{"id":20695801,"url":"https://github.com/ibm-cloud/sap-s4hana","last_synced_at":"2025-10-04T12:09:36.416Z","repository":{"id":45056657,"uuid":"470676869","full_name":"IBM-Cloud/sap-s4hana","owner":"IBM-Cloud","description":"Automating S/4HANA on 3-tier IBM VPC Cloud with Terraform and Ansible","archived":false,"fork":false,"pushed_at":"2024-11-13T16:28:41.000Z","size":248,"stargazers_count":5,"open_issues_count":0,"forks_count":5,"subscribers_count":13,"default_branch":"main","last_synced_at":"2025-01-11T19:41:56.583Z","etag":null,"topics":["ansible","automation","hcl","ibm-cloud","sap-hana","terraform","virtual-private-cloud"],"latest_commit_sha":null,"homepage":"https://cloud.ibm.com/docs/sap?topic=sap-automate-s4hana-terraform-ansible\u0026interface=terraform","language":"HCL","has_issues":false,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/IBM-Cloud.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2022-03-16T17:01:29.000Z","updated_at":"2024-11-13T16:28:45.000Z","dependencies_parsed_at":"2023-01-30T00:45:51.988Z","dependency_job_id":"b30ba65d-9f8e-4d66-8c7c-451dcf5a97cf","html_url":"https://github.com/IBM-Cloud/sap-s4hana","commit_stats":null,"previous_names":[],"tags_count":21,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/IBM-Cloud%2Fsap-s4hana","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/IBM-Cloud%2Fsap-s4hana/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/IBM-Cloud%2Fsap-s4hana/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/IBM-Cloud%2Fsap-s4hana/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/IBM-Cloud","download_url":"https://codeload.github.com/IBM-Cloud/sap-s4hana/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":250317039,"owners_count":21410672,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ansible","automation","hcl","ibm-cloud","sap-hana","terraform","virtual-private-cloud"],"created_at":"2024-11-17T00:10:58.280Z","updated_at":"2025-10-04T12:09:31.349Z","avatar_url":"https://github.com/IBM-Cloud.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Three Tier SAP S/4HANA Stack Deployment using Terraform and Ansible Automation\n\n## Description\nThis automation solution is designed for the deployment of **Three Tier SAP S/4HANA Stack** using IBM Cloud Schematics or CLI. The SAP solution will be deployed on top of one of the following Operating Systems: **Red Hat Enterprise Linux 8.6 for SAP, Red Hat Enterprise Linux 8.4 for SAP, SUSE Linux Enterprise Server 15 SP 4 for SAP, SUSE Linux Enterprise Server 15 SP 3 for SAP** in an existing IBM Cloud Gen2 VPC, using an existing [bastion host with secure remote SSH access](https://github.com/IBM-Cloud/sap-bastion-setup).\n\nThe solution is based on Terraform scripts and Ansible playbooks and it is implementing a 'reasonable' set of best practices for SAP hosts configuration.\n\n**It contains:**\n- Terraform scripts for the deployment of two servers, in an EXISTING VPC, with Subnet and Security Group. The servers are intended to be used: one for the data base instance and the other for the application instance. The automation has support for the following versions: Terraform \u003e= 1.5.7 and IBM Cloud provider for Terraform \u003e= 1.57.0.  Note: The deployment was tested with Terraform 1.6.6\n- Bash scripts used for the checking of the prerequisites required by SAP servers deployment and for the integration into a single step in IBM Schematics GUI of the server provisioning and the **SAP S/4HANA Stack** installation.\n- Ansible scripts to configure the LVM and filesystems, the OS parameters, a Three Tier SAP S/4HANA primary application server and a HANA 2.0 node.\nPlease note that Ansible is started by Terraform and must be available on the same host.\n\n## Contents\n\n- [1.1 Installation media](#11-installation-media)\n- [1.2 Server Configuration](#12-server-configuration)\n- [1.3 VPC Configuration](#13-vpc-configuration)\n- [1.4 Files description and structure](#14-files-description-and-structure)\n- [1.5 General input variabiles](#15-general-input-variables)\n- [2.1 Executing the deployment of **Three Tiers SAP S4HANA Stack** in GUI (Schematics)](#21-executing-the-deployment-of-three-tiers-sap-s4hana-stack-in-gui-schematics)\n- [2.2 Executing the deployment of **Three Tiers SAP S4HANA Stack** in CLI](#22-executing-the-deployment-of-three-tiers-sap-s4hana-stack-in-cli)\n- [3.1 Related links](#31-related-links)\n\n## 1.1 Installation media\nSAP HANA installation media used for this deployment is the default one for **SAP HANA, platform edition 2.0 SPS07** available at SAP Support Portal under *INSTALLATION AND UPGRADE* area and it has to be provided manually in the input parameter file.\n\nSAP S/4HANA installation media used for this deployment is the default one for **SAP S/4HANA 2.0** available at SAP Support Portal under *INSTALLATION AND UPGRADE* area and it has to be provided manually in the input parameter file.\n\n## 1.2 Server Configuration\nThe Servers are deployed with one of the following Operating Systems for DB server: **Red Hat Enterprise Linux 8.6 for SAP HANA (amd64)**, **Red Hat Enterprise Linux 8.4 for SAP HANA (amd64)**, **Suse Linux Enterprise Server 15 SP 4 for SAP HANA (amd64)**, **Suse Linux Enterprise Server 15 SP 3 for SAP HANA (amd6)** and with one of the following Operating Systems for APP server: **Red Hat Enterprise Linux 8.6 for SAP Applications (amd64)**, **Red Hat Enterprise Linux 8.4 for SAP Applications (amd64)**, **Suse Enterprise Linux 15 SP4 for SAP Applications (amd64)**, **Suse Enterprise Linux 15 SP3 for SAP Applications (amd64)**. The SSH keys are configured to allow root user access. The following storage volumes are creating during the provisioning:\n\nHANA DB VSI Disks:\n- the disk sizes depend on the selected profile, according to [Intel Virtual Server certified profiles on VPC infrSAP HANA DB Server Disks:\n- the disk sizes depend on the selected profile, according to [Intel Virtual Server certified profiles on VPC infrastructure for SAP HANA](https://cloud.ibm.com/docs/sap?topic=sap-hana-iaas-offerings-profiles-intel-vs-vpc) - Last updated 2023-12-28 and to [Bare metal servers certified profiles on VPC infrastructure for SAP HANA](https://cloud.ibm.com/docs/sap?topic=sap-hana-iaas-offerings-profiles-intel-bm-vpc) - Last updated 2024-05-13\n\nNote: For SAP HANA on a VSI, according to [Intel Virtual Server certified profiles on VPC infrastructure for SAP HANA](https://cloud.ibm.com/docs/sap?topic=sap-hana-iaas-offerings-profiles-intel-vs-vpc#vx2d-16x224) - Last updated 2022-01-28 and to [Storage design considerations](https://cloud.ibm.com/docs/sap?topic=sap-storage-design-considerations) - Last updated 2024-01-25, LVM will be used for **`/hana/data`**, **`hana/log`**, **`/hana/shared`** and **`/usr/sap`**, for all storage profiles, with the following exceptions:\n- **`/hana/data`** and **`/hana/shared`** for the following profiles: **`vx2d-44x616`** and **`vx2d-88x1232`**\n- **`/hana/shared`** for the following profiles: **`vx2d-144x2016`**, **`vx2d-176x2464`**, **`ux2d-36x1008`**, **`ux2d-48x1344`**, **`ux2d-72x2016`**, **`ux2d-100x2800`**, **`ux2d-200x5600`**.\n\nFor example, in case of deploying a SAP HANA on a VSI, using the value `mx2-16x128` for the VSI profile , the automation will execute the following storage setup:  \n- 3 volumes x 500 GB each for `\u003csid\u003e_hana_vg` volume group\n  - the volume group will contain the following logical volumes (created with three stripes):\n    - `\u003csid\u003e_hana_data_lv` - size 988 GB\n    - `\u003csid\u003e_hana_log_lv` - size 256 GB\n    - `\u003csid\u003e_hana_shared` - size 256 GB\n- 1 volume x 50 GB for `/usr/sap` (volume group: `\u003csid\u003e_usr_sap_vg`, logical volume: `\u003csid\u003e_usr_sap_lv`)\n- 1 volume x 10 GB for a 2 GB SWAP logical volume (volume group: `\u003csid\u003e_swap_vg`, logical volume: `\u003csid\u003e_swap_lv`)\n\nIn case of deploying a SAP HANA on a Bare Metal Server, using the value `bx2d-metal-96x384` for the Bare Metal Server profile, the automation will execute the following storage setup:  \n- 4 disks x 2.9 TB each for `\u003csid\u003e_vg0` volume group\n  - the volume group will contain the following logical volumes (created with raid10, mirror and two stripes):\n    - `\u003csid\u003e_hana_log_lv` - size 384 GB\n    - `\u003csid\u003e_hana_shared` - size 384 GB\n- 4 disks x 2.9 TB each for `\u003csid\u003e_vg1` volume group\n  - the volume group will contain the following logical volumes (created with raid10, mirror and two stripes):\n    - `\u003csid\u003e_hana_data_lv` - size 100%FREE\n- 1 directory `/usr/sap`\n- 1 SWAP file of 2 GB `/\u003csid\u003e_swapfile`\n\nSAP APPs VSI Disks:\n- 1 disk with 10 IOPS / GB - SWAP (the size depends on the OS profile used, for `bx2-4x16` the size will be 48 GB)\n- 1 x 128 GB disk with 10 IOPS / GB - DATA\n\nIn order to perform the deployment you can use either the CLI component or the GUI component (Schematics) of the automation solution.\n\n## 1.3 VPC Configuration\n\nThe Security Rules inherited from BASTION deployment are the following:\n- Allow all traffic in the Security group for private networks.\n- Allow outbound traffic  (ALL for port 53, TCP for ports 80, 443, 8443)\n- Allow inbound SSH traffic (TCP for port 22) from IBM Schematics Servers.\n\n## 1.4 Files description and structure\n\nThe solution is based on Terraform remote-exec and Ansible playbooks executed by Schematics and it is implementing a 'reasonable' set of best practices for SAP server configuration.\n\n - `modules` - directory containing the terraform modules.\n - `ansible`  - directory containing the SAP ansible playbooks.\n - `main.tf` - contains the configuration of the server for the deployment of the current SAP solution.\n - `output.tf` - contains the code for the information to be displayed after the server is created (VPC, Hostname, Private IP).\n - `integration*.tf \u0026 generate*.tf` files - contain the integration code that makes the SAP variabiles from Terraform available to Ansible.\n - `provider.tf` - contains the IBM Cloud Provider data in order to run `terraform init` command.\n - `variables.tf` - contains variables for the VPC and server.\n - `versions.tf` - contains the minimum required versions for terraform and IBM Cloud provider.\n - `sch.auto.tfvars` - contains programatic variables.\n\n## 1.5 General Input variables\n\nThe following parameters can be set:\n\n**General input parameters:**\n\nParameter | Description\n----------|------------\nIBMCLOUD_API_KEY | IBM Cloud API key (Sensitive* value). The IBM Cloud API Key can be created [here](https://cloud.ibm.com/iam/apikeys)\nSSH_KEYS | List of SSH Keys UUIDs that are allowed to SSH as root to the server. Can contain one or more IDs. The list of SSH Keys is available [here](https://cloud.ibm.com/vpc-ext/compute/sshKeys). \u003cbr /\u003e Sample input (use your own SSH UUIDs from IBM Cloud):\u003cbr /\u003e [ \"r010-57bfc315-f9e5-46bf-bf61-d87a24a9ce7a\" , \"r010-3fcd9fe7-d4a7-41ce-8bb3-d96e936b2c7e\" ]\nBASTION_FLOATING_IP | BASTION FLOATING IP. It can be copied from the Bastion Server Deployment \"OUTPUTS\" at the end of \"Apply plan successful\" message.\nRESOURCE_GROUP | The name of an EXISTING Resource Group for servers and Volumes resources. \u003cbr /\u003e Default value: \"Default\". The list of Resource Groups is available [here](https://cloud.ibm.com/account/resource-groups).\nREGION | The cloud region where to deploy the solution. \u003cbr /\u003e The regions and zones for VPC are listed [here](https://cloud.ibm.com/docs/containers?topic=containers-regions-and-zones#zones-vpc). \u003cbr /\u003e Review supported locations in IBM Cloud Schematics [here](https://cloud.ibm.com/docs/schematics?topic=schematics-locations).\u003cbr /\u003e Sample value: eu-de.\nZONE | The cloud zone where to deploy the solution. \u003cbr /\u003e Sample value: eu-de-2.\nVPC | The name of an EXISTING VPC. The list of VPCs is available [here](https://cloud.ibm.com/vpc-ext/network/vpcs)\nSUBNET | The name of an EXISTING Subnet. The list of Subnets is available [here](https://cloud.ibm.com/vpc-ext/network/subnets). \nSECURITY_GROUP | The name of an EXISTING Security group. The list of Security Groups is available [here](https://cloud.ibm.com/vpc-ext/network/securityGroups). \n\n**Server input parameters**\nParameter | Description\n----------|------------\nHANA_SERVER_TYPE | The type of SAP HANA Server. Allowed vales: \"virtual\" or \"bare metal\"\nDB_HOSTNAME | The Hostname for the HANA Server. The hostname should be up to 13 characters as required by SAP.  For more information on rules regarding hostnames for SAP systems, check [SAP Note 611361: Hostnames of SAP ABAP Platform servers](https://launchpad.support.sap.com/#/notes/%20611361)\nDB_PROFILE | The instance profile used for the SAP HANA Server. The list of the certified profiles for SAP HANA on a VSI is available [here](https://cloud.ibm.com/docs/sap?topic=sap-hana-iaas-offerings-profiles-intel-vs-vpc). The list of the certified profiles for SAP HANA on a Bare Metal Server is available [here](https://cloud.ibm.com/docs/sap?topic=sap-hana-iaas-offerings-profiles-intel-bm-vpc). \u003cbr\u003e Details about all x86 instance profiles are available [here](https://cloud.ibm.com/docs/vpc?topic=vpc-profiles). \u003cbr\u003e  For more information about supported DB/OS and IBM Gen 2 Servers, check [SAP Note 2927211: SAP Applications on IBM Virtual Private Cloud](https://launchpad.support.sap.com/#/notes/2927211) \u003cbr /\u003e\nDB_IMAGE | The OS image used for HANA Server (See Obs*). A list of images is available [here](https://cloud.ibm.com/docs/vpc?topic=vpc-about-images).\u003cbr /\u003e Default value: ibm-redhat-8-6-amd64-sap-hana-6\nAPP_HOSTNAME | The Hostname for the SAP Application VSI. The hostname should be up to 13 characters as required by SAP.  For more information on rules regarding hostnames for SAP systems, check [SAP Note 611361: Hostnames of SAP ABAP Platform servers](https://launchpad.support.sap.com/#/notes/%20611361)\nAPP_PROFILE |  The instance profile used for SAP Application VSI. A list of profiles is available [here](https://cloud.ibm.com/docs/vpc?topic=vpc-profiles) \u003cbr\u003e  For more information about supported DB/OS and IBM Gen 2 Virtual Server Instances (VSI), check [SAP Note 2927211: SAP Applications on IBM Virtual Private Cloud](https://launchpad.support.sap.com/#/notes/2927211) \u003cbr /\u003e Default value: \"bx2-4x16\"\nAPP_IMAGE | The OS image used for SAP Application VSI (See Obs*). A list of images is available [here](https://cloud.ibm.com/docs/vpc?topic=vpc-about-images).\u003cbr /\u003e Default value: ibm-redhat-8-6-amd64-sap-applications-6\n\n\n**SAP input parameters**\n\nParameter | Description | Requirements\n----------|-------------|-------------\nS4HANA_VERSION | The version of S/4HANA | The version can take one of the following values: 2020, 2021, 2022, 2023.\nHANA_SID | The SAP system ID identifies the SAP HANA system. Default value: HDB \u003cbr /\u003e _(See Obs.*)_ | \u003cul\u003e\u003cli\u003eConsists of exactly three alphanumeric characters\u003c/li\u003e\u003cli\u003eHas a letter for the first character\u003c/li\u003e\u003cli\u003eDoes not include any of the reserved IDs listed in SAP Note 1979280\u003c/li\u003e\u003c/ul\u003e|\nHANA_TENANT | SAP HANA tenant name. Default value: HDB | \nHANA_SYSNO | Specifies the instance number of the SAP HANA system| \u003cul\u003e\u003cli\u003eTwo-digit number from 00 to 97\u003c/li\u003e\u003cli\u003eMust be unique on a host\u003c/li\u003e\u003c/ul\u003e\nHANA_SYSTEM_USAGE  | System Usage | Default: custom\u003cbr\u003e Valid values: production, test, development, custom\nHANA_COMPONENTS | SAP HANA Components | Default: server\u003cbr\u003e Valid values: all, client, es, ets, lcapps, server, smartda, streaming, rdsync, xs, studio, afl, sca, sop, eml, rme, rtl, trp\nKIT_SAPHANA_FILE | Path to SAP HANA ZIP file (See Obs*). | As downloaded from SAP Support Portal\nSAP_SID | The SAP system ID \u003cSAPSID\u003e identifies the entire SAP system | \u003cul\u003e\u003cli\u003eConsists of exactly three alphanumeric characters\u003c/li\u003e\u003cli\u003eHas a letter for the first character\u003c/li\u003e\u003cli\u003eDoes not include any of the reserved IDs listed in SAP Note 1979280\u003c/li\u003e\u003c/ul\u003e\nSAP_ASCS_INSTANCE_NUMBER | Technical identifier for internal processes of ASCS| \u003cul\u003e\u003cli\u003eTwo-digit number from 00 to 97\u003c/li\u003e\u003cli\u003eMust be unique on a host\u003c/li\u003e\u003c/ul\u003e\nSAP_CI_INSTANCE_NUMBER | Technical identifier for internal processes of CI| \u003cul\u003e\u003cli\u003eTwo-digit number from 00 to 97\u003c/li\u003e\u003cli\u003eMust be unique on a host\u003c/li\u003e\u003c/ul\u003e\nHDB_CONCURRENT_JOBS | Number of concurrent jobs used to load and/or extract archives to HANA Host | Default: 23\nKIT_SAPCAR_FILE  | Path to sapcar binary | As downloaded from SAP Support Portal\nKIT_SWPM_FILE | Path to SWPM archive (SAR) | As downloaded from SAP Support Portal\nKIT_SAPEXE_FILE | Path to SAP Kernel OS archive (SAR) | As downloaded from SAP Support Portal\nKIT_SAPEXEDB_FILE | Path to SAP Kernel DB archive (SAR) | As downloaded from SAP Support Portal\nKIT_IGSEXE_FILE | Path to IGS archive (SAR) | As downloaded from SAP Support Portal\nKIT_IGSHELPER_FILE | Path to IGS Helper archive (SAR) | As downloaded from SAP Support Portal\nKIT_SAPHOSTAGENT_FILE | Path to SAP Host Agent archive (SAR) | As downloaded from SAP Support Portal\nKIT_HDBCLIENT_FILE | Path to HANA DB client archive (SAR) | As downloaded from SAP Support Portal\nKIT_S4HANA_EXPORT | Path to S/4HANA Installation Export dir | The archives downloaded from SAP Support Portal should be present in this path\n\nParameter | Description | Requirements\n----------|-------------|-------------\nSAP_MAIN_PASSWORD | Common password for all users that are created during the installation | \u003cul\u003e\u003cli\u003eIt must be 8 to 14 characters long\u003c/li\u003e\u003cli\u003eIt must contain at least one digit (0-9)\u003c/li\u003e\u003cli\u003eIt must not contain \\ (backslash) and \" (double quote)\u003c/li\u003e\u003c/ul\u003e\nHANA_MAIN_PASSWORD | HANA system master password | \u003cul\u003e\u003cli\u003eIt must be 8 to 14 characters long\u003c/li\u003e\u003cli\u003eIt must contain at least one digit (0-9)\u003c/li\u003e\u003cli\u003eIt must not contain \\ (backslash) and \" (double quote)\u003c/li\u003e\u003cli\u003eMaster Password must contain at least one upper-case character\u003c/li\u003e\u003c/ul\u003e\n\n**Obs**: \u003cbr /\u003e   \n\n- **Sensitive** - The variable value is not displayed in your Schematics logs and it is hidden in the input field.\u003cbr /\u003e\n- The following parameters should have the same values as the ones set for the BASTION server: REGION, ZONE, VPC, SUBNET, SECURITYGROUP.\n- For any manual change in the terraform code, you have to make sure that you use a certified image based on the SAP NOTE: 2927211.\n\n**Installation media validated for this solution:**\n\n---\nS/4HANA 2023\n---\n\nComponent | Version | Filename\n----------|-------------|-------------\nSAPCAR | 7.22 | SAPCAR_1010-70006178.EXE\nSOFTWARE PROVISIONING MGR | 2.0 SP17 PL 0 | SWPM20SP17_0-80003424.SAR\nSAP KERNEL | 7.93 64-BIT UNICODE | SAPEXE_60-70007807.SAR\u003cbr\u003e SAPEXEDB_60-70007806.SAR\nSAP IGS | 7.81 PL 4 | igsexe_4-70005417.sar\nSAP IGS HELPER | PL 17 | igshelper_17-10010245.sar\nSAP HOST AGENT | 7.22 SP61 | SAPHOSTAGENT61_61-80004822.SAR\nHANA CLIENT | 2.18 | IMDB_CLIENT20_018_27-80002082.SAR\nHANA DB | 2.0 SPS07 rev73 | 51057281.ZIP\n\n**OS images validated for this solution:**\n\nOS version | Image | Role\n-----------|-----------|-----------\nRed Hat Enterprise Linux 8.6 for SAP HANA (amd64) | ibm-redhat-8-6-amd64-sap-hana-6 | DB\nRed Hat Enterprise Linux 8.6 for SAP Applications (amd64) | ibm-redhat-8-6-amd64-sap-applications-6 | APP\nSUSE Linux Enterprise Server 15 SP4 for SAP HANA | ibm-sles-15-4-amd64-sap-hana-7 | DB\nSUSE Linux Enterprise Server 15 SP4 for SAP Applications | ibm-sles-15-4-amd64-sap-applications-8 | APP\nRed Hat Enterprise Linux 8.4 for SAP HANA (amd64) | ibm-redhat-8-4-amd64-sap-hana-10 | DB\nRed Hat Enterprise Linux 8.4 for SAP Applications (amd64) | ibm-redhat-8-4-amd64-sap-applications-10 | APP\nSUSE Linux Enterprise Server 15 SP3 for SAP HANA | ibm-sles-15-3-amd64-sap-hana-10 | DB\nSUSE Linux Enterprise Server 15 SP3 for SAP Applications | ibm-sles-15-3-amd64-sap-applications-11 | APP\n\n---\nS/4HANA 2022\n---\n\nComponent | Version | Filename\n----------|-------------|-------------\nSAPCAR | 7.22 | SAPCAR_1010-70006178.EXE\nSOFTWARE PROVISIONING MGR | 2.0 SP15 PL 5 | SWPM20SP15_5-80003424.SAR\nSAP KERNEL | 7.89 64-BIT UNICODE PL 200| SAPEXE_200-70006642.SAR\u003cbr\u003e SAPEXEDB_200-70006641.SAR\nSAP IGS | 7.81 PL 4 | igsexe_4-70005417.sar\nSAP IGS HELPER | PL 17 | igshelper_17-10010245.sar\nSAP HOST AGENT | 7.22 SP61 | SAPHOSTAGENT61_61-80004822.SAR\nHANA CLIENT | 2.18 | IMDB_CLIENT20_018_27-80002082.SAR\nHANA DB | 2.0 SPS07 rev73 | 51057281.ZIP\n\n**OS images validated for this solution:**\n\nOS version | Image | Role\n-----------|-----------|-----------\nRed Hat Enterprise Linux 8.6 for SAP HANA (amd64) | ibm-redhat-8-6-amd64-sap-hana-6 | DB\nRed Hat Enterprise Linux 8.6 for SAP Applications (amd64) | ibm-redhat-8-6-amd64-sap-applications-6 | APP\nSUSE Linux Enterprise Server 15 SP4 for SAP HANA | ibm-sles-15-4-amd64-sap-hana-7 | DB\nSUSE Linux Enterprise Server 15 SP4 for SAP Applications | ibm-sles-15-4-amd64-sap-applications-8 | APP\nRed Hat Enterprise Linux 8.4 for SAP HANA (amd64) | ibm-redhat-8-4-amd64-sap-hana-10 | DB\nRed Hat Enterprise Linux 8.4 for SAP Applications (amd64) | ibm-redhat-8-4-amd64-sap-applications-10 | APP\nSUSE Linux Enterprise Server 15 SP3 for SAP HANA | ibm-sles-15-3-amd64-sap-hana-10 | DB\nSUSE Linux Enterprise Server 15 SP3 for SAP Applications | ibm-sles-15-3-amd64-sap-applications-11 | APP\n\n---\nS/4HANA 2021\n---\n\nComponent | Version | Filename\n----------|-------------|-------------\nSAPCAR | 7.22 | SAPCAR_1010-70006178.EXE\nSOFTWARE PROVISIONING MGR | 2.0 SP15 PL 5 | SWPM20SP15_5-80003424.SAR\nSAP KERNEL | 7.89 64-BIT UNICODE PL 200| SAPEXE_200-70006642.SAR\u003cbr\u003e SAPEXEDB_200-70006641.SAR\nSAP IGS | 7.81 PL 4 | igsexe_4-70005417.sar\nSAP IGS HELPER | PL 17 | igshelper_17-10010245.sar\nSAP HOST AGENT | 7.22 SP61 | SAPHOSTAGENT61_61-80004822.SAR\nHANA CLIENT | 2.18 | IMDB_CLIENT20_018_27-80002082.SAR\nHANA DB | 2.0 SPS07 rev73 | 51057281.ZIP\n\n**OS images validated for this solution:**\n\nOS version | Image | Role\n-----------|-----------|-----------\nRed Hat Enterprise Linux 8.6 for SAP HANA (amd64) | ibm-redhat-8-6-amd64-sap-hana-6 | DB\nRed Hat Enterprise Linux 8.6 for SAP Applications (amd64) | ibm-redhat-8-6-amd64-sap-applications-6 | APP\nSUSE Linux Enterprise Server 15 SP4 for SAP HANA | ibm-sles-15-4-amd64-sap-hana-7 | DB\nSUSE Linux Enterprise Server 15 SP4 for SAP Applications | ibm-sles-15-4-amd64-sap-applications-8 | APP\nRed Hat Enterprise Linux 8.4 for SAP HANA (amd64) | ibm-redhat-8-4-amd64-sap-hana-10 | DB\nRed Hat Enterprise Linux 8.4 for SAP Applications (amd64) | ibm-redhat-8-4-amd64-sap-applications-10 | APP\nSUSE Linux Enterprise Server 15 SP3 for SAP HANA | ibm-sles-15-3-amd64-sap-hana-10 | DB\nSUSE Linux Enterprise Server 15 SP3 for SAP Applications | ibm-sles-15-3-amd64-sap-applications-11 | APP\n\n---\nS/4HANA 2020\n---\n\nComponent | Version | Filename\n----------|-------------|-------------\nSAPCAR | 7.22 | SAPCAR_1010-70006178.EXE\nSOFTWARE PROVISIONING MGR | 2.0 SP15 PL 5 | SWPM20SP15_5-80003424.SAR\nSAP KERNEL | 7.81 64-BIT UNICODE PL 100| SAPEXE_100-70005283.SAR\u003cbr\u003e SAPEXEDB_100-70005282.SAR\nSAP KERNEL | 7.85 64-BIT UNICODE PL 300| SAPEXE_300-80005374.SAR\u003cbr\u003e SAPEXEDB_300-80005373.SAR\nSAP KERNEL | 7.89 64-BIT UNICODE PL 200| SAPEXE_200-70006642.SAR\u003cbr\u003e SAPEXEDB_200-70006641.SAR\nSAP IGS | 7.81 PL 1 | igsexe_1-70005417.sar\nSAP IGS | 7.81 PL 3 | igsexe_3-70005417.sar\nSAP IGS | 7.81 PL 4 | igsexe_4-70005417.sar\nSAP IGS HELPER | PL 17 | igshelper_17-10010245.sar\nSAP HOST AGENT | 7.22 SP61 | SAPHOSTAGENT61_61-80004822.SAR\nHANA CLIENT | 2.17 | IMDB_CLIENT20_017_22-80002082.SAR\nHANA CLIENT | 2.18 | IMDB_CLIENT20_018_27-80002082.SAR\nHANA DB | 2.0 SPS05 rev59.05 | 51056441.ZIP\nHANA DB | 2.0 SPS07 rev73 | 51057281.ZIP\n\n**OS images validated for this solution:**\n\nOS version | Image | Role\n-----------|-----------|-----------\nRed Hat Enterprise Linux 8.6 for SAP HANA (amd64) | ibm-redhat-8-6-amd64-sap-hana-6 | DB\nRed Hat Enterprise Linux 8.6 for SAP Applications (amd64) | ibm-redhat-8-6-amd64-sap-applications-6 | APP\nSUSE Linux Enterprise Server 15 SP4 for SAP HANA | ibm-sles-15-4-amd64-sap-hana-7 | DB\nSUSE Linux Enterprise Server 15 SP4 for SAP Applications | ibm-sles-15-4-amd64-sap-applications-8 | APP\n\n## 2.1 Executing the deployment of **Three Tiers SAP S/4HANA Stack** in GUI (Schematics)\n\nThe solution is based on Terraform remote-exec and Ansible playbooks executed by Schematics\n### Input parameters\n\nThe following parameters that can be set in the Schematics workspace are described in [General input variables Section](#15-general-input-variables) section.\n\nBeside [General input variables Section](#15-general-input-variables), the below ones, in IBM Schematics have specific description and GUI input options:\n\n**Server input parameters:**\n\nParameter | Description\n----------|------------\nPRIVATE_SSH_KEY | id_rsa private SSH key content in OpenSSH format (Sensitive* value). This private SSH key should be used only during the terraform provisioning and it is recommended to be changed after the SAP deployment.\nID_RSA_FILE_PATH | The file path for the private ssh key. It will be automatically generated. If it is changed, it must contain the relative path from git repo folders. Example: ansible/id_rsa_s4hana_dst\n\n**SAP and HANA Passwords**  \nThe passwords for the SAP and HANA systems will be hidden during the schematics apply step and will not be available after the deployment.\n\n### Steps to follow\n\n1.  Make sure that you have the [required IBM Cloud IAM\n    permissions](https://cloud.ibm.com/docs/vpc?topic=vpc-managing-user-permissions-for-vpc-resources) to\n    create and work with VPC infrastructure and you are [assigned the\n    correct\n    permissions](https://cloud.ibm.com/docs/schematics?topic=schematics-access) to\n    create the workspace in Schematics and deploy resources.\n2.  [Generate an SSH\n    key](https://cloud.ibm.com/docs/vpc?topic=vpc-ssh-keys).\n    The SSH key is required to access the provisioned VPC virtual server\n    instances via the bastion host. After you have created your SSH key,\n    make sure to [upload this SSH key to your IBM Cloud\n    account](https://cloud.ibm.com/docs/vpc-on-classic-vsi?topic=vpc-on-classic-vsi-managing-ssh-keys#managing-ssh-keys-with-ibm-cloud-console) in\n    the VPC region and resource group where you want to deploy the SAP solution\n3.  Create the Schematics workspace:\n    1.  From the IBM Cloud menu\n    select [Schematics](https://cloud.ibm.com/schematics/overview).\n        - Push the `Create workspace` button.\n        - Provide the URL of the Github repository of this solution\n        - Select the latest Terraform version.\n        - Click on `Next` button\n        - Provide a name, the resources group and location for your workspace\n        - Push `Next` button\n        - Review the provided information and then push `Create` button to create your workspace\n    2.  On the workspace **Settings** page, \n        - In the **Input variables** section, review the default values for the input variables and provide alternatives if desired.\n        - Click **Save changes**.\n4.  From the workspace **Settings** page, click **Generate plan** \n5.  From the workspace **Jobs** page, the logs of your Terraform\n    execution plan can be reviewed.\n6.  Apply your Terraform template by clicking **Apply plan**.\n7.  Review the logs to ensure that no errors occurred during the\n    provisioning, modification, or deletion process.\n\n    In the output of the Schematics `Apply Plan` the private IP address of the Servers, the hostname of the servers, the VPC and the Activity Tracker instance name will be displayed.\n\n## 2.2 Executing the deployment of **Three Tiers SAP S4HANA Stack** in CLI\n\n### IBM Cloud API Key\nFor the script configuration add your IBM Cloud API Key in terraform planning phase command 'terraform plan --out plan1'.\n \n### Input parameter file\nThe solution is configured by editing the variable values in the file `input.auto.tfvars`. See the example below:\n\n**Server input parameters**\n\n```shell\n##########################################################\n# General VPC variables:\n######################################################\n\nREGION = \"eu-de\"\n# Region for the server. Supported regions: https://cloud.ibm.com/docs/containers?topic=containers-regions-and-zones#zones-vpc\n# Example: REGION = \"eu-de\"\n\nZONE = \"eu-de-1\"\n# Availability zone for the server. Supported zones: https://cloud.ibm.com/docs/containers?topic=containers-regions-and-zones#zones-vpc\n# Example: ZONE = \"eu-de-1\"\n\nVPC = \"ic4sap\"\n# EXISTING VPC, previously created by the user in the same region as the server. The list of available VPCs: https://cloud.ibm.com/vpc-ext/network/vpcs\n# Example: VPC = \"ic4sap\"\n\nSECURITY_GROUP = \"ic4sap-securitygroup\"\n# EXISTING Security group, previously created by the user in the same VPC. The list of available Security Groups: https://cloud.ibm.com/vpc-ext/network/securityGroups\n# Example: SECURITY_GROUP = \"ic4sap-securitygroup\"\n\nRESOURCE_GROUP = \"wes-automation\"\n# EXISTING Resource group, previously created by the user. The list of available Resource Groups: https://cloud.ibm.com/account/resource-groups\n# Example: RESOURCE_GROUP = \"wes-automation\"\n\nSUBNET = \"ic4sap-subnet\"\n# EXISTING Subnet in the same region and zone as the server, previously created by the user. The list of available Subnets: https://cloud.ibm.com/vpc-ext/network/subnets\n# Example: SUBNET = \"ic4sap-subnet\"\n\nSSH_KEYS = [\"r010-8f72b994-c17f-4500-af8f-d05680374t3c\", \"r011-8f72v884-c17f-4500-af8f-d05900374t3c\"]\n# List of SSH Keys UUIDs that are allowed to SSH as root to the server. The SSH Keys should be created for the same region as the server. The list of available SSH Keys UUIDs: https://cloud.ibm.com/vpc-ext/compute/sshKeys\n# Example: SSH_KEYS = [\"r010-8f72b994-c17f-4500-af8f-d05680374t3c\", \"r011-8f72v884-c17f-4500-af8f-d05900374t3c\"]\n\nID_RSA_FILE_PATH = \"ansible/id_rsa\"\n# The id_rsa private key file path in OpenSSH format with 0600 permissions.\n# This private key is used only during the terraform provisioning and it is recommended to be changed after the SAP deployment.\n# It must contain the relative or absoute path from your Bastion.\n# Examples: \"ansible/id_rsa_s4hana_dst\" , \"~/.ssh/id_rsa_s4hana_dst\" , \"/root/.ssh/id_rsa\".\n\n##########################################################\n# SAP HANA Server variables\n##########################################################\n\nHANA_SERVER_TYPE = \"virtual\"\n# The type of SAP HANA Server. Allowed vales: \"virtual\" or \"bare metal\"\n# Example: HANA_SERVER_TYPE = \"bare metal\"\n\n##########################################################\n# DB server variables:\n##########################################################\n\nDB_HOSTNAME = \"ic4sapdb\"\n# The Hostname for the DB server. The hostname should be up to 13 characters, as required by SAP\n# Example: DB_HOSTNAME = \"ic4sapdb\"\n\nDB_PROFILE = \"mx2-16x128\"\n# The profile used for SAP HANA Server. \n# The list of certified profiles for SAP HANA Virtual Servers is available here: https://cloud.ibm.com/docs/sap?topic=sap-hana-iaas-offerings-profiles-intel-vs-vpc\n# The list of certified profiles for SAP HANA Bare Metal Servers is available here: https://cloud.ibm.com/docs/sap?topic=sap-hana-iaas-offerings-profiles-intel-bm-vpc. \n# Details about all x86 instance profiles are available here: https://cloud.ibm.com/docs/vpc?topic=vpc-profiles.\n# Example of Virtual Server Instance profile for SAP HANA: DB_PROFILE =\"mx2-16x128\". \n# Example of Bare Metal profile for SAP HANA: DB_PROFILE = \"bx2d-metal-96x384\". \n# For more information about supported DB/OS and IBM VPC, check SAP Note 2927211: \"SAP Applications on IBM Virtual Private Cloud\".\n\nDB_IMAGE = \"ibm-redhat-8-6-amd64-sap-hana-6\"\n# OS image for DB server. Validated OS images for DB serverss: ibm-redhat-8-6-amd64-sap-hana-6, ibm-redhat-8-4-amd64-sap-hana-10, ibm-sles-15-4-amd64-sap-hana-7, ibm-sles-15-3-amd64-sap-hana-10.\n# The list of available VPC Operating Systems supported by SAP: SAP note '2927211 - SAP Applications on IBM Virtual Private Cloud (VPC) Infrastructure environment' https://launchpad.support.sap.com/#/notes/2927211; The list of all available OS images: https://cloud.ibm.com/docs/vpc?topic=vpc-about-images\n# Example: DB_IMAGE = \"ibm-sles-15-4-amd64-sap-hana-7\"\n\n##########################################################\n# SAP APP VSI variables:\n##########################################################\n\nAPP_HOSTNAME = \"ic4sapapp\"\n# The Hostname for the SAP APP VSI. The hostname should be up to 13 characters, as required by SAP\n# Example: APP_HOSTNAME = \"ic4sapapp\"\n\nAPP_PROFILE = \"bx2-4x16\"\n# The APP VSI profile. Supported profiles: bx2-4x16. The list of available profiles: https://cloud.ibm.com/docs/vpc?topic=vpc-profiles\u0026interface=ui\n\nAPP_IMAGE = \"ibm-redhat-8-6-amd64-sap-applications-6\"\n# OS image for SAP APP VSI. Validated OS images for APP VSIs: ibm-redhat-8-6-amd64-sap-applications-6, ibm-redhat-8-4-amd64-sap-applications-10, ibm-sles-15-4-amd64-sap-applications-8, ibm-sles-15-3-amd64-sap-applications-11. \n# The list of available VPC Operating Systems supported by SAP: SAP note '2927211 - SAP Applications on IBM Virtual Private Cloud (VPC) Infrastructure environment' https://launchpad.support.sap.com/#/notes/2927211; The list of all available OS images: https://cloud.ibm.com/docs/vpc?topic=vpc-about-images\n# Example: APP-IMAGE = \"ibm-sles-15-4-amd64-sap-applications-8\"\n```\n\nEdit your SAP system configuration variables that will be passed to the ansible automated deployment:\n\n```shell\n##########################################################\n# S/4HANA version\n##########################################################\n\nS4HANA_VERSION = \"2023\"\n# The version of S/4HANA. The version can take one of the following values: 2020, 2021, 2022, 2023.\n# Example: S4HANA_VERSION = \"2022\"\n\n##########################################################\n# SAP HANA configuration\n##########################################################\n\nHANA_SID = \"HDB\"\n# SAP HANA system ID. Should follow the SAP rules for SID naming.\n# Example: HANA_SID = \"HDB\"\n\nHANA_SYSNO = \"00\"\n# SAP HANA instance number. Should follow the SAP rules for instance number naming.\n# Example: HANA_SYSNO = \"01\"\n\nHANA_TENANT = \"HDB\"\n# SAP HANA tenant name\n# Example:HANA_TENANT = \"HDB_TEN1\"\n\nHANA_SYSTEM_USAGE = \"custom\"\n# System usage. Default: custom. Suported values: production, test, development, custom\n# Example: HANA_SYSTEM_USAGE = \"custom\"\n\nHANA_COMPONENTS = \"server\"\n# SAP HANA Components. Default: server. Supported values: all, client, es, ets, lcapps, server, smartda, streaming, rdsync, xs, studio, afl, sca, sop, eml, rme, rtl, trp\n# Example: HANA_COMPONENTS = \"server\"\n\nKIT_SAPHANA_FILE = \"/storage/HANADB/SP07/Rev73/51057281.ZIP\"\n# SAP HANA Installation kit path\n# Example for Red Hat 8 or Suse 15: KIT_SAPHANA_FILE = \"/storage/HANADB/SP07/Rev73/51057281.ZIP\"\n\n##########################################################\n# SAP system configuration\n##########################################################\n\nSAP_SID = \"S4A\"\n# SAP System ID\n\nSAP_ASCS_INSTANCE_NUMBER = \"01\"\n# The central ABAP service instance number. Should follow the SAP rules for instance number naming.\n# Example: SAP_ASCS_INSTANCE_NUMBER = \"01\"\n\nSAP_CI_INSTANCE_NUMBER = \"06\"\n# The SAP central instance number. Should follow the SAP rules for instance number naming.\n# Example: SAP_CI_INSTANCE_NUMBER = \"06\"\n\nHDB_CONCURRENT_JOBS = \"23\"\n# Number of concurrent jobs used to load and/or extract archives to HANA Host\n\n##########################################################\n# SAP S/4HANA APP Kit Paths\n##########################################################\n\nKIT_SAPCAR_FILE = \"/storage/S4HANA/SAPCAR_1010-70006178.EXE\"\nKIT_SWPM_FILE = \"/storage/S4HANA/SWPM20SP17_0-80003424.SAR\"\nKIT_SAPEXE_FILE = \"/storage/S4HANA/KERNEL/793/SAPEXE_60-70007807.SAR\"\nKIT_SAPEXEDB_FILE = \"/storage/S4HANA/KERNEL/793/SAPEXEDB_60-70007806.SAR\"\nKIT_IGSEXE_FILE = \"/storage/S4HANA/KERNEL/793/igsexe_4-70005417.sar\"\nKIT_IGSHELPER_FILE = \"/storage/S4HANA/igshelper_17-10010245.sar\"\nKIT_SAPHOSTAGENT_FILE = \"/storage/S4HANA/SAPHOSTAGENT61_61-80004822.SAR\"\nKIT_HDBCLIENT_FILE = \"/storage/S4HANA/IMDB_CLIENT20_018_27-80002082.SAR\"\nKIT_S4HANA_EXPORT = \"/storage/S4HANA/2023\"\n```\n\n## Steps to reproduce\n\nFor initializing terraform:\n\n```shell\nterraform init\n```\n\nFor planning phase:\n\n```shell\nterraform plan --out plan1\n# you will be asked for the following sensitive variables: \n'IBMCLOUD_API_KEY', 'SAP_MAIN_PASSWORD' and 'HANA_MAIN_PASSWORD'.\n```\n\n\nFor apply phase:\n\n```shell\nterraform apply \"plan1\"\n```\n\nFor destroy:\n\n```shell\nterraform destroy\n# you will be asked for the following sensitive variables as a destroy confirmation phase:\n'IBMCLOUD_API_KEY', 'SAP_MAIN_PASSWORD' and 'HANA_MAIN_PASSWORD'.\n```\n\n### 3.1 Related links\n\n- [How to create a BASTION/STORAGE VSI for SAP in IBM Schematics](https://github.com/IBM-Cloud/sap-bastion-setup)\n- [Securely Access Remote Instances with a Bastion Host](https://www.ibm.com/cloud/blog/tutorial-securely-access-remote-instances-with-a-bastion-host)\n- [VPNs for VPC overview: Site-to-site gateways and Client-to-site servers.](https://cloud.ibm.com/docs/vpc?topic=vpc-vpn-overview)\n- [IBM Cloud Schematics](https://www.ibm.com/cloud/schematics)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fibm-cloud%2Fsap-s4hana","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fibm-cloud%2Fsap-s4hana","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fibm-cloud%2Fsap-s4hana/lists"}