SAS Visual Investigator 10.2 on the Cloud: Deployment Guide

SAS® Visual Investigator 10.2 on the Cloud: Deployment Guide

2

Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4Deployment Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4How SAS Visual Investigator Is Deployed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

System Requirements for SAS Visual Investigator . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5Cloud Platform Software Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5Virtual Machine Operating System and Software Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5Web Browser Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

Pre-installation Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7Enable Required Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7Complete Configuration Worksheet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

Installing SAS Visual Investigator on SAS Viya . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9Prepare the Installation Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9Prepare the Installation Environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11Install SAS Visual Investigator . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

Validating the Deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

Contact SAS Technical Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

Appendix A: Cloud Foundry Deployment Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24Cloud Foundry Deployment Data Using vSphere as the IaaS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24Cloud Foundry Deployment Data Using OpenStack as the IaaS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40

Appendix B: Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56BOSH . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56Cloud Foundry Run Time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59

3

Introduction

Deployment Architecture

This document describes the processes to deploy SAS Visual Investigator in a private cloud. Only the Cloud Foundry private cloud environment is currently supported for cloud deployments.

Instead of requiring Base SAS, SAS Visual Investigator uses the Cloud Analytic Services (CAS) run-time environment.

How SAS Visual Investigator Is Deployed

The installation and deployment of SAS Visual Investigator on Cloud Foundry uses a self-extracting installer to deliver the software into a directory on a physical server or virtual machine (VM). The installer creates a top-level directory named sas, which contains two subdirectories: the bin directory and the image directory. The bin directory consists of a single bash script named start. The image directory is a systemd-nspawn namespace container that is invoked by the start bash script and contains functionality that is used in SAS Visual Investigator deployment-related activities. It can be shut down and restarted whenever these functions are needed. In addition, the entire container, with any changes that are made, can be repackaged, archived, or moved to another server or VM as needed.

You must perform these tasks to deploy SAS Visual Investigator:

n Prepare the installation tools.

n Prepare the installation environment.

n Install SAS Visual Investigator.

4

System Requirements for SAS Visual Investigator

Cloud Platform Software Requirements

Cloud Foundry Requirements

n Cloud Foundry v230 through v246 on either OpenStack or vSphere

o OpenStack Mitaka version or later

o VMware vSphere ESXi 6.0 U2

n BOSH CLI 1.3262.26.0 or later

n cf CLI version 6.25.0+787326d.2017-02-28 or later

n Stemcell CentOS 7,x – 3309

n sas_java_buildpack 3.12

Other Required Software

The following third-party software is included with your SAS software:

n HashiCorp Consul – Included to enable service discovery and configuration.

n RabbitMQ – Included to provide an open-source, standards-based platform for SAS components and applications to send and receive messages.

n Elasticsearch – Included to provide search capability.

n Apache Geode – Used for session caching.

Supported Databases

The following database is supported for use by SAS Visual Investigator:

n PostgreSQL

Here are the supported data stores:

n PostgreSQL 9.4

n Oracle 12c

Virtual Machine Operating System and Software Requirements

The VM instance that is used to install SAS Visual Investigator has the following requirements:

n Red Hat Enterprise Linux or CentOS 7.2 must be installed.

n 20 GB free space must be available.

n The installation user must have sudo privileges.

n systemd-nspawn must be installed.

5

Web Browser Requirements

The desktop machine that is used to access the SAS Visual Investigator user interface requires one of the following web browsers:

n Google Chrome 48 and later versions

n Microsoft Internet Explorer 11

Note: Microsoft Edge is not supported.

Browsers on tablets and other mobile devices are not supported. SAS Environment Manager and CAS Server Monitor are not supported in this release of SAS Visual Investigator.

6

Pre-installation Tasks

Enable Required Ports

The following ports are used by SAS Visual Investigator and should be available before you begin to deploy your software. The same ports should also be available for any firewalls that are configured in the operating system or the network.

Process Required Port Notes

HTTPD 80 (internal)

443 (external)

default Erlang Port Mapper Daemon (epmd) port 4369

SAS Infrastructure Data Server 5430-5439 For a single server deployment with no failover, ports 5430-5432 must be opened. Additional standby nodes each get the next available port number sequentially up to 5439.

CAS Server Starting Port 5577 Used by clients to make binary connections to CAS.

CAS Communicator Port 5580

default SAS Messaging Broker AMQP client access port

5672

SAS Configuration Server 8500 SAS uses HashiCorp Consul as its configuration server.

Object Spawner 8591

CAS Server Monitor 8777 Used by clients to make REST HTTP calls to CAS, as with the Python REST interface.

Elasticsearch 9200

Default PgPool port 9432

default SAS Messaging Broker management web console port

15672

SAS/CONNECT Spawner 17551

SAS Cloud Analytic Services Server 19990-19999

default SAS Messaging Broker clustering port 25672

7

Process Required Port Notes

Apache Geode 40404

Complete Configuration Worksheet

To prepare for deployment, you must collect information about deployment via the key value pairs in the CF_Deployment_Questionnaire.xlsx spreadsheet. See http://support.sas.com/documentation/prod-p/visgator/index.html. Then, during installation, you must manually enter this information in a configuration file.

To complete and customize your deployment, specify the information by associating required and optional keys with the appropriate values.

Complete either the vSphere worksheet or the OpenStack worksheet, according to your environment.

n Specify a value under each Value column that is not already pre-populated.

n Do not specify any values for passwords. They are entered on-site.

n Blank lines have been inserted to improve readability and to show a separation between sections of the configuration file.

n JSON header lines are included to provide information about the section.

8

Installing SAS Visual Investigator on SAS Viya

Prepare the Installation Tools

Overview

Installing SAS Visual Investigator begins by downloading the binary installer file to a physical or virtual machine (VM) in the IaaS environment. The VM is used as the bastion or jump box for the installation and deployment.

The installation consists of the following tasks:

n Download the binary installer.

n Extract the files.

n Start the container.

n Sign on to the container.

Download the Binary Installer

Download the installer ZIP file that is included with the customer Software Order Email (SOE). For example, the file might look like visualinvestigator_10_2_xxx_lax.zip. Once the download is complete, the file must be unzipped. It looks similar to visualinvestigator_10_2_xxx_lax.bin.

After downloading the installer ZIP file visualinvestigator_10_2_xxx_lax.zip from the location in the SOE, copy the file to the home directory of the installer ID on the bastion box using the wget command. The wget command is used to access a local web server:

wget http://0.0.0.0/visualinvestigator__10_2__xxx__lax.zip

--2016-06-20 14:53:04-- http://10.120.16.120/visualinvestigator__10_2__xxx__lax.zipConnecting to 0.0.0.0:80... connected.HTTP request sent, awaiting response... 200 OKLength: 5508425807 (5.1G) [application/octet-stream]Saving to: 'visualinvestigator__10_2__xxx__lax.zip'

100%[=================================================>] 5,508,425,807 74.4MB/s in 1m 43s

2016-06-20 14:54:47 (50.8 MB/s) - 'visualinvestigator__10_2__xxx__lax.zip' saved [5508425807/5508425807]

Prepare the ZIP File

n Unzip the file visualinvestigator_10_2_xxx_lax.zip.

n Then, delete the ZIP file, visualinvestigator__10_2__xxx__lax.zip.

n Run the visualinvestigator__10_2__xxx__lax.bin file as follows:

bash visualinvestigator__10_2__xxx__lax.bin

Extract the File

Once the file is on the bastion box, to extract the binary file, run the following command:

9

bash visualinvestigator__10_2__xxx__lax.bin

Note: The binary installer deploys to the installing user’s home directory.

Start the Container

Run the start.sh script in the user’s home directory to start the container:

./sas/bin/start

Here are the displayed results:

Starting SAS Visual Investigator Deployment Container...Spawning container <instance>.<hostname>.unx.sas.com on /home/test/sas/image.Failed to create directory /home/test/sas/image//sys/fs/selinux: No such file or directoryFailed to create directory /home/test/sas/image//sys/fs/selinux: No such file or directory Press ^] three times within 1s to kill container.systemd 219 running in system mode. (+PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ -LZ4 -SECCOMP +BLKID +ELFUTILS +KMOD +IDN)Detected virtualization systemd-nspawn.Detected architecture x86-64.Welcome to CentOS Linux 7 (Core)!

Because the container attempts to alter the state of the host operating system, the following error message might be displayed. This message is expected and can be safely ignored:

Failed to create directory /home/test/sas/image//sys/fs/selinux: No such file or directoryFailed to create directory /home/test/sas/image//sys/fs/selinux: No such file or directory[FAILED] Failed to start LSB: Bring up/down networking. See 'systemctl status network.service' for details.

Sign On to the Container

Once the container is started, a login prompt is displayed:

CentOS Linux 7 (Core)Kernel 3.10.0-229.el7.x86_64 on an x86_64

sfr47066 login:

The prompt shows a host name with a randomly generated prefix and then the word login.

Enter your user ID and then enter your password to sign on to the container.

Last login: Wed Jun 15 12:41:34 on console

SAS 15:04:47 !1 [~]

After you sign on to the container, notice that the prompt now includes the string, SAS, followed by a timestamp. For convenience, the shell is set to the Z shell (zsh) , which provides the standard shell for SAS Visual Investigator deployments.

Note: Do not change shells. Any other shell might produce unexpected results.

The window of your X terminal emulator displays the title Container. The title is a reminder that your work environment is within the container and that you are no longer working within the host file system.

Overview of Help

Basic help:

sas help

10

Provides information about the Help system itself and explains how to use the Help system.

Package level How-to Guides:

sas help -p

Provides detailed instructions on how to use the package. In this case, instructions are provided on deploying SAS Visual Investigator.

Component level help. sas help -c <component>

Example: sas help -c deploy

Commands in this section are used in the deployment and monitoring of services and applications into a Cloud Foundry environment.

The Help system then repeats the same information displayed when using the command sas help sas.

To show product information, run the following command: sas show info

Product Name : SAS Visual Investigator Version: : 10.1.216 Build Date: : 20160916.1051

Note: Additional information is displayed after running sas conf use <configuration>.

Prepare the Installation Environment

Overview

Before you can deploy SAS Visual Investigator, follow these pre-deployment steps:

n Collect information about the environment.

n Set, edit, and save the configuration file.

n Authenticate the sas user to Cloud Foundry and BOSH.

n Upload BOSH stemcells.

n Upload buildpacks.

n Upload releases.

n Generate files from configuration data for deployment.

The information in the Microsoft Excel spreadsheet CF_Deployment_Questionnaire.xlsx needs to be collected. See http://support.sas.com/documentation/prod-p/visgator/index.html. Then, during installation, you must manually enter this information in a configuration file.

Once the information is collected, enter the following command to list the available SAS Visual Investigator configuration files.

sas conf list

Here are the results:

The following configurations are available:

template_openstack template_vsphere

To use a configuration, use the command:

sas conf use <configurationName>

11

Current configuration: unset

Set the Configuration File

1 Select the template file (vSphere or OpenStack) that corresponds with the underlying IaaS for your Cloud Foundry installation and run the following command:

sas conf use template_xxxxx

where xxxxx is either vsphere or openstack.

Here is an example of the output:

Now using configuration: template_xxxxx

2 Save the template configuration file with a new configuration filename that is meaningful in your environment. The configuration file test is used in this example.

sas conf save test

This produces the following output:

Saved configuration file: test

3 Set the new configuration file as the active configuration file for the framework to use.

sas conf use test


Now using configuration: test

Edit the Configuration File

Once the template is ready to use, edit the configuration file and enter the information from the spreadsheet. See http://support.sas.com/documentation/prod-p/visgator/index.html. Then, during installation, you must manually enter this information in a configuration file.

Note: SAS has configured the vim utility to check JSON syntax for this purpose. You cannot exit the utility if the file contains invalid JSON syntax.

Here is an example of the configuration file before editing:

12

After you enter the information into the table from Appendix A or the spreadsheet, copy your entries into the configuration file.

1 Copy your entries into the configuration file and ensure that your entries do not contain Rich Text markup. It must contain only ASCII 7 data. Every entry in Appendix A or the spreadsheet corresponds to an entry in the configuration file.

2 Save the configuration file.

Here is an example of the configuration file after editing:

13

Note: The location of this configuration file that is in use is a temporary location and can easily be overwritten by another configuration file. SAS recommends that you save the configuration file that has been edited.

Save the Configuration File

To save the changes that you have made to a permanent location, run the following command:

sas conf save test


Saved configuration file: test

This command does not change the active configuration file. Instead, it saves a copy of it to a saved configuration directory. You can see your configuration name now by running the command:

sas conf list


The following configurations are available:

14

test template_openstack template_vsphere

To use a configuration, use the command:

sas conf use <configurationName>

Current configuration: test

Authenticate to Cloud Foundry and BOSH

Now that you have entered the information about your Cloud Foundry installation and the servers to be created, you need to connect to Cloud Foundry. This step is required even if the host bastion box is signed on to Cloud Foundry and BOSH. This step is also required whenever you change your configuration to a new configuration that has different authentication details.

To authenticate, run the command:

sas cf auth


Authentication for user: sasCurrent target is https://0.0.0.0:25555 (ocfdir)

API endpoint: https://api.sas.sas.sas.com (API version: 2.48.0)User: testOrg: testSpace: test

If authentication is successful, then you know that the data that you entered for the Cloud Foundry and BOSH environments is correct. If authentication is not successful, refer to the data that you entered for the directory and run-time sections of the configuration file. Correct them for your installation and try again.

CAUTION! Do not attempt to proceed beyond this point if you do not have a working connection to both BOSH and Cloud Foundry.

Upload the Buildpacks

Deploying SAS Visual Investigator applications uses Cloud Foundry buildpacks.

To ensure that compatible buildpacks are being used, run the following command:

sas deploy buildpacks


sas deploy buildpacksDeploying buildpack sas_java_buildpack...OKDeploying buildpack sas_java_buildpack...Done uploading OK

This command uploads offline buildpacks into your Cloud Foundry environment.

Upload the BOSH Stemcells

Once connectivity is established to the BOSH environment, you must upload the required stemcells for the creation of virtual machines (VMs). This is done in the IaaS using the BOSH Cloud Provider Interface (CPI).

15

1 Check to see whether the required stemcells are already installed. Run the following command:

bosh stemcells

If the output contains the following information, the correct stemcell is already installed. You can skip the remainder of this section.

Name="bosh-openstack-kvm-centos-7-go_agent" Version="3309"

2 If the bosh-openstack-kvm-centos-7-go_agent stemcell is not installed, run the following command:

sas bosh upload stemcells

Two stemcells are delivered: one each for OpenStack and vSphere.

3 To ensure that the correct stemcells are loaded, even if there are existing stemcells, run the following command:

sas bosch upload stemcells

If the correct stemcells are already installed, you receive a warning message stating that the correct version already exists. You can safely ignore this message and continue with the upload.

Upload the BOSH Releases

Now you need to upload the included BOSH releases to the BOSH blob storage so that they are available to BOSH when it is time to deploy the services.

To upload the BOSH releases, run the following command:

sas deploy releases

The following release packages are delivered, one for each of the stateful services.

n Cloud Analytic Server (CAS)

n Elasticsearch 2.3.3

n PostgreSQL 9.4

n Consul

n RabbitMQ

n PGPool

n Apache Geode

Create the Files for Deployment

Once the stemcells, buildpacks, and releases are in place, you must create files that are used in deploying SAS Visual Investigator services and apps.

This step should be performed each time there is a change in the active configuration file. If these files have already been generated, then remove them from the container first by running the following commands:

cdrm -rf *

The configuration file provides the values to be substituted into the template files that are part of the framework.

To create the file system and files, run the following command:

sas deploy files

16

As the command runs, it copies the JAR files that are deployed into Cloud Foundry. Then it performs the token substitution on the various files that are required for deploying the solution.

When file system creation is complete, token substitution is checked to determine whether there are any unresolved tokens. If tokenization is successful, the message All tokens successfully resolved is displayed. If tokenization is incomplete and an error message is shown, the configuration file is incomplete and needs to be edited again.

Note: Be sure to remove the files that were generated before running the command sas deploy files again.

Preparing to Examine the Files

Examination of the BOSH and Cloud Foundry manifest files is required in order to verify that the information in the files is correct. You must have knowledge about the Cloud Foundry environment and the vim utility.

Note: Do not change the information in the manifest files manually because the data comes from the configuration file. Any changes should be made to the configuration file. The contents of the home directory should then be deleted, and the command to deploy files should be rerun to create a new set of manifest files.

Examine the Files Related to BOSH

The manifest files that deploy stateful services into the BOSH managed environment are located in the /home/sas/services directory in the container.

To examine the manifest files:

1 Change to the /home/sas/services directory.

2 Run the following command to display the vim editor: vi */man*.yml. This displays the vim editor in the window, with the first file in the vim buffer. Use the vim :n command to edit the next file match. Use the :rew command to rewind to the beginning if you want to review all files again.

Note: It is acceptable to change the configurable entries in the jobs section of the manifest.yml file, which is in the Postgres directory under the services directory. They are intended to be managed outside the framework

When examining the manifest files, check the following items:

n director_uuid – make sure this matches what was entered in the configuration file.

n Make sure that all entries in the networks section of the file are correct.

n Validate that the IP address is the correct one entered for each server. Look under jobs and then static_ips.

Once you have examined the BOSH manifest files, examine the script files in the services directory. To examine the script files:

1 Change to the /home/sas/services directory.

2 Run the following command to display the vim editor: vi */*.sh. This displays the vim editor in the window.

The most important script in this group is the post_deploy_consul.sh script. In this file, check for empty values ("") and determine whether an empty value is reasonable. Some expected empty values include the archive.storage.local.destination property and in the Folder loop at the bottom of the file. A property with an empty value might indicate that a JSON property in the configuration file was not filled in. If you discover any entries like this, return to the configuration file and make sure that all required entries are filled in. Then delete the contents of the home directory and re-create the files.

Note: The following service_tag parameters are blank for all environments: elasticsearch/deploy.sh service_tags, postgres/deploy.sh service_tags, and rabbitmq/deploy.sh service_tags. This is standard and can be ignored.

17

Note:

If you are using OpenStack, the static_ips addresses in the cas-worker.yml and manifest-data.yml files are blank. This is standard for OpenStack and can be ignored.

Examine the Files Related to Cloud Foundry

Manifest files that deploy stateless applications and microservices into the Cloud Foundry run-time environment are located in the /home/sas/apps directory in the container.

To examine the manifest files:

1 Change to the /home/sas/apps directory.

2 Run the following command to display the vim editor:

vi */man*.yml

In these files, check for empty values ("" ) and determine whether an empty value is reasonable. This might indicate that a JSON property in the configuration file was not filled in. If you discover any entries like this, return to the configuration file and make sure that all required entries are filled in. Then delete the directories under the /home/sas directory and re-create the files.

Using Logs

Log data for applications and microservices is provided through the Cloud Foundry Loggregator system. Using a Cloud Foundry firehose and nozzle to collect log data and redirect it to a logging server is the standard means of providing access to application logs. The rsyslog log has been added to the services deployed in Cloud Foundry BOSH. This information can be routed to any rsyslog server over TCP. This method is compatible with any of the various log store and display applications.

Install SAS Visual Investigator

Overview

Deployment of SAS Visual Investigator consists of the following:

n deploying services to BOSH

n deploying stateless applications and microservices

Deploy Services to BOSH

To deploy the stateful services to BOSH, run the following command:

sas deploy services

When deployments are complete, test the applications to ensure that the deployment is working as expected. For more information, see Validating the Deployment on page 21.

CAUTION! Do not attempt to proceed to the next steps if you see any errors during the deployment of the stateful services. If you see errors, see Appendix B: Troubleshooting on page 56.

Deploy Stateless Applications and Microservices

To deploy the stateless applications and microservices, run the following command:

sas deploy apps

18

This is similar to the command that deploys the stateful services. The sas deploy apps command runs the deploy.sh script in the /home/sas/apps directory. This script executes each of the deploy.sh scripts in the subdirectories under the apps directory. These scripts deploy application JAR files into the Cloud Foundry run-time environment.

When the deployments are complete, run the following command to display the status of the full deployment:

sas show status

Note: The preceding command combines three different commands — bosh deployments, cf apps, and cf routes — to display information that describes the current environment.

Also, use the following command to display information about the applications that are deployed.

sas show info

It also displays the URLs that enable you to connect to the application interfaces, and it displays information about the environment. All of the information displayed comes from the configuration file and is formatted for readability.

Here is typical output:

SAS Visual Investigator: Info

Product Name : SAS Visual Investigator Version: : 10.1.nnn Build Date: : Day Mon YY HH:MM:ss EDT 2016

Configuration JSON Configuration : test Org : test Space : test Host : test

URLs SAS Visual Investigator : http://test.runtime.env.comp.com/SASVisualInvestigator

Consul : http://10.10.10.01:8500 RabbitMQ : http://10.10.10.02:15672

IP Addresses CAS Controller : 10.10.10.03 CAS Worker : 10.10.10.09 10.10.10.10 Consul : 10.10.10.04 Elastic Search : Master Nodes : 10.10.10.05 Client Nodes : 10.10.10.06 Data Nodes : 10.10.10.11 10.10.10.12 PostgreSQL : 10.10.10.07 RabbitMQ : 10.10.10.08

Another way to quickly display the status of a stateful service or application is to use the following command:

sas show details


Service Status

pass cas-controller (Success)pass [email protected] (Success)

19

pass [email protected] (Success)pass consul_container (Agent alive and reachable)pass elasticsearch (TCP connect 10.10.10.05:9200: Success. ElasticSearch cluster green.)pass postgres (Success)pass rabbitmq (Success)

App Status

pass audit (UP)pass authorization (UP)pass casManagement (UP)pass datahub (UP)pass entityResolution (UP)pass feature (UP)pass files (UP)pass identities (UP)pass networkAnalytics (UP)pass SASLogon (UP)pass SASVisualInvestigator (UP)pass svi-ai (UP)warn svi-alert (DOWN)pass svi-core (UP)pass svi-sand (UP)pass svi-transport (UP)

20

Validating the Deployment

Overview

This section provides instructions for validating the stateful services that are delivered with SAS Visual Investigator.

Elasticsearch

To validate the installation of the Elasticsearch cluster, run the following command:

curl -XGET 'http:// Elasticsearch-IP-address:9200/_cluster/health?pretty=true'


{ "cluster_name" : "testcluster", "status" : "green", "timed_out" : false, "number_of_nodes" : 2, "number_of_data_nodes" : 3, "active_primary_shards" : 5, "active_shards" : 10, "relocating_shards" : 0, "initializing_shards" : 0, "unassigned_shards" : 0, "delayed_unassigned_shards": 0, "number_of_pending_tasks" : 0, "number_of_in_flight_fetch": 0, "task_max_waiting_in_queue_millis": 0, "active_shards_percent_as_number": 100}

The green status value indicates that the cluster’s overall operation is good. For additional information about Elasticsearch cluster health, see https://www.elastic.co/guide/en/elasticsearch/reference/current/cluster-health.html.

For additional Elasticsearch information, see https://www.elastic.co/products/elasticsearch.

Consul

To validate the installation of Consul:

1 Open a web browser and go to the URL for Consul.

2 To determine the correct URL for Consul, run the following command:

sas show info

SAS Visual Investigator: Info

Product Name : SAS Visual Investigator Version: : 10.0.2 Build Date: : Wed Jun 22 17:48:41 EDT 2016

21

https://www.elastic.co/guide/en/elasticsearch/reference/current/cluster-health.html

https://www.elastic.co/guide/en/elasticsearch/reference/current/cluster-health.html

Configuration JSON Configuration : test Org : test Space : test Host : test

URLs SAS Visual Investigator : http://test.sas.sas.sas.com/SASVisualInvestigator

Consul : http://10.10.10.85:8500 RabbitMQ : http://10.10.10.96:15672

IP Addresses CAS Controller : 10.10.10.80 CAS Worker : 10.10.10.81 10.10.10.82 10.10.10.83 10.10.10.84 Consul : 10.10.10.85 Elastic Search : Master Nodes : 10.10.10.86 10.10.10.87 10.10.10.88 Client Nodes : 10.10.10.89 10.10.10.90 Data Nodes : 10.10.10.91 10.10.10.92 10.10.10.93 10.10.10.94 PostgreSQL : 10.10.10.95 RabbitMQ : 10.10.10.96

From the preceding output, select the URL for Consul. In this example, the URL is http://10.10.10.85:8500.

RabbitMQ

To validate the installation of RabbitMQ:

1 Open a web browser and go to the URL for RabbitMQ.

2 To determine the correct URL for RabbitMQ, run the sas show info command.

From the previous example, the correct URL would be http://10.10.10.96:15672.

PostgreSQL

The simplest way to validate the installation of the PostgreSQL server is to connect to a remote database. To determine the IP address of the PostgreSQL server, run the sas show info command. From the previous example, the IP address would be 10.10.10.95. Then run the following command to validate the PostgreSQL server:

psql -h 10.10.10.95 -U dbmsowner postgresPassword for user dbmsowner:psql (9.2.15, server 9.4.4)WARNING: psql version 9.2, server version 9.4. Some psql features might not work.Type "help" for help.

postgres=#

To exit, specify \q and then press the Enter key.

22

Contact SAS Technical Support

Technical support is available to all customers who license SAS software. However, we encourage you to engage your designated on-site SAS support personnel as your first support contact. If your on-site SAS support personnel cannot resolve your issue, have them contact SAS Technical Support to report your problem.

Before you call, explore the SAS Support website at support.sas.com/techsup/. This site offers access to the SAS Knowledge Base, as well as SAS communities, Technical Support contact options, and other support materials that might answer your questions.

When you contact SAS Technical Support, you are required to provide information, such as your SAS site number, company name, email address, and phone number, that identifies you as a licensed SAS software customer.

23

http://support.sas.com/techsup/

Appendix A: Cloud Foundry Deployment Information

Cloud Foundry Deployment Data Using vSphere as the IaaS

SYNTAX CONVENTIONS#==========================================================================

Syntax Description

" " A quoted string of the indicated type.

[ ] An array of comma-separated values of the indicated type.

<name> All occurrences of <name> can be replaced with the same replacement value.

*<size>* All occurrences of *<size>* can be replaced with a similar value or a larger value. The exact size depends on how the resource is used.

For a size value in the following configuration table, ensure that the value for your instance_type definition is not less than the values that is used for CPU, disk, or RAM as follows:

Size Property*<small>*

*<medium>*

*<large>*

*<xlarge>*

*<2xlarge>*

Specify the Default Size or a Large Size, as Appropriate2 vCPUs, 20 GB disk, 2 GB RAM

4 vCPUs, 40 GB disk, 4 GB RAM




# A 'property' is a simple key-value pair.

# A 'section' is either an array or a dictionary that can have many values.

#

# All properties and sections below must be populated with data unless marked with one of the following indicators:

n ## Optional - This property or section can remain with no value or can be entirely removed.n ## ReadOnly - Do not change any property or section that has this mark.n ## ReadOnlyKey - Do not change the property key, but you can change the value.

The Value column does not list a default value in some instances. This is intentional so the user can provide customized values.

Key Value Description

BOSH Director

24


directors The BOSH Director section of the JSON configuration file provides information for accessing the BOSH directors.

<directorName> The director Name that is displayed by the bosh status command and that is listed as Name.

username The BOSH user name that is used for BOSH director authentication.

username The BOSH user name that is used for BOSH director authentication.

password The password for the user that connects to the BOSH director.

certificate_path The certificate for the user that connects to the BOSH director.

privateip The IP address of the BOSH Director that is displayed by the bosh status command and that is under the URL.

uuid The UUID of the BOSH director that is displayed by the bosh status command and that is listed as uuid.

vm_network_name The vSphere network name under which the BOSH instances are created.

bosh_domain_name The domain name of the BOSH director that is displayed by the bosh status command and that is listed as DNS.

dnsserver[ ] The array of quoted IP addresses that identify the DNS locations for the BOSH director. Example: ["1.2.3.4", "2.3.4.5"].

gateway The IP address of the Gateway server of the BOSH Director.

cidr_network The CIDR range of the network. Example: "10.20.30.0/24".

reserved_network The reserved IP address range that is not used for creating the BOSH instances. The format of each array entry is a quoted string that consists of a hyphen-separated IP address range. Example: ["10.20.30.2 - 10.20.30.127", "10.90.80.2 - 10.90.80.63"].

static_network The static IP address range that is used for creating the BOSH instances. The format of each array entry is a quoted string that consists of a hyphen-separated IP address range. Example: ["10.20.30.128 - 10.20.30.254", "10.90.80.64 - 10.90.80.127"].

Cloud Foundry Run-Time Environment

25


runtimes The Cloud Foundry Run-Time Environment section of the JSON configuration file provides information for accessing the Cloud Foundry run-time environment.

<runtimeName> The name of the run-time environment that is displayed by the bosh deployments command and that is listed as Name.

url The URL of the Cloud Foundry run-time environment that is displayed by the cf api command.

username The Cloud Foundry run-time environment admin user name that is used for authentication. This user must have admin privileges in order to create domains and routes.

password The password for the user connection to the Cloud Foundry run-time environment.

options --skip-ssl-validation The command-line options for the Cloud Foundry run-time environment connection.

Solution Deployment

deployments The Solution Deployment section of the JSON file contains solution deployment details.

sas This section provides information about the user ID that is used for solution deployment.

password The password for the user of the solution deployment. Do not provide a password in this file. It is entered on-site.

iaas vsphere The Infrastructure as a Service (IaaS) name for vSphere.

runtime <runtimeName> The name of the Cloud Foundry run-time environment that is defined in the Cloud Foundry Run-Time Environment section.

director <directorName> The name of the Cloud Foundry BOSH director that is defined in the directors section.

The following three properties specify the top-level domain (TLD) that is a Cloud Foundry Shared or Private domain.

Note: All three of these properties must resolve to the Cloud Foundry HAProxy.

cf_nontls_domain This is the internal non-TLS domain that resolves directly to the Cloud Foundry HAProxy.

front_tls_domain If TLS front-end reverse proxying or load balancing is added by the customer, then it is necessary to specify the front-end TLS domain name. If used, this top-level domain can indirectly resolve to the Cloud Foundry HAProxy.

26


front_nontls_domain If non-TLS front-end reverse proxying or load balancing is added by the customer, then it is necessary to specify the front-end non-TLS domain name. If used, this top-level domain can indirectly resolve to the Cloud Foundry HAProxy.

label This property identifies a unique deployment. The use of “label” in this context refers to a word or set of characters that is placed before the top level domain name (non-TLS Domain name). This name immediately precedes the top-level domain property following in Logging Properties > Domain cell. This name can be used to identify the deployment purpose, the function, or the intended audience of the deployment. It can also be a name that has no obvious meaning. From a deployment perspective, this name is needed to uniquely construct URLs that access a specific deployment.

org The name of the Cloud Foundry organization that is the target of the deployment.

space The name of the Cloud Foundry space that is the target of the deployment.

LDAP Server

ldap The LDAP Server section of the JSON file provides information about the defined LDAP AD connection.

type The string must match either ActiveDirectory or OpenLDAP.

base This section provides base OU information for the LDAP AD (Active Directory) connection.

host The LDAP server host name.

password The credentials for the user ID of the solution installation that connects to the LDAP/AD server. The credentials are entered on-site. Do not enter passwords in this file, they will be entered on-site. <Password terminology>.

port The port that is defined to connect to the LDAP server. If a global port is used to connect to the LDAP server, then port 3268 is required. If a non-global port is used to connect to the LDAP server, then port 389 is required.

userDN The LDAP user DN value that is used for the general search account. The DN value can be in the form: "CN=, OU=, OU=, DC=, DC=, DC=". Note that each site is different.

LDAP Group Information

group The LDAP Group Information section of the JSON file specifies group information for the LDAP/AD connection.

27


baseDN The LDAP base DN in the form OU=Groups,DC=xxx,DC=yyy,DC=com.

searchFilter The optional LDAP search filter that is used for searches on the LDAP server. Example: sAMAccountName={0}.

LDAP Connection

user The LDAP Connection section of the JSON file specifies user information for the LDAP/AD connection.

baseDN The LDAP base DN is in the form DC=xxx,DC=yyy.

searchFilter The optional LDAP search filter that is used for searches on the LDAP server. Example: sAMAccountName={0}.

Internal SAS

profile The Internal SAS section of the JSON file is internal to SAS.

file ldap/ldap-search-and-bind.xml Use the provided information that is required internal to SAS microservice.

Connection Properties

property The Connection Properties section of the JSON file specifies any special properties that are required for connection to the LDAP/AD server.

<property name> "config/application/ldap/user/customFilter": ""

Define the custom Consul properties for LDAP. At the present time, the only supported property is the customFilter property that is listed. This property can be entirely omitted if no custom Consul properties are needed for LDAP. If this property is used, then the key must match config/application/ldap/user/customFilter: " ". Example: "(&(!(objectClass=computer))(!(userAccountControl:1.2.840.113556.1.4.803:=2)))."

Tenancy

tenancy The Tenancy section is for information that is required for managing tenancy through the LDAP/AD server.

userRdn Example "ou=people".

Consul Scripts

oauth The Consul Scripts section of the JSON file is used by scripts that load data into Consul.

adminSecret The password is used to obtain an access token from SASLogon for client registration. Do not provide a password in this file. It is entered on-site.

Logging Properties

28


log_server The Logging Properties section of the JSON file defines logging properties that are used by services that send log data output to a remote rsyslog server via TCP. To enable logging support for apps, a nozzle must be created that logs output to a remote rsyslog server. A nozzle is a component that listens for specified events and metrics and streams this data to external services. Refer to the Cloud Foundry Loggregator documentation for details about nozzles. Cloud Foundry nozzle and the rsyslog server must exist prior to the deployment. This functionality is not included with this deployment code.

host The fully qualified domain name (FDQN) or the IP address of the rsyslog server in the format: <host>.<top-level-domain>. Example: rsysloghost.mycompany.com 10.20.30.40.

port 5000 The TCP port number of the rsyslog server. Example: 5000. Change the value, as appropriate.

domain This is the top-level domain name of the rsyslog server. This is only <top-level-domain>, not <host>.<top-level-domain>. Example: mycompany.com.

Fallback Logging

log_dir /log This section of the JSON file is used to define logging. If the log_server section for logging is not used, a default logging mechanism is available for apps only. This property defines the base directory to which logs are written. The directory must exist if this type of logging is used. If this directory does not exist, then logging is not enabled. If the directory exists, then subdirectories in the form of <organization>/<space>/<deployment> are automatically created, and log files are placed in that directory.

For supporting apps only, the default logging mechanism uses cf logs to obtain data. Note that the default logging mechanism does not apply to services. Also note that the pathname /log is an example. Change the pathname, as appropriate. You might use a mount point to an NFS location. Be sure to add the mount point to /etc/fstab so that subsequent sessions perform automatic mounting.

SAS recommends that you use the log_server approach since this provides the best results. Doing so allows the user to see the logs from their services as well as the applications. This approach is more CPU-intensive and does not produce logging data for all deployment components. Use the "log_dir" approach for simple logging with the restrictions mentioned above.

log_timeout 15m If logging is performed using log_dir, then terminate logging after this time-out value. If the value is "0", then logging will not time out. If this value is omitted, then a default time-out is used. The value is an integer immediately followed by either 's' for seconds, 'm' for minutes, 'h' for hours, or 'd' for days.

BOSH Services

29


service The BOSH Services section of the JSON file contains information about Bosh services.

default The default values are examples only. They provide a starting point for all of the same items in a section. This allows the software to have a standard set of basic items that can be overridden by the user if required for all items of the same type. Consult with your BOSH administrator for values that are appropriate for your deployment. The default values are used across all BOSH services. A service that does not define the properties that are specified in the default section use these properties.

schema v1 Use this setting to specify the BOSH manifest schema version allowed options are v1 and v2.

Cloud Config

cloud_config The next two properties are specific to BOSH manifests using the v2 schema.

vm_type Select the cloud-config name that specifies the VM size configuration that will be used in your BOSH v2 manifests.

Example: "default"

network_name Select the cloud-config name that specifies the network properties that will be used in your BOSH v2 manifests.

Example: "bosh_services_network"

canaries 1 The number of test VMs that are created before the creation of actual VMs for use. BOSH attempts to upgrade a small number of VMs (usually 1) in a batch. This first batch is called the canary. If the upgrade is successful, the remaining servers are created or upgraded, as appropriate.

max_errors 1 The maximum number of compilation errors to be tolerated before a deployment fails. The recommended value is 1.

max_in_flight 4 The maximum number of non-canary instances to create or update in parallel. This is the default number of instances to be created. The number can be modified later, as necessary.

nfs_mounts [ ] A comma-separated array of NFS mount descriptors. Each descriptor is in the form: <hostname>:<mount-directory-from-host>:<mount-directory-in-container>. NOTE: A single mount point for the SAS license file is required. The final entry /local/directory in the nfs_mount value must be /opt/cas/license. This value is required in order for CAS to locate the SAS license file. Example 1: "my.host.com:/remote/directory:/opt/cas/license,other.host.com:/dir:/opt/cas/license". Example2: "my.host.com:/remote/directory:/opt/cas/license,other.host.com:/dir:/opt/cas/license"

30


watch_time 30000-1800000 The default watch_time value ranges from 30000 - 1800000.

compilation This section relates to the compilation phase of job deployment on a VM that is being created. The sizes used in this section should be no smaller than *<2xlarge> (8 vCPUs, 40GB disk, 16GB RAM)* settings.

workers 2 The number of workers that are specified in the deployment configuration determines how many VMs can be created at once for compiling.

reuse_vms TRUE BOSH creates a new compilation VM for each new package compilation and destroys the VM when compilation is complete. If the value is TRUE, then compilation VMs are reused when compiling packages. The value, TRUE, is recommended.

CPU 2 The number of vCPUs to be assigned to the compilation VM. As a default for the compilation VM, use a 2xlarge-sized VM. The number of vCPUs in the instance_type definition might be smaller than the 8 vCPUs used for the 2xlarge value.

disk 40960 The size of the disk of the VM to be created for compilation.

ram 16384 The amount of RAM to be assigned to the VM for compilation.

Resource Pool

resource_pools A collection of VMs that are created from the same stemcell, with the same configuration, in a deployment.

CPU 2 The number of vCPUs to be assigned to the Resource Pool. As a default for the VM to be instantiated, use a large-sized (4 vCPUs, 40GB disk, 8GB RAM) VM. The number of vCPUs in the instance_type definition might be smaller than the 4 vCPUs used in the "large" value.

disk 40960 The size of the disk of the VM to be created for the Resource Pool.

ram 8192 The amount of RAM to be assigned to the VM for the Resource Pool.

Jobs

jobs The Jobs block defines how BOSH associates jobs with the VMs started by the IaaS. If the service requires more disk space than is shown below, be sure to create an override in the specific section to allocate more disk space.

31


persistent_disk 20480 The specification of the persistent disk size. BOSH creates a persistent disk of the specified size in megabytes and attaches the disk to each job instance VM. The default for SAS is 20GB. Change the value according to your available or required resources.

High- Availability Support When HA support is enabled, the following configuration sections are used for the deployment:

Consul: "consul_ha"

PostgreSQL: "postgres_ha"

RabbitMQ: "rabbitmq_ha"

Geode: "geode"

ha Enable HA support.

enabled Enable or disable HA support. The default is "false", which indicates that HA is disabled.

SAS in-Memory Server

cas_controller The SAS in-Memory Server section of the JSON file specifies the license controller node information.

uses_workers FALSE This property turns off the ability of the license server to use worker nodes. This is the default for this server.

super-user This is the CAS user that can administer all CAS sessions.

ip The IP address to be used for the controller node.

port 5577 The port to be used for the controller node. The required port is 5577.

service_name license This is the prefix that will be applied to the service name in Consul.

Worker Nodes

cas_worker This section of the JSON file specifies worker node information for the SAS Cloud Analytic Server (CAS).

ip [ ] Array of comma-separated IP addresses. One for each node that will be deployed. If cas_controller.uses_workers is FALSE, then this section is ignored.

Consul

consul The Consul section of the JSON file specifies Consul information that is provided by SAS.

ip The IP address to be used for Consul.

32


High-Availability (HA) Consul

consul_ha Information for High-Availability (HA) Consul.

virtual_ip The virtual IP address is the IP that will be exposed in the Consul instances.

ip [ ] The IP addresses to use for the Consul instances.

cloud_config The following properties are used if using the cloud-config (BOSH manifest schema v2).

network_name Select the cloud-config name that specifies the manual network properties.

Elasticsearch Master

elasticsearch_master The Elasticsearch Master section of the JSON file specifies information that is provided by SAS for Elasticsearch master nodes.

ip [ ] The array of comma-separated IP addresses, one for each node to be deployed.

port 9200 The port that is used by Elasticsearch. Do not change this value.

resource_pools The override value for the default value for the resource_pools property. The size should be no smaller than the *<2xlarge> (8 vCPUs, 40GB disk, 16GB RAM)* settings.

ram 16384 The override for the memory used by this service. Do not use a smaller value.

properties These are additional properties that are made available to Elasticsearch. Refer to the Elasticsearch documentation for details.

threadpool_bulk_queue_size 1000 This property value is for the bulk request. This tells Elasticsearch the number of requests that can be queued for execution in the node when no thread is available to execute a bulk request.

min_heapsize Set the minimum JVM heap size. Follow Elasticsearch recommendations for setting the minimum JVM heap size.

max_heapsize Set the maximum JVM heap size. Follow Elasticsearch recommendations for setting the maximum JVM heap size.

Elasticsearch Client

33


elasticsearch_client The Elasticsearch Client section of the JSON file specifies information that is provided by SAS for Elasticsearch client nodes.

ip [ ] The array of comma-separated IP addresses, one for each node, to be deployed.




Elasticsearch Data

elasticsearch_data The Elasticsearch Data section of the JSON file specifies information that is provided by SAS for Elasticsearch data nodes.

ip [ ] The array of comma-separated IP addresses for the data nodes.


ram 16384 The override for the memory that is used by this service. Do not use a smaller value.




Jobs

jobs The jobs section of the JSON file defines how BOSH associates jobs with the VMs that are started by the IaaS. Increase the persistent_disk size according to the requirements of your implementation of Elasticsearch.

34



PostgreSQL

postgres The PostgreSQL section in the JSON file specifies information about PostgreSQL server creation.

Note: This service is enabled only if the "enabled" property in the "postgres_ha" service section is not present or is set to false.

ip The IP address to be used for PostgreSQL.

port 5432 The port to use for the PostgreSQL connection. The default port is 5432.

dbmsowner_secret The password for the PostgreSQL database. Do not provide a password in this file. It is entered on-site.

High-Availability PostgreSQL

postgres_ha Information for High-Availability (HA) PostgreSQL.

virtual_ip The virtual IP address is the IP that will be switched once the master pgpool instance fails.

pgpool_admin_port This is the port that pgpool administration uses.

network_prefix The CIDR network prefix.

trusted_server Any server host-name or FQDN of a server that can be reached from pgpool vm. This is used by PgPool to verify that the network is not down if a PostgreSQL instance should become unavailable.

Note: This server must be available at all times.

compilation This section deals with the compilation phase of job deployment on a VM being created.

workers 8 The number of workers specified in the deployment configuration determines how many VMs can be created at once for compiling.

resource_pools The override value for the default value for the resource_pools property.

cpu 4 The number of vCPUs to be assigned to the Resource Pool. As a default for the VM to be instantiated, use a large-sized (4 vCPUs, 40GB disk, 8GB RAM) VM. The number of vCPUs in the instance_type definition might be smaller than the 4 vCPUs used in the <large> value.

35


disk 40960 The size of the disk of the VM to be created for the Resource Pool.

ram 16384 This is an override for the memory used by this service.

pgpool_defaults PGPool default parameters

pgpools Only the following configurations are supported:

n 1 pgpool, 2 databasesn 2 pgpools, 2 databases

ip The IP address to be used for the first pgpool instance.

port 9432 The port to use for the pgpool connection. The required port is 9432.

ip The IP address to be used for the second pgpool instance.


databases The databases for PostgreSQL HA

ip The IP address to be used for the first PostgreSQL instance.

port 5432 The port to use for the PostgreSQL connection. The required port is 5432.

ip The IP address to be used for the second PostgreSQL instance.




RabbitMQ

rabbitmq The RabbitMQ section in the JSON file specifies RabbitMQ information that is provided by SAS.

ip The IP address that is used for the RabbitMQ connection.

port 5672 The port to use for the RabbitMQ connection. The required port is 5672.

High-Availability RabbitMQ

36


rabbitmq_ha

ip [ ] The IP addresses to use for the RabbitMQ servers.

port 5672 The port that is used for the RabbitMQ connection. The default port is 5672.


network_name Select the cloud-config name that specifies the dynamic network properties.

Geode

geode Geode information.

locator_ip [ ] The IP addresses to use for the Geode locator connection. These addresses must be accessible from the apps as found in the apps section below.

locator_port 10335 The locator port used to start the GEODE locator See --port in the Geode documentation. URL: http://geode.apache.org/docs/guide/configuring/running/running_the_locator.html

server_ip [ ] The IP addresses to use for the Geode server connection. These addresses must be accessible from the apps as found in the apps section below.

server_port 40404 The server port used to start the GEODE server. See --server-port in the Geode documentation. URL: http://geode.apache.org/docs/guide/configuring/running/running_the_cacheserver.html

Cloud Foundry Applications

apps The Cloud Foundry Applications section of the JSON file contains information about Cloud Foundry applications.

default This section is used for all applications that do not have an override.

memory 1024MB The default value is 1024MB. Change the value, as appropriate.

disk_quota 1024MB The default value is 1024MB. Change the value, as appropriate.

instances 1 The default value is 1. This is the number of instances of the applications that will be started initially.

37


health_checks FALSE Enable health checks to services in CF. Default value is false.

Note: This property applies only to Cloud Foundry v250 and later releases.

Applications

audit The Applications section of the JSON file contains information about overriding the default values for this app.

authorization Override any defaults for this app by placing different values for properties here.

files Override any defaults for this app by placing different values for properties here.

identities Override any defaults for this app by placing different values for properties here.

logon 1536MB Override any defaults for this app by placing different values for properties here.

initial_password The password that is used for the initial connection used in onboarding.

Note: This is not an LDAP user. This is used only by the onboarding scripts. It is not used for interacting with the user interface.

Do not provide a password in this file. It is entered on-site.

tenant_admin_password The administrative user's password that is used to import other users for the tenant. It is the initial logon user. Do not provide a password in this file. It is entered on-site.

svi_ai Override any defaults for this app by placing different values for properties here.

disk_quota 2048MB The minimum required disk size for the microservice svi-ai. Change the value, as appropriate.

svi_alert Override any defaults for this app by placing different values for properties here.

memory 4096MB This is an override for the memory that is used by this app Do not use a smaller value.

svi_datahub Override any defaults for this app by placing different values for properties here.

memory 4096MB This is an override for the memory that is used by this app. Do not use a smaller value.

38


property Additional properties for data hub. This includes passwords for the managed data for the data store and the data hub metadata data store.

"config/application/svi/datasources/builtIn/password"

The password for the managed data for the data store. Do not provide a password in this file. It is entered on-site.

"config/datahub/metadata/password"

The password for the data hub metadata data store. This password can be different from other passwords. Do not provide a password in this file. It is entered on-site.

svi_entity_resolution Override any defaults for this app by placing different values for properties here.

memory 2048MB This is an override for the memory used by this app. Do not use a smaller value.

svi_feature Override any defaults for this app by placing different values for properties here.

svi_network_analytics Override any defaults for this app by placing different values for properties here.

svi_sand Override any defaults for this app by placing different values for properties here.

memory 8192MB This is an override for the memory used by this app. Do not use a smaller value.

svi_transport Override any defaults for this app by placing different values for properties here.

svi_visual_investigator Override any defaults for this app by placing different values for properties here.


svi_vsd_service Override any defaults for this app by placing different values for properties here.


svi_vsd_webui Override any defaults for this app by placing different values for properties here.

39

Cloud Foundry Deployment Data Using OpenStack as the IaaS

SYNTAX CONVENTIONS#==========================================================================

Syntax Description

" " A quoted string of the indicated type.

[ ] An array of comma-separated values of the indicated type.

<name> All occurrences of <name> can be replaced with the same replacement value.

*<size>* All occurrences of *<size>* can be replaced with a similar value or a larger value. The exact size depends on how the resource is used.

For a size value in the following configuration table, ensure that the value for your instance_type definition is not less than the values that are used for CPU, disk, or RAM as follows:

Size Property*<small>*

*<medium>*

*<large>*

*<xlarge>*

*<2xlarge>*

Specify the Default Size or a Large Size, as Appropriate2 vCPUs, 20 GB disk, 2 GB RAM





# A 'property' is a simple key-value pair.

# A 'section' is either an array or a dictionary that can have many values.

#

# All properties and sections below must be populated with data unless marked with one of the following indicators:

n ## Optional - This property or section can remain with no value or can be entirely removed.n ## ReadOnly - Do not change any property or section that has this mark.n ## ReadOnlyKey - Do not change the property key, but you can change the value.

The Value column does not list a default value in some instances. This is intentional so the user can provide customized values.


BOSH Director

directors This section of the JSON file contains information for accessing the BOSH directors.

<directorName> The director Name that is displayed by the bosh status command and that is listed as Name.

40


user name The BOSH user name that is used for BOSH director authentication.

password The password for the user that connects to the BOSH director.

certificate_path The certificate for the user that connects to the BOSH director.

privateip The IP address of the BOSH Director that is displayed by the bosh status command and that is under the URL.

uuid The UUID of the BOSH Director that is displayed by the bosh status command and that is listed as UUID.

net_id The ID of the OpenStack network that is displayed by running the openstack network show <name> command.

bosh_domain_name The domain name of the BOSH director that is displayed by the bosh statuscommand and that is listed as DNS.

dnsserver [ ] The array of quoted IP addresses that identify the DNS locations for the BOSH director. Example: ["1.2.3.4", "2.3.4.5"].

Manual Network

Manual network Configuration for the manual network that is used to run Consul and other services using the keepalivedsoftware in high availability (HA).

net_id The ID of the manual network that is displayed by the openstack network show <name> command.

subnet_id The ID of the manual subnet that is displayed by the openstack subnet show <name> command.

gateway The IP address of the gateway server of the BOSH Director.

cidr_network The CIDR range of the manual network. Example: "10.20.30.0/24".

reserved_network [] The reserved IP addresses range that is not used for creating BOSH instances. The format of each array entry is a quoted string consisting of a hyphen-separated IP address range. Example: "10.20.30.2 - 10.20.30.127", "10.90.80.2 - 10.90.80.63".

static_network [] The static IP addresses range that is used to create BOSH instances. The format of each array entry is a quoted string consisting of a hyphen-separated IP address range. Example: [ "10.20.30.128 - 10.20.30.254", "10.90.80.64 - 10.90.80.127" ].

Cloud Foundry Run-time Environment

41


runtimes This section of the JSON configuration file provides information for accessing the Cloud Foundry run-time environment.

<runtimeName> The name of the run-time environment that is displayed by the bosh deployments command and that is listed as Name.

url The URL of the Cloud Foundry run-time environment that is displayed by the cf api command.

username The Cloud Foundry run-time environment user name that is used for authentication.

password The password for the user connection to the Cloud Foundry run-time environment.

options --skip-ssl-validation The command-line options for the Cloud Foundry run-time environment connection.

IaaS

iaas This section describes information that is required to connect to the underlying IaaS. This information is required for assigning internal IP addresses to a virtual IP address that is used to support high availability (HA).

openstack This is the name of the IaaS provider. Currently, only OpenStack is supported.

auth_url The keystone endpoint for authentication.

tenant_id The OpenStack tenant ID.

tenant_name The OpenStack tenant name.

username The OpenStack keystone username.

password The OpenStack keystone password.

region_name The OpenStack region name. This is optional. No entry is required..

Solution Deployment

deployments This section of the JSON file contains solution deployment details.

sas This section provides information about the user ID that is used for the solution deployment.

password The password for the user of the solution deployment. Do not provide a password in this file. It is entered on-site.

42


iaas openstack The Infrastructure as a Service (IaaS) name for OpenStack.

runtime <runtimeName> The name of the Cloud Foundry run-time environment that is defined in this section.

director <directorName> The name of the Cloud Foundry BOSH director that is defined in this section.

cf_nontls_domain This is the internal non-TLS domain that resolves directly to the Cloud Foundry HAProxy.

front_tls_domain If TLS front-end reverse proxying or load balancing is added by the customer, then it is necessary to specify the front-end TLS domain name. If used, this top-level domain can indirectly resolve to the Cloud Foundry HAProxy.

front_nontls_domain If non-TLS front-end reverse proxying or load balancing is added by the customer, then it is necessary to specify the front-end non-TLS domain name. If used, this top-level domain can indirectly resolve to the Cloud Foundry HAProxy.

label This property identifies a unique deployment. The use of “label” in this context refers to a word or set of characters that is placed before the top level domain name (non-TLS Domain name). This name immediately precedes the top-level domain property following in Logging Properties > Domain cell. This name can be used to identify the deployment purpose, the function, or the intended audience of the deployment. It can also be a name that has no obvious meaning. From a deployment perspective, this name is needed to uniquely construct URLs that access a specific deployment.

org The name of the Cloud Foundry organization that is the target of the deployment.

space The name of the Cloud Foundry space that is the target of the deployment.

security The OpenStack Security Group, at a minimum, has the following ports that are open: 4369, 5432, 5577, 5580, 5672, 7080, 8300-8305, 8500, 8591, 8777, 9200, 15672, 17551, 10355, 19990-19999, 25672, and 40404.

LDAP Server

ldap This section of the JSON file provides information about the defined LDAP/AD connection.

type The string must match either OpenLDAP (LDAP) or ActiveDirectory (AD).

base This sub-section provides base OU information for the LDAP/AD (Active Directory) connection.

43


host The LDAP server host name.

password The credentials for the user ID of the solution installation that connects to the LDAP/AD server. The credentials are entered on-site. Do not enter passwords in this file, they will be entered on-site. <Password terminology>.

port The port that is defined to connect to the LDAP server. If a global port is used to connect to the LDAP server, then port 3268 is required. If a non-global port is used to connect to the LDAP server, then port 389 is required.

userDN The LDAP user DN value that is used for the general search account. The DN value might be in the form: "CN=, OU=, OU=, DC=, DC=, DC=". Note that each site has different requirements.

LDAP Group Information

group This section of the JSON file specifies group information for the LDAP/AD connection.

baseDN The LDAP base DN is in the form OU=Groups,DC=xxx,DC=yyy,DC=com.

searchFilter The LDAP search filter that is used on your LDAP server. Example: (member={0})

LDAP Connection

user This section of the JSON file specifies user information for the LDAP/AD connection.

baseDN The LDAP base DN is in the form DC=xxx,DC=yyy.

searchFilter The optional LDAP search filter that is used on the LDAP server. Example: sAMAccountName={0}.

Internal SAS

profile This section of the JSON file is internal to SAS.

file ldap/ldap-search-and-bind.xml Use the provided information that is required internal to the SAS microservice.

Connection Properties

property This section of the JSON file specifies any special properties that are required for connection to the LDAP/AD server.

44


<property name> config/application/ldap/user/customFilter

This property is used to define the custom Consul properties for LDAP. Currently, the only supported property is the specified customFilter property. This property can be entirely omitted if no custom Consul properties are needed for LDAP. If this property is used, then the key must match config/application/ldap/user/customFilter: " ". Example: "(&(!(objectClass=computer))(!(userAccountControl:1.2.840.113556.1.4.803:=2)))".

Tenancy

tenancy This section is for information that is required for managing tenancy through the LDAP/AD server.

userRdn Example: "ou=people".

Consul Scripts

oauth This section of the JSON file is used by scripts that load data into Consul.

adminSecret This password is used to obtain an access token from SASLogon for client registration. Do not provide a password in this file. It is entered on-site.

Logging Properties

log_server This section of the JSON file defines logging properties that are used by services that send log data output to a remote rsyslog server via TCP. To enable logging support for apps, a nozzle must be created for logging output to a remote rsyslog server. A nozzle is a component that listens for specified events and metrics and streams this data to external services. Refer to the Cloud Foundry Loggregator documentation for details about nozzles.

Cloud Foundry nozzle and the rsyslog server must exist prior to the deployment. This functionality is not included with this deployment code.

host The fully qualified domain name (FDQN) or the IP address of the rsyslog server in the format: <host>.<top-level-domain>. Example: rsysloghost.mycompany.com 10.20.30.40.

port 5000 The TCP port number of the rsyslog server. Example: 5000. Change the value, as appropriate.

domain This is the top-level domain name of the rsyslog server, which is <top-level-domain>, rather than <host>.<top-level-domain>. Example: mycompany.com.

Fallback Logging

45


log_dir /log This section of the JSON file is used to define logging. If the log_server section for logging is not used, a default logging mechanism is available for apps only. This property defines the base directory to which logs are written. The directory must exist if this type of logging is used. If this directory does not exist, then logging is not enabled. If the directory exists, then subdirectories in the form of <organization>/<space>/<deployment> are automatically created, and log files are placed in that directory.

For supporting apps only, the default logging mechanism uses cf logs to obtain data. Note that the default logging mechanism does not apply to services. Also note that the pathname /log is an example. Change the pathname, as appropriate. You might use a mount point to an NFS location. Be sure to add the mount point to /etc/fstab so that subsequent sessions perform automatic mounting.

SAS recommends that you use the log_server approach since this provides the best results. Doing so allows the user to see the logs from their services as well as the applications. This approach is more CPU-intensive and does not produce logging data for all deployment components. Use the "log_dir" approach for simple logging with the restrictions mentioned above.

log_timeout 15m If logging is performed using log_dir, then terminate logging after this time-out value. If the value is "0", then logging will not time out. If this value is omitted, then a default time-out is used. The value is an integer immediately followed by either 's' for seconds, 'm' for minutes, 'h' for hours, or 'd' for days.

BOSH Services

service This section of the JSON file contains information about BOSH Services.

default The default values are examples only. They provide a starting point for all of the same items in a section. This allows the software to have a standard set of basic items that can be overridden by the user if required for all items of the same type. Consult with your BOSH administrator for values that are appropriate for your deployment. The default values are used across all BOSH services. A service that does not define the properties that are specified in the default section use these properties.

schema v1 Use this setting to specify the BOSH manifest schema version. The allowed values are v1 and v2.

Cloud Config

cloud_config The following three properties are specific to BOSH manifest files that use the v2 schema.

vm_type Select the cloud-config name that specifies the VM size configuration.

46


network_name Select the cloud-config name that specifies the network properties.

vip_network Select the cloud-config name that specifies the floating IP address pool.

canaries 1 The number of test VMs that are created before the actual VMs are created for use. BOSH attempts to upgrade a small number of VMs (usually 1) in batch. This first batch is called the canary. If the upgrade is successful, the remaining servers are created or upgraded, as appropriate.

max_errors 1 The maximum number of compilation errors that can be tolerated before a deployment fails. The recommended value is 1.

max_in_flight 4 The maximum number of non-canary instances to create or update in parallel. This is the default number of instances to be created. The number can be modified later, as necessary.

nfs_mounts [ ] A comma-separated array of NFS mount descriptors. Each descriptor is of the form: <hostname>:<mount-directory-from-host>:<mount-directory-in-container>. Note that a single mount point for the SAS license file is required. The final entry /local/directory in the nfs_mount value must be /opt/cas/license. This value is required in order for CAS to locate the SAS license file.

Example 1:

"my.host.com:/remote/directory:/opt/cas/license,other.host.com:/dir:/opt/cas/license"

Example 2:

"my.host.com:/remote/directory:/opt/cas/license,other.host.com:/dir:/opt/cas/license"

watch_time 30000-1800000 The default watch_time value ranges from 30000 - 1800000.

compilation This section relates to the compilation phase of job deployment on a VM that is being created. The sizes used in this section should be no smaller than *<2xlarge> (8vCPUs, 40GB disk, 16GB RAM)* settings.


reuse_vms TRUE BOSH creates a new compilation VM for each new package compilation and then destroys the VM when compilation is complete. If the value is TRUE, then compilation VMs are reused when compiling packages. The value, TRUE, is recommended.

instance_type <2xlarge> This is an override for the memory that is used by this service. Do not use a smaller value.

47


Resource Pool

resource_pools A resource pool is a collection of VMs that are created from the same stemcell and with the same configuration in a deployment.

instance_type <large> This is an override for the memory that is used by this service. Do not use a smaller value.

Jobs

jobs This section defines how BOSH associates jobs with the VMs that are started by the IaaS. If the service requires more disk space than is shown below, be sure to create an override in the specific section to allocate more disk space.

persistent_disk 20480 The specification of the persistent disk size. BOSH creates a persistent disk of the specified size in megabytes and attaches the disk to each job instance VM. The default for SAS is 20 GB. Change the value according to your available or required resources.

High- Availability Support When high-availability support is enabled, the following configuration sections are used for the deployment:

Consul: "consul_ha"

PostgreSQL: "postgres_ha"

RabbitMQ: "rabbitmq_ha"

Geode: "geode"

ha Enables high-availability (HA) support.

enabled Enables or disables HA support. The default is "false", which indicates that HA is disabled.

SAS in-Memory Server

cas_controller This section of the JSON file specifies the license controller node information.

uses_workers This property disables the ability of the license server to use worker nodes. This is the default for this server.

super-user This property specifies the CAS user that can administer all CAS sessions.

ip This property specifies the IP address to be used for the controller node.

port 5577 This property specifies the port to be used for the controller node. The required port is 5577.

service_name This property specifies the prefix to be applied to the service name in Consul.

48


Worker Nodes

cas_worker This section of the JSON file specifies worker node information for the SAS Cloud Analytic Server (CAS).

ip [ ] This property specifies the array of comma-separated IP addresses, one for each node to be deployed. If cas_controller.uses_workers is false, then this section is ignored.

Consul

consul This section of the JSON file specifies Consul information that is provided by SAS.

ip The IP address to be used for Consul.

High-Availability (HA) Consul

consul_ha Information for High-Availability (HA) Consul.

virtual_ip The virtual IP address is the IP that is exposed in the Consul instances.

network_port The OpenStack network port name. This is needed to open the named network port for a virtual IP address. The name can be any unique name in the subnet.

floating_ip The floating IP address on the VIP network that exposes Consul.

ip [ ] The IP addresses to use for the Consul instances.

cloud_config The following properties are used if the cloud-config BOSH manifest schema v2 is used.


Elasticsearch Master

elasticsearch_master Elasticsearch master node information that is provided by SAS.

ip [ ] An array of comma-separated IP addresses, one for each node to be deployed.

port 9200 The port that is used by Elasticsearch. Do not change this value.

resource_pools Overrides any defaults for this service by specifying different values for properties. The size should be no smaller than *<2xlarge>* settings.

instance_type <2xlarge> This is an override for the memory used by this service. Do not use a smaller value.

49


properties These are additional properties that are made available to Elasticsearch. See the Elasticsearch documentation for details.

threadpool_bulk_queue_size 1000 This property value is for the bulk request. This tells Easticsearch the number of requests that can be queued for execution in the node when no thread is available to execute a bulk request.

min_heapsize 8 Sets the minimum JVM heap size. See the Elasticsearch documentation for recommendations on setting the minimum JVM heap size.

max_heapsize 8 Sets the maximum JVM heap size. See the Elasticsearch documentation for recommendations on setting the maximum JVM heap size.

Elastic Search Client

elasticsearch_client Elasticsearch client node information that is provided by SAS.

ip [ ] Elasticsearch client node information that is provided by SAS.

Elasticsearch Data

elasticsearch_data This section of the JSON file specifies information that is provided by SAS for Elasticsearch data nodes.

ip [ ] The array of comma-separated IP addresses for the data nodes.

resource_pools The instance type according to Elasticsearch performance requirements. Choose the instance_type.

instance_type <2xlarge> This is an override for the memory size that is used by this service. Do not use a smaller value.

properties These are additional properties that are made available to Elasticsearch. For details, see the Elasticsearch documentation.

min_heapsize 8 Set the minimum JVM heap size. Follow ElasticSearch recommendations for setting the minimum JVM heap size.

max_heapsize 8 Set the maximum JVM heap size. Follow ElasticSearch recommendations for setting the maximum JVM heap size.


Jobs

50


jobs This section of the JSON file defines how BOSH associates jobs with the VMs that are started by the IaaS. Increase the persistent_disk size according to the requirements of your implementation of ElasticSearch.


PostgreSQL

postgres The PostgreSQL section in the JSON file specifies information about PostgreSQL server creation.

Note: This service is enabled only if the "enabled" property in the "postgres_ha" service section is not present or is set to false.

ip The IP address to be used for PostgreSQL.

port 5432 The port to use for the PostgreSQL connection. The default port is 5432.

dbmsowner_secret The password for the PostgreSQL database. Do not provide a password in this file. It is entered on-site.

High- Availability PostgreSQL

postgres_ha Information for High-Availability (HA) PostgreSQL.

virtual_ip The virtual IP address is the IP that is switched once the master pgpool instance fails.

network_port The OpenStack network port name. This is needed to open the named network port for virtual IP address. The name can be any unique name in the subnet.

pgpool_admin_port This is the port that pgpool administration uses.

network_prefix The CIDR network prefix.

trusted_server Any server host-name or FQDN of a server that can be reached from pgpool vm. This is used by PgPool to verify that the network is not down if a PostgreSQL instance should become unavailable.

Note: This server must be available at all times.

compilation This section deals with the compilation phase of job deployment on a VM being created.


51


resource_pools The override value for the default value for the resource_pools property.

instance_type <xlarge>

pgpool_defaults PGPool default parameters.

pgpools Only the following configurations are supported:.

n 1 pgpool, 2 databasesn 2 pgpools, 2 databases

ip The IP address to be used for the first pgpool instance.


ip The IP address to be used for the second pgpool instance.


databases The databases for PostgreSQL HA.

ip The IP address to be used for the first PostgreSQL instance.


ip The IP address to be used for the second PostgreSQL instance.


RabbitMQ

rabbitmq This section in the JSON file specifies RabbitMQ information that is provided by SAS.

ip The IP address that is used for the RabbitMQ connection.

port 5672 The port to use for the RabbitMQ connection. The required port is 5672.

High- Availability RabbitMQ

rabbitmq_ha

ip [] The IP addresses to use for the RabbitMQ servers.

52


port 5672 The port that is used for the RabbitMQ connection. The default port is 5672.


network_name Select the cloud-config name that specifies the dynamic network properties.

Geode

geode Geode information.

locator_ip [] The IP addresses to use for the Geode locator connection. These addresses must be accessible from the apps as found in the apps section below.

locator_port 10335 The locator port used to start the GEODE locator See --port in the Geode documentation. URL: http://geode.apache.org/docs/guide/configuring/running/running_the_locator.html

server_ip [] The IP addresses to use for the Geode server connection. These addresses must be accessible from the applications.

server_port 40404 The server port that is used to start the Geode server. For detail about specifying the Geode server port, see the Geode documentation at http://geode.apache.org/docs/guide/configuring/running/running_the_cacheserver.html.

Cloud Foundry Applications

apps This section of the JSON file contains information about Cloud Foundry applications.

default This section is used for all applications that do not have an override.

memory 1024MB The default value is 1024 MB. Change the value, as appropriate.

disk_quota 1024MB The default value is 1024 MB. Change the value, as appropriate.

instances 1 The default value is 1. This is the number of instances of the applications that are started initially.

health_checks false Enables health checks to services in Cloud Foundry. The default value is false.

Note: This property applies only to Cloud Foundry v250 and later releases.

Applications

53


audit This section of the JSON file contains information about overriding the default values for this app.

authorization Overrides any defaults for this app by specifying different values for properties, as appropriate.

files Overrides any defaults for this app by specifying different values for properties, as appropriate.

identities Overrides any defaults for this app by specifying different values for properties, as appropriate.

logon 1536MB Overrides any defaults for this app by specifying different values for properties, as appropriate.

initial_password The password that is used for the initial connection that is used in onboarding.

Note: This is not for an LDAP user. It is used only by the onboarding scripts. It is not used for interacting with the user interface.Do not provide a password in this file. It is entered on-site.

tenant_admin_password The administrative user's password that is used to import other users for the tenant. It is the initial logon user. Do not provide a password in this file. It is entered on-site.

svi_ai Overrides any defaults for this app by specifying different values for the properties, as appropriate.

disk_quota 2048MB The minimum required disk size for the microservice svi-ai. Change the value, as appropriate.

svi_alert Overrides any defaults for this app by specifying different values for the properties, as appropriate,.


svi_datahub Overrides any defaults for this app by specifying different values for the properties, as appropriate.


property Additional properties for the data hub. This includes passwords for the managed data, the data store, and the metadata data store for the data hub.

"config/application/svi/datasources/builtIn/password"

The password for the managed data for the data store. Do not provide a password in this file. It is entered on-site.

54


"config/datahub/metadata/password"

The password for the metadata data store for the data hub. This password can be different from other passwords. Do not provide a password in this file. It is entered on-site.

svi_entity_resolution Overrides any defaults for this app by specifying different values for the properties, as appropriate..


svi_feature Overrides any defaults for this app by specifying different values for the properties, as appropriate.

svi_network_analytics Overrides any defaults for this app by specifying different values for the properties, as appropriate.

svi_sand Overrides any defaults for this app by specifying different values for the properties, as appropriate.


svi_transport Overrides any defaults for this app by specifying different values for the properties, as appropriate.

svi_visual_investigator Overrides any defaults for this app by specifying different values for the properties, as appropriate.


svi_vsd_service Overrides any defaults for this app by specifying different values for the properties, as appropriate.


svi_vsd_webui Overrides any defaults for this app by specifying different values for the properties, as appropriate.

55

Appendix B: Troubleshooting

BOSH

Virtual Machine Is Not Created

The most common problem with a BOSH deployment of a stateful service is the failure to create the virtual machine (VM). Generally, the solution is to remove the failed service and then to redeploy again. Follow the procedure:

n Change to the directory of the failed service.

n Run the remove.sh script in the directory to remove any traces of the deployment from the BOSH director.

n Run the deploy.sh script in the directory to redeploy the service.

During the attempted deployment, the RabbitMQ deployment fails and a message is displayed. Here is an example:

Error 400007: `rabbitmq/0 (8e792c02-47c5-495c-9c06-c7b7542bd775)' is not running after update. Review logs for failed jobs: runrabbit

To determine the state of the deployment, run the following command:

bosh vms host-rabbitmq-deployment

where host is he value of the deployments.sas.host key in the configuration file.. For this example, the test host is used.

After running the command, the output might look like this:

bosh vms test-rabbitmq-deploymentRSA 1024 bit CA certificates are loaded due to old openssl compatibilityActing as user 'admin' on deployment 'test-rabbitmq-deployment' on 'test'

Director task 10206

Task 10206 done

No VMs

To clean up residual information in the Bosh director’s database, change to the following directory:

cd services/rabbitmq

To ensure that you are in the correct directory, run the command:

pwd/home/sas/services/rabbitmq

WARNINGS:

n The remove.sh script uses options that prevent interaction. Therefore, the command continues processing.

n There is a remove.sh script in each of the directories. Make sure that you are in the correct directory or you might remove everything instead of just the deployment that failed. Each of the remove.sh scripts removes the service or the call for each of the remove.sh scripts in any subdirectories that are in the directory in which it resides. For example, if you are in the services directory, the remove.sh script removes all of the services. If you are in the /home/sas directory, the remove.sh script removes everything. If you are in the

/home/services/rabbitmq directory, the remove.sh script removes only the RabbitMQ deployment.

56

In the /home/services/rabbitmq directory, run the command:

./remove.sh


RSA 1024 bit CA certificates are loaded due to old openssl compatibilityActing as user 'admin' on deployment 'test-rabbitmq-deployment' on 'test'

You are going to delete deployment `test-rabbitmq-deployment'.

THIS IS A VERY DESTRUCTIVE OPERATION AND IT CANNOT BE UNDONE!

Director task 40322 Started deleting instances > rabbitmq/0 (43aab57f-b71c-419b-95c3-9b151cfc99a5). Done (00:00:51)

Started deleting properties Started deleting properties > Destroying deployment. Done (00:00:00)

Task 40322 done

Started 2016-01-01 00:49:34 UTCFinished 2016-01-01 00:50:25 UTCDuration 00:00:51

Deleted deployment `test-rabbitmq-deployment'

The warning message THIS IS A VERY DESTRUCTIVE OPERATION AND IT CANNOT BE UNDONE! is present for all BOSH delete deployment commands. There are flags in the remove.sh script that prevent interaction but the message is always displayed.

You must check these additional items in the manifest.yml file and the configuration JSON file:

n The watch time must be 30000-1800000 or higher.

n Canary watch time must be 30000-1800000 or higher.

n Increase the number of workers.

If only one VM failed in a set of deployments like ElasticSearch, it might not be desirable to remove the VMs and then redeploy them. In this situation, use the following command:

bosh delete deployment test-elasticsearch-deployment-client

In this case, you are prompted to continue with the deployment.

bosh delete deployment test-elasticsearch-deployment-clientRSA 1024 bit CA certificates are loaded due to old openssl compatibilityActing as user 'admin' on deployment 'test-elasticsearch-deployment-client' on 'test'

You are going to delete deployment 'test-elasticsearch-deployment-client'.


Are you sure? (type 'yes' to continue):

Be sure to enter yes. BOSH continues with the deletion of the deployment.

If you enter y or any other character, the following message is displayed:

Canceled deleting deployment

57

Network Static Range Is Not Defined Correctly

The following error might be displayed if the range of static IP addresses is not defined correctly.

Started compiling packages > consul/9d62eaf5d3a8aa1011ff34c84e9961e3bc985b6e.Failed: Unknown CPI error 'Unknown' with message 'Cannot create new VM because of IP conflictswith other VMs on the same networks: [{:vm_name=>"vm-196bc7e3-47b7-4a8b-986d-8ed72bd85849",:network_name=>"10.10.10.0-TEST", :ip=>"10.10.10.252"}]'

This error occurred in a vSphere environment, which had been working without issues until IP addresses had been added beyond 10.10.10.250. The solution is to include the new addresses in the static subsection of the networks section of the manifest.yml file.

networks:- name: default type: manual subnets: - range: 10.10.10.0/24 dns: - 10.10.10.10 - 10.10.10.11 gateway: 10.10.10.1 reserved: - 10.10.10.2 - 10.10.10.125 static: - 10.10.10.126 - 10.10.10.252 cloud_properties: name: 10.10.10.0-TEST

BOSH Deployment Fails to Remove a Canceled Deployment

A deployment was started and then canceled using Ctrl+C in the terminal session in which the deployment was running. When canceled using the Ctrl+C, you can issue the command bosh tasks and then use the bosh cancel task command to cancel unwanted tasks. Further cleanup can be done by running a remove.sh script. An attempt to remove the canceled deployment using the remove.sh script might result in the following message:

./remove.shRSA 1024 bit CA certificates are loaded due to old openssl compatibilityDeployment set to '/home/sas/services/consul/manifest.yml'RSA 1024 bit CA certificates are loaded due to old openssl compatibilityActing as user 'admin' on deployment 'test-consul-deployment' on 'test'

You are going to delete deployment 'test-consul-deployment'.


Director task 49064Error 100: Redis lock lock:deployment:test-consul-deployment is acquired by another thread

Task 49064 error

For a more detailed error report, run: bosh task 49064 --debug

58

Error 100 is caused by a lock in the directory Redis data store that prevents the removal of the deployment. To remove the deployment, wait approximately 10 minutes for the lock to clear and then run the remove.sh script again.

Cloud Foundry Run Time

UI Displays with No Tabs and No Access to the Administration UI

In this case, the initial problem is that the UI comes up but there are no tabs and no access to the Administrative UI.

To check the status of all of the components in Consul, run the following command;

sas show detailspass cas-controller (Success)pass [email protected] (Success)pass [email protected] (Success)pass consul_container (Agent alive and reachable)pass elasticsearch (TCP connect 10.10.10.05:9200: Success. ElasticSearch cluster green.)pass postgres (Success)pass rabbitmq (Success)

App Status

pass audit (UP)pass authorization (UP)pass casManagement (UP)pass datahub (UP)pass entityResolution (UP)pass feature (UP)pass files (UP)pass identities (UP)pass networkAnalytics (UP)pass SASLogon (UP)pass SASVisualInvestigator (UP)pass svi-ai (UP)warn svi-alert (DOWN)pass svi-core (UP)pass svi-sand (UP)pass svi-transport (UP)

This displays svi-alert as a warn and the status would be (DOWN).

Most problems in the run-time deployments are linked to failures in the BOSH services. If only one service is failing (such as the svi-alert service), check the log for that service by running the command:

cf logs <host>-svi-alert --recent

Where host is the value of the deployments.sas.host key in the configuration file. For our example, the test host is used.

cf logs test-svi-alert --recent

This displays the log data that is in the Loggregator buffer. If a store and display log service is set up, then you can use that to see the log data. When reviewing the log, you might see error messages that look like this:

2016-09-04T22:45:08.98-0400 [APP/0] OUT 2016-09-05 02:45:08.988 ERROR 13 --- [nio-8080-exec-7]c.s.f.t.c.h.DatahubHealthIndicator : anonymousUser [27fa5841-1091-4d28-9faa-916782e21e22]Datahub error: stored object not created

59

This points to a problem in the svi-datahub application. Examining the svi-datahub log, the following is displayed:

cf logs test-svi-datahub --recent 2016-09-04T22:47:02.76-0400 [APP/0] OUT com.sas.commons.rest.exceptions.http.ForbiddenException: "Access is denied"2016-09-04T22:47:02.76-0400 [APP/0] OUT at com.sas.feature.aspect.FeatureAuthorizationAspect.checkFeatureAccess (FeatureAuthorizationAspect.java:76)

The key here is the Access is denied message and the pointer to the feature service svi-feature. Examining the svi-feature log we see the following error:

cf logs test-svi-feature --recent 2016-09-04T22:49:13.12-0400 [APP/0] OUT 5 ERROR: The product specified is not licensed.2016-09-04T22:49:13.12-0400 [APP/0] OUT 5 ERROR: The action stopped due to errors.2016-09-04T22:49:13.12-0400 [APP/0] OUT debug=0x88bfc1e5:TKCASA_GEN_LICENSE_NOT_LOADED.

This main problem is that the CAS server cannot find the license file, which is preventing both CAS and SAS Visual Investigator from being operational.

To fix this problem, correct the nfs_mounts section of the JSON configuration file. The incorrect mount point for the license file had been entered so that you need to renter the mount point.

Here was the original entry:

"nfs_mounts":[

"test.test.sas.com/directory/vi:/nas/dept/test/vi:/opt/sas/cas/license"],

The new entry would look like this:

"nfs_mounts":["test.test.sas.com/directory/vi:/nas/dept/test/vi:/opt/sas/cas/cloud"],

Once the network file system mount is corrected, you can do the deployment.

SAS® and all other SAS Institute Inc. product or service names are registered trademarks or trademarks of SAS Institute Inc. in the USA and other countries. ® indicates USA registration. Other brand and product names are trademarks of their respective companies. Copyright © 2017, SAS Institute Inc., Cary, NC, USA. All Rights Reserved. March 2017 10.2-P1:dplyvi0cld

60

Documents

SAS Visual Investigator 10.2 on the Cloud: Deployment Guide