Configure SAP system parameters
Configuration for SAP Deployment Automation Framework happens through parameters files. You provide information about your SAP system infrastructure in a tfvars file, which the automation framework uses for deployment. You can find examples of the variable file in the samples repository.
The automation supports creating resources (green-field deployment) or using existing resources (brown-field deployment):
- Green-field scenario: The automation defines default names for resources, but some resource names might be defined in the
tfvarsfile. - Brown-field scenario: The Azure resource identifiers for the resources must be specified.
Deployment topologies
You can use the automation framework to deploy the following SAP architectures:
- Standalone
- Distributed
- Distributed (highly available)
Standalone
In the standalone architecture, all the SAP roles are installed on a single server.
To configure this topology, define the database tier values and set enable_app_tier_deployment to false.
Distributed
The distributed architecture has a separate database server and application tier. The application tier can further be separated by having SAP central services on a virtual machine and one or more application servers.
To configure this topology, define the database tier values and define scs_server_count = 1, application_server_count >= 1.
High availability
The distributed (highly available) deployment is similar to the distributed architecture. In this deployment, the database and/or SAP central services can both be configured by using a highly available configuration that uses two virtual machines, each with Pacemaker clusters or Windows failover clustering.
To configure this topology, define the database tier values and set database_high_availability to true. Set scs_server_count = 1 and scs_high_availability = true and application_server_count >= 1.
Environment parameters
This section contains the parameters that define the environment settings.
| Variable | Description | Type | Notes |
|---|---|---|---|
environment |
Identifier for the workload zone (max five characters) | Mandatory | For example, PROD for a production environment and NP for a nonproduction environment. |
location |
The Azure region in which to deploy | Required | |
custom_prefix |
Specifies the custom prefix used in the resource naming | Optional | |
use_prefix |
Controls if the resource naming includes the prefix | Optional | DEV-WEEU-SAP01-X00_xxxx |
name_override_file |
Name override file | Optional | See Custom naming. |
save_naming_information |
Creates a sample naming JSON file | Optional | See Custom naming. |
tags |
A dictionary of tags to associate with all resources. | Optional |
Resource group parameters
This section contains the parameters that define the resource group.
| Variable | Description | Type |
|---|---|---|
resourcegroup_name |
Name of the resource group to be created | Optional |
resourcegroup_arm_id |
Azure resource identifier for an existing resource group | Optional |
resourcegroup_tags |
Tags to be associated to the resource group | Optional |
Infrastructure parameters
This section contains the parameters related to the Azure infrastructure.
| Variable | Description | Type |
|---|---|---|
custom_disk_sizes_filename |
Defines the disk sizing file name, See Custom sizing. | Optional |
resource_offset |
Provides an offset for resource naming. | Optional |
use_loadbalancers_for_standalone_deployments |
Controls if load balancers are deployed for standalone installations | Optional |
user_assigned_identity_id |
User assigned identity to assign to the virtual machines | Optional |
vm_disk_encryption_set_id |
The disk encryption key to use for encrypting managed disks by using customer-provided keys. | Optional |
use_random_id_for_storageaccounts |
If defined will append a random string to the storage account name | Optional |
use_scalesets_for_deployment |
Use Flexible Virtual Machine Scale Sets for the deployment | Optional |
scaleset_id |
Azure resource identifier for the virtual machine scale set | Optional |
proximityplacementgroup_arm_ids |
Specifies the Azure resource identifiers of existing proximity placement groups. | |
proximityplacementgroup_names |
Specifies the names of the proximity placement groups. | |
use_app_proximityplacementgroups |
Controls if the app tier virtual machines are placed in a different ppg from the database. | Optional |
app_proximityplacementgroup_arm_ids |
Specifies the Azure resource identifiers of existing proximity placement groups for the app tier. | |
app_proximityplacementgroup_names |
Specifies the names of the proximity placement groups for the app tier. | |
use_spn |
If defined the deployment will be performed using a Service Principal, otherwise an MSI | Optional |
use_private_endpoint |
Use private endpoints. | Optional |
The resource_offset parameter controls the naming of resources. For example, if you set the resource_offset to 1, the first disk will be named disk1. The default value is 0.
SAP Application parameters
This section contains the parameters related to the SAP Application.
| Variable | Description | Type |
|---|---|---|
sid |
Defines the SAP application SID | Required |
database_sid |
Defines the database SID | Required |
web_sid |
Defines the Web Dispatcher SID | Required |
scs_instance_number |
The instance number of SCS | Optional |
ers_instance_number |
The instance number of ERS | Optional |
pas_instance_number |
The instance number of the Primary Application Server | Optional |
app_instance_number |
The instance number of the Application Server | Optional |
database_instance_number |
The instance number of SCS | Optional |
web_instance_number |
The instance number of the Web Dispatcher | Optional |
bom_name |
Defines the name of the Bill of MAterials file | Optional |
SAP virtual hostname parameters
In SAP Deployment Automation Framework, the SAP virtual hostname is defined by specifying the use_secondary_ips parameter.
| Variable | Description | Type |
|---|---|---|
use_secondary_ips |
Boolean flag that indicates if SAP should be installed by using virtual hostnames | Optional |
Database tier parameters
The database tier defines the infrastructure for the database tier. Supported database back ends are:
HANADB2ORACLEORACLE-ASMASESQLSERVERNONE(in this case, no database tier is deployed)
See High-availability configuration for information on how to configure high availability.
| Variable | Description | Type | Notes |
|---|---|---|---|
database_platform |
Defines the database back end | Required | |
database_vm_image |
Defines the virtual machine image to use | Optional | |
database_vm_sku |
Defines the virtual machine SKU to use | Optional | |
database_server_count |
Defines the number of database servers | Optional | |
database_high_availability |
Defines if the database tier is deployed highly available | Optional | |
database_vm_zones |
Defines the availability zones for the database servers | Optional | |
db_sizing_dictionary_key |
Defines the database sizing information | Required | See Custom sizing. |
database_vm_use_DHCP |
Controls if Azure subnet-provided IP addresses should be used | Optional | |
database_vm_db_nic_ips |
Defines the IP addresses for the database servers (database subnet) | Optional | |
database_vm_db_nic_secondary_ips |
Defines the secondary IP addresses for the database servers (database subnet) | Optional | |
database_vm_admin_nic_ips |
Defines the IP addresses for the database servers (admin subnet) | Optional | |
database_loadbalancer_ips |
List of IP addresses for the database load balancer (db subnet) | Optional | |
database_vm_authentication_type |
Defines the authentication type (key/password) | Optional | |
database_use_avset |
Controls if the database servers are placed in availability sets | Optional | |
database_use_ppg |
Controls if the database servers are placed in proximity placement groups | Optional | |
database_vm_avset_arm_ids |
Defines the existing availability sets Azure resource IDs | Optional | Primarily used with Azure NetApp Files pinning. |
database_use_premium_v2_storage |
Controls if the database tier will use premium storage v2 (HANA) | Optional | |
database_dual_nics |
Controls if the HANA database servers will have dual network interfaces | Optional | |
database_tags |
Defines a list of tags to be applied to the database servers | Optional |
The virtual machine and the operating system image are defined by using the following structure:
{
os_type="linux"
type="marketplace"
source_image_id=""
publisher="SUSE"
offer="sles-sap-15-sp3"
sku="gen2"
version="latest"
}
Common application tier parameters
The application tier defines the infrastructure for the application tier, which can consist of application servers, central services servers, and web dispatch servers.
| Variable | Description | Type | Notes |
|---|---|---|---|
enable_app_tier_deployment |
Defines if the application tier is deployed | Optional | |
app_tier_sizing_dictionary_key |
Lookup value that defines the VM SKU and the disk layout for the application tier servers | Optional | |
app_disk_sizes_filename |
Defines the custom disk size file for the application tier servers | Optional | See Custom sizing. |
app_tier_authentication_type |
Defines the authentication type for the application tier virtual machines | Optional | |
app_tier_use_DHCP |
Controls if Azure subnet-provided IP addresses should be used (dynamic) | Optional | |
app_tier_dual_nics |
Defines if the application tier server will have two network interfaces | Optional |
SAP central services parameters
| Variable | Description | Type | Notes |
|---|---|---|---|
scs_server_count |
Defines the number of SCS servers | Required | |
scs_high_availability |
Defines if the central services is highly available | Optional | See High availability configuration. |
scs_server_sku |
Defines the virtual machine SKU to use | Optional | |
scs_server_image |
Defines the virtual machine image to use | Required | |
scs_server_zones |
Defines the availability zones of the SCS servers | Optional | |
scs_server_app_nic_ips |
List of IP addresses for the SCS servers (app subnet) | Optional | |
scs_server_app_nic_secondary_ips |
List of secondary IP addresses for the SCS servers (app subnet) | Optional | |
scs_server_app_admin_nic_ips |
List of IP addresses for the SCS servers (admin subnet) | Optional | |
scs_server_loadbalancer_ips |
List of IP addresses for the scs load balancer (app subnet) | Optional | |
scs_server_use_ppg |
Controls if the SCS servers are placed in availability sets | Optional | |
scs_server_use_avset |
Controls if the SCS servers are placed in proximity placement groups | Optional | |
scs_server_tags |
Defines a list of tags to be applied to the SCS servers | Optional |
Application server parameters
| Variable | Description | Type | Notes |
|---|---|---|---|
application_server_count |
Defines the number of application servers | Required | |
application_server_sku |
Defines the virtual machine SKU to use | Optional | |
application_server_image |
Defines the virtual machine image to use | Required | |
application_server_zones |
Defines the availability zones to which the application servers are deployed | Optional | |
application_server_admin_nic_ips |
List of IP addresses for the application server (admin subnet) | Optional | |
application_server_app_nic_ips[] |
List of IP addresses for the application servers (app subnet) | Optional | |
application_server_nic_secondary_ips[] |
List of secondary IP addresses for the application servers (app subnet) | Optional | |
application_server_use_ppg |
Controls if application servers are placed in availability sets | Optional | |
application_server_use_avset |
Controls if application servers are placed in proximity placement groups | Optional | |
application_server_tags |
Defines a list of tags to be applied to the application servers | Optional | |
application_server_vm_avset_arm_ids[] |
List of Availability Set Resource Ids for the application servers | Optional |
Web dispatcher parameters
| Variable | Description | Type | Notes |
|---|---|---|---|
webdispatcher_server_count |
Defines the number of web dispatcher servers | Required | |
webdispatcher_server_sku |
Defines the virtual machine SKU to use | Optional | |
webdispatcher_server_image |
Defines the virtual machine image to use | Optional | |
webdispatcher_server_zones |
Defines the availability zones to which the web dispatchers are deployed | Optional | |
webdispatcher_server_app_nic_ips[] |
List of IP addresses for the web dispatcher server (app/web subnet) | Optional | |
webdispatcher_server_nic_secondary_ips[] |
List of secondary IP addresses for the web dispatcher server (app/web subnet) | Optional | |
webdispatcher_server_app_admin_nic_ips |
List of IP addresses for the web dispatcher server (admin subnet) | Optional | |
webdispatcher_server_use_ppg |
Controls if web dispatchers are placed in availability sets | Optional | |
webdispatcher_server_use_avset |
Controls if web dispatchers are placed in proximity placement groups | Optional | |
webdispatcher_server_tags |
Defines a list of tags to be applied to the web dispatcher servers | Optional | |
webdispatcher_server_loadbalancer_ips |
List of IP addresses for the web load balancer (web/app subnet) | Optional |
Network parameters
If the subnets aren't deployed using the workload zone deployment, they can be added in the system's tfvars file.
The automation framework can either deploy the virtual network and the subnets (green-field deployment) or use an existing virtual network and existing subnets (brown-field deployments):
- Green-field scenario: The virtual network address space and the subnet address prefixes must be specified.
- Brown-field scenario: The Azure resource identifier for the virtual network and the subnets must be specified.
Ensure that the virtual network address space is large enough to host all the resources.
This section contains the networking parameters.
| Variable | Description | Type | Notes |
|---|---|---|---|
network_logical_name |
The logical name of the network | Required | |
admin_subnet_name |
The name of the admin subnet |
Optional | |
admin_subnet_address_prefix |
The address range for the admin subnet |
Mandatory | For green-field deployments |
admin_subnet_arm_id * |
The Azure resource identifier for the admin subnet |
Mandatory | For brown-field deployments |
admin_subnet_nsg_name |
The name of the admin network security group |
Optional | |
admin_subnet_nsg_arm_id * |
The Azure resource identifier for the admin network security group |
Mandatory | For brown-field deployments |
db_subnet_name |
The name of the db subnet |
Optional | |
db_subnet_address_prefix |
The address range for the db subnet |
Mandatory | For green-field deployments |
db_subnet_arm_id * |
The Azure resource identifier for the db subnet |
Mandatory | For brown-field deployments |
db_subnet_nsg_name |
The name of the db network security group name |
Optional | |
db_subnet_nsg_arm_id * |
The Azure resource identifier for the db network security group |
Mandatory | For brown-field deployments |
app_subnet_name |
The name of the app subnet |
Optional | |
app_subnet_address_prefix |
The address range for the app subnet |
Mandatory | For green-field deployments |
app_subnet_arm_id * |
The Azure resource identifier for the app subnet |
Mandatory | For brown-field deployments |
app_subnet_nsg_name |
The name of the app network security group name |
Optional | |
app_subnet_nsg_arm_id * |
The Azure resource identifier for the app network security group |
Mandatory | For brown-field deployments |
web_subnet_name |
The name of the web subnet |
Optional | |
web_subnet_address_prefix |
The address range for the web subnet |
Mandatory | For green-field deployments |
web_subnet_arm_id * |
The Azure resource identifier for the web subnet |
Mandatory | For brown-field deployments |
web_subnet_nsg_name |
The name of the web network security group name |
Optional | |
web_subnet_nsg_arm_id * |
The Azure resource identifier for the web network security group |
Mandatory | For brown-field deployments |
deploy_application_security_groups |
Controls application security group deployments | Optional | |
nsg_asg_with_vnet |
If true, the network security group will be placed with the VNet | Optional |
* = Required for brown-field deployments
Key vault parameters
If you don't want to use the workload zone key vault but another one, you can define the key vault's Azure resource identifier in the system's tfvar file.
This section defines the parameters used for defining the key vault information.
| Variable | Description | Type | Notes |
|---|---|---|---|
user_keyvault_id |
Azure resource identifier for existing system credentials key vault | Optional | |
spn_keyvault_id |
Azure resource identifier for existing deployment credentials (SPNs) key vault | Optional | |
enable_purge_control_for_keyvaults |
Disables the purge protection for Azure key vaults | Optional | Only use for test environments. |
Anchor virtual machine parameters
SAP Deployment Automation Framework supports having an anchor virtual machine. The anchor virtual machine is the first virtual machine to be deployed. It's used to anchor the proximity placement group.
This section contains the parameters related to the anchor virtual machine.
| Variable | Description | Type |
|---|---|---|
deploy_anchor_vm |
Defines if the anchor virtual machine is used | Optional |
anchor_vm_accelerated_networking |
Defines if the anchor VM is configured to use accelerated networking | Optional |
anchor_vm_authentication_type |
Defines the authentication type for the anchor VM (key or password) | Optional |
anchor_vm_authentication_username |
Defines the username for the anchor VM | Optional |
anchor_vm_image |
Defines the VM image to use (as shown in the following code sample) | Optional |
anchor_vm_nic_ips[] |
List of IP addresses for the anchor VMs (app subnet) | Optional |
anchor_vm_sku |
Defines the VM SKU to use, for example, Standard_D4s_v3 | Optional |
anchor_vm_use_DHCP |
Controls whether to use dynamic IP addresses provided by Azure subnet | Optional |
The virtual machine and the operating system image are defined by using the following structure:
{
os_type = "linux"
type = "marketplace"
source_image_id = ""
publisher = "SUSE"
offer = "sles-sap-15-sp5"
sku = "gen2"
version= " latest"
}
Authentication parameters
By default, the SAP system deployment uses the credentials from the SAP workload zone. If the SAP system needs unique credentials, you can provide them by using these parameters.
| Variable | Description | Type |
|---|---|---|
automation_username |
Administrator account name | Optional |
automation_password |
Administrator password | Optional |
automation_path_to_public_key |
Path to existing public key | Optional |
automation_path_to_private_key |
Path to existing private key | Optional |
Miscellaneous parameters
| Variable | Description |
|---|---|
license_type |
Specifies the license type for the virtual machines. Possible values are RHEL_BYOS and SLES_BYOS. For Windows, the possible values are None, Windows_Client, and Windows_Server. |
use_zonal_markers |
Specifies if zonal virtual machines will include a zonal identifier: xooscs_z1_00l### versus xooscs00l###. |
deploy_v1_monitoring_extension |
Defines if the Microsoft.AzureCAT.AzureEnhancedMonitoring extension will be deployed |
NFS support
| Variable | Description | Type |
|---|---|---|
NFS_provider |
Defines what NFS back end to use. The options are AFS for Azure Files NFS or ANF for Azure NetApp files. |
Optional |
sapmnt_volume_size |
Defines the size (in GB) for the sapmnt volume. |
Optional |
Azure files NFS support
| Variable | Description | Type |
|---|---|---|
azure_files_sapmnt_id |
If provided, the Azure resource ID of the storage account used for sapmnt |
Optional |
sapmnt_private_endpoint_id |
If provided, the Azure resource ID of the sapmnt private endpoint |
Optional |
HANA Scaleout support
| Variable | Description | Type | Notes |
|---|---|---|---|
database_HANA_use_ANF_scaleout_scenario |
Defines if HANA scaleout is used. | Optional | |
stand_by_node_count |
The number of standby nodes. | Optional |
Azure NetApp Files support
| Variable | Description | Type | Notes |
|---|---|---|---|
ANF_HANA_use_AVG |
Use Application Volume Group for the volumes. | Optional | |
ANF_HANA_use_Zones |
Deploy the Azure NetApp Files volume zonally. | Optional | |
ANF_HANA_data |
Create Azure NetApp Files volume for HANA data. | Optional | |
ANF_HANA_data_use_existing_volume |
Use existing Azure NetApp Files volume for HANA data. | Optional | Use for pre-created volumes. |
ANF_HANA_data_volume_count |
Number of HANA data volumes. | Optional | |
ANF_HANA_data_volume_name |
Azure NetApp Files volume name for HANA data. | Optional | |
ANF_HANA_data_volume_size |
Azure NetApp Files volume size in GB for HANA data. | Optional | Default size is 256. |
ANF_HANA_data_volume_throughput |
Azure NetApp Files volume throughput for HANA data. | Optional | Default is 128 MBs/s. |
ANF_HANA_log |
Create Azure NetApp Files volume for HANA log. | Optional | |
ANF_HANA_log_use_existing |
Use existing Azure NetApp Files volume for HANA log. | Optional | Use for pre-created volumes. |
ANF_HANA_log_volume_count |
Number of HANA log volumes. | Optional | |
ANF_HANA_log_volume_name |
Azure NetApp Files volume name for HANA log. | Optional | |
ANF_HANA_log_volume_size |
Azure NetApp Files volume size in GB for HANA log. | Optional | Default size is 128. |
ANF_HANA_log_volume_throughput |
Azure NetApp Files volume throughput for HANA log. | Optional | Default is 128 MBs/s. |
ANF_HANA_shared |
Create Azure NetApp Files volume for HANA shared. | Optional | |
ANF_HANA_shared_use_existing |
Use existing Azure NetApp Files volume for HANA shared. | Optional | Use for pre-created volumes. |
ANF_HANA_shared_volume_name |
Azure NetApp Files volume name for HANA shared. | Optional | |
ANF_HANA_shared_volume_size |
Azure NetApp Files volume size in GB for HANA shared. | Optional | Default size is 128. |
ANF_HANA_shared_volume_throughput |
Azure NetApp Files volume throughput for HANA shared. | Optional | Default is 128 MBs/s. |
ANF_sapmnt |
Create Azure NetApp Files volume for sapmnt. |
Optional | |
ANF_sapmnt_use_existing_volume |
Use existing Azure NetApp Files volume for sapmnt. |
Optional | Use for pre-created volumes. |
ANF_sapmnt_volume_name |
Azure NetApp Files volume name for sapmnt. |
Optional | |
ANF_sapmnt_volume_size |
Azure NetApp Files volume size in GB for sapmnt. |
Optional | Default size is 128. |
ANF_sapmnt_throughput |
Azure NetApp Files volume throughput for sapmnt. |
Optional | Default is 128 MBs/s. |
ANF_sapmnt_use_clone_in_secondary_zone |
Create the secondary sapmnt volume as a clone | Optional | Default is 128 MBs/s. |
ANF_usr_sap |
Create Azure NetApp Files volume for usrsap. |
Optional | |
ANF_usr_sap_use_existing |
Use existing Azure NetApp Files volume for usrsap. |
Optional | Use for pre-created volumes. |
ANF_usr_sap_volume_name |
Azure NetApp Files volume name for usrsap. |
Optional | |
ANF_usr_sap_volume_size |
Azure NetApp Files volume size in GB for usrsap. |
Optional | Default size is 128. |
ANF_usr_sap_throughput |
Azure NetApp Files volume throughput for usrsap. |
Optional | Default is 128 MBs/s. |
Oracle parameters
These parameters need to be updated in the sap-parameters.yaml file when you deploy Oracle-based systems.
| Variable | Description | Type | Notes |
|---|---|---|---|
ora_release |
Release of Oracle, for example, 19 | Mandatory | |
ora_version |
Version of Oracle, for example, 19.0.0 | Mandatory | |
oracle_sbp_patch |
Oracle SBP patch file name, for example, SAP19P_2202-70004508.ZIP | Mandatory | Must be part of the Bill of Materials |
use_observer |
Defines if an observer will be used | Optional |
You can use the configuration_settings variable to let Terraform add them to sap-parameters.yaml file.
configuration_settings = {
ora_release = "19",
ora_version = "19.0.0",
oracle_sbp_patch = "SAP19P_2202-70004508.ZIP",
oraclegrid_sbp_patch = "GIRU19P_2202-70004508.ZIP",
}
DNS support
| Variable | Description | Type |
|---|---|---|
management_dns_resourcegroup_name |
Resource group that contains the private DNS zone. | Optional |
management_dns_subscription_id |
Subscription ID for the subscription that contains the private DNS zone. | Optional |
use_custom_dns_a_registration |
Use an existing private DNS zone. | Optional |
dns_a_records_for_secondary_names |
Registers A records for the secondary IP addresses. | Optional |
Azure Monitor for SAP parameters
| Variable | Description | Type | Notes |
|---|---|---|---|
ams_resource_id |
Defines the ARM resource ID for Azure Monitor for SAP | Optional | |
enable_ha_monitoring |
Defines if Prometheus high availability cluster monitoring is enabled | Optional | |
enable_os_monitoring |
Defines if Prometheus high availability OS monitoring is enabled | Optional |
Other parameters
| Variable | Description | Type | Notes |
|---|---|---|---|
Agent_IP |
IP address of the agent. | Optional | |
add_Agent_IP |
Controls if Agent IP is added to the key vault and storage account firewalls | Optional |
Terraform parameters
This section contains the Terraform parameters. These parameters need to be entered manually if you're not using the deployment scripts.
| Variable | Description | Type |
|---|---|---|
tfstate_resource_id |
Azure resource identifier for the storage account in the SAP library that will contain the Terraform state files | Required * |
deployer_tfstate_key |
The name of the state file for the deployer | Required * |
landscaper_tfstate_key |
The name of the state file for the workload zone | Required * |
* = Required for manual deployments
High-availability configuration
The high-availability configuration for the database tier and the SCS tier is configured by using the database_high_availability and scs_high_availability flags. Red Hat and SUSE should use the appropriate HA version of the virtual machine images (RHEL-SAP-HA, sles-sap-15-sp?).
High-availability configurations use Pacemaker with Azure fencing agents.
Cluster parameters
This section contains the parameters related to the cluster configuration.
| Variable | Description | Type |
|---|---|---|
database_cluster_disk_lun |
Specifies the The LUN of the shared disk for the Database cluster. | Optional |
database_cluster_disk_size |
The size of the shared disk for the Database cluster. | Optional |
database_cluster_type |
Cluster quorum type; AFA (Azure Fencing Agent), ASD (Azure Shared Disk), ISCSI | Optional |
fencing_role_name |
Specifies the Azure role assignment to assign to enable fencing. | Optional |
idle_timeout_scs_ers |
Sets the idle timeout setting for the SCS and ERS loadbalancer. | Optional |
scs_cluster_disk_lun |
Specifies the The LUN of the shared disk for the Central Services cluster. | Optional |
scs_cluster_disk_size |
The size of the shared disk for the Central Services cluster. | Optional |
scs_cluster_type |
Cluster quorum type; AFA (Azure Fencing Agent), ASD (Azure Shared Disk), ISCSI | Optional |
use_msi_for_clusters |
If defined, configures the Pacemaker cluster by using managed identities. | Optional |
use_simple_mount |
Specifies if simple mounts are used (applicable for SLES 15 SP# or newer). | Optional |
use_fence_kdump |
Configure fencing device based on the fence agent fence_kdump | Optional |
use_fence_kdump_lun_db |
Default lun number of the kdump disk (database) | Optional |
use_fence_kdump_lun_scs |
Default lun number of the kdump disk (Central Services) | Optional |
use_fence_kdump_size_gb_db |
Default size of the kdump disk (database) | Optional |
use_fence_kdump_size_gb_scs |
Default size of the kdump disk (Central Services) | Optional |
Note
The highly available central services deployment requires using a shared file system for sap_mnt. You can use Azure Files or Azure NetApp Files by using the NFS_provider attribute. The default is Azure Files. To use Azure NetApp Files, set the NFS_provider attribute to ANF.
Fencing agent configuration
SAP Deployment Automation Framework supports using either managed identities or service principals for fencing agents. The following section describes how to configure each option.
If you set the variable use_msi_for_clusters to true, the fencing agent uses managed identities.
If you want to use a service principal for the fencing agent, set that variable to false.
The fencing agents should be configured to use a unique service principal with permissions to stop and start virtual machines. For more information, see Create a fencing agent.
az ad sp create-for-rbac --role="Linux Fence Agent Role" --scopes="/subscriptions/<subscriptionID>" --name="<prefix>-Fencing-Agent"
Replace <prefix> with the name prefix of your environment, such as DEV-WEEU-SAP01. Replace <subscriptionID> with the workload zone subscription ID.
Important
The name of the fencing agent service principal must be unique in the tenant. The script assumes that a role Linux Fence Agent Role was already created.
Record the values from the fencing agent SPN:
- appId
- password
- tenant
The fencing agent details must be stored in the workload zone key vault by using a predefined naming convention. Replace <prefix> with the name prefix of your environment, such as DEV-WEEU-SAP01. Replace <workload_kv_name> with the name of the key vault from the workload zone resource group. For the other values, use the values recorded from the previous step and run the script.
az keyvault secret set --name "<prefix>-fencing-spn-id" --vault-name "<workload_kv_name>" --value "<appId>";
az keyvault secret set --name "<prefix>-fencing-spn-pwd" --vault-name "<workload_kv_name>" --value "<password>";
az keyvault secret set --name "<prefix>-fencing-spn-tenant" --vault-name "<workload_kv_name>" --value "<tenant>";