Wrong hdbuserstore settings on PAS and AAS hosts

[abravosuse]

Used cloud platform Azure

Used SLES4SAP version SLES for SAP 15 SP3

Used client machine OS Windows

Expected behaviour vs observed behaviour I have deployed a SAP NetWeaver 7.5 on HANA system with

1) One AAS on dedicated host 2) One PAS on dedicated host 3) One ASCS/ERS cluster with 2 nodes 4) HANA scale-up luster with 2 nodes

After installation, the hdbuserstore default connection in both PAS and AAS hosts is pointing to the HANA primary node, port 31013. That is wrong, as in case of HANA failover, the PAS and ASS instances can no longer connect to the database. Instead, they should be pointing to the HANA virtual IP, port 31015.

How to reproduce

1. Clone locally repository commit 34efae1a8eccc8f0031786dc3a0712e1518d0bab.
2. Create file terraform.tfvars under /azure
3. Log on Azure with Azure CLI
4. Verify you are in the right Azure subscription
5. Create manually the resource group indicated in the terraform.tfvars file
6. Initialize terraform
7. Create new terraform workspace for deployment
8. Launch deployment, redirecting terraform output to log file which can be tailed in separate term:

Used terraform.tfvars

resource_group_name = "<ask_abravo>"
vnet_address_range = "10.80.0.0/16"
subnet_address_range = "10.80.1.0/24"
admin_user = "cloudadmin"
storage_account_name = "<ask_abravo>"
storage_account_key = "<ask_abravo>"
public_key = "~/.ssh/id_rsa_cloud.pub"
private_key = "~/.ssh/id_rsa_cloud"
bastion_enabled = false
os_image = "SUSE:sles-sap-15-sp3-byos:gen2:latest"
cluster_ssh_pub = "salt://sshkeys/cluster.id_rsa.pub"
cluster_ssh_key = "salt://sshkeys/cluster.id_rsa"
reg_code = "<registration_code>" 
reg_email = "<employee_email_address>"
ha_sap_deployment_repo = "https://download.opensuse.org/repositories/network:ha-clustering:sap-deployments:v7"
provisioning_log_level = "error"
hana_name = "vmhdbprd"
hana_ips = ["10.80.1.11", "10.80.1.12"]
hana_inst_master = "//<storage_account_name>.file.core.windows.net/hana/51055267"
hana_sid = HDP"
hana_instance_number = "10"
hana_master_password = "<ask_abravo>"
hana_primary_site = "NBG"
hana_secondary_site = "WDF"
hana_cluster_vip = "10.80.1.13"
drbd_name = "vmdrbdprd"
drbd_enabled = true
drbd_ips = ["10.80.1.31", "10.80.1.32"]
drbd_cluster_vip = "10.80.1.33"
netweaver_name = "vmnwprd"
netweaver_enabled = true
netweaver_ips = ["10.80.1.21", "10.80.1.22", "10.80.1.23", "10.80.1.24"]
netweaver_virtual_ips = ["10.80.1.25", "10.80.1.26", "1080.1.27", "10.80.1.28"]
netweaver_sid = "NWP"
netweaver_master_password = "<ask_abravo>"
netweaver_storage_account_name = "<ask_abravo>"
netweaver_storage_account_key = "<ask_abravo>"
netweaver_storage_account = "//<netweaver_storage_account_name>.file.core.windows.net/netweaver"
netweaver_swpm_folder = "SWPM10SP33"
netweaver_sapexe_folder = "Kernel"
netweaver_additional_dvds = ["51050829_3", "51055267"]
pre_deployment = true

Logs I have downloaded the following logs from PAS host and can provide via DM on-demand:

• /var/log/salt-os-setup.log
• /var/log/salt-predeployment.log
• /var/log/salt-deployment.log
• /var/log/salt-result.log

[yeoldegrove]

@abravosuse Thanks for finding this. I guess you got the ports mixed up 31013/31015 (wrong) vs. 30013/30015 (right)

Just checked the following:

• ASCS install uses correct host (HA VIP)

  vmnetweaver01:~ # grep dbhost /sapmnt/HA1/profile/DEFAULT.PFL
  j2ee/dbhost = 10.74.1.12

• ASCS has no hdbuserstore entry, fine
• PAS/AAS use the same profile, so DB connect itself is fine after a failover
• PAS/AAS's hdbuserstore entry is created during sapinst

  vmnetweaver03:~ # grep "hdbuserstore.*SET" /tmp/swpm_unattended/sapinst.log
  Output of /usr/sap/HA1/hdbclient/hdbuserstore -i -H sapha1pas SET DEFAULT vmhana01.internal.cloudapp.net:30013@PRD SAPABAP1 is written to the logfile userstore_DEFAULT.log.
  Execution of the command "/usr/sap/HA1/hdbclient/hdbuserstore -i -H sapha1pas SET DEFAULT vmhana01.internal.cloudapp.net:30013@PRD SAPABAP1" finished with return code 0. Output:

• one can change the sapinst parameter via this parameter:

  --- /usr/share/salt-formulas/states/netweaver/templates/aas.inifile.params.j2.org   2022-03-01 13:33:16.674049235 +0000
  +++ /usr/share/salt-formulas/states/netweaver/templates/aas.inifile.params.j2   2022-03-01 13:41:31.249668374 +0000
  @@ -27,7 +27,7 @@
  # HDB_Schema_Check_Dialogs.validateSchemaName = true
  
  # Database hostnames that will be set directly in hdbuserstore without resolving them in HANA. Comma separated. Example (host1,host2)
  -# HDB_Userstore.doNotResolveHostnames =
  +HDB_Userstore.doNotResolveHostnames = {{ hana_host }}
  
  # Alternative port for SystemDB to be used in hdbuserstore
  # HDB_Userstore.systemDBPort =

• Which ends up in the following hdbuserstore entry:

  
  vmnetweaver04:~ # grep "hdbuserstore.*SET" /tmp/swpm_unattended/sapinst.log
  Output of /usr/sap/HA1/hdbclient/hdbuserstore -i -H sapha1aas1 SET DEFAULT 10.74.1.12:30013@PRD SAPABAP1 is written to the logfile userstore_DEFAULT.log.
  Execution of the command "/usr/sap/HA1/hdbclient/hdbuserstore -i -H sapha1aas1 SET DEFAULT 10.74.1.12:30013@PRD SAPABAP1" finished with return code 0. Output:

vmnetweaver04:ha1adm 18> hdbuserstore List DATA FILE : /home/ha1adm/.hdb/sapha1aas1/SSFS_HDB.DAT KEY FILE : /home/ha1adm/.hdb/sapha1aas1/SSFS_HDB.KEY

KEY DEFAULT ENV : 10.74.1.12:30013 --> VIP and SYSTEMDB port USER: SAPABAP1 DATABASE: PRD

- which works out fine, even after a failover

vmnetweaver04:ha1adm 46> hdbsql -U DEFAULT -d PRD "select count() from schemas;" | tail COUNT() 34 1 row selected (overall time 1389 usec; server time 184 usec)

vmnetweaver04:ha1adm 47> hdbsql -U DEFAULT "select count() from schemas;" | tail COUNT() 34 1 row selected (overall time 1215 usec; server time 149 usec)

- connection to SYSTEMDB (30013) instead of TENANT (30015) is fine according to SAP docs
  - https://help.sap.com/viewer/b3ee5778bc2e4a089d3299b82ec762a7/2.0.05/en-US/dd95ac9dbb571014a7d7f0234d762fdb.html

> Connecting to a Requested Tenant Database
> You can associate a key with tenant database information for use in a connection attempt. The server keeps track of which tenant databases are assigned to which ports for a host in the system database. You should only supply the host name/port pair for the system database that you plan to connect to, with each host specification being one of the three master nameservers associated with the system. The database name, when supplied in a connection attempt, is used to query a system database that runs on a well-defined port.

A fix will be supplied shortly.

[yeoldegrove]

@abravosuse Hope this fix is sufficient for you.

[abravosuse]

Thank you @yeoldegrove. Yes, the fix is sufficient for me.

Just two comments:

• Connection ports depend on the instance number: 3XX13 for the nameserver (systemdb tenant), 3XX15 for the indexserver (abap tenant). My deployment uses instance number 10, hence the 31013 and the 31015
• Regarding the connection port in the hdbuserstore default entry, you are right, it should be the port of the nameserver (systemdb tenant) 3XX13.

Thanks a lot!