Finding the SAS Viya 4 Consul Token

When you are working with the SAS® Viya® REST APIs you need to do a one-off registration process for your client using the Consul Token.

The SAS documentation for SAS REST APIs: Authentication & Authorization: Registering clients explains how to get access to the Consul client.token by looking in the file system at /opt/sas/viya/config/etc/SASSecurityCertificateFramework/tokens/consul/default/client.token

Now, SAS Viya 4 is based on Kubernetes and has lots of pods each with their own file system, so I was wondering where I’d locate this file. I started looking in the sas-login-app pod but didn’t find it there. Next stop was one of the sas-consul-server pods and that was where I found it (makes sense really, I should have started there!).

Now I know where to find it, in future I will use the following kubectl command to quickly print out the Consul client.token when I need it:

kubectl exec -q -n sasviyadev sas-consul-server-0 -c sas-consul-server -- cat /opt/sas/viya/config/etc/SASSecurityCertificateFramework/tokens/consul/default/client.token

… replacing sasviyadev with the name of the namespace in which SAS Viya 4 has been deployed.

After discovering the consul token using the method above I subsequently found a documented method in the SAS Viya Administration: Authentication: Additional Authentication Topics: Register a New Client ID

kubectl -n sasviyadev get secret sas-consul-client -o go-template='{{(index .data "CONSUL_HTTP_TOKEN")}}'| base64 -d

… so now I know two ways!

If you have any other helpful tips for locating the SAS Viya 4 Consul token please leave a comment below.

SAS Viya 4 (2021.1.2) with LDAPS to Windows 2012 R2

I recently installed a local copy of SAS Viya 4 (2021.1.2) in our Kubernetes lab environment and was trying to configure it to work with a test AD server, Windows 2012 R2. The AD server had been configured to only allow TLS (LDAPS) connections and so after the initial installation of SAS Viya I configured the SAS Identities service to use LDAPS, as explained in the SAS documentation.

Unfortunately it didn’t work at first. I was getting errors that turned out to be a TLS cipher mismatch between the client (SAS Identities service) and the server (Windows 2012 R2 AD). I was able to fix it using two methods:

  1. Re-enabling LDAP connections to AD and switching back from LDAPS to LDAP connections for the SAS Identities service (not preferred)
  2. Tweaking the configuration of the SAS Identities service to support a cipher that worked with Windows 2012 R2 AD (preferred)

Of course I could have also upgraded AD from Windows 2012 R2 to a more recent version, but that is a project for another day as I still want to continue working with the older version for the time being.

For future reference, and in case it helps anybody else, here are my notes Continue reading “SAS Viya 4 (2021.1.2) with LDAPS to Windows 2012 R2”

Installing SAS Viya 4 (2021.1.2) Locally

I have been wanting to get SAS® Viya 4 running locally on our lab hardware to further investigate the REST APIs, and having just finished the installation, I thought I’d jot down a few notes.

SAS Viya 4 has initially been released for the main cloud providers: Microsoft Azure (AKS) first, and now Amazon (EKS) and Google (GKE) too. I understand that RedHat OpenShift support will be coming later this year.

I’d heard it was also possible to get it running in a local on-premise Kubernetes (K8s) environment with some prep work Continue reading “Installing SAS Viya 4 (2021.1.2) Locally”

SAS Management Console on HiDPI Windows 10 Revisited

It has been a few years since I posted SAS Management Console on HiDPI Windows 10, and the Windows 10 HiDPI options have changed a little since then, so I wanted to post an update.

Compared to the simple Override high DPI combo box from 2017, there is now a full High DPI settings dialog:

Windows High DPI Setting Dialog

The choices now include: Continue reading “SAS Management Console on HiDPI Windows 10 Revisited”