Skip to main content

Setup connectivity to Run (optional)

This section provides information to help you configure your SAP ASE database to work with the Run dashboard.

warning

This section is only required for Run. If you don't want to use Run, you can skip this section.

Create a database user for the agent

Follow these steps to create a database user for the Agent to use to launch backups and restores on your SAP ASE database and grant access to the agent:

  1. Sign in to the database using the SSO role user.

    sybadm

    _10
    isql -U sapsso -P <password> -S <sid> -X

  2. Create a new role.

    sybadm

    _10
    create role cxbagent_role

  3. Grant operator role to the new role.

    isql

    _10
    grant role oper_role to cxbagent_role

  4. Enable granular permissions.

    isql

    _10
    sp_configure 'enable granular permissions', 1

  5. Sign in to the database using the SA role user.

    sybadm

    _10
    isql -U sapsa -P <password> -S <sid> -X

  6. Switch to the master database.

    sybadm

    _10
    use master

  7. Grant map external file privilege to the new role.

    sybadm

    _10
    grant map external file to cxbagent_role

  8. Sign in again using the SSO role user.

    sybadm

    _10
    isql -U sapsso -P <password> -S <sid> -X

  9. Create a new user.

    isql

    _10
    sp_addlogin cxbagent, <password>

  10. Add the new user to the new role.

    isql

    _10
    grant role cxbagent_role to cxbagent

  11. Set the custom role as the default for the user.

    isql

    _10
    sp_modifylogin cxbagent, "add default role", cxbagent_role

  12. Grant own any database privilege to the custom role as SA user.

    isql

    _10
    grant own any database to cxbagent_role

  13. Sign in to the database as SA user again.

    sybadm

    _10
    isql -U sapsa -P <password> -S <sid> -X

  14. Enable file access.

    isql

    _10
    sp_configure "enable file access", 1

  15. Enable differential backup on the database.

    isql

    _10
    use master
    _10
    go
    _10
    sp_dboption <database_name>, 'allow incremental dumps', true
    _10
    go

  16. Enable trunc log on chkpt on the database.

    isql

    _10
    use master
    _10
    go
    _10
    sp_dboption <database_name>, 'trunc log on chkpt', false
    _10
    go

Add credentials to the agent

  1. Search for agent you want to add credentials to:

_10
cxbagent@lnksap22:~> /opt/cxbagent/cxbagent list
_10
List of database administrators on cxbagent catalog:
_10
1 - sybase_agent
_10
User: sybd04
_10
Group: sapsys
_10
OrgUUID: XXXXXXXX-YYYY-YYYY-YYYY-XXXXXXXXXXXX
_10
Apikey: 012345678901234567890123456789

For the following example we will use sybase_agent

Add database credentials to access the database command line (isql ) tool:


_10
cxbagent@lnksap22:~> /opt/cxbagent/cxbagent credentials sybase_agent
_10
Enter your database username: sapsa
_10
Enter your database password:
_10
Database administrator credentials saved to cxbagent catalog
_10
cxbagent@lnksap22:~>

This credential will never leave the server and will be stored on Agent configuration in Agents catalog

You can check credentials in the config file:


_19
cxbagent@lnksap22:~> ls /opt/cxbagent/conf/catalog.yaml
_19
/opt/cxbagent/conf/catalog.yaml
_19
cxbagent@lnksap22:~> cat /opt/cxbagent/conf/catalog.yaml
_19
version: "1.0"
_19
dbsadmins:
_19
- agentuuid: XXXXXXXX-YYYY-YYYY-YYYY-XXXXXXXXXXXX
_19
agent_name: sybase_agent
_19
user: sybd04
_19
group: sapsys
_19
orguuid: XXXXXXXX-YYYY-YYYY-YYYY-XXXXXXXXXXXX
_19
apikey: 012345678901234567890123456789
_19
tags:
_19
- name: Owner
_19
value: i.guinea@syntax.com
_19
- name: Project
_19
value: CxRun
_19
dbuser: sapsa
_19
dbpass: 9fae748c55261096336be98d11e2725e08a423daa8257e68b2d29c14430dde021fec8ab4c6687ce67dd352aa5463abe0649802a9bbd3e4f7bbf1b15b2afa73af7e9094b813b5dc81ee013595526f5453ade37fe54e94e67d572bd926b07b4e0a2a76a78c3cae9bc7de4a70194b06eb9206c67f401e371c5de41980943a9225849115fef622f98aa89ac8f22881c3b631b06668d92011b9a359a561176fcca8568e59f744230b87829353ba7798cbc9232cb6b9b48c3200cd600ccee7b5fbe7fe95588e8ee2269de0e319f7a6af7a57a93ff915d21398cdb81ddb2a56dcd137758e189c9a3561fe9b598caff4ab30463e621867261f0d205268d47e6547815875
_19
cxbagent@lnksap22:~>

Credentials will be encrypted using the autogenerated keys. You can found them in the following directory (change sybd04 for your ASE os user):


_10
cxbagent@lnksap22:~> ls -rlta /opt/cxbagent/sybd04/*.pem
_10
-rw------- 1 cxbagent cxbagent 459 Apr 16 12:56 /opt/cxbagent/sybd04/public.pem
_10
-rw------- 1 cxbagent cxbagent 1679 Apr 16 12:56 /opt/cxbagent/sybd04/private.pem
_10
cxbagent@lnksap22:~>

Grant minimal sudo permissions to cxbagent OS user

As Agent is installed on your system to be used by cxbagent os user, we have to grant permissions on sudoers files so this OS user will be able to launch command as Database administrator. We do this with root user:

This configuration must be performed using the root user. Follow these steps to update the sudoers file securely and ensure the Agent functions as intended:

  1. Log in as the root user.

  2. Edit the sudoers file by running:


    _10
    visudo -f /etc/sudoers.d/cxbagent

  3. Add the following lines to the sudoers file:

    /etc/sudoers.d/cxbagent

    _10
    Runas_Alias CXBAGENT_ASE_ADMIN_USR_1 = <sybase_os_username>
    _10
    Host_Alias CXBAGENT_ASE_LOCALHOST_1 = <hostname>
    _10
    _10
    cxbagent CXBAGENT_ASE_LOCALHOST_1=(CXBAGENT_ASE_ADMIN_USR_1) NOPASSWD: /bin/csh -c id
    _10
    cxbagent CXBAGENT_ASE_LOCALHOST_1=(CXBAGENT_ASE_ADMIN_USR_1) NOPASSWD: /bin/csh -c echo $SYBASE
    _10
    cxbagent CXBAGENT_ASE_LOCALHOST_1=(CXBAGENT_ASE_ADMIN_USR_1) NOPASSWD: /bin/csh -c /opt/emory/emory*
    _10
    cxbagent CXBAGENT_ASE_LOCALHOST_1=(CXBAGENT_ASE_ADMIN_USR_1) NOPASSWD: /bin/csh -c isql*

    Where:

    • sybase_os_username is the OS username for Sybase database
    • hostname is the hostname of the current Sybase server

Check your configuration

If you have followed the previous steps correctly, the following output should be displayed:

  • Check the sudoers file for the cxbagent OS user:

    cxbagent

    _10
    cxbagent@:~> sudo -l
    _10
    User cxbagent may run the following commands on sapserver1:
    _10
    (ALL) ALL
    _10
    (sybd04) NOPASSWD: /bin/csh -c id
    _10
    (sybd04) NOPASSWD: /bin/csh -c echo $SYBASE
    _10
    (sybd04) NOPASSWD: /bin/csh -c /opt/emory/emory*
    _10
    (sybd04) NOPASSWD: /bin/csh -c isql*

  • Check that the cxbagent OS user has the required permissions for the Sybase database user:

    cxbagent

    _14
    cxbagent@sapserver1:~> sudo -i -u sybd04 -g sapsys /opt/emory/emory showconfig
    _14
    Usage: emory <command>
    _14
    _14
    Flags:
    _14
    -h, --help Show context-sensitive help.
    _14
    _14
    Commands:
    _14
    provider set <name> <type> <config> ...
    _14
    Define new or rewrite existing profile
    _14
    _14
    provider delete <name>
    _14
    Delete existing profile
    _14
    ...
    _14
    ...