Jump to contentJump to page navigation: previous page [access key p]/next page [access key n]
documentation.suse.com / Guide / Setting up an SAP HANA cluster
Applies to SUSE Linux Enterprise Server for SAP Applications 15 SP3

7 Setting up an SAP HANA cluster

You can use a YaST wizard to set up SAP HANA or SAP S/4HANA Database Server clusters according to best practices, including SAP HANA system replication. A summary of the setup options is given in Section 1.1.3, “Simplified SAP HANA system replication setup”.

Administrators can now use the SAP HANA-SR Wizard to run the module unattended, usually for on-premises deployments. Additionally, it is possible to configure the SAP HANA cluster on Azure now. The YaST module identifies automatically when running on Azure and configures an extra resource needed on Pacemaker.

The following Best Practices from the SUSE Linux Enterprise Server for SAP Applications Resource Library (https://www.suse.com/products/sles-for-sap/resource-library/) contain setup instructions:

  • Performance-optimized scenario and multi-tier/chained scenario: Setting up an SAP HANA SR Performance Optimized Infrastructure

  • Cost-optimized scenario: Setting up an SAP HANA SR Cost Optimized Infrastructure

Important
Important: Wizard can only be used for initial configuration

The YaST wizard described in the following can only be used for the initial cluster configuration.

To reconfigure a cluster, use the separate YaST module Cluster (available from package yast2-cluster). For more information about its usage, see Administration Guide, Part Installation, Setup and Upgrade, Chapter Using the YaST Cluster Module at https://documentation.suse.com/sles-15.

7.1 Prerequisites

The following procedure has prerequisites:

  • Two machines which both have an SAP HANA installation created by the SAP Installation Wizard or SAP HANA Application Lifecycle Management. Both machines need to be on the same L2 network (subnet).

    In the case of a multi-tier/chained scenario, there must also be a third machine elsewhere.

  • The machines are not yet set up as a high-availability cluster.

  • openSSH is running on both machines and the nodes can reach each other via SSH. However, if that has not already happened, the wizard will perform the SSH key exchange itself.

    For more information about SSH, see Security and Hardening Guide, Part Network Security, Chapter SSH: Secure Network Operations at https://documentation.suse.com/sles-15.

  • A disk device that is available to both nodes under the same path for SBD. It must not use host-based RAID, cLVM2 or reside on a DRBD instance. The device can have a small size, for example, 100 MB.

  • You have created either:

    • A key in the SAP HANA Secure User Store on the primary node

    • An initial SAP HANA backup on the primary node

  • The package yast2-sap-ha is installed on both the primary and the secondary node.

  • HANA-Firewall is set up on both computers with the rules HANA_HIGH_AVAILABILITY and HANA_SYSTEM_REPLICATION on all relevant network interfaces.

    For information about setting up HANA-Firewall, see Section 10.2, “Configuring HANA-Firewall”.

  • Cost-optimized scenario only: The secondary node has a second SAP HANA installation. The database may be running but will be stopped automatically by the wizard.

  • Cost-optimized scenario only: For the non-production SAP HANA instance, you have created an SAP HANA Secure User Store key QASSAPDBCTRL for monitoring purposes. For more information, refer to the SAP HANA System Replication Scale-Up - Cost Optimized Scenario document at https://documentation.suse.com/sles-sap/.

7.2 Setup

The following procedure needs to be executed on the primary node (also called the master). Before proceeding, make sure the prerequisites listed in Section 7.1, “Prerequisites” are fulfilled.

  1. Open the YaST control center. In it, click HA Setup for SAP Products in the category High Availability.

  2. If an SAP HANA instance has been detected, you can choose between the scale-up scenarios Performance-optimized, Cost-optimized, or Chained (multi-tier). For information about these scale-up scenarios, see Section 1.1.3, “Simplified SAP HANA system replication setup”.

    Continue with Next.

    Screenshot of replication scenario selection
  3. This step of the wizard presents a list of prerequisites for the chosen scale-up scenario. These prerequisites are the same as those presented in Section 7.1, “Prerequisites”.

    Continue with Next.

  4. The next step lets you configure the communication layer of your cluster.

    • Provide a name for the cluster.

    • The default transport mode Unicast is usually appropriate.

    • Under Number of rings, a single communication ring usually suffices.

      For redundancy, it is often better to use network interface bonding instead of multiple communication rings. For more information, see Administration Guide, Part Configuration and Administration, Chapter Network Device Bonding at https://documentation.suse.com/sles-15.

    • From the list of communication rings, configure each enabled ring. To do so, click Edit selected, then select a network mask (IP address) and a port (Port number) to communicate over.

      Finish with OK.

    • Additionally, decide whether to enable the configuration synchronization service Csync2 and Corosync secure authentication using HMAC/SHA1.

      For more information about Csync2, see Administration Guide Part Installation, Setup and Upgrade, Chapter Using the YaST Cluster Module, Section Transferring the Configuration to All Nodes at https://documentation.suse.com/sles-15.

      For more information about Corosync secure authentication, see Administration Guide, Part Installation, Setup and Upgrade, Chapter Using the YaST Cluster Module, Section Defining Authentication Settings at https://documentation.suse.com/sles-15.

    Proceed with Next.

    Screenshot of communication layer configuration
  5. The wizard will now check whether it can connect to the secondary machine using SSH. If it can, it will ask for the root password to the machine.

    Enter the root password.

    The next time the primary machine needs to connect to the secondary machine, it will connect using an SSH certificate instead of a password.

  6. For both machines, set up the host names and IP address (for each ring).

    Host names chosen here are independent from the virtual host names chosen in SAP HANA. However, to avoid issues with SAP HANA, host names must not include hyphen characters (-).

    If this has not already been done before, such as during the initial installation of SAP HANA, host names of all cluster servers must now be added to the file /etc/hosts. For this purpose, activate Append to /etc/hosts.

    Proceed with Next.

  7. If NTP is not yet set up, do so. This avoids the two machines from running into issues because of time differences.

    1. Click Reconfigure.

    2. On the tab General Settings, activate Now and on Boot.

    3. Add a time server by clicking Add. Click Server and Next. Then specify the IP address of a time server outside of the cluster. Test the connection to the server by clicking Test.

      To use a public time server, click Select › Public server and select a time server. Finish with OK.

      Proceed with OK.

    4. On the tab Security Settings, activate Open Port in Firewall.

    5. Proceed with Next.

  8. In the next step, choose fencing options. The YaST wizard only supports the fencing mechanism SBD (STONITH block device). To avoid split-brain situations, SBD uses a disk device which stores cluster state.

    The chosen disk must be available from all machines in the cluster under the same path. Ideally, use either by-uuid or by-path for identification.

    The disk must not use host-based RAID, cLVM2 or reside on a DRBD instance. The device can have a small size, for example, 100 MB.

    Warning
    Warning: Data on device will be lost

    All data on the chosen SBD device or devices will be deleted.

    To define a device to use, click Add, then choose an identification method such as by-uuid and select the appropriate device. Click OK.

    To define additional SBD command line parameters, add them to SBD options.

    If your machines reboot particularly fast, activate Delay SBD start.

    For more information about fencing, see the Administration Guide at https://documentation.suse.com/sles-15.

    Proceed with Next.

  9. The following page allows configuring watchdogs which protect against the failure of the SBD daemon itself and force a reboot of the machine in such a case.

    It also lists watchdogs already configured using YaST and watchdogs that are currently loaded (as detected by lsmod).

    To configure a watchdog, use Add. Then choose the correct watchdog for your hardware and leave the dialog with OK.

    For testing, you can use the watchdog softdog. However, we highly recommend using a hardware watchdog in production environments instead of softdog. For more information about selecting watchdogs, see Administration Guide, Part Storage and Data Replication, Chapter Storage Protection, Section Conceptual Overview, Section Setting Up Storage-based Protection, Section Setting up the Watchdog at https://documentation.suse.com/sles-15.

    Proceed with Next.

  10. Set up the parameters for your SAP HANA installation or installations. If you have selected the cost-optimized scenario, additionally fill out details related to the non-production SAP HANA instance.

    Production SAP HANA instance
    • Make sure that the System ID and Instance number match those of your SAP HANA configuration.

    • Replication mode and Operation mode usually do not need to be changed.

      For more information about these parameters, see the HANA Administration Guide provided to you by SAP.

    • Under Virtual IP address, specify a virtual IP address for the primary SAP HANA instance. Under Virtual IP Mask, set the length of the subnetwork mask in CIDR format to be applied to the Virtual IP address.

    • Prefer site takeover defines whether the secondary instance should take over the job of the primary instance automatically (true). Alternatively, the cluster will restart SAP HANA on the primary machine.

    • Automatic registration determines whether primary and secondary machine should switch roles after a takeover.

    • Specify the site names for the production SAP HANA instance on the two nodes in Site name 1 and Site name 2.

    • Having a backup of the database is a precondition for setting up SAP HANA replication.

      If you have not previously created a backup, activate Create initial backup. Under Backup settings, configure the File name and the Secure store key for the backup. The key in the SAP HANA Secure User Store on the primary node must have been created before starting the wizard.

      For more information, see the documentation provided to you by SAP.

    • Cost-optimized scenario only: Within Production system constraints, configure how the production instance of SAP HANA should behave while inactive on the secondary node.

      Setting the Global allocation limit allows directly limiting memory usage. Activating Preload column tables will increase memory usage.

      For information about the necessary global allocation limit, refer to the documentation provided by SAP.

    Cost-optimized scenario only: non-production SAP HANA instance
    • Make sure that the System ID and Instance number match those of your non-production SAP HANA instance.

      These parameters are needed to allow monitoring the status of the non-production SAP HANA instance using the SAPInstance resource agent.

    • Generate a hook script for stopping the non-production instance and starting the production instance and removing the constraints on the production system. The script is written in Python 2 and can be modified as necessary later.

      Click Hook script and then set up the correct user name and password for the database. Then click OK.

      You can now manually verify and change the details of the generated hook script. When you are done, click OK to save the hook script at /hana/shared/SID/srHook.

      Warning
      Warning: Passwords stored in plain text

      By default, the hook script stores all credentials in plain text. To improve security, modify the script yourself.

    Proceed with Next.

    Screenshot of SAP HANA options (cost-optimized scenario)
    Figure 7.1: SAP HANA options (cost-optimized scenario)
  11. On the page High-Availability Configuration Overview, check that the setup is correct.

    To change any of the configuration details, return to the appropriate wizard page by clicking one of the underlined headlines.

    Proceed with Install.

  12. When asked whether to install additional software, confirm with Install.

  13. After the setup is done, there is a screen showing a log of the cluster setup.

    To close the dialog, click Finish.

  14. Multi-tier/chain scenario only: Using the administrative user account for the production SAP HANA instance, register the out-of-cluster node for system replication:

    SIDadm > hdbnsutil -sr_register --remoteHost=SECONDARY_HOST_NAME \
    --remoteInstance=INSTANCE_NUMBER --replicationMode=async \
    --name=SITE_NAME

7.3 Unattended setup using SAP HANA-SR wizard

An unattended setup requires a manual installation of HANA first. The result is saved into a file containing all configuration options that were chosen. If the administrator needs to reproduce the installation, with this file the installation can be run automatically and unattended.

To use it, perform the following steps on both nodes:

  1. On the production machines with SAP HANA installed, create a configuration file by running the sap_ha YaST module.

  2. On the last screen, click the Save configuration button.

  3. Decide what you want to do:

    • To review the configuration, upload and validate the configuration on the primary SAP HANA machine and run:

      # yast2 sap_ha readconfig CONFIGURATION_FILE_PATH

      It is possible to start the installation on the review screen.

    • To start the installation based on the provided configuration file unattended, run:

      # yast2 sap_ha readconfig CONFIGURATION_FILE_PATH unattended
  4. Import, validate, and install the cluster unattended, based on the provided configuration file:

    # yast2 sap_ha readconfig CONFIGURATION_FILE_PATH unattended

7.4 Using Hawk

After you have set up the cluster using the wizard, you can open Hawk directly from the last screen of the HA Setup for SAP Products wizard.

To revisit Hawk, open a browser and as the URL, enter the IP address or host name of any cluster node running the Hawk Web service. Alternatively, enter the virtual IP address you configured in Section 7.2, “Setup”.

https://HAWKSERVER:7630/

On the Hawk login screen, use the following login credentials:

  • Username: hacluster

  • Password: linux

Important
Important: Secure password

Replace the default password with a secure one as soon as possible:

# passwd hacluster

7.5 For more information