Main
Development
Information
Community
Social media
Other
  1. Manuals
  2. Leap-16.0
  3. SAPHanaSR-angi
  4. susHanaSR.py(7)

Scroll to navigation

susHanaSR.py(7) SAPHanaSR susHanaSR.py(7)

NAME

susHanaSR.py - Provider for SAP HANA srHook method srConnectionChanged().

DESCRIPTION

susHanaSR.py can be used to provide a script for the SAP HANA srHook method srConnectionChanged().

The SAP HANA nameserver provides a Python-based API ("HA/DR providers"), which is called at important points of the host auto-failover and system replication takeover process. These so called hooks can be used for arbitrary operations that need to be executed. The method srConnectionChanged() is called on the master nameserver as soon as one of the replicating services loses or establishes the system replication connection. This method is called only once.

susHanaSR.py updates the cluster attribute srHook at changes of the HANA system replication status. Thus this attribute is more reliable than the attribute sync_state which is polled by RA monitors.

This hook script needs to be configured and activated on all HANA nodes.

SUPPORTED PARAMETERS

* The "HA/DR providers" API accepts the following parameters for the ha_dr_provider_sushanasr section:

[ha_dr_provider_sushanasr]
Mandatory. Must not be changed.
Mandatory. Please change only if requested.
Mandatory. Order might depend on other hook scripts.

* The "HA/DR providers" API accepts the following parameter for the trace section:

[trace]
Optional. Will be added automatically if not set.

* The he SAPHanaController RA recognize the effecting system replication status via attributes in the CIB´s SAPHanaSR properties section. The SAP System Indentifier (sid) is given in lower case:

RETURN CODES

0 Successful program execution.
>0 Usage, syntax or execution errors.

EXAMPLES

* Example for entry in sudo permissions /etc/sudoers.d/SAPHanaSR

# SAPHanaSR needs for srHook
ha1adm ALL=(ALL) NOPASSWD: /usr/sbin/crm_attribute -n hana_ha1_site_srHook_*

* Example for looking up the sudo permission for the srHook script.
All related files (/etc/sudoers and /etc/sudoers.d/*) are scanned. Example SID is HA1.

# sudo -U ha1adm -l | grep "NOPASSWD.*crm_attribute.*hana_ha1"

* Example for checking HANA´s python version.
This might be done before installing HADR provider hook scripts. SID is HA1.

# su - ha1adm -c "python --version"

* Example for entry in SAP HANA global configuration /hana/shared/$SID/global/hdb/custom/config/global.ini
This file is needed at both sites. The HANA has to be stopped before the files can be edited.

[ha_dr_provider_sushanasr]
provider = susHanaSR
path = /usr/share/SAPHanaSR-angi
execution_order = 1
[trace]
ha_dr_sushanasr = info

* Example for entry in SAP HANA 2.0 global configuration /hana/shared/$SID/global/hdb/custom/config/global.ini to enable multi-target aware third site.
This entry is needed to allow ocf_suse_SAPHanaController(7) parameter AUTOMATED_REGISTER=true in multi-target environments. The HANA has to be stopped before the files can be edited. Do not copy the file between nodes. Please check SAP HANA documentation for details.

[system_replication]
...
register_secondaries_on_takeover = true
...

* Example for entry in SAP HANA 2.0 nameserver configuration /hana/shared/$SID/global/hdb/custom/config/nameserver.ini for two-node scale-out HANA without standby nodes.
This entry is needed at both sites that are managed by the Linux cluster. The HANA has to be stopped before the files can be edited. Do not copy the file between nodes. It might be necessary to un-register and re-register the secondary to make the change effective on the secondary site. Please check SAP HANA documentation for details. In this example the master node is suse11, the worker is suse12, the instance number is 00. See also SAPHanaSR-ScaleOut_basic_cluster(7).

[landscape]
...
master = suse11:31001
worker = suse11 suse12
active_master = suse11:31001
roles_suse11 = worker
roles_suse12 = worker
...

* Example for checking the system log for srHook setting HANA system replication status in the CIB properties section.
To be executed on respective HANA primary site's master nameserver.

# grep "sudo.*crm_attribute.*srHook" /var/log/messages

* Example for checking the HANA tracefiles for srConnectionChanged() events.
To be executed on respective HANA primary site's master nameserver.

# su - sleadm
~> cdtrace
~> grep susHanaSR.srConnectionChanged.*called nameserver_*.trc
~> grep susHanaSR.*crm_attribute nameserver_*.trc
# exit

* Example for checking the HANA tracefiles for when the hook script has been loaded.
To be executed on both sites' master nameservers.

# su - sleadm
~> cdtrace
~> grep HADR.*load.*susHanaS nameserver_*.trc

* Example for comparing Linux cluster srHook attribute with current HANA SR state.
SID is HA1. To be executed on current HANA primary site.

# SAPHanaSR-showAttr | grep -A4 srHook
# su - ha1adm -c "HDBSettings.sh systemReplicationStatus.py"

* Potentially dangerous example for manually changing Linux cluster srHook attribute according to current HANA SR state.
This might be desired if the HANA SR state has changed while the Linux cluster was completely down. SID is ICE, site is BERG, current HANA SR state is SFAIL.
Note: Understand the impact before trying.

# su - iceadm -c "HDBSettings.sh systemReplicationStatus.py"
# cs_clusterstate -i
# crm_attribute -n hana_ice_site_srHook_BERG -v SFAIL -t crm_config -s SAPHanaSR
# SAPHanaSR-showAttr

* Example for removing orphaned global srHook attribute.
This might be done after upgrading from old-style srHook, to avoid confusion caused by different HANA HADR provider API versions. SID is HA1.

# SAPHanaSR-showAttr
# crm configure show SAPHanaSR
# cs_clusterstate -i
# crm_attribute --delete -t crm_config --name hana_ha1_glob_srHook
# crm configure show SAPHanaSR
# SAPHanaSR-showAttr

* Example for temporarily blocking HANA system replication.
This could be done for testing the HA/DR provider hook script integration. Blocking the HANA system replication is dangerous. This test should not be done on production systems. Instance number is 00, the resulting network ports are depending on the HANA setup. Please refer to SAP HANA documentation. See also manual page iptables(8).
Note: Understand the impact before trying.

1. Check HANA and Linux cluster for clean idle state.

2. On secondary, check for used network ports.

# ss -tulpan | grep hdb.*server | grep -v 127.0.0.1 |\
grep -v "\*" | awk '{print $6}' | awk -F: '{print $2}'

3. On secondary, block HANA system replication, example ports are 4000[123].

# iptables -I INPUT -p tcp -m multiport --ports 40001,40002,40003 -j ACCEPT
Note: The ACCEPT needs to be replaced by appropriate action.

4. Check the nameserver tracefile for srConnectionChanged() events, check the system log for crm_attribute calls, check the Linux cluster attributes for srHook status.

5. On secondary, unblock HANA system replication.

# iptables -D INPUT -p tcp -m multiport --ports 40001,40002,40003 -j DROP

6. Check the nameserver tracefile for srConnectionChanged() events, check the system log for crm_attribute calls, check the Linux cluster attributes for srHook status.

7. Check HANA and Linux cluster for clean idle state.

FILES

/usr/share/SAPHanaSR-angi/susHanaSR.py
the hook provider, delivered with the RPM
/hana/shared/$SID/global/hdb/custom/config/global.ini
the on-disk representation of HANA global system configuration
/hana/shared/$SID/global/hdb/custom/config/nameserver.ini
the on-disk representation of HANA nameserver configuration
/etc/sudoers , /etc/sudoers.d/*
the sudo permissions configuration
/usr/sap/$SID/HDB$nr/$HOST/trace
path to HANA tracefiles
/usr/sap/$SID/HDB$nr/.crm_attribute.$SITE
the internal cache for srHook status changes while Linux cluster is down, file is owned and read/write by ${sid}adm and must never be touched

REQUIREMENTS

1. SAP HANA 2.0 SPS05 rev.059.04 or later provides Python 3 as well as the HA/DR provider hook method srConnectionChanged() with multi-target aware parameters. The Python 3 and multi-target aware parameters are needed for the SAPHanaSR-angi package.

2. No other HADR provider hook script should be configured for the srConnectionChanged() method. Hook scripts for other methods, provided in SAPHanaSR-angi, can be used in parallel to susHanaSR.py, if not documented contradictingly.

3. The user ${sid}adm needs execution permission as user root for the command crm_attribute.

4. The user ${sid}adm needs ownership and read/write permission on the internal cache file /usr/sap/$SID/HDB$nr/.crm_attribute.$SITE and its parent directory.

5. The hook provider needs to be added to the HANA global configuration, in memory and on disk (in persistence).

6. The srHook script runtime almost completely depends on call-outs to OS and Linux cluster.

BUGS

In case of any problem, please use your favourite SAP support process to open a request for the component BC-OP-LNX-SUSE. Please report any other feedback and suggestions to feedback@suse.com.

SEE ALSO

SAPHanaSR-angi(7) , ocf_suse_SAPHanaTopology(7) , ocf_suse_SAPHanaController(7) , ocf_heartbeat_IPaddr2(7) , susCostOpt.py(7) , susTkOver.py(7) , susChkSrv.py (7) , SAPHanaSR-monitor(8) , SAPHanaSR-showAttr(8) , SAPHanaSR-manageProvider(8) , SAPHanaSR-hookHelper(8) , crm_attribute(8) , sudo(8) , sudoers(5), python(8) , iptables(8) , ss(8) ,
https://help.sap.com/docs/SAP_HANA_PLATFORM?locale=en-US
https://help.sap.com/docs/SAP_HANA_PLATFORM/6b94445c94ae495c83a19646e7c3fd56/5df2e766549a405e95de4c5d7f2efc2d.html?locale=en-US

AUTHORS

A.Briel, F.Herschel, L.Pinne.

COPYRIGHT

(c) 2015-2017 SUSE Linux GmbH, Germany.
(c) 2018-2024 SUSE LLC
susHanaSR.py comes with ABSOLUTELY NO WARRANTY.
For details see the GNU General Public License at http://www.gnu.org/licenses/gpl.html

24 Sep 2024