In a tweet by Gordon Cox last month, I was reminded of the restricted options facility available with SAS® software on UNIX platforms. This is capability where an administrator can set mandatory SAS system options at multiple levels of granularity: globally, per-group, and/or per-user. The reason for this post is that I don’t look at […]
Tag: Linux
Desktop Files for Launching SAS Apps on Ubuntu
Whilst I often use the command line on Linux, it’s also nice to have icons in the menus to start SAS® applications like SAS Management Console and SAS Display Manager. These days I mostly use GNOME Do as an application launcher (its a bit like Quicksilver for Mac OS X). Naturally I like to be […]
Using SAS92HFADD behind a firewall
The SAS 9.2 Hot Fix Analysis, Download and Deployment tool available at http://ftp.sas.com/techsup/download/hotfix/HF2/SAS92HFADD.html is a fantastic step forward by SAS in helping SAS Administrators keep their system up to date. Paul Homes from Metacoda has previously blogged about this tool and how (much fun it is) to get it working under Windows 2008 R2 with UAC enabled – http://platformadmin.com/blogs/paul/2011/01/sas92hfadd-viewregistry-windows-server-2008-r2/
I have used this tool on quite a few sites (on Windows, Unix and Linux) and once it is working it is great! Unfortunately I estimate it has only worked “out of the box” for 1 in 10 installs, and the reason is usually a firewall. This blog post describes my workarounds to this situation…
The Problem
The SAS92HFADD tool uses the File Transfer Protocol (FTP) to download various files from the SAS FTP site. If the machine running this tool is behind a firewall (which should be the standard situation in a corporate environment) then “normal” FTP may not work. One method implemented within the file transfer protocol to allow communication through some firewall implementations is “passive” mode. There are some tweaks we can make to the files provided by SAS as part of this package to get it to use passive mode, but unfortunately the FTP client provided with the Windows operating system does not support passive mode (see http://support.microsoft.com/kb/271078). The Unix/Linux FTP clients I’ve seen will support passive mode without any problems.
Unix/Linux
Downloading the Unix version of the tool and untarring it will result in two files:
- SAS92HFADD.pl
- SAS92_hot_fix_data_ftp_download.sh
A common way to invoke FTP in passive mode on Unix/Linux is to use the “-p” switch. We can tweak the two files provided above to add in this “-p” switch and have the FTP transfers done in passive mode.
SAS92_hot_fix_data_ftp_download.sh
The 5th line of this file reads: ftp -n $HOST <<-EOF
Add in the “-p” switch and save the file: ftp -p -n $HOST <<-EOF
SAS92HFADD.pl
The 646th line of this file reads: $ftpscript .= "ftp -n \$HOST <<-EOF\n";
Change this to: $ftpscript .= "ftp -p -n \$HOST <<-EOF\n";
Under Unix/Linux these are all the changes that are required. Following the provided instructions from SAS should now work.
Windows
The Windows version of the tool requires a bit more work since the Perl code that we could have edited (as above with the Unix version) is packaged into an executable file along with a Perl runtime. The download is a self extracting archive which when run will provide three files:
- SAS92HFADD.exe
- SAS92_hot_fix_data_ftp_download.bat
- SAS92_hot_fix_data_ftp_download_script.txt
Unfortunately we can’t just start tweaking things because, as mentioned above, the FTP client provided with Windows does not support passive mode. There are a number of FTP-like command line tools that you can get for Windows (and in a later post I will explain how I used CURL to get the Windows tool to work through a “tough” firewall configuration where passive mode was not enough), but I highly recommend MOVEit Freely by Ipswitch File Transfer. This is a “drop-in” replacement for the Windows FTP client which supports passive mode. You can download MOVEit Freely from http://www.ipswitchft.com/Products/MoveitFreely/
Once you have downloaded MOVEit Freely copy the “ftps.exe” file into the SAS92HFADD directory created by the tool and rename it to “ftp.exe”.
Step 1 – Edit SAS92_hot_fix_data_ftp_download_script.txt
The fourth line of this file has the “binary” command and line five has the “get” command. Insert a line after line four with the “passive” command. I also like to see that something is actually happening, so I also insert the “hash” command which prints a hash mark (#) after a certain amount of bytes have been downloaded giving you a kind of progress status.
Here is my edited file:
open ftp.sas.com
anonymous
SAS92HFADD
binary
passive
hash
get [long path removed to fit in blog post]
quit
Step 2 – Run the SAS92HFADD.exe file
Running this file will call the batch file, which includes the script we just edited, which then downloads an XML file from SAS of all the latest hot fixes. It then parses this file and compares if to the DeploymentRegistry.txt file you created (as part of the standard steps of this tool) and then generates the Analysis Report, Download scripts and Deployment scripts.
Step 3 – Modify the generated download batch and script files
The tool dynamically creates a DownloadTools subdirectory under a time stamped parent directory within the SAS92HFADD directory. Depending on whether you want all hot fixes or just Alert hot fixes you then need to edit the appropriate batch and script files. I will edit the “all hot fixes” files, but the changes are the same for the Alert only files.
ftp_script.bat
This file needs to use the MOVEit freely FTP client, so you can either copy our new “ftp.exe” into this directory or edit the batch file to use the one we already have in the SAS92HFADD directory. I edited the batch file to use my existing copy (i.e. prefix the ftp command with “..\..\”): ..\..\ftp -s:ftp_script.txt
ftp_script.txt
Like the previous text file edit, we need to insert the “passive” command and the “hash” command if you like to see the progress:
Here is the top of my ftp_Script.txt file after the edits: open ftp.sas.com
anonymous
SAS92HFADD
binary
passive
hash
get [long path removed to fit in blog post]
Step 4 – Run the ftp_script.bat file
From here it should be back to the “normal” instructions.
Disabling the Ubuntu Login Screen (GDM) User Pick List
I’m used to typing in both my userid and my password when I log in to computers. I have never been a fan of the user pick lists that now seem to be common to many operating systems. I can see how they can be convenient for family machines at home, but the idea of […]
Installing VirtualBox Guest Additions in Ubuntu
What, you might be wondering, is a post about VirtualBox and Ubuntu doing on a blog that is primarily about SAS® platform administration and metadata? The answer to that question is that VirtualBox and Ubuntu are both platforms where I run SAS for the purposes of development, testing and exploration/learning. So, whilst not specifically related […]
Sudo with no password prompt
DISCLAIMER: This is definitely not recommended for any type of real environment that you rely on to be secure, but sometimes when you are setting up demo/sandpit/throwaway environments you want to be able to execute commands on Linux as root using sudo without getting prompted for your password. You could just work in a root […]