Install Saprouter Linux
Introduction
The SAProuter is a software program developed and maintained by SAP that acts as an intermediate station (proxy) in a network connection between SAP Systems, or between SAP Systems and external networks. The SAProuter program controls access to your network (application level gateway), and, as such, is a useful enhancement to an existing firewall or port filter system.
Nov 23, 2016 Install and Configure SAPRouter in Linux; SGEN (SAP SYSTEM LOAD GENRATOR) in SAP; Reset sapsa Password of SAP Sybase ASE in linux; SAP sybase ASE Backup Configure on Linux; Restore SAP ASE Database instance on LINUX; Recent Comments. Laura on Transport Request Not getting created automatically; Archives. November 2016; February 2016; September 2015; July 2015; April 2014. Be sure to install SAProuter in a separate VM and not in your Jumpbox VM. The separate VM must have a static IP address. To connect your SAProuter to the SAProuter that is hosted by SAP, contact SAP for an IP address. (The SAProuter that is hosted by SAP is the counterpart of the SAProuter instance that you install on your VM.). Install SAProuter This section describes the necessary steps to download and install the SAP Cryptographic Library for use with SAProuter. The SAProuter must be started with the options described later in this section.
The software and executables referenced can be download from the SAP Support Portal by customers with a valid user account.
The following provides my recommended installation process for LINUX and includes, /etc/init.d scripts.
Installation Guide
2.1 Parameters:
The parameter $_SAPINST is a temporary variable for the installation and allows us to install multiple SAProuters on the one host. This is the same principle as SAP Systems ID and System Number combined in one identifier. For this example, we use 'R' for router followed by the SAP port number '99' i.e. 3299, hence our $_SAPINST is 'R99'. This variable will also be the home directory or SAProuter installation, '/usr/sap/R99/saprouter/'
2.2 User Account:
Create the <sapsid>adm user account and group that the SAProuter process will run under, provide the groupid <GID> and userid <UID> as required.
2.3 Software:
Ensure the SAPCAR executable is downloaded and available for use.
2.4 Direcorties:
Create the following direcorty structure for the SAP router installation.
2.5 Permission Tables:
The following just creates a sample 'saprouttab' file with all connections denied. The SAProuter needs this file to start, please amended as per your own requirements Route Permission Table.
2.6 Software:
Extract the SAP software for the SAProuter and SAP crypto library to the executable directory.
2.7 Start-up Scripts:
Download the init.d script z_sapr99_<os_type> from this repository.
Adjust the values for $SAPSYSTEMNAME, $SAPUSER, and $SAPPORT as required. If your SAP router is to be SNC enabled, please provide the Common Name within the parameter SAPSNCP i.e. SAPSNCP='CN=<Name>, OU=<Customer Number>, OU=SAProuter, O=SAP, C=DE'. To disable, leave the parameter as is.
Add and enable the script to execute on start-up.
2.8 Access:
Via sudo allow the <sapsid>adm rights to access the init.d script, edit the sudoers.d file as required.
Add the following content and save the file , modify if required to reflect the correct SAP System ID.
2.9 Environment:
Create the follow user environment for the SAP router <sapsid>adm account.
Copy in the following content and save the file, modify if required to reflect the correct SAP System ID.
2.10 Certificate (Optional):
If Secure Network Communications (SNC) is required, generate the required certificate. The common name is your own, if it is a SNC connection to SAP then it is the value issued by SAP. For more information of this visit the SAP support link below for Connectivity Tools SAP Router.
The following command imports the 'reponse.crt' file from a Certificate Authority, in this case SAP SE.
2.11 Commands:
As root, the SAP Router can be stopped via the init.d, systemctl commands i.e.
As <sapsid>adm, stopping and starting the SAP router can be done via the predefined alias's. i.e. stopsap. Updates to saprouttab can be activated via the reloadsap command.
Patching within Amazon Web Services
Our SAP systems running in Amazon Web Services (AWS), hence we synchronised the SAP router binaries off a AWS S3 resource. This allows for patching once and maintain a consistent version across all systems with next to zero effort. We appy this same principle to SAP Kernel, SAP Web Dispatcher, SAP Host Controller, SAP Diagnostics Agent etc. To enable this preform the following steps:
3.1 S3 Resource:
Within AWS create a S3 bucket, i.e. s3://software-sap/SAPROUTER_LINUX/exe and upload the extract files from saprouter_.SARand SAPCRYPTOLIBP_.SAR. In addtion to this upload the github script _aws.shand create a file name .upgrading.
In addition to to this ensure that the EC2 instance running the SAP router has the AWS Command Line Interface (CLI) installed.
3.1 IAM Policy:
Ensure that the EC2 instance running the SAP router can access the S3 bucket, example policy below.
Once done you should be able to list the bucket as follows.
3.1 Configuration:
Within the SAP router init.d script set the parameter SAPSYNC equal to 'On' and AWSREPO to the S3 resource create above.
Once done, stop and start the SAP router. The start process will see the current binaries delete then copied back via the '_aws.sh' script. This script also corrects and file permissions and preforms tidy-up operations on logs files etc, amend and expand upon as required.
Supporting Documentation
4.1 SAP Help:
Connectivity Tools SAP Router- https://support.sap.com/en/tools/connectivity-tools/saprouter.html
SAP Router- https://uacp2.hana.ondemand.com/viewer/e245703406684d8a81812f4c6334eb2f/7.51.0/en-US/487612ed5ca5055ee10000000a42189b.html
4.2 SUSE Linux:
SAProuter IntegrationSUSE Linux Enterprise Server for SAP Applications 12 SP2- https://www.suse.com/documentation/sles-for-sap-12/singlehtml/book_s4s/book_s4s.html#sec.s4s.configure.saprouter
@cdavis_nz
Some programs return immediately when launched from the command line, Firefox for example. Most utilities (and all the programs I've written) are tied to the shell that created them. If you control-c the command line, the program's dead.
What do you have to add to a program or a shell script to get the return-immediately behavior? I guess I'm asking two questions there, one for shell scripts and one for general, if they're different. I would be particularly interested to know if there's a way to get an executable jar to do it.
Sap Saprouter
I'm almost embarrassed to ask that one but I can't find the answer myself.
Thanks!
rogerdpack4 Answers
For an executable program (as opposed to a shell script), on Linux/Unix use fork() and exec() and then exit the parent process, which will return to the shell. For details see the man pages, or some page like http://www.yolinux.com/TUTORIALS/ForkExecProcesses.html.
on Windows,
on *nux
Saprouter Commands
Here substitute
On *nux the fg and bg commands are your friends as well ...
Hamish GrubijanInstall Saprouter Linux Version
Hamish GrubijanA wrapper script consisting of nothing but:
Will launch the target and exit immediately. You can add nohup to the beginning of that line so it will continue running if the shell is exited.
You need to basically need to fork a process or create a new thread (or pretend to)
in *nux you can do this with an & after the command like this /long/script & or in windows you can create a BATCH file that executes your processes then exits (it does this naturally).
NOTE: there's no particularly good way to reference this process after you're forked it, basically only ps for the process list. if you want to be able to see what the process is doing, check out using screen (another linux command) that will start a session for you and let you 're-attach' to the screen.
to do this, install screen (sudo apt-get install screen or yum install screen). then type screen to create a new session (note, it will look like you didn't do anything). then, run your /long/command (without the &), then press CTRL + A + D (at the same time) to detach from it (it's still running!). then, when you want to re-attach, type screen -r.
Additionally, look for flags in any help message that allow you do this without using the above options (for instance in synergy you can say synergy --background)