Enterprise Scale for SAP on Azure Deployment Automation Framework - Hands-on Lab

This tutorial shows how to do enterprise scaling for deployments using the SAP on Azure Deployment Automation Framework. This example uses Azure Cloud Shell to deploy the control plane infrastructure. The deployer virtual machine (VM) creates the remaining infrastructure and SAP HANA configurations.

You'll perform the following tasks during this lab:

  • Deploy the Control Plane (Deployer Infrastructure & Library)
  • Deploy the Workload Zone (Landscape, System)
  • Download/Upload BOM
  • Configure standard and SAP-specific OS settings
  • Install HANA DB
  • Install SCS server
  • Load HANA DB
  • Install Primary Application Server

There are three main steps of an SAP deployment on Azure with the automation framework.

  1. Preparing the region. This step deploys components to support the SAP automation framework in a specified Azure region. Some parts of this step are:

    1. Creating the deployment environment
    2. Creating shared storage for Terraform state files
    3. Creating shared storage for SAP installation media
  2. Preparing the workload zone. This step deploys the workload zone components, such as the virtual network and key vaults.

  3. Deploying the system. This step includes the infrastructure for the SAP system.

There are several workflows in the deployment automation process. However, this tutorial focuses on one workflow for ease of deployment. You can deploy this workflow, the SAP S4 HANA standalone environment, using Bash. The tutorial describes the general hierarchy and different phases of the deployment.

Environment Overview

The SAP on Azure deployment automation framework has two main components:

  • Deployment infrastructure (control plane)
  • SAP Infrastructure (SAP Workload)

The following diagram shows the dependency between the control plane and the application plane.

DevOps tutorial infrastructure design

The framework uses Terraform for infrastructure deployment, and Ansible for the operating system and application configuration. The following diagram shows the logical separation of the control plane and workload zone.

Diagram showing the SAP on Azure Deployment Automation Framework environment.

Management Zone

The management zone contains the control plane infrastructure from which other environments are deployed. Once the management zone is deployed, you rarely, if ever, need to redeploy.

Diagram Control Plane.

The Deployer is the execution engine of the SAP automation framework. This pre-configured virtual machine (VM) is used for executing Terraform and Ansible commands.

The SAP Library provides the persistent storage for the Terraform state files and the downloaded SAP installation media for the control plane.

You configure the deployer and library in a Terraform .tfvars variable file. See configuring the control plane

Workload Zone

An SAP application typically has multiple deployment tiers. For example, you might have development, quality assurance, and production tiers. The SAP on Azure Deployment Automation Framework refers to these tiers as workload zones.

Workload zone.

The SAP Workload zone contains the networking and shared components for the SAP VMs. These components include route tables, network security groups, and virtual networks (VNets). The Landscape provides the opportunity to divide deployments into different environments. See configuring the workload zone

The system deployment consists of the virtual machines that will be running the SAP application, including the web, app, and database tiers. See configuring the SAP system

Hands-On Lab

Prerequisites

The SAP on Azure Deployment Automation Framework repository is available on GitHub.

You need to deploy Azure Bastion or use an SSH client to connect to the Deployer. Use any SSH client that you feel comfortable with.

Review the Azure Subscription Quota

Ensure that your Microsoft Azure Subscription has a sufficient core quote for DdSV4 & EdsV4 family SKU in the elected region. About 50 cores each available for VM family should suffice.

S-User account for SAP software download

A valid SAP user account (SAP-User or S-User account) with software download privileges is required to download the SAP software.

Set up Cloud Shell

  1. Go to Azure Cloud Shell

  2. Sign in your Azure account.

    az login
    

    Note

    Authenticate your login. Don't close the window until you're prompted.

    Validate that your active subscription and record your subscription ID:

    az account list --query "[?isDefault].{Name: name, CloudName: cloudName, SubscriptionId: id, State: state, IsDefault: isDefault}" --output=table
    

    or

    az account list --output=table | grep True
    
  3. If necessary, change your active subscription.

    az account set --subscription <Subscription ID>
    

    Validate that your active subscription changed:

    az account list --query "[?isDefault].{Name: name, CloudName: cloudName, SubscriptionId: id, State: state, IsDefault: isDefault}" --output=table
    
  4. Optionally remove all the deployment artifacts. Use when you want to remove all remnants of previous deployment artifacts.

    
    cd ~
    
    rm -rf Azure_SAP_Automated_Deployment .sap_deployment_automation .terraform.d
    
  5. Create the deployment folder and clone the repository.

    mkdir -p ~/Azure_SAP_Automated_Deployment
    
    cd ~/Azure_SAP_Automated_Deployment
    
    git clone https://github.com/Azure/sap-automation.git
    
    git clone https://github.com/Azure/sap-automation-samples.git
    
  6. Optionally, validate the versions of Terraform and the Azure CLI available on your instance of the Cloud Shell.

    ./sap-automation/deploy/scripts/helpers/check_workstation.sh
    

    To run the automation framework, update to the following versions.

Create service principal

The SAP automation deployment framework uses service principals for deployment. Create a service principal for your control plane deployment as follows. Make sure to use an account with permissions to create service principals.

Note

When choosing the name for your service principal, ensure that the name is unique within your Azure tenant.

  1. Give the service principal contributor and user access administrator permissions.

    export         subscriptionId="<subscriptionId>"
    export control_plane_env_code="MGMT"
    
    az ad sp create-for-rbac --role="Contributor"           \
      --scopes="/subscriptions/${subscriptionId}"           \
      --name="${control_plane_env_code}-Deployment-Account"
    

    Review the output. For example:

    {
        "appId": "<AppId>",
        "displayName": "<environment>-Deployment-Account ",
        "name": "<AppId>",
        "password": "<AppSecret>",
        "tenant": "<TenantId>"
    }
    
  2. Copy down the output details. Make sure to save the values for the following fields: appId, password, and Tenant.

    The output maps to the following parameters. You use these parameters in later steps, with automation commands.

    Parameter input name Output name
    spn_id appId
    spn_secret password
    tenant_id tenant
  3. Optionally assign the User Access Administrator role to the service principal.

    export appId="<appId>"
    
    az role assignment create --assignee ${appId} \
      --role "User Access Administrator" \
      --scope /subscriptions/${subscriptionId}
    

Note

If you do not assign the User Access Administrator role to the Service Principal you will not be able to assign permissions using the automation.

View configuration files

  1. Open VS Code from Cloud Shell

    cd ~/Azure_SAP_Automated_Deployment/sap-automation-samples/Terraform
    code .
    

    Expand the WORKSPACES directory. There are five subfolders: CONFIGURATION, DEPLOYER, LANDSCAPE, LIBRARY, SYSTEM, and BOMS. Expand each of these folders to find regional deployment configuration files.

    Find the appropriate four-character code that corresponds to the Azure region you're using.

    Region Name Region Code
    Australia East AUEA
    Canada Central CACE
    Central US CEUS
    East US EAUS
    North Europe NOEU
    South Africa North SANO
    Southeast Asia SOEA
    UK South UKSO
    West US 2 WUS2

    Find the Terraform variable files in the appropriate subfolder. For example, the DEPLOYER terraform variable file might look like:

    # The environment value is a mandatory field, it is used for partitioning the environments, for example, PROD and NP.
    environment = "MGMT"
    # The location/region value is a mandatory field, it is used to control where the resources are deployed
    location = "westeurope"
    
    # management_network_address_space is the address space for management virtual network
    management_network_address_space = "10.10.20.0/25"
    # management_subnet_address_prefix is the address prefix for the management subnet
    management_subnet_address_prefix = "10.10.20.64/28"
    
    # management_firewall_subnet_address_prefix is the address prefix for the firewall subnet
    management_firewall_subnet_address_prefix = "10.10.20.0/26"
    firewall_deployment = true
    
    # management_bastion_subnet_address_prefix is the address prefix for the bastion subnet
    management_bastion_subnet_address_prefix = "10.10.20.128/26"
    bastion_deployment = true
    
    
    deployer_enable_public_ip = true
    
    

    Note the Terraform variable file locations for future edits during deployment.

Deploy control plane

Use the deploy_controlplane.sh script to deploy the Deployer and Library. These deployment pieces make up the control plane for a chosen automation area.

  • The deployment goes through cycles of deploying the infrastructure, refreshing the state, and uploading the Terraform state files to the Library storage account. All of these steps are packaged into a single deployment script. The script needs the location of the configuration file for the Deployer and Library, and some other parameters as follows.

For example, choose North Europe as the deployment location, with the four-character name NOEU as previously described. The sample deployer configuration file MGMT-NOEU-DEP00-INFRASTRUCTURE.tfvars is in the ~/Azure_SAP_Automated_Deployment/WORKSPACES/DEPLOYER/MGMT-NOEU-DEP00-INFRASTRUCTURE folder.

The sample SAP Library configuration file MGMT-NOEU-SAP_LIBRARY.tfvars is in the ~/Azure_SAP_Automated_Deployment/WORKSPACES/LIBRARY/MGMT-NOEU-SAP_LIBRARY folder.

  1. Create the Deployer and the SAP Library and add the Service Principal details to the deployment key vault.

    cd ~/Azure_SAP_Automated_Deployment/WORKSPACES
    
    export subscriptionId="<subscriptionId>"
    export         spn_id="<appId>"
    export     spn_secret="<password>"
    export      tenant_id="<tenantId>"
    export       env_code="MGMT"
    export    region_code="<region_code>"
    
    export DEPLOYMENT_REPO_PATH="${HOME}/Azure_SAP_Automated_Deployment/sap-automation"
    export CONFIG_REPO_PATH="${HOME}/Azure_SAP_Automated_Deployment/sap-automation-samples/Terraform/WORKSPACES"
    export SAP_AUTOMATION_REPO_PATH="${HOME}/Azure_SAP_Automated_Deployment/sap-automation"
    export ARM_SUBSCRIPTION_ID="${subscriptionId}"
    
    ${DEPLOYMENT_REPO_PATH}/deploy/scripts/deploy_controlplane.sh                                                                                  \
        --deployer_parameter_file DEPLOYER/${env_code}-${region_code}-DEP00-INFRASTRUCTURE/${env_code}-${region_code}-DEP00-INFRASTRUCTURE.tfvars  \
        --library_parameter_file LIBRARY/${env_code}-${region_code}-SAP_LIBRARY/${env_code}-${region_code}-SAP_LIBRARY.tfvars                      \
        --subscription "${subscriptionId}"                                                                                                         \
        --spn_id "${spn_id}"                                                                                                                       \
        --spn_secret "${spn_secret}"                                                                                                               \
        --tenant_id "${tenant_id}"                                                                                                                 \
        --auto-approve
    

    Note

    If you run into authentication issues, run az logout to log out and clear the token-cache, then run az login to reauthenticate.

    Wait for the automation framework to run the Terraform operations plan, and apply.

    The deployment of the deployer might run for about 15-20 minutes.

    Important

    There will be some values that you need to note for upcoming steps. Please look for this text block in the output.

    #########################################################################################
    #                                                                                       #
    #  Please save these values:                                                            #
    #     - Key Vault: MGMTNOEUDEP00user39B                                                 #
    #     - Deployer IP: x.x.x.x                                                            #
    #     - Storage Account: mgmtnoeutfstate53e                                             #
    #                                                                                       #
    #########################################################################################
    
  2. Go to the Azure portal.

    Select Resource groups. Look for new resource groups for the deployer infrastructure and library. For example, MGMT-[region]-DEP00-INFRASTRUCTURE and MGMT-[region]-SAP_LIBRARY.

    The contents of the Deployer and SAP Library resource group are shown below.

    Deployer resources

    Library resources

    The Terraform state file is now placed in the storage account whose name contains 'tfstate'. The storage account has a container named 'tfstate' with the deployer and library state files. The contents of the 'tfstate' container after a successful control plane deployment can be seen below.

    Control plane tfstate files

Common issues and solutions

  • If you get the following error for the deployer module creation, make sure that you're in the WORKSPACES directory when you run the script:

    Incorrect parameter file.
    The file must contain the environment attribute!!
    
  • The following error is transient. Rerun the same command, prepare_controlplane.sh.

    Error: file provisioner error
    ..
    timeout - last error: dial tcp
    
  • If you have authentication issues directly after running the script prepare_controlplane.sh, run:

    az logout
    
    az login
    

Connect to deployer VM

After the control plane is deployed, the Terraform state is stored using a remote backend, azurerm. All secrets for connecting to the deployer VM are available in a key vault in the deployer's resource group.

Make sure you can connect to your deployer VM:

  1. Sign in to the Azure portal.

  2. Select or search for Key vaults.

  3. On the Key vault page, find the deployer key vault. The name starts with MGMT[REGION]DEP00user. Filter by the Resource group or Location if necessary.

  4. Select Secrets from the Settings section in the left pane.

  5. Find and select the secret containing sshkey. It might look like this: MGMT-[REGION]-DEP00-sshkey

  6. On the secret's page, select the current version. Then, copy the Secret value.

  7. Open a plain text editor. Copy in the secret value.

  8. Save the file where you keep SSH keys. For example, C:\\Users\\<your-username>\\.ssh.

  9. Save the file. If you're prompted to Save as type, select All files if SSH isn't an option. For example, use deployer.ssh.

  10. Connect to the deployer VM through any SSH client such as VSCode. Use the public IP address you noted earlier, and the SSH key you downloaded. For instructions on how to connect to the Deployer using VSCode see Connecting to Deployer using VSCode. If you're using PuTTY, convert the SSH key file first using PuTTYGen.

Note

The default username is azureadm

  • Once connected to the deployer VM, you can now download the SAP software using the Bill of Materials (BOM).

Connect to deployer VM when not using a public IP

For deployments without public IPs connectivity direct connectivity over the internet is not allowed. In these cases you may use either Azure Bastion, a jump box or perform the next step from a computer that has connectivity to the Azure virtual network.

The following example uses Azure Bastion.

Connect to the deployer by following these steps:

  1. Sign in to the Azure portal.

  2. Navigate to the resource group containing the deployer virtual machine.

  3. Connect to the virtual machine using Azure Bastion.

  4. The default username is azureadm

  5. Choose SSH Private Key from Azure Key Vault

  6. Select the subscription containing the control plane.

  7. Select the deployer key vault.

  8. From the list of secrets choose the secret ending with -sshkey.

  9. Connect to the virtual machine.

Run the following script to configure the deployer.

mkdir -p ~/Azure_SAP_Automated_Deployment

cd ~/Azure_SAP_Automated_Deployment

git clone https://github.com/Azure/sap-automation.git

cd sap-automation/deploy/scripts

./configure_deployer.sh

The script will install Terraform and Ansible and configure the deployer.

Important

The rest of the tasks need to be executed on the Deployer

Get SAP software using the Bill of Materials (BOM)

The Automation Framework gives you tools to download software from SAP using the SAP Bill Of Materials (BOM). The software will be downloaded to the SAP library, which acts as the archive for all media required to deploy SAP.

The SAP Bill of Materials (BOM) mimics the SAP maintenance planner. There are relevant product identifiers and a set of download URLs.

A sample extract of a BOM file looks like:


---
name:    'S41909SPS03_v0010'
target:  'S/4 HANA 1909 SPS 03'
version: 7

product_ids:
  dbl:       NW_ABAP_DB:S4HANA1909.CORE.HDB.ABAP
  scs:       NW_ABAP_ASCS:S4HANA1909.CORE.HDB.ABAP
  scs_ha:    NW_ABAP_ASCS:S4HANA1909.CORE.HDB.ABAPHA
  pas:       NW_ABAP_CI:S4HANA1909.CORE.HDB.ABAP
  pas_ha:    NW_ABAP_CI:S4HANA1909.CORE.HDB.ABAPHA
  app:       NW_DI:S4HANA1909.CORE.HDB.PD
  app_ha:    NW_DI:S4HANA1909.CORE.HDB.ABAPHA
  web:       NW_Webdispatcher:NW750.IND.PD
  ers:       NW_ERS:S4HANA1909.CORE.HDB.ABAP
  ers_ha:    NW_ERS:S4HANA1909.CORE.HDB.ABAPHA

materials:
  dependencies:
    - name:     HANA_2_00_055_v0005ms

  media:
    # SAPCAR 7.22
    - name:         SAPCAR
      archive:      SAPCAR_1010-70006178.EXE
      checksum:     dff45f8df953ef09dc560ea2689e53d46a14788d5d184834bb56544d342d7b
      filename:     SAPCAR
      permissions:  '0755'
      url:          https://softwaredownloads.sap.com/file/0020000002208852020

    # Kernel
    - name:         "Kernel Part I ; OS: Linux on x86_64 64bit ; DB: Database independent"

For this example configuration, the resource group is MGMT-NOEU-DEP00-INFRASTRUCTURE. The deployer key vault name would contain MGMTNOEUDEP00user in the name. You use this information to configure your deployer's key vault secrets.

  1. Connect to your deployer VM for the following steps. A copy of the repo is now there.

  2. Add a secret with the username for your SAP user account. Replace <vaultID> with the name of your deployer key vault. Also replace <sap-username> with your SAP username.

    export key_vault=<vaultID>
    sap_username=<sap-username>
    
    az keyvault secret set --name "S-Username" --vault-name $key_vault --value "${sap_username}";
    
  3. Add a secret with the password for your SAP user account. Replace <vaultID> with your deployer key vault name, and <sap-password> with your SAP password.

    Note

    The use of single quotes when setting sap_user_password is important. The use of special characters in the password can otherwise cause unpredictable results!

    sap_user_password='<sap-password>'
    
    az keyvault secret set --name "S-Password" --vault-name "${key_vault}" --value "${sap_user_password}";
    
  4. Check the version number of the S/4 1909 SPS03 BOM for the active version.

    Record the results.

    
    ls -d ${DEPLOYMENT_REPO_PATH}/deploy/ansible/BOM-catalog/S41909SPS03* | xargs basename
    
    
  5. Configure your SAP parameters file for the download process. Then, download the SAP software using Ansible playbooks. Execute the following commands:

    cd ~/Azure_SAP_Automated_Deployment/WORKSPACES
    cp -Rp ../sap-automation/training-materials/WORKSPACES/BOMS .
    cd BOMS
    
    vi sap-parameters.yaml
    
  6. Update the bom_base_name with the name BOM previously identified.

    Your file should look similar to the following example configuration:

    
    bom_base_name:                 S41909SPS03_v0010ms
    
    
  7. Replace <Deployer KeyVault Name> with the name of the deployer resource group Azure key vault

    Your file should look similar to the following example configuration:

    
    bom_base_name:                 S41909SPS03_v0010ms
    kv_name:                       <Deployer KeyVault Name>
    
    
  8. Ensure check_storage_account is present and set to false. This value controls if the SAP Library will be checked for the file before downloading it from SAP.

    Your file should look similar to the following example configuration:

    
    bom_base_name:                 S41909SPS03_v0010
    kv_name:                       <Deployer KeyVault Name>
    check_storage_account:         false
    
    
  9. Execute the Ansible playbooks. One way you can execute the playbooks is to use the Downloader menu. Run the download_menu script.

    ~/Azure_SAP_Automated_Deployment/sap-automation/deploy/ansible/download_menu.sh
    
  10. Select which playbooks to execute.

    1) BoM Downloader
    3) Quit
    Please select playbook:
    

    Select the playbook 1) BOM Downloader to download the SAP Software described in the BOM file into the storage account. Check that the sapbits container has all your media for installation.

Collect workload zone information

  1. Collect the following information in a text editor:

    Note

    the following information was collected at the end of the Deploy the Control Plane phase.

    1. The name of the Terraform state file storage account in the Library resource group.

      • Following from the example above, the resource group would be MGMT-NOEU-SAP_LIBRARY.
      • The name of the storage account would contain mgmtnoeutfstate.
    2. The name of the Key Vault in the Deployer resource group.

      • Following from the example above, the resource group would be MGMT-NOEU-DEP00-INFRASTRUCTURE.
      • The name of the key vault would contain MGMTNOEUDEP00user.
    3. The Public IP address of the Deployer VM. Go to your deployer's resource group, open the deployer VM, and copy the public IP address.

  2. Additionally, the following piece of information needs to be collected.

    1. The name of deployer state file can be found under Library resource group
      • Library resource group -> state storage account -> containers -> tfstate -> Copy the name of the Deployer state file.
      • Following from the example above, the name of the blob will be: MGMT-NOEU-DEP00-INFRASTRUCTURE.terraform.tfstate
  3. If necessary, register the SPN

    Important

    The first time an Environment is instantiated, a SPN must be registered. In this tutorial the Control Plane is in the MGMT environment, and the Workload Zone is in DEV, therefore an SPN must be registered for DEV at this time.

    export subscriptionId="<subscriptionId>"
    export         spn_id="<appID>"
    export     spn_secret="<password>"
    export      tenant_id="<tenant>"
    export      key_vault="<vaultID>"
    export       env_code="DEV"
    export    region_code="<region_code>"
    
    ${DEPLOYMENT_REPO_PATH}/deploy/scripts/set_secrets.sh     \
        --environment "${env_code}"                           \
        --region "${region_code}"                             \
        --vault "${key_vault}"                                \
        --subscription "${subscriptionId}"                    \
        --spn_id "${spn_id}"                                  \
        --spn_secret "${spn_secret}"                          \
        --tenant_id "${tenant_id}"
    

Prepare the Workload Zone deployment

  1. Connect to your deployer VM for the following steps. A copy of the repo is now there.

  2. Go to the sap-automation folder and optionally refresh the repository.

    cd ~/Azure_SAP_Automated_Deployment/sap-automation/
    
    git pull
    
  3. Go into the WORKSPACES/LANDSCAPE folder and copy the sample configuration files that you'll be using from the repository.

    cd ~/Azure_SAP_Automated_Deployment/WORKSPACES/LANDSCAPE
    
    cp -Rp ../../sap-automation/training-materials/WORKSPACES/LANDSCAPE/DEV-[REGION]-SAP01-INFRASTRUCTURE .
    

Deploy the Workload Zone

Use the install_workloadzone script to deploy the SAP workload zone.

  1. On the deployer VM, navigate to the Azure_SAP_Automated_Deployment folder.

    cd ~/Azure_SAP_Automated_Deployment/WORKSPACES/LANDSCAPE/DEV-XXXX-SAP01-INFRASTRUCTURE
    

    From the example region 'northeurope', the folder will look like:

    cd ~/Azure_SAP_Automated_Deployment/WORKSPACES/LANDSCAPE/DEV-NOEU-SAP01-INFRASTRUCTURE
    
  2. Optionally Open the workload zone configuration file and if needed change the network logical name to match the network name.

  3. Start deployment of the workload zone:

    Note

    The details, which we collected in earlier will be needed here. These details are:

    • Name of the deployer tfstate file (found in the tfstate container)
    • Name of the tfstate storage account
    • Name of the deployer key vault
    
    export tfstate_storage_account="<storageaccountName>"
    export       deployer_env_code="MGMT"
    export            sap_env_code="DEV"
    export             region_code="<region_code>"
    export               key_vault="<vaultID>"
    
    cd ~/Azure_SAP_Automated_Deployment/WORKSPACES/LANDSCAPE/${sap_env_code}-${region_code}-SAP01-INFRASTRUCTURE
    
    ${DEPLOYMENT_REPO_PATH}/deploy/scripts/install_workloadzone.sh                                          \
        --parameterfile ./${sap_env_code}-${region_code}-SAP01-INFRASTRUCTURE.tfvars                        \
        --deployer_environment "${deployer_env_code}"                                                       \
        --deployer_tfstate_key "${deployer_env_code}-${region_code}-DEP00-INFRASTRUCTURE.terraform.tfstate" \
        --keyvault "${key_vault}"                                                                           \
        --storageaccountname "${tfstate_storage_account}"                                                   \
        --auto-approve
    

    The workload zone deployment should start automatically.

    Wait for the deployment to finish. The new resource group appears in the Azure portal.

Prepare to deploy the SAP system infrastructure

  1. Connect to your deployer VM for the following steps. A copy of the repo is now there.

  2. Go into the WORKSPACES/SYSTEM folder and copy the sample configuration files that you'll be using from the repository.

    cd ~/Azure_SAP_Automated_Deployment/WORKSPACES/SYSTEM
    
    cp -Rp ../../sap-automation/training-materials/WORKSPACES/SYSTEM/DEV-[REGION]-SAP01-X00 .
    

Deploy SAP system infrastructure

Once the Workload zone is complete, you can deploy the SAP system infrastructure resources. The SAP system creates your VMs and supporting components for your SAP application. Use the installer.sh script to deploy the SAP system.

The SAP system deploys:

  • The database tier, which deploys database VMs and their disks and an Azure Standard Load Balancer. You can run HANA databases or AnyDB databases in this tier.
  • The SCS tier, which deploys a customer-defined number of VMs and an Azure Standard Load Balancer.
  • The application tier, which deploys the VMs and their disks.
  • The web dispatcher tier.
  1. Deploy the SAP system.

    
    export sap_env_code="DEV"
    export  region_code="<region_code>"
    
    cd ~/Azure_SAP_Automated_Deployment/WORKSPACES/SYSTEM/${sap_env_code}-${region_code}-SAP01-X00
    
    ${DEPLOYMENT_REPO_PATH}/deploy/scripts/installer.sh                  \
      --parameterfile "${sap_env_code}-${region_code}-SAP01-X00.tfvars"  \
      --type sap_system                                                  \
      --auto-approve
    

    The deployment command for the northeurope example will look like:

    cd ~/Azure_SAP_Automated_Deployment/WORKSPACES/SYSTEM/DEV-NOEU-SAP01-X00
    
    ${DEPLOYMENT_REPO_PATH}/deploy/scripts/installer.sh  \
      --parameterfile DEV-NOEU-SAP01-X00.tfvars          \
      --type sap_system                                  \
      --auto-approve
    

    Check that the system resource group is now in the Azure portal.

SAP application installation

The SAP application installation happens through Ansible playbooks.

Navigate to the system deployment folder:

cd ~/Azure_SAP_Automated_Deployment/WORKSPACES/SYSTEM/DEV-NOEU-SAP01-X00/

Make sure you have the following files in the current folder: sap-parameters.yaml and SID_host.yaml.

For a standalone SAP S/4HANA system, there are eight playbooks to execute in sequence. One way you can execute the playbooks is to use the Configuration menu.

Run the configuration_menu script.

~/Azure_SAP_Automated_Deployment/sap-automation/deploy/ansible/configuration_menu.sh

Choose the playbooks to execute.

Playbook: OS Config

This playbook does the generic OS configuration setup on all the machines, which includes configuring of software repositories, packages, services, and so on.

Playbook: SAP-Specific OS config

This playbook does the SAP OS configuration setup on all the machines. The steps include creation of volume groups, file systems, configuring of software repositories, packages, and services.

Playbook: BOM Processing

This playbook downloads the SAP software to the SCS virtual machine.

Playbook: HANA DB Install

This playbook will install the HANA database instances.

Playbook: SCS Install

This playbook will install SAP Central Services. For highly available configurations, the playbook will also install the SAP ERS instance and configure Pacemaker.

Playbook: DB Load

This playbook will invoke the database load task from the primary application server.

Playbook: PAS Install

This playbook will install the primary application server.

Playbook: APP Install

This playbook will install the application servers.

You've now deployed and configured a stand-alone HANA system, if you need to configure a highly available SAP HANA database run the HANA HA playbook

Playbook: Hana HA playbook

This playbook will configure HANA System Replication (HSR) and Pacemaker for the HANA database.

Clean up installation

Note

It's important to clean up your SAP installation from this tutorial after you're done. Otherwise, you continue to incur costs related to the resources.

To remove the entire SAP infrastructure you deployed, you need to:

  • Remove the SAP system infrastructure resources
  • Remove all workload zones (the Landscape)
  • Remove the control plane

Execute the removal of your SAP infrastructure resources and workload zones from the deployer VM. Execute the removal of the control plane from Cloud Shell.

Before you begin, sign in your Azure account. Then, check that you're in the correct subscription.

Remove SAP infrastructure

Navigate to the DEV-NOEU-SAP01-X00 subfolder inside the SYSTEM folder. Then, run this command:

export sap_env_code="DEV"
export  region_code="NOEU"

cd ~/Azure_SAP_Automated_Deployment/WORKSPACES/SYSTEM/${sap_env_code}-${region_code}-SAP01-X00

${DEPLOYMENT_REPO_PATH}/deploy/scripts/remover.sh                   \
  --parameterfile "${sap_env_code}-${region_code}-SAP01-X00.tfvars" \
  --type sap_system

Remove SAP workload zone

Navigate to the DEV-XXXX-SAP01-INFRASTRUCTURE subfolder inside the LANDSCAPE folder. Then, execute the following command.


export sap_env_code="DEV"
export  region_code="NOEU"

cd ~/Azure_SAP_Automated_Deployment/WORKSPACES/LANDSCAPE/${sap_env_code}-${region_code}-SAP01-INFRASTRUCTURE

${DEPLOYMENT_REPO_PATH}/deploy/scripts/remover.sh                                \
      --parameterfile ${sap_env_code}-${region_code}-SAP01-INFRASTRUCTURE.tfvars \
      --type sap_landscape

Remove control plane

Sign in to Cloud Shell.

Go to the WORKSPACES folder.

cd ~/Azure_SAP_Automated_Deployment/WORKSPACES/

Export the following two environment variables.

export DEPLOYMENT_REPO_PATH="~/Azure_SAP_Automated_Deployment/sap-automation"
export ARM_SUBSCRIPTION_ID="<subscriptionId>"

Run the following command.

export region_code="NOEU"

${DEPLOYMENT_REPO_PATH}/deploy/scripts/remove_controlplane.sh                                                                          \
    --deployer_parameter_file DEPLOYER/MGMT-${region_code}-DEP00-INFRASTRUCTURE/MGMT-${region_code}-DEP00-INFRASTRUCTURE.tfvars  \
    --library_parameter_file LIBRARY/MGMT-${region_code}-SAP_LIBRARY/MGMT-${region_code}-SAP_LIBRARY.tfvars

Verify that all resources are cleaned up.

Next steps