#ATR(16)
Informative note:
[ 2 in 1 COMBO]
- Establishing connection between Gitlab and S4HANA System
- Steps to provide access to Fiori apps which doesn’t have business roles/group.
Created this blog to provide information on how to establish connection to Gitlab from our S/4 HANA System. Consider, I’m having on-premise Gitlab and newly installed S4HANA System(On-Premise) which GIT connection needs to be established for sharing/cloning GIT repositories. This method will be similar for any type of Git sources – Github, Innersource(Cloud) as well.
You can also refer this blog on how to provide access to user for specific Fiori app which doesn’t have corresponding Fiori business roles/group.
Pre-requisites: Knowledge on ABAP System and Git
Connection steps:
Step 1: Fiori Launchpad Configuration
Make sure you have enabled Fiori on S/4 HANA System. Please refer my blog to configure Fiori manually.
Manual Fiori Basis Configuration - S/4 HANA System #ATR
Step 2: GIT Fiori App INFO
- We can find Git-Enabled CTS App configuration list via Fiori Apps library.
- https://fioriappslibrary.hana.ondemand.com/sap/fix/externalViewer/#/detail/Apps('F4158')/S21OP
Information:
- ODATA - SCTS_GCTS_SRV
- UI5 - /sap/bc/ui5_ui5/sap/bc_cts_git & additional CTS_ABAPVCS
- Technical Catalog - SAP_BASIS_TCR_T
- No Business roles exists like other Fiori apps
- No Business catalog exist
- No Business group exist
Step 3: Creation of TEST user
- Create ‘TESTING’ user with standard Fiori roles and assign ODATA service.
- None of the Fiori apps assigned yet.
- We have also assigned SAP_BC_GCTS_ADMIN role to ‘TESTING’ user which consists of all gCTS authorizations and Git ODATA service. Make sure to generate profile if not yet generated.
- Note 2827411 not relevant to S4HANA 2022. It will be suitable for S4HANA 1909.
Step 4: SICF Service check
- Check SICF service - sap/bc_cts_git & cts_abapvcs
Step 5: FLP CUST – Git Apps Configuration
- Go to SAP Fiori Customization page. I’m preferring browser UI itself. Choose your preferred option from the below.
- /UI2/FLPD_CUST (Client Specific) or /UI2/FLPD_CONF (Cross-Client) transaction to setup Fiori apps configuration.
- I’m using Client Specific config only -> https://hostname:port/sap/bc/ui5_ui5/sap/arsrvc_upb_admn/main.html?scope=CUST&sap-client=XX&sap-lang...
- Login with user having full Fiori access. SAP_ALL profile also preferred.
- (Additional) You can also use Fiori Content Manager GUI itself for dealing with Catalogs. But usual UI is preferred since we need to deal with groups as well.
- Search with Technical Catalog “SAP_BASIS_TCR_T” and check whether Git Apps are reflecting.
- We have two apps for Git in latest S/4 HANA Systems. Usually, we will have Git Enabled CTS – Manage Repository App alone in older versions.
Git Enabled CTS:
Git Enabled CTS Manage Repository:
- Repository App contains correct target mapping.
- No need to edit anything in existing Git configuration in S4HANA Systems since it will be SAP Defined. You can change/add parameter accordingly for other fiori apps based on your scenarios.
- Create User defined Z_CATALOG.
- Once created, Drag and drop your required apps to create reference for both GIT Apps.
- Do the same procedure for ‘Target Mapping’ as well.
- Both GTS apps and Target Mapping copied to Z_GITLAB catalog.
- Create user defined group
- Add -> Select our Gitlab Apps from created Z_GITLAB Catalog.
- You can also create group and add apps directly from Technical Catalog instead of creating user defined catalog but it’s not recommended to touch technical catalog apps directly by reference.
Step 6: Assign Git catalog and group to our ‘TESTING’ user.
- We have successfully created Gitlab catalog/group which can be assigned in our ‘TESTING user’
- I’m adding to default “SAP_BC_GCTS_ADMIN” role itself.
- Make sure to generate profile. If any authorization object meant to be deleted, Add manually again. You can also prefer to create separate role for Git apps alone if you don’t want to be confused. I have used same role for easy pickings.
- Generated -> Added S_GCTS_SYS and generated once again. I’m not sure – how catalogs and groups affect Auth objects to delete it.
- Check in “TESTING” user launchpad now.
Step 7: Git App check
Error 1:
- We have an SICF service for GTS, but no ODATA service created for the same.
- Create ODATA service -
- ODATA will be SICF service scts_gcts_srv which already in running state.
- Reload Fiori launchpad
- Git app launched fine.
- You can follow steps which mentioned till now for any kind of Fiori apps access.
Step 8: Git Configuration
- Even if you create separate role for Git Apps and specific ODATA service ‘SCTS_GCTS_SRV’, you can able to launch Git app but ‘Enable gCTS’ option won’t be available if you didn’t provide ‘SAP_BC_GCTS_ADMIN’ role which have all GIT authorization objects.
- Start “Enable gCTS” wizard
gCTS Directory:
- I’m creating ‘gcts with ABAPSIDADM’ directory in suggested path itself. Make sure to check free space of your directory as well.
JAVA RUNTIME:
- By default, All SAP Systems (ABAP) will have SAPJVM installed on the below path.
- /sapmnt/SID/exe/uc/linuxx86_64/sapjvm_8/jre/bin
- Alias - > /usr/sap/SID/SYS/exe/uc/linuxx86_64/sapjvm_8/jre/bin
- We can also download and use latest SAPJVM from SAP Development tools site.
- Link-> https://tools.hana.ondemand.com/#cloud
- I’m using existing SAPJVM itself – Version – 8.1.044
GIT Client:
- By default, All ABAP Kernels will have abap2vcs.jar file.
Git Enabled CTS:
- By default, Git program scheduled to run in current application server which we used to launch Fiori launchpad.
- Select “Initialize System”
Summary:
Health Check Error:
- File Access – Added “SAP_BC_GCTS_REPO_DEVELOPER” role to my “TESTING” user. Generate role without fail.
- Even though, we assign mentioned GCTS Developer role, it won’t have full authorizations.
- Edit role and provide full authorizations to S_DATASET.
- Once provided, File Access check got successful.
- Make sure to open SSH 22 and HTTPs 44300 port for Outgoing communication.
- Git configuration completed successfully.
Step 9: Create Gitlab Project
- I’m creating new empty project for testing.
- URL to connect repository: https://gitlab.host /YourID/testing_gitlab
Step 10: Create and Clone Repository:
Clone Repository:
Error 1: Unable to find valid certification path
- To make ABAP system to trust Gitlab site, we need to upload Gitlab Root Certificate in JAVA RUNTIME cacerts file.
- Keytool path: /sapmnt/SID/exe/uc/linuxx86_64/sapjvm_8/jre/bin
- Java_runtime - cacerts path: /sapmnt/SID/exe/uc/linuxx86_64/sapjvm_8/jre/lib/security/cacerts
- Most of them will upload certificate on ABAP STRUST and check GIT connection. But actual SSL connection checks undergo via GIT JAVA Trusted CA only. As an additional, you can also import Git Root certificate additionally in ABAP STRUST - Anonymous as well.
- Git connection is working fine after uploading Root CA in Java cacerts list.
Error 2: Authentication Error:
- We can add Git Username and Password parameter in Configuration.
- Git Repository cloned fine.
- We can also set Token (key) Authentication instead of Username and Password. Token Expiration date – 1 year. Once token generated, make sure to save it. We can able to see token key only once.
- We should create token with atleast ‘Maintainer’ role to connect our repository from S4HANA System.
- Add “Token” and remove “User and Password” parameter.
- Git commit/Connection to Repository is fine via token authentication as well. I have manually done commit – using “Update to latest commit” option.
- If you provide incorrect password or token (key), connection will fail with “git-upload-pack not permitted error while cloning”. I have provided wrong token just for testing.
- We can use proxy parameter for S4HANA Cloud. It’s not available for On-premise S4HANA System.
We have successfully established connection between our S4HANA system and On-premise Gitlab Repository.
Thanks for Visiting!
Please do connect and follow my Linked In Profile
https://www.linkedin.com/in/ajaytr66/
AJAY TR - ATR - SAP BASIS ADMINISTRATOR
- SAP Managed Tags:
