Red Hat Enterprise Linux System Roles for SAP
Abstract
Making open source more inclusive
Red Hat is committed to replacing problematic language in our code and documentation. We are beginning with these four terms: master, slave, blacklist, and whitelist. Due to the enormity of this endeavor, these changes will be gradually implemented over upcoming releases. For more details on making our language more inclusive, see our CTO Chris Wright’s message.
Providing feedback on Red Hat documentation
We appreciate your feedback on our documentation. Let us know how we can improve it.
Submitting feedback through Jira (account required)
- Make sure you are logged in to the Jira website.
- Provide feedback by clicking on this link.
- Enter a descriptive title in the Summary field.
- Enter your suggestion for improvement in the Description field. Include links to the relevant parts of the documentation.
- If you want to be notified about future updates, please make sure you are assigned as Reporter.
- Click Create at the bottom of the dialogue.
Chapter 1. Overview
Red Hat Enterprise Linux (RHEL) 7 RHEA-2019:3190 introduced RHEL System Roles for SAP to assist with remotely or locally configuring a RHEL system for the installation of SAP HANA or SAP NetWeaver software. RHEL System Roles for SAP development is based on the SAP LinuxLab upstream project.
RHEL System Roles is a collection of roles executed by Ansible to assist administrators with RHEL system configuration. These roles are provided in the RHEL AppStream repository. In contrast, RHEL System Roles for SAP is provided in the RHEL for SAP Solutions subscription.
The Red Hat Enterprise Linux for SAP Solution subscription provides support for RHEL System Roles for SAP with Ansible Core. However, if you require full support for Ansible Core, a separate subscription is necessary. Additional information is available at Red Hat Enterprise Linux (RHEL) System Roles.
The following RHEL System Roles for SAP are fully supported on control nodes running RHEL 8.4 and later:
- sap_general_preconfigure
- sap_netweaver_preconfigure
- sap_hana_preconfigure
- sap_hana_install
The following RHEL System Roles for SAP are supported as Technology Preview on control nodes running RHEL 8.4 and later:
- sap_ha_install_hana_hsr
- sap_ha_pacemaker_cluster
- sap_swpm (*)
The RHEL System Roles for SAP, just like the RHEL System Roles, are installed and run from a central node referred to as the control node (which can be Ansible Automation controller, Red Hat Satellite, or a RHEL 9 or RHEL 8 host). The control node connects to the local host and/or to one or more remote hosts (called managed nodes in the context of Ansible), and performs installation and configuration steps on them. It is recommended that you use the latest major release of RHEL on the control node (RHEL 8) and use the latest version of the roles either from the rhel-system-roles-sap
RPM or from Red Hat Automation Hub. The RHEL System Roles for SAP and Ansible packages do not need to be installed on the systems that are being managed/configured.
This document describes how to install and use RHEL package rhel-system-roles-sap
version 3.3.0 (*) or Automation Hub collection redhat.sap_install
version 1.2.1, which consists of the following roles.
Package rhel-system-roles-sap
version 3.3.0 does not contain the role sap_swpm
. This role is planned to be released in the next version of package rhel-system-roles-sap
.
Purpose
Role Name | Description |
---|---|
sap_general_preconfigure | Perform installation and configuration steps common to SAP NetWeaver and SAP HANA |
sap_netweaver_preconfigure | Perform additional installation and configuration steps for SAP NetWeaver |
sap_hana_preconfigure | Perform additional installation and configuration for SAP HANA |
sap_hana_install | Perform a SAP HANA scale-up or scale-out installation |
sap_ha_install_hana_hsr | Set up SAP HANA System Replication on two nodes |
sap_ha_pacemaker_cluster | Install Pacemaker and configure the cluster and SAP cluster resources |
sap_swpm | Install SAP Software via SWPM |
Support Status
Role Name | Support Status | Remote Host Management | Control Node |
---|---|---|---|
sap_general_preconfigure | Fully supported | RHEL 7.6 and later, RHEL 8, RHEL 9 | RHEL 8, RHEL 9 |
sap_netweaver_preconfigure | Fully supported | RHEL 7.6 and later, RHEL 8, RHEL 9 | RHEL 8, RHEL 9 |
sap_hana_preconfigure | Fully supported | RHEL 7.6 and later, RHEL 8, RHEL 9 | RHEL 8, RHEL 9 |
sap_hana_install | Fully supported | RHEL 7.6 and later, RHEL 8, RHEL 9 | RHEL 8, RHEL 9 |
sap_ha_install_hana_hsr | Technology Preview | RHEL 8, RHEL 9 | RHEL 8, RHEL 9 |
sap_ha_pacemaker_cluster | Technology Preview | RHEL 8, RHEL 9 | RHEL 8, RHEL 9 |
sap_swpm (*) | Technology Preview for certain functionality, unsupported for all other functionality | RHEL 8, RHEL 9 | RHEL 8, RHEL 9 |
* This version of the RHEL System Roles for SAP contains the role
sap_swpm
with a support scope of Technology Preview for the role’s default mode only and only for the following deployment scenarios: S/4HANA 2021 and S/4HANA 2022 single-host installation on x86_64: RHEL 8.4, 8.6, 9.0 and ppc64le: RHEL 8.4 and 8.6.All other functionality of the role
sap_swpm
is not supported.
Platforms
See the table below for the supported hardware/virtualization/cloud platforms of the managed node:
Hardware platform | Bare Metal/Virtualization/ Cloud platform | Support Status |
---|---|---|
x86_64 | bare metal, Red Hat Virtualization/libvirt, VMware ESX, Red Hat Certified Cloud and Service Providers | supported as per Support Status in the previous table |
ppc64le | PowerVM LPARs | supported as per Support Status in the previous table |
s390x | zVM guest | fully supported: sap_general_preconfigure, sap_netweaver_preconfigure |
Directories
Installation Method | Roles; Documentation |
---|---|
RHEL package rhel-system-roles-sap |
|
Automation Hub collection redhat.sap_install |
|
- The roles are designed to be used right after the initial installation of a managed node. If you want to run these roles against an SAP or other production system, run them in assertion mode first so you can detect which settings deviate from SAP’s recommendations as per applicable SAP notes. When run in normal mode, the roles will enforce the SAP recommended configuration on the managed node(s). Unusual system configuration settings might in rare cases still lead to unintended changes by the role. Before using the roles in normal mode on production systems, it is strongly recommended to backup the system and test the roles on a test and QA system first.
-
Before applying the roles on a managed node, verify that the RHEL release on the managed node is supported by the SAP software version that you are planning to install. The role
sap_hana_preconfigure
will fail if a RHEL minor version is used for which no SAP HANA validation exists (can be overridden).
Chapter 2. Installing the Ansible Engine and RHEL System Roles for SAP
Use the following procedure for installing Ansible Core and the RHEL System Roles for SAP package or collection.
For installing packages on a Red Hat Satellite system, do not use the plain dnf
command but follow the instructions in How to install or update packages in Red Hat Satellite 6?.
Procedure
Install Ansible Core:
# dnf install ansible-core
Continue with step 2 for installing the RHEL package
rhel-system-roles-sap
or with step 3 for installing the Automation Hub collectionredhat.sap_install
.For installing the RHEL package
rhel-system-roles-sap
:Enable the RHEL for SAP Solutions repository using Red Hat Subscription Manager:
# subscription-manager repos --enable=rhel-$(rpm -E %rhel)-for-$(uname -m)-sap-solutions-rpms
Install the RHEL System Roles for SAP:
# dnf install rhel-system-roles-sap
The
rhel-system-roles-sap
package is installed to/usr/share/ansible/roles/<role>
, where<role>
is the name of the individual role, for example,sap_hana_preconfigure
. Each role includes aREADME.md
file which explains all variables and how to use the role.
For installing the Automation Hub collection
redhat.sap_install
, you can either directly install the collection from Automation Hub or first download it and then install it from the downloaded file.To install the collection directly from Automation Hub, follow the instructions on this page. The essential steps are:
- Make a copy of your Offline token, the Server URL, and the SSO URL from this page and note the Server URL and SSO URL on the same page. If needed (e.g. because it expired), recreate the token.
Use these values to configure file
/etc/ansible/ansible.cfg
according to the instructions in this chapter. Use the Server URL for variableurl
, the SSO URL for variableauth_url
, and the Offline token for variabletoken
, as in the following example (replace the dummy token by the actual token):[galaxy] server_list = automation_hub_install [galaxy_server.automation_hub_install] url = https://console.redhat.com/api/automation-hub/[https://console.redhat.com/api/automation-hub/] auth_url = https://sso.redhat.com/auth/realms/redhat-external/protocol/openid-connect/token[https://sso.redhat.com/auth/realms/redhat-external/protocol/openid-connect/token] token = 123567890abcdef...abcdef1234
Install the collection by running the following command as the user which will use the collection (the user which will run the playbooks to install software or configure settings on managed nodes):
# ansible-galaxy collection install redhat.sap_install
This will install the collection into the default location for the user (necessary directories will be created recursively), which is:
~/.ansible/collections/ansible_collections/redhat/sap_install
.
To download the collection from Automation Hub and then install it, perform the following step:
Download the collection tar file from this page (use the
Download tarball
link) and then run the following command as the user which will use the collection:# ansible-galaxy collection install ./redhat-sap_install-1.2.1.tar.gz
This will also install the collection into the default location for the user, as described before.
The fileREADME.md
in each role’s subdirectory belowsap_install
, e.g.roles/sap_general_preconfigure
, contains the documentation for each of the roles.
Chapter 3. New Features
Automation Hub collection redhat.sap_install
version 1.2.1 has the following new features:
-
New
sap_ha_pacemaker_cluster
role for performing all HA related configuration changes in one role, using theha_cluster
Linux System Role and its enhanced features -
Improve SID and instance checking in role
sap_hana_install
, so the role will return successfully if a HANA system with the desired SID and instance number is detected (idempotency) -
Enable modifying SELinux file labels for SAP directories during preconfiguration and HANA installation, using the
selinux
Linux System Role -
New
sap_swpm
role for performing certain SWPM based installations
Chapter 4. Known Issues
4.1. Reboot requirement detection
The reboot requirement detection is not reliable on RHEL 8.5 and later on platform ppc64le.
A failed reboot requirement detection can lead to unnecessary reboots at the end of a playbook which calls the preconfiguration roles. Role parameters are available for avoiding reboots, and playbooks can be extended to unconditionally reboot a system. See bug 2166444 for more information.
4.2. RHEL 9 packages for SAP HANA
On RHEL 9, some packages are not getting installed and some are installed which are not required for SAP HANA.
SAP note 3108316 has been published with some updates which were not known at the time this version of the RHEL System Roles for SAP had been finalized. The additional package that has to be installed for SAP HANA is compat-openssl11
.
See this comment for instructions on how to quickly define a list of packages to be installed.
4.3. Extended check (Assert) function
Be careful when using the extended check (=assert) function of the preconfigure roles.
The preconfigure roles can run in an assert mode, in which case they do not modify managed nodes but report the compliance of a node with the applicable SAP notes. When using the same control node also for modifying the system configuration, by running the preconfigure roles in normal mode, extra caution needs to be applied to ensure that a "normal" playbook is not accidentally used for checking the system configuration. It is strongly recommended to only run the roles on production systems after testing them on test and QA systems first.
4.4. DNS name resolution
Role sap_general_preconfigure
fails if the DNS domain is not set on the managed node.
In case there is no DNS domain set on the managed node, which is typically the case on cloud systems, the role sap_general_preconfigure
will fail in task Verify that the DNS domain is set. To avoid this, set the role variable sap_domain
in the vars section of your playbook, in an inventory file for the managed node or run the ansible-playbook
command with parameter -e "sap_domain=example.com"
(replace example.com
by your own DNS domain name).
Chapter 5. Quick Start Guide to RHEL System Roles for SAP
Use the following procedures for configuring or verifying one or more systems for the installation of SAP NetWeaver or SAP HANA
5.1. Preparing the control node
Use the following steps to display the system messages in English. RHEL System Roles for SAP requires that the Ansible control node uses locale C
or en_US.UTF-8
.
Procedure
Run the command on the local host to check the current setting.
# locale
The output should display either
C
oren_US.UTF-8
in the line starting withLC_MESSAGES=
.If the command does not produce the expected output, run the following command on the local host before executing the
ansible-playbook
command:# export LC_ALL=C
Or
# export LC_ALL=en_US.UTF-8
NoteThese steps are necessary because by default, the
LC_*
variables are forwarded to a remote system (seeman ssh_config
andman sshd_config
), and the roles are evaluating certain command outputs from remote systems.
5.2. Configuring the local system
Use the following steps for preparing the local system for the installation of SAP NetWeaver
Prerequisites
- No production software running on the system
- A minimum of 20480 MB of swap space is configured on the local system
Procedure
Make a bakckup, if you would like to preserve the original configuration of the server.
NoteThese roles are run after the installation of RHEL, therefore a backup should not be required.
Create a YAML file named
sap-netweaver.yml
with the following content:- hosts: localhost connection: local roles: - sap_general_preconfigure - sap_netweaver_preconfigure
ImportantThe correct indentation of 2 spaces in front of
roles:
is essential.Run the RHEL System Roles
sap_general_preconfigure
andsap_netweaver_preconfigure
to prepare the managed nodes for the installation of SAP NetWeaver.# ansible-playbook sap-netweaver.yml
- At the end of the playbook run, the role will likely report that a reboot is required, for example because certain packages had been installed. In this case, reboot the system at this time.
5.3. Verifying the local system
RHEL System roles for SAP can also be used to verify that RHEL systems are configured correctly. Use the following steps to verify if the local system is configured correctly for installation of SAP NetWeaver.
Prerequisites
- RHEL System Roles for SAP version 3
Procedure
Create a YAML file named
sap-netweaver.yml
with the following content:- hosts: localhost connection: local vars: sap_general_preconfigure_assert: yes sap_general_preconfigure_assert_ignore_errors: yes sap_netweaver_preconfigure_assert: yes sap_netweaver_preconfigure_assert_ignore_errors: yes roles: - sap_general_preconfigure - sap_netweaver_preconfigure
Run the following command:
# ansible-playbook sap-netweaver.yml
In case you would like to get a more compact output, you can pipe the output to the shell script
beautify-assert-output.sh
, located in the tools directory of each of the preconfigure roles, to just display the essential FAIL or PASS information for each assertion. Assuming you have copied the script to directory~/bin
, the command would be:# ansible-playbook sap-netweaver-assert.yml | ./bin/beautify-assert-output.sh
If you are using a terminal with dark background, replace all occurrences of color code
[30m
in the following command sequence by[37m
. Otherwise, the output of some lines will be unreadable due to a dark font on a dark background. In case you accidentally ran the above command in a terminal with a dark background, you can re-enable the default white font again with the following command:# echo -e "\033[37mResetting font color\n"
5.4. Configuring remote systems
Use the following steps for preparing one or more remote systems (managed nodes) for the installation of SAP HANA.
Prerequisites
- Verify that the managed nodes are correctly set up for installing Red Hat software packages from a Red Hat Satellite server or the Red Hat Customer Portal.
- Passwordless ssh access to each managed node from the Ansible control node.
Supported RHEL release for SAP HANA.
- For information on supported RHEL releases for SAP HANA, see SAP Note 2235581.
Procedure
- Make a backup if you would like to preserve the original configuration of the server.
Create an inventory file or modify file
/etc/ansible/hosts
that contains the name of a group of hosts and each system which you intend to configure (=managed node) in a separate line (example for three hosts in a host group namedsap_hana
):[sap_hana] host01 host02 host03
Verify that you can log in to all three hosts using ssh without password. Example:
# ssh host01 uname -a # ssh host02 hostname # ssh host03 echo test
Create a YAML file named
sap-hana.yml
with the following content:- hosts: sap_hana roles: - sap_general_preconfigure - sap_hana_preconfigure
ImportantThe correct indentation (e.g. 2 spaces in front of
roles:
) is essential.Run the RHEL System Roles
sap_general_preconfigure
andsap_hana_preconfigure
to prepare the managed nodes for the installation of SAP HANA.# ansible-playbook sap-hana.yml
Note- The roles are designed to be used right after the initial installation of a managed node. If you want to run these roles against an SAP or other production system, run them in assertion mode first so you can detect which settings deviate from SAP’s recommendations as per applicable SAP notes. When run in normal mode, the roles will enforce the SAP recommended configuration on the managed node(s). Unusual system configuration settings might in rare cases still lead to unintended changes by the role. Before using the roles in normal mode on production systems, it is strongly recommended to backup the system and test the roles on a test and QA system first.
- At the end of the playbook run, the command will report for each managed node that a reboot is required. Reboot the managed nodes at this time.
5.5. Installing SAP software
For instructions on installing the SAP HANA database or SAP S/4HANA on RHEL 8 or RHEL 9, refer to Installing SAP HANA or SAP S/4HANA with the RHEL System Roles for SAP.
Chapter 6. Additional Information
6.1. Implemented SAP Notes in sap*preconfigure
The implemented SAP notes in the three preconfigure roles, along with the SAP note versions, are contained in each preconfigure role’s vars files, in a variable named _<role_name>_sapnotes_versions
. Sample file name: /usr/share/ansible/roles/sap_general_preconfigure/vars/RedHat_8.yml
. In these files the variable _sap_general_preconfigure_sapnotes_versions
contains the implemented SAP notes along with their version numbers.
6.2. Role Variables
The file README.md
of each role, located in directory /usr/share/ansible/roles/<role>
, describes the purpose of all user configurable variables as well as their default settings. The variables are defined and can be changed in several places, e.g. in an inventory file, in your playbooks, or by using the ansible-playbook
command line parameter --extra-vars
or -e
.