With the help of this script one can automate the manual steps required to configure SSH between DB and Application servers. OR someone can take few tricks from the script and use it in their own Quest.
I am not describing the step by step process to configure SSH... because there are enough resources available through SDN and google.
That being said lets begin this blog:
When we have distributed installation for an SAP system where SAP Application and Database are installed on separate server, any DB task from DB13 or DB14 fails.
There are 3 methods to resolve the issue:
Option-1 involves less overhead in comparison to option-2 specially when we have Unix based systems.
What is Secure Shell ?
Secure Shell or SSH is a network protocol that allows data to be exchanged using a secure channel between two Servers. SSH uses public-key cryptography to authenticate the remote computer and allow the remote computer to authenticate the user, if necessary. SSH is typically used to log into a remote machine and execute commands.
Why I created the script?
Lets assume you have 7 dialog instances in your system, then you need to login to each server where dialog instance are running and perform SSH steps and also you need to login to your DB server. If you need to do this for all products in entire landscape then its a mundane and time consuming effort. So lets be lazy and allow the script the do the job for us.
In order to have better understanding of the script, it makes perfect sense to know the manual steps, which I am not going to describe here otherwise teachers will start yelling( :mad: ) at me! :razz: So please google and get steps, you can also check these notes and link.
Related Notes
Number | Short Text |
1520096 | How to use gateway parameter gw/rem_start |
1025707 | DBA Cockpit: Planning calendar and remote Oracle databases |
853610 | Configuring transaction DB13C for Oracle |
1028624 | Overview of DBA Cockpit for Oracle |
446172 | SXPG_COMMAND_EXECUTE (program_start_error) in DB13 |
I have made assumption that for all your servers "sudo su - root" should work. It will not affect the script if sudo su - root prompts for password or it goes directly. If it asks for password then you need to input the password multiple time, that is your only manual work for running this script. The other assumption is /sapmnt/<SID>/profile will be the common directory and it will be accessible from all Dialog Instance server and Database server.
I have successfully configured SSH with help of below script.
You need to create these two scripts sshSetup.sh & adm_ssh_setup.s
and place it under location: /sapcd/SSH_Setup/
Now you need to login with that ID from where you can execute sudo su - root, for example if I have my OS ID ishahmad then I will execute this Primary Script with my ID not with root or <sid>adm
I am expecting that this script will be executed by those people who have some basic idea of executing and playing with script. So that they will know what they are doing though I have tried to make it safe!
Primary Script - sshSetup.sh |
---|
# To configure the SSH Shell for <sid>adm user on Database Server # Login with your OWN unix ID to execute this script # DO NOT RUN this script with ROOT or <SID>ADM # Example: {You need to pass required SAP SID as argument} # [ishahmad@hostname ~]$ sshSetup.sh R1D #================================================================ zSidAdm=`echo $1| tr '[:upper:]' '[:lower:]'`adm zSID=`echo $1| tr '[:lower:]' '[:upper:]'` zProfilePath="/sapmnt/${zSID}/profile" zDbHost=`grep SAPDBHOST ${zProfilePath}/DEFAULT.PFL|cut -d= -f2` zHostList="" ztmpHost="" for tmpHost in `ls ${zProfilePath}/???_[D,J]*[0-9][0-9]_*|cut -d_ -f3` do chk=`host ${tmpHost} 2>/dev/null` validHost=$? if [[ "${tmpHost}" != "${ztmpHost}" && "${validHost}" = "0" ]]; then zHostList=${zHostList}" "${tmpHost} ztmpHost=${tmpHost} fi done echo "" echo "For ${zSID} System, Identified Application Servers host-names are :" echo ${zHostList} echo "========================================================================" echo "Database host name is :" echo ${zDbHost} echo "========================================================================" echo "Please press : c (Continue) / q (Quit)" read AnsWer echo $AnsWer case "$AnsWer" in c|C) echo "SSH Setup is going to start...." echo ${zSID} > $HOME/zSid.tmp echo DB > $HOME/zDB.tmp scp $HOME/z*.tmp ${zDbHost}:$HOME/ rm -f $HOME/zDB.tmp for tmpHost in ${zHostList} do scp $HOME/zSid.tmp ${tmpHost}:$HOME/ ssh -t ${tmpHost} "sudo su - root -c /sapcd/SSH_Setup/adm_ssh_setup.s" done ssh -t ${zDbHost} "sudo su - root -c /sapcd/SSH_Setup/adm_ssh_setup.s" echo "========================================================================" echo "SSH Setup Script Completed!!" echo "" echo "You need to restart all your SAP Application servers in order to reflect new value of parameter: gw/rem_start" echo "For the time being you can change this parameter dynamically to the new value SSH_SHELL" ;; q|Q) echo "Quitting this script!" ;; *) echo "Response not understood -- Setup Cancelled." esac |
Supporting Script - adm_ssh_setup.s |
---|
#Script to configure the SSH Shell for <sid>adm user on SAP Application & Database Server #There is no need to run this script manually, it will be called by sshSetup.sh # #=================================================================================== zEndUsr=`who am i|cut -d" " -f1` zEndUsrHome=`su - $zEndUsr -c pwd` zEndUsrHomeAbs="/"$(echo $zEndUsrHome|cut -d/ -f2)"/"$(echo $zEndUsrHome|cut -d/ -f3) Arg_1=`cat ${zEndUsrHomeAbs}/zSid.tmp` Arg_2=`cat ${zEndUsrHomeAbs}/zDB.tmp` zSidAdm=`echo ${Arg_1}| tr '[:upper:]' '[:lower:]'`adm zSID=`echo ${Arg_1}| tr '[:lower:]' '[:upper:]'` zHome=`su - $zSidAdm -c pwd` zHomeAbsolute="/"$(echo $zHome|cut -d/ -f2)"/"$(echo $zHome|cut -d/ -f3) zProfilePath="/sapmnt/${zSID}/profile" chmod ugo-s ${zHomeAbsolute} chmod 755 ${zHomeAbsolute} chown -R $zSidAdm:sapsys ${zHomeAbsolute} mv ${zHomeAbsolute}/.ssh ${zHomeAbsolute}/.ssh"_"$(date +%Y%m%d%H%M%S) 2>/dev/null su - $zSidAdm -c ssh-keygen if [ "$Arg_2" == "DB" ]; then echo "Acquiring Public key from Application Servers ..." cp ${zProfilePath}/id_rsa.pub_Appl ${zHomeAbsolute}/.ssh/authorized_keys chown $zSidAdm:sapsys ${zHomeAbsolute}/.ssh/authorized_keys chmod 600 ${zHomeAbsolute}/.ssh/authorized_keys rm -f ${zEndUsrHomeAbs}/zDB.tmp echo "gw/rem_start = SSH_SHELL" >> ${zProfilePath}/DEFAULT.PFL else echo "Storing Application Server Public key ..." cat ${zHomeAbsolute}/.ssh/id_rsa.pub >> ${zProfilePath}/id_rsa.pub_Appl chmod 777 ${zProfilePath}/id_rsa.pub_Appl chown $zSidAdm:sapsys ${zProfilePath}/id_rsa.pub_Appl fi rm -f ${zEndUsrHomeAbs}/zSid.tmp echo "Execution control returning from Server "$(hostname) echo "" |
My other Blogs, if you have time...
NWDS step by step (In the loving memory of SDM)
What's new in SAP NetWeaver 7.3 - A Basis perspective Part-I
What's new in SAP NetWeaver 7.3 - A Basis perspective Part-II
Bye bye STRUSTSSO2: New Central Certificate Administration NW7.3
Escaping tough moments of SPAM or SAINT
SAP Software Provisioning Manager : with screenshots
Multiple/Bulk transports with tp script for Unix (AIX, Solaris, HP-UX, Linux)
Script for deleting files within a directory structure with different retention days
Holistic Basis View: BusinessObjects BI 4.0 SP 2 Installation & Configuration
How to Rename the Oracle Listener & Change Listener port for SAP
OSS1 & RFC connections SAPOSS, SAPNET_RFC, SDCC_OSS
Start/Stop SAP along with your Unix Server Start/Stop
Interrelation: SAP work process, OPS$ mechanism, oracle client & oracle shadow process
Install and configure NetWeaver PI 7.3 Decentralize Adapter part-1
Install and configure NetWeaver PI 7.3 Decentralize Adapter part-2
List of Newly added/converted Dynamic parameter in NetWeaver 7.3
Sunset for ops$ mechanism: No more supported by Oracle & Not Used by SAP
Essential Basis for SAP (ABAP, BW, Functional) Consultants Part-I
Essential Basis for SAP (ABAP, BW, Functional) Consultants Part-II
Essential Basis for SAP (ABAP, BW, Functional) Consultants Part-III