70452 - Errors might occur after migrating from SAS® Visual Investigator on SAS® Viya® 3.5 to SAS Visual Investigator on the SAS® Viya® platform

Problem Note 70452: Errors might occur after migrating from SAS® Visual Investigator on SAS® Viya® 3.5 to SAS Visual Investigator on the SAS® Viya® platform

After migrating from SAS Visual Investigator 10.8 Hot Fix 7 on SAS Viya 3.5 to SAS Visual Investigator on the SAS Viya platform, errors might occur in the logs where a service is unable to connect to a database. This issue can occur in svi-datahub-service, svi-vsd-service, or others.

Here is a sample error message:

FATAL: password authentication failed for user ...

In this situation, it is likely that the system stored a value that was different from the ${postgres.password} consul variable in the credentials service on SAS Viya 3.5 before migration for the default Internal Data Store.

Workaround

To circumvent this issue, manually patch the user name and password to the default Internal Data Store for the SAS Viya platform deployment using the Data Hub REST APIs.

The credentials for this Data Store should be the ${postres.username} and ${postgres.password} consul variables.

To patch the credentials of the default Internal Data Store using the Data Hub REST APIs, complete the following steps:

Get the OAuth Token (as a SASAdministrators user).

export SAS_BASE_URL="https://tenant.hostnameOfDeployment";

## Set the username

## replace usernameGoesHere with the actual password before executing this command

export SAS_USER="usernameGoesHere";

## replace passwordGoesHere with the actual password before executing this command

##Extract the oauth token

export OAUTH_RESPONSE_JSON=$(SAS_PASSWORD="passwordGoesHere" bash -c 'curl --request POST \

     --url "${SAS_BASE_URL}/SASLogon/oauth/token" \

     --header "Accept: application/json" \

     --header "Authorization: Basic c2FzLmVjOg==" \

     --header "Content-Type: application/x-www-form-urlencoded" \

     --data grant_type=password \

     --data username=${SAS_USER} \

     --data password=${SAS_PASSWORD} \

     --silent');

export OAUTH_TOKEN=$(echo $OAUTH_RESPONSE_JSON | jq --raw-output '.access_token');

export OAUTH_SCOPE=$(echo $OAUTH_RESPONSE_JSON | jq --raw-output '.scope');

echo;

echo "URL:              $SAS_BASE_URL";

echo "Token:            $OAUTH_TOKEN";

echo "Scope:            $OAUTH_SCOPE";

Set the Data Store name for the default Data Store in the environment.

export DATA_STORE_NAME="DEFAULT_STORE";

Confirm that the default Data Store credentials are incorrect. Then, query the user name in the credentials service. The correct value should be "${postgres.username}"\.

curl --request GET \

     --url "${SAS_BASE_URL}/credentials/domains/${DATA_STORE_NAME}/credentials" \

     --header "Authorization: Bearer ${OAUTH_TOKEN}" | jq;

Note: If the userId property is not ${postgres.username} (such as the following), then the credentials likely need to be patched:

"properties": {

        "userId": "${postgres.username}"

},

Get the existing default Data Store metadata json and add the correct credentials to the json by using GET /svi-datahub/admin/dataStores?name=DEFAULT_STORE.

## Get information about the default data store on this deployment

export DATA_STORE_JSON=$(curl --request GET \

                              --url "${SAS_BASE_URL}/svi-datahub/admin/dataStores?name=${DATA_STORE_NAME}" \

                              --silent \

                              --header "Authorization: Bearer ${OAUTH_TOKEN}" \

                              --header "Content-Type: application/json" | jq -c);

## Patch the data store information information with the correct credentials

export PATCHED_DATA_STORE_JSON=$(echo $DATA_STORE_JSON | jq -c '. += { "password": "${postgres.password}", "username": "${postgres.username}" }');

export DATA_STORE_ID=$(echo $DATA_STORE_JSON   | jq ".id");

export DATA_STORE_TYPE=$(echo $DATA_STORE_JSON | jq -r ".connectionType");

export DATA_STORE_NAME=$(echo $DATA_STORE_JSON | jq -r ".name");

## Print the extracted information and the patched version of the data store

echo;

echo "URL:              $SAS_BASE_URL"; echo;

echo "id:               $DATA_STORE_ID";

echo "name:             $DATA_STORE_NAME";

echo "connectionType:   $DATA_STORE_TYPE"; echo; echo;

echo "Original JSON:    $DATA_STORE_JSON"; echo;

echo "Patched JSON:     $PATCHED_DATA_STORE_JSON"; echo;

Update the default Data Store with the patched json (with the correct credentials) using PUT /svi-datahub/admin/dataStores/$data_store_id}.

echo $PATCHED_DATA_STORE_JSON | curl --request PUT \

     --url "${SAS_BASE_URL}/svi-datahub/admin/dataStores/${DATA_STORE_ID}" \

     --header "Authorization: Bearer ${OAUTH_TOKEN}" \

     --header "Accept: application/json" \

     --header "Content-Type: application/json" \

     -d @-;

Confirm that the default Data Store credentials are correct. Then, query the user name in the credentials service. The user name should be "${postgres.username}"\.

curl --request GET \

     --url "${SAS_BASE_URL}/credentials/domains/${DATA_STORE_NAME}/credentials" \

     --header "Authorization: Bearer ${OAUTH_TOKEN}" | jq;

Note: The userId property should be ${postgres.username}.

"properties": {

        "userId": "${postgres.username}"

},

Operating System and Release Information

Product Family	Product	System	Product Release		SAS Release
			Reported	Fixed*	Reported	Fixed*
SAS System	SAS Visual Investigator	Linux for x64	Stable 2022.10		Viya platform

* For software releases that are not yet generally available, the Fixed Release is the software release in which the problem is planned to be fixed.

Type:	Problem Note
Priority:	high

Date Modified:	2023-10-17 16:07:13
Date Created:	2023-10-17 12:29:51

Support

Problem Note 70452: Errors might occur after migrating from SAS® Visual Investigator on SAS® Viya® 3.5 to SAS Visual Investigator on the SAS® Viya® platform

Workaround

Operating System and Release Information