Skip to content

Terraform Modules include various subcomponents for SAP on Infrastructure Platforms

License

Notifications You must be signed in to change notification settings

sap-linuxlab/terraform.modules_for_sap

Repository files navigation

Terraform Modules for SAP

Terraform Validate Tests SAP Software Availability Tests

Terraform Modules for SAP are a subcomponent designed to be used from the Terraform Templates for SAP, but can be executed individually.

These custom Terraform Modules for SAP enable different solution scenarios of SAP software installations, and are used where there is siginificant repeated code, such as bootstraping a new Cloud Account with a new Resource Group, VPC and Subnets - i.e. a 'Minimal Landing Zone'.

Every Terraform Template (e.g. /sap_hana_single_node_install/aws_ec2_instance):

  • will reference Terraform Modules for SAP infrastructure platforms (e.g. /aws_ec2_instance/host_provision)
  • will reference Terraform Modules for SAP solution scenarios (e.g. /all/ansible_sap_s4hana_install_maintplan)

It is possible to create your own Terraform Templates and re-use other Terraform Modules from the Terraform Registry, although these combinations are not tested; for example:

  • Terraform Module for the Cloud Service Provider's defined landing zone patterns (e.g. Azure Cloud Adoption Framework (CAF))
  • Terraform Module for SAP Host provision to a specified Infrastructure Platform (e.g. /msazure_vm/host_provision subdirectory)
  • any of the Terraform Modules for SAP installations using Ansible (e.g. /all/ansible_sap_s4hana_install_maintplan subdirectory)

For more information which explains Terraform Modules, please see:

Parity across all Terraform Modules for SAP

Each Cloud and Hypervisor are not designed the same, each will have different interpretations and implementation of computing concepts.

Additionally, the implementations change over time - whether this is "Previous Generation" environments from a Cloud Service Provider, or a "Major.Minor" version update from a Hypervisor vendor.

Therefore it is not possible to match precisely the same functionality when bootstrapping and installing SAP software. For this reason the bootstrap of an environment is kept separate from existing resources.

In addition, dependant upon the additional configuration and policies within an existing configured environment - these Terraform Modules for SAP may not work at all and may require custom changes to fit the bespoke environment.

For further information, please see below for the Infrastructure provisioning parity comparison table.

N.B. Contributions to these Terraform Modules need to retain as much parity across each infrastructure platform.

Execution time

Please note, for all SAP software installations the execution time will vary based on multiple factors:

  • Infrastructure provision time
  • Installation media downloads time from SAP.com
  • Storage volume used for downloads and database backup files (default is lowest cost / slowest speed when using Cloud IaaS)

Execution permissions

All detailed execution permissions are listed in the documentation for the Terraform Modules of each Infrastructure Platform. See the next section.


List of Terraform Modules for SAP

The below table lists the Terraform Modules for SAP, and any detailed documentation:

Terraform Modules for SAP Link
TF Modules for Infrastructure Platforms -
 Amazon Web Services Elastic Compute Cloud (EC2) Virtual Server
 Google Cloud Platform Compute Engine (CE) Virtual Machine N/A
 IBM Cloud Virtual Servers N/A
 IBM Cloud, IBM Power Virtual Servers
 IBM Power Virtualization Center N/A
 Microsoft Azure Virtual Machine N/A
oVirt KVM Virtual Machine N/A
 VMware vSphere Virtual Machine /vmware_vm/host_provision
 Generic documentation
TF Modules as wrapper to Ansible for SAP solution scenarios -
  SAP BW/4HANA single-node /all/ansible_sap_bw4hana_install
  SAP ECC on SAP HANA single-node /all/ansible_sap_ecc_hana_install
  SAP ECC on SAP HANA single-node System Copy
  (Homogeneous with SAP HANA Backup / Recovery)
/all/ansible_sap_ecc_hana_system_copy_hdb
  SAP ECC on IBM Db2 single-node /all/ansible_sap_ecc_ibmdb2_install
  SAP ECC on Oracle DB single-node /all/ansible_sap_ecc_oracledb_install
  SAP ECC on SAP ASE single-node /all/ansible_sap_ecc_sapase_install
  SAP ECC on SAP MaxDB single-node /all/ansible_sap_ecc_sapmaxdb_install
  SAP HANA 2.0 single-node /all/ansible_sap_hana_install
  SAP NetWeaver AS (ABAP) with SAP HANA single-node /all/ansible_sap_nwas_abap_hana_install
  SAP NetWeaver AS (ABAP) with IBM Db2 single-node /all/ansible_sap_nwas_abap_ibmdb2_install
  SAP NetWeaver AS (ABAP) with Oracle DB single-node /all/ansible_sap_nwas_abap_oracledb_install
  SAP NetWeaver AS (ABAP) with SAP ASE single-node /all/ansible_sap_nwas_abap_sapase_install
  SAP NetWeaver AS (ABAP) with SAP MaxDB single-node /all/ansible_sap_nwas_abap_sapmaxdb_install
  SAP NetWeaver AS (JAVA) with IBM Db2 single-node /all/ansible_sap_nwas_java_ibmdb2_install
  SAP NetWeaver AS (JAVA) with SAP ASE single-node /all/ansible_sap_nwas_java_sapase_install
  SAP S/4HANA single-node /all/ansible_sap_s4hana_install
  SAP S/4HANA single-node,
  using SAP Maintenance Planner Stack XML
  (to run SUM and SPAM / SAINT)
/all/ansible_sap_s4hana_install_maintplan
  SAP S/4HANA single-node System Copy
  (Homogeneous with SAP HANA Backup / Recovery)
/all/ansible_sap_s4hana_system_copy_hdb
  SAP S/4HANA Distributed Install,
  using SAP Maintenance Planner Stack XML
  (to run SUM and SPAM / SAINT)
/all/ansible_sap_s4hana_distributed_install_maintplan
  SAP Solution Manager (ABAP/JAVA) with SAP ASE single-node /all/ansible_sap_solman_sapase_install
  SAP Solution Manager (ABAP/JAVA) with SAP HANA single-node /all/ansible_sap_solman_saphana_install

Infrastructure provisioning parity comparison

Infrastructure Platform Amazon Web Services (AWS) Google Cloud Microsoft Azure IBM Cloud IBM Cloud IBM PowerVC VMware vSphere
  Product EC2 Virtual Server VM VM Virtual Server IBM Power Virtual Server LPAR VM
  Compute
  Type
Virtual Machine
(Type 1)
Virtual Machine
(Type 1)
Virtual Machine
(Type 1)
Virtual Machine
(Type 1)
Virtual Machine
(Type 1)
Virtual Machine
(Type 1)
Virtual Machine
(Type 1)
  Compute
  Hypervisor
KVM KVM HyperV KVM IBM PowerVM
(PHYP LE)
IBM PowerVM
(PHYP LE)
VMware vSphere


Account Init
Create Resource Group, or re-use existing Resource Group 🚫 🚫 N/A N/A
Create VPC/VNet, or re-use existing VPC/VNet N/A N/A
Create Subnet, or re-use existing Subnet N/A N/A
Create Many-to-One NAT Gateway (Public Internet access for hosts) N/A N/A

Account Bootstrap
(aka. minimal landing zone)
Create Private DNS N/A N/A
Create Network Interconnectivity hub (e.g. Transit Gateway) 🚫 🚫 N/A N/A
Create Network Security for Subnet/s (e.g. ACL, NSG) N/A N/A
Create Network Security for Host/s (e.g. Security Groups) 🚫 N/A N/A
Create TLS key pair for SSH (using RSA algorithm)
Import public key to Cloud platform 🚫 N/A N/A

Account IAM
Create IAM Access Group/s and contained Policies for SAP 'Basis' Administrators ❌ WIP ❌ WIP ❌ WIP ⚠️ WIP ❌ WIP N/A N/A

Bastion Injection
Find OS Image N/A N/A
Create Subnet for Bastion (using small CIDR prefix) N/A N/A
Create Network Security for Host/s connection from Bastion (e.g. Security Groups) N/A N/A
Create Network Security for Bastion (e.g. Security Groups) N/A N/A
Create Public IP address for Bastion N/A N/A
Create Bastion host N/A N/A
Build scripts for Bastion host:
- Create OS User for bastion access
- Amend SSH Authorized Keys of OS User for bastion access
- Activate firewalld
- Change SSH Port to within IANA Dynamic Ports range
- Update SELinux of port change
- Deny root login from Public IP
N/A N/A

Host Network Access for SAP
Append Network Security rules for SAP (e.g. Security Group Rules)
- SAP NetWeaver AS (ABAP)
- SAP NetWeaver AS (JAVA)
- SAP HANA
- SAP HANA XSA
- SAP Web Dispatcher
N/A N/A

Host NFS
Provision ⚠️ N/A N/A

Proxy interconnect provision for increased security hosts
Find OS Image N/A N/A N/A N/A N/A N/A
Create Proxy host N/A N/A N/A N/A N/A N/A
Create DNS Records (i.e. A, CNAME, PTR) N/A N/A N/A N/A N/A N/A
Build scripts for Bastion host:
- Setup BIND/named for DNS Proxy
- Setup Squid for Web Forward Proxy
- Setup Nginx for Web Reverse Proxy
N/A N/A N/A N/A N/A N/A

Host Provision
Find OS Image with SAP-relevant OS Package Repositories
clone from Stock OS Image
Create DNS Records (i.e. A, CNAME, PTR) N/A N/A
Create Storage Volumes (defined storage profile with IOPS/GB, or custom IOPS) ⚠️
no custom IOPS
Create Host/s
Attach Storage Volumes to Host/s
Build scripts for Host:
- Enable root login
- Set hostname
- Set DNS in resolv.conf
- Disks and Filesystem setup (LVM with XFS and striping, or Physical with XFS)
Build scripts for increased security Hosts:
- Set DNS Proxy in resolv.conf
- Set Web Proxy for non-interactive login shell
N/A N/A N/A N/A
Build scripts for BYOL OS:
- Enable OS Subscription with BYOL, setup OS Package Repositories
N/A N/A N/A N/A

Key:

  • Ready and Tested
  • ⚠️ Pending work
  • Not available yet
  • 🚫 Capability not provided by vendor (or construct concept does not exist)

About

Terraform Modules include various subcomponents for SAP on Infrastructure Platforms

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages