Install and Configure the Emory Agent

Installation and Configuration #

This section will guide through all the installation and configuration process of an Emory Agent.

Table of Contents #

Before Continue
If you haven’t already, please make sure you meet all the prerequisites.

1. Installation #

Follow these guidelines to install the Emory agent:

  1. Download the Installation Package from the Resources Section in https://console.linkeit.com

  2. Install or Update your existing package

    • Install the package using RPM native tools

      cd <package_directory>
      rpm -ivh emory-1.0-latest.x86_64.rpm
      

      Alternativelly, if your server has internet access, you can directly install it from the repository by executing the following commands as root user.

      rpm -ivh https://s3-eu-west-1.amazonaws.com/repo.linkeit.com/emory/emory-1.0-latest.x86_64.rpm
      
    1. Update the package using RPM native tools

      cd <package_directory>
      rpm -Uvh emory-1.0-latest.x86_64.rpm
      

      Alternativelly, if your server has internet access, you can directly update it from the repository by executing the following commands as root user.

      rpm -Uvh https://s3-eu-west-1.amazonaws.com/repo.linkeit.com/emory/emory-1.0-latest.x86_64.rpm
      
    2. Check that the package has been properly installed

      rpm -qa | grep emory
      

      Output will show the installed version of the product:

      emory-1.0-2011.11.x86_64
      

2. Configuration #

The emory settings wizard is a configuration tool provided within the agent package that will guide you through all steps needed to prepare Emory to work with your AWS Account resources.

2.1 Interactive Mode #

To launch it, please execute emory --settings

? Emory Cloud Backup:  [Use arrows to move, type to filter]
> Storage Providers profiles
  Data storage providers for backups & restores
  Specific Database configuration for Oracle database
  License Software
  Logging settings
  Linke Backups Dashboard
  Backups Lifecycle
  Debug traces
  Exit

During the process you will need to specify the following resources list:

Storage Providers profiles

In this section you will be able to define the access to remote storage destination as well as its properties. We will use this providers profiles to store o retrieve our backups. Steps to add new profile:

  • Enter provider profile name
? Select action to perfom:  Add
? Enter provider profile name:  development
  • Select provider type
? Select provider type:   [Use arrows to move, type to filter]
> Amazon Web Services
  Microsoft Azure
  • Use AWS Profile Enter AWS Cli profile name if you want to use it. Leave it empty if you want to use EC2 Instance Role attached to the EC2 Instance
  • Use AssumeRole Enter Assume Role ARN if you want to access to other account resources
  • Select storage location of the Amazon S3 Bucket where your backups will be stored
  • Select Bucket where your backups will be stored
  • Choose encryption type
    • AES256 (default) (KMS-managed customer master key (CMK) of your AWS Account. Name: aws/s3)
    • aws:kms (AWS Key Management Service) Custom symmetrical CMK stored in KMS.
    • None. To not encrypting your backups, or to accept the default S3 Encryption option.
  • Choose storage class for the backups Emory supports the following S3 storage classes:
    • S3 Standard [Standard]
    • S3 Standard-IA [Standard_IA]
    • S3 One Zone-IA [OneZone_IA]
    • S3 Reduced Redundancy[Reduced_Redundancy]
    • S3 Intelligent-Tiering[Intelligent_Tiering]
  • Tag S3 Objects with backup information will append some tags to yout S3 objects
  • S3 Downloader/Uploader MemoryBuffer - multipart_chunksize *
  • S3 Downloader/Uploader Concurrency - max_concurrent_requests *

*S3 Configuration Settings

  • Azure Account Name Azure Storage account name
  • Azure Account Key Azure Storeage Access Key. This key will be encrypted at rest
  • Azure Container Name Azure Storeage Container Name

Data storage providers for backups & restores

In this section we will define in which provider profile to use to store or retrieve the backups.

  • Provider profile to store backups Select specific provider profile to uploads backups to.
  • [DR scenarios] Provider profile to restore backups Select specific provider profile to retrieve backups from. If not defined will use the defined profile in the Provider profile to store backups option
  • [System Copy] Provider profile to restore backups from diferent SID System Copy method Hana Specific option. Useful to perform system copies from other HANA system. If not defined will use the defined profile in the Provider profile to store backups option

Specific Database configuration for database

  • Backup Paralellism Number of files/objects that will upload/downlaod in paralell. This setting will have impact on IO and CPU resources
  • Compression Level Compresion level to be used on dump actions. Allowed values
    • 0 : No Compression
    • 1 : Best Speed, worst compression level
    • 2
    • 3
    • 4
    • 5
    • 6 : [Default compression]
    • 7
    • 8
    • 9 : Best Compression, slowest
    • -1 : Default compression
    • -2 : HuffmanOnly
HuffmanOnly disables Lempel-Ziv match searching and only performs Huffman entropy encoding. This mode is useful in compressing data that has already been compressed with an LZ style algorithm (e.g. Snappy or LZ4) that lacks an entropy encoder. Compression gains are achieved when certain bytes in the input stream occur more frequently than others. Note that HuffmanOnly produces a compressed output that is RFC 1951 compliant. That is, any valid DEFLATE decompressor will continue to be able to decompress this output.
When using compression settings on dump configurations, as compression is CPU intensive process, we should not use more stripes than the number of vCPU that our server has.
  • Sybase IO Block Size Size of IO Block that Backup server will use on backup process
Linke Backups Dashboard

  • Send Backup status information to LinkeIT Dashboard?

You can send your backups actions to Linke Console for a user friendly view of all yout backups landscape

  • Send Logs status information to LinkeIT Dashboard?

You can send your logs backups actions to Linke Console for a user friendly view of all yout backups landscape

2.2 Unattended mode #

Still working on it

2.3 Verify Emory configuration #

Confirm specific database information depending on the engine you are using Emory on.

  • HANA Information

    Emory will try to automatically identify the HANA instance number and SID by using the environment variables SAPSYSTEMNAME, TINSTANCE and DIR_INSTANCE set in the enviroment variables. Confirm that the values detected are correct or set the environment variables to the proper values.

  • Symbolic link (automatically created)

    As a SAP requirement, during the installation of a 3rd party backup tool, a symbolic link pointing from /usr/sap/<SID>/SYS/global/hdb/opt/hdbbackint to the location of the executable must be created.

    Emory executable is located in /opt/emory/emory

    After the configuration is done, ensure that the proper link has been created in your server by executing the following command.

    ls -ls /usr/sap/<SID>/SYS/global/hdb/opt/hdbbackint
    

    the output should be similiar to

    # ls -ls /usr/sap/HDB/SYS/global/hdb/opt/hdbbackint
    0 lrwxrwxrwx 1 hdbadm sapsys 16 Nov  2 12:40 /usr/sap/HDB/SYS/global/hdb/opt/hdbbackint -> /opt/emory/emory
    
  • Symbolic link (automatically created) As a SAP requirement, during the installation of a 3rd party backup tool, a symbolic link pointing from /oracle/<SID>/<VERSION>/bin/backint to the location of the executable must be created.

    Emory executable is located in /opt/emory/emory

    After the configuration is done, ensure that the proper link has been created in your server by executing the following command.

    ls -ls /oracle/<SID>/<version>/bin/backint
    

    the output should be similiar to

    # ls -ls /oracle/LNK/19/bin/backint
    0 lrwxrwxrwx 1 oracle oinstall 16 May  6  2020 /oracle/LNK/19/bin/backint -> /opt/emory/emory
    
  • Symbolic link (automatically created)

    The SAP ASE database expects the backup agent library (libemory.so) to be in /$SYBASE/$SYBASE_ASE/lib

    As the Emory agent library is located in /opt/emory/lib/libemory.so, a symbolic link will be created during the configuration. This symbolic link points from /$SYBASE/$SYBASE_ASE/lib to the actual location of the backup agent library.

Troubleshoot. If emory-settings fails to create the symbolic link, create it manually by executing the following command as sidadm.

ln -sf /opt/emory/lib/libemory.so $SYBASE/$SYBASE_ASE/lib/libemory.so

3. Emory files #

file description
/opt/emory/emory Emory executable
/opt/emory/conf/<SID>.id License file
/opt/emory/conf/<SID>.trace Enable trace on logging if file exists
/var/log/<SID>.log Logging file for emory/backup actions
/var/log/<SID>-settings.log Logging file for emory settings
/usr/sap/$SAPSYSTEMNAME/SYS/global/hdb/opt/hdbbackint Soft link to /opt/emory/emory
/hana/shared/$SAPSYSTEMNAME/global/hdb/opt/conf/emory.cfg Emory configuration file
/hana/shared/$SAPSYSTEMNAME/global/hdb/opt/log/emory.log Emory logginf file for Multi Host environment
/hana/shared/$SAPSYSTEMNAME/global/hdb/opt/emory.db Emory catalog file
file description
/opt/emory/emory Emory executable
/opt/emory/conf/<SID>.id License file
/opt/emory/conf/<SID>.trace Enable trace on logging if file exists
/var/log/<SID>.log Logging file for emory/backup actions
/var/log/<SID>-settings.log Logging file for emory-settings
/oracle/$ORACLE_SID/sapprof/init$ORACLE_SID.utl Emory configuration file
file description
/opt/emory/emory Emory executable
/var/log/<SID>.log Logging file for emory
/var/log/<SID>-settings.log Logging file for emory-settings
/opt/emory/conf/<SID>.id License file
/opt/emory/conf/<SID>.trace Enable trace on logging if file exists
/var/log/<SID>.log Logging file for emory/backup actions
/var/log/<SID>-settings.log Logging file for emory-settings
$SYBASE/$SYBASE_ASE/emory.db Emory catalog file
$SYBASE/$SYBASE_ASE/emory.cfg Emory configuration file

4. Configure AWS CLI profile #

You can use AWS CLI profile credentials to access your AWS resources

  1. Create AWS User with programmatic access
  2. Attach the required IAM Policies to this user
  3. Create AWS Profile using database administrator OS user
$  aws configure --profile emory
AWS Access Key ID [None]: AKIAXXXXXXXXXXXXXXXX
AWS Secret Access Key [None]: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Default region name [None]: eu-west-1
Default output format [None]:

5. Oracle Backups from DBA Cockpit or BR*Tools with SAP admin user #

This section only applies if you have specified to user AWS CLI profiles to define Storage Provider Profiles

Operations launched from SAP DBACockpit or BR*Tools using <sid>adm user accesses the brbackup, brarchive,… programs via SETUID mechanism. Due to this, we have to grant access to AWS resources to <sid>adm user and grant oracle database user access to its AWS credentials file

  1. Copy/Create the same AWS CLI credentials for <sid>adm user
  2. Get brbackup/brrestore/brarchive/brspace/brrecover file group, for the example below: oinstall
/sapmnt/<SID>/exe/uc/linuxx86_64$ ls -lrta br*
-rwxr-xr-x. 1 lnkadm sapsys    7562263 Nov 13  2019 brtools
-rwsrwsr--. 1 oracle oinstall 13636907 Nov 13  2019 brconnect
-rwsrwsr--. 1 oracle oinstall 11365786 Nov 13  2019 brbackup
-rwsrwsr--. 1 oracle oinstall 11276292 Nov 13  2019 brarchive
-rwsrwsr--. 1 oracle oinstall  6840519 Nov 13  2019 brrestore
-rwsrwsr--. 1 oracle oinstall 11885299 Nov 13  2019 brrecover
-rwsrwsr--. 1 oracle oinstall 14229383 Nov 13  2019 brspace
  1. Change the group of .aws/credentials file and grant read access to file for group oinstall (change to your correct group name)
$ chgrp oinstall .aws/credentials
$ chmod g+r .aws/credentials
$ ls -lrta .aws/*
-rw-r----- 1 lnkadm oinstall 114 Nov 14 07:39 .aws/credentials
-rw------- 1 lnkadm sapsys    35 Nov 14 07:39 .aws/config

6. HANA Python versioning #

HANA Uses Python version 2.x, AWS CLI driver uses Python3. If you try to launch aws configure process you will get the following problem:

Traceback (most recent call last):
  File "/usr/bin/aws", line 19, in <module>
    import awscli.clidriver
ImportError: No module named awscli.clidriver

To be able to configure credentials, we have to unset temporarily version 2 envs and enable version 3 envs for Python:

$ unset PYTHONHOME
$ unset PYTHONPATH
$ unset PYTHONSTARTUP
$ export PATH=/usr/bin/python3:$PATH
$ aws  configure --profile emory
AWS Access Key ID [None]: AKIAXXXXXXXXXXXXXXXX
AWS Secret Access Key [None]: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Default region name [None]: eu-west-1
Default output format [None]: