Get started with manual deployment
Along with automated deployment, you can also do manual deployment of the SAP on Azure Deployment Automation Framework. Use this example configuration and sample parameter files to get started.
Tip
This guide covers only how to perform a manual deployment. If you want to get started quickly, see the automated deployment guide instead.
These steps reference and use the default naming convention for the automation framework. Example values are also used for naming throughout the code. For example, the deployer name is DEMO-EUS2-DEP00-INFRASTRUCTURE. In this example, the environment is a demo (DEMO), the region is East US 2 (EUS2), and the deployer virtual network is DEP00.
Prerequisites
- An Azure subscription. If you don't have an Azure subscription, you can create a free account.
- An Azure account with privileges to create a service principal.
- A download of the SAP software in your Azure environment.
Deployer setup
Before you begin, check you're in the correct Azure subscription. Then, set up your deployer:
- Download and install Terraform.
- Clone and configure the automation framework repository on the deployer.
- Initialize Terraform
- Get your SSH keys for use in the rest of your deployment.
Check Azure subscription
Verify that you're using the appropriate Azure subscription:
Sign in to the Azure portal.
Check that you're in the subscription you want to use:
az account list --output=table | grep -i trueIf necessary, change the active subscription to the subscription you want to use.
Download Terraform
Download Terraform to your environment:
Create and navigate to a new directory,
bin.mkdir -p ~/bin; cd $_Retrieve the appropriate Terraform binary. For example:
wget https://releases.hashicorp.com/terraform/0.14.7/terraform_0.14.7_linux_amd64.zipUnzip the Terraform binary. For example:
unzip terraform_0.14.7_linux_amd64.zipVerify your Terraform download:
hash terraformCreate a directory for your SAP automated deployment.
mkdir -p ~/Azure_SAP_Automated_Deployment; cd $_
Set up repository
Clone and configure the automation framework repository.
Clone the repository from GitHub:
git clone https://github.com/Azure/sap-automation.gitNavigate to the
sap-automationfolder.cd ~/Azure_SAP_Automated_Deployment/sap-automationOptionally, check out a different branch than the main branch. The main branch for the repository is the default.
Replace
<branch>with the branch name or commit hash you want to use.git checkout <branch>Check that your branch is at the expected revision.
git rev-parse HEAD
Initialize Terraform
Create a working directory. The directory name must observe the default naming convention. For example:
mkdir -p ~/Azure_SAP_Automated_Deployment/WORKSPACES/DEPLOYER/DEMO-EUS2-DEP00-INFRASTRUCTURE; cd $_Create the JSON parameter file.
cat <<EOF > DEMO-EUS2-DEP00-INFRASTRUCTURE.json { "infrastructure": { "environment" : "DEMO", "region" : "eastus2", "vnets": { "management": { "name" : "DEP00", "address_space" : "10.0.0.0/25", "subnet_mgmt": { "prefix" : "10.0.0.64/28" }, "subnet_fw": { "prefix" : "10.0.0.0/26" } } } }, "options": { "enable_deployer_public_ip" : true }, "firewall_deployment" : true } EOFInitialize Terraform.
terraform init ../../../sap-automation/deploy/terraform/bootstrap/sap_deployer/Create a Terraform execution plan that follows the default naming convention.
terraform plan \ --var-file=DEMO-EUS2-DEP00-INFRASTRUCTURE.json \ ../../../sap-automation/deploy/terraform/bootstrap/sap_deployer/Apply your Terraform execution plan to deploy the resources.
terraform apply --auto-approve \ --var-file=DEMO-EUS2-DEP00-INFRASTRUCTURE.json \ ../../../sap-automation/deploy/terraform/bootstrap/sap_deployer/Note the output.
Get SSH keys
Using the output from the Terraform deployment, note the values for the following fields.
Public IP address:
deployer_public_ip_address.Key vault's username:
deployer_kv_user_name.Private key vault's name:
deployer_kv_prvt_name.Public key's name:
deployer_public_key_secret_name.Private key's name:
deployer_private_key_secret_name.
Run the post-processing script.
./post_deployment.shExtract the private SSH key:
az keyvault secret show \ --vault-name DEMOEUS2DEP00userE27 \ --name DEMO-EUS2-DEP00-sshkey | \ jq -r .value > sshkeyExtract the public SSH key:
az keyvault secret show \ --vault-name DEMOEUS2DEP00userF6A \ --name DEMO-EUS2-DEP00-sshkey-pub | \ jq -r .value > sshkey.pubDownload the private and public key pair. In the Cloud Shell menu, select Upload/Download files > Download.
Service principal configuration
The deployer uses a service principal to deploy resources into a subscription.
Sign in to the Azure CLI.
az loginCreate a service principal. Be sure to replace
<subscription-id>with your Azure subscription identifier. Also replace<sp-name>with a name for your service principal.az ad sp create-for-rbac --role="Contributor" --scopes="/subscriptions/<subscription-id>" --name="<sp-name>"Note the output, which contains information about the service principal. Copy down the values of the following fields:
Application identifier:
appId.Password:
password.Tenant identifier:
tenant.
Create a role assignment for the service principal. Make sure to replace
<appId>with the application identifier you noted in the previous step.az role assignment create --assignee <appId> --role "User Access Administrator" --scope /subscriptions/<subscription-id>/resourceGroups/<resource-group-name>Add keys for the service principal to the key vault as follows. Be sure to replace the placeholder values with the information you noted in previous steps. Replace
<environment>with the name of your environment, such asDEMO.az keyvault secret set --name "<environment>-subscription-id" --vault-name "<deployer_kv_user_name>" --value "<subscription-id>"; az keyvault secret set --name "<environment>-tenant-id" --vault-name "<deployer_kv_user_name>" --value "<tenant>"; az keyvault secret set --name "<environment>-client-id" --vault-name "<deployer_kv_user_name>" --value "<appId>"; az keyvault secret set --name "<environment>-client-secret" --vault-name "<deployer_kv_user_name>" --value "<password>";
Library configuration
Sign in to the deployer using your SSH client and the SSH keys that you retrieved during the deployer setup. If you're using PuTTY as your SSH client, convert the SSH keys to
.ppkformat before using.Navigate to where you cloned the automation framework repository.
cd ~/Azure_SAP_Automated_Deployment/sap-automationOptionally, check out a different branch than the main branch. The main branch for the repository is the default.
Replace
<branch>with the branch name or commit hash you want to use.git checkout <branch>Check that your branch is at the expected revision.
git rev-parse HEAD
Create a working directory.
mkdir -p ~/Azure_SAP_Automated_Deployment/WORKSPACES/LIBRARY/DEMO-EUS2-SAP_LIBRARY; cd $_Create the JSON configuration file.
cat <<EOF > DEMO-EUS2-SAP_LIBRARY.json { "infrastructure": { "environment" : "DEMO", "region" : "eastus2" }, "deployer": { "environment" : "DEMO", "region" : "eastus2", "vnet" : "DEP00" } } EOFInitialize Terraform.
terraform init ../../../sap-automation/deploy/terraform/bootstrap/sap_library/Create a Terraform execution plan that follows the default naming convention.
terraform plan \ --var-file=DEMO-EUS2-SAP_LIBRARY.json \ ../../../sap-automation/deploy/terraform/bootstrap/sap_libraryApply your Terraform execution plan to deploy the resources.
terraform apply --auto-approve \ --var-file=DEMO-EUS2-SAP_LIBRARY.json \ ../../../sap-automation/deploy/terraform/bootstrap/sap_library/
Reinitialize deployment
Reinitialize both the deployer and the SAP library.
Reinitialize deployer
Stay signed in to your deployer in the SSH client. Or, sign in again.
Navigate to the working directory that you created.
cd ~/Azure_SAP_Automated_Deployment/WORKSPACES/LOCAL/DEMO-EUS2-DEP00-INFRASTRUCTURECreate another parameter file called
backend. Again, follow the default naming conventions. Forresource_group_name, use the name of the resource group where the storage account with your Terraform state files (.tfstate) is located. Forstorage_account_name, replace<tfstate_storage_account_name>with the name of the storage account from the SAP Library deployment for.tfstatefiles. Forkey, combine the deployer's resource group name with the extension.terraform.tfstate. For example:cat <<EOF > backend resource_group_name = "DEMO-EUS2-SAP_LIBRARY" storage_account_name = "<tfstate_storage_account_name>" container_name = "tfstate" key = "DEMO-EUS2-DEP00-INFRASTRUCTURE.terraform.tfstate" EOFInitialize Terraform again.
terraform init --backend-config backend \ ../../../sap-automation/deploy/terraform/run/sap_deployer/When prompted Do you want to copy existing state to the new backend?, enter
yes.Remove the local state file.
rm terraform.tfstate*Create a Terraform execution plan. Again, follow the default naming conventions. For example:
terraform plan \ --var-file=DEMO-EUS2-DEP00-INFRASTRUCTURE.json \ ../../../sap-automation/deploy/terraform/run/sap_deployer/Apply the Terraform execution plan. For example:
terraform apply --auto-approve \ --var-file=DEMO-EUS2-DEP00-INFRASTRUCTURE.json \ ../../../sap-automation/deploy/terraform/run/sap_deployer/
Reinitialize SAP Library
Stay signed in to your deployer in the SSH client. Or, sign in again.
Navigate to the working directory that you created.
cd ~/Azure_SAP_Automated_Deployment/WORKSPACES/LIBRARY/DEMO-EUS2-SAP_LIBRARYCreate another parameter file called
backend. Again, follow the default naming conventions. Forresource_group_name, use the name of the resource group where the storage account with your Terraform state files (.tfstate) is located. Forstorage_account_name, replace<tfstate_storage_account_name>with the name of the storage account from the SAP Library deployment for.tfstatefiles. Forkey, combine the deployer's resource group name with the extension.terraform.tfstate. For example:cat <<EOF > backend resource_group_name = "DEMO-EUS2-SAP_LIBRARY" storage_account_name = "<tfstate_storage_account_name>" container_name = "tfstate" key = "DEMO-EUS2-SAP_LIBRARY.terraform.tfstate" EOFAdd a new key-value pair immediately after the opening bracket (
{) of the parameter filebackend. Fortfstate_resource_id, use the resource identifier for the Terraform state file storage account. Fordeployer_tfstate_key, use the key name for the deployer state file. For example:{ "tfstate_resource_id" : "<identifier>", "deployer_tfstate_key" : "<key>", "infrastructure": { ... }Initialize Terraform again.
terraform init --backend-config backend \ ../../../sap-automation/deploy/terraform/run/sap_library/When prompted Do you want to copy existing state to the new backend?, enter
yes.Remove the local state file.
rm terraform.tfstate*Create a Terraform execution plan. Again, follow the default naming conventions. For example:
terraform plan \ --var-file=DEMO-EUS2-SAP_LIBRARY.json \ ../../../sap-automation/deploy/terraform/run/sap_library/Apply the Terraform execution plan. For example:
terraform apply --auto-approve \ --var-file=DEMO-EUS2-SAP_LIBRARY.json \ ../../../sap-automation/deploy/terraform/run/sap_library/
Deploy workload virtual network
Next, deploy the SAP workload virtual network.
Stay signed in to your deployer in the SSH client. Or, sign in again.
Create a working directory. Follow the default naming conventions.
mkdir -p ~/Azure_SAP_Automated_Deployment/WORKSPACES/LANDSCAPE/DEMO-EUS2-SAP00-INFRASTRUCTURE; cd $_Create a parameter file called
backend. Forresource_group_name, use the name of the resource group where the storage account with your Terraform state files (.tfstate) is located. Forstorage_account_name, replace<tfstate_storage_account_name>with the name of the storage account from the SAP Library deployment for.tfstatefiles. Forkey, combine the deployer's resource group name with the extension.terraform.tfstate. For example:cat <<EOF > backend resource_group_name = "DEMO-EUS2-SAP_LIBRARY" storage_account_name = "<tfstate_storage_account_name>" container_name = "tfstate" key = "DEMO-EUS2-SAP00-INFRASTRUCTURE.terraform.tfstate" EOFInitialize Terraform again.
terraform init --backend-config backend \ ../../../sap-automation/deploy/terraform/run/sap_landscape/Create a Terraform execution plan. Again, follow the default naming conventions. For example:
terraform plan \ --var-file=DEMO-EUS2-SAP00-INFRASTRUCTURE.json \ ../../../sap-automation/deploy/terraform/run/sap_landscape/Apply the Terraform execution plan. For example:
terraform apply --auto-approve \ --var-file=DEMO-EUS2-SAP00-INFRASTRUCTURE.json \ ../../../sap-automation/deploy/terraform/run/sap_landscape/
SAP deployment unit
Next, set up the SAP deployment unit.
Stay signed in to your deployer in the SSH client. Or, sign in again
Create a working directory. Follow the default naming conventions.
mkdir -p ~/Azure_SAP_Automated_Deployment/WORKSPACES/SYSTEM/DEMO-EUS2-SAP00-X00; cd $_Create another parameter file called
backend. Forresource_group_name, use the name of the resource group where the storage account with your Terraform state files (.tfstate) is located. Forstorage_account_name, replace<tfstate_storage_account_name>with the name of the storage account from the SAP Library deployment for.tfstatefiles. Forkey, combine the deployer's resource group name with the extension.terraform.tfstate. For example:cat <<EOF > backend resource_group_name = "DEMO-EUS2-SAP_LIBRARY" storage_account_name = "<tfstate_storage_account_name>" container_name = "tfstate" key = "DEMO-EUS2-SAP00-X00.terraform.tfstate" EOFCreate a JSON parameter file with input parameters as follows. Make sure to replace the sample values with your own.
cat <<EOF > DEMO-EUS2-SAP00-X00.json { "tfstate_resource_id" : "<resource-id>", "deployer_tfstate_key" : "DEMO-EUS2-DEP00-INFRASTRUCTURE.terraform.tfstate", "landscape_tfstate_key" : "DEMO-EUS2-SAP00-INFRASTRUCTURE.terraform.tfstate", "infrastructure": { "environment" : "DEMO", "region" : "eastus2", "vnets": { "sap": { "name" : "SAP00", "subnet_db": { "prefix" : "0.0.0.0/28" }, "subnet_web": { "prefix" : "0.0.0.0/28" }, "subnet_app": { "prefix" : "0.0.0.0/27" }, "subnet_admin": { "prefix" : "0.0.0.0/27" } } } }, "databases": [ { "platform" : "HANA", "high_availability" : false, "size" : "S4Demo", "os": { "publisher" : "SUSE", "offer" : "sles-sap-12-sp5", "sku" : "gen2", "version" : "latest" } } ], "application": { "enable_deployment" : true, "sid" : "X00", "scs_instance_number" : "00", "ers_instance_number" : "10", "scs_high_availability" : false, "application_server_count" : 3, "webdispatcher_count" : 1, "authentication": { "type" : "key", "username" : "azureadm" } } } EOFInitialize Terraform again.
terraform init --backend-config backend \ ../../../sap-automation/deploy/terraform/run/sap_system/Create a Terraform execution plan. Again, follow the default naming conventions. For example:
terraform plan \ --var-file=DEMO-EUS2-SAP00-X00.json \ ../../../sap-automation/deploy/terraform/run/sap_system/Apply the Terraform execution plan. For example:
terraform apply --auto-approve \ --var-file=DEMO-EUS2-SAP00-X00.json \ ../../../sap-automation/deploy/terraform/run/sap_system/
Ansible configuration
Configure your setup by executing Ansible playbooks. These playbooks are located in the automation framework repository in /sap-automation/deploy/ansible.
| Filename | Description |
|---|---|
playbook_01_os_base_config.yaml |
Base operating system (OS) configuration |
playbook_02_os_sap_specific_config.yaml |
SAP-specific OS configuration |
playbook_03_bom_processing.yaml |
SAP Bill of Materials (BOM) processing software download |
playbook_04a_sap_scs_install.yaml |
SAP central services (SCS) installation |
playbook_05a_hana_db_install.yaml |
SAP HANA database installation |
playbook_06a_sap_dbload.yaml |
Database loader |
playbook_06b_sap_pas_install.yaml |
SAP primary application server (PAS) installation |
playbook_06c_sap_app_install.yaml |
SAP application server installation |
playbook_06d_sap_web_install.yaml |
SAP web dispatcher installation |
playbook_06_00_00_pacemaker.yaml |
Pacemaker cluster configuration |
playbook_06_00_01_pacemaker_scs.yaml |
Pacemaker configuration for SCS |
playbook_06_00_03_pacemaker_hana.yaml |
Pacemaker configuration for SAP HANA database |
To execute a playbook or multiple playbooks, use the command ansible-playbook as follows. Be sure to change all placeholder values to your own information:
- Change
<your-sapbits-path>to the path to your storage accountsapbitsfor the SAP Library. - Change
<azure-admin>to your Azure administrator username. - Change
<ssh-key> to the private SSH key you want to use. - Change other values under
--extra-varsas needed for your settings.
If you experience issues, make sure you've downloaded the SAP software to your Azure environment.
export ANSIBLE_HOST_KEY_CHECKING=False
# export OBJC_DISABLE_INITIALIZE_FORK_SAFETY=Yes
# export ANSIBLE_KEEP_REMOTE_FILES=1
ansible-playbook \
--inventory new-hosts.yaml \
--user <azure-admin> \
--private-key <ssh-key> \
--extra-vars="{ \
\"bom_base_name\": \"HANA_2_00_053_v001\", \
\"download_templates\": \"false\", \
\"sapbits_location_base_path\": \"<your-sapbits-path>", \
\"target_media_location\": \"/usr/sap/install\", \
\"sap_sid\": \"X00\", \
\"hdb_sid\": \"HDB\" \
}" \
~/Azure_SAP_Automated_Deployment/sap-automation/deploy/ansible/playbook_00_transition_start_for_sap_install_refactor.yaml \
~/Azure_SAP_Automated_Deployment/sap-automation/deploy/ansible/playbook_01_os_base_config.yaml \
~/Azure_SAP_Automated_Deployment/sap-automation/deploy/ansible/playbook_02_os_sap_specific_config.yaml \
~/Azure_SAP_Automated_Deployment/sap-automation/deploy/ansible/playbook_03_bom_processing.yaml \
~/Azure_SAP_Automated_Deployment/sap-automation/deploy/ansible/playbook_04a_sap_scs_install.yaml \
~/Azure_SAP_Automated_Deployment/sap-automation/deploy/ansible/playbook_05a_hana_db_install.yaml \
~/Azure_SAP_Automated_Deployment/sap-automation/deploy/ansible/playbook_06a_sap_dbload.yaml \
~/Azure_SAP_Automated_Deployment/sap-automation/deploy/ansible/playbook_06b_sap_pas_install.yaml \
~/Azure_SAP_Automated_Deployment/sap-automation/deploy/ansible/playbook_06c_sap_app_install.yaml \
~/Azure_SAP_Automated_Deployment/sap-automation/deploy/ansible/playbook_06d_sap_web_install.yaml
Next steps
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for