cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
BookmarkSubscribeRSS Feed
m0rbid
Calcite | Level 5 m0rbid
Calcite | Level 5

External hostname and multitenancy

Posted 10-08-2021 08:33 PM (1398 views)

So, i have set up a multitenancy sas viya environment, onboarded 4 tenants and everything is green. I can login in to the individual tenants with local hostnames and all services are onbared and my workers are connected to the controller.

However, the problem starts when exposing this to the internet trough a load balancer.

 

I have set up dns, followed this guide for setting external hostname How to Configure a Reverse Proxy in Front of SAS V... - SAS Support Communities

I find the request coming in in the ssl request log with correct header like so

10.245.96.228 - - [30/Sep/2021:21:15:10 +0200] develop0.****.****.****.no "GET /SASLogon/login HTTP/1.1" 200 2957 "-" "Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:90.0) Gecko/20100101 Firefox/90.0"
10.245.96.228 - - [30/Sep/2021:21:15:10 +0200] develop0.****.****.****.no "GET /SASLogon/resources/images/transparent.png HTTP/1.1" 304 - https://develop0.****.****.****.no/SASLogon/login "Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:90.0) Gecko/20100101 Firefox/90.0"
10.245.96.228 - - [30/Sep/2021:21:15:10 +0200] develop0.****.****.****.no "GET /SASLogon/resources/images/saslogo.svg HTTP/1.1" 304 - https://develop0.****.****.****.no/SASLogon/login "Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:90.0) Gecko/20100101 Firefox/90.0"
10.245.96.229 - - [30/Sep/2021:21:15:11 +0200] - "GET /" 302 229 "-" "-"

(i have "blurred" the actual hostname, but they are the external one

 

service url for viya and http are correct.

 

But all external tenant urls leads to the provider tenant and not the individual tenant the request stated above.

 

Any thoughts?

 

0 Likes
Reply
7 REPLIES 7
Sajid01
Meteorite | Level 14 Sajid01
Meteorite | Level 14

Re: External hostname and multitenancy

Posted 10-08-2021 10:50 PM (1351 views)  |   In reply to m0rbid

While a proper answer would depend on your configuration details, here are some factors to be considered.
1.In a multi tenant deployment not all services are tenant specific. Services such as Apache Web Server are a part of shared services. What the individual tenants are sure to receive is a specific instance of CAS .

2.If you have configured your SAS Viya behind a reverse proxy and/or load balancer, then the external browser will only point to the reverse proxy. Any service behind the Viya Apache server will not be aware of the reverse proxy and vice versa.  Thus any internal Viya service will only point to the Apache Service which may be operating from the provider tenant.
Perhaps a ticket to SAS Tech Support may be provide you with the an answer appropriate and relevant to your environment.

0 Likes
Reply
m0rbid
Calcite | Level 5 m0rbid
Calcite | Level 5

Re: External hostname and multitenancy

Posted 10-09-2021 08:21 AM (1307 views)  |   In reply to m0rbid
I'm not sure how to configure viya to live behind a reverse proxy. If i point my browser to tenant1.internal.hostname i can login with the tenant username and pass. If i point my browser to tenant1.external.hostname i get to the login page but cannot login to tenant1, only the provider tenant even tho my tenantid gets through to apache according to the request log above
0 Likes
Reply
Sajid01
Meteorite | Level 14 Sajid01
Meteorite | Level 14

Re: External hostname and multitenancy

Posted 10-09-2021 08:45 AM (1279 views)  |   In reply to m0rbid

I think the best way is to approach SAS Tech Support.

 

0 Likes
Reply
gwootton
SAS Super FREQ gwootton
SAS Super FREQ

Re: External hostname and multitenancy

Posted 10-11-2021 08:59 AM (1194 views)  |   In reply to m0rbid
In a multi-tenancy configuration, SAS gets the tenant ID from the request. Given we can see the tenant ID in the request to apache I suspect Viya is not aware of the external hostname so is considering the entire hostname the base url instead of identifying the subdomain for the tenant separately.

Did you set the config/viya/sas.httpproxy.external.hostname and sas.httpproxy.external.port values using sas-bootstrap-config?
--
Greg Wootton | Principal Systems Technical Support Engineer
0 Likes
Reply
m0rbid
Calcite | Level 5 m0rbid
Calcite | Level 5

Re: External hostname and multitenancy

Posted 10-11-2021 09:02 AM (1176 views)  |   In reply to gwootton

thanks for the reply, yes i did, and i have confirmed it with a config read

0 Likes
Reply
gwootton
SAS Super FREQ gwootton
SAS Super FREQ

Re: External hostname and multitenancy

Posted 10-11-2021 09:20 AM (1149 views)  |   In reply to m0rbid

Was this provided in vars.yaml when onboarding the tenant?

https://go.documentation.sas.com/doc/en/calcdc/3.5/caltenants/n1dulp7rsnyxhzn1a4xx2a1cpzco.htm#n0t1f...

 

You may also need to include the load balancer in the zones.internal.hostnames value:

 

https://go.documentation.sas.com/doc/en/sasadmincdc/v_015/calconfigref/n08086sasconfiguration0admin....

 

--
Greg Wootton | Principal Systems Technical Support Engineer
0 Likes
Reply
JessLund
Obsidian | Level 7 JessLund
Obsidian | Level 7

Re: External hostname and multitenancy

Posted 01-11-2022 03:39 AM (975 views)  |   In reply to m0rbid
Hi did you manage to find a solution to this problem?
0 Likes
Reply

suga badge.PNGThe SAS Users Group for Administrators (SUGA) is open to all SAS administrators and architects who install, update, manage or maintain a SAS deployment. 

Join SUGA 

Get Started with SAS Information Catalog in SAS Viya

SAS technical trainer Erin Winters shows you how to explore assets, create new data discovery agents, schedule data discovery agents, and much more.

Watch Get Started with SAS Information Catalog in SAS Viya on YouTube

Find more tutorials on the SAS Users YouTube channel.

Discussion stats
  • 7 replies
  • ‎10-08-2021 08:33 PM
  • 1399 views
  • 0 likes
  • 4 in conversation