Red Hat Summit Red Hat SummitSupportConsoleDevelopersStart a trialContact

Red Hat Enterprise Linux System Roles for SAP

Red Hat Enterprise Linux for SAP Solutions 8

Red Hat Customer Content Services

Abstract

This guide contains an overview and additional information about Red Hat Enterprise Linux system roles for SAP.

Making open source more inclusive
Copy link

Red Hat is committed to replacing problematic language in our code and documentation. We are beginning with these four terms: master, slave, blacklist, and whitelist. Due to the enormity of this endeavor, these changes will be gradually implemented over upcoming releases. For more details on making our language more inclusive, see our CTO Chris Wright’s message.

Providing feedback on Red Hat documentation
Copy link

We appreciate your feedback on our documentation. Let us know how we can improve it.

Submitting feedback through Jira (account required)

  1. Make sure you are logged in to the Jira website.
  2. Provide feedback by clicking on this link.
  3. Enter a descriptive title in the Summary field.
  4. Enter your suggestion for improvement in the Description field. Include links to the relevant parts of the documentation.
  5. If you want to be notified about future updates, please make sure you are assigned as Reporter.
  6. Click Create at the bottom of the dialogue.

Chapter 1. Overview
Copy link

Red Hat Enterprise Linux (RHEL) 7 RHEA-2019:3190 introduced RHEL System Roles for SAP to assist with remotely or locally configuring a RHEL system for the installation of SAP HANA or SAP NetWeaver software. RHEL System Roles for SAP development is based on the SAP LinuxLab upstream project.

RHEL System Roles is a collection of roles executed by Ansible to assist administrators with RHEL system configuration. These roles are provided in the RHEL AppStream repository. In contrast, RHEL System Roles for SAP is provided in the RHEL for SAP Solutions subscription.

The Red Hat Enterprise Linux for SAP Solution subscription provides support for RHEL System Roles for SAP with Ansible Core. However, if you require full support for Ansible Core, a separate subscription is necessary. Additional information is available at Red Hat Enterprise Linux (RHEL) System Roles.

The following RHEL System Roles for SAP are fully supported on control nodes running RHEL 8.4 and later:

  • sap_general_preconfigure
  • sap_netweaver_preconfigure
  • sap_hana_preconfigure
  • sap_hana_install

The following RHEL System Roles for SAP are supported as Technology Preview on control nodes running RHEL 8.4 and later:

  • sap_ha_install_hana_hsr
  • sap_ha_pacemaker_cluster
  • sap_swpm (*)

The RHEL System Roles for SAP, just like the RHEL System Roles, are installed and run from a central node referred to as the control node (which can be Ansible Automation controller, Red Hat Satellite, or a RHEL 9 or RHEL 8 host). The control node connects to the local host and/or to one or more remote hosts (called managed nodes in the context of Ansible), and performs installation and configuration steps on them. It is recommended that you use the latest major release of RHEL on the control node (RHEL 8) and use the latest version of the roles either from the rhel-system-roles-sap RPM or from Red Hat Automation Hub. The RHEL System Roles for SAP and Ansible packages do not need to be installed on the systems that are being managed/configured.

This document describes how to install and use RHEL package rhel-system-roles-sap version 3.3.0 (*) or Automation Hub collection redhat.sap_install version 1.2.1, which consists of the following roles.

Note

Package rhel-system-roles-sap version 3.3.0 does not contain the role sap_swpm. This role is planned to be released in the next version of package rhel-system-roles-sap.

Purpose

Expand
Role NameDescription

sap_general_preconfigure

Perform installation and configuration steps common to SAP NetWeaver and SAP HANA

sap_netweaver_preconfigure

Perform additional installation and configuration steps for SAP NetWeaver

sap_hana_preconfigure

Perform additional installation and configuration for SAP HANA

sap_hana_install

Perform a SAP HANA scale-up or scale-out installation

sap_ha_install_hana_hsr

Set up SAP HANA System Replication on two nodes

sap_ha_pacemaker_cluster

Install Pacemaker and configure the cluster and SAP cluster resources

sap_swpm

Install SAP Software via SWPM

Support Status

Expand
Role NameSupport StatusRemote Host ManagementControl Node

sap_general_preconfigure

Fully supported

RHEL 7.6 and later, RHEL 8, RHEL 9

RHEL 8, RHEL 9

sap_netweaver_preconfigure

Fully supported

RHEL 7.6 and later, RHEL 8, RHEL 9

RHEL 8, RHEL 9

sap_hana_preconfigure

Fully supported

RHEL 7.6 and later, RHEL 8, RHEL 9

RHEL 8, RHEL 9

sap_hana_install

Fully supported

RHEL 7.6 and later, RHEL 8, RHEL 9

RHEL 8, RHEL 9

sap_ha_install_hana_hsr

Technology Preview

RHEL 8, RHEL 9

RHEL 8, RHEL 9

sap_ha_pacemaker_cluster

Technology Preview

RHEL 8, RHEL 9

RHEL 8, RHEL 9

sap_swpm (*)

Technology Preview for certain functionality, unsupported for all other functionality

RHEL 8, RHEL 9

RHEL 8, RHEL 9

Note

  • * This version of the RHEL System Roles for SAP contains the role sap_swpm with a support scope of Technology Preview for the role’s default mode only and only for the following deployment scenarios: S/4HANA 2021 and S/4HANA 2022 single-host installation on x86_64: RHEL 8.4, 8.6, 9.0 and ppc64le: RHEL 8.4 and 8.6.

    All other functionality of the role sap_swpm is not supported.

Platforms
See the table below for the supported hardware/virtualization/cloud platforms of the managed node:

Expand
Hardware platformBare Metal/Virtualization/ Cloud platformSupport Status

x86_64

bare metal, Red Hat Virtualization/libvirt, VMware ESX, Red Hat Certified Cloud and Service Providers

supported as per Support Status in the previous table

ppc64le

PowerVM LPARs

supported as per Support Status in the previous table

s390x

zVM guest

fully supported: sap_general_preconfigure, sap_netweaver_preconfigure

Directories

Expand
Installation MethodRoles; Documentation

RHEL package rhel-system-roles-sap

/usr/share/ansible/roles/<role>; /usr/share/doc/rhel-system-roles-sap/<role>

Automation Hub collection redhat.sap_install

~/.ansible/collections/ansible_collection/redhat/sap_install/<role>; ~/.ansible/collections/ansible_collection/redhat/sap_install/<role>/README.md

Note
  • The roles are designed to be used right after the initial installation of a managed node. If you want to run these roles against an SAP or other production system, run them in assertion mode first so you can detect which settings deviate from SAP’s recommendations as per applicable SAP notes. When run in normal mode, the roles will enforce the SAP recommended configuration on the managed node(s). Unusual system configuration settings might in rare cases still lead to unintended changes by the role. Before using the roles in normal mode on production systems, it is strongly recommended to backup the system and test the roles on a test and QA system first.
  • Before applying the roles on a managed node, verify that the RHEL release on the managed node is supported by the SAP software version that you are planning to install. The role sap_hana_preconfigure will fail if a RHEL minor version is used for which no SAP HANA validation exists (can be overridden).

Use the following procedure for installing Ansible Core and the RHEL System Roles for SAP package or collection.

Note

For installing packages on a Red Hat Satellite system, do not use the plain dnf command but follow the instructions in How to install or update packages in Red Hat Satellite 6?.

Procedure

  1. Install Ansible Core: 

    # dnf install ansible-core
    Copy to Clipboard Toggle word wrap

    Continue with step 2 for installing the RHEL package rhel-system-roles-sap or with step 3 for installing the Automation Hub collection redhat.sap_install.

  2. For installing the RHEL package rhel-system-roles-sap:

    1. Enable the RHEL for SAP Solutions repository using Red Hat Subscription Manager: 

      # subscription-manager repos
--enable=rhel-$(rpm -E %rhel)-for-$(uname -m)-sap-solutions-rpms
      Copy to Clipboard Toggle word wrap

    2. Install the RHEL System Roles for SAP: 

      # dnf install rhel-system-roles-sap
      Copy to Clipboard Toggle word wrap

      The rhel-system-roles-sap package is installed to /usr/share/ansible/roles/<role>, where <role> is the name of the individual role, for example,sap_hana_preconfigure. Each role includes a README.md file which explains all variables and how to use the role.

  3. For installing the Automation Hub collection redhat.sap_install, you can either directly install the collection from Automation Hub or first download it and then install it from the downloaded file.

    1. To install the collection directly from Automation Hub, follow the instructions on this page. The essential steps are:

      1. Make a copy of your Offline token, the Server URL, and the SSO URL from this page and note the Server URL and SSO URL on the same page. If needed (e.g. because it expired), recreate the token.

      2. Use these values to configure file /etc/ansible/ansible.cfg according to the instructions in this chapter. Use the Server URL for variable url, the SSO URL for variable auth_url, and the Offline token for variable token, as in the following example (replace the dummy token by the actual token): 

        [galaxy]
server_list = automation_hub_install

[galaxy_server.automation_hub_install]
url = https://console.redhat.com/api/automation-hub/[https://console.redhat.com/api/automation-hub/]
auth_url = https://sso.redhat.com/auth/realms/redhat-external/protocol/openid-connect/token[https://sso.redhat.com/auth/realms/redhat-external/protocol/openid-connect/token]
token = 123567890abcdef...abcdef1234
        Copy to Clipboard Toggle word wrap

      3. Install the collection by running the following command as the user which will use the collection (the user which will run the playbooks to install software or configure settings on managed nodes): 

        # ansible-galaxy collection install redhat.sap_install
        Copy to Clipboard Toggle word wrap

        This will install the collection into the default location for the user (necessary directories will be created recursively), which is: ~/.ansible/collections/ansible_collections/redhat/sap_install.

    2. To download the collection from Automation Hub and then install it, perform the following step:

      1. Download the collection tar file from this page (use the Download tarball link) and then run the following command as the user which will use the collection: 

        # ansible-galaxy collection install
./redhat-sap_install-1.2.1.tar.gz
        Copy to Clipboard Toggle word wrap

        This will also install the collection into the default location for the user, as described before.
        The file README.md in each role’s subdirectory below sap_install, e.g. roles/sap_general_preconfigure, contains the documentation for each of the roles.

Chapter 3. New Features
Copy link

Automation Hub collection redhat.sap_install version 1.2.1 has the following new features:

  • New sap_ha_pacemaker_cluster role for performing all HA related configuration changes in one role, using the ha_cluster Linux System Role and its enhanced features
  • Improve SID and instance checking in role sap_hana_install, so the role will return successfully if a HANA system with the desired SID and instance number is detected (idempotency)
  • Enable modifying SELinux file labels for SAP directories during preconfiguration and HANA installation, using the selinux Linux System Role
  • New sap_swpm role for performing certain SWPM based installations

Chapter 4. Known Issues
Copy link

4.1. Reboot requirement detection
Copy link

The reboot requirement detection is not reliable on RHEL 8.5 and later on platform ppc64le.

A failed reboot requirement detection can lead to unnecessary reboots at the end of a playbook which calls the preconfiguration roles. Role parameters are available for avoiding reboots, and playbooks can be extended to unconditionally reboot a system. See bug 2166444 for more information.

4.2. RHEL 9 packages for SAP HANA
Copy link

On RHEL 9, some packages are not getting installed and some are installed which are not required for SAP HANA.

SAP note 3108316 has been published with some updates which were not known at the time this version of the RHEL System Roles for SAP had been finalized. The additional package that has to be installed for SAP HANA is compat-openssl11.

See this comment for instructions on how to quickly define a list of packages to be installed.

4.3. Extended check (Assert) function
Copy link

Be careful when using the extended check (=assert) function of the preconfigure roles.

The preconfigure roles can run in an assert mode, in which case they do not modify managed nodes but report the compliance of a node with the applicable SAP notes. When using the same control node also for modifying the system configuration, by running the preconfigure roles in normal mode, extra caution needs to be applied to ensure that a "normal" playbook is not accidentally used for checking the system configuration. It is strongly recommended to only run the roles on production systems after testing them on test and QA systems first.

4.4. DNS name resolution
Copy link

Role sap_general_preconfigure fails if the DNS domain is not set on the managed node.

In case there is no DNS domain set on the managed node, which is typically the case on cloud systems, the role sap_general_preconfigure will fail in task Verify that the DNS domain is set. To avoid this, set the role variable sap_domain in the vars section of your playbook, in an inventory file for the managed node or run the ansible-playbook command with parameter -e "sap_domain=example.com" (replace example.com by your own DNS domain name).

Use the following procedures for configuring or verifying one or more systems for the installation of SAP NetWeaver or SAP HANA

5.1. Preparing the control node
Copy link

Use the following steps to display the system messages in English. RHEL System Roles for SAP requires that the Ansible control node uses locale C or en_US.UTF-8.

Procedure

  1. Run the command on the local host to check the current setting. 

    # locale
    Copy to Clipboard Toggle word wrap

  2. The output should display either C or en_US.UTF-8 in the line starting with LC_MESSAGES=.

    1. If the command does not produce the expected output, run the following command on the local host before executing the ansible-playbook command: 

      # export LC_ALL=C
      Copy to Clipboard Toggle word wrap

      Or 

      # export LC_ALL=en_US.UTF-8
      Copy to Clipboard Toggle word wrap
      Note

      These steps are necessary because by default, the LC_* variables are forwarded to a remote system (see man ssh_config and man sshd_config), and the roles are evaluating certain command outputs from remote systems.

5.2. Configuring the local system
Copy link

Use the following steps for preparing the local system for the installation of SAP NetWeaver

Prerequisites

  • No production software running on the system
  • A minimum of 20480 MB of swap space is configured on the local system

Procedure

  1. Make a bakckup, if you would like to preserve the original configuration of the server.

    Note

    These roles are run after the installation of RHEL, therefore a backup should not be required.

  2. Create a YAML file named sap-netweaver.yml with the following content: 

    - hosts: localhost
  connection: local
  roles:
    - sap_general_preconfigure
    - sap_netweaver_preconfigure
    Copy to Clipboard Toggle word wrap
    Important

    The correct indentation of 2 spaces in front of roles: is essential.

  3. Run the RHEL System Roles sap_general_preconfigure and sap_netweaver_preconfigure to prepare the managed nodes for the installation of SAP NetWeaver. 

    # ansible-playbook sap-netweaver.yml
    Copy to Clipboard Toggle word wrap
  4. At the end of the playbook run, the role will likely report that a reboot is required, for example because certain packages had been installed. In this case, reboot the system at this time.

5.3. Verifying the local system
Copy link

RHEL System roles for SAP can also be used to verify that RHEL systems are configured correctly. Use the following steps to verify if the local system is configured correctly for installation of SAP NetWeaver.

Prerequisites

  • RHEL System Roles for SAP version 3

Procedure

  1. Create a YAML file named sap-netweaver.yml with the following content: 

    - hosts: localhost
  connection: local
  vars:
    sap_general_preconfigure_assert: yes
    sap_general_preconfigure_assert_ignore_errors: yes
    sap_netweaver_preconfigure_assert: yes
    sap_netweaver_preconfigure_assert_ignore_errors: yes
  roles:
    - sap_general_preconfigure
    - sap_netweaver_preconfigure
    Copy to Clipboard Toggle word wrap

  2. Run the following command: 

    # ansible-playbook sap-netweaver.yml
    Copy to Clipboard Toggle word wrap

    In case you would like to get a more compact output, you can pipe the output to the shell script beautify-assert-output.sh, located in the tools directory of each of the preconfigure roles, to just display the essential FAIL or PASS information for each assertion. Assuming you have copied the script to directory ~/bin, the command would be: 

    # ansible-playbook sap-netweaver-assert.yml |
./bin/beautify-assert-output.sh
    Copy to Clipboard Toggle word wrap

    If you are using a terminal with dark background, replace all occurrences of color code [30m in the following command sequence by [37m. Otherwise, the output of some lines will be unreadable due to a dark font on a dark background. In case you accidentally ran the above command in a terminal with a dark background, you can re-enable the default white font again with the following command: 

    # echo -e "\033[37mResetting font color\n"
    Copy to Clipboard Toggle word wrap

5.4. Configuring remote systems
Copy link

Use the following steps for preparing one or more remote systems (managed nodes) for the installation of SAP HANA.

Prerequisites

  • Verify that the managed nodes are correctly set up for installing Red Hat software packages from a Red Hat Satellite server or the Red Hat Customer Portal.
  • Passwordless ssh access to each managed node from the Ansible control node.

  • Supported RHEL release for SAP HANA.

    • For information on supported RHEL releases for SAP HANA, see SAP Note 2235581.

Procedure

  1. Make a backup if you would like to preserve the original configuration of the server.

  2. Create an inventory file or modify file /etc/ansible/hosts that contains the name of a group of hosts and each system which you intend to configure (=managed node) in a separate line (example for three hosts in a host group named sap_hana): 

    [sap_hana]
host01
host02
host03
    Copy to Clipboard Toggle word wrap

  3. Verify that you can log in to all three hosts using ssh without password. Example: 

    # ssh host01 uname -a
# ssh host02 hostname
# ssh host03 echo test
    Copy to Clipboard Toggle word wrap

  4. Create a YAML file named sap-hana.yml with the following content: 

    - hosts: sap_hana
  roles:
    - sap_general_preconfigure
    - sap_hana_preconfigure
    Copy to Clipboard Toggle word wrap
    Important

    The correct indentation (e.g. 2 spaces in front of roles:) is essential.

  5. Run the RHEL System Roles sap_general_preconfigure and sap_hana_preconfigure to prepare the managed nodes for the installation of SAP HANA. 

    # ansible-playbook sap-hana.yml
    Copy to Clipboard Toggle word wrap
    Note
    • The roles are designed to be used right after the initial installation of a managed node. If you want to run these roles against an SAP or other production system, run them in assertion mode first so you can detect which settings deviate from SAP’s recommendations as per applicable SAP notes. When run in normal mode, the roles will enforce the SAP recommended configuration on the managed node(s). Unusual system configuration settings might in rare cases still lead to unintended changes by the role. Before using the roles in normal mode on production systems, it is strongly recommended to backup the system and test the roles on a test and QA system first.
    • At the end of the playbook run, the command will report for each managed node that a reboot is required. Reboot the managed nodes at this time.

5.5. Installing SAP software
Copy link

For instructions on installing the SAP HANA database or SAP S/4HANA on RHEL 8 or RHEL 9, refer to Installing SAP HANA or SAP S/4HANA with the RHEL System Roles for SAP.

Chapter 6. Additional Information
Copy link

6.1. Implemented SAP Notes in sap*preconfigure
Copy link

The implemented SAP notes in the three preconfigure roles, along with the SAP note versions, are contained in each preconfigure role’s vars files, in a variable named _<role_name>_sapnotes_versions. Sample file name: /usr/share/ansible/roles/sap_general_preconfigure/vars/RedHat_8.yml. In these files the variable _sap_general_preconfigure_sapnotes_versions contains the implemented SAP notes along with their version numbers.

6.2. Role Variables
Copy link

The file README.md of each role, located in directory /usr/share/ansible/roles/<role>, describes the purpose of all user configurable variables as well as their default settings. The variables are defined and can be changed in several places, e.g. in an inventory file, in your playbooks, or by using the ansible-playbook command line parameter --extra-vars or -e.

Legal Notice
Copy link

Copyright © 2025 Red Hat, Inc.
The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at http://creativecommons.org/licenses/by-sa/3.0/. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version.
Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.
Red Hat, Red Hat Enterprise Linux, the Shadowman logo, the Red Hat logo, JBoss, OpenShift, Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.
Linux® is the registered trademark of Linus Torvalds in the United States and other countries.
Java® is a registered trademark of Oracle and/or its affiliates.
XFS® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries.
MySQL® is a registered trademark of MySQL AB in the United States, the European Union and other countries.
Node.js® is an official trademark of Joyent. Red Hat is not formally related to or endorsed by the official Joyent Node.js open source or commercial project.
The OpenStack® Word Mark and OpenStack logo are either registered trademarks/service marks or trademarks/service marks of the OpenStack Foundation, in the United States and other countries and are used with the OpenStack Foundation's permission. We are not affiliated with, endorsed or sponsored by the OpenStack Foundation, or the OpenStack community.
All other trademarks are the property of their respective owners.
Back to top
Red Hat logoGithubredditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust. Explore our recent updates.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

Theme

© 2025 Red Hat