Skip to main content

Setup connectivity to Run (optional)

For Run to work with your SAP HANA database, there are additional steps required to get the latest backup jobs and results.

warning

This section is only required for Run. If you don't want to use Run, you can skip this section.

Create a database user for the agent

Follow these steps to create a database user for the Agent to use to launch backups and restores on your SAP HANA database and grant access to the agent:

  1. Create the CXBAGENT database user to be used by the Agent to launch backups and restores on your SAP HANA database.

    User

    User must be called CXBAGENT due to the way Agent is configured.

    • If you use HANA Studio, add the user to the SYSTEMDB database with the following privileges:

      • BACKUP ADMIN
      • BACKUP OPERATOR
      • CATALOG READ
      • DATABASE BACKUP OPERATOR
      • DATABASE RECOVERY OPERATOR

    • If you prefer to use the command line, you can use the following command to create the user:

      hdbsql

      _10
      CREATE USER PASSWORD <desired_password> NO FORCE_FIRST_PASSWORD_CHANGE;
      _10
      GRANT BACKUP ADMIN, DATABASE BACKUP ADMIN, DATABASE RECOVERY OPERATOR, CATALOG READ, INIFILE ADMIN, DATABASE START, DATABASE STOP, TRACE ADMIN, SERVICE ADMIN TO CXBAGENT;

  2. Configure HANA Database user for CxBAgent process on each Tenant.

    • Create a new user CXBAGENT_TENANT with the following privileges for each tenant database:
      • BACKUP ADMIN
      • BACKUP OPERATOR

    Where:

    • TENANT in CXBAGENT_TENANT is the tenant id.

  3. Create SSO User for SYSTEMDB and each tenant.

    sidadm

    _10
    hdbuserstore SET CXBAGENT <Hostname>:<PortNumber>@SYSTEMDB CXBAGENT <password>
    _10
    hdbuserstore SET CXBAGENT_<TENANT_1> <Hostname>:<PortNumber>@<TENANT_1> CXBAGENT <password>
    _10
    hdbuserstore SET CXBAGENT_<TENANT_2> <Hostname>:<PortNumber>@<TENANT_2> CXBAGENT <password>

    Where:

    • Hostname: is the hostname of HANA database
    • PortNumber: is the port number of nameserver (Ex: 30013 for a nr=00 system)
    • password: is the password of CXBAGENT previously created at database level

  4. Check if the user has been created properly:

    List create entry:

    sidadm

    _10
    $ hdbuserstore list

    If the user is not listed, check the password of the user and try again.

    SAP Note

    More information in SAP Note 2938937 - How to create and access a user key in the hdbuserstore (OSS required)

    Test backup launch with this user. You can check the right configuration of your settings using this OS commands:

    sidadm

    _10
    hdbsql -U CXBAGENT "BACKUP DATA FOR SYSTEMDB USING BACKINT('Test_SYSTEMDB_Backup')"
    _10
    _10
    hdbsql -U CXBAGENT "BACKUP DATA FOR SYSTEMDB USING BACKINT('Test_SYSTEMDB_Backup')"
    _10
    _10
    hdbsql -U CXBAGENT "SELECT DATABASE_NAME,ACTIVE_STATUS FROM SYS.M_DATABASES"
    _10
    _10
    hdbsql -U CXBAGENT "BACKUP DATA FOR HSC USING BACKINT('Test')"

Configure SUDO actions for user cxbagent

As CxRun Backup Agent is installed on your system to be used by cxbagent os user, we have to grant permissions on sudoers files so this OS user will be able to launch command as Database administrator. We do this with root user


_10
visudo -f /etc/sudoers.d/cxbagent

Determine with SHELL is default for your HANA database user at operating system:


_10
$ getent passwd hscadm | cut -d\: -f7
_10
/bin/csh

Add the following entries to editor if your user is using /bin/csh:


_11
Runas_Alias CXBAGENT_HANA_ADMIN_USR_1 = <hana_os_username>
_11
Host_Alias CXBAGENT_HANA_LOCALHOST_1 = <hostname>
_11
_11
cxbagent CXBAGENT_HANA_LOCALHOST_1=(CXBAGENT_HANA_ADMIN_USR_1) NOPASSWD: /bin/csh -c id
_11
cxbagent CXBAGENT_HANA_LOCALHOST_1=(CXBAGENT_HANA_ADMIN_USR_1) NOPASSWD: /bin/csh -c echo $SAPSYSTEMNAME
_11
cxbagent CXBAGENT_HANA_LOCALHOST_1=(CXBAGENT_HANA_ADMIN_USR_1) NOPASSWD: /bin/csh -c echo $DIR_INSTANCE
_11
cxbagent CXBAGENT_HANA_LOCALHOST_1=(CXBAGENT_HANA_ADMIN_USR_1) NOPASSWD: /bin/csh -c /opt/emory/emory*
_11
cxbagent CXBAGENT_HANA_LOCALHOST_1=(CXBAGENT_HANA_ADMIN_USR_1) NOPASSWD: /bin/csh -c HDBSettings.sh recoverSys.py *
_11
cxbagent CXBAGENT_HANA_LOCALHOST_1=(CXBAGENT_HANA_ADMIN_USR_1) NOPASSWD: /bin/csh -c hdbsql -U CXBAGENT*
_11
cxbagent CXBAGENT_HANA_LOCALHOST_1=(CXBAGENT_HANA_ADMIN_USR_1) NOPASSWD: /bin/csh -c hdbsql -U CXBAGENT_<TENANT_1> *
_11
cxbagent CXBAGENT_HANA_LOCALHOST_1=(CXBAGENT_HANA_ADMIN_USR_1) NOPASSWD: /bin/csh -c hdbsql -U CXBAGENT_<TENANT_n> *

Add the following entries to editor if your user is using /bin/sh


_11
Runas_Alias CXBAGENT_HANA_ADMIN_USR_1 = <hana_os_username>
_11
Host_Alias CXBAGENT_HANA_LOCALHOST_1 = <hostname>
_11
_11
cxbagent CXBAGENT_HANA_LOCALHOST_1=(CXBAGENT_HANA_ADMIN_USR_1) NOPASSWD: /bin/sh -c id
_11
cxbagent CXBAGENT_HANA_LOCALHOST_1=(CXBAGENT_HANA_ADMIN_USR_1) NOPASSWD: /bin/sh -c echo $SAPSYSTEMNAME
_11
cxbagent CXBAGENT_HANA_LOCALHOST_1=(CXBAGENT_HANA_ADMIN_USR_1) NOPASSWD: /bin/sh -c echo $DIR_INSTANCE
_11
cxbagent CXBAGENT_HANA_LOCALHOST_1=(CXBAGENT_HANA_ADMIN_USR_1) NOPASSWD: /bin/sh -c /opt/emory/emory*
_11
cxbagent CXBAGENT_HANA_LOCALHOST_1=(CXBAGENT_HANA_ADMIN_USR_1) NOPASSWD: /bin/sh -c HDBSettings.sh recoverSys.py *
_11
cxbagent CXBAGENT_HANA_LOCALHOST_1=(CXBAGENT_HANA_ADMIN_USR_1) NOPASSWD: /bin/sh -c hdbsql -U CXBAGENT*
_11
cxbagent CXBAGENT_HANA_LOCALHOST_1=(CXBAGENT_HANA_ADMIN_USR_1) NOPASSWD: /bin/sh -c hdbsql -U CXBAGENT_<TENANT_1> *
_11
cxbagent CXBAGENT_HANA_LOCALHOST_1=(CXBAGENT_HANA_ADMIN_USR_1) NOPASSWD: /bin/sh -c hdbsql -U CXBAGENT_<TENANT_n> *

Add the following entries to editor if your user is using /bin/bash


_11
Runas_Alias CXBAGENT_HANA_ADMIN_USR_1 = <hana_os_username>
_11
Host_Alias CXBAGENT_HANA_LOCALHOST_1 = <hostname>
_11
_11
cxbagent CXBAGENT_HANA_LOCALHOST_1=(CXBAGENT_HANA_ADMIN_USR_1) NOPASSWD: /bin/bash -c id
_11
cxbagent CXBAGENT_HANA_LOCALHOST_1=(CXBAGENT_HANA_ADMIN_USR_1) NOPASSWD: /bin/bash -c echo $SAPSYSTEMNAME
_11
cxbagent CXBAGENT_HANA_LOCALHOST_1=(CXBAGENT_HANA_ADMIN_USR_1) NOPASSWD: /bin/bash -c echo $DIR_INSTANCE
_11
cxbagent CXBAGENT_HANA_LOCALHOST_1=(CXBAGENT_HANA_ADMIN_USR_1) NOPASSWD: /bin/bash -c /opt/emory/emory*
_11
cxbagent CXBAGENT_HANA_LOCALHOST_1=(CXBAGENT_HANA_ADMIN_USR_1) NOPASSWD: /bin/bash -c HDBSettings.sh recoverSys.py *
_11
cxbagent CXBAGENT_HANA_LOCALHOST_1=(CXBAGENT_HANA_ADMIN_USR_1) NOPASSWD: /bin/bash -c hdbsql -U CXBAGENT *
_11
cxbagent CXBAGENT_HANA_LOCALHOST_1=(CXBAGENT_HANA_ADMIN_USR_1) NOPASSWD: /bin/bash -c hdbsql -U CXBAGENT_<TENANT_1> *
_11
cxbagent CXBAGENT_HANA_LOCALHOST_1=(CXBAGENT_HANA_ADMIN_USR_1) NOPASSWD: /bin/bash -c hdbsql -U CXBAGENT_<TENANT_n> *

Where:

  • hana_os_username is the OS username for HANA database
  • hostname is the hostname of the current HANA server

Check the sudo configuration

If you have followed the previous steps correctly, the following output should be displayed:

Change to cxbagent os username and execute the following:


_10
> visudo -l


_10
cxbagent@emoryhana1:~> sudo -l
_10
User cxbagent may run the following commands on emoryhana1:
_10
(ALL) ALL
_10
(hscadm) NOPASSWD: /bin/sh -c id
_10
(hscadm) NOPASSWD: /bin/sh -c echo $SAPSYSTEMNAME
_10
(hscadm) NOPASSWD: /bin/sh -c /opt/emory/emory*
_10
(hscadm) NOPASSWD: /bin/sh -c hdbsql -U CXBAGENT *

Test

User cxbagent OS username you should be able to execute the following commands:


_10
sudo -i -u <hana_os_user> -g <hana_os_group> id
_10
sudo -i -u <hana_os_user> -g <hana_os_group> echo $SAPSYSTEMNAME

Add an agent to manage the database

  1. Using the cxbagent, add a new database to be managed by the agent by using the add command as user cxbagent:

    cxbagent

    _10
    /opt/cxbagent/cxbagent add <agent_name> <sidadm> <sapsys> <org_uuid> <apikey> [TAGS]

    Our recommendation is to name the agent after the database name for easy reference.

    Example

    /opt/cxbagent/cxbagent add HANA_HSC hscadm sapsys org_uuid_1 api_key Stage=Production,Team=Marketing

  2. You can display configured agents for your system by using the list command:

    cxbagent

    _10
    opt/cxbagent/cxbagent list

    And expected output must be:

    tip

    List of database administrators on cxbagent catalog: 1 - HANA_HDB User: hdbadm Group: sapsys OrgUUID: XXXXXXXXXXXX-YYYY-YYYY-YYYY-XXXXXXXXXXXX Apikey: 012345678901234567890123456789 2 - HANA_HSC User: hscadm Group: sapsys OrgUUID: XXXXXXXXXXXX-YYYY-YYYY-YYYY-XXXXXXXXXXXX Apikey: 012345678901234567890123456789

    OrgUUID and Apikey can be obtained from CxLink Portal, in the Organizations section under Account settings:

Enable notifications from backint to agent

As Backint can run independently, notifications are disabled by default. But you can enable notifications from backint to agent by using the following command:

  • Enable using SAP HANA Administrator user:

    sidadm

    _10
    /opt/emory/emory cxbagent enable true

  • Enable using cxbagent user:

    cxbagent

    _10
    sudo -i -u sidadm -g sapsys /opt/emory/emory cxbagent enable true

Start Agent daemon

If this is the first time you are running the Agent on your system, you will need to configure the daemon. From root user account, reload daemon configuration, enable service and start it:

  1. Reload configuration


    _10
    systemctl daemon-reload

  2. Enable daemon to start after system reboot


    _10
    systemctl enable cxbagent.service

  3. Start Agent daemon


    _10
    systemctl start cxbagent.service

  4. Check daemon status


    _10
    systemctl status cxbagent.service

    info

    Agent listens on 127.0.0.1:42586 so database backint tool (backint) can talk to this agent. If you choose to change its address or port, this change has to be reflected on backint configuration.