Getting SAS Software running on Arch Linux 64-bit

Recently, I’ve been looking to switch from Ubuntu to an alternative distro as the primary Linux platform for our Metacoda development/testing environments, where we also run SAS® software. I’ve run quite a few distros in my time including Slackware, RedHat (pre-Fedora), Fedora, Gentoo & Ubuntu. Ideally I’d like something lighter and perhaps a rolling release too: lighter, so more resources go to SAS; rolling release, because given the choice I prefer regular small upgrades to occasional big upgrades. One of the potential candidates is Arch Linux and so I’ve recently installed it, in a multi-boot configuration with the existing Ubuntu installation, to test it with our existing SAS installations. This is one of the things I love about running SAS on Linux. The SAS software gets installed and configured once and the underlying operating system can be completely upgraded or replaced without having to re-install SAS. It might just take the installation of a few libraries to get everything working again but that’s not much compared to the effort of re-installing and configuring our SAS 9.3 M2, SAS 9.3 M0, SAS 9.2 and SAS 9.1.3 SP4 dev/test environments.

These are the steps I needed to take to get the existing SAS software installation running on Arch Linux 64-bit. No changes were needed to the SAS deployments, it just required a few additional libraries to be added to the Arch installation. If you’re wondering why several SAS versions?, it’s because we need to test our Metacoda software with each of them. The SAS 9.3 and 9.2 installations are 64-bit and the older SAS 9.1.3 installation is 32-bit (so takes a bit more work).

SAS 9.3 (and 9.2)

After Arch had been installed and I’d mounted the SAS installation volume, I tried to run SAS 9.3 M2 first and got the following error: Continue reading “Getting SAS Software running on Arch Linux 64-bit”

SAS 9.3 Framework Data Server (and the missing license)

Whilst troubleshooting why my SAS 9.3 Framework Data Server wasn’t starting I discovered that, unlike Foundation SAS where the license (a.k.a. SID or setinit) is applied once a year, the SAS Framework Data Server requires the presence of a setinit.sas during every start up. Mine had been deleted. I’m not 100% sure how that came to be but I suspect it was probably one of two things: Continue reading “SAS 9.3 Framework Data Server (and the missing license)”

Running SAS on Ubuntu Linux: Dash to Bash

It happened to me again today … the Ubuntu dash-bash-default-shell-thing:

userid@hostname:~$ /opt/sas92/SASFoundation/9.2/sas
/bin/sh: 0: Illegal option -p
userid@hostname:~$ /opt/sas93/SASFoundation/9.3/sas
/bin/sh: 0: Illegal option -p

I encounter this every now and then. This time I was upgrading my notebook and it’s Ubuntu 64-bit installation to 12.10 and restoring SAS 9.2 & 9.3 installations from backup.

Several years ago the default shell symlink of /bin/sh to /bin/bash was changed to /bin/dash in Ubuntu. You can find out more about the reasoning behind Ubuntu’s switch from bash to dash here – it caused quite a bit of discussion when it happened.

The often suggested fix is to manually change the /bin/sh symlink, but there’s also a command to do it (which also fixes the associated man page symlink too):

Continue reading “Running SAS on Ubuntu Linux: Dash to Bash”

SAS Management Console over SSH

I was asked recently how to get SAS® Management Console to remotely access a SAS metadata server using SSH tunnels. In the absence of a VPN connection to your network, SSH can be an alternative for SAS Management Console access to a remote SAS metadata server.

I am a huge fan of SSH (Secure Shell). I have been using it several times a day for many years now. It’s great. If you haven’t heard of SSH before, take a look at the Wikipedia page for Secure Shell. Here’s a quote from the page that provides a nice intro/summary:

Secure Shell (SSH) is a network protocol for secure data communication, remote shell services or command execution and other secure network services between two networked computers that it connects via a secure channel over an insecure network.

Here are a couple of methods for using SAS Management Console over SSH:

1. Remote execution of SAS Management Console with X11 forwarding to the client

This method can be used when you are accessing a SAS platform installation on Linux or UNIX and have SSH client software and X server software on your remote workstation. Mac or Linux workstations are great for this since they usually have all the required software pre-installed. Windows can also be used if you obtain SSH client and X server software. I personally use Putty as an SSH client when I am working on Windows and would defintely recommend it. I have no specific recommendations for an X server on Windows since it’s been a long time since I’ve done X on Windows.

Assuming, as a SAS platform administrator, you have remote SSH access to the SAS metadata server machine then you can use SSH from your workstation to execute the SAS Management Console remotely and forward the X display to your client workstation.

Here’s an example command to do this:

ssh -X sasmeta.example.com /opt/sas93/SASManagementConsole/9.3/sasmc

Which means SSH connect, with X11 forwarding, to the machine sasmeta.example.com and then execute the SAS Management Console (/opt/sas93/SASManagementConsole/9.3/sasmc) on that remote machine sending the X windows back to the client workstation.

2. Local execution of SAS Management Console with SSH tunneling

SSH also allows you to configure a tunnel – a local port on your workstation that that forwards traffic to a designated server and port in the remote network. This tunnel can be used to make a remote service appear to be a local service. We can use it to make a remote SAS metadata server port appear to be on the local workstation so that a local installation of the SAS Management Console can connect to it as if it had a local metadata server.

Here’s an example command to do this:

ssh -L 8561:sasmeta.example.com:8561 sasmid.example.com

Which means SSH connect to the machine sasmid.example.com and establish a local machine port (8561) that forwards traffic to the remote host/port sasmeta.example.com:8561 accessible via sasmid.example.com. If you are not using public key authentication (recommended) then you will be prompted for a user id and password for the server. Once the connection is active, a local SAS Management Console can be started and will be able to access the remote SAS metadata server using a connection profile that connects to a metadata server on host/port localhost:8561. All traffic to this local port will be sent to the remote metadata server over the SSH tunnel.

Bear in mind that this only makes the metadata server port available on the local machine. So the local SAS Management Console instance can only access the metadata server. It doesn’t necessarily make the client fully functional as it may require additional connections to additional servers e.g. access to a SAS Object Spawner for a SAS Workspace Server session or a connection to the SAS Content Server. You could look into forwarding other ports and will also need to modify your local hosts file to redirect the remote host names found in metadata to the localhost interface. For anything more complex than pure metadata server access it would probably be easier and more robust to use a VPN connection (or remote access via something like X or RDP to remote network client workstations).

SAS & JBoss: Too Many Open Files

I’ve been seeing some ‘Too many open files‘ exceptions in the SAS® mid-tier JBoss logs on my Ubuntu Linux server. I was surprised about this because I remember during installation I had followed the guidance in the SAS documentation and increased the nofile limit. It turns out that verifying the ulimit from a normal console/ssh login was not sufficient, I should have also verified it from an su based login too.

These were the sorts of messages I was seeing in the JBoss logs:

2012-03-11 09:22:38,463 ERROR [org.apache.tomcat.util.net.JIoEndpoint] Socket accept failed
java.net.SocketException: Too many open files
...
2012-03-11 08:57:19,454 ERROR [org.apache.catalina.core.StandardContext] Error reading tld listeners java.io.FileNotFoundException: /opt/jboss-4.2.3.GA/server/SASServer3/work/jboss.web/localhost/SASBIDashboard/tldCache.ser (Too many open files)
...

There are some Pre-Installation Steps for JBoss for both SAS 9.3 and SAS 9.2 that should be followed during installation to avoid these errors. These were the instructions I had followed, but as you’ll see in a moment, it wasn’t quite enough for this (unsupported) Ubuntu installation.

The instructions specify to edit the /etc/security/limits.conf file directly. Rather than editing this main config file, where the settings might get forgotten or lost during an upgrade, I placed the settings I required for my SAS installation in their own dedicated config file: /etc/security/limits.d/sas.conf

# Increase the open file descriptors limit from the default of 1024 to 30720 for JBoss running web apps for SAS 9.2/9.3
* - nofile 30720

I knew that this had taken effect because I logged in, via ssh, to verify it as the sas user (I run JBoss as the sas user). Checking the ulimit I saw the following:

sas@server:~$ ulimit -Hn;ulimit -Sn
30720
30720

With nofile at 30270, how was it I was still getting ‘Too many open files‘ errors? After a quick session on Google I found a blog post suggesting the increased limits will only apply if the pam_limits PAM module is enabled.

Checking the /etc/pam.d/login file I could see the pam_limits line was already present and uncommented:
...
session required pam_limits.so
...

This made sense since the console/ssh login showed the expected numbers.

Google also led me to a stackoverflow question (how do i set hard and soft file limits for a non-root user at boot?). The answer provided there indicated that, for su commands, you also need to verify the pam_limits module is enabled in an additional su specific PAM config file, which on my machine was /etc/pam.d/su. My JBoss init script runs as root during system startup but uses su to run JBoss as the sas user. Looking in /etc/pam.d/su I could see that the pam_limits line was commented so perhaps that was the issue.

Before making the necessary changes, I verified the nofile ulimit for the sas user by running su as root:

root@server:~# su sas --login --command 'ulimit -Hn;ulimit -Sn'
1024
1024

Aha! It had the 1024 default rather then the increased value. It looked like this was indeed the problem. I uncommented the pam_limits line in /etc/pam.d/su and repeated the test:

root@server:~# su sas --login --command 'ulimit -Hn;ulimit -Sn'
30720
30720

It now shows the increased value as expected, so it looks like the problem’s fixed. I restarted JBoss and haven’t seen any ‘Too many open files‘ errors since.