Technology Blogs by Members
Explore a vibrant mix of technical expertise, industry insights, and tech buzz in member blogs covering SAP products, technology, and events. Get in the mix!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Backup and Recovery of SAP HANA Database Directly to AWS S3 Bucket using AWS Backint Agent - Part II

jaskisin
Participant
‎02-13-2021 4:14 AM
This is in continuation of my previous blog post Backup and Recovery of SAP HANA Database Directly to AWS S3 Bucket using AWS Backint Agent - Part I

3. INSTALLATION OF AWS BACKINT AGENT


3.1 Using AWS Systems Manager


Goto Systems manager then click on Run Command


AWS Systems Manager


Search for AWSSAP-InstallBackint and then select it


AWS Systems Manager


Under the Command parameters, enter the following

  • Bucket Name - Need to Enter the name of the Amazon S3 bucket where Backups of SAP HANA Databases will be stored.

  • Bucket Folder - Need to enter the name of the folder inside Amazon S3 bucket where Backups of SAP HANA Databases will be stored. This is Optional parameter

  • System ID - Need to enter SAP HANA System ID, for example HDB.

  • Bucket Region - Need to enter the AWS Region of the Amazon S3 bucket where Backups of SAP HANA Databases will be stored. AWS Backint Agent supports cross-Region and cross-account backups as well.

  • Bucket Owner Account ID - Need to enter the account ID of the Amazon S3 bucket here Backups of SAP HANA Databases will be stored.

  • KMS Key - Need to enter the ARN of KMS key that AWS Backint Agent which can use to encrypt the backup files that are stored in Amazon S3 bucket.

  • Installation Directory - Need to enter the path of the directory location where AWS Backint Agent will be installed. Path /tmp should not be used.

  • Agent Version - Need to enter the version number of the agent that needs to be installed. The latest published version of the agent is installed if no value is specified

  • Modify Global ini file - This paramter provide options to modify the ini file. The global.ini file of the SAP HANA SYSTEM DB must be updated to complete the setup.

    • “modify” — SSM will update the ini file directly.

    • “sql” — SSM will create a sql file with SQL statements that can be run in target SAP HANA system to set the required parameters for the backups. This file is named as modify_global_ini.sql and can be found in the <installation directory>/aws-backint-agent/ folder.

    • “none” — No action will be taken by SSM to modify the ini file. But manual update needs to be done to complete the setup.



  • Ignore Bucket Checks - Select yes to ignore sanity checks of the S3 bucket. S3 Bucket sanity checks verify the following:

    • The bucket exists in account

    • The bucket Region is correct

    • The bucket is public



  • Debug Mode - Select yes to activate debug mode.

  • Ensure No Backup In Process - Need to select Yes to confirm if the existing backups are disabled and are ready to proceed with the installation. The SSM document will fail if choose “No”.



AWS Systems Manager


Under Parameter Targets, select the target instance on which we need to install the AWS Backint Agent. If instance is not available in the list, then need to verify all the steps in the prerequisites.


AWS Systems Manager


Specify all other required parameters with log locations and then click on Run


AWS Systems Manager


Execution In-progress


AWS Systems Manager


Execution Finished Successfully


AWS Systems Manager


Login to OS level and cross check for the settings


OS Console



3.2 Using AWS Backint Installer - Interactive


AWS Backint installer is another way to install the AWS Backint Agent. AWS provided a bucket from where AWS backint installer can be downloaded.Below steps needs to be done for installing AWS Backint Agent using the AWS Backint installer from an SSH session on SAP HANA instance Operating System

Goto to /tmp (or another temporary directory) and Run below command to download the installer.
sudo aws s3 cp s3://awssap-backint-agent/binary/latest/install-aws-backint-agent /tmp/


SSH Console


Then, run the installer with the -h flag to find all the available options(If required)
sudo python install-aws-backint-agent -h


SSH Console


Then, run the following command to execute the installer.
sudo python install-aws-backint-agent


SSH Console


Below is the information on the parameters asked during this.

  • Installation directory — Need to enter the path of the directory location where AWS Backint Agent needs to be installed. The default value for the installation directory is /hana/shared/.

  • Amazon S3 bucket owner — Need to enter the account ID of the Amazon S3 bucket owner of the bucket where SAP HANA Database backup needs to be done.

  • Amazon S3 bucket name — Need to enter the name of the Amazon S3 bucket where SAP HANA Database backup needs to be done.

  • Folder in the S3 bucket — Need to enter the name of the folder in the Amazon S3 bucket where SAP HANA Database backup needs to be done. This parameter is optional.

  • Amazon S3 bucket region — Need to enter the AWS Region of the Amazon S3 bucket where SAP HANA Database backup needs to be done.

  • Amazon S3 SSE KMS ARN — Need to enter the ARN of the KMS key that AWS Backint Agent can use to encrypt the backup files stored in Amazon S3 bucket.

  • SAP HANA system ID — Need to enter SAP HANA System ID, for example HDB.

  • HANA opt dir — Specify the location of the SAP HANA opt directory.

  • Modify global.ini [modify/sql/[none]] — This paramter provide options to modify the ini file. The global.ini file of the SAP HANA SYSTEM DB must be updated to complete the setup.

    • “modify” — SSM will update the ini file directly.

    • “sql” — SSM will create a sql file with SQL statements that can be run in target SAP HANA system to set the required parameters for the backups. This file is named as modify_global_ini.sql and can be found in the <installation directory>/aws-backint-agent/ folder.

    • “none” — No action will be taken by SSM to modify the ini file. But manual update needs to be done to complete the setup.



  • HANA SYSTEM db global.ini file — Specify the location of global.ini file

  • Save responses for future usage? — It also provide option to save the information for the AWS Backint installer to a file. This configuration can be used later to run the installer in silent mode, if needed.

  • Do you want to proceed with the installation? — Specify that existing backups are disabled and are ready to proceed with the installation.



SSH Console


SQL file can be checked for the updated queries


SSH Console



3.3 Using AWS Backint Installer - Silent


AWS Backint Agent can be installed with the AWS Backint installer in a silent mode. To run the AWS Backint installer in silent mode, a response file needs to be created which contains all the required installation parameters. Below steps can be followed while installing using the interactive mode to download AWS Backint installer and save the response file. It is not required to continue with the AWS Backint Agent installation in interactive mode. AWS Backint installer will be creating a response file named as aws-backint-agent-install-YYYYMMDDHHMMSS.rsp.

Parameters inside the response file which can be modified as per the requirement using OS editing tools such as vim editor.

The following is an example response file.


SSH Console


Now, run the following command to execute the installer using the generated above response file.
sudo python install-aws-backint-agent -m silent -f backint-agent-install-YYYYMMDDHHMMSS.rsp -a yes


SSH Console


Changes can be cross-checked in the sql file created


SSH Console



3.4 Using Proxy for AWS Backint Agent


Proxy address can be used in SAP HANA environment during the installation of the Agent, in this process it is required to use the following shell script to install the agent this will make sure that the correct proxy settings are used by the AWS Backint Agent installer.
#!/bin/bash

export https_proxy=<PROXY_ADDRESS>:<PROXY_PORT> 

export HTTP_PROXY=<PROXY_ADDRESS>:<PROXY_PORT> 

export no_proxy=169.254.169.254

export NO_PROXY=169.254.169.254

sudo python install-aws-backint-agent

As proxy address has been used in SAP HANA environment, then it is required to update the aws-backint-agent-launcher.sh file, this file is present in the AWS Backint Agent installation directory (for example, /hana/shared/aws-backint-agent/). Be steps needs to be done to ensure that the correct proxy settings are used by AWS Backint Agent during backup and restore operations.


SSH Console


Need to add http_proxy, HTTP_PROXY, no_proxy, and NO_PROXY variables to the aws-backint-agent-launcher.sh script.

It is important to exclude the 196.254.169.254 address with the no_proxy variable. As this IP is used by AWS Backint Agent for metadata service calls which is helpfull during backup and restore operations.

4. VERIFY SIGNATURES


The files of AWS Backint Agent which is aws-backint-agent.tar.gz and AWS Backint installer which is install-aws-backint-agent supports signature verification.The Public key can be used to verify that the downloaded files and AWS Backint installers are original and unmodified. AWS Backint installer can be find in location /tmp or any other location where installer was downloaded. File aws-backint-agent.tar.gz of AWS Backint Agent can be found under <installation directory>/aws-backint-agent/package/.

To verify the AWS Backint Agent package on a Linux server

Download the public key using below command:
wget https://s3.amazonaws.com/awssap-backint-agent/binary/public-key/aws-backint-agent.gpg


SSH Console


Then, import the public key into keyring using below command:
gpg --import aws-backint-agent.gpg


SSH Console


Here need to note of the key value, this key value will be verified in the next step. For example, the key value is 80D85C5E1E65925B

Then, verify the same by running the below command:
gpg --fingerprint 80D85C5E1E65925B


SSH Console


The fingerprint should be equal to below:

BD35 7A5F 1AE9 38A0 213A 82A8 80D8 5C5E 1E65 925B

If the fingerprint string doesn't match, then this agent should not be installed and Amazon Web Services's attention is required.

After the verification the fingerprint, same can be used to verify the signature of the AWS Backint Agent binary.

Now, to download the signature files for the source file and the installer, use the below commands:
wget https://s3.amazonaws.com/awssap-backint-agent/binary/latest/aws-backint-agent.sig

wget https://s3.amazonaws.com/awssap-backint-agent/binary/latest/install-aws-backint-agent.sig


SSH Console


Then, to verify the signature, run then below commands:
gpg --verify <path of aws-backint-agent.sig> <path of source file>

gpg --verify <path of install-aws-backint-agent.sig> <path of installer file>


SSH Console


If the output of the verification includes the phrase BAD signature as below, then it is required to check whether performed procedure is correctly. If still same phrase is coming in the response, its required to contact Amazon Web Services and avoid using the downloaded files.


SSH Console



This is end of Part - II, in next part of blog post Backup and Recovery of SAP HANA Database Directly to AWS S3 Bucket using AWS Backint Agent – Part II... you can find more information about Configurations, Managing backup files, troubleshooting, Backup and Recovery using AWS Backint Agent
Labels in this area
Popular Blog Posts