Ansible for SAP: Automate SAP HANA and S/4HANA Deployment Complete Guide
By Luca Berton · Published 2024-01-01 · Category: installation
Complete guide to Ansible for SAP automation. Automate SAP HANA installation, S/4HANA deployment, system copy, kernel patching, and infrastructure.
SAP environments are notoriously complex — HANA databases, application servers, shared filesystems, kernel patches, system copies, and strict change management. Ansible automates all of it through dedicated SAP collections. Here's how to automate SAP infrastructure from bare metal to running S/4HANA.
Why Automate SAP with Ansible
Manual SAP deployments take days. Ansible reduces this to hours: • SAP HANA installation — automated from OS preparation to database start • S/4HANA deployment — application server setup with consistent configuration • System copy/refresh — dev/test environment cloning from production • Kernel patching — rolling updates without unplanned downtime • Infrastructure provisioning — cloud VMs with SAP-certified sizing • Compliance — enforce security baselines across all SAP hosts
See also: A Preview of Ansible Journey in 2024
Collections for SAP
# Community SAP collections
ansible-galaxy collection install community.sap_install
ansible-galaxy collection install community.sap_operations
ansible-galaxy collection install community.sap_libs
# Red Hat certified collection (requires AAP subscription)
ansible-galaxy collection install redhat.sap_install
| Collection | Purpose |
|-----------|---------|
| community.sap_install | SAP HANA, NetWeaver, S/4HANA installation |
| community.sap_operations | Day-2 operations (start, stop, backup, monitoring) |
| community.sap_libs | SAP modules and utilities |
OS Preparation for SAP
RHEL Configuration for SAP HANA
---
- name: Prepare RHEL for SAP HANA
hosts: sap_hana
become: true
vars:
sap_hana_sid: HDB
sap_hana_instance_number: "00"
tasks:
- name: Apply SAP RHEL system role
ansible.builtin.include_role:
name: redhat.rhel_system_roles.sap_general_preconfigure
- name: Apply HANA-specific preconfiguration
ansible.builtin.include_role:
name: redhat.rhel_system_roles.sap_hana_preconfigure
- name: Configure kernel parameters
ansible.posix.sysctl:
name: "{{ item.key }}"
value: "{{ item.value }}"
sysctl_set: true
state: present
reload: true
loop:
- { key: 'vm.swappiness', value: '10' }
- { key: 'net.ipv4.tcp_slow_start_after_idle', value: '0' }
- { key: 'net.ipv4.tcp_timestamps', value: '1' }
- { key: 'net.core.somaxconn', value: '4096' }
- { key: 'vm.max_map_count', value: '2147483647' }
- name: Configure transparent hugepages (disable for HANA)
ansible.builtin.shell: |
echo never > /sys/kernel/mm/transparent_hugepage/enabled
echo never > /sys/kernel/mm/transparent_hugepage/defrag
changed_when: false
- name: Set THP in GRUB
ansible.builtin.lineinfile:
path: /etc/default/grub
regexp: '^GRUB_CMDLINE_LINUX='
line: 'GRUB_CMDLINE_LINUX="transparent_hugepage=never"'
backup: true
notify: rebuild grub
- name: Install SAP dependencies
ansible.builtin.dnf:
name:
- compat-sap-c++-14
- tuned-profiles-sap-hana
- resource-agents-sap-hana
- libtool-ltdl
- numactl
- nfs-utils
state: present
- name: Enable SAP HANA tuned profile
ansible.builtin.command: tuned-adm profile sap-hana
changed_when: true
- name: Configure SAP user limits
ansible.builtin.template:
src: sap-limits.conf.j2
dest: /etc/security/limits.d/99-sap.conf
mode: '0644'
- name: Create SAP filesystems
community.general.lvol:
vg: "{{ item.vg }}"
lv: "{{ item.lv }}"
size: "{{ item.size }}"
loop:
- { vg: vg_hana, lv: lv_data, size: 512g }
- { vg: vg_hana, lv: lv_log, size: 128g }
- { vg: vg_hana, lv: lv_shared, size: 256g }
- name: Mount SAP filesystems
ansible.posix.mount:
path: "{{ item.path }}"
src: "{{ item.src }}"
fstype: xfs
opts: "{{ item.opts }}"
state: mounted
loop:
- { path: '/hana/data', src: '/dev/vg_hana/lv_data', opts: 'noatime,nodiratime' }
- { path: '/hana/log', src: '/dev/vg_hana/lv_log', opts: 'noatime,nodiratime' }
- { path: '/hana/shared', src: '/dev/vg_hana/lv_shared', opts: 'defaults' }
handlers:
- name: rebuild grub
ansible.builtin.command: grub2-mkconfig -o /boot/grub2/grub.cfg
See also: AI-Assisted Inventory Generation in AAP 2.6 — Developer Preview
SAP HANA Installation
---
- name: Install SAP HANA
hosts: sap_hana
become: true
vars:
sap_hana_sid: HDB
sap_hana_instance_number: "00"
sap_hana_install_software_directory: /hana/shared/install
sap_hana_master_password: "{{ vault_hana_password }}"
tasks:
- name: Install SAP HANA
ansible.builtin.include_role:
name: community.sap_install.sap_hana_install
vars:
sap_hana_install_sid: "{{ sap_hana_sid }}"
sap_hana_install_instance_nr: "{{ sap_hana_instance_number }}"
sap_hana_install_master_password: "{{ sap_hana_master_password }}"
sap_hana_install_software_path: "{{ sap_hana_install_software_directory }}"
sap_hana_install_use_hdb_pwd_file: true
- name: Verify HANA is running
ansible.builtin.command: >
su - {{ sap_hana_sid | lower }}adm -c
"HDB info"
register: hdb_info
changed_when: false
- name: Show HANA status
ansible.builtin.debug:
msg: "{{ hdb_info.stdout_lines }}"
SAP Application Server (NetWeaver/S/4HANA)
---
- name: Install SAP NetWeaver Application Server
hosts: sap_app
become: true
vars:
sap_swpm_sid: S4H
sap_swpm_instance_number: "01"
sap_swpm_db_host: hana01.example.com
sap_swpm_db_sid: HDB
tasks:
- name: Prepare OS for NetWeaver
ansible.builtin.include_role:
name: redhat.rhel_system_roles.sap_netweaver_preconfigure
- name: Install SAP using SWPM
ansible.builtin.include_role:
name: community.sap_install.sap_swpm
vars:
sap_swpm_product_catalog_id: "NW_ABAP_OneHost:S4HANA2023.CORE.HDB.ABAP"
sap_swpm_software_path: /sapmnt/install
sap_swpm_sapcar_path: /sapmnt/install/SAPCAR
sap_swpm_swpm_path: /sapmnt/install/SWPM
sap_swpm_master_password: "{{ vault_sap_password }}"
sap_swpm_db_schema_abap: SAPHANADB
sap_swpm_fqdn: "{{ ansible_fqdn }}"
See also: How to Use the AAP 2.6 Automation Dashboard to Measure ROI
Day-2 Operations
Start/Stop SAP Systems
---
- name: SAP system operations
hosts: sap_all
become: true
tasks:
- name: Stop SAP application
community.sap_operations.sap_system:
sid: S4H
instance_number: "01"
state: stopped
username: s4hadm
when: sap_action == 'stop'
- name: Start SAP application
community.sap_operations.sap_system:
sid: S4H
instance_number: "01"
state: started
username: s4hadm
when: sap_action == 'start'
- name: Stop HANA database
ansible.builtin.command: >
su - hdbadm -c "HDB stop"
when: sap_action == 'stop_db'
- name: Start HANA database
ansible.builtin.command: >
su - hdbadm -c "HDB start"
when: sap_action == 'start_db'
HANA Backup
- name: HANA backup
hosts: sap_hana
become: true
become_user: hdbadm
vars:
sap_hana_sid: HDB
backup_prefix: "FULL_{{ ansible_date_time.date }}"
tasks:
- name: Run HANA full backup
ansible.builtin.shell: |
/usr/sap/{{ sap_hana_sid }}/HDB00/exe/hdbsql \
-i 00 -u SYSTEM -p "{{ vault_hana_system_password }}" \
"BACKUP DATA USING FILE ('{{ backup_prefix }}')"
register: backup_result
no_log: true
- name: Verify backup
ansible.builtin.shell: |
/usr/sap/{{ sap_hana_sid }}/HDB00/exe/hdbsql \
-i 00 -u SYSTEM -p "{{ vault_hana_system_password }}" \
"SELECT * FROM M_BACKUP_CATALOG WHERE ENTRY_TYPE_NAME = 'complete data backup' ORDER BY UTC_START_TIME DESC LIMIT 1"
register: backup_verify
no_log: true
changed_when: false
- name: Show backup status
ansible.builtin.debug:
msg: "Backup completed: {{ backup_prefix }}"
SAP Kernel Patching
---
- name: SAP kernel patch
hosts: sap_app
become: true
serial: 1 # One server at a time for rolling update
vars:
sap_sid: S4H
kernel_archive: /sapmnt/patches/SAPEXE_100-80007612.SAR
tasks:
- name: Stop SAP instance
ansible.builtin.command: >
su - {{ sap_sid | lower }}adm -c "sapcontrol -nr 01 -function Stop"
register: stop_result
- name: Wait for SAP to stop
ansible.builtin.command: >
su - {{ sap_sid | lower }}adm -c "sapcontrol -nr 01 -function WaitforStopped 300 10"
- name: Backup current kernel
ansible.builtin.archive:
path: /sapmnt/{{ sap_sid }}/exe/uc/
dest: "/tmp/kernel_backup_{{ ansible_date_time.date }}.tar.gz"
- name: Extract new kernel
ansible.builtin.command: >
/usr/sap/{{ sap_sid }}/SYS/exe/uc/linuxx86_64/SAPCAR
-xf {{ kernel_archive }}
-R /sapmnt/{{ sap_sid }}/exe/uc/linuxx86_64/
- name: Start SAP instance
ansible.builtin.command: >
su - {{ sap_sid | lower }}adm -c "sapcontrol -nr 01 -function Start"
- name: Wait for SAP to start
ansible.builtin.command: >
su - {{ sap_sid | lower }}adm -c "sapcontrol -nr 01 -function WaitforStarted 600 10"
- name: Verify SAP is running
ansible.builtin.command: >
su - {{ sap_sid | lower }}adm -c "sapcontrol -nr 01 -function GetProcessList"
register: process_list
changed_when: false
- name: Show process status
ansible.builtin.debug:
msg: "{{ process_list.stdout_lines }}"
Cloud Infrastructure for SAP
AWS SAP-Certified Instances
- name: Provision SAP HANA on AWS
hosts: localhost
connection: local
tasks:
- name: Create HANA instance
amazon.aws.ec2_instance:
name: sap-hana-prod
instance_type: x2idn.16xlarge # SAP certified for HANA
image_id: "{{ sap_ami }}" # RHEL for SAP
subnet_id: "{{ subnet_id }}"
security_group: "{{ sap_sg }}"
key_name: sap-deploy
volumes:
- device_name: /dev/sda1
ebs:
volume_size: 100
volume_type: gp3
- device_name: /dev/xvdf
ebs:
volume_size: 512 # /hana/data
volume_type: io2
iops: 10000
- device_name: /dev/xvdg
ebs:
volume_size: 128 # /hana/log
volume_type: io2
iops: 10000
tags:
Application: SAP
Component: HANA
Environment: production
wait: trueAzure SAP-Certified VMs
- name: Provision SAP on Azure
hosts: localhost
connection: local
tasks:
- name: Create HANA VM
azure.azcollection.azure_rm_virtualmachine:
resource_group: sap-production-rg
name: sap-hana-prod
vm_size: Standard_M128s # SAP certified for HANA
admin_username: sapadmin
ssh_password_enabled: false
ssh_public_keys:
- path: /home/sapadmin/.ssh/authorized_keys
key_data: "{{ lookup('file', '~/.ssh/sap_key.pub') }}"
image:
offer: RHEL-SAP-HA
publisher: RedHat
sku: 8_8
version: latest
managed_disk_type: Premium_LRS
os_disk_size_gb: 128
data_disks:
- lun: 0
disk_size_gb: 512
managed_disk_type: UltraSSD_LRS
- lun: 1
disk_size_gb: 128
managed_disk_type: UltraSSD_LRS
tags:
Application: SAP
Component: HANASAP System Monitoring
---
- name: SAP health check
hosts: sap_all
become: true
tasks:
- name: Check HANA status
ansible.builtin.command: >
su - hdbadm -c "sapcontrol -nr 00 -function GetProcessList"
register: hana_status
changed_when: false
failed_when: "'GREEN' not in hana_status.stdout"
when: "'sap_hana' in group_names"
- name: Check SAP application status
ansible.builtin.command: >
su - s4hadm -c "sapcontrol -nr 01 -function GetProcessList"
register: app_status
changed_when: false
failed_when: "'GREEN' not in app_status.stdout"
when: "'sap_app' in group_names"
- name: Check HANA disk usage
ansible.builtin.command: df -h /hana/data /hana/log /hana/shared
register: disk_usage
changed_when: false
- name: Alert on high disk usage
ansible.builtin.debug:
msg: "WARNING: Disk usage above 85% on {{ inventory_hostname }}"
when: disk_usage.stdout is search('[89][0-9]%|100%')
FAQ
Which Ansible collection should I use for SAP?
Start with community.sap_install for HANA and NetWeaver installation. Use community.sap_operations for day-2 operations. If you have Red Hat Ansible Automation Platform, the redhat.sap_install collection includes certified, supported roles.
Can Ansible handle SAP high availability clusters?
Yes. The community.sap_install collection includes roles for HANA System Replication (HSR) and Pacemaker cluster configuration. Combined with RHEL HA system roles, you can automate the full HA stack.
How long does an automated SAP HANA installation take?
Typically 2-4 hours for OS preparation + HANA installation (versus 1-2 days manually). The real savings come from consistency — every system is configured identically.
Is it safe to automate SAP kernel patching?
Yes, with serial: 1 for rolling updates and proper health checks between instances. Always backup the kernel directory before patching, and verify the SAP instance starts correctly before moving to the next server.
What about SAP system copies?
Ansible can automate the entire system copy workflow: stop target system, restore HANA backup, run post-copy scripts, adjust hostnames/SIDs, and start the target system. This is one of the highest-ROI automation targets for SAP teams.
Conclusion
Ansible brings consistency and speed to SAP environments. Start with OS preparation and HANA installation automation — these are the highest-value, lowest-risk targets. Then expand to day-2 operations (backup, patching, monitoring) and system copies. The community.sap_install collection handles the heavy lifting; your playbooks define the what, the roles handle the how.
Related Articles
• Ansible Cloud Automation: AWS, Azure, GCP • Ansible Performance Tuning • Ansible Vault Deep Dive • Ansible for Linux System Administration • Ansible for Financial Services • Ansible for Healthcare: HIPAA ComplianceCategory: installation