Skip to main content

Setup connectivity to Run (optional)

For Run to work with your SAP HANA database, there are additional steps required to get the latest backup jobs and results.

warning

This section is only required for Run. If you don't want to use Run, you can skip this section.

Create a database user for the agent

Follow these steps to create a database user for the Agent to use to launch backups and restores on your SAP HANA database and grant access to the agent:

  1. Create the CXBAGENT database user to be used by the Agent to launch backups and restores on your SAP HANA database.

    User

    User must be called CXBAGENT due to the way Agent is configured.

    • If you use HANA Studio, add the user to the SYSTEMDB database with the following privileges:

      • BACKUP ADMIN
      • BACKUP OPERATOR
      • CATALOG READ
      • DATABASE BACKUP OPERATOR
      • DATABASE RECOVERY OPERATOR

    • If you prefer to use the command line, you can use the following command to create the user:

      hdbsql

      _10
      CREATE USER PASSWORD <desired_password> NO FORCE_FIRST_PASSWORD_CHANGE;
      _10
      GRANT BACKUP ADMIN, DATABASE BACKUP ADMIN, DATABASE RECOVERY OPERATOR, CATALOG READ, INIFILE ADMIN, DATABASE START, DATABASE STOP, TRACE ADMIN, SERVICE ADMIN TO CXBAGENT;

  2. Add a database user key for the HANA OS user to avoid having to enter the password of the HANA OS user for each command.

    sidadm

    _10
    hdbuserstore SET CXBAGENT <hostname>:<port>@SYSTEMDB CXBAGENT <CXBAGENT_password>

    Where:

    • hostname is the hostname of HANA database
    • port_number is the port number of nameserver (ex: 30013 for a nr=00 system)
    • password is the password of previously created CXBAGENT user at database level

  3. Check if the user has been created properly:

    sidadm

    _10
    $ hdbuserstore list CXBAGENT

    If the user is not listed, check the password of the user and try again.

    SAP Note

    More information in SAP Note 2938937 - How to create and access a user key in the hdbuserstore (OSS required)

Grant sudo permissions to cxbagent

The Agent is installed on your system and operates under the cxbagent OS user. To enable this user to execute commands as the Database Administrator, it is necessary to grant specific permissions in the sudoers file. These permissions allow the cxbagent user to run commands with elevated privileges required for database operations.

This configuration must be performed using the root user. Follow these steps to update the sudoers file securely and ensure the Agent functions as intended:

  1. Log in as the root user.

  2. Edit the sudoers file by running:

    bash

    _10
    visudo -f /etc/sudoers.d/cxbagent

  3. Add the following lines to the sudoers file:

    /etc/sudoers.d/cxbagent

    _10
    Runas_Alias CXBAGENT_HANA_ADMIN_USR_1 = <hana_os_username>
    _10
    Host_Alias CXBAGENT_HANA_LOCALHOST_1 = <hostname>
    _10
    _10
    cxbagent CXBAGENT_HANA_LOCALHOST_1=(CXBAGENT_HANA_ADMIN_USR_1) NOPASSWD: /bin/sh -c id
    _10
    cxbagent CXBAGENT_HANA_LOCALHOST_1=(CXBAGENT_HANA_ADMIN_USR_1) NOPASSWD: /bin/sh -c echo $SAPSYSTEMNAME
    _10
    cxbagent CXBAGENT_HANA_LOCALHOST_1=(CXBAGENT_HANA_ADMIN_USR_1) NOPASSWD: /bin/sh -c /opt/emory/emory*
    _10
    cxbagent CXBAGENT_HANA_LOCALHOST_1=(CXBAGENT_HANA_ADMIN_USR_1) NOPASSWD: /bin/sh -c hdbsql -U CXBAGENT *

    warning

    Remember to replace the values in the Runas_Alias and Host_Alias lines with the appropriate values for your environment.

Check the sudo configuration

If you have followed the previous steps correctly, the following output should be displayed:

  • Check the sudoers file for the cxbagent OS user:

    cxbagent

    _10
    cxbagent@emoryhana1:~> sudo -l
    _10
    User cxbagent may run the following commands on emoryhana1:
    _10
    (ALL) ALL
    _10
    (hscadm) NOPASSWD: /bin/sh -c id
    _10
    (hscadm) NOPASSWD: /bin/sh -c echo $SAPSYSTEMNAME
    _10
    (hscadm) NOPASSWD: /bin/sh -c /opt/emory/emory*
    _10
    (hscadm) NOPASSWD: /bin/sh -c hdbsql -U CXBAGENT *

  • Check that the cxbagent OS user has the required permissions for the HANA database user:

    cxbagent

    _10
    cxbagent@emoryhana1:~> sudo -i -u sidadm -g sapsys hdbsql -U CXBAGENT "SELECT DATABASE_NAME,ACTIVE_STATUS FROM SYS.M_DATABASES"
    _10
    2 rows selected (overall time 1324.435 msec; server time 194 usec)

    warning

    Remember to replace sidadm with the name of the HANA OS user.

Add an agent to manage the database

  1. Using the cxbagent, add a new database to be managed by the agent by using the add command as user cxbagent:

    cxbagent

    _10
    /opt/cxbagent/cxbagent add <agent_name> <sidadm> <sapsys> <org_uuid> <apikey> [TAGS]

    Our recommendation is to name the agent after the database name for easy reference.

    Example

    /opt/cxbagent/cxbagent add HANA_HSC hscadm sapsys org_uuid_1 api_key Stage=Production,Team=Marketing

  2. You can display configured agents for your system by using the list command:

    cxbagent

    _10
    opt/cxbagent/cxbagent list

    And expected output must be:

    tip

    List of database administrators on cxbagent catalog: 1 - HANA_HDB User: hdbadm Group: sapsys OrgUUID: XXXXXXXXXXXX-YYYY-YYYY-YYYY-XXXXXXXXXXXX Apikey: 012345678901234567890123456789 2 - HANA_HSC User: hscadm Group: sapsys OrgUUID: XXXXXXXXXXXX-YYYY-YYYY-YYYY-XXXXXXXXXXXX Apikey: 012345678901234567890123456789

    OrgUUID and Apikey can be obtained from CxLink Portal, in the Organizations section under Account settings:

Enable notifications from backint to agent

As Backint can run independently, notifications are disabled by default. But you can enable notifications from backint to agent by using the following command:

  • Enable using SAP HANA Administrator user:

    sidadm

    _10
    /opt/emory/emory cxbagent enable true

  • Enable using cxbagent user:

    cxbagent

    _10
    sudo -i -u sidadm -g sapsys /opt/emory/emory cxbagent enable true

Start Agent daemon

If this is the first time you are running the Agent on your system, you will need to configure the daemon. From root user account, reload daemon configuration, enable service and start it:

  1. Reload configuration


    _10
    systemctl daemon-reload

  2. Enable daemon to start after system reboot


    _10
    systemctl enable cxbagent.service

  3. Start Agent daemon


    _10
    systemctl start cxbagent.service

  4. Check daemon status


    _10
    systemctl status cxbagent.service

    info

    Agent listens on 127.0.0.1:42586 so database backint tool (backint) can talk to this agent. If you choose to change its address or port, this change has to be reflected on backint configuration.