Re: How to configure SAS to work with AWS ELB and NGNIX Reverse Proxy

Matt · Posted 08-03-2018 02:26 PM

Does anyone have done this or have experience with?

I am trying to configure SAS to work with AWS ELB and NGNIX Reverse Proxy. It is a three zone architecture.

Presentation Zone :- ELB is under presentation zone

Application Zone :- Reverse Proxy (NGNIX) is under Application Zone

Data Zone :- SAS servers are resided in Data Zone under AWS VPC.

I am trying to connect SAS client applications installed on local machine to SAS compute servers through ELB and Reverse Proxy. I already VPN to AWS.

This is how the traffic flows

SAS clients are installed on local machine - connects to AWS ELB - ELB connects to Reverse proxy that is communicating back and forth with SAS servers.

ELB (Presentation Zone) ----> Reverse Proxy (Application Zone) -----> SAS Servers (Data Zone).

All SAS services are up and running however when I try to connect to SAS application servers from EG, it fails with an error saying "The machine name could not resolved to an IP address" I understand that it is basically looking for a DNS entries for these machines/host names. But why doesn't it need a hostname entries as it should use the ELB to connect to the hosts and SAS linux servers have the host name entries.

boemskats · Posted 08-03-2018 03:22 PM

I'm pretty sure that EG (and thereby the client machine) needs to be able to directly resolve the DNS of the compute server it's connecting to, as per that server's DNS definition in SAS metadata. You won't be able to reverse proxy this with nginx; if you're running a single appserver setup you'd be able to forward the port itself (think it's 7551, not sure), but if you're loadbalancing across a number of application server nodes I doubt you'll be able to use ELB as the LB mechanism needs to be integrated with the object spawner & the target machine needs to be resolvable from the client.

Hope this makes sense. If you're after a bit of help doing this in AWS I'd give @shayes_ccllc a call.

Nik

Matt · Posted 08-06-2018 02:28 PM

Nik,

Thanks for your response. Each compute servers have a dedicated ELB. SAS compute servers are not being configured for load balancing, they are independent instances. ELB however configured for load balancing the connections from SAS clients. The issue is NGNIX not forwarding the traffic to all three servers and ports. It only allows to have 1 compute server and port combination in proxy_pass value.

boemskats · Posted 08-08-2018 08:49 AM

Unless I've misunderstood your question/description, you're looking at forwarding non-HTTP traffic though, right? From the EG clients to the Object Spawners, running on the Compute nodes?

What's the role of the reverse proxy, in addition to the ELB? What is it that you're trying to reverse-proxy? Can you post your nginx conf? You can't forward non http stuff with nginx unless you've built it with the stream core module. Where does your metadata server sit in this scenario, do you have a metadata server instance running on each of those compute nodes?

Matt · Posted 08-09-2018 03:02 PM

Nik,

See the answers below

Unless I've misunderstood your question/description, you're looking at forwarding non-HTTP traffic though, right? From the EG clients to the Object Spawners, running on the Compute nodes? - Yes

What's the role of the reverse proxy, in addition to the ELB? What is it that you're trying to reverse-proxy? Can you post your nginx conf? You can't forward non http stuff with nginx unless you've built it with the stream core module. Where does your metadata server sit in this scenario, do you have a metadata server instance running on each of those compute nodes?

What's the role of the reverse proxy, in addition to the ELB? - Forward the traffic to SAS servers (sitting under datazone). It is being used to make it three zone architecture.

What is it that you're trying to reverse-proxy? - SAS client requests to SAS servers.

You can't forward non http stuff with nginx unless you've built it with the stream core module. - NGNIX is configured with stream core module - see the snippet.

Where does your metadata server sit in this scenario - Under the data zone where all compute and midtier are residing.

do you have a metadata server instance running on each of those compute nodes? - No, there is a single metadata instance for three compute servers (independent - no GRID, no cluster), and a midtier.

ngnix.conf

user nginx;
worker_processes 1;

error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;

events {
worker_connections 1024;
}

http {
include /etc/nginx/mime.types;
default_type application/octet-stream;

log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';

access_log /var/log/nginx/access.log main;

sendfile on;
#tcp_nopush on;

keepalive_timeout 65;

#gzip on;

include /etc/nginx/conf.d/*.conf;
}
stream {
server {
listen 8561;
proxy_pass XXXXXXXXXXX:8561;
}
#Middletier
server {
listen 8080;
proxy_pass XXXXXXXXXXXXXXXX:8080;
}
server {
listen 7980;
proxy_pass 1XXXXXXXXXXX:7980;
}
#Compute1 Compute2 and Compute3
server {
listen 9432;
proxy_pass XXXXXXXXXXXXXX:80;
}
server {
listen 5451;
proxy_pass 1XXXXXXXXXXXXXXX:5451;
}
server {
listen 7541;
proxy_pass XXXXXXXXXXXXXXXXX:7541;
}
"nginx.conf" [readonly] 122L, 2741C

Matt · Posted 08-16-2018 01:13 PM

FYI -

We made a good progress on this. However certain services such as the operating systems services, OLAP server, content server etc..are trying to connect through hostname and traffic is only allowed through ELB and NGNIX. If we modify their connection property within the SMC by replacing the hostname with the ELB name then it works but I don't think that is a SAS recommended way of configuring the environment.

Any comments?