SAS Open Model Manager 1.2 has just been released, so what do you need to know?
Let’s have a quick look at the architecture and deployment, and the key considerations that you need to understand.
SAS Open Model Manager is a new offering that runs on Docker. With this release (February 2020) it is only supported on Docker CE or Docker EE, this initial release does not support running on Kubernetes. So, what are the system requirements?
The following is a summary of the system requirements:
Note, SAS Open Model Manager 1.2 is only supported on Docker, it is not supported running on a Kubernetes platform or on a managed container service such as AWS Elastic Container Service (ECS).
The SAS Open Model Manager container includes the SAS Open Model Manager web application, an SMP CAS server, the SAS Micro Analytic Service and a subset of the SAS Viya servers and microservices. This is illustrated in the Figure 1.
Figure 1. SAS Open Model Manager architecture overview
Select any image to see a larger version.
Mobile users: To view the images, select the "Full" version at the bottom of the page.
In the diagram you can see the input files that are used when launching an instance of SAS Open Model Manager and the script that is used to start the container (run_docker_container). The start script and the input files must all be in the same directory, a working directory.
The default implementation is to use the container storage, but persistent storage external to the container can and should be used, especially for home directories and user data. Unless you are truly experimenting and are not worried about losing your work after killing the container. The persistent storage is depicted as the ‘/my_data’ mount in the figure.
As part of launching a container a set of volumes are created for your SAS Viya environment, using the naming format <volume>-<container_name>. The following volumes are created:
For my testing I created a container called ‘myOMM’, then using Portainer to manage my docker environment you can see the volumes that were created. This is illustrated below.
Note, each SAS Open Model Manager container that is launched must have a unique name and has its own set of storage volumes. By default, these storage volumes are under the /var/lib/docker/volumes/ path.
SAS Open Model Manager does not include SAS Environment Manager, so additional customization and configuration is performed using the sas-admin command-line interface. For example, while you can specify the initial user (administrator) in the sitedefault.yml file, to add additional users to the administrators group you use the sas-admin CLI. You would also use the CLI to create CASlib definitions.
You can download the SAS Administration Command Line Interface (CLI).
As previously stated, host authentication is required to access SAS Open Model Manager. To support this the System Security Services Daemon (SSSD) layer is included in the container. To enable the SSSD configuration you must provide a ‘sssd.conf’ file and any required certificate to connect to Active Directory or LDAP. The default configuration assumes that the certificate file is named ‘sssd.cert’.
You must also include the ‘ldap_tls_cacert = /etc/sssd/sssd.cert’ statement in the sssd.conf file. This statement is commented out in the sample file on GitHub.
It is also possible to enable TLS security for the web application, this is called running in ‘TLS mode’. To enable TLS mode, you must provide a CA Certificate and an associated Public Key file, and use the ‘--TLS’ flag when you launch the container.
The CA certificate must be named ‘casigned.crt’ and the public key file must be named ‘servertls.key’.
To recap, all the input files must be located within the working directory and named as shown.
Once you have your software order you can use the following steps to pull the image from SAS and launch a container instance of SAS Open Model Manager. I used a folder called ‘/working’ as my workspace.
To extract the license files and certificates you must unzip the SAS_Viya_deployment_data.zip file. The zip file is provided in the Software Order Email (SOE) when you place an order for SAS Open Model Manager.
$ unzip ~/working/SAS_Viya_deployment_data.zip
Then copy the license files to the working directory, these are in the ‘licenses’ directory that was created by the unzip step.
$ cd ~/working/licenses
$ cp SASViyaV0300_order-number_Linux_x86-64.tx ~/working/
$ cp SASViyaV0300_order-number_site-number_Linux_x86-64.jwt ~/working/
The highlighted text is unique to each order.
The first step is to create the ‘ses.sas.download’ directory.
$ sudo mkdir -p /etc/docker/certs.d/ses.sas.download
Now you need to copy the required files from the SAS_Viya_deployment_data.zip file into this directory. Using the following commands.
$ cd ~/working
$ sudo cp -v $(pwd)/ca-certificates/SAS_CA_Certificate.pem /etc/docker/certs.d/ses.sas.download/ca.crt
$ sudo cp -v $(pwd)/entitlement-certificates/entitlement_certificate.pem /etc/docker/certs.d/ses.sas.download/client.cert
$ sudo cp -v $(pwd)/entitlement-certificates/entitlement_certificate.pem /etc/docker/certs.d/ses.sas.download/client.key
To pull the image for SAS Open Model Manager we need to first obtain the image name. You do this using the SAS Mirror Manager for SAS Viya 3.5 software, which is available from SAS Support.
You can copy the image name into a text file for later use, using the following command.
$ ./mirrormgr list remote docker tags --deployment-data ~/working/SAS_Viya_deployment_data.zip --latest | tee ~/working/image_name.txt
The output is written to the text file and echoed to the terminal, in this case the image name is.
ses.sas.download/modmgrsta-145-x64_redhat_linux_7-docker/sas-open-modelmanager:1.2.17-20200207.1581118212423
Now that you have the image name, you can pull the image.
$ docker pull $(cat ~/working/image_name.txt)
There are a number of sample files available on GitHub.
At a minimum you need the following configured for your environment:
As described above, if you are enabling TLS security then you will also need the CA certificate and a public key.
To get the sample files downloaded into your working folder, a few quick Linux commands can make short work of it.
BASE=~/working
CONTENT="https://raw.githubusercontent.com/sassoftware/open-model-manager-resources/master/runOpenMM"
curl -s -o "$BASE/#1" "$CONTENT/{sssd_sample.conf,run_docker_container,sitedefault_sample.yml}"
Now with these files downloaded and configured for your environment you can start an instance of SAS Open Model Manager. Let’s assume that you want to start a container instance called ‘myOMM’ and will use port 8080 to access the container, then you would use the following command.
$ ./run_docker_container --container-name myOMM --image $(cat ~/working/image_name.txt) --order <SAS order number> --http-port 8080
You will see that the run_docker_container command will set the required permissions and ownership on the input files. This is shown in the screenshot below.
This leads to the following deployment.
Figure 2. Deployment overview
If you wanted to enable TLS mode using port 8443 you would add the following parameters on the start command, but remember you also need the CA certificate and public key files.
run_docker_container --container-name myOMM --image $(cat ~/working/image_name.txt)
--order <SAS order number> --http-port 8080 --https-port 8443 --tls
Once your container instance has started you can login to SAS Open Model Manager. For my testing, my docker server had 12 vCPUs with 64GB of memory. The startup time will be dependent on the resources (size) of your Docker host, the number of docker containers that you have running and whether you are limiting the resources for the SAS Open Model Manager container instance.
The easiest way to determine when SAS Open Model Manager is ready for you to login is to monitor the log file. Using Portainer you can watch for the startup complete message, as shown below.
To access SAS Open Model Manager you use the Docker host name and the port that you specified, in this case post 8080.
http://<host_server>:8080/SASModelManager
To login to SAS Open Model Manager you can use the administrator user that you specified in the sitedefault.yml file, or any of the users that were cached from your LDAP or Active Directory.
One of the requirements is for each user to have a home directory, the good news is, this is automatically created (assuming you have a valid sssd configuration) on first login to SAS Open Model Manager.
The screenshot below (Figure 3) is from my initial login to SAS Open Model Manager.
Figure 3. SAS Open Model Manager user interface
At this point you could use the SAS Open Model Manager 1.2: Quick Start Tutorial to validate your deployment, or just to get started.
SAS Open Model Manager is a new offering from SAS that runs on Docker. The key points to remember are:
Finally, I have created a short video to take you through the deployment: Get Up and Running with Open Model Manager 1.2.
I hope this is useful and thanks for reading.
Build your skills. Make connections. Enjoy creative freedom. Maybe change the world. Registration is now open through August 30th. Visit the SAS Hackathon homepage.
Register today!Data Literacy is for all, even absolute beginners. Jump on board with this free e-learning and boost your career prospects.