Best Practice Guide

Automatic Patch Management for complete SIDs

Quick Acces

Preparation

General overview of configuration procedure

Creation of objects and configuration of processes

Creation of a configuration file
Create Provider Definition
Create Custom Operation
Create Custom Process

Usage of created processes

Create Operation Template
Scheduling

Configuration Examples and Detailed Definitions

HANA Profile Change
SAP Profile Change
SAP Kernel Update (including several components)
Operating System Update

Preparation

General prerequisites

SAP Landscape Management 3.0 (LaMa) must be installed according to SAP Documentation[1]. To be able to control each SAP system, all instances must be configured[2]. SAP Host Agent is used by LaMa to perform all actions. If non-SAP applications should be controlled, also a SAP Host Agent must be installed [3]on these hosts and configured in SAP LaMa[4]. On each Host Agent, SAP Adaptive Extensions (SAPACEXT Package) [5]must be placed in the ‘exe’ directory as described in SAP Note 1759181. How to configure a system in LaMa is described in SAP Help Documentation and not in scope of this document.

Technical prerequisites

To be able to use all functions mentioned in this document these system requirements are recommended. If possible, newest available versions at SAP Marketplace should be used.

Remarks:

Scope of this document are SAP systems running on HANA and SLES4SAP 12 SP1. Controlling of scripts also possible on other operating systems or any other database.

In mentioned use cases following versions had been used:

• SAP Netweaver systems ABAP and JAVA with kernel versions 749 and 753.
• HANA Database with version 2.023
• SLES 12 SP1 for SAP
• SLES 12 SP2
• Host Agent, ACEXT Packages und SAP LaMa as described in previous table

Important:

All mentioned scripts had been already used to patch and update systems. This guide describes how to implement his own framework into SAP LaMa. Configuration of script-calls and parameters have to be adapted for each system environment!

Use Case – Patchmanagement

With SAP LaMa not only standard mass operations like starting, stopping, takeover handling, etc. are possible, also controlling of custom scripts is configurable. On each client where SAP Host Agent is installed, each script can be started. Start of these scripts can be configured in process chains with different constraints.

One special use case which can be dealt is automation of patching SAP Systems. Normally in bigger landscapes this is handled by running scripts for update the kernel, update the operating system, set profile parameters, and so on.

Next picture shows an overview of a patch process with manual starting of scripts on each host. As recommended, HANA database and SAP instance are installed on different hosts.

Fig. 1 System update – all steps in sequence

Main idea was to handle all these tasks automatically with SAP LaMa, with possibilities to schedule them at night and select an update of whole system by groups, e.g. all development systems.

How to configure a script in LaMa and how to implement a custom process will be described on next pages.

Remark: Update of a HANA system will not be handled here. An automatic update of an HANA database is very complex and consists manual steps. In one of next versions of LaMa this functionality will be shipped by SAP as an integrated process. So it will be possible to configure it also very easily in the custom processes which are used here.

General Overview of Configuration Procedure

To be able to start and schedule own scripts in LaMa, serveral tasks must be done in sequence. In next chapter each task will be described step by step. A general overview what to do is shown in Figure 2.

Fig. 2 Configuration Steps

On operating system side, first a config file must be created. Here, the link between LaMa and the script is defined. Also parameters can be used to start the script. These <name of action>.conf should exist on each system which have to be controlled. If possible a configuration management system should be used to distribute these files.

On LaMa side, first the script-call must be configured. This is done in the provider definition. Then a single custom operation have to be defined. This one can be used in custom processes to design a sequence of operations.

For custom processes and operations it’s possible to configure constraints in many different manifestations. So each operation can be bind to a special host, a group, a system or a system type. Groups can be eg. all development systems, a several pool, all HANA databases,…

Every custom operation or custom process can be integrated in an operation template. So several systems can be selected for this task(s). So a scheduling for one time or a period is possible.

Creation of Objects and Configuration of Processes

1.   Creation of a configuration file

First step is to create a <action_name>.conf file on operating system level. For easier handling there should be a similar preprocessor for all custom scripts / actions.

Naming example:  CUSTOM_NameOfAction.conf

This file must be stored on each host, where the script will be executed. Normally there should be one file per script. Path on each host must be a special folder in the sap Host Agent structure.

Location:                /usr/sap/hostctrl/exe/operations.d

In this file, location of the real script is configured. If possible there should be only one location for all scripts on an nfs-share. Configuration file must contain following lines and should look like:

A detailed description of all possible entries can be found at SAP Help Portal:
https://help.sap.com/viewer/e7dead4286c545808b3bd24feee7448c/3.0.7.0/en-US/250dfc5eef4047a38bab466c295d3a49.html

Example of a .conf file, name in this case ‘CUSTOM_KernelInstaller.conf’:

 
Name: CUSTOM_KernelInstaller
Username: <username with appropriate authorizations>
Command: /myglobalshare/kernelinstaller.sh $[PARAM-FUNCTION:#required]
ResultConverter: flat
Platform: Unix

Special Use Case: Parameter Handling

To start own scripts using parameters hand over from LaMa, these have to be defined also in the .conf file.

Syntax of a Parameter:

$[PARAMETER;#modifier]

The Parameter configuration is splittet in two parts, PARAMTER definition itself and a modifier. Possible value for the modifier are: #required, #sapparam, #env, #input, #tolower, #toupper. In our case only ‘#required’ is used. Detailed description of each modifier can be found at SAP Help Portal (link above).

Some possible parameters are:
SAPSYSTEMNAME, PHYSICAL_HOSTNAME,…

To use custom parameters for a script, following syntax must be used: PARAM-<custom-name>
The ‘<custom-name>’ will be configured in next steps in LaMa, so each parameter needed by own scripts can be hand over.
Attention: Naming of parameters is case sensitive!

Example 1: Value with a specific Instance Number should be hand over to script named myownscript.sh. Definition of this Parameter will be done in LaMa in next steps.

Command: /myglobalshare/myownscript.sh $[PARAM-INSTNR:#required]

Example 2: Script needs hostname as parameter.

Command: /myglobalshare/myownscript.sh $[PYHSICAL_HOSTNAME:#required]

All available Parameters are listed in SAP Help Portal:
https://help.sap.com/viewer/e7dead4286c545808b3bd24feee7448c/3.0.7.0/en-US/0148e495174943de8c1c3ee1b7c9cc65.html

2.   Create Provider Definition

First step on LaMa side is to create a ‘provider definition’. This configuration step defines the interconnection between script and SAP LaMa respectively the SAP Host Agent.

a.
On left side in SAP LaMaUI5 select Automation Studio → Provider Definitions. Then use button Create → Script Registered with Host Agent on the top right of the screen.

b.
On Create Provider screen, first the registered script has to be selected. So first define a name for the Provider Definition, then select the hostname, where the <action_name>.conf file is located. In this case the Provider Definition for kernel update script will be created.

c.
Select hostname where script is located. If necessary use the filter option for an easier way of searching.

d.
Select button Retrieve Scripts to upload all available scripts. Then choose the file name of the already created .conf file

e.
Select on which entities this provider should be available. In this case for further uses Instance and Host must be selected. Hint: This can be changed afterwards by editing the provider definition. To finish the action, select Create Provider.

Now, a Provide Definition is configured. To change the configuration use the edit button. To edit further options, click on the highlighted name.

Special Use Case: Parameter Handling

If the script we are using needs to be started with some parameters, the definition of them in LaMa also must be done.
Important: This parameter definition must be done already in the .conf file, otherwise script call will not work.

a.
Open the options of the provider definition. Select Name of Provider Definition → Parameters → Add Parameter

b.
In this screen, all parameters should be added, which are accepted by the own script. The Name of the parameter definition must be the same as defined in the .conf file. In this case it’s named FUNCTION, the script call in the .conf file should look like: Command: /nfs/sles_data/support_tools/kernelinst.sh $[PARAM-FUNCTION:#required].

After saving this definition, it can be used in next steps to create custom operations and processes.

3.   Create Custom Operation

Now, next step is the creation of a custom operation. In next screenshots, the creation of a custom process for the script Kernel Update will be described. Which options and constraints should be used for other use cases and other scripts is described in chapter ‘Configuration Examples’

First start creation of custom operation witch Automation Studio → Custom Operation → Create (Button located at top right).

Description of fields, which must be filled

• Name: Define a name
• Provider Definition: Choose the already created provider definition (script which will be started)
• Entity Type: Define if operation can run on an instance or on a host (Remark: On one host there can be many instances. In next steps it can be defined where the script can start, e.g. on a specific instance like ASCS or generally on a SAP instance)
• Button Group: Type or choose a name, where you can find the operations in menus later on.

After creation of the custom operation, next step is to define the constraints. Go to details of the new custom operation (click on the highlighted name, in this case ‘SAP Update Kernel Files’. The go to Constraints and create them as listed in screenshot below.

Meaning of defined constraints:

Instance status (Dynamic) = Not Running
Operation only starts, if instance is stopped

Host status (assigned host) (Dynamic) <> Unreachable
Only if host is reachable, operation can start (and also can be selected)

Important configuration: Instance class (Static) = Instance
Operation only selectable on a SAP instance (not a HANA instance). For this case important, because kernel should only be updated on a SAP instance.

Special Use Case: Parameter Handling

If a provider definition was created with parameters also these parameters have to be defined in the operation template. The name of the parameter is inherited. Edit the existing parameter and select the needed value. If type String is used, also in this section dynamic values can be used, e.g. $[SAPSYSTEM].

In this case, the parameter –kernel had been selected. Now, this custom operation can start the kernel script with option –kernel on a SAP System instance.

To handle a whole process for patching a system including SAP, Operating System and HANA there are quiet more Custom Operations needed. Next screen shows an overview of these. The only one missing is the actual HANA Update to complete the patch process. Thisis planned to be shipped by SAP in one of the next versions of LaMa.

A detailed description of the configuration of each Custom Operation is listed in chapter ‘Configuration Examples’.

4.   Create Custom Process

With all the created Custom Operations, now it is possible to design a Custom Process to patch a whole system automatically, including starting and stopping of each instance. Also, a Custom Process can be configured for each Operation, do be able to run even a kernel update or a profile change for one or more systems, if needed also scheduled at a defined time.

Next, this guide describes exemplary the configuration of one operation and afterwards of the whole patch process. How to configure all other operations is described in chapter ‘Configuration Examples’.

Custom Process: SAP Kernel Update

In this case, SAP Kernel will be update including Host Agent and update of security file configuration. To create a new Custom Process use the ‘+’ button at the Custom Process menu entry.

On first screen name and an optional description of the process must be configured. Important in this case is the option Entity Type, this defines the level where the process can be executed.

The main configuration is done in the part Steps. Each step can be added by selecting the already created custom operation. Also on the right side the definition is done, if an operation should run only a specific instance (e.g. central instance) or only on the SAP instances. Next screenshots show the defined process for a kernel installation including starting and stopping.

The table below shows which constraints and operation chains had been used for the several operations.

Detailed configuration of the other processes is described in chapter ‘Configuration Examples’. To be able to perform other actions as well as a separate task, following custom processes had been also created by using the existing Custom operations:

• HANA Profile Change
• SAP Profile Change
• Update Operating System

Custom Process: Update System (whole update process for a system)

With all created Operations now it’s possible to create a Custom Process for all activities to patch a system completely. Process for kernel update is described above. All configuration tasks are same as described already. In next two screenshots the general sequence is described. Detailed definition of each object can be find in table, which is following.

All these steps can be combined in many other Custom Process with other actions as needed in his own infrastructure.

Usage of created processes

To start the created processes on one or more systems, now there is an entry in the menu per each system. This is also available for mass operations.

On system level → Operations → Custom Processes

Now the functionality to schedule a custom process for one or more systems is available. Therefore, two tasks have to be performed.

Create Operation Template

Go to Automation Studio à Operation Template → ‘+’.

On step configuration side select the created custom process. On right side, select the systems on which the process should start.

To finalize, save this Operation Template.

Scheduling

On Operation Template view, every created template can be executed directly. Also, there is the possibility to schedule an Operation Template.

On this screen all details for a Scheduling Template can be configured. After saving, this action will be started at the configured date and time.

Important: The right operation template must be selected to avoid unplanned actions or downtimes.

Configuration Examples and Detailed Definitions

HANA Profile Change

SAP Profile Change

SAP Kernel Update (including several components)

Operating System Update

[1] https://help.sap.com/viewer/c337eb50b9084db6a5207afda95efc19/3.0.7.0/en-US

[2] https://help.sap.com/viewer/e7dead4286c545808b3bd24feee7448c/3.0.7.0/en-US/4e01ba23c4e400aae10000000a42189e.htmlhe

[3] https://help.sap.com/viewer/141cbf7f183242b0ad0964a5195b24e7/106/en-US/48c6f9627a004da5e10000000a421937.html

[4] https://help.sap.com/viewer/e7dead4286c545808b3bd24feee7448c/3.0.7.0/en-US/1626fef0aec740b58232fd9a631b1167.html

[5] https://help.sap.com/viewer/e7dead4286c545808b3bd24feee7448c/3.0.7.0/en-US/de3826afa9534da9b79617d4073acba9.html