Summary Prerequisites and limitations Architecture Tools Epics Related resources

Install SAP systems automatically by using open-source tools

Created by Guilherme Sesterheim (AWS)

Code repository: Main repository	Environment: Production	Technologies: DevOps
Workload: SAP	AWS services: Amazon EC2; Amazon S3

Summary

This pattern shows how to automate SAP systems installation by using open-source tools to create the following resources:

An SAP S/4HANA 1909 database
An SAP ABAP Central Services (ASCS) instance
An SAP Primary Application Server (PAS) instance

HashiCorp Terraform creates the SAP system’s infrastructure and Ansible configures the operating system (OS) and installs SAP applications. Jenkins runs the installation.

This setup turns SAP systems installation into a repeatable process, which can help increase deployment efficiency and quality.

Note: The example code provided in this pattern works for both high-availability (HA) systems and non-HA systems.

Prerequisites and limitations

Prerequisites

An active AWS account
An Amazon Simple Storage Service (Amazon S3) bucket that contains all of your SAP media files
An AWS Identity and Access Management (IAM) principal with an access key and secret key, and that has the following permissions:
- Read only permissions: Amazon Route 53, AWS Key Management Service (AWS KMS)
- Read and write permissions: Amazon S3, Amazon Elastic Compute Cloud (Amazon EC2), Amazon Elastic File System (Amazon EFS), IAM, Amazon CloudWatch, Amazon DynamoDB
A Route 53 private hosted zone
A subscription to the Red Hat Enterprise Linux for SAP with HA and Update Services 8.2 Amazon Machine Image (AMI) in Amazon Marketplace
An AWS KMS customer managed key
A Secure Shell (SSH) key pair
An Amazon EC2 security group that allows SSH connection on port 22 from the hostname where you install Jenkins (the hostname is most likely localhost)
Vagrant by HashiCorp installed and configured
VirtualBox by Oracle installed and configured
Familiarity with Git, Terraform, Ansible, and Jenkins

Limitations

Only SAP S/4HANA 1909 is fully tested for this specific scenario. The example Ansible code in this pattern requires modification if you use another version of SAP HANA.
The example procedure in this pattern works for Mac OS and Linux operating systems. Some of the commands can be run only in Unix-based terminals. However, you can achieve a similar result by using different commands and a Windows OS.

Product versions

SAP S/4HANA 1909
Red Hat Enterprise Linux (RHEL) 8.2 or higher versions

Architecture

The following diagram shows an example workflow that uses open-source tools to automate SAP systems installation in an AWS account:

Example workflow uses open-source tools to automate SAP systems installation in an AWS account.

The diagram shows the following workflow:

Jenkins orchestrates running the SAP system installation by running Terraform and Ansible code.
Terraform code builds the SAP system’s infrastructure.
Ansible code configures the OS and installs SAP applications.
An SAP S/4HANA 1909 database, an ASCS instance, and PAS instance that include all defined prerequisites are installed on an Amazon EC2 instance.

Note: The example setup in this pattern automatically creates an Amazon S3 bucket in your AWS account to store the Terraform state file.

Technology stack

Terraform
Ansible
Jenkins
An SAP S/4HANA 1909 database
An SAP ASCS instance
An SAP PAS instance
Amazon EC2

Tools

AWS services

Amazon Elastic Compute Cloud (Amazon EC2) provides scalable computing capacity in the AWS Cloud. You can launch as many virtual servers as you need, and quickly scale them up or down.
AWS Identity and Access Management (IAM) helps you securely manage access to your AWS resources by controlling who is authenticated and authorized to use them.
AWS Key Management Service (AWS KMS) helps you create and control cryptographic keys to protect your data.
Amazon Virtual Private Cloud (Amazon VPC) helps you launch AWS resources into a virtual network that you’ve defined. This virtual network resembles a traditional network that you’d operate in your own data center, with the benefits of using the scalable infrastructure of AWS.

Other tools

HashiCorp Terraform is a command-line interface application that helps you use code to provision and manage cloud infrastructure and resources.
Ansible is an open-source configuration as code (CaC) tool that helps automate applications, configurations, and IT infrastructure.
Jenkins is an open-source automation server that enables developers to build, test, and deploy their software.

Code

The code for this pattern is available in the GitHub aws-install-sap-with-jenkins-ansible repository.

Epics

Task	Description	Skills required
Add your SAP media files to an Amazon S3 bucket.	Create an Amazon S3 bucket that contains all of your SAP media files. Important: Make sure that you follow the AWS Launch Wizard’s folder hierarchy for S/4HANA in the Launch Wizard documentation.	Cloud administrator
Install VirtualBox.	Install and configure VirtualBox by Oracle.	DevOps engineer
Install Vagrant.	Install and configure Vagrant by HashiCorp.	DevOps engineer
Configure your AWS account.	Verify that you have an IAM principal with an access key and secret key, and that has the following permissions: Read only permissions: Amazon Route 53, AWS Key Management Service (AWS KMS) Read and write permissions: Amazon S3, Amazon Elastic Compute Cloud (Amazon EC2), Amazon Elastic File System (Amazon EFS), IAM, Amazon CloudWatch, Amazon DynamoDB Save the IAM principal's access key and secret key for reference later. Create a Route 53 private hosted zone, if you don’t have one already. Save the zone name (for example, sapteam.net) for reference later. Subscribe to the Red Hat Enterprise Linux for SAP with HA and Update Services 8.2 AMI in Amazon Marketplace. Save the AMI ID (for example, ami-0000000) for reference later. Create an AWS KMS customer managed key. Save the KMS key’s Amazon Resource Name (ARN) for reference later. Note: The following is an example AWS KMS customer managed key ARN: arn:aws:kms:us-east-1:123412341234:key/uuid Create an SSH key pair. Save the key pair’s name and .pem file for reference later. Create an Amazon EC2 security group that allows SSH connection on port 22 from the hostname where you install Jenkins. Save the security group ID for reference later. Note: The hostname is most likely localhost.	General AWS

Task	Description	Skills required
Clone the code repository from GitHub.	Clone the aws-install-sap-with-jenkins-ansible repository on GitHub.	DevOps engineer
Start the Jenkins service.	Open the Linux terminal. Then, navigate to the local folder that contains the cloned code repository folder and run the following command: `sudo vagrant up` Note: The Jenkins startup takes about 20 minutes. The command returns a Service is up and running message when successful.	DevOps engineer
Open Jenkins in a web browser and log in.	In a web browser, enter http://localhost:5555. Jenkins opens. Log in to Jenkins by using admin for the username and my_secret_pass_from_vault for the password.	DevOps engineer
Configure your SAP system installation parameters.	In Jenkins, choose Manage Jenkins. Then, choose Manage Credentials. A list of credential variables that you can configure appears. Configure all of the following credential variables: For AWS_ACCOUNT_CREDENTIALS, enter your IAM principal's access key ID and secret access key ID. For AMI_ID, enter the Red Hat Enterprise Linux for SAP with HA and Update Services 8.2 AMI’s AMI ID. For KMS_KEY_ARN, enter your AWS KMS customer managed key’s ARN. For SSH_KEYPAIR_NAME, enter the name of your SSH key pair, without entering the .pem file type. For SSH_KEYPAIR_FILE, enter the full name of your key pair’s .pem file (for example, mykeypair.pem). Make sure that you also upload the key pairs’ .pem file to Jenkins. For S3_ROOT_FOLDER_INSTALL_FILES, enter the name of the Amazon S3 bucket—and folder, if applicable—(for example, s3://my-media-bucket/S4H1909) that contains your SAP media files. For PRIVATE_DNS_ZONE_NAME, enter the name of your Route 53 private hosted zone (for example, myprivatecompanyurl.net). For VPC_ID, enter the VPC ID (for example, vpc-12345) of the Amazon VPC that you’re creating the SAP resources in. For SUBNET_IDS, enter two public subnet IDs if you’re working in a test environment (for future HA capabilities). If you’re working in a production environment, it’s a best practice to use two private subnets with a bastion host. For SECURITY_GROUP_ID, enter the ID of the Amazon EC2 security group that allows SSH connection on port 22 from the hostname where you installed Jenkins. Note: You can configure the other nonrequired parameters as needed, based on your use case. For example, you can change the SAP system ID (SID) of the instances, default password, names, and tags for your SAP system. All of the required variables have (Required) at the beginning of their names.	AWS systems administrator, DevOps engineer
Run you SAP system installation.	In Jenkins, choose Jenkins Home. Then, choose SAP Hana+ASCS+PAS 3 Instances. Choose Spin up and install. Then, choose Main. Choose Build now. For information on the pipeline steps, see the Understanding the pipeline steps section of Automating SAP installation with open-source tools on the AWS Blog. Note: If an error occurs, move your cursor over the red error box that appears and choose Logs. The logs for the pipeline step that errored out appear. Most errors occur because of incorrect parameter settings.	DevOps engineer, AWS systems administrator

Related resources

DevOps for SAP – SAP Installation: From 2 Months to 2 Hours (DevOps Enterprise Summit Video Library)

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Automate AWS resource assessment

Automate Service Catalog portfolio and product deployment using AWS CDK