Installation Instructions for Hot Fix D4Z024

Windows for x64


Hot fix D4Z024 addresses the issue(s) in SAS Risk Governance Framework 7.4 as documented in the Issue(s) Addressed section of the hot fix download page:

https://tshf.sas.com/techsup/download/hotfix/HF2/D4Z.html#D4Z024


D4Z024 is a "container" hot fix that contains the following "member" hot fixes which will update the software components as needed.

D6X023  updates  SAS Risk Governance Framework Administrative Tools 7.4
D5B023  updates  SAS Risk Governance Framework Mid-Tier 7.4
D5A011  updates  SAS Risk Governance Framework Server 7.4

See What is a container hot fix? in the Hot Fix FAQ for more information about container hot fixes.


Before applying this hot fix, follow the instructions in SAS Note 35968 to generate a SAS Deployment Registry report, then verify that the appropriate product releases are installed on your system. The release number information in the Registry report should match the 'member' release number information provided above for the software components installed on each machine in your deployment.

The hot fix downloaded, D4Z024pt.zip, includes the updates required for all components listed above on all applicable operating systems. To apply this hot fix on multiple machines, you can either save D4Z024pt.zip on each machine or save it in a network location that is accessible to all machines.

Do NOT extract the contents of D4Z024pt.zip. The hot fix installation process will extract the contents as needed.


IMPORTANT NOTES

  1. Files delivered in this hot fix will be backed up during the installation process. However, it is good general practice to back up your system before applying updates to software.

  2. You must have Administrator Privileges on your CLIENT or SERVER machine.

  3. All currently active SAS sessions, daemons, spawners and servers must be terminated before applying this hot fix.

  4. This hot fix should be installed using the same userid who performed the initial software installation.

  5. CONFIGURATION: No automatic configuration scripting is included for this hot fix. If you have previously configured software installed, the SAS Deployment Manager may present a screen where you will see "Apply SAS Hot Fixes" and "Configure SAS Hot Fixes" options. On this screen, you must ensure that the "Configure SAS Hot Fix" option is *not* selected. If this option is automatically selected, please de-select it prior to proceeding with the SAS Deployment Manager Screens. Failure to do so could have unintended consequences when applying this hot fix.


INSTALLATION

Hot Fix D4Z024 must be installed on each machine where the updated components of the product, listed above, are installed. During the installation process you may see references to all operating systems for which updates are provided in the hot fix. The installation process will determine the operating system and which component(s) of SAS Risk Governance Framework 7.4 require updating on the machine. See SAS Note 44810 for more details.

The hot fix will be applied using the SAS Deployment Manager. By default, the SAS Deployment Manager will search in the <SASHOME>/InstallMisc/HotFixes/New directory for hot fixes to be applied, but will also prompt for a location if you have downloaded hot fixes to a different directory.

After downloading D4Z024pt.zip, follow the instructions for applying hot fixes in the SAS Deployment Wizard and SAS Deployment Manager 9.4: User's Guide.

Please review the CONFIGURATION Important Note above concerning proper selection of the "Configure SAS Hot Fix" option in the SAS Deployment Manager.


The hot fix installation process generates the log file

<!SASHOME>/InstallMisc/InstallLogs/IT_date-and-time-stamp.log
for example, IT_2011-10-31-13.18.21.log. Each attempt to apply a hot fix results in the creation of a new log file giving detailed information regarding the installation process.

Postexec log files are created after the installation is completed and identifies the files that were added, backed up, changed and removed. These log files include the 'member' hot fix id in the name of the file and are also written to the <!SASHOME>/InstallMisc/InstallLogs directory. There is one postexec log for each 'member' hot fix applied (member hot fixes are listed at the top of these instructions).


The content of this hot fix is listed in the hot fix manifest.


Security Update

The following instruction applies only for environments running SAS 9.4 M6 or earlier:

SAS Security Updates are applied during the initial installation of your software. In order to maintain the latest level of security offered by SAS, security updates should be applied and/or re-applied after any changes to your software, including installation of hot fixes. The current SAS Security Updates for all releases of SAS are available at https://tshf.sas.com/techsup/download/hotfix/HF2/SAS_Security_Updates.html. Please re-apply security updates in accordance with the SAS Security Updates and Hot Fixes document available on the SAS Security Updates web page.


POST-INSTALLATION INSTRUCTIONS

For each product installed, click the link to be redirected to post-installation instructions.

D6X023  updates  SAS Risk Governance Framework Administrative Tools 7.4
D5B023  updates  SAS Risk Governance Framework Mid-Tier 7.4
D5A011  updates  SAS Risk Governance Framework Server 7.4


D6X023  updates  SAS Risk Governance Framework Administrative Tools 7.4

  1. Copy the following files from <SASHOME>\SASRiskGovernanceFrameworkAdministrativeTools\7.4\dbscripts to <SASCONFIGDIR>\Lev1\Applications\SASRiskGovernanceFrameworkAdministrativeTools\dbscripts
    a. extractContent.cmd
    b. extractContent.config
    c. removeWorkflowInstances.cmd
    d. removeWorkflowInstances.config
    e. unregistercontent.cmd
    f. unregistercontent.config
    h. migrateWorkflowInstances.cmd

  2. Copy the following files from <SASHOME>\SASRiskGovernanceFrameworkAdministrativeTools\7.4\dbscripts\data to <SASCONFIGDIR>\Lev1\Applications\SASRiskGovernanceFrameworkAdministrativeTools\dbscripts\data
    a. Workflows.csv
    b. Workflows.mappings.config
    c. NamedListOptions.csv
    d. NamedListOptions.mappings.config

  3. Copy the updated SQL files from SASHome to SASConfig using the following steps:
    a. Change directories to <SASCONFIGDIR>\Lev1\Applications\SASRiskGovernanceFrameworkAdministrativeTools\dbscripts\<db_vendor>
      where <db_vendor> is the vendor used for the RGF database, either “PostgreSQL”, “Oracle”, or “MSSQLServer”.
    b. Make a backup of DropViews.sql, InitDBVersion.sql and CreateTables.sql
      i. copy DropViews.sql DropViews.sql.bak
      ii. copy InitDBVersion.sql InitDBVersion.sql.bak
      iii.copy CreateTables.sql CreateTables.sql.bak
    c. Copy the updated files from <SASHOME>\SASRiskGovernanceFrameworkAdministrativeTools\7.4\dbscripts\<db_vendor>
      where <db_vendor> matches the path from step (a). The other vendor directories can be ignored.
      i. copy <SASHOME>\SASRiskGovernanceFrameworkAdministrativeTools\7.4\dbscripts\<db_vendor>\DropViews.sql
      ii. copy <SASHOME>\SASRiskGovernanceFrameworkAdministrativeTools\7.4\dbscripts\<db_vendor>\InitDBVersion.sql
      iii. copy <SASHOME>\SASRiskGovernanceFrameworkAdministrativeTools\7.4\dbscripts\<db_vendor>\CreateTables.sql.orig
      iv. rename CreateTables.sql.orig CreateTables.sql

  4. Delete the following files in <SASCONFIGDIR>\Lev1\Applications\SASRiskGovernanceFrameworkAdministrativeTools\dbscripts if they exist. They have been replaced to correct an error in the file name. If they do not exist, this step can be ignored.
    a. removeWorklfowInstances.cmd
    b. migrateWorklfowInstances.cmd


D5B023  updates  SAS Risk Governance Framework Mid-Tier 7.4

This hot fix requires post-installation steps that will update the web application deployed to your application server.

For more information about how to rebuild and redeploy Web Applications, see the SAS® 9.4 Intelligence Platform, Middle-Tier Administration Guide, Chapter 8 Administering SAS Web Applications.

  1. The following steps will remove the Log4J2 dependency from the RGF web application. The dependency is no longer needed and might cause functional problems in certain environments.
    a. Make a backup of the “picklist” file for the SAS Risk Governance Framework web application in
    <SASHOME>\SASRiskGovernanceFrameworkMidTier\7.4\Picklists\wars\sas.riskgovernanceframework. Name it picklist.bak.
    b. Edit the “picklist” file in that directory. Do not edit “picklist.full”.
    c. Remove the following entry. Note that the version number might differ in your environment. Leave two blank lines between the surrounding entries.
    name=Log4J2
    version=2.17.1.0_SAS_20220104134706
    d. Save the picklist file.

  2. Clean up the old version of the CKEditor library. This hotfix replaces the previous version of CKEditor with CKEditor version 5. Move the old version, under the “ckeditor” folder to a location outside of the WAR files, so it won't be included in the application at runtime. This is being replaced by a new version of ckeditor, delivered in the folder “ckeditor5”, which should be left in place.
    a. cd <SASHOME>\SASRiskGovernanceFrameworkMidTier\7.4\Static\wars\sas.riskgovernanceframework\resources
    b. move ckeditor ..\..\..\ckeditor.bak

  3. Rebuild Web Applications

    NOTE: In order for this step to execute correctly, the Metadata Server must be running.

    Select the appropriate product as the Web Application to Rebuild

  4. Re-start all SAS sessions, daemons, spawners and servers. For more information on the proper order for starting servers, go to SAS® 9.4 Intelligence Platform: System Administration Guide, Fourth Edition and review the section entitled "Starting, Stopping and Checking the Status of Servers".

  5. Redeploy Web Applications

    Redeploy the updated wars to the web application server.

  6. JVM option update

    To satisfy updates delivered in this hotfix you must specify the following JVM option in the setenv.bat or sasenv.sh file.

    These files are found in the directory below:

    SAS-configuration-directory/Levn/Web/WebAppServer/SASServer1_1/bin
    Update the file to include the JVM option:
    -Dcom.sas.workflow.shortTextMaxLength=1000

  7. The web application server needs to be restarted, all SAS servers, from Server1_1 o ServerN_1.


After the web application servers are restarted, complete the following steps

  1. Use a WebDAV tool to sign in to the SAS Content Server so that you can edit or replace files in SAS Content Server folder.
    Copy the following files from <SASHOME>\SASRiskGovernanceFrameworkMidTier\7.4\Config\Deployment\Content\Preload\rgf-system\Scripts to the SAS Content Server, under the folder /SASContentServer/repository/default/sasdav/Products/SASRiskGovernanceFramework/RiskGovFrwkMid-Tier/rgf-system/Scripts, and replace any existing scripts.
    a. listCustomFields.groovy
    b. list_enums.groovy
    c. groovyEditor.groovy
    d. migrateattachments.groovy
    e. purgeObjects.groovy

  2. After deploying the hotfix, you must examine any RGF and content package groovy scripts or functions for references to the Apache Struts library. If the groovy scripts use the following Struts classes, you must replace them with the RGF classes indicated below:
    org.apache.struts.util.LabelValueBean -> com.sas.oprisk.framework.server.util.LabelValueBean
    org.apache.struts.action.ActionMessage -> com.sas.oprisk.framework.server.util.ActionMessage
    org.apache.struts.action.ActionMessages -> com.sas.oprisk.framework.server.util.ActionMessages

  3. If you have deployed the content package for Risk Stratum Core (RSC) v01.2020 or Stress Testing (STM) v09.2019, you must update the groovy function SaveRefreshBEPData.groovy after applying the HF. The RGF platform no longer allows direct access to the private “context” member variable in a groovy function's parent class. Perform the following steps:
    a. Locate the file SaveRefreshBEPData.groovy file on the SAS Content Server, under the folder
        /SASContentServer/repository/default/sasdav/Products/SASRiskGovernanceFramework/RiskGovFrwkMid-Tier/rmc/Scripts/customfunctions/html5Ui/

    b. Edit the file, and change the method setDefaults on line 216, so that it has two arguments, where the first one is “IContext context”:
        From:
          def setDefaults = {JSONObject bepData ->
        To:
          def setDefaults = { IContext context, JSONObject bepData ->

    c. Change the calls to setDefaults on lines 85 and 126 so that they passes the additional argument:
        From:
          setDefaults(bepData);
        To:
          setDefaults(context,bepData);
    d. Save the groovy file to the content server.

  4. After applying the hot fix, you must apply a change to the database schema using the patchdb tool.
    a. Change directories to <SASCONFIGDIR>\Lev1\Applications\SASRiskGovernanceFrameworkAdministrativeTools\dbscripts

    b. Run the patchdb utility for each installed content package (mrm, gcm, rmc, etc.), using the following command, and apply the patch:
    PostgreSQL, MSSQL: patchdb.cmd -c <content_id>
    Oracle:       patchdb.cmd -c <content_id> <index_tablespace>
                where <index_tablespace> is the tablespace containing the RGF database indexes,
                for example RGFIDX_1

  5. If you are using Apache Solr 5.5.5, stop Solr and apply the updates to the managed-schema file. If using a later version of Solr, no action is necessary.
    a. Change directories to <SOLRHOME>\bin and run the following command to stop SOLR.
        solr stop -p 8983

    b. Change directories to <SOLRHOME>\server\solr\rgf\conf and run the following to command to backup managed-schema
        copy managed-schema managed-schema.bak

    c. Copy the new managed-schema from <SASHOME> directory to the SOLR configuration directory.
        copy <SASHOME>\SASRiskGovernanceFrameworkMidTier\7.4\Config\Samples\Solr\managed-schema <SOLRHOME>\server\solr\rgf\conf

    d. Change directories to <SOLRHOME>\bin and run the following command to start SOLR.
        solr start -p 8983 -m <mem_size>
    e. Change directories to <SASCONFIGDIR>\Lev1\Applications\SASRiskGovernanceFrameworkAdministrativeTools\dbscripts and update the SOLR search index for each installed content package, where content_id is “mrm”, “gcm”, “rmc”, etc.
        updateindex.cmd -c <content_id>

  6. If you need to enable performance improvement to support larger number of attachments (under 1000) for each custom object, please make the following changes:
    i. add the following line to the content package's respective configdata.properties in SAS Content Server: monitor.attachments.largeNoAttachmentsSupport.enabled=true

    ii. update $SASConfig\Lev1\Web\WebAppServer\SASServer8_1\conf\wrapper.conf to include the JVM option: wrapper.java.additional.XX=-Dsas.rgf.attachment.useBulkLoad.enabled=true
    (where XX is the largest number of all wrapper.java.additional options)

  7. Restart SASServer8.


D5A011  updates  SAS Risk Governance Framework Server 7.4

  1. Update the SAS Localization Labels:

    Open a SAS session, paste the following code into the SAS Editor and run the code.
    %SMD2DS(DIR=<SASHOME>\SASFoundation\9.4\rskmgtsvr\smd, BASENAME=rskmgtsvr, LOCALE=en, lib=SASHELP);
    *NOTE: Be sure to run the above SAS code in the same SAS session encoding that was used when the product was installed and configured.

  2. Copy the following files from <SASHOME> to <SASCONFIGDIR>
    <SASHOME>\SASFoundation\9.4\rskmgtsvr\ucmacros\rgf_post_init.sas.orig
    <SASHOME>\SASFoundation\9.4\rskmgtsvr\sasmisc\control\grid_host.map
    <SASHOME>\SASFoundation\9.4\rskmgtsvr\ucmacros\rgf_job_load_audit_data.sas
    <SASHOME>\SASFoundation\9.4\rskmgtsvr\ucmacros\rgf_job_reload_audit_data.sas
    <SASHOME>\SASFoundation\9.4\rskmgtsvr\ucmacros\rgf_job_reload_data.sas
    to
    <SASCONFIGDIR>\Lev1\AppData\SASRiskGovernanceFramework\Source\ucmacros\rgf_post_init.sas.orig
    <SASCONFIGDIR>\Lev1\AppData\SASRiskGovernanceFramework\Source\sasmisc\control\grid_host.map
    <SASCONFIGDIR>\Lev1\AppData\SASRiskGovernanceFramework\Source\ucmacros\rgf_job_load_audit_data.sas
    <SASCONFIGDIR>\Lev1\AppData\SASRiskGovernanceFramework\Source\ucmacros\rgf_job_reload_audit_data.sas
    <SASCONFIGDIR>\Lev1\AppData\SASRiskGovernanceFramework\Source\ucmacros\rgf_job_reload_data.sas

  3. Rename the "rgf_post_init.sas" in "<SASCONFIGDIR>\Lev1\AppData\SASRiskGovernanceFramework\Source\ucmacros"
    From:  rgf_post_init.sas
    To:      rgf_post_init.sas.old

  4. Replace tokens w\ directory paths:
    A) Using a text editor, replace the tokens in the files with the paths listed below:

    <SASCONFIGDIR>\Lev1\AppData\SASRiskGovernanceFramework\Source\ucmacros\rgf_post_init.sas.orig

    Token: @CNTLFILEDIR@
    Path: <SASCONFIGDIR>\Lev1\AppData\SASRiskGovernanceFramework\Source\sasmisc\control


    B) Copy the lines below in "<SASCONFIGDIR>\Lev1\AppData\SASRiskGovernanceFramework\Source\ucmacros\rgf_post_init.sas.old"

    Example:

    %let rskmgt_dbserver=%upcase(PostgreSQL);
    %let rskmgt_dbengine=%upcase(POSTGRES);
    %let rskmgt_dbName=rgfdbname;
    %let rskmgt_dbAuth=RGF_db_auth;
    %let rskmgt_dbServerNm=xxx.abc.com;
    %let rskmgt_dbport=1001;

    and overwrite the following lines in "<SASCONFIGDIR>\Lev1\AppData\SASRiskGovernanceFramework\Source\ucmacros\rgf_post_init.sas.orig"

    %let rskmgt_dbserver=%upcase(@DBMS_TYPE@);
    %let rskmgt_dbengine=%upcase(@DBENGINE@);
    %let rskmgt_dbName=@DBIDENTIFIER@;
    %let rskmgt_dbAuth=@DBMS_AUTH@;
    %let rskmgt_dbServerNm=@DBMS_SERVER@;
    %let rskmgt_dbport=@DBMS_PORT@;


    C) Save the changes to the file.


    D) Rename
    <SASCONFIGDIR>\Lev1\AppData\SASRiskGovernanceFramework\Source\ucmacros\rgf_post_init.sas.orig
    to
    <SASCONFIGDIR>\Lev1\AppData\SASRiskGovernanceFramework\Source\ucmacros\rgf_post_init.sas
    to remove the ".orig" file suffix.


    This completes the installation of hot fix D4Z024 on Windows for x64.


    Copyright 2023 SAS Institute Inc. All Rights Reserved.