Skip to Content
Technical Articles
Author's profile photo Jaskirat Singh

Backup and Recovery of SAP HANA Database Directly to AWS S3 Bucket using AWS Backint Agent – Part II

This is in continuation of my previous blog post Backup and Recovery of SAP HANA Database Directly to AWS S3 Bucket using AWS Backint Agent – Part I

3. INSTALLATION OF AWS BACKINT AGENT

3.1 Using AWS Systems Manager

Goto Systems manager then click on Run Command

AWS%20Systems%20Manager

AWS Systems Manager

Search for AWSSAP-InstallBackint and then select it

AWS%20Systems%20Manager

AWS Systems Manager

Under the Command parameters, enter the following

  • Bucket Name – Need to Enter the name of the Amazon S3 bucket where Backups of SAP HANA Databases will be stored.
  • Bucket Folder – Need to enter the name of the folder inside Amazon S3 bucket where Backups of SAP HANA Databases will be stored. This is Optional parameter
  • System ID – Need to enter SAP HANA System ID, for example HDB.
  • Bucket Region – Need to enter the AWS Region of the Amazon S3 bucket where Backups of SAP HANA Databases will be stored. AWS Backint Agent supports cross-Region and cross-account backups as well.
  • Bucket Owner Account ID – Need to enter the account ID of the Amazon S3 bucket here Backups of SAP HANA Databases will be stored.
  • KMS Key – Need to enter the ARN of KMS key that AWS Backint Agent which can use to encrypt the backup files that are stored in Amazon S3 bucket.
  • Installation Directory – Need to enter the path of the directory location where AWS Backint Agent will be installed. Path /tmp should not be used.
  • Agent Version – Need to enter the version number of the agent that needs to be installed. The latest published version of the agent is installed if no value is specified
  • Modify Global ini file – This paramter provide options to modify the ini file. The global.ini file of the SAP HANA SYSTEM DB must be updated to complete the setup.
    • “modify” — SSM will update the ini file directly.
    • “sql” — SSM will create a sql file with SQL statements that can be run in target SAP HANA system to set the required parameters for the backups. This file is named as modify_global_ini.sql and can be found in the <installation directory>/aws-backint-agent/ folder.
    • “none” — No action will be taken by SSM to modify the ini file. But manual update needs to be done to complete the setup.
  • Ignore Bucket Checks – Select yes to ignore sanity checks of the S3 bucket. S3 Bucket sanity checks verify the following:
    • The bucket exists in account
    • The bucket Region is correct
    • The bucket is public
  • Debug Mode – Select yes to activate debug mode.
  • Ensure No Backup In Process – Need to select Yes to confirm if the existing backups are disabled and are ready to proceed with the installation. The SSM document will fail if choose “No”.

AWS%20Systems%20Manager

AWS Systems Manager

Under Parameter Targets, select the target instance on which we need to install the AWS Backint Agent. If instance is not available in the list, then need to verify all the steps in the prerequisites.

AWS%20Systems%20Manager

AWS Systems Manager

Specify all other required parameters with log locations and then click on Run

AWS%20Systems%20Manager

AWS Systems Manager

Execution In-progress

AWS%20Systems%20Manager

AWS Systems Manager

Execution Finished Successfully

AWS%20Systems%20Manager

AWS Systems Manager

Login to OS level and cross check for the settings

OS Console

3.2 Using AWS Backint Installer – Interactive

AWS Backint installer is another way to install the AWS Backint Agent. AWS provided a bucket from where AWS backint installer can be downloaded.Below steps needs to be done for installing AWS Backint Agent using the AWS Backint installer from an SSH session on SAP HANA instance Operating System

Goto to /tmp (or another temporary directory) and Run below command to download the installer.

sudo aws s3 cp s3://awssap-backint-agent/binary/latest/install-aws-backint-agent /tmp/

SSH%20Console

SSH Console

Then, run the installer with the -h flag to find all the available options(If required)

sudo python install-aws-backint-agent -h

SSH%20Console

SSH Console

Then, run the following command to execute the installer.

sudo python install-aws-backint-agent

SSH%20Console

SSH Console

Below is the information on the parameters asked during this.

  • Installation directory — Need to enter the path of the directory location where AWS Backint Agent needs to be installed. The default value for the installation directory is /hana/shared/.
  • Amazon S3 bucket owner — Need to enter the account ID of the Amazon S3 bucket owner of the bucket where SAP HANA Database backup needs to be done.
  • Amazon S3 bucket name — Need to enter the name of the Amazon S3 bucket where SAP HANA Database backup needs to be done.
  • Folder in the S3 bucket — Need to enter the name of the folder in the Amazon S3 bucket where SAP HANA Database backup needs to be done. This parameter is optional.
  • Amazon S3 bucket region — Need to enter the AWS Region of the Amazon S3 bucket where SAP HANA Database backup needs to be done.
  • Amazon S3 SSE KMS ARN — Need to enter the ARN of the KMS key that AWS Backint Agent can use to encrypt the backup files stored in Amazon S3 bucket.
  • SAP HANA system ID — Need to enter SAP HANA System ID, for example HDB.
  • HANA opt dir — Specify the location of the SAP HANA opt directory.
  • Modify global.ini [modify/sql/[none]] — This paramter provide options to modify the ini file. The global.ini file of the SAP HANA SYSTEM DB must be updated to complete the setup.
    • “modify” — SSM will update the ini file directly.
    • “sql” — SSM will create a sql file with SQL statements that can be run in target SAP HANA system to set the required parameters for the backups. This file is named as modify_global_ini.sql and can be found in the <installation directory>/aws-backint-agent/ folder.
    • “none” — No action will be taken by SSM to modify the ini file. But manual update needs to be done to complete the setup.
  • HANA SYSTEM db global.ini file — Specify the location of global.ini file
  • Save responses for future usage? — It also provide option to save the information for the AWS Backint installer to a file. This configuration can be used later to run the installer in silent mode, if needed.
  • Do you want to proceed with the installation? — Specify that existing backups are disabled and are ready to proceed with the installation.

SSH%20ConsoleSSH%20Console

SSH Console

SQL file can be checked for the updated queries

SSH%20Console

SSH Console

3.3 Using AWS Backint Installer – Silent

AWS Backint Agent can be installed with the AWS Backint installer in a silent mode. To run the AWS Backint installer in silent mode, a response file needs to be created which contains all the required installation parameters. Below steps can be followed while installing using the interactive mode to download AWS Backint installer and save the response file. It is not required to continue with the AWS Backint Agent installation in interactive mode. AWS Backint installer will be creating a response file named as aws-backint-agent-install-YYYYMMDDHHMMSS.rsp.

Parameters inside the response file which can be modified as per the requirement using OS editing tools such as vim editor.

The following is an example response file.

SSH%20Console

SSH Console

Now, run the following command to execute the installer using the generated above response file.

sudo python install-aws-backint-agent -m silent -f backint-agent-install-YYYYMMDDHHMMSS.rsp -a yes

SSH%20Console

SSH Console

Changes can be cross-checked in the sql file created

SSH%20Console

SSH Console

3.4 Using Proxy for AWS Backint Agent

Proxy address can be used in SAP HANA environment during the installation of the Agent, in this process it is required to use the following shell script to install the agent this will make sure that the correct proxy settings are used by the AWS Backint Agent installer.

#!/bin/bash
export https_proxy=<PROXY_ADDRESS>:<PROXY_PORT> 
export HTTP_PROXY=<PROXY_ADDRESS>:<PROXY_PORT> 
export no_proxy=169.254.169.254
export NO_PROXY=169.254.169.254
sudo python install-aws-backint-agent

As proxy address has been used in SAP HANA environment, then it is required to update the aws-backint-agent-launcher.sh file, this file is present in the AWS Backint Agent installation directory (for example, /hana/shared/aws-backint-agent/). Be steps needs to be done to ensure that the correct proxy settings are used by AWS Backint Agent during backup and restore operations.

SSH%20Console

SSH Console

Need to add http_proxy, HTTP_PROXY, no_proxy, and NO_PROXY variables to the aws-backint-agent-launcher.sh script.

It is important to exclude the 196.254.169.254 address with the no_proxy variable. As this IP is used by AWS Backint Agent for metadata service calls which is helpfull during backup and restore operations.

4. VERIFY SIGNATURES

The files of AWS Backint Agent which is aws-backint-agent.tar.gz and AWS Backint installer which is install-aws-backint-agent supports signature verification.The Public key can be used to verify that the downloaded files and AWS Backint installers are original and unmodified. AWS Backint installer can be find in location /tmp or any other location where installer was downloaded. File aws-backint-agent.tar.gz of AWS Backint Agent can be found under <installation directory>/aws-backint-agent/package/.

To verify the AWS Backint Agent package on a Linux server

Download the public key using below command:

wget https://s3.amazonaws.com/awssap-backint-agent/binary/public-key/aws-backint-agent.gpg

SSH%20Console

SSH Console

Then, import the public key into keyring using below command:

gpg --import aws-backint-agent.gpg

SSH%20Console

SSH Console

Here need to note of the key value, this key value will be verified in the next step. For example, the key value is 80D85C5E1E65925B

Then, verify the same by running the below command:

gpg --fingerprint 80D85C5E1E65925B

SSH%20Console

SSH Console

The fingerprint should be equal to below:

BD35 7A5F 1AE9 38A0 213A 82A8 80D8 5C5E 1E65 925B

If the fingerprint string doesn’t match, then this agent should not be installed and Amazon Web Services’s attention is required.

After the verification the fingerprint, same can be used to verify the signature of the AWS Backint Agent binary.

Now, to download the signature files for the source file and the installer, use the below commands:

wget https://s3.amazonaws.com/awssap-backint-agent/binary/latest/aws-backint-agent.sig
wget https://s3.amazonaws.com/awssap-backint-agent/binary/latest/install-aws-backint-agent.sig

SSH%20Console

SSH Console

Then, to verify the signature, run then below commands:

gpg --verify <path of aws-backint-agent.sig> <path of source file>
gpg --verify <path of install-aws-backint-agent.sig> <path of installer file>

SSH%20Console

SSH Console

If the output of the verification includes the phrase BAD signature as below, then it is required to check whether performed procedure is correctly. If still same phrase is coming in the response, its required to contact Amazon Web Services and avoid using the downloaded files.

SSH%20Console

SSH Console

This is end of Part – II, in next part of blog post Backup and Recovery of SAP HANA Database Directly to AWS S3 Bucket using AWS Backint Agent – Part III you can find more information about Configurations, Managing backup files, troubleshooting, Backup and Recovery using AWS Backint Agent

Assigned tags

      Be the first to leave a comment
      You must be Logged on to comment or reply to a post.