Skip to Content

With the help of this script one can automate the manual steps required to configure SSH between DB and Application servers. OR someone can take few tricks from the script and use it in their own Quest.


I am not describing the step by step process to configure SSH… because there are enough resources available through SDN and google.

That being said lets begin this blog:


When we have distributed installation for an SAP system where SAP Application and Database are installed on separate server, any DB task from DB13 or DB14 fails.

There are 3 methods to resolve the issue:

  1. Connection through Remote/Secure Shell
  2. Connection through SAP gateway
  3. Connection through RFC (From what I have checked so far, it is for external SAP system with MS-SQL DB)

Option-1 involves less overhead in comparison to option-2 specially when we have Unix based systems.


What is Secure Shell ?

Secure Shell or SSH is a network protocol that allows data to be exchanged using a secure channel between two Servers. SSH uses public-key cryptography to authenticate the remote computer and allow the remote computer to authenticate the user, if necessary. SSH is typically used to log into a remote machine and execute commands.

Why I created the script?

Lets assume you have 7 dialog instances in your system, then you need to login to each server where dialog instance are running and perform SSH steps and also you need to login to your DB server. If you need to do this for all products in entire landscape then its a mundane and time consuming effort. So lets be lazy and allow the script the do the job for us.

In order to have better understanding of the script, it makes perfect sense to know the manual steps, which I am not going to describe here otherwise teachers will start yelling( 😡 ) at me! 😛 So please google and get steps, you can also check these notes and link.

Related Notes

Number

Short Text

1520096

How to use gateway parameter gw/rem_start

1025707

DBA Cockpit: Planning calendar and remote Oracle databases

853610

Configuring transaction DB13C for Oracle

1028624

Overview of DBA Cockpit for Oracle

446172 SXPG_COMMAND_EXECUTE (program_start_error) in DB13

https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/s2-ssh-configuration-keypairs.html

I have made assumption that for all your servers “sudo su – root” should work. It will not affect the script if sudo su – root prompts for password or it goes directly. If it asks for password then you need to input the password multiple time, that is your only manual work for running this script. The other assumption is /sapmnt/<SID>/profile will be the common directory and it will be accessible from all Dialog Instance server and Database server.

I have successfully configured SSH with help of below script.

You need to create these two scripts sshSetup.sh & adm_ssh_setup.s

and place it under location: /sapcd/SSH_Setup/

Now you need to login with that ID from where you can execute sudo su – root, for example if I have my OS ID ishahmad then I will execute this Primary Script with my ID not with root or <sid>adm

I am expecting that this script will be executed by those people who have some basic idea of executing and playing with script. So that they will know what they are doing though I have tried to make it safe!

Primary Script – sshSetup.sh

# To configure the SSH Shell for <sid>adm user on Database Server

# Login with your OWN unix ID to execute this script

# DO NOT RUN this script with ROOT or <SID>ADM

# Example: {You need to pass required SAP SID as argument}

# [ishahmad@hostname ~]$ sshSetup.sh R1D

#================================================================

zSidAdm=`echo $1| tr ‘[:upper:]’ ‘[:lower:]’`adm

zSID=`echo $1| tr ‘[:lower:]’ ‘[:upper:]’`

zProfilePath=”/sapmnt/${zSID}/profile”

zDbHost=`grep SAPDBHOST ${zProfilePath}/DEFAULT.PFL|cut -d= -f2`

zHostList=””

ztmpHost=””

for tmpHost in `ls ${zProfilePath}/???_[D,J]*[0-9][0-9]_*|cut -d_ -f3`

do

    chk=`host ${tmpHost} 2>/dev/null`

    validHost=$?

    if [[ “${tmpHost}” != “${ztmpHost}” && “${validHost}” = “0” ]]; then

       zHostList=${zHostList}” “${tmpHost}

       ztmpHost=${tmpHost}

    fi

done

echo “”

echo “For ${zSID} System, Identified Application Servers host-names are :”

echo ${zHostList}

echo “========================================================================”

echo “Database host name is :”

echo ${zDbHost}

echo “========================================================================”

echo “Please press  : c (Continue) / q (Quit)”

read AnsWer

echo $AnsWer

    case “$AnsWer” in

        c|C) echo “SSH Setup is going to start….”

             echo ${zSID} > $HOME/zSid.tmp

             echo DB > $HOME/zDB.tmp

             scp $HOME/z*.tmp ${zDbHost}:$HOME/

             rm -f $HOME/zDB.tmp

             for tmpHost in ${zHostList}

             do

                scp $HOME/zSid.tmp ${tmpHost}:$HOME/

                ssh -t ${tmpHost} “sudo su – root -c /sapcd/SSH_Setup/adm_ssh_setup.s”

             done

             ssh -t ${zDbHost} “sudo su – root -c /sapcd/SSH_Setup/adm_ssh_setup.s”

             echo “========================================================================”

             echo “SSH Setup Script Completed!!”

             echo “”

             echo “You need to restart all your SAP Application servers in order to reflect new value of parameter: gw/rem_start”

             echo “For the time being you can change this parameter dynamically to the new value SSH_SHELL”

             ;;

        q|Q) echo “Quitting this script!” ;;

        *)   echo “Response not understood — Setup Cancelled.”

    esac

Supporting Script – adm_ssh_setup.s

#Script to configure the SSH Shell for <sid>adm user on SAP Application & Database Server

#There is no need to run this script manually, it will be called by sshSetup.sh

#

#===================================================================================

zEndUsr=`who am i|cut -d” ” -f1`

zEndUsrHome=`su – $zEndUsr -c pwd`

zEndUsrHomeAbs=”/”$(echo $zEndUsrHome|cut -d/ -f2)”/”$(echo $zEndUsrHome|cut -d/ -f3)

Arg_1=`cat ${zEndUsrHomeAbs}/zSid.tmp`

Arg_2=`cat ${zEndUsrHomeAbs}/zDB.tmp`

zSidAdm=`echo ${Arg_1}| tr ‘[:upper:]’ ‘[:lower:]’`adm

zSID=`echo ${Arg_1}| tr ‘[:lower:]’ ‘[:upper:]’`

zHome=`su – $zSidAdm -c pwd`

zHomeAbsolute=”/”$(echo $zHome|cut -d/ -f2)”/”$(echo $zHome|cut -d/ -f3)

zProfilePath=”/sapmnt/${zSID}/profile”

chmod ugo-s ${zHomeAbsolute}

chmod 755 ${zHomeAbsolute}

chown -R $zSidAdm:sapsys ${zHomeAbsolute}

mv ${zHomeAbsolute}/.ssh ${zHomeAbsolute}/.ssh”_”$(date +%Y%m%d%H%M%S) 2>/dev/null

su – $zSidAdm -c ssh-keygen

if [ “$Arg_2” == “DB” ]; then

        echo “Acquiring Public key from Application Servers …”

        cp  ${zProfilePath}/id_rsa.pub_Appl ${zHomeAbsolute}/.ssh/authorized_keys

        chown $zSidAdm:sapsys ${zHomeAbsolute}/.ssh/authorized_keys

        chmod 600 ${zHomeAbsolute}/.ssh/authorized_keys

        rm -f  ${zEndUsrHomeAbs}/zDB.tmp

        echo “gw/rem_start = SSH_SHELL” >> ${zProfilePath}/DEFAULT.PFL

else

        echo “Storing Application Server Public key …”

        cat ${zHomeAbsolute}/.ssh/id_rsa.pub  >>  ${zProfilePath}/id_rsa.pub_Appl

        chmod 777 ${zProfilePath}/id_rsa.pub_Appl

        chown $zSidAdm:sapsys ${zProfilePath}/id_rsa.pub_Appl

fi

rm -f ${zEndUsrHomeAbs}/zSid.tmp

echo “Execution control returning from Server “$(hostname)

echo “”

LineSeparator.jpg

My other Blogs, if you have time…

NWDS step by step (In the loving memory of SDM)

What’s new in SAP NetWeaver 7.3 – A Basis perspective Part-I

What’s new in SAP NetWeaver 7.3 – A Basis perspective Part-II

Bye bye STRUSTSSO2: New Central Certificate Administration NW7.3

Escaping tough moments of SPAM or SAINT

SAP Software Provisioning Manager : with screenshots

Multiple/Bulk transports with tp script for Unix (AIX, Solaris, HP-UX, Linux)

Script for deleting files within a directory structure with different retention days

Holistic Basis View: BusinessObjects BI 4.0 SP 2 Installation & Configuration

How to Rename the Oracle Listener & Change Listener port for SAP

OSS1 & RFC connections SAPOSS, SAPNET_RFC, SDCC_OSS

Start/Stop SAP along with your Unix Server Start/Stop

Interrelation: SAP work process, OPS$ mechanism, oracle client & oracle shadow process

Install and configure NetWeaver PI 7.3 Decentralize Adapter part-1

Install and configure NetWeaver PI 7.3 Decentralize Adapter part-2

List of Newly added/converted Dynamic parameter in NetWeaver 7.3

Sunset for ops$ mechanism: No more supported by Oracle & Not Used by SAP

Essential Basis for SAP (ABAP, BW, Functional) Consultants Part-I

Essential Basis for SAP (ABAP, BW, Functional) Consultants Part-II

Essential Basis for SAP (ABAP, BW, Functional) Consultants Part-III

To report this post you need to login first.

1 Comment

You must be Logged on to comment or reply to a post.

  1. VIMAL SMR

    Hi Ahmad,

    I am trying to configure ssh setup.

    Can you please let me know the steps involved in ssh setup.

    As you mentioned its easy to run the scripts instead of manuall process.

    But I have restricted access to the system. It would be much helpfull , If you can let me know the steps involved in ssh configuration for sidadm on apps and db server.

    Thanks

    Vimal

    (0) 

Leave a Reply