This article describes a test to deploy an instance of SAP HANA Express Edition in a container on Red at Enterprise Linux (RHEL) using the Podman tool. SAP HANA Express Edition is a streamlined version of the SAP HANA platform and can be used for application development and prototyping of custom applications.

SAP supports SAP HANA Express Edition in containers - see this SAP KB article for details. SAP Labs provides a docker image for  SAP HANA Express at Docker Hub: .


  1. Provision RHEL Host
  2. Install Container tools
  3. Set “sysctl.conf” parameters
  4. Create password file for SAP HANA Express
  5. Pull docker image
  6. Run container
  7. Test SAP HANA Express

1: Provision the RHEL Host

In this example we used a RHEL Image provisioned in AWS with the following specification:

  • RHEL 9.1  (m2.2xlarge)
  • 34.2 GiB RAM
  • 4 x vCPUs
  • Storage: root disk = 10 GB; second disk = 250 GB for filesystem “/containerstorage”

2: Install Container Tools

[root@ip-172-31-8-96]# yum install container-tools


Change default location of containers to “/containerstorage”  (for background see this blog) .

[root@ip-172-31-8-96 containers]# pwd
[root@ip-172-31-8-96 containers]# cp storage.conf storage.conf.ORIG
[root@ip-172-31-8-96 containers]# vi storage.conf
[root@ip-172-31-8-96 containers]# diff storage.conf storage.conf.ORIG
< graphroot = "/containerstorage"
> graphroot = "/var/lib/containers/storage"
[root@ip-172-31-8-96 containers]#


Set environment variable TMPDIR so pulled docker images do not fill up /var/tmp in root filesystem (for background see this Red Hat KB article)

[root@ip-172-31-8-96 ~]# export TMPDIR='/containerstorage/tmp'


Set SELinix to permissive.

[root@ip-172-31-8-96 ~]# setenforce 0


3 Set “sysctl.conf” Parameters

[root@ip-172-31-8-96]# more /etc/sysctl.conf
# sysctl settings are defined through files in

# For more information, see sysctl.conf(5) and sysctl.d(5).
net.ipv4.ip_local_port_range=60000 65535
[root@ip-172-31-8-96]# sysctl -p
fs.file-max = 20000000
fs.aio-max-nr = 262144
vm.memory_failure_early_kill = 1
vm.max_map_count = 135217728
net.ipv4.ip_local_port_range = 60000 65535
[root@ip-172-31-8-96 hxe]#


4: Create password file for SAP HANA Express

mkdir -p /data/hxe
chown 12000:79 /data/hxe
[root@ip-172-31-8-96 hxe]# vi /data/hxe/hxepasswd.json
[root@ip-172-31-8-96 hxe]# more *
"master_password" : "HXEHana1"
chmod 600 /data/hxe/hxepasswd.json
chown 12000:79 /data/hxe/hxepasswd.json
[root@ip-172-31-8-96 hxe]# ls -l
total 4
-rw-------. 1 12000 79 35 Feb  9 20:26 hxepasswd.json


5: Pull Docker Image

Login to Docker Hub ( )

[root@ip-172-31-8-96 ~]# podman login
Username: <username>
Password:  <password>
Login Succeeded!
[root@ip-172-31-8-96 ~]


Pull down the docker image.

[root@ip-172-31-8-96 containers]# podman pull saplabs/hanaexpress:
Trying to pull
Getting image source signatures
Copying blob 0b1212f566e8 skipped: already exists
Copying blob f631eb8a0078 skipped: already exists
Copying blob 62aa9a741295 skipped: already exists
Copying blob e796f44db488 done
Copying blob 8e7d076cd7f0 skipped: already exists
Copying blob d04f82e55126 skipped: already exists
Copying config b91f20b164 done
Writing manifest to image destination
Storing signatures
Check the downloaded docker image.
[root@ip-172-31-8-96 containers]# podman images
REPOSITORY                            TAG                         IMAGE ID          CREATED           SIZE  b91f20b164a0  8 months ago  4.4 GB
[root@ip-172-31-8-96 containers]#


6: Run the container

[root@ip-172-31-8-96 hxe]# podman run -p 39013:39013 -p 39017:39017 -p 39041-39045:39041-39045 -p 1128-1129:1128-1129 -p 59013-59014:59013-59014 -v /data/hxe:/hana/mounts --ulimit nofile=1048576:1048576 --sysctl kernel.shmmax=1073741824 --sysctl net.ipv4.ip_local_port_range='40000 60999' --sysctl kernel.shmmni=4096 --sysctl kernel.shmall=8388608 --name hxecont --passwords-url file:///hana/mounts/hxepasswd.json --agree-to-sap-license
======== Starting HANA container run script ========
Started at: Thu Feb  9 20:40:04 UTC 2023
Script parameters: --passwords-url file:///hana/mounts/hxepasswd.json --agree-to-sap-license
HANA version:
Linux kernel version: 4.18
New host: '13b8532788ec'
Setting HANAs host name to '13b8532788ec' ...
Checking allowed mountpoints ...
Checking system requirements ...
Checking /proc/sys prerequisites and limits...
SAP HANA Lifecycle Management - HdbContainer 2.6.70
Checking container...
Checking system requirements...
Checking linux settings...
SAP HANA instance executed.
Log file written to '/var/tmp/HdbContainer_check_container_2023-02-09_20.40.05.log' on host '13b8532788ec'.
Log files copied to '/hana/mounts/trace/13b8532788ec' on host '13b8532788ec'.
Check succeeded: /proc/sys prerequisites and limits
Checking syscalls ...
  WARNING: Operation not permitted: move_pages
  ok: mbind
Check failed: syscalls
Please add permissions for the named operations by whitelisting them in a seccomp profile.
You can get a matching profile by calling 'docker run --rm <hana_image> --print seccomp.json > seccomp.json' and apply it to the container start via 'docker run --security-opt seccomp=seccomp.json ...'.
Checking mount consistency ...
Checking content structure version ...
Checking version compatibility ...
Start type: initial
Entering pre start phase ...
Downloading password file from file:///hana/mounts/hxepasswd.json (parameters: --max-time 30 --insecure) ...
% Total        % Received % Xferd  Average Speed   Time        Time         Time  Current
                                   Dload  Upload   Total   Spent        Left  Speed
100        35  100        35        0         0  35000          0 --:--:-- --:--:-- --:--:-- 35000
Deleting local password file: /hana/mounts/hxepasswd.json
Creating consistency check files ...
Extracting initial content to /hana/shared/HXE/HDB90/13b8532788ec
tar: Removing leading `/' from member names
< not all of the output is shown >
/usr/sap/HXE/HDB90/HDB info
hxeadm           1564         1529   0.0          41424           3264  \_ ps fx -U hxeadm -o user:8,pid:8,ppid:8,pcpu:5,vsz:10,rss:10,args
Entering post start phase ...
Creating tenant database ...
0 rows affected (overall time 72.342746 sec; server time 72.341416 sec)
HDB info after tenant database creation ...
USER              PID         PPID  %CPU            VSZ            RSS COMMAND
hxeadm              1            0   0.0          21064           4020 /bin/bash /run_hana --passwords-url file:///hana/mounts/hxepasswd.json --agree-to-sap-license
hxeadm            959            1   0.2         380824          48280 hdbdaemon
hxeadm            965          959  98.4        4099736        2426716  \_ hdbnameserver
hxeadm           1440          959   0.4         728852         169072  \_ hdbcompileserver
hxeadm           1441          959   0.4         812092         192120  \_ hdbpreprocessor
hxeadm           1473          959   4.5        1731012         623564  \_ hdbwebdispatcher
hxeadm           1600          959   107        3345392        1994736  \_ hdbindexserver -port 39040
hxeadm           1030            1   0.0         497156          35912 hdbrsutil  --start --port 39001 --volume 1 --volumesuffix mnt00001/hdb00001 --identifier 1675975290
hxeadm           1647            1   0.0         497228          38204 hdbrsutil  --start --port 39040 --volume 2 --volumesuffix mnt00001/hdb00002.00003 --identifier 1675975345
hxeadm           1757            1   0.0          20152           3088 /bin/sh /usr/sap/HXE/HDB90/HDB info
hxeadm           1792         1757   0.0          41424           3388  \_ ps fx -U hxeadm -o user:8,pid:8,ppid:8,pcpu:5,vsz:10,rss:10,args
Processing hooks in folder /hana/hooks/post_start ...
Hook candidates:
  /hana/hooks/post_start/hxe_scripts (ignored, not an executable regular file)
Executing hook /hana/hooks/post_start/201_hxe_optimize ...
  Optimizing HDB server...
  Start "HXE" tenant database. This may take a while...
  Enable debugger in workbench...
  Enable statistics server...
  Enable diserver server...
  Do garbage collection...
  Collect garbage on "hdbnameserver"...
  Shrink resource container memory on "hdbnameserver"...
  Collect garbage on "hdbindexserver"...
  Shrink resource container memory on "hdbindexserver"...
  Collect garbage on "hdbcompileserver"...
  Shrink resource container memory on "hdbcompileserver"...
  Collect garbage on "hdbpreprocessor"...
  Shrink resource container memory on "hdbpreprocessor"...
  Collect garbage on "hdbdiserver"...
  Shrink resource container memory on "hdbdiserver"...
  Reclaim data volume on hdbnameserver...
  Reclaim data volume on hdbindexserver...
  Release free log segments on hdbnameserver...
  Release free log segments on hdbindexserver...
  HDB is successfully optimized.
Finished execution of hook /hana/hooks/post_start/201_hxe_optimize (exit code 0)
Executing hook /hana/hooks/post_start/203_set_hxe_info ...
Finished execution of hook /hana/hooks/post_start/203_set_hxe_info (exit code 0)
Finished execution of hooks in folder /hana/hooks/post_start
Finished post start sequence
Duration of start operations ...
       (Pre start) Hook /hana/hooks/pre_start/010_license_agreement: 0s
       (Pre start) Hook /hana/hooks/pre_start/110_clean_hdbdaemon_status: 0s
       (Pre start) Hook /hana/hooks/pre_start/120_clean_pid_files: 0s
       (Pre start) Hook /hana/hooks/pre_start/130_update_clean_wdisp: 0s
       (Pre start) Hook /hana/hooks/pre_start/310_init_ssfs: 60s
       (Pre start) Hook /hana/hooks/pre_start/320_config_cert: 0s
       (Pre start) Hook /hana/hooks/pre_start/330_custom_afls: 0s
       (Pre start) Prep persistence: 20s
       Pre start: 81s
       HANA startup: 34s
       (Post start) Tenant creation: 73s
       (Post start) License import: 0s
       (Post start) Hook /hana/hooks/post_start/201_hxe_optimize: 10s
       (Post start) Hook /hana/hooks/post_start/203_set_hxe_info: 0s
       Post start: 87s
       Overall: 203s
Ready at: Thu Feb  9 20:43:27 UTC 2023
Startup finished!


7: Test SAP HANA Express

Open a new ssh session.

Check the container is running.

[root@ip-172-31-8-96 ~]# podman ps -a
CONTAINER ID  IMAGE                                                         COMMAND                       CREATED            STATUS                              PORTS                                                                                                                                                                     NAMES
13b8532788ec  --passwords-url f...  4 minutes ago  Up 4 minutes ago (healthy)>1128-1129/tcp,>39013/tcp,>39017/tcp,>39041-39045/tcp,>59013-59014/tcp  hxecont


Connect into the container

[root@ip-172-31-8-96 containers]# podman exec -it hxecont bash



Log into SAP HANA Express and run a query.

hxeadm@hxehost:/usr/sap/HXE/HDB90> hdbsql
Welcome to the SAP HANA Database interactive terminal.

Type:  \h for help with commands              
         \q to quit                            
hdbsql=> \c -i 90 -d HXE -u system -p HXEHana1
Connected to HXE@localhost:39013
13 rows selected (overall time 6545 usec; server time 298 usec)
hdbsql HXE=>



SAP HANA Express is available for free for application development and prototyping and productive use for up to 32 GB of RAM. SAP supports SAP HANA Express Edition in containers and has supplied an SAP HANA Express docker image to Docker Hub. In this blog we tested pulling down the docker image onto a RHEL 9.1 host and running SAP HANA Express in a container using the Podman tool.

In the next blog we will demonstrate deploying the SAP Hana Express docker on Red Hat OpenShift Service on AWS (ROSA) .


How-tos, RHEL, partners, workloads

< Back to the blog