Abc already taken.

Solution 2: Using METADATA_RESOLVE function

Another, even simpler, single step solution uses the METADATA_RESOLVE function, which allows querying SAS metadata directly:

/* Libref to check for uniqueness */
%let NEW_LIBREF=Abc;
 
/* Check if requested Libref available or taken */
data _null_;
   length type id $20;
   call missing (of _character_);
   select(metadata_resolve("omsobj:SASLibrary?@Libref='&NEW_LIBREF'", type, id));
      when(0)   put "***Libref &NEW_LIBREF available.";
      when(-1)  put "***Unable to connect to the metadata server.";
      otherwise put "***Libref &NEW_LIBREF already taken.";
   end;
run;

METADATA_RESOLVE function resolves a URI specified in its first argument into an object’s type and id on the metadata server. In addition, and that what is important for our purpose, its return value represents the number of objects that match the specified URI. That is the return value of

  • 0 means no matches were found and our &NEW_LIBREF libref is available for use in the new library
  • -1 means that function was unable to connect to the metadata server
  • 1+ means that there is one (or more) libref &NEW_LIBREF already existing in the metadata and this libref is not available for the new library.

Questions? Thoughts? Comments?

Do you find this blog post useful? How do you prevent and handle duplicate librefs in the metadata? Do you have questions, concerns, suggestions, or comments? Please share with us below in the Comments section.

Additional Resources

SAS administrator tip: How to identify and prevent duplicate librefs in SAS metadata was published on SAS Users.

SAS Viya Workload Orchestrator CLI Plug-in

 Programming Tips, SAS administrators, SAS Viya, Tech  No Responses »
8月 302022
 

A key tool for SAS Viya admins and many users is the command line interface (CLI). You can think of it in terms of other CLIs, but with direct access to SAS Viya. The CLI facilitates automation of tasks as well as other administrative functions. You can find information about installing the CLI and its plugins SAS Users YouTube tutorial.

SAS Viya Workload Management Environment. SAS Viya Workload Management was developed by SAS, starting with the cloud-native version of SAS Viya and relies on Kubernetes. Kubernetes comes with capabilities to balance workload of jobs; however, SAS Viya Workload Orchestrator is designed to enhance Kubernetes’ workload capabilities by adding prioritization for jobs, queues management, etc.

Now, I am predicting you know what a plug-in is but just in case you don’t, a plug-in manages and monitors the service for which you are seeking or providing information. Before you use you any SAS Viya plug-in via the CLI, you must create a profile and authenticate. Here is the documentation which details those steps. You may also refer to the YouTube tutorial linked earlier.

Workload orchestrator plugin

In the example in Figure 1, I am using a command prompt for the CLI to connect to my SAS Viya environment. Make sure you read the links above on how to create a profile and authenticate. In the shell, navigate to the directory with the CLI executable. SAS Viya commands take the form:

> sas-viya --profile <profile name> command [command options] [arguments]

Now let’s look at some basic commands. We’ll increase the complexity of the command as we go along.

List command options

The most generic command for workload-orchestrator is listed in Figure 1.

Figure 1: List of command Line Options for workload orchestrator

The command returns the name of the CLI, the usage syntax and commands at my disposal.

Config command

Next, in Figure 2, let’s run the config command.

Figure 2: The config command displays granular details for the grid or tenant

The response displays details for additional commands for the grid or tenant configuration.

Extending the config code from above, we’ll use the config grid (and tenant) commands. With these commands you have the options get and set. Get returns the current grid information and set applies a new configuration to the grid.

Figure 3: The config command followed by grid, tenant and get

As you can see in Figure 3, I used the get command for both grid and tenant to display the configurations.

Hosts command

Now let’s look at the hosts command. In Figure 4, we use the hosts command to display the additional commands close, list and open hosts.

Figure 4: The hosts command

Figure 5 uses the list command and displays information about the current SAS Viya host.

Figure 5: The hosts command with the list command

Info command

Moving on to the info command in Figure 6, we see the available commands are grid, manager and tenant.

Figure 6: The info command with the list commands

In Figure 7, we use the three commands.

Figure 7: The info command with the grid, manager and tenant commands

The grid command lists information about the product. Manager lists information about the current usage of the manager. Finally, the tenant command lists information about the tenant.

Jobs command

Moving on to the jobs command in Figure 8.

Figure 8: The jobs command with the various commands

We see the results with the available commands including cancelling, listing, resume processing and suspending jobs.
We have a couple of commands remaining. Let’s move on.

Logs command

The logs command, as seen in Figure 9, allows you to set the log level or list specified logs.

Figure 9: The logs command with the various commands

The levels command also has get and set sub-commands. Get displays the logger levels for a specified host or all hosts. The set command sets a specified level for one more logger.

Figure 10 displays the logs command with the list command, and it shows info and error message collected.

Figure 10: The logs command with the list command

Queues command

The final command we’ll look at is the queues command. In Figure 11, you can see there are multiple commands available for queues.

Figure 11: The queues command with the various commands

Figure 12 is the list command of the queues command.

Figure 12: The queues command with the list command

Feel free to try out the other queues commands on your own.

Finally

Fairly straight forward, eh? I hope this helps you understand how you can use the workload-orchestration SAS Viya CLI plug to retrieve and configure various settings of the SAS Viya Workload Management Environment.

SAS Viya Workload Orchestrator CLI Plug-in was published on SAS Users.

Manage and Balance Workloads in SAS

 SAS 9.4, SAS administrators, SAS Viya, Tech  No Responses »
7月 282022
 

SAS Grid Manager for Platform, SAS Grid Manager, and SAS Viya Workload Management all manage and balance job loads, right? So, are there three SAS products providing the same functionality? Let’s explore, as I am curious in your answer after you read this article.

Each of the three applications has a Graphical User Interface (GUI), which provides basic functionality like monitoring and managing jobs, queues, and hosts. The GUIs differ slightly between applications, but let’s save that detailed conversation for another post. For now, let’s take a look at the applications.

Interfaces

SAS Grid Manager for Platform

SAS Grid Manager for Platform is developed by IBM and provided as an OEM license through SAS. This product was first made available in SAS 9.4 M2. The GUI has matured over time and Figure 1 represents the latest iteration.

Figure 1: Visual of the user interface for SAS Grid Manager for Platform

SAS Grid Manager for Platform takes advantage of the Load Sharing Facility (LSF), Process Manager (PM), and Platform Web Services (PWS) features. Together these features provide services for job execution, job scheduling and host information. You launch the GUI for SAS Grid Manager for Platform from a separate URL and it is also listed in the Instructions.html file generated during the install process. Most SAS customers use Platform Suite for SAS. It is our legacy product.

SAS Grid Manager

In SAS 9.4 M6, SAS released SAS Grid Manager which balances workloads, supports high availability, and has multiprocessing capabilities. See Figure 2 for a detailed view.

Figure 2: Visual of the user interface for SAS Grid Manager, which is called SAS Workload Orchestrator

The Balance Workload feature ensures the spread of resources across machines and they are not overloaded with running jobs. High Availability ensures resource availability in case of machine failure and insures jobs still run and execute. Multiprocessing capabilities breaks down jobs, so they run across machines.
The GUI for SAS Grid Manager goes by the name SAS Workload Orchestrator (SWO). You launch the SWO from a separate URL and it is also listed in the Instructions.html, which generates during the install of SAS. Since it is built with the SAS threaded kernel, SAS Grid Manager takes great advantages of the SAS features and capabilities.

SAS Viya Workload Management

SAS developed the SAS Viya Workload Management for the newest version of SAS Viya. The GUI for SAS Viya Workload Management goes by the name Workload Orchestrator (hmmm, sound familiar? 😉). The plug-in appears as a menu item in the left-hand navigation pane from SAS Environment Manager, as seen in Figure 3 below.

Figure 3: Visual of the user interface for SAS Viya Workload Management

SAS Viya is now cloud native and relies on Kubernetes and its capabilities for balancing job workloads. The SAS Viya Workload Orchestrator is designed to enhance Kubernetes’ workload proficiencies by adding prioritization for jobs, queue management, etc.

Functionality

Now that we've seen some of the differences in the user interfaces, let’s take a look at functionality.

SAS Grid Manager for Platform

SAS Grid Manager for Platform has a Grid Controller and Nodes. As seen in Diagram 1, the SAS Grid Controller machine has Process Manager installed on the machine.

Diagram 1: SAS Grid Manager for Platform

The Process Manager schedules the job and gives the job to the Load Sharing Facility (LSF). LSF executes the job and then submits the results back to Process Manager.

SAS Grid Manager

The SAS Workload Orchestrator (SWO) is the “brains” that acts as a coordination engine for SAS Grid Manager. As depicted in Diagram 2, the SWO keeps track of all of the entry points for jobs, including jobs that come in through the Metadata Server (e.g., Enterprise Guide sessions), Mid-Tier (e.g., BI Server sessions), and through batch submission (e.g., usage of gsub utility).

Diagram 2: SAS Grid Manager

These entry points then utilize compute resources; those resources may be managed through the Workspace Server, Stored Process server, or may be spawned directly through batch submission.

SAS Viya Workload Management

SAS Viya Workload Management extends the Kubernetes capabilities. SAS Compute talks to the Launcher Service, followed by the Workload Orchestrator Manager, which talks to the Workload Orchestrator Server. This flow is depicted in Diagram 3 below.

Diagram 3: SAS Viya Workload Management

The Kubernetes API Server talks to the Workload Orchestrator Manager and Server. It determines which nodes can start a pod for jobs. SAS Viya Workload Management adds queue prioritization and other features as well.

Side-by-side comparison

The following table summarizes the features of each product we’ve discussed in this article.

Finally

So, what do you think? Are SAS Grid Manager, SAS Grid for Platform and SAS Viya Workload Management alike or different? Can we agree on both? In my opinion, there are distant differences but there are some similarities, also..:-)

To summarize, all three products manage jobs and processes. SAS Grid Manager and SAS Grid Manager for Platform are similar running on physical hardware in the older version of SAS with multiple applications to manage. While SAS Viya Workload Management is running on the newest release of SAS in a cloud-based environment taking advantage of the Kubernetes technology in a one stop shop of SAS Environment Manager.

Manage and Balance Workloads in SAS was published on SAS Users.

Access for success: SAS Certification practice exams now offered for free

 advanced analytics, Data Management, Programming, SAS administrators, SAS Certification, SAS Visual Analytics, Tech  No Responses »
5月 172022
 

Here at SAS, we understand the importance of having access to cutting-edge professional resources. That’s why, for more than 40 years, we’ve provided individuals in programming, data management and analytics fields with low-cost and no-cost materials that promote success in their educational and professional journeys. And today, as the demand for employees with advanced skill sets and global certifications grows, we get it – having the ability to easily access the tools you need to succeed is more important than ever.

We’ve got you covered.

As part of our ongoing commitment to helping individuals enhance their skills, further their careers and increase their chance of success in the field, we’re now offering SAS Certification Practice Exams for free. Yes, free.

Over the years, candidates who have taken advantage of our practice exams have found them to be a valuable, effective tool for gauging their preparedness for SAS Certification Exams. When combined with other SAS training resources – like webinars, content guides, training courses and web tutorials – these free exams greatly increase candidates’ chances of success. Exams are currently available in:

    • Programming
    • Advanced Analytics
    • Data Management
    • Visual Analytics
    • Administration

Representative of the live exams, our online practice exams go through the same rigorous development process and are designed to give candidates an idea of what they should expect in the actual test questions. SAS practice exams also provide the rationale behind correct and incorrect answers, giving participants even more insight and opportunity for exam success.

And the numbers speak for themselves.*

    • Those who passed the practice exam had a 17.5% higher pass rate on the live exam than those who did not take or pass the practice version.
    • Those who took the practice exam – regardless of score – had an 8.15% higher pass rate on the live exam than those who opted not to take it.

Not to mention taking a practice test just might make the difference between passing the SAS Certification Exam on the first try or having to retake it. We’ve found that many who don’t pass the Certification Exam miss the mark by only a few questions, which they could have avoided with a bit more preparation.

Keep in mind, in order to make the best use of this resource, we recommend taking a practice exam as your final method of study in order to test your preparedness before diving into the actual exam. If you are curious about the types of questions typically on the certification exams, we have sample questions available for you to review.

So, what are you waiting for? A free resource to prepare you for a globally-recognized certification and make your resume stand out from the rest? That’s a no-brainer.

For more information about free SAS Certification Practice Exams, visit: https://www.sas.com/en_us/certification/resources/sas-practice-exams.html

*Based on data from 20,000 practice exams taken since 2020.

Access for success: SAS Certification practice exams now offered for free was published on SAS Users.

Configuring authentication for SAS Viya multi-tenancy: A 3-part series

 Administration, SAS administrators, SAS Viya, Tech  No Responses »
5月 052022
 

The SAS Viya LTS 2021.2 release supports application multi-tenancy. This 3-part series reviews how authentication can be configured.

SAS Viya 2021.2 OIDC with Multi-Tenancy

In this post, we look at configuring OpenID Connect (OIDC) authentication in a multi-tenant (M-T) environment. The SAS Viya configuration of OIDC authentication could be performed in the M-T provider and apply to all tenants or could be configured in one or more individual tenants and only apply to that tenant. For this post, we configure ODIC for the M-T provider and the marketing tenant.

The third-party OIDC Identity Provider, such as Azure Active Directory, has three key properties. These are:

  1. The Relying Party ID or Client ID – which is a unique name for the SAS Viya instance in the third-party OIDC Identity Provider.
  2. The Relying Party Secret or Client Secret – which is a shared secret between the SAS Viya instance and the third-party OIDC Identity Provider used to authenticate SAS Viya to the OIDC Identity Provider.
  3. One or more Redirect URIs – these are normally fully qualified URLs registered with the third-party OIDC Identity Provider. Only authentication requests coming from these registered URLs are valid.

SAS Viya 2021.2 SAML with Multi-Tenancy

In this post, we look at configuring SAML authentication in a multi-tenant (M-T) environment. There are two parts to the SAS Viya SAML configuration. The first part configures SAS Logon Manager as a SAML Service Provider and is configured with the settings under sas.logon.saml. The SAML Service Provider settings are configured only in the M-T provider.

The second part of the SAS Viya SAML configuration is the link to the third-party SAML Identity Provider, and is configured with the settings under sas.logon.saml.providers. The sas.logon.saml.providers settings can be configured for the M-T provider and apply to the provider and all tenants. Or the sas.logon.saml.providers settings can be configured for an individual tenant and apply to that tenant only.

For this post, we configure the sas.logon.saml settings in the M-T provider. Then we configure the sas.logon.saml.providers settings in both the M-T provider and the marketing tenant.

SAS Viya 2021.2.4 Bypass SAS Logon Manager

Prior to the SAS Viya 2021.2.4 release, SAS provided a sample patch transformer to update the SAS Logon Manager Ingress definition. This patch transformer used a server snippet annotation to insert a login_hint into requests. Adding the login_hint allowed customers using SAML or OpenID Connect to bypass SAS Logon Manager, meaning that end-users would automatically get redirected to the third-party SAML or OIDC Identity Provider (IdP). However, an issue with custom snippets was discovered, as documented in CVE-2021-25742. With SAS Viya 2021.2.4 the sample patch transformer has been removed and SAS is providing a configuration option to enable bypassing SAS Logon Manager. In this post, we discuss this updated approach for bypassing SAS Logon Manager.

Configuring authentication for SAS Viya multi-tenancy: A 3-part series was published on SAS Users.

A Novice Perspective on SAS Viya Deployment

 SAS administrators, SAS Viya, Tech, tips & techniques  No Responses »
12月 072021
 

This post is written in the hopes of easing the SAS Viya deployment process for novices like me. Firstly, deploying SAS Viya, like most enterprise software packages, isn't a skill we're innately born with. We're going to need a little help, some good documentation, and time to absorb the intricoes of the task.

There are many parts and pieces to standing up SAS Viya, depending on what you’re trying to accomplish and how you’d like to go about doing it. Know that the documentation and process can seem colossal and overwhelming, so take your time and don’t rush things. You got this.

Scope of the post

What this blog is and is not

This post will not walk you through the entirety of a deployment. Instead, it’ll point you to the right resources, guide you away from pitfalls, and show you how to accomplish certain tasks the documentation may not entirely cover. Many of these nuances were hard-earned lessons either by me or by people who have been kind enough to show me the way.

Please note the following

  • my experience is limited, and mostly pertains to AWS and Azure
  • the information is current at the time of this writing (December, 2021)

Please feel free to reach out to me if you have any suggestions, comments, or spot any mistakes. Many thanks!

Santa’s Workshop

Deploying SAS Viya is akin to creating toy trains in Santa’s workshop.

At its core, each toy train requires an engine, several cars, and a track. Likewise, each SAS Viya deployment requires a CAS engine that lives on a Kubernetes cluster together with several other servers (e.g., Compute, Connect, Stateful/Stateless), and storage.

Each toy train can be modified in numerous ways depending on the person’s preferences, whether it’s a steam locomotive or a bullet train. Or maybe it’s something more trivial, like merely the color of the train. Regardless of the need, Santa’s workshop contains a plethora of tools, materials, and plenty of knowledgeable elves who have different expertise and insights to customize the pipelines and trains.

Once again, each instance of SAS Viya can also be modified greatly depending on the customer’s needs. There are many hosts, flavors of servers, storage options, and common customizations. A SAS Viya deployment has its own kitchen sink full of tools, pipelines, and methods. And just like in Santa’s workshop, there are plenty of people who are experienced with deploying SAS Viya (and have specialties in different aspects of the deployment) who will assist if you run into issues.

Links Galore

There’s never a shortage of links required to complete deployments. I find myself with multiple windows filled with tabs (for referencing info) while I’m deploying so here’s a list of some I have found helpful.

      1. Setting up SAS Viya Monitoring for K8S
      2. Azure
      3. AWS
      4. GCP
      5. SAS Viya 4 Resource Guide

      Setting Up Your Environment

      There are several required tools for deployment. These include but are not necessarily limited to:

      • kubectl v1.19.9
      • kustomize 3.7.0
      • Docker

      Ensure your environment is set up precisely the way the docs recommend. For example, if you’re going the Terraform route from Viya4-IaC-AWS, you’re going to need this:

      • Terraform v1.0.0
      • kubectl v1.19.9
      • jq v1.6
      • AWS CLI v2.1.29

      The documentation is rather specific in terms of the required version, so please read carefully.

      Starting Off

      To start off, there are a few required readings to get a better understanding of SAS Viya architecture and requirements. Please review these webpages as often as you’d like to ensure understanding and avoid missing any steps.

      1. Getting Started portion of the Viya Operations documentation (linked previously).
      2. In the System Requirements section, please pay special attention to the “Kubernetes Client Machine Requirements” (under Virtual Infrastructure Requirements) to ensure you have the right tools and versions installed.
      3. When you’re done reading the above, it’s time to set up the IaC.

      Choose the corresponding link for “Help with Cluster Setup” (under Virtual Infrastructure Requirements) based on your cloud host of choice.

      IaC

      IaC stands for Infrastructure as Code. These are essentially scripts allowing you to build your cloud infrastructure and provision them through code instead of through the GUI. Several things to note here:

      1. I prefer cloning the IaC repo alongside the other folders, not within them so they’re better organized. It looks something like this:
        Viya4 <– Parent directory
        |– IaC
        |– Deploy
      2. Grab a sample .tfvars file under /examples and paste it into the root IaC directory. I recommend the “sample-input-minimal.tfvars” file if you’re just practicing.
        • Rename this file to “terraform.tfvars” (or preferred name, just be aware that the doc’s instructions assume that you have named it “terraform.tfvars”)
        • This file has several important values to keep in mind / input.
          1. This file contains the cluster configuration and details what all will be created
          2. “prefix” is essentially the name given to all your resources
          3. “default_public_access_cidrs” are CIDRs that you’d like to allow access to your cluster.
          4. “tags” you should include are {“resourceowner”=”your_Email”} (this is to ensure that people will be able to tell who owns the resource. Also, note that the preferred syntax is dependent on the cloud provider, please check the docs to be sure)
          5. “postgres_servers” should only be uncommented if you require an external db server (more expensive), if you don’t and you’re just practicing, leave it commented and it should create an internal one
      3. I highly recommend going the Docker route instead of Terraform (I have personally run into fewer problems through Docker, especially the tearing down process as compared to Terraform).
      4. It takes a while to create the cloud resources so have patience (takes about 15 mins at most).
      5. Once the resources exist, ensure you copy the [prefix]-eks-kubeconfig.conf file into your $(pwd) as well as your ~/.kube/config file if you’d like to keep it. The command to copy the conf file to your ~/.kube location is cp &lt;.conf file&gt; ~/.kube/config
      6. After you’re done with the above, make sure you run export KUBECONFIG=&lt;.conf file&gt;
      7. Test that your deployment is actually up: kubectl get nodes

      Post-IaC

      The next section covers additional SAS Viya requirements for the cluster after standing it up. There are a few things I’d recommend building after ensuring the deployment is up.

      • Ingress Controller 
        kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.44.0/deploy/static/provider/cloud/deploy.yaml
      • Cert Manager 
        kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.2.0/cert-manager.yaml
      • Helm/nfs-provisioner (this part is specifically for AWS)
        What’s happening here is that we’re getting the elastic load balancer URL from the ingress-nginx, the EFS ID, and installing the NFS server provisioner

        kubectl get service -n ingress-nginx
 
ELBURL=$(kubectl get svc -n ingress-nginx ingress-nginx-controller --output jsonpath='{.status.loadBalancer.ingress[0].hostname}')
echo $ELBURL
 
EFSFSID=$(aws efs describe-file-systems --region $AWS_DEFAULT_REGION --query "FileSystems[*].FileSystemId" --region $AWS_DEFAULT_REGION --output text)
echo $EFSFSID
 
helm repo add stable  --force-update
helm install stable/nfs-server-provisioner
 
kubectl get storageclass # to check if the NFS server is up
      • Create a namespace where your SAS Viya deployment lives in the cluster – kubectl create ns . It is critical to go through the System Requirements entirely to ensure you don’t miss any steps (Just be sure that you’re following the portions meant for your cloud host). Examples in the Hardware and Resource Requirements page:
        • Azure – There’s an “Additional PVC Requirements for Microsoft Azure”: a link for “Specify PersistentVolumeClaims to Use ReadWriteMany StorageClass” where you’re required to add a file in the /site-config directory and an additional portion under “transformers” in the kustomization.yaml file
        • AWS – Under “File System and Shared Storage Requirements” refer to the notes on installing a provisioner for the EBS volumes. (The instructions are in the code block above)

      Installation

      This section sets up the parameters and additional customizations to included in the $deploy folder. It falls specifically under the Deployment tab of the SAS Viya Operations documentation.
      After retrieving the required files (under the desired version!), the certificates, license, and all assets and untarring them, take a good look at the section named "Directory Structure" so you have an understanding your desired file structure.

      Under “Installation -> Initial kustomization.yaml file”, once you’ve created your kustomization.yaml file, there are a few things of note here to change:

      1. {{ NAME-OF-NAMESPACE }}
        • If you haven’t already created the namespace where SAS Viya will live, do so now (instructions above #4)
        • Once you have a namespace, replace the entire thing including the {{}} with the name you have chosen.
        • You can always check what namespaces your cluster has by running kubectl get ns
      2. {{ NAME-OF-INGRESS-HOST }} and {{ PORT }} (note that there are multiple references in the kustomization.yaml file)
        • Use kubectl get service -n ingress-nginx and use the external-ip of the output
        • port is 80

      There are plenty of instructions beneath the kustomization.yaml file example, be sure to read through them and follow their instructions thoroughly.

      Additionally, Configure TLS

    2. kustomize build -o site.yaml
kubectl apply --kubeconfig=kubeconfig-file --selector="sas.com/admin=cluster-wide" -f site.yaml
kubectl wait --kubeconfig=kubeconfig-file --for condition=established --timeout=60s -l "sas.com/
admin=cluster-wide" crd
kubectl apply --kubeconfig=kubeconfig-file --selector="sas.com/admin=cluster-local" -f site.yaml --prune
kubectl apply --kubeconfig=namespace-kubeconfig-file --selector="sas.com/admin=namespace" -f site.yaml --prune

OR
kustomize build . | kubectl apply -f -
(Note that this is the shortcut of building and piping the results to be applied in kubectl. It does not output a site.yaml file.)

There are a few false-positive errors that may appear during the process (the documentation outlines them pretty clearly).

Post-Deployment

You may run the readiness service to check for when your deployment is ready. Note that this process is lengthy and the fastest I’ve seen a deployment go up is about 15-20 mins. (Now’s a good time to go for a walk or get a cup of coffee).

I highly recommend using Lens to visualize the deployment process and to take a look at the pods and their logs (mini section below).

While all of these steps are possible in Lens, it’s good to know the commands required to inspect and manipulate pods.

kubectl get pods -n  # Take a look at all the pods, add a -W flag to watch them as they update
kubectl describe pod  -n  # To describe specific pods
kubectl logs  -n  # To see the logs of specific pods
kubectl delete pods  -grace-period=0 --force # To force deletion of pods, pods will automatically restart after being deleted.

Important pods to look at:

  • Logon
  • Consul
  • Cache

These pods are pre-requisites for many other pods to come up. If they’re stuck, go ahead and delete them to initiate a restart. This seems to work frequently.

If the pods look good, try going to this website: www.name-of-ingress-host:port/SASDrive. You should see a blue background and a SAS login screen.

Hooray! Now you just have to follow the Sign In as the sasboot User instructions and complete other post deployment tasks (Post-Installation Tasks, Validating the Deployment, etc.” that are pertinent to your use case.

Quick aside: Lens

K8s Lens is an incredibly useful IDE to visualize what is going on in your Kubernetes cluster.
Here are two quick screenshots to help you get situated when you’re looking at pods.

First, you need your .conf file to connect to your cluster. Upon entry, click on Workloads -> Pods to look at the pods. Also click on your namespace for all of the pods for the SAS Viya Deployment to show up.

There are times where you’ll see a yellow triangle with an exclamation mark. While this is technically a warning, it may be an indicator of an error your pod is suffering from. (If you see a HTTP 503 Readiness Probe error, it may just mean that the pod is starting up)

Click on the pod and the lines on the top right in order to see the logs for the chosen pod.

Conclusion

Hopefully this post was helpful for your start in deploying SAS Viya.

Please remember there’s a lot more to it than is covered here. Don’t be disheartened if this wasn’t particularly easy, it certainly wasn’t for me.
Know there are plenty of customizations as well as a constant stream of changes (updates, product related etc.), new methods, and places to deploy.
So there’s always plenty to learn.

Please feel free to reach out and let me know if you have any questions or suggestions for this post.

Acknowledgements

Many thanks to my colleagues Ali Aiello and Jacob Braswell for answering my incessant questions and helping me on this journey!

A Novice Perspective on SAS Viya Deployment was published on SAS Users.

A Novice Perspective on SAS Viya Deployment

 SAS administrators, SAS Viya, Tech, tips & techniques  No Responses »
12月 072021
 

This post is written in the hopes of easing the SAS Viya deployment process for novices like me. Firstly, deploying SAS Viya, like most enterprise software packages, isn't a skill we're innately born with. We're going to need a little help, some good documentation, and time to absorb the intricoes of the task.

There are many parts and pieces to standing up SAS Viya, depending on what you’re trying to accomplish and how you’d like to go about doing it. Know that the documentation and process can seem colossal and overwhelming, so take your time and don’t rush things. You got this.

Scope of the post

What this blog is and is not

This post will not walk you through the entirety of a deployment. Instead, it’ll point you to the right resources, guide you away from pitfalls, and show you how to accomplish certain tasks the documentation may not entirely cover. Many of these nuances were hard-earned lessons either by me or by people who have been kind enough to show me the way.

Please note the following

  • my experience is limited, and mostly pertains to AWS and Azure
  • the information is current at the time of this writing (December, 2021)

Please feel free to reach out to me if you have any suggestions, comments, or spot any mistakes. Many thanks!

Santa’s Workshop

Deploying SAS Viya is akin to creating toy trains in Santa’s workshop.

At its core, each toy train requires an engine, several cars, and a track. Likewise, each SAS Viya deployment requires a CAS engine that lives on a Kubernetes cluster together with several other servers (e.g., Compute, Connect, Stateful/Stateless), and storage.

Each toy train can be modified in numerous ways depending on the person’s preferences, whether it’s a steam locomotive or a bullet train. Or maybe it’s something more trivial, like merely the color of the train. Regardless of the need, Santa’s workshop contains a plethora of tools, materials, and plenty of knowledgeable elves who have different expertise and insights to customize the pipelines and trains.

Once again, each instance of SAS Viya can also be modified greatly depending on the customer’s needs. There are many hosts, flavors of servers, storage options, and common customizations. A SAS Viya deployment has its own kitchen sink full of tools, pipelines, and methods. And just like in Santa’s workshop, there are plenty of people who are experienced with deploying SAS Viya (and have specialties in different aspects of the deployment) who will assist if you run into issues.

Links Galore

There’s never a shortage of links required to complete deployments. I find myself with multiple windows filled with tabs (for referencing info) while I’m deploying so here’s a list of some I have found helpful.

      1. Setting up SAS Viya Monitoring for K8S
      2. Azure
      3. AWS
      4. GCP
      5. SAS Viya 4 Resource Guide

      Setting Up Your Environment

      There are several required tools for deployment. These include but are not necessarily limited to:

      • kubectl v1.19.9
      • kustomize 3.7.0
      • Docker

      Ensure your environment is set up precisely the way the docs recommend. For example, if you’re going the Terraform route from Viya4-IaC-AWS, you’re going to need this:

      • Terraform v1.0.0
      • kubectl v1.19.9
      • jq v1.6
      • AWS CLI v2.1.29

      The documentation is rather specific in terms of the required version, so please read carefully.

      Starting Off

      To start off, there are a few required readings to get a better understanding of SAS Viya architecture and requirements. Please review these webpages as often as you’d like to ensure understanding and avoid missing any steps.

      1. Getting Started portion of the Viya Operations documentation (linked previously).
      2. In the System Requirements section, please pay special attention to the “Kubernetes Client Machine Requirements” (under Virtual Infrastructure Requirements) to ensure you have the right tools and versions installed.
      3. When you’re done reading the above, it’s time to set up the IaC.

      Choose the corresponding link for “Help with Cluster Setup” (under Virtual Infrastructure Requirements) based on your cloud host of choice.

      IaC

      IaC stands for Infrastructure as Code. These are essentially scripts allowing you to build your cloud infrastructure and provision them through code instead of through the GUI. Several things to note here:

      1. I prefer cloning the IaC repo alongside the other folders, not within them so they’re better organized. It looks something like this:
        Viya4 <– Parent directory
        |– IaC
        |– Deploy
      2. Grab a sample .tfvars file under /examples and paste it into the root IaC directory. I recommend the “sample-input-minimal.tfvars” file if you’re just practicing.
        • Rename this file to “terraform.tfvars” (or preferred name, just be aware that the doc’s instructions assume that you have named it “terraform.tfvars”)
        • This file has several important values to keep in mind / input.
          1. This file contains the cluster configuration and details what all will be created
          2. “prefix” is essentially the name given to all your resources
          3. “default_public_access_cidrs” are CIDRs that you’d like to allow access to your cluster.
          4. “tags” you should include are {“resourceowner”=”your_Email”} (this is to ensure that people will be able to tell who owns the resource. Also, note that the preferred syntax is dependent on the cloud provider, please check the docs to be sure)
          5. “postgres_servers” should only be uncommented if you require an external db server (more expensive), if you don’t and you’re just practicing, leave it commented and it should create an internal one
      3. I highly recommend going the Docker route instead of Terraform (I have personally run into fewer problems through Docker, especially the tearing down process as compared to Terraform).
      4. It takes a while to create the cloud resources so have patience (takes about 15 mins at most).
      5. Once the resources exist, ensure you copy the [prefix]-eks-kubeconfig.conf file into your $(pwd) as well as your ~/.kube/config file if you’d like to keep it. The command to copy the conf file to your ~/.kube location is cp &lt;.conf file&gt; ~/.kube/config
      6. After you’re done with the above, make sure you run export KUBECONFIG=&lt;.conf file&gt;
      7. Test that your deployment is actually up: kubectl get nodes

      Post-IaC

      The next section covers additional SAS Viya requirements for the cluster after standing it up. There are a few things I’d recommend building after ensuring the deployment is up.

      • Ingress Controller 
        kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.44.0/deploy/static/provider/cloud/deploy.yaml
      • Cert Manager 
        kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.2.0/cert-manager.yaml
      • Helm/nfs-provisioner (this part is specifically for AWS)
        What’s happening here is that we’re getting the elastic load balancer URL from the ingress-nginx, the EFS ID, and installing the NFS server provisioner

        kubectl get service -n ingress-nginx
 
ELBURL=$(kubectl get svc -n ingress-nginx ingress-nginx-controller --output jsonpath='{.status.loadBalancer.ingress[0].hostname}')
echo $ELBURL
 
EFSFSID=$(aws efs describe-file-systems --region $AWS_DEFAULT_REGION --query "FileSystems[*].FileSystemId" --region $AWS_DEFAULT_REGION --output text)
echo $EFSFSID
 
helm repo add stable  --force-update
helm install stable/nfs-server-provisioner
 
kubectl get storageclass # to check if the NFS server is up
      • Create a namespace where your SAS Viya deployment lives in the cluster – kubectl create ns . It is critical to go through the System Requirements entirely to ensure you don’t miss any steps (Just be sure that you’re following the portions meant for your cloud host). Examples in the Hardware and Resource Requirements page:
        • Azure – There’s an “Additional PVC Requirements for Microsoft Azure”: a link for “Specify PersistentVolumeClaims to Use ReadWriteMany StorageClass” where you’re required to add a file in the /site-config directory and an additional portion under “transformers” in the kustomization.yaml file
        • AWS – Under “File System and Shared Storage Requirements” refer to the notes on installing a provisioner for the EBS volumes. (The instructions are in the code block above)

      Installation

      This section sets up the parameters and additional customizations to included in the $deploy folder. It falls specifically under the Deployment tab of the SAS Viya Operations documentation.
      After retrieving the required files (under the desired version!), the certificates, license, and all assets and untarring them, take a good look at the section named "Directory Structure" so you have an understanding your desired file structure.

      Under “Installation -> Initial kustomization.yaml file”, once you’ve created your kustomization.yaml file, there are a few things of note here to change:

      1. {{ NAME-OF-NAMESPACE }}
        • If you haven’t already created the namespace where SAS Viya will live, do so now (instructions above #4)
        • Once you have a namespace, replace the entire thing including the {{}} with the name you have chosen.
        • You can always check what namespaces your cluster has by running kubectl get ns
      2. {{ NAME-OF-INGRESS-HOST }} and {{ PORT }} (note that there are multiple references in the kustomization.yaml file)
        • Use kubectl get service -n ingress-nginx and use the external-ip of the output
        • port is 80

      There are plenty of instructions beneath the kustomization.yaml file example, be sure to read through them and follow their instructions thoroughly.

      Additionally, Configure TLS

    2. kustomize build -o site.yaml
kubectl apply --kubeconfig=kubeconfig-file --selector="sas.com/admin=cluster-wide" -f site.yaml
kubectl wait --kubeconfig=kubeconfig-file --for condition=established --timeout=60s -l "sas.com/
admin=cluster-wide" crd
kubectl apply --kubeconfig=kubeconfig-file --selector="sas.com/admin=cluster-local" -f site.yaml --prune
kubectl apply --kubeconfig=namespace-kubeconfig-file --selector="sas.com/admin=namespace" -f site.yaml --prune

OR
kustomize build . | kubectl apply -f -
(Note that this is the shortcut of building and piping the results to be applied in kubectl. It does not output a site.yaml file.)

There are a few false-positive errors that may appear during the process (the documentation outlines them pretty clearly).

Post-Deployment

You may run the readiness service to check for when your deployment is ready. Note that this process is lengthy and the fastest I’ve seen a deployment go up is about 15-20 mins. (Now’s a good time to go for a walk or get a cup of coffee).

I highly recommend using Lens to visualize the deployment process and to take a look at the pods and their logs (mini section below).

While all of these steps are possible in Lens, it’s good to know the commands required to inspect and manipulate pods.

kubectl get pods -n  # Take a look at all the pods, add a -W flag to watch them as they update
kubectl describe pod  -n  # To describe specific pods
kubectl logs  -n  # To see the logs of specific pods
kubectl delete pods  -grace-period=0 --force # To force deletion of pods, pods will automatically restart after being deleted.

Important pods to look at:

  • Logon
  • Consul
  • Cache

These pods are pre-requisites for many other pods to come up. If they’re stuck, go ahead and delete them to initiate a restart. This seems to work frequently.

If the pods look good, try going to this website: www.name-of-ingress-host:port/SASDrive. You should see a blue background and a SAS login screen.

Hooray! Now you just have to follow the Sign In as the sasboot User instructions and complete other post deployment tasks (Post-Installation Tasks, Validating the Deployment, etc.” that are pertinent to your use case.

Quick aside: Lens

K8s Lens is an incredibly useful IDE to visualize what is going on in your Kubernetes cluster.
Here are two quick screenshots to help you get situated when you’re looking at pods.

First, you need your .conf file to connect to your cluster. Upon entry, click on Workloads -> Pods to look at the pods. Also click on your namespace for all of the pods for the SAS Viya Deployment to show up.

There are times where you’ll see a yellow triangle with an exclamation mark. While this is technically a warning, it may be an indicator of an error your pod is suffering from. (If you see a HTTP 503 Readiness Probe error, it may just mean that the pod is starting up)

Click on the pod and the lines on the top right in order to see the logs for the chosen pod.

Conclusion

Hopefully this post was helpful for your start in deploying SAS Viya.

Please remember there’s a lot more to it than is covered here. Don’t be disheartened if this wasn’t particularly easy, it certainly wasn’t for me.
Know there are plenty of customizations as well as a constant stream of changes (updates, product related etc.), new methods, and places to deploy.
So there’s always plenty to learn.

Please feel free to reach out and let me know if you have any questions or suggestions for this post.

Acknowledgements

Many thanks to my colleagues Ali Aiello and Jacob Braswell for answering my incessant questions and helping me on this journey!

A Novice Perspective on SAS Viya Deployment was published on SAS Users.