Giter Site home page Giter Site logo

sassoftware / viya4-deployment Goto Github PK

View Code? Open in Web Editor NEW
64.0 21.0 59.0 13.12 MB

This project contains Ansible code that creates a baseline in an existing Kubernetes environment for use with the SAS Viya Platform, generates the manifest for an order, and then can also deploy that order into the Kubernetes environment specified.

License: Apache License 2.0

Dockerfile 24.01% Shell 7.32% Python 68.68%
viya4 iac ansible sas-quest

viya4-deployment's Introduction

SAS Viya 4 Deployment

Overview

This project contains Ansible code that creates a baseline cluster in an existing Kubernetes environment for use with the SAS Viya platform, generates the manifest for a SAS Viya platform software order, and then deploys that order into the specified Kubernetes environment. Here is a list of tasks that this tool can perform:

  • Prepare Kubernetes cluster

  • Deploy the SAS Viya Platform

    • Retrieve the deployment assets using SAS Viya Orders CLI
    • Retrieve cloud configuration from tfstate (if using a SAS Viya 4 IaC project)
    • Run the kustomize process and deploy the SAS Viya platform
    • Create affinity rules such that processes are targeted to appropriately labeled nodes
    • Create pod disruption budgets for each service such that cluster maintenance will not let the last instance of a service go down (during a node maintenance operation, for example)
    • Use kustomize to mount user private (home) directories and data directories on CAS nodes and on compute server instances
    • Deploy SAS Viya Monitoring for Kubernetes
    • Deploy MPP or SMP CAS servers

  • Manage SAS Viya Platform Deployments

    • Organize and persist configuration for any number of SAS Viya platform deployments across namespaces, clusters, or cloud providers.

  • SAS Viya with SingleStore Deployment

Prerequisites

Use of these tools requires operational knowledge of the following technologies:

Technical Prerequisites

Infrastructure Prerequisites

The viya4-deployment playbook requires some infrastructure.

Kubernetes Cluster

You can either bring your own Kubernetes cluster or use one of the SAS Viya 4 IaC projects to create a cluster using Terraform scripts:

Storage

A file server that uses the network file system (NFS) protocol is the minimum requirement for the SAS Viya platform. You can either use one of the SAS Viya 4 IaC projects to create the required storage or bring your own Kubernetes storage. If you use the SAS Viya 4 IaC projects to create an NFS server VM and a jump box (bastion server) VM, the information can be passed in to viya4-deployment so that the required directory structures discussed in the next sections are created automatically. If you are bringing your own NFS-compliant server, the following NFS exports folder structure must be created prior to running viya4-deployment:

<export_dir>        <- NFS export path
  /pvs              <- location for persistent volumes
  /<namespace>      <- folder per namespace
    /bin            <- location for open source directories
    /data           <- location for SAS and CAS Data
    /homes          <- location for user home directories to be mounted
    /astores        <- location for astores

Jump Box Virtual Machine

The jump box or bastion server can manage NFS folders if you provide SSH access to it. The jump box must have the NFS storage mounted to it at <JUMP_SVR_RWX_FILESTORE_PATH>. If you want to manage the NFS server yourself, the jump box is not required. Here is the required folder structure for the jump box:

<JUMP_SVR_RWX_FILESTORE_PATH>     <- mounted NFS export
  /pvs                            <- location for persistent volumes
  /<namespace>                    <- folder per namespace
    /bin                          <- location for open source directories
    /data                         <- location for SAS and CAS data
    /homes                        <- location for user home directories to be mounted
    /astores                      <- location for ASTORES

Getting Started

Clone this Project

Run the following commands in a terminal session:

# clone this repository
git clone https://github.com/sassoftware/viya4-deployment

# move to directory
cd viya4-deployment

Authenticating Ansible to Access Cloud Provider

See Ansible Cloud Authentication for details.

NOTE: At this time, additional setup is only required for GCP with external PostgreSQL.

Customize Input Values

The playbook uses Ansible variables for configuration. SAS recommends that you encrypt both this file and the other configuration files (sitedefault, kubeconfig, and tfstate) using Ansible Vault.

Ansible Vars File

The Ansible vars.yaml file is the main configuration file. Create a file named ansible-vars.yaml to specify values for any input variables. Example variable definition files are provided in the ./examples folder. For more details on the supported variables, refer to CONFIG-VARS.md.

(Optional) Sitedefault File

The value is the path to a standard SAS Viya platform sitedefault file. If none is supplied, the example sitedefault.yaml file is used. A sitedefault file is not required for a SAS Viya platform deployment.

Kubeconfig File

The Kubernetes access configuration file. If you used one of the SAS Viya 4 IaC projects to provision your cluster, this value is not required.

If you used the viya4-iac-gcp project to create a provider based kubeconfig file to access your GKE cluster, refer to kubernetes configuration file types for instructions on using a GCP provider based kubeconfig file with the viya4-deployment project.

Terraform State File

If you used a SAS Viya 4 IaC project to provision your cluster, you can provide the resulting tfstate file to have the kubeconfig and other settings auto-discovered. The ansible-vars-iac.yaml example file shows the values that must be set when using the SAS Viya 4 IaC integration.

The following information is parsed from the integration:

  • Cloud
    • PROVIDER
    • PROVIDER_ACCOUNT
    • CLUSTER_NAME
    • Cloud NAT IP address
  • RWX Filestore
    • V4_CFG_RWX_FILESTORE_ENDPOINT
    • V4_CFG_RWX_FILESTORE_PATH
  • JumpBox
    • JUMP_SVR_HOST
    • JUMP_SVR_USER
    • JUMP_SVR_RWX_FILESTORE_PATH
  • Postgres
    • V4_CFG_POSTGRES_SERVERS (if postgres deployed)
  • Cluster
    • KUBECONFIG
    • V4_CFG_CLUSTER_NODE_POOL_MODE
    • CLUSTER_AUTOSCALER_ACCOUNT
    • CLUSTER_AUTOSCALER_LOCATION
  • Ingress
    • V4_CFG_INGRESS_MODE (from CLUSTER_API_MODE)

Customize Deployment Overlays

The Ansible playbook in viya4-deployment fully manages the kustomization.yaml file. Users can make changes by adding custom overlays into subfolders under the /site-config folder. If this is the first time that you are running the playbook and plan to add customizations, create the following folder structure:

<base_dir>            <- parent directory
  /<cluster>          <- folder per cluster
    /<namespace>      <- folder per namespace
      /site-config    <- location for all customizations
        ...           <- folders containing user defined customizations

SAS Viya Platform Customizations

SAS Viya platform deployment customizations are automatically read in from folders under /site-config. To provide customizations, first create the folder structure detailed in the Customize Deployment Overlays section above. Then copy the desired overlays into a subfolder under /site-config. When you have completed these steps, you can run the viya4-deployment playbook. It will detect and add the overlays to the proper section of the kustomization.yaml file for the SAS Viya platform deployment.

Note: You do not need to modify the kustomization.yaml file. The playbook automatically adds the custom overlays to the kustomization.yaml file, based on the values you have specified.

For example:

  • /deployments is the BASE_DIR
  • The target cluster is named demo-cluster
  • The namespace will be named demo-ns
  • Add in a custom overlay that modifies the CAS server
  /deployments                        <- parent directory
    /demo-cluster                     <- folder per cluster
      /demo-ns                        <- folder per namespace
        /site-config                  <- location for all customizations
          /cas-server                 <- folder containing user defined customizations
            /my_custom_overlay.yaml   <- my custom overlay

The SAS Viya platform customizations that are managed by viya4-deployment are located under the templates directory. These are purposely templatized and included there since they contain a set of customizations that are common or required for a functioning SAS Viya platform deployment. These particular files are configured via exposed variables that are documented within CONFIG-VARS.md and do not need to be manually placed under /site-config.

OpenLDAP Customizations

The OpenLDAP setup that is described here is a temporary solution that enables you to add users and groups and to start using SAS Viya platform applications. The OpenLDAP server that is created using these instructions does not persist. It is created and destroyed within the SAS Viya platform namespace where it is created. To add users or groups that persist, follow the SAS documentation that describes how to Configure an LDAP Identity Provider.

If the embedded OpenLDAP server is enabled, it is possible to change the users and groups that will be created. The required steps are similar to other customizations:

  1. Create the folder structure detailed in the Customize Deployment Overlays.
  2. Copy the ./examples/openldap folder into the /site-config folder.
  3. Locate the openldap-modify-users.yaml file in the /openldap folder.
  4. Modify it to match the desired setup.
  5. Run the viya4-deployment playbook. It will use this setup when creating the OpenLDAP server.

Note: This method can only be used when you are first deploying the OpenLDAP server. Subsequently, you can either delete and redeploy the OpenLDAP server with a new configuration, or add users using ldapadd.

For example:

  • /deployments is the BASE_DIR
  • The cluster is named demo-cluster
  • The namespace will be named demo-ns
  • Add overlay with custom LDAP setup
  /deployments                          <- parent directory
    /demo-cluster                       <- folder per cluster
      /demo-ns                          <- folder per namespace
        /site-config                    <- location for all customizations
          /openldap                     <- folder containing user defined customizations
            /openldap-modify-users.yaml <- openldap overlay

Creating and Managing Deployments

Create and manage deployments using one of the following methods:

DNS

During the installation, an ingress load balancer can be installed for the SAS Viya platform and for the monitoring and logging stack. The host name for these services must be registered with your DNS provider in order to resolve to the LoadBalancer endpoint. This can be done by creating a record for each unique ingress controller host.

However, when you are managing multiple SAS Viya platform deployments, creating these records can be time-consuming. In such a case, SAS recommends creating a DNS record that points to the ingress controller's endpoint. The endpoint might be an IP address or FQDN, depending on the cloud provider. Take these steps:

  1. Create an A record or CNAME (depending on cloud provider) that resolves the desired host name to the LoadBalancer endpoint.
  2. Create a wildcard CNAME record that resolves to the record that you created in the previous step.

For example:

First, look up the ingress controller's LoadBalancer endpoint. The example below uses kubectl. This information can also be looked up in the cloud provider's admin portal.

$ kubectl get service -n ingress-nginx

NAME                                 TYPE           CLUSTER-IP    EXTERNAL-IP      PORT(S)                      AGE
ingress-nginx-controller             LoadBalancer   10.0.225.39   52.52.52.52      80:30603/TCP,443:32014/TCP   12d
ingress-nginx-controller-admission   ClusterIP      10.0.99.105   <none>           443/TCP                      12d

In the above example, the ingress controller's LoadBalancer endpoint is 52.52.52.52. So, we would create the following records:

  • An A record (such as example.com) that points to the 52.52.52.52 address
  • A wildcard CNAME (*.example.com) that points to example.com

SAS/CONNECT

When running the viya action with V4_CFG_CONNECT_ENABLE_LOADBALANCER=true, a separate loadbalancer service is created to allow external SAS/CONNECT clients to connect to the SAS Viya platform. You will need to register this LoadBalancer endpoint with your DNS provider such that the desired host name (for example, connect.example.com) points to the LoadBalancer endpoint.

Updating SAS Viya Manually

Manual steps are required by the SAS software to update a SAS deployment in an existing cluster. As a result, viya4-deployment does not perform updates. The viya4-deployment tools can perform subsequent viya,install tasks if you are simply reapplying the same software order into the cluster.

If you have an existing deployment that you performed with the viya4-deployment project, take the following steps in order to update the SAS Viya platform:

  • Follow the instructions in Updating Software in the SAS Viya Platform Operations Guide.
  • You are expected to modify the steps that are described in the SAS Viya Platform Operations Guide to accommodate the slightly different directory structure

Troubleshooting

See the Troubleshooting page.

Contributing

We welcome your contributions! See CONTRIBUTING.md for details on how to submit contributions to this project.

License

This project is licensed under the Apache 2.0 License.

Additional Resources

viya4-deployment's People

Contributors

asbisen avatar awsmith0216 avatar b2ku avatar dhoucgitter avatar enderm avatar erwangranger avatar gonzaloulla avatar hahewlet avatar jarpat avatar normjohniv avatar riragh avatar stturc avatar supear avatar thpang avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

juan4sas manoatsas erwangranger asbisen je3pp enderm indirection ken-pikulik chrzaszczg rippmn hahewlet eduardofariasl henmo09 crbueno supear gonzaloulla porped76 praveenanil henryn-den21ds bnl-leewiscovitch canpmh akapoor104 sshulgin70 daniel-martin-adl ranieuwe cumcke azaadshatru sorontil sgeletta apulliam frasep joshcoburn hyweldaniels awsmith0216 stturc devendrayadav1 vaibhav90 sweosm jarpat colesnow11 momiji gwestfah jawilk23 rabem00 egoienola satya5561 chinmayaaa venkat1711 al3x-ctrl desmondotutu thrashbaidon korsml ghas-results michellefekula miaeyg bkoprivica sk8336 data2playvf sgriskadminsas

viya4-deployment's Issues

aws-efs-csi-driver helm manifest broken

The helm manifest for the aws-efs-csi-driver chart is broken. This has happen in the past and they state there automation is not able to handle it. Therefore, we should reply on the github releases/tags instead

Error on TASK [vdm : kustomize - Generate deployment manifest]

Script:

ansible-playbook \
  -e BASE_DIR=$HOME/viya4-deployment \
  -e CONFIG=$HOME/viya4-deployment/ansible-vars.yaml \
  -e TFSTATE=$HOME/viya4-deployment/terraform.tfstate \
  -e JUMP_SVR_PRIVATE_KEY=$HOME/viya4-deployment/keys/id_rsa \
  playbook.yaml --tags "baseline,viya,install"

Error:

TASK [vdm : kustomize - Generate deployment manifest] *************************************************************************************************************************************
fatal: [localhost]: FAILED! => {"changed": true, "cmd": ["kustomize", "build", "/home/yurshk/viya4-deployment/yurshk-aks/viya4test", "--load-restrictor=none", "-o", "/home/yurshk/viya4-deployment/yurshk-aks/viya4test/site.yaml"], "delta": "0:00:00.032798", "end": "2021-07-15 07:33:46.342834", "msg": "non-zero return code", "rc": 1, "start": "2021-07-15 07:33:46.310036", "stderr": "Error: unknown flag: --load_restrictor", "stderr_lines": ["Error: unknown flag: --load-restrictor"], "stdout": "", "stdout_lines": []}

PLAY RECAP ********************************************************************************************************************************************************************************
localhost                  : ok=81   changed=17   unreachable=0    failed=1    skipped=48   rescued=0    ignored=0

Kustomize current version:

{Version:kustomize/v3.7.0 GitCommit:42d1f7b792a80af34828ec4c89af99e1043351a7 BuildDate:2020-07-04T19:15:46Z GoOs:linux GoArch:amd64}

Also tried the latest version of Kustomize

site-ph0 and site-ph1 generation

Hi,

Could you add automatic generation on site-ph0.yaml and site-ph1.yaml alongside the site.yaml?
These will be generated with the respective lines in kustomization.yaml:
site-ph0.yaml:
transformers:

  • sas-bases/overlays/scaling/zero-scale/phase-0-transformer.yaml

site-ph1.yaml:
transformers:

  • sas-bases/overlays/scaling/zero-scale/phase-0-transformer.yaml
  • sas-bases/overlays/scaling/zero-scale/phase-1-transformer.yaml

This will be very useful for scaling the environment up and down without needing to regenerate them manually each time you update SAS.

viya4-iac-aws tfstate issue

The tfstate file created by viya4-iac-aws has the following snippet
\"username\": \"system:node:{{EC2PrivateDNSName}}\"\n",

When the tfstate is parsed by ansible that is treated a var since {{}} is the marker used by ansible and jinga2. This cause loading of the file to fail.

Cadence Version Default and acceptable values

Hello Experts!

Here's another issue I ran into while running the ansible-playbook to deploy SAS:

ansible-playbook \
  -e BASE_DIR=$HOME/clouddrive/project/aks/viya4-deployment/public \
  -e CONFIG=$HOME/clouddrive/project/aks/viya4-deployment/public/ansible-vars-iac-azure.yaml \
  -e TFSTATE=$HOME/clouddrive/project/aks/viya4-iac-azure/terraform.tfstate \
  -e JUMP_SVR_PRIVATE_KEY=$HOME/.ssh/azure/id_rsa \
  $HOME/clouddrive/project/aks/viya4-deployment/public/playbooks/playbook.yaml --tags "baseline,viya,cluster-logging,cluster-monitoring,viya-monitoring,install"

I receive the following return in JSON (formatted for convenience):

{
  "changed": true,
  "cmd": "/tmp/ansible.qml8fyd9/viya4-orders-cli license --file-path /r/ge.unx.sas.com/vol/vol620/u62/malepr/clouddrive/project/aks/viya4-deployment/public/malepr-viya4-aks/test1/site-config --file-name license 09WRHQ lts 2020.1",
  "delta": "0:00:00.493103",
  "end": "2021-05-07 11:27:11.068402",
  "msg": "non-zero return code",
  "rc": 1,
  "start": "2021-05-07 11:27:10.575299",
  "stderr": "2021/05/07 11:27:10 INFO: no config file found\n2021/05/07 11:27:11 ERROR: asset request failed: {\"version\":2,\"httpStatusCode\":400,\"message\":\"Bad Request\",\"errors\":[{\"message\":\"Cadence name=lts / cadence version=2020.1 is not valid for the order\"}]}",
  "stderr_lines": [
    "2021/05/07 11:27:10 INFO: no config file found",
    "2021/05/07 11:27:11 ERROR: asset request failed: {\"version\":2,\"httpStatusCode\":400,\"message\":\"Bad Request\",\"errors\":[{\"message\":\"Cadence name=lts / cadence version=2020.1 is not valid for the order\"}]}"
  ],
  "stdout": "",
  "stdout_lines": []
}

The roles/vdm/defaults/main.yaml file contains a default value on line 10 for the cadence version: V4_CFG_CADENCE_VERSION: 2020.1 which the https://github.com/sassoftware/viya4-deployment/blob/main/roles/vdm/tasks/assets.yaml inherits and uses in its command on line 15 resulting in the above error.

However, it is not clear that this is a variable meant to be modified for default deployment (in the readme file or otherwise) and finally when I look at the https://github.com/sassoftware/viya4-deployment/blob/main/docs/CONFIG-VARS.md for help, it does not list acceptable values or a format of acceptable values.

Please fix the default so that it works, or mention it needs editing in the readme. AND please also provide acceptable values/formats of values for the cadence version so that I can provide the proper input.

Ansible community.kubernetes connection refused

roles/nfs-client-provisioner fails when attempting to create kubernetes namespaces

TASK [nfs-client-provisioner : Create namespace] *******************************
fatal: [localhost]: FAILED! => {"changed": false, "msg": "Failed to get client due to HTTPConnectionPool(host='localhost', port=80): Max retries exceeded with url: /version (Caused by NewConnectionError('<urllib3.connection.HTTPConnection object at 0x7fccbb202b20>: Failed to establish a new connection: [Errno 111] Connection refused'))"}

tested from the project docker container from both the main branch and 3.0.0 tag.

Issue appears to be related to possible dependency breakage in pip openshift0.12 or kubernetes12.0

ansible/ansible#72769
https://github.com/ansible-collections/community.kubernetes/issues/373

Deploy Pre-reqs in AKS with NFS storage' Fails - Looking for Openshift?

Hi Team, I am trying to deploy the Pre-reqs in AKS with NFS storage, using the docker container, but it continually fails (without creating anything) with the following error:

###################################################################################################################################

TASK [baseline : Remove deprecated efs-provisioner namespace] ***********************************************************************

An exception occurred during task execution. To see the full traceback, use -vvv. The error was: ModuleNotFoundError: No module named 'openshift'

fatal: [localhost]: FAILED! => {"changed": false, "error": "No module named 'openshift'", "msg": "Failed to import the required Python library (openshift) on bf8e4dded2cf's Python /usr/bin/python3. Please read the module documentation and install it in the appropriate location. If the required library is installed, but Ansible is using the wrong Python interpreter, please consult the documentation on ansible_python_interpreter"}

PLAY RECAP **************************************************************************************************************************

localhost : ok=22 changed=2 unreachable=0 failed=1 skipped=11 rescued=0 ignored=0

Tuesday 27 July 2021 07:36:35 +0000 (0:00:00.783) 0:00:06.391 **********

===============================================================================

baseline : Remove deprecated nfs-client-provisioner -------------------------------------------------------------------------- 1.43s

baseline : Remove deprecated efs-provisioner --------------------------------------------------------------------------------- 1.30s

baseline : Remove deprecated efs-provisioner namespace ----------------------------------------------------------------------- 0.78s

Gathering Facts -------------------------------------------------------------------------------------------------------------- 0.77s

common : tfstate - export kubeconfig ----------------------------------------------------------------------------------------- 0.58s

global tmp dir --------------------------------------------------------------------------------------------------------------- 0.28s

baseline role ---------------------------------------------------------------------------------------------------------------- 0.07s

baseline : Include nfs-subdir-external-provisioner --------------------------------------------------------------------------- 0.06s

common role ------------------------------------------------------------------------------------------------------------------ 0.05s

common : Add nat ip to LOADBALANCER_SOURCE_RANGES ---------------------------------------------------------------------------- 0.05s

common : tfstate - cluster name ---------------------------------------------------------------------------------------------- 0.04s

common : tfstate - nfs path -------------------------------------------------------------------------------------------------- 0.04s

common : tfstate - provider -------------------------------------------------------------------------------------------------- 0.04s

common : Parse tfstate ------------------------------------------------------------------------------------------------------- 0.04s

common : tfstate - cluster node pool mode ------------------------------------------------------------------------------------ 0.04s

common : tfstate - jump server ----------------------------------------------------------------------------------------------- 0.04s

common : tfstate - jump user ------------------------------------------------------------------------------------------------- 0.04s

common : tfstate - jump rwx filestore path ----------------------------------------------------------------------------------- 0.04s

common : tfstate - kubeconfig var -------------------------------------------------------------------------------------------- 0.04s

common : tfstate - cluster autoscaler location ------------------------------------------------------------------------------- 0.04s

################################################################################################################################

I don't know why it looking for Openshift when this cluster is in AKS.

I rechecked the ansible-vars.yaml file - it has PROVIDER: azure -- see below

[sas@master-node viya4-deployment]$ head ansible-vars.yaml

Cluster

PROVIDER: azure

CLUSTER_NAME: ssaghi-aks

NAMESPACE: viya4nfs

I have also tried running it with ansible, but alas - the same error.

Any light on the above would be appreciated

503 when opening FQDN

Install script:

cp ../viya4-iac-azure/terraform.tfstate ./

ansible-playbook \
  -e BASE_DIR=$HOME/viya4-deployment \
  -e CONFIG=$HOME/viya4-deployment/ansible-vars.yaml \
  -e TFSTATE=$HOME/viya4-deployment/terraform.tfstate \
  -e JUMP_SVR_PRIVATE_KEY=$HOME/viya4-deployment/keys/id_rsa \
  playbook.yaml --tags "baseline,viya,install" -vvv

Script summary (no errors in the log):

PLAY RECAP *********************************************************************
localhost                  : ok=86   changed=22   unreachable=0    failed=0    skipped=51   rescued=0    ignored=0   

Thursday 22 July 2021  12:09:28 +0000 (0:00:00.181)       0:02:29.616 ********* 
=============================================================================== 
vdm : manifest - deploy ------------------------------------------------ 96.06s
/home/yurshk/viya4-deployment/roles/vdm/tasks/deploy.yaml:39 ------------------
vdm : kustomize - Generate deployment manifest ------------------------- 19.30s
/home/yurshk/viya4-deployment/roles/vdm/tasks/kustomize.yaml:74 ---------------
vdm : prereqs - cluster-local deploy ------------------------------------ 3.95s
/home/yurshk/viya4-deployment/roles/vdm/tasks/deploy.yaml:27 ------------------
vdm : prereqs - cluster-wide -------------------------------------------- 2.48s
/home/yurshk/viya4-deployment/roles/vdm/tasks/deploy.yaml:14 ------------------
vdm : assets - Get License ---------------------------------------------- 2.15s
/home/yurshk/viya4-deployment/roles/vdm/tasks/assets.yaml:13 ------------------
vdm : copy - VDM transformers ------------------------------------------- 2.01s
/home/yurshk/viya4-deployment/roles/vdm/tasks/copy_overlay.yaml:13 ------------
vdm : assets - Download ------------------------------------------------- 1.92s
/home/yurshk/viya4-deployment/roles/vdm/tasks/assets.yaml:26 ------------------
vdm : copy - VDM generators --------------------------------------------- 1.62s
/home/yurshk/viya4-deployment/roles/vdm/tasks/copy_overlay.yaml:13 ------------
vdm : Download viya4-orders-cli ----------------------------------------- 1.56s
/home/yurshk/viya4-deployment/roles/vdm/tasks/assets.yaml:3 -------------------
jump-server : jump-server - create folders ------------------------------ 1.04s
/home/yurshk/viya4-deployment/roles/jump-server/tasks/main.yml:38 -------------
baseline : Deploy ingress-nginx ----------------------------------------- 0.87s
/home/yurshk/viya4-deployment/roles/baseline/tasks/ingress-nginx.yaml:2 -------
baseline : Deploy cert-manager ------------------------------------------ 0.86s
/home/yurshk/viya4-deployment/roles/baseline/tasks/cert-manager.yaml:2 --------
baseline : Deploy nfs-subdir-external-provisioner ----------------------- 0.84s
/home/yurshk/viya4-deployment/roles/baseline/tasks/nfs-subdir-external-provisioner.yaml:36 
vdm : assets - Extract downloaded assets -------------------------------- 0.84s
/home/yurshk/viya4-deployment/roles/vdm/tasks/assets.yaml:61 ------------------
Gathering Facts --------------------------------------------------------- 0.81s
/home/yurshk/viya4-deployment/playbook.yaml:1 ---------------------------------
baseline : Remove deprecated efs-provisioner namespace ------------------ 0.75s
/home/yurshk/viya4-deployment/roles/baseline/tasks/nfs-subdir-external-provisioner.yaml:24 
baseline : Check for metrics service ------------------------------------ 0.75s
/home/yurshk/viya4-deployment/roles/baseline/tasks/metrics-server.yaml:2 ------
vdm : template ---------------------------------------------------------- 0.71s
/home/yurshk/viya4-deployment/roles/vdm/tasks/main.yaml:60 --------------------
vdm : Create namespace -------------------------------------------------- 0.67s
/home/yurshk/viya4-deployment/roles/vdm/tasks/deploy.yaml:3 -------------------
common : tfstate - export kubeconfig ------------------------------------ 0.58s
/home/yurshk/viya4-deployment/roles/common/tasks/main.yaml:46 -----------------

Infra:
image

Problem
When opening FQDN, server responded with:

Status Code: 503 Service Temporarily Unavailable

docker build failed

Docker build failed. Received the following error:
E: Failed to fetch http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-gnutls_7.68.0-1ubuntu2.2_amd64.deb 404 Not Found [IP: 91.189.88.152 80]
E: Unable to fetch some archives, maybe run apt-get update or try with --fix-missing?

I had to run sudo apt update before the required packages could be installed.
I added the follwing line to the Dockerfile:

RUN apt update

Afterwards I was able to build the Docker image.

Thanks.

viya_monitoring tag does not seems to work

We installed SAS Viya Monitoring for Kubernetes using the viya4-deployment tool.
cluster-monitoring and cluster-logging worked very well (but will be nice to be able to change the monitoring and logging namespaces - issues !108 and !109).
viya-monitoring does not seems to work as expected (no prometheus-pushgateway pod in the Viya deployment namespace).

here some output:

  • The deployment command:
docker container run -it \
--group-add root \
--user $(id -u):$(id -g) \
-v $HOME/project/deploy:/data \
-v $HOME/.kube/config:/config/kubeconfig \
-v $HOME/project/deploy/${NS}/${NS}-viyavars.yaml:/config/config \
-v $HOME/viya4-iac-aws/${NS}.tfstate:/config/tfstate \
viya4-deployment \
--tags "cluster-logging,cluster-monitoring,viya-monitoring,install"
  • The ansible summary (no viya-monitoring tasks on it)
 Wednesday 23 June 2021 15:12:15 +0000 (0:00:00.477) 0:14:08.769 ********
===============================================================================
monitoring : cluster-logging - deploy ------------------------------------------------------------------------------------------------------------------------------------------------- 329.72s
monitoring : cluster-logging - deploy ------------------------------------------------------------------------------------------------------------------------------------------------- 268.34s
monitoring : cluster-monitoring - deploy ---------------------------------------------------------------------------------------------------------------------------------------------- 126.87s
monitoring : cluster-monitoring - deploy ----------------------------------------------------------------------------------------------------------------------------------------------- 94.27s
monitoring : cluster-monitoring - lookup existing credentials --------------------------------------------------------------------------------------------------------------------------- 2.40s
monitoring : cluster-logging - lookup existing credentials ------------------------------------------------------------------------------------------------------------------------------ 2.33s
monitoring : cluster-logging - lookup existing credentials ------------------------------------------------------------------------------------------------------------------------------ 2.04s
monitoring : cluster-monitoring - lookup existing credentials --------------------------------------------------------------------------------------------------------------------------- 1.77s
Gathering Facts ------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 1.63s
monitoring : v4m - download ------------------------------------------------------------------------------------------------------------------------------------------------------------- 1.53s
monitoring : v4m - add storageclass ----------------------------------------------------------------------------------------------------------------------------------------------------- 1.52s
common : tfstate - export kubeconfig ---------------------------------------------------------------------------------------------------------------------------------------------------- 1.39s
monitoring : cluster-monitoring - user values ------------------------------------------------------------------------------------------------------------------------------------------- 1.17s
monitoring : cluster-logging - user values ---------------------------------------------------------------------------------------------------------------------------------------------- 1.02s
monitoring : cluster-logging - user values ---------------------------------------------------------------------------------------------------------------------------------------------- 0.99s
monitoring : cluster-monitoring - user values ------------------------------------------------------------------------------------------------------------------------------------------- 0.81s
monitoring : cluster-monitoring - create userdir ---------------------------------------------------------------------------------------------------------------------------------------- 0.66s
global tmp dir -------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 0.65s
monitoring : cluster-logging - create userdir ------------------------------------------------------------------------------------------------------------------------------------------- 0.54s
monitoring : cluster-logging - create userdir ------------------------------------------------------------------------------------------------------------------------------------------- 0.52s

Add support for setting the namespaces for V4M logging and monitoring components

https://github.com/sassoftware/viya4-deployment/blob/main/docs/CONFIG-VARS.md#monitoring-and-logging lists variables we can set in e.g. $HOME/project/deploy/${NS}/${NS}-viyavars.yaml, to customize the cluster-logging,cluster-monitoring and viya-monitoring components of SAS Viya Monitoring for Kubernetes. For example, we can use this file to set the Kibana and Grafana passwords (V4M_KIBANA_PASSWORD and V4M_GRAFANA_PASSWORD respectively), among many other thngs.

Please would you add a way to set the LOG_NS (logging namespace) and MON_NS (monitoring namespace) in this vars file too? These namespace names should not be hard-coded to 'logging' and 'monitoring' respectively; you can change them if you deploy SAS Viya Monitoring for Kubernetes the manual way.

Error while Ansible usage

Script:

ansible-playbook \
  -e BASE_DIR=$HOME/viya4-deployment \
  -e CONFIG=$HOME/viya4-deployment/ansible-vars.yaml \
  -e TFSTATE=$HOME/viya4-deployment/terraform.tfstate \
  -e JUMP_SVR_PRIVATE_KEY=$HOME/viya4-deployment/keys/id_rsa \
  playbook.yaml --tags "baseline,viya,cluster-logging,cluster-monitoring,viya-monitoring,install"

Error:

fatal: [localhost]: FAILED! => {"reason": "couldn't resolve module/action 'community.kubernetes.helm'. This often indicates a misspelling, missing collection, or incorrect module path.\n\nThe error appears to be in '/home/aliust/projects/viya4-deployment/roles/baseline/tasks/nfs-subdir-external-provisioner.yaml': line 2, column 3, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n---\n- name: Remove deprecated nfs-client-provisioner\n  ^ here\n"}

 

PLAY RECAP **********************************************************************************************************************************************************
localhost                  : ok=23   changed=3    unreachable=0    failed=1    skipped=12   rescued=0    ignored=0

/viya-share/{ns}/{subdirs..} was not created when running deployment from the IAC created jump-server

I just ran a the IAC (Azure / cloned a few weeks ago) and the deployment project (cloned today).

The /export/../.. was not created:

jumpuser@mTES-TT-jump-vm:/viya-share$ cd /export
bash: cd: /export: No such file or directory

Following the information from another issue, I manually created the export as a test:

jumpuser@mTES-TT-jump-vm:/viya-share$ sudo mkdir -p /export/mtes-tt/homes/andy
jumpuser@mTES-TT-jump-vm:/viya-share$ cd /export/mtes-tt/
jumpuser@mTES-TT-jump-vm:/export/mtes-tt$ ll
total 12
drwxr-xr-x 3 root root 4096 May  4 17:32 ./
drwxr-xr-x 3 root root 4096 May  4 17:32 ../
drwxr-xr-x 3 root root 4096 May  4 17:32 homes/

I am not deploying LDAP since I will use SCIM instead, so the site default.yaml only contains the sabot information and the config to disable LDAP.

These are the relevant config lines in the ansible-vars.yaml:

## Jump Server: https://github.com/sassoftware/viya4-deployment/blob/main/docs/CONFIG-VARS.md#jump-server
# JUMP_SVR_HOST: # automatically parsed and pulled from the IAC tfstate

## NFS
#JUMP_SVR_RWX_FILESTORE_PATH # not used since the IAC created `/viya-share/pvs`

## Storage 
V4_CFG_MANAGE_STORAGE: true # used IAC to create NFS and mount to jump-vm

Grafana and Kibana creds

Need to support generating password for grafana and kibana. Also, let the user override if desired.

Change order of deployment task execution

This project appears to deploy things in a set order of: baseline, viya, cluster-logging, cluster-monitoring, viya-monitoring. I’d like to suggest you deploy things in a slightly different order. In order to allow admins to use the Viya 4 Monitoring for Kubernetes tools to monitor (and, potentially, debug) the Viya deployment process, I suggest things be deployed in the order of: baseline, cluster-logging, cluster-monitoring, viya, viya-monitoring. I understand admins can control the deployment order by running the deployment command multiple times with different tasks identified in each. But, if an admin specified all of the tasks, I think the revised order would provide a better user-experience.

Add the ability to change helm chart versions for open source software via ansible variables

This is a todo item we have discussed before. If we wish to use a different version of say cert-manager or nginx it requires extra manual work on the part of the end user. We can either directly modify the viya4-deployment code prior to running it to specify an alternate version or run viya4-deployment with baseline only and then manually upgrade the software on our own.

It would be very helpful if we could specify a different helm chart or software version via an ansible variable.

If you already pre-downloaded the deployment asset, do you still need to specify SAS API credentials?

My understanding is the SAS Orders API is used to download deployment assets, certificates, and license files.

So if you already pre-downloaded the deployment asset and specify it with V4_CFG_DEPLOYMENT_ASSETS option, do you still need the SAS API credentials? Are they used somewhere else?

The SAS API option V4_CFG_SAS_API_KEY and V4_CFG_SAS_API_SECRET has a required flag, so I wonder if it's necessary regardless if you're using pre-downloaded asset or not.

Do not reload the assets if already present

Hi,

Can you add a feature that checks that the assets archive file of the requested version is already present in the namespace directory?
If yes then skip the steps which download it again from the orders api, delete existing sas-bases and unarchive the file.
I am running this tool in Azure Shell and it takes a lot of time for these steps which are unnecessary if I redeploy the same version multiple times.

These steps:
assets - Download
assets - Remove old files
assets - Extract downloaded assets
In https://github.com/sassoftware/viya4-deployment/blob/main/roles/vdm/tasks/assets.yaml

What to put into LOADBALANCER_SOURCE_RANGES in ansible-vars.yaml

I am confused by the instructions ... in the file, /home/jumpuser/viya4-deployment/ansible-vars.yaml which was copied from /home/jumpuser/viya4-deployment/examples/ansible-vars-iac.yaml

Should I put the value from the IAC tf apply command output:
nat_ip = 52.188.xxx.xxx

into line 6:
LOADBALANCER_SOURCE_RANGES: ['52.188.xxx.xxx/32']

Homes permission in NFS

Hi,

I created a cluster with storage_type='standard' (nfs vm).
Deployed viya4 with this tool.
Then set identifier.homeDirectoryPrefix in identities to /mnt/viya-share/homes.
On first connect to the SAS Studio compute context the home directory gets created in the nfs share but the permissions are:
drwxr-xr-x. root root.
Because of this the user cannot write anything to their home.
I have tried setting up sssd on the nfs vm - didn't help.
Maybe some mount options on the storage class will resolve this?
How is the homes mount supposed to be used?

Thank you.

Site-config parser json syntax

The site-config kustomization parser checks for unlisted files via a simple regex. This fails when files are written as
resources: ['file1','file2']
instead of
resources:

  • file1
  • file2

The parser should instead parse the kustimation as yaml to do the checks properly

Load Balancer NAT Did not Auto-Parse and Use

According to the main page readme, the value for the Cloud NAT IP address should be automatically parsed and used.

The following line did not work in the ansible-vars.yaml and produced the following error:

#LOADBALANCER_SOURCE_RANGES: ['x.x.x.x/32'] # but this did not automatically parse and pull from the IAC tfstate

Error:
TASK [ingress-nginx : Deploy ingress-nginx] ************************************
fatal: [localhost]: FAILED! => {"msg": "The task includes an option with an undefined variable. The error was: {'controller': {'service': {'externalTrafficPolicy': 'Local', 'sessionAffinity': 'None', 'loadBalancerSourceRanges': '{{ loadBalancerSourceRanges }}'}, 'config': {'use-forwarded-headers': 'true'}, 'tcp': {}, 'udp': {}, 'lifecycle': {'preStop': {'exec': {'command': ['/bin/sh', '-c', 'sleep 5; /usr/local/nginx/sbin/nginx -c /etc/nginx/nginx.conf -s quit; while pgrep -x nginx; do sleep 1; done']}}}, 'terminationGracePeriodSeconds': 600}}: {{ LOADBALANCER_SOURCE_RANGES }}: 'LOADBALANCER_SOURCE_RANGES' is undefined\n\nThe error appears to be in '/viya4-deployment/roles/ingress-nginx/tasks/main.yml': line 2, column 3, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n---\n- name: Deploy ingress-nginx\n  ^ here\n"}

PLAY RECAP *********************************************************************
localhost                  : ok=24   changed=3    unreachable=0    failed=1    skipped=6    rescued=0    ignored=0

In order to get past the error, I had to paste the following output from the CLI response from the tf apply -auto-approve:
nat_ip = 20.42.xxx.xxx

Modifiable Storage Class reclaimPolicy

Greetings,

I was wondering if an enhancement could be made to choose the "sas" StorageClass reclaimPolicy via a variable. There will be times when Retain will be the desired policy, and it would be convenient to set it here.

Thanks for the help! -Michael

"kustomize - Generate deployment manifest" task fails in orders containing SAS Workload Management

When an order contains SAS Workload Management, the playbook fails when generating the deployment manifest.

The issue occurs because sas-storageclass.yaml (https://github.com/sassoftware/viya4-deployment/blob/7e89b16edc7369683422b1950dd57a261be320b3/roles/vdm/templates/transformers/sas-storageclass.yaml) attempts to add a Storage Class name to the volumeClaimTemplate for every Stateful Set.

However the sas-workload-orchestrator Stateful Set that comes with SAS Workload Management does not contain a volumeClaimTemplate attribute, leading to a build error;

Error: failed to apply json patch '- op: add
  path: /spec/volumeClaimTemplates/0/spec/storageClassName
  value: sas': add operation does not apply: doc is missing path: "/spec/volumeClaimTemplates/0/spec/storageClassName": missing value

A possible workaround, that I have tested, would be to explicitly exclude sas-workload-orchestrator using an annotation selector;

apiVersion: builtin
kind: PatchTransformer
metadata:
  name: sas-ss-storageclass
patch: |-
  - op: add
    path: /spec/volumeClaimTemplates/0/spec/storageClassName
    value: sas
target:
  group: apps
  kind: StatefulSet
  annotationSelector: sas.com/component-name != sas-workload-orchestrator

failure when trying to uninstall Viya in the GKE cluster

My deployment worked well using the docker command:

docker container run -it \
    -v $HOME/jumphost/workspace/deploy:/data \
    -v $HOME/jumphost/workspace/.kubeconfig_gke:/config/kubeconfig \
    -v $HOME/jumphost/workspace/gel-vars.yaml:/config/config \
    -v $HOME/jumphost/workspace/gel-vars.tfstate:/config/tfstate \
    viya4-deployment \
    --tags "baseline,viya,install"

, but when I tried to undeploy with:

docker container run -it \
    -v $HOME/jumphost/workspace/deploy:/data \
    -v $HOME/jumphost/workspace/.kubeconfig_gke:/config/kubeconfig \
    -v $HOME/jumphost/workspace/gel-vars.yaml:/config/config \
    -v $HOME/jumphost/workspace/gel-vars.tfstate:/config/tfstate \
    viya4-deployment \
    --tags "baseline,viya,uninstall"

I get a failure of the playbook:

TASK [vdm : Remove Viya] *********************************************************************************************************************************************************************
fatal: [localhost]: FAILED! => {"changed": true, "cmd": "kubectl --kubeconfig /config/kubeconfig delete -n viya4gcp -f /data/raphpoumarv4fa-gke/viya4gcp/site.yaml\n", "delta": "0:00:37.798789", "end": "2021-05-11 09:56:40.976912", "msg": "non-zero return code", "rc": 1, "start": "2021-05-11 09:56:03.178123", "stderr": "warning: deleting cluster-scoped resources, not scoped to the provided namespace\nError from server (NotFound): error when deleting \"/data/raphpoumarv4fa-gke/viya4gcp/site.yaml\": secrets \"sas-certframe-token\" not found\nError from server (NotFound): error when deleting \"/data/raphpoumarv4fa-gke/viya4gcp/site.yaml\": secrets \"sas-crunchy-data-postgres-tls-secret\" not found\nError from server (NotFound): error when deleting \"/data/raphpoumarv4fa-gke/viya4gcp/site.yaml\": jobs.batch \"sas-commonfiles\" not found\nError from server (NotFound): error when deleting \"/data/raphpoumarv4fa-gke/viya4gcp/site.yaml\": the server could not find the requested resource (delete certificates.cert-manager.io sas-viya-ca-certificate)\nError from server (NotFound): error when deleting \"/data/raphpoumarv4fa-gke/viya4gcp/site.yaml\": the server could not find the requested resource (delete issuers.cert-manager.io sas-viya-issuer)\nError from server (NotFound): error when deleting \"/data/raphpoumarv4fa-gke/viya4gcp/site.yaml\": the server could not find the requested resource (delete issuers.cert-manager.io sas-viya-selfsigning-issuer)\nError from server (NotFound): error when deleting \"/data/raphpoumarv4fa-gke/viya4gcp/site.yaml\": the server could not find the requested resource (delete pgclusters.crunchydata.com sas-crunchy-data-postgres)\nError from server (NotFound): error when deleting \"/data/raphpoumarv4fa-gke/viya4gcp/site.yaml\": the server could not find the requested resource (delete espconfigs.iot.sas.com sas-esp-operator)\nError from server (NotFound): error when deleting \"/data/raphpoumarv4fa-gke/viya4gcp/site.yaml\": ingresses.networking.k8s.io \"sas-model-publish\" not found\nError from server (NotFound): error when deleting \"/data/raphpoumarv4fa-gke/viya4gcp/site.yaml\": ingresses.networking.k8s.io \"sas-model-repository\" not found\nError from server (NotFound)

Thanks

Successful install but pods crashing.

ansible-playbook -e BASE_DIR=$HOME/project/viya4-deployment -e CONFIG=$HOME/project/viya4-deployment/ansible-vars.yaml -e TFSTATE=$HOME/project/viya4-iac-azure/terraform.tfstate -e JUMP_SVR_PRIVATE_KEY=$HOME/.ssh/id_rsa playbooks/playbook.yaml --tags "baseline,viya,install"

pod-describe
pods-crashing
what we are missing here!!!
vents:
Type Reason Age From Message

Normal Scheduled 9m35s default-scheduler Successfully assigned viya4-frg-v1/sas-analytics-components-65cf89944f-pqcbj to aks-stateless-38049675-vmss000000
Normal Pulling 9m32s kubelet Pulling image "cr.sas.com/viya-4-x64_oci_linux_2-docker/sas-certframe:3.7.2-20201208.1607438373197"
Normal Pulled 9m1s kubelet Successfully pulled image "cr.sas.com/viya-4-x64_oci_linux_2-docker/sas-certframe:3.7.2-20201208.1607438373197" in 31.323353552s
Normal Pulled 8m19s (x3 over 8m59s) kubelet Container image "cr.sas.com/viya-4-x64_oci_linux_2-docker/sas-certframe:3.7.2-20201208.1607438373197" already present on machine
Normal Started 8m18s (x4 over 9m1s) kubelet Started container sas-certframe
Normal Created 7m27s (x5 over 9m1s) kubelet Created container sas-certframe
Warning BackOff 5m33s (x12 over 8m57s) kubelet Back-off restarting failed container
NAME READY STATUS RESTARTS AGE
openldap-7d5d969849-t2mmz 1/1 Running 0 9m55s
sas-analytics-components-65cf89944f-pqcbj 0/1 Init:CrashLoopBackOff 6 9m55s
sas-analytics-events-5575d8c5cc-68ngv 0/1 Init:CrashLoopBackOff 6 9m55s
sas-analytics-services-2-59dd7d99c9-gs2jr 0/1 Init:CrashLoopBackOff 6 9m55s
sas-analytics-services-85dcc8d7d5-f7nqw 0/1 Init:CrashLoopBackOff 6 9m55s
sas-annotations-796bd475b4-lnfrz 0/1 Init:CrashLoopBackOff 6 9m55s
sas-app-registry-65486dcdbf-dlf89 0/1 Init:CrashLoopBackOff 6 9m55s
sas-arke-85d8d9b644-8v6zm 0/1 Init:CrashLoopBackOff 6 9m54s
sas-audit-dd68f8d68-fsgzz 0/1 Init:CrashLoopBackOff 6 9m54s
sas-authorization-5476bb7464-jmdkp 0/1 Init:CrashLoopBackOff 6 9m54s
sas-batch-6757578745-zh85f 0/1 Init:CrashLoopBackOff 6 9m54s
sas-business-rules-services-79b7b59486-r55zn 0/1 Init:CrashLoopBackOff 6 9m54s
sas-cachelocator-0 0/1 Init:CrashLoopBackOff 6 9m50s
sas-cacheserver-0 0/1 Init:CrashLoopBackOff 6 9m50s
sas-cacheserver-1 0/1 Init:CrashLoopBackOff 6 9m50s
sas-cas-administration-599cb54b4c-rpvpw 0/1 Init:CrashLoopBackOff 6 9m54s
sas-cas-control-85f577f5cf-rqrp5 0/1 Init:CrashLoopBackOff 6 9m53s
sas-cas-operator-d48db9b5-x98lg 0/1 Init:CrashLoopBackOff 6 9m53s
sas-comments-76fd6bbcb6-2r9ck 0/1 Init:CrashLoopBackOff 6 9m53s
sas-compute-58c9b6b49b-z8nq8 0/1 Init:CrashLoopBackOff 6 9m53s
sas-config-reconciler-76fbd8668f-tqkgv 0/1 Init:CrashLoopBackOff 6 9m53s
sas-configuration-59dd578765-9clhb 0/1 Init:CrashLoopBackOff 6 9m52s
sas-connect-6b45dcc465-jbmqm 0/1 Init:CrashLoopBackOff 6 9m52s
sas-connect-spawner-c5d5c85b6-hlzfl 0/1 Init:CrashLoopBackOff 6 9m52s
sas-consul-server-0 0/1 Init:CrashLoopBackOff 6 9m50s
sas-consul-server-1 0/1 Init:CrashLoopBackOff 6 9m50s
sas-consul-server-2 0/1 Init:CrashLoopBackOff 6 9m50s
sas-conversation-designer-app-746c87c6c-8zmnt 0/1 Init:CrashLoopBackOff 6 9m52s
sas-credentials-7b9659949c-rqllc 0/1 Init:CrashLoopBackOff 6 9m52s
sas-crossdomainproxy-85bcdcdd8d-9rfg8 0/1 Init:CrashLoopBackOff 6 9m52s
sas-data-explorer-app-97f7cb46b-x7c9n 0/1 Init:CrashLoopBackOff 6 9m51s
sas-data-flows-6b76cb9c59-rqkjv 0/1 Init:CrashLoopBackOff 6 9m51s
sas-data-mining-models-5bc48d9cd7-sb944 0/1 Init:CrashLoopBackOff 6 9m51s
sas-data-mining-project-settings-794c55ff88-gnxgc 0/1 Init:CrashLoopBackOff 6 9m51s
sas-data-mining-results-dcdf7679d-wb7zj 0/1 Init:CrashLoopBackOff 6 9m51s
sas-data-mining-services-774c856b5d-mncl8 0/1 Init:CrashLoopBackOff 6 9m50s
sas-data-plans-5cf448bd66-rtct5 0/1 Init:CrashLoopBackOff 6 9m50s
sas-data-profiles-65fc95dcc4-t4gq4 0/1 Init:CrashLoopBackOff 6 9m50s
sas-data-quality-services-86bb4679b7-t5k5f 0/1 Init:CrashLoopBackOff 6 9m50s
sas-data-server-utility-7698c66768-49lk5 0/1 Init:CrashLoopBackOff 6 9m50s
sas-data-sources-97d8f56dd-g9nxp 0/1 Init:CrashLoopBackOff 6 9m49s
sas-data-studio-app-588fd4fdb8-svrf7 0/1 Init:CrashLoopBackOff 6 9m49s
sas-decision-manager-app-7bcbf9dfb7-nsphp 0/1 Init:CrashLoopBackOff 6 9m49s
sas-decisions-definitions-68bc75b446-jbnqt 0/1 Init:CrashLoopBackOff 6 9m48s
sas-deployment-data-84fbddbdc6-5lhxg 0/1 Init:CrashLoopBackOff 6 9m48s
sas-device-management-8596d998df-jklpn 0/1 Init:CrashLoopBackOff 6 9m48s
sas-drive-app-56f89fc5f-f62wm 0/1 Init:CrashLoopBackOff 6 9m48s
sas-environment-manager-app-6c4f656898-grx2x 0/1 Init:CrashLoopBackOff 6 9m48s
sas-esp-operator-8c5f5cb89-z6w62 0/1 Init:CrashLoopBackOff 6 9m48s
sas-event-stream-manager-app-66c675d7-s8j8n 0/1 Init:CrashLoopBackOff 6 9m47s
sas-event-stream-processing-metering-app-7bc945c68f-42x2k 0/1 Init:CrashLoopBackOff 6 9m47s
sas-event-stream-processing-streamviewer-app-55cbd67d9f-8h4bt 0/1 Init:CrashLoopBackOff 6 9m47s
sas-event-stream-processing-studio-app-76f7588b87-78nvt 0/1 Init:CrashLoopBackOff 6 9m47s
sas-files-59f9fd4777-hqq9j 0/1 Init:CrashLoopBackOff 6 9m47s
sas-folders-75b5b6575b-97t8h 0/1 Init:CrashLoopBackOff 6 9m46s
sas-fonts-7dd69b8c5c-xk9qf 0/1 Init:CrashLoopBackOff 6 9m46s
sas-forecasting-comparison-8494bd4587-7ftw5 0/1 Init:CrashLoopBackOff 6 9m46s
sas-forecasting-events-6b8846f57f-t5hzr 0/1 Init:CrashLoopBackOff 6 9m46s
sas-forecasting-exploration-5b7b4bc6dd-676x4 0/1 Init:CrashLoopBackOff 6 9m46s
sas-forecasting-filters-58578b746b-2vv4p 0/1 Init:CrashLoopBackOff 6 9m46s
sas-forecasting-pipelines-6d9b9d7484-bxlql 0/1 Init:CrashLoopBackOff 6 9m45s
sas-forecasting-services-6fb7fbd4d6-5twtj 0/1 Init:CrashLoopBackOff 6 9m45s
sas-geo-enrichment-774cc4988d-z66b2 0/1 Init:CrashLoopBackOff 6 9m45s
sas-graph-builder-app-689f984c97-9nw7v 0/1 Init:CrashLoopBackOff 6 9m45s
sas-graph-templates-847f8689f9-xwszh 0/1 Init:CrashLoopBackOff 6 9m45s
sas-identities-5949c48777-vt4cp 0/1 Init:CrashLoopBackOff 6 9m44s
sas-import-9-679cccdfdd-vrdgh 0/1 Init:CrashLoopBackOff 6 9m44s
sas-job-execution-76897467ff-wt7w2 0/1 Init:CrashLoopBackOff 6 9m44s
sas-job-execution-app-cb5fd86c5-c5ks2 0/1 Init:CrashLoopBackOff 6 9m44s
sas-job-flow-scheduling-678f5b797-tzd8t 0/1 Init:CrashLoopBackOff 6 9m44s
sas-launcher-596c8c7d94-zjjk8 0/1 Init:CrashLoopBackOff 6 9m43s
sas-lineage-app-5d47b599f4-b6r9k 0/1 Init:CrashLoopBackOff 6 9m43s
sas-links-6f64c767-nfwv2 0/1 Init:CrashLoopBackOff 6 9m43s
sas-localization-6489d57c45-f9tv4 0/1 Init:CrashLoopBackOff 6 9m43s
sas-logon-app-764795d975-t5ff6 0/1 Init:CrashLoopBackOff 6 9m43s
sas-mail-86759b6647-nng2t 0/1 Init:CrashLoopBackOff 6 9m43s
sas-maps-5689cb79c9-m94xs 0/1 Init:CrashLoopBackOff 6 9m42s
sas-microanalytic-score-66db4d8f5d-f6rvv 0/1 Init:CrashLoopBackOff 6 9m42s
sas-model-management-749f985c95-dkkxw 0/1 Init:CrashLoopBackOff 6 9m42s
sas-model-manager-app-5985f9c7fd-jtkq5 0/1 Init:CrashLoopBackOff 6 9m42s
sas-model-publish-5b8b97d7d6-z6rcl 0/1 Init:CrashLoopBackOff 6 9m42s
sas-model-repository-5c8cfdd44c-xwtms 0/1 Init:CrashLoopBackOff 6 9m41s
sas-model-studio-app-77b95bf6bb-nn688 0/1 Init:CrashLoopBackOff 6 9m41s
sas-natural-language-conversations-6fbd46688f-x7pf8 0/1 Init:CrashLoopBackOff 6 9m41s
sas-natural-language-generation-6686b5779d-mmhfh 0/1 Init:CrashLoopBackOff 6 9m41s
sas-natural-language-understanding-f577bb4c8-5rswd 0/1 Init:CrashLoopBackOff 6 9m41s
sas-notifications-5c4cb6698f-vdsg5 0/1 Init:CrashLoopBackOff 6 9m40s
sas-preferences-7b4cc548-nb8t8 0/1 Init:CrashLoopBackOff 6 9m40s
sas-prepull-6p5vg 0/1 Init:ImagePullBackOff 0 9m46s
sas-projects-5b9789cf59-cqvlw 0/1 Init:CrashLoopBackOff 6 9m40s
sas-rabbitmq-server-0 0/1 Init:CrashLoopBackOff 6 9m50s
sas-rabbitmq-server-1 0/1 Init:CrashLoopBackOff 6 9m50s
sas-rabbitmq-server-2 0/1 Init:CrashLoopBackOff 6 9m50s
sas-readiness-749b97b9dc-c4mfx 0/1 Init:CrashLoopBackOff 6 9m40s
sas-relationships-78964b7d7c-z49mc 0/1 Init:CrashLoopBackOff 6 9m40s
sas-report-distribution-7b979df8d9-l69xz 0/1 Init:CrashLoopBackOff 6 9m39s
sas-report-execution-f48dbd5ff-5f7bw 0/1 Init:CrashLoopBackOff 6 9m39s
sas-report-renderer-b4b6b7487-zbq5v 0/1 Init:CrashLoopBackOff 6 9m39s
sas-report-services-group-595ff5bdfb-8pstj 0/1 Init:CrashLoopBackOff 6 9m39s
sas-scheduler-5c5794c77f-76sjz 0/1 Init:CrashLoopBackOff 6 9m39s
sas-score-definitions-68cc67c479-pwlwv 0/1 Init:CrashLoopBackOff 6 9m38s
sas-score-execution-9fb6ddf55-w67m5 0/1 Init:CrashLoopBackOff 6 9m38s
sas-search-64d6f9699d-tmzkm 0/1 Init:CrashLoopBackOff 6 9m38s
sas-studio-app-fb4d6f488-59x95 0/1 Init:CrashLoopBackOff 6 9m38s
sas-subject-contacts-7458f75b4c-7tkjx 0/1 Init:CrashLoopBackOff 6 9m38s
sas-templates-59c6c6588d-8fn58 0/1 Init:CrashLoopBackOff 6 9m37s
sas-text-analytics-67bc677c44-hjcwj 0/1 Init:CrashLoopBackOff 6 9m37s
sas-text-cas-data-management-776b9dd85c-gslx2 0/1 Init:CrashLoopBackOff 6 9m37s
sas-text-categorization-7bf7dcd44b-pdg4v 0/1 Init:CrashLoopBackOff 6 9m37s
sas-text-concepts-84f579ff95-g64zm 0/1 Init:CrashLoopBackOff 6 9m37s
sas-text-parsing-55df7fd5bd-lbk2k 0/1 Init:CrashLoopBackOff 6 9m37s
sas-text-sentiment-7496c5d875-g4j7f 0/1 Init:CrashLoopBackOff 6 9m36s
sas-text-topics-6b49568748-xlh9c 0/1 Init:CrashLoopBackOff 6 9m36s
sas-theme-content-77f58dcd7b-22zx4 0/1 Init:CrashLoopBackOff 6 9m36s
sas-theme-designer-app-79dbf9bb49-8zqh7 0/1 Init:CrashLoopBackOff 6 9m36s
sas-themes-8b8f7fb89-ddkgp 0/1 Init:CrashLoopBackOff 6 9m36s
sas-thumbnails-66bbfcfd6-dbw4s 0/1 Init:CrashLoopBackOff 6 9m35s
sas-topic-management-9748f7fc4-r8shl 0/1 Init:CrashLoopBackOff 6 9m35s
sas-transfer-58d75dfb49-qs5h5 0/1 Init:CrashLoopBackOff 6 9m35s
sas-transformations-5c8bbc9768-nt5cn 0/1 Init:CrashLoopBackOff 6 9m35s
sas-types-896c895bf-dpc9d 0/1 Init:CrashLoopBackOff 6 9m35s
sas-visual-analytics-administration-856b759f4f-5hdfg 0/1 Init:CrashLoopBackOff 6 9m34s
sas-visual-analytics-app-5bd959bc47-vccrr 0/1 Init:CrashLoopBackOff 6 9m34s
sas-web-data-access-f65b58989-47cx9 0/1 Init:CrashLoopBackOff 6 9m34s
sas-workflow-7d4cf68d64-d2pxq 0/1 Init:CrashLoopBackOff 6 9m34s
sas-workflow-definition-history-77c79b5bfc-xdxbn 0/1 Init:CrashLoopBackOff 6 9m34s
sas-workflow-manager-app-6bbd577b57-l9b4d 0/1 Init:CrashLoopBackOff 6 9m33s
root@henmo:~/project/viya4-deployment#

VARIABLES file:

root@henmo:~/project/viya4-deployment# cat ansible-vars.yaml

Cluster

NAMESPACE: viya4-frg-v1

MISC

DEPLOY: true # Set to false to stop at generating the manifest
LOADBALANCER_SOURCE_RANGES: ['0.0.0.0/0']

Storage

V4_CFG_MANAGE_STORAGE: true

SAS API Access

V4_CFG_SAS_API_KEY: 'XXX'
V4_CFG_SAS_API_SECRET: 'XXX'
V4_CFG_ORDER_NUMBER: 'XXXX'

CR Access

#V4_CFG_CR_USER: <container_registry_user>
#V4_CFG_CR_PASSWORD: <container_registry_password>

Ingress

V4_CFG_INGRESS_TYPE: ingress
#V4_CFG_INGRESS_FQDN: <desired_fqdn>
V4_CFG_INGRESS_FQDN: viya4_frg.ingress.endpoint
V4_CFG_TLS_MODE: "full-stack" # [full-stack|front-door|disabled]

Postgres

V4_CFG_POSTGRES_TYPE: external #[internal|external]

LDAP

V4_CFG_EMBEDDED_LDAP_ENABLE: true

Consul UI

V4_CFG_CONSUL_ENABLE_LOADBALANCER: false

SAS/CONNECT

V4_CFG_CONNECT_ENABLE_LOADBALANCER: false

##VIYA ORDER - Henry - We can leave this alone and ansible will download if left blank

Or we can fill in since we already downloaded deployment assets

#V4_CFG_ORDER_NUMBER:
#V4_CFG_CADENCE_NAME:
#V4_CFG_CADENCE_VERSION:

Monitoring and Logging

uncomment and update the below values when deploying the viya4-monitoring-kubernetes stack

#V4M_BASE_DOMAIN: <base_domain>

Fix CAS external binary ports

The cas external service overlay is missing the following patch

  - op: add
    path: /spec/publishBinaryService
    value: true

Kibana https backend

Need to add the annotation "nginx.ingress.kubernetes.io/backend-protocol: HTTPS" to kibana helm config in the monitoring role

Capture and announce error when failing to build ingress rules

I screwed up with naming an env var and inadvertently directed viya4-deployment to build Ingress rules referring to a malformed DNS name.

Error from server (Invalid): error when creating "site.yaml": Ingress.extensions "sas-theme-designer-app" is invalid: 
[spec.rules[0].host: Invalid value: ".gelsandbox.aws.unx.sas.com": a DNS-1123 subdomain must consist of lower case 
alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used 
for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*'), spec.tls[0].hosts[0]: Invalid value: 
".gelsandbox.aws.unx.sas.com": a DNS-1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and 
must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-
z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*')]

If I run kubectl apply directly, I can watch it generate 100+ error messages about this problem. However, Ansible (as directed by viya4-deployment) gave no hint at all about the problem. Its play recap mentions zero errors. From past experience, I understand that a zero error Ansible run doesn't equal a perfectly sound deployment. But scores of error messages about a critical infrastructure component should probably be captured and announced.

It took a while to run it down. After completing the failed deployment, the key symptom is that none of the Viya pods start (stuck initializing, crash loop backoff). Digging into them, certframe complains it cannot find "sas-ingress-certificate" (HTTP 404 error). And sure enough, that secret doesn't exist. But the real clue was noticing that none of the ingress rules exist.

"kustomize - Generate deployment manifest" task fails in orders containing SAS Model Risk Management

When I tried to deploy an order which including SAS Model Risk Management, I got below error:

"msg": "non-zero return code",
    "rc": 1,
    "start": "2021-08-09 12:13:23.185705",
    "stderr": "Error: failed to apply json patch '- op: add\n  path: /spec/volumeClaimTemplates/0/spec/storageClassName\n  value: sas': add operation does not apply: doc is missing path: \"/spec/volumeClaimTemplates/0/spec/storageClassName\": missing value",
    "stderr_lines": [
        "Error: failed to apply json patch '- op: add",
        "  path: /spec/volumeClaimTemplates/0/spec/storageClassName",
        "  value: sas': add operation does not apply: doc is missing path: \"/spec/volumeClaimTemplates/0/spec/storageClassName\": missing value"
    ],

When I checked opensource K8S deployment including SAS Model Risk Management, I see this new statefulset was created:

bash-4.4$ k -n trs get statefulsets | grep risk
sas-risk-cirrus-search      1/1     33h

And these PVCs were added:

sas-risk-cirrus-builder                               Bound    pvc-174a58a0-f186-486c-b581-ae704fd3ae3e   2Gi        RWX            nfs-client     33h
sas-risk-cirrus-search-data                           Bound    pvc-978d768f-aac0-44f7-9d18-d342e62df812   2Gi        RWX            nfs-client     33h

Variables information

I have deployed kubernetes using IAC in Azure, now I want to deploy Viya sas using ansible. One of the required variables is

V4_CFG_ORDER_NUMBER | SAS order number | string |   | true |   | viya
Where do i get this SAS order NUmber???
this is what i downloaded from SAS
root@henmo:/software# ls -l
total 872
drwxr-xr-x 3 root root 4096 Jul 21 22:05 Viya4_2020.1.5
-rwx------ 1 root root 887458 Jul 21 21:57 Viya4_2020.1.5.zip
root@henmo:/software# cd Viya4_2020.1.5/
root@henmo:~/software/Viya4_2020.1.5# ls -l
total 1208
-rw-r--r-- 1 root root 811795 May 14 12:37 SASViyaV4_9CJ2PL_1_stable_2020.1.5_20210514.1620994953000_deploymentAssets_2021-05-14T163626.tgz
-rw-r--r-- 1 root root 34953 May 14 12:38 SASViyaV4_9CJ2PL_1_stable_2020.1.5_license_2021-05-14T163319.jwt
-rw-r--r-- 1 root root 4210 May 14 12:38 SASViyaV4_9CJ2PL_certs.zip
-rw-r--r-- 1 root root 371817 May 14 12:57 viya4-9cj2pl-toc.html

Add configmap for mirrors

The following configmap generator needs to be added when using a mirror:

configMapGenerator:

  • name: input
    behavior: merge
    literals:
    • IMAGE_REGISTRY={{ REGISTRY-HOST }}:{{ REGISTRY-PORT }}/{{ REGISTRY-NAMESPACE }}

Error deploying the Cluster-Monitoring

Hello Experts,

I used the viya4-iac to deploy the infrastructure and now im using the viya4-deployment to deploy the whole new 2020.1.5 SAS Version. Unfurtunately i got an Error during the Deployment of the monitoring parts.

I think this tasks run into an timeout but im not 100% sure. Can you please help me out here?

`TASK [monitoring : cluster-monitoring - deploy] ********************************
fatal: [localhost]: FAILED! => {"changed": true, "cmd": "/tmp/ansible._q1dqpdw/viya4-monitoring-kubernetes/monitoring/bin/deploy_monitoring_cluster.sh", "delta": "0:20:39.446237", "end": "2021-05-18 13:33:11.933409", "msg": "non-zero return code", "rc": 1, "start": "2021-05-18 13:12:32.487172", "stderr": "Error: release v4m-prometheus-operator failed, and has been uninstalled due to atomic being set: timed out waiting for the condition", "stderr_lines": ["Error: release v4m-prometheus-operator failed, and has been uninstalled due to atomic being set: timed out waiting for the condition"], "stdout": "Helm client version: 3.5.4\nKubernetes client version: v1.18.8\nKubernetes server version: v1.18.14\n\nDeploying monitoring to the [monitoring] namespace...\nAdding [stable] helm repository\n"stable" has been added to your repositories\nAdding [prometheus-community] helm repository\n"prometheus-community" has been added to your repositories\nUpdating helm repositories...\nHang tight while we grab the latest from your chart repositories...\n...Successfully got an update from the "prometheus-community" chart repository\n...Successfully got an update from the "stable" chart repository\nUpdate Complete. ⎈Happy Helming!⎈\nUpdating Prometheus Operator custom resource definitions\ncustomresourcedefinition.apiextensions.k8s.io/alertmanagerconfigs.monitoring.coreos.com configured\ncustomresourcedefinition.apiextensions.k8s.io/alertmanagers.monitoring.coreos.com configured\ncustomresourcedefinition.apiextensions.k8s.io/podmonitors.monitoring.coreos.com configured\ncustomresourcedefinition.apiextensions.k8s.io/prometheuses.monitoring.coreos.com configured\ncustomresourcedefinition.apiextensions.k8s.io/prometheusrules.monitoring.coreos.com configured\ncustomresourcedefinition.apiextensions.k8s.io/servicemonitors.monitoring.coreos.com configured\ncustomresourcedefinition.apiextensions.k8s.io/thanosrulers.monitoring.coreos.com configured\ncustomresourcedefinition.apiextensions.k8s.io/probes.monitoring.coreos.com configured\nProvisioning TLS-enabled Prometheus datasource for Grafana...\nconfigmap "grafana-datasource-prom-https" deleted\nconfigmap/grafana-datasource-prom-https created\nconfigmap/grafana-datasource-prom-https labeled\nEnabling Prometheus node-exporter for TLS...\nconfigmap "node-exporter-tls-web-config" deleted\nconfigmap/node-exporter-tls-web-config created\nconfigmap/node-exporter-tls-web-config labeled\nUser response file: [/tmp/ansible._q1dqpdw/monitoring/user-values-prom-operator.yaml]\nDeploying the Kube Prometheus Stack. This may take a few minutes...\nInstalling via Helm...(Tue May 18 13:12:48 UTC 2021 - timeout 20m)\nRelease "v4m-prometheus-operator" does not exist. Installing it now.", "stdout_lines": ["Helm client version: 3.5.4", "Kubernetes client version: v1.18.8", "Kubernetes server version: v1.18.14", "", "Deploying monitoring to the [monitoring] namespace...", "Adding [stable] helm repository", ""stable" has been added to your repositories", "Adding [prometheus-community] helm repository", ""prometheus-community" has been added to your repositories", "Updating helm repositories...", "Hang tight while we grab the latest from your chart repositories...", "...Successfully got an update from the "prometheus-community" chart repository", "...Successfully got an update from the "stable" chart repository", "Update Complete. ⎈Happy Helming!⎈", "Updating Prometheus Operator custom resource definitions", "customresourcedefinition.apiextensions.k8s.io/alertmanagerconfigs.monitoring.coreos.com configured", "customresourcedefinition.apiextensions.k8s.io/alertmanagers.monitoring.coreos.com configured", "customresourcedefinition.apiextensions.k8s.io/podmonitors.monitoring.coreos.com configured", "customresourcedefinition.apiextensions.k8s.io/prometheuses.monitoring.coreos.com configured", "customresourcedefinition.apiextensions.k8s.io/prometheusrules.monitoring.coreos.com configured", "customresourcedefinition.apiextensions.k8s.io/servicemonitors.monitoring.coreos.com configured", "customresourcedefinition.apiextensions.k8s.io/thanosrulers.monitoring.coreos.com configured", "customresourcedefinition.apiextensions.k8s.io/probes.monitoring.coreos.com configured", "Provisioning TLS-enabled Prometheus datasource for Grafana...", "configmap "grafana-datasource-prom-https" deleted", "configmap/grafana-datasource-prom-https created", "configmap/grafana-datasource-prom-https labeled", "Enabling Prometheus node-exporter for TLS...", "configmap "node-exporter-tls-web-config" deleted", "configmap/node-exporter-tls-web-config created", "configmap/node-exporter-tls-web-config labeled", "User response file: [/tmp/ansible._q1dqpdw/monitoring/user-values-prom-operator.yaml]", "Deploying the Kube Prometheus Stack. This may take a few minutes...", "Installing via Helm...(Tue May 18 13:12:48 UTC 2021 - timeout 20m)", "Release "v4m-prometheus-operator" does not exist. Installing it now."]}

PLAY RECAP *********************************************************************
localhost : ok=89 changed=24 unreachable=0 failed=1 skipped=45 rescued=0 ignored=0

Tuesday 18 May 2021 13:33:11 +0000 (0:20:39.599) 0:23:05.642 ***********

monitoring : cluster-monitoring - deploy ----------------------------- 1239.60s
vdm : manifest - deploy ------------------------------------------------ 75.55s
vdm : kustomize - Generate deployment manifest ------------------------- 28.93s
vdm : prereqs - cluster-local deploy ------------------------------------ 4.82s
vdm : prereqs - cluster-wide -------------------------------------------- 4.21s
vdm : copy - VDM generators --------------------------------------------- 3.09s
vdm : assets - Download ------------------------------------------------- 2.06s
vdm : assets - Get License ---------------------------------------------- 1.97s
vdm : copy - VDM transformers ------------------------------------------- 1.91s
monitoring : v4m - download --------------------------------------------- 1.80s
vdm : Download viya4-orders-cli ----------------------------------------- 1.25s
nfs-subdir-external-provisioner : Deploy nfs-subdir-external-provisioner --- 1.18s
cert-manager : Deploy cert-manager -------------------------------------- 1.00s
vdm : assets - Extract downloaded assets -------------------------------- 0.86s
nfs-subdir-external-provisioner : Remove deprecated efs-provisioner namespace --- 0.82s
metrics-server : Check for metrics service ------------------------------ 0.80s
jump-server : jump-server - lookup groups ------------------------------- 0.76s
vdm : Create namespace -------------------------------------------------- 0.73s
monitoring : cluster-monitoring - lookup creds -------------------------- 0.71s
Gathering Facts --------------------------------------------------------- 0.71s
`
Best Regards
Carsten

2 default storage class prevent sas-catalog-services to start

Hi there
I was testing a fully automated deployment of stable 2020.1.5 in GKE this morning and everything worked well, except the sas-catalog pod. It turned out that sas-opendistro-default had an issue because 2 storage classes are defined
image
When checking the storage class I see that, indeed both "sas" and "standard" SC have the "default" flag.
image

I modified the "sas" SC definition with storageclass.kubernetes.io/is-default-class: 'false', restarted the sas-opendistro-default statefulset, then the sas-catalog pod and the issue was solved.
Is it expected ? should we prevent the "sas" SC to become the default one, if there is already a default ?
Thanks

Add the V4M_LOG_NS and V4M_MON_NS variables

When deploying SAS Viya Monitoring for Kubernetes, it is great to be able to change the namespaces where logging and/or monitoring are deployed.
The default namespaces are monitoring and logging but these name are too generic and it will be great to be able to use namespaces of our choice, or deployed both cluster monitoring and logging in a single namespace.
This option is available when we deploy it manually.
Thanks in advance.

Insecure postgres setup

The postgres credentials are being stored into a configmap instead of just the secret. This needs to be removed as it is not needed for viya to function with external postgres clusters.

Container Registry tokens should not be mandatory

In the doc for registry access tokens, it says that those tokens are mandatory.

In the case of external orders, however, these tokens are embedded by default in the deployment assets and there is nothing special to do to access the images.

Ideally, if a user does not specify those tokens, we should just not build the cr_access.json file and not reference it in the kustomization.yaml. (I believe it's done here )

all pods crashing after successfull deployment

lookin at oone of the pods, kubectl logs does not show anything but describe shows.
Events:
Type Reason Age From Message

Normal Scheduled 16m default-scheduler Successfully assigned viya4-frg-v1/sas-logon-app-764795d975-ps8pb to aks-stateless-38049675-vmss000000
Normal Pulled 16m (x3 over 16m) kubelet Container image "cr.sas.com/viya-4-x64_oci_linux_2-docker/sas-certframe:3.7.2-20201208.1607438373197" already present on machine
Normal Started 16m (x3 over 16m) kubelet Started container sas-certframe
Normal Created 13m (x4 over 16m) kubelet Created container sas-certframe
Warning BackOff 62s (x56 over 16m) kubelet Back-off restarting failed container
root@henmo:~/project/viya4-deployment# kubectl describe pod sas-logon-app-764795d975-ps8pb -n viya4-frg-v1

RegEx Syntax issue in roles/vdm/defaults/main.yaml

Hello Experts!

I'm running this code and I seem to have run into a kind of syntax issue. Do you think you can review it?

The error appears to be in 'viya4-deployment/public/roles/vdm/defaults/main.yaml': line 15, column 60, but may
be elsewhere in the file depending on the exact syntax problem.

The offending line appears to be:

V4_CFG_CR_URL: https://cr.sas.com
V4_CFG_CR_HOST: "{{ V4_CFG_CR_URL | regex_replace('^https?://(.*)/?', '\1') }}"
^ here

adding sas-bases/overlays

Hi,

How do I add the overlays from sas-bases/overlays?
As I understand I cannot add them to the kustomization.yaml since it is autogenerated.
I copied them to site-config and modified a little so they would be picked up by viya4-deployment, but this means that I need to manually sync them when I update to new releases.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.