Friday, 1 March 2024

Clone SAP HANA Database Instance via Template based cloning

The cloning template essentially serves as a database backup, encompassing the schema and data of the clone while excluding its configuration details, such as the options chosen during provisioning. It's important to note that restoring a backup from a more recent SAP HANA version into an older version is not supported and results in an error.

Clone SAP HANA Database Instance via Template based cloning

Cloning templates are stored in a template container within HANA Data Lake Files, specifically in the Files service of the data lake. To create a cloning template, and to create an instance based on a template, your subaccount must therefore have a data lake Files service; note, however, only data lake Files is required — without the additional option of the data lake relational engine.

Prerequisites


  • You must have an SAP HANA Cloud, data lake Files instance running in your subaccount; note, however, only data lake Files is required - without the additional option of the data lake Relational Engine.
  • You must have access to your data lake Files instance using the following:
    • Client key
    • Client certificate
    • CA certificate
  • Copy Files REST API Endpoint ( You will find the REST API endpoint of the data lake Files instance in SAP HANA Cloud Central or copied it to your clipboard by clicking (More) )

Note : 

1. The template is essentially a database backup which includes the schema and data of the clone but not its configuration information, such as the options selected during provisioning. ( E.g.. Memory Allocation ).
2. Data lake Files is required you can only clone a simple HANA Cloud instance; instances where data lake Relational Engine is attached cannot be cloned. This is because the underlying technology of the two systems is different. In HANA Cloud central the menu option Create Template to Clone Instance is not visible for HANA Cloud instances with data lake Relational Engine.
3. There should be no other backup process running when you create the backup template; if, for example, the daily backup for the instance is running an error message is returned.

Setting Up Access to HANA Cloud data lake Files


Download OpenSSL 

HANA Data Lake Files oversees user security and access by utilizing certificates; thus, it is necessary to generate signed certificates for configuring user access. In the absence of access to a signing authority, you have the option to establish a Certificate Authority (CA) and generate a signed client certificate. Subsequently, you can update the HDL Files configuration following the outlined procedure.

◉ Generate the CA using the OpenSSL command

openssl genrsa -out ca.key 2048

◉ Create the CA's public certificate (Valid for 200 days)

openssl req -x509 -new -key ca.key -days 200 -out ca.crt​

◉ Create a signing request for the client certificate

openssl req -new -nodes -newkey rsa:2048 -out client.csr -keyout client.key

◉ Create the client certificate (Valid for 100 days)

openssl x509 -days 100 -req -in client.csr -CA ca.crt -CAkey ca.key -out client.crt

Note: Make sure the fields are not all exactly the same between the CA and client certs, otherwise it is assumed to be a self-signed cert and the cert validation below will fail.

◉ Verify the certificate was signed by a CA
 
openssl verify -CAfile ca.crt client.crt
 
You will need the above generated certificates and keys to configure the HANA Data Lake files.

Update the SAP HANA, Data Lake Trust Configuration


Go to SAP HANA Cloud Central and choose "Manage Configuration" for the HDL instance.

Clone SAP HANA Database Instance via Template based cloning

Click on "Data Lake Files"

Clone SAP HANA Database Instance via Template based cloning

Click on "Add" under Trusts configuration and hit on "Upload" file button and browse to the location where your ca. crt is located and upload that file and click on apply. The alias can be anything, but the certificate should be exactly what is in the generated ca.crt.

Clone SAP HANA Database Instance via Template based cloning

Clone SAP HANA Database Instance via Template based cloning

Click on "Add" under Authorizations and select the roles as "Admin" or "User" and then click on "Generate pattern" from the output of the following command. (exclude the "subject=" prefix)

openssl x509 -in client.crt -nameopt RFC2253 -subject -noout
 
Alternatively, you can use the "Generate Pattern" option and similarly upload the client. crt file after clicking on the "Upload" file option. It will automatically generate a pattern like above.

Clone SAP HANA Database Instance via Template based cloning

Click on "Review and Save".

Clone SAP HANA Database Instance via Template based cloning

Click "Save Changes" on the modal to confirm changes.

Clone SAP HANA Database Instance via Template based cloning

Check that a Connection can be Established from the HDLFSCLI


In this step we will verify the configurations that was done in the previous steps by running the below command. The < Instance ID> and < REST API Endpoint > can be copied by clicking on the ellipses in SAP HANA Cloud Central.

< PATH> is the path to the corresponding certificate. The following command lists out files in the root folder of the HDL files instance. Thus if the instance has no files, the command will not return anything.

hdlfscli -cert <PATH>\client.crt -key <PATH>\client.key -cacert <PATH>\ca.crt -k -s https://<REST API Endpoint> -filecontainer <Instance ID> ls
 
Now that we have all the necessary configurations done, we can go ahead and start with creating a cloning template.

Create a cloning template


On the All Instances page, select the SAP HANA database instance that you want to clone. Click D (More) Create Template to Clone Instance. This menu option is only visible for instances which do have the additional option of the data lake Relational Engine.

Clone SAP HANA Database Instance via Template based cloning

In the Create Template to Clone Instance wizard, choose a name for the template.

Note: Record the name of your template for later use when cloning an instance based on this template.

Enter the string for HDLFS REST Endpoint to be used for Template Storage. The content is validated — it is not necessary to add the hdlfs:// protocol. Upload the client key, client certificate, and CA certificate required to access the data lake Files instance where the template will be stored.

Create an encryption password for the template and click Create Template.

Clone SAP HANA Database Instance via Template based cloning

Create an SAP HANA database instance via cloning template


Go to SAP HANA Cloud Central. All Instances > Create Instance.

Clone SAP HANA Database Instance via Template based cloning

Choose (Cloned) SAP HANA Cloud, SAP HANA Database.

Clone SAP HANA Database Instance via Template based cloning

In the next step, add all the necessary details such as the instance name & description. Set the password for DBADMIN

Clone SAP HANA Database Instance via Template based cloning

Proceed through the provisioning wizard until you reach step 6: Cloning template.

Enter the name of the template that you created in the previous step and paste the REST API endpoint. Add the client key, client certificate, CA certificate and encryption password that was entered during creation of the template.

Clone SAP HANA Database Instance via Template based cloning

Click on "Review and Create".

You have created a cloning template that is stored in the specified data lake Files instance in your subaccount and have cloned an SAP HANA database instance using that template.

No comments:

Post a Comment