SAP NetWeaver on Bare Metal Solution deployment guide

This guide covers the aspects of setting up a Bare Metal Solution environment that are unique or relevant to SAP NetWeaver and SAP applications.

In a Bare Metal Solution environment, you install SAP NetWeaver and other SAP software yourself by following the SAP documentation.

This guide also covers the installation and configuration of the Google Cloud foundational services for SAP that are required or optional for SAP NetWeaver in a Bare Metal Solution environment.

For an overview of SAP NetWeaver on Bare Metal Solution to help you plan for your deployment, see SAP NetWeaver on Bare Metal Solution planning guide.

High-level steps

The following list shows the high-level steps you need to complete to deploy SAP NetWeaver on Bare Metal Solution after Google Cloud notifies you that your machines are ready.

  1. Complete the connection to your new machines by following the Bare Metal Solution documentation. For the set up procedures, see Setting up the Bare Metal Solution environment in the Bare Metal Solution documentation.
  2. Validate the machine configuration for SAP NetWeaver.
  3. Establish a connection to the internet for software updates. See Accessing the internet in the Bare Metal Solution documentation.
  4. Establish a connection to Google Cloud APIs. See Setting up access to Google Cloud APIs and services in the Bare Metal Solution documentation.
  5. Set up access to a Network Time Protocol (NTP) server, which is not covered in this guide.
  6. Set up a Domain Name System (DNS) server, which is not covered in this guide.
  7. Install the Google Cloud monitoring agent for SAP NetWeaver.

Validating the machine configuration for SAP NetWeaver

When you log into your machines for the first time, you need to confirm that your machine configuration matches your order.

For information about Bare Metal Solution machine validation, see Logging in to a Bare Metal Solution machine for the first time.

Set up application service accounts

Any application program, agent, or process that accesses Google Cloud resources from a Bare Metal Solution environment needs an IAM service account for authentication and authorization.

To create a service account:

  1. In the Cloud Console, go to the Service accounts page.

    Go to the Service Accounts page

  2. Select your Google Cloud project.

  3. Click Create Service Account.

  4. Specify a name for the service account and, optionally, a description.

  5. Click Create and Continue.

  6. On the Grant this service account access to project panel, select the roles that contain the permissions that your application needs.

    For example, the fence_gce agent that is used in high-availability clusters needs the baremetalsolution.service.resetInstance permission, which is included in the IAM roles roles/baremetalsolution.editor and roles/baremetalsolution.admin.

  7. Click Continue.

  8. As appropriate, grant other users access to the service account.

  9. Click Done.

  10. On the Service accounts page in the Cloud Console, click the email address of the service account that you just created.

  11. Under the service account name, click the Keys tab.

  12. Click the Add Key drop-down menu, and then select Create new key to create a service account key.

  13. Accept JSON as the key type and click Create. A private key is saved to your computer.

  14. Upload the JSON key file to a secure location on the Bare Metal Solution servers that is accessible to the applications that require it.

  15. Configure your applications to access the JSON key file.

    For example, when you create the high-availability cluster resource that uses the fence_gce agent, you specify the path and file name of the JSON key file in the fence_gce configuration properties.

For more information about IAM service accounts, see:

Confirming connectivity to the application servers

Confirm that you have network connectivity between the database server and the application servers.

Make sure that your Google Cloud and guest operating system firewall rules allow traffic between the servers.

Installing SAP NetWeaver on Bare Metal Solution

To install SAP NetWeaver on a Bare Metal Solution host machine, you need to follow the SAP installation documentation for your version of SAP NetWeaver.

To find the installation documentation for your version of SAP NetWeaver, see the SAP Help Portal.

Installing the monitoring agent for SAP NetWeaver

The Google Cloud monitoring agent for SAP NetWeaver is required for SAP support of SAP NetWeaver on SAP HANA on Bare Metal Solution machines. The monitoring agent for SAP NetWeaver provides data about the host machine and environment to the SAP Host Agent.

When you install the monitoring agent for SAP NetWeaver on a Bare Metal Solution machine, the agent does not retrieve data from Cloud Monitoring.

For an overview of installation actions, see the Installation overview.

Install the monitoring agent for SAP NetWeaver

Select the version of your monitoring agent:

Version 2.0

To install the monitoring agent for SAP NetWeaver, select your operating system and follow the procedure:

Linux

Create the configuration file

You need to create a configuration.yaml file on the host machine to enable the monitoring agent for SAP NetWeaver for the Bare Metal Solution machine.

To create the configuration file, follow the procedure:

  1. Establish an SSH connection with your host VM.

  2. Create the configuration.yaml file in the following directory:

    /tmp/gcpsapdeps/configuration.yaml
  3. In the configuration.yaml file, include the following line:

    bare_metal: true

Add the Google Cloud RPM repository to the OS repository list

You need to add the URL for the Google Cloud RPM repository for the agent to the list of package repositories for the operating system. How you add a repository is different depending on whether you are using a Red Hat or a SUSE operating system.

Add a repository to RHEL

To add the Google Cloud RPM repository to RHEL, follow the procedure:

  1. Establish an SSH connection with your host VM.

  2. Issue the following command after replacing RHEL_VERSION with your operating system version number. For example, replace RHEL_VERSION with 7 for RHEL 7 or 8 for RHEL 8. You might need to scroll to see RHEL_VERSION.

    sudo tee /etc/yum.repos.d/google-sapnetweavermonitoring-agent.repo << EOM
    [google-sapnetweavermonitoring-agent]
    name=Google Cloud monitoring agent for SAP NetWeaver
    baseurl=https://packages.cloud.google.com/yum/repos/google-sapnetweavermonitoring-agent-elRHEL_VERSION-\$basearch
    enabled=1
    gpgcheck=0
    repo_gpgcheck=1
    gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg
    https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
    EOM
Add a repository to SLES

To add the Google Cloud RPM repository to SLES, follow the procedure:

  1. Establish an SSH connection with your host VM.

  2. Issue the following command after replacing SLES_VERSION with your operating system version number. For example, replace SLES_VERSION with 12 for SLES 12 or 15 for SLES 15. You might need to scroll to see SLES_VERSION.

    zypper addrepo --gpgcheck-allow-unsigned-package --refresh \
    https://packages.cloud.google.com/yum/repos/google-sapnetweavermonitoring-agent-slesSLES_VERSION-\$basearch google-sapnetweavermonitoring-agent

Install the agent

You install the monitoring agent for SAP NetWeaver by using the OS package manager.

To install the agent, select your operating system and follow the procedure:

RHEL

  1. Establish an SSH connection with your host VM.

  2. Issue the following command:

    sudo yum install google-sapnetweavermonitoring-agent

SLES

  1. Establish an SSH connection with your host VM.

  2. Issue the following command:

    sudo zypper install google-sapnetweavermonitoring-agent

Windows

Create the configuration file

You need to create a configuration.yaml file on the host machine to enable the monitoring agent for SAP NetWeaver for the Bare Metal Solution machine.

To create the configuration file, follow the procedure:

  1. Establish an RDP connection with your host VM.

  2. Create the configuration.yaml file in the following directory:

    C:\gcpsapdeps\configuration.yaml
  3. In the configuration.yaml file, include the following line:

    bare_metal: true

Install the agent

To install the agent, follow the procedure:

  1. Establish an RDP connection with your host VM.

  2. Issue the following command as an administrator on the host VM:

    . { Invoke-WebRequest -useb https://storage.googleapis.com/cloudsapdeploy/netweaver-agent-windows/install.ps1 } | iex

Version 1.0

To install the monitoring agent for SAP NetWeaver, select your operating system and follow the procedure:

Linux

Create the configuration file

You need to create a config.yaml file on the host machine to enable the monitoring agent for SAP NetWeaver for the Bare Metal Solution machine.

To create the configuration file, follow the procedure:

  1. Establish an SSH connection with your host VM.

  2. Create the config.yaml file in the following directory:

    /opt/gcpmetricsprovider/config.yaml
  3. In the config.yaml file, include the following line:

    bare_metal: true

Install the agent

To install the agent, follow the procedure:

  1. Establish an SSH connection with your host VM.

  2. Issue the following command as root on the host VM:

    # curl -s https://storage.googleapis.com/cloudsapdeploy/netweaver-agent/setupagent_linux.sh | bash

Windows

Create the configuration file

You need to create a config.yaml file on the host machine to enable the monitoring agent for SAP NetWeaver for the Bare Metal Solution machine.

To create the configuration file, follow the procedure:

  1. Establish an RDP connection with your host VM.

  2. Create the config.yaml file in the following directory:

    C:\Program Files\Google\GCP Metrics Provider\config.yaml
  3. In the config.yaml file, include the following line:

    bare_metal: true

Install the agent

To install the agent, follow the procedure:

  1. Establish an RDP connection with your host VM.

  2. Issue the following command as an administrator on the host VM:

    . { iwr -useb https://storage.googleapis.com/cloudsapdeploy/netweaver-agent/installer.ps1 } | iex

Validate installation

To validate the installation of the agent and confirm that you configured it correctly for a Bare Metal Solution machine, select your operating system and follow the procedure:

Linux

  1. Use SSH to connect to the VM instance you want to monitor.

  2. At the command prompt, enter the following command:

    curl http://localhost:18181

Windows

  1. Use RDP to connect to the VM instance you want to monitor.

  2. In a web browser, visit the following URL:

    http://localhost:18181

If the monitoring agent for SAP NetWeaver is configured correctly for a Bare Metal Solution host machine, the Instance Type value is bms-nn and the Hardware Model metric value is Google Cloud Bare Metal, as shown in the following example.

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
   <metrics>
   <metric category="config" context="vm" type="string" unit="none"
   last-refresh="1614391024" refresh-interval="0"><name>Data
   Provider Version</name><value>1.1.1.0</value>
   </metric><metric category="config" context="host" type="string"
   unit="none" last-refresh="1614391024" refresh-interval="0">
   <name>Cloud Provider</name><value>Google Cloud
   Platform</value></metric><metric category="config"
   context="vm" type="string" unit="none" last-refresh="1614391024"
   refresh-interval="0"><name>Instance Type</name>
   <value>bms-16.0</value></metric><metric
   category="config" context="host" type="string" unit="none"
   last-refresh="1614391024" refresh-interval="0"><name>Virtualization
   Solution</name><value>N/A</value></metric><metric
   category="config" context="host" type="string" unit="none"
   last-refresh="1614391024" refresh-interval="0"><name>Hardware Manufacturer</name><value>Google</value></metric>
   <metric category="config" context="host" type="string" unit="none"
   last-refresh="1614391024" refresh-interval="0"><name>Hardware
   Model</name><value>Google Cloud Bare Metal</value>
   </metric>
   ...
   </metrics>

For more information about the monitoring agent for SAP NetWeaver, see the Operations Guide.

Configure a high-availability cluster

Configure clustering or a suitable high availability solution for your business critical workloads. We recommend Pacemaker clustering.

With the exception of a few requirements and recommendations, configure high-availability clusters on Bare Metal Solution machines by following the clustering instructions that your operating system vendor provides.

For more information about the Google Cloud requirements and recommendations for configuring a highly available SAP NetWeaver system on Bare Metal Solution, see High-availability clusters for SAP NetWeaver on Bare Metal Solution.

Floating IP addresses

A high-availability cluster for SAP NetWeaver uses two floating or virtual IP addresses (VIPs): one to direct network communication to the SAP Central Services component and another for Enqueue Replication Server communication between the nodes. When configuring your VIPs, use the standard IPaddr2 Pacemaker resource, which uses gratuitous ARP requests to move the VIP between the hosts. For more information, see Address Resolution Protocol.

The following example shows an IPaddr2 resource definition for SAP Central Services on SUSE:

crm configure primitive scs-vip-rsc-name IPaddr2 \
    params ip=10.0.0.79 \
    op monitor interval=10 timeout=20

You add each IPaddr2 resource to a resource group that contains the SAP Central Services resource or the Enqueue Replication Server resource that it is for, so that the resources move together during a failover. For example, the following command creates a group for SAP Central Services:

crm configure group scs-rsc-group-name \
  scs-file-system-rsc-name \
  scs-vip-rsc-name \
  scs-instance-sap-rsc-name \
  meta resource-stickiness=3000

Similarly, the following command creates another group for the Enqueue Replication Server:

crm configure group ers-rsc-group-name \
  ers-file-system-rsc-name \
  ers-vip-rsc-name \
  ers-instance-rsc-name

Configure the fence_gce agent

The following high-level steps help you configure a fencing resource for your high availability cluster that uses the fence_gce agent that is included with your Linux operating system.

  1. In your Google Cloud project, assign an IAM role that includes the baremetalsolution.service.resetInstance permission to a new or existing IAM service account for which you have the JSON key file.

    The predefined role roles/baremetalsolution.editor includes the required permission or you can create a custom role for more granular control over the permissions that the role includes.

    For more information, see:

  1. Upload the service account JSON key file to all Bare Metal Solution servers in the high-availability cluster.

  2. Confirm that your version of the fence_gce agent supports Bare Metal Solution.

    1. SSH into your Bare Metal Solution server

    2. Display the fence_gce agent help:

      $ sudo fence_gce --help
    3. In the fence_gce help, look for the following properties:

      --baremetalsolution            Enable on bare metal
      ...
      --serviceaccount=[filename]    Service account json file location e.g.
                                         serviceaccount=/somedir/service_account.json
      

      If you do not see both the --baremetalsolution and --serviceaccount=[filename] properties, you need to update the agent. Contact Cloud Customer Care for patching instructions. The patching procedure differs depending on which Linux version you are using.

  3. Specify the fence_gce agent as your fencing device on each cluster node when you configure the cluster resources according to the clustering instructions that are provided by your operating system vendor.

    When you define the resource, specify the following fence_gce parameters to enable the agent for the Bare Metal Solution environment:

    • baremetalsolution="true"
    • serviceaccount="file_path/key_file.json"

    The following example shows a fence_gce fencing device resource that is defined on SUSE:

    crm configure primitive STONITH-"server_name" stonith:fence_gce \
     op monitor interval="300s" timeout="60s" on-fail="restart" \
     op start interval="0" timeout="60s" onfail="restart" \
     params port="server_name" zone="Google_Cloud_zone" project="Google_Cloud_project_ID" \
       baremetalsolution="true" method="cycle" \
       serviceaccount="file_path/key_file.json"

    The fencing resource example uses the following definitions:

    Definition Explanation
    baremetalsolution=true Configures the fencing agent for operation in the Bare Metal Solution environment.
    serviceaccount=file_path/key_file.json The file path to the JSON key file that contains the key for the service account that the fencing agent uses to access the Google Cloud APIs.
    port=server_name The original host name of the Bare Metal Solution server that the fencing device can reset.
    method=cycle Defines the method to use for resetting the failed server.
  4. After you define each fencing resource, set the location of the fencing device to a server other than the server that you intend it to reset:

    crm configure location LOC_STONITH_server_name STONITH-server_name -inf: server_name

Restarting your Bare Metal Solution server

You can restart your Bare Metal Solution server by issuing the resetInstance API call, which initiates an ungraceful, hard reset of the server.

Before restarting a server, stop all applications and databases that are running on the server.

For instructions on enabling the Bare Metal Solution API and issuing the resetInstance API call, see Restarting a Bare Metal Solution machine.

Troubleshooting

If you experience problems with the Bare Metal Solution machine, storage, or network, capture and collect the following information and contact Cloud Customer Care:

  • The exact time that the issue occurred.
  • What you expected to happen and what actually happened.
  • All relevant logs, traces, and other diagnostic information that might be relevant, such as an extract from /var/log/messages.

If the issue is related to a high-availability configuration, gather information relevant to your clustering software, such as:

  • Logs such as pacemaker.log and corosync.log.
  • The date and the approximate time that the issue occurred.
  • A fail count for all resources on each Pacemaker node.

If you are having issues with a RHEL HA cluster, gather the following information from both cluster nodes and contact Cloud Customer Care:

  • List the running Pacemaker processes:
    ps axf | grep pacemaker
  • Install the sos tool and generate an sosreport. For more information, see What is an sosreport and how to create one in Red Hat Enterprise Linux?:
    • Install the sos tool
      yum install -y sos
    • Run the sos tool on all nodes:
      sosreport -o logs, corosync, pacemaker -k pacemaker.crm_from="yyyy-mm-dd hh:mm:ss"
  • If you are unable to install the sos tool, provide a copy of /etc/corosync/corosync.conf, the Corosync configuration file, from all systems.

If you are having issues with a SLES HA cluster, gather the following information from both cluster nodes and contact Customer Care:

  • Run the following commands and include the results:
    ps axf | grep pacemaker
    supportconfig -l
    hb_report -f "yyyy/mm/dd hh:mm" -v
    crm config show | grep primitive | awk '{print $2}' | xargs -L 1 -I "{}" crm resource failcount {} show node-name

Support

For issues with Google Cloud infrastructure or services, contact Customer Care. You can find contact information on the Support Overview page in the Google Cloud Console. If Customer Care determines that a problem resides in your SAP systems, you are referred to SAP Support.

For SAP product-related issues, log your support request with SAP support. SAP evaluates the support ticket and, if it appears to be a Google Cloud infrastructure issue, transfers the ticket to the Google Cloud component BC-OP-LNX-GOOGLE or BC-OP-NT-GOOGLE.

Support requirements

Before you can receive support for SAP systems and the Google Cloud infrastructure and services that they use, you must meet the minimum support plan requirements.

For more information about the minimum support requirements for SAP on Google Cloud, see: