Monday, 27 July 2020

How to disable Hana system replication

  1. Stop the secondary system:

    sapcontrol -nr <instance_number> -function StopSystem HDB

  2. On secondary system unregister the secondary system:

    hdbnsutil -sr_unregister

  3. If you want to use this secondary as a normal SAP HANA installation from now on, you have to start it to complete the unregistration. On the secondary execute:

    sapcontrol -nr <instance_number> -function StartSystem HDB

  4. On primary system disable system replication:

    hdbnsutil -sr_disable
on No comments:

Sunday, 19 July 2020

recoverSys failed: no valid master host found

Solution:


1> Check if the sapstartsrv is running.If not, start it and initiate the recovery again

Command: sapcontrol -nr <instno> -function StartService <HanaSID>


on No comments:

Thursday, 16 July 2020

Securing HANA 2.0 Cockpit via SSL / HTTPS

Problem:

Generating SSL certificates for hana does not update the Cockpit/XS SSL Certificates

Solution:

IF the normal HANA Certificates and PSE files are already existing you can just continue with the commands below.
Please keep in mind that the XSA will be automatically restarted at the end and that the HANA Cockpit will therefore be temporarily unavailable.

Useful commands

cd $SECUDIR

cp -p blueprint_sapsrv.pse cockpithttps.pse

sapgenpse export_p12 -p cockpithttps.pse -C 0 cockpithttps.12

mv cockpithttps.12.p12 cockpithttps.p12

openssl pkcs12 -in cockpithttps.p12 -nocerts -nodes | sed -ne '/-BEGIN PRIVATE KEY-/,/-END PRIVATE KEY-/p' > privatekey.key

openssl pkcs12 -in cockpithttps.p12 -clcerts -nokeys | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > certificate.pem

openssl pkcs12 -in cockpithttps.p12 -cacerts -nokeys | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > cachain.pem

cat certificate.pem cachain.pem > combinedcerts.pem


TAKE CARE - XSA WILL BE RESTARTED NOW!!!

XSA set-certificate --cert combinedcerts.pem --key privatekey.key

on No comments:

HDB daemon does not start after a unclean stop/shutdown of services


Problem: HDB daemon does not start after a unclean stop/shutdown of services and the daemon status file still has the old value

Solution: 

Command:

HDB stop ( give a try )

if not

HDB kill-9 ( not recommended for production systems )

sapcontrol -nr <> -function StopService

sapcontrol -nr <> -function StartService <SID>

HDB start

This should give a  clean restart of the services.

on No comments:

HDB Daemon does not start after Hana host rename failed

Problem: 

Hana host rename is attempted and failed.
Rename fails with hdbdaemon not starting.

Solution:
Hana rename generally touches the following files during rename.Give a check if it really has changed the old hostname in all the locations.

Configuring user home '/hana/shared/SID/home'
   ---------------------------------------------------------
 INFO:     /hana/shared/SID/home/.cshrc already exists -> overwriting
 INFO:     Copy /hana/shared/SID/global/hdb/install/support/CSHRC to /hana/shared/SID/home/.cshrc
 INFO:     /hana/shared/SID/home/.sapsrc.sh already exists -> overwriting
 INFO:     Copy /hana/shared/SID/global/hdb/install/support/SAPSRC.SH to /hana/shared/SID/home/.sapsrc.sh
 INFO:     /hana/shared/SID/home/.sapsrc.csh already exists -> overwriting
 INFO:     Copy /hana/shared/SID/global/hdb/install/support/SAPSRC.CSH to /hana/shared/SID/home/.sapsrc.csh
 INFO:     /hana/shared/SID/home/.bashrc already exists -> overwriting
 INFO:     Copy /hana/shared/SID/global/hdb/install/support/BASHRC to /hana/shared/SID/home/.bashrc
INFO:     /hana/shared/SID/home/.profile already exists -> overwriting
 INFO:     Copy /hana/shared/SID/global/hdb/install/support/PROFILE to /hana/shared/SID/home/.profile
 INFO:     /hana/shared/SID/home/.sapenv.csh already exists -> enhancing
 INFO:       File /hana/shared/SID/home/.sapenv.csh is up to date
 INFO:     /hana/shared/SID/home/.sapenv.sh already exists -> enhancing
 INFO:       File /hana/shared/SID/home/.sapenv.sh is up to date


INFO:   ---------------------------------------------------------

 INFO:   Updating system configuration files...
 INFO:     Updating '/hana/shared/SID/global/hdb/install/config/sapprofile.ini'
 INFO:       Value 'SAPLOCALHOST' in section '' is up to date. ('SIDhdb00')
 INFO:       Value 'DIR_PROFILE' in section '' is up to date. ('/usr/sap/SID/SYS/profile')
   File '/hana/shared/SID/global/hdb/install/config/sapprofile.ini' is up to date
 Updating '/hana/shared/SID/profile/DEFAULT.PFL'
 INFO:       File '/hana/shared/SID/profile/DEFAULT.PFL' is up to date
 INFO:   Adjusting instance...
 INFO:     Updating instance configuration files for host (SIDhdb00)...
 INFO:       Updating '/hana/shared/SID/profile/SID_HDB00_SIDhdb00'
 INFO:         File '/hana/shared/SID/profile/SID_HDB00_SIDhdb00' is up to date
 INFO:       Updating '/hana/shared/SID/HDB00/SIDhdb00/sapprofile.ini'
INFO:         File '/hana/shared/SID/HDB00/SIDhdb00/sapprofile.ini' is up to date

check the entries in /usr/sap/sapservices file. It should contain the updated entries



Option 1When the database is online or nameserver service is active, check system view M_TOPOLOGY_TREE for topology information. Run on SYSTEMDB for MDC.
SELECT * FROM M_TOPOLOGY_TREE

Option 2: When database is down, use hdbnsutil to collect topology information.

hdbnsutil -exportTopology <filename>

Option 3: From fullsysteminfodump (KBA 1732157 for FSID collection) you can read topology from topology.txt. In system replication environment topology.txt of secondary site is empty, because nameserver is not really active.

Option 4: Starting with SAP HANA 2.0 SPS 03 the topology is periodically dumped to the SAP HANA trace file directory using JSON format and the following file name notation: nameserver_topology_<host>.json


Export the topology using the command


Export:

hdbnsutil -exportTopology myExport.txt

Import:

hdbnsutil -importTopology myExport.txt

Follow snote 2606272 - HANA: How to read topology

on No comments:

Thursday, 2 July 2020

XS/Cockpit URLs SSL certificates are not updated after HANA DB SSL Certificate renewal

Problem: XS URLs  SSL certificates are not updated after HANA DB SSL Certificate renewal

Cause: 

AP HANA 2.0 Cockpit is based on SAP HANA XS Advanced (XSA) which handles certificates a bit different than the former XS classic implementation.

The XSA SSL certification is sometimes overwritten with a new installation/update.

Solution:

You need to bundle the certificate chain and import it to the XSA cert path.

Export certificates for XSA

sapgenpse export_p12 -p cockpithttps.pse -C 0 cockpithttps.p12

Export private key, certificate and CA chain & combine certificate and CA chain into 1 file.
    1. openssl pkcs12 -in cockpithttps.p12 -nocerts -nodes | sed -ne '/-BEGIN PRIVATE KEY-/,/-END PRIVATE KEY-/p' > privatekey.key
    2. openssl pkcs12 -in cockpithttps.p12 -clcerts -nokeys | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > certificate.pem
    3. openssl pkcs12 -in cockpithttps.p12 -cacerts -nokeys | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > cachain.pem
    4. cat certificate.pem cachain.pem > combinedcerts.pem
    5. openssl pkcs8 -topk8 -in privatekey.key -out private_pkcs8.key -nocrypt

Implement private key and combined certificate file to XSA

1. xs set-certificate <DOMAIN> -c combinedcerts.pem -k private_pkcs8.key
2. XSA restart

(( Get the domain from commands : xs domains ))

Opening the Cockpit URL should now change to new SSL Certs
on 1 comment:
Subscribe to: Posts (Atom)