Containerizing SAP HANA Express on Red Hat Enterprise Linux

Introduction

This article describes a test to deploy an instance of SAP HANA Express Edition in a container on Red at Enterprise Linux (RHEL) using the Podman tool. SAP HANA Express Edition is a streamlined version of the SAP HANA platform and can be used for application development and prototyping of custom applications.

SAP supports SAP HANA Express Edition in containers - see this SAP KB article for details. SAP Labs provides a docker image for  SAP HANA Express at Docker Hub: https://hub.docker.com/r/saplabs/hanaexpress .

Walkthrough

1. Provision RHEL Host
2. Install Container tools
3. Set “sysctl.conf” parameters
4. Create password file for SAP HANA Express
5. Pull docker image
6. Run container
7. Test SAP HANA Express

1: Provision the RHEL Host

In this example we used a RHEL Image provisioned in AWS with the following specification:

• RHEL 9.1  (m2.2xlarge)
• 34.2 GiB RAM
• 4 x vCPUs
• Storage: root disk = 10 GB; second disk = 250 GB for filesystem “/containerstorage”

2: Install Container Tools

[root@ip-172-31-8-96]# yum install container-tools

Change default location of containers to “/containerstorage”  (for background see this blog) .

[root@ip-172-31-8-96 containers]# pwd
/etc/containers
[root@ip-172-31-8-96 containers]# cp storage.conf storage.conf.ORIG
[root@ip-172-31-8-96 containers]# vi storage.conf
[root@ip-172-31-8-96 containers]# diff storage.conf storage.conf.ORIG
28c28
< graphroot = "/containerstorage"
---
> graphroot = "/var/lib/containers/storage"
[root@ip-172-31-8-96 containers]#

Set environment variable TMPDIR so pulled docker images do not fill up /var/tmp in root filesystem (for background see this Red Hat KB article)

[root@ip-172-31-8-96 ~]# export TMPDIR='/containerstorage/tmp'

Set SELinix to permissive.

[root@ip-172-31-8-96 ~]# setenforce 0

3 Set “sysctl.conf” Parameters

[root@ip-172-31-8-96]# more /etc/sysctl.conf
# sysctl settings are defined through files in
…

#
# For more information, see sysctl.conf(5) and sysctl.d(5).
fs.file-max=20000000
fs.aio-max-nr=262144
vm.memory_failure_early_kill=1
vm.max_map_count=135217728
net.ipv4.ip_local_port_range=60000 65535
[root@ip-172-31-8-96]# sysctl -p
fs.file-max = 20000000
fs.aio-max-nr = 262144
vm.memory_failure_early_kill = 1
vm.max_map_count = 135217728
net.ipv4.ip_local_port_range = 60000 65535
[root@ip-172-31-8-96 hxe]#

4: Create password file for SAP HANA Express

mkdir -p /data/hxe
chown 12000:79 /data/hxe
[root@ip-172-31-8-96 hxe]# vi /data/hxe/hxepasswd.json
[root@ip-172-31-8-96 hxe]# more *
{
"master_password" : "HXEHana1"
}
chmod 600 /data/hxe/hxepasswd.json
chown 12000:79 /data/hxe/hxepasswd.json
[root@ip-172-31-8-96 hxe]# ls -l
total 4
-rw-------. 1 12000 79 35 Feb  9 20:26 hxepasswd.json

5: Pull Docker Image

Login to Docker Hub (https://hub.docker.com/ )

[root@ip-172-31-8-96 ~]# podman login docker.io/store/saplabs
Username: <username>
Password:  <password>
Login Succeeded!
[root@ip-172-31-8-96 ~]

Pull down the docker image.

[root@ip-172-31-8-96 containers]# podman pull saplabs/hanaexpress:2.00.061.00.20220519.1
✔ docker.io/saplabs/hanaexpress:2.00.061.00.20220519.1
Trying to pull docker.io/saplabs/hanaexpress:2.00.061.00.20220519.1...
Getting image source signatures
Copying blob 0b1212f566e8 skipped: already exists  
Copying blob f631eb8a0078 skipped: already exists  
Copying blob 62aa9a741295 skipped: already exists  
Copying blob e796f44db488 done  
Copying blob 8e7d076cd7f0 skipped: already exists  
Copying blob d04f82e55126 skipped: already exists  
Copying config b91f20b164 done  
Writing manifest to image destination
Storing signatures
b91f20b164a02dc8f02d8621df7020e44869540b487483b248fc6785b85ac2c2
Check the downloaded docker image.
[root@ip-172-31-8-96 containers]# podman images
REPOSITORY                            TAG                         IMAGE ID          CREATED           SIZE
docker.io/saplabs/hanaexpress         2.00.061.00.20220519.1  b91f20b164a0  8 months ago  4.4 GB
[root@ip-172-31-8-96 containers]#

6: Run the container

[root@ip-172-31-8-96 hxe]# podman run -p 39013:39013 -p 39017:39017 -p 39041-39045:39041-39045 -p 1128-1129:1128-1129 -p 59013-59014:59013-59014 -v /data/hxe:/hana/mounts --ulimit nofile=1048576:1048576 --sysctl kernel.shmmax=1073741824 --sysctl net.ipv4.ip_local_port_range='40000 60999' --sysctl kernel.shmmni=4096 --sysctl kernel.shmall=8388608 --name hxecont docker.io/saplabs/hanaexpress:2.00.061.00.20220519.1 --passwords-url file:///hana/mounts/hxepasswd.json --agree-to-sap-license
======== Starting HANA container run script ========
Started at: Thu Feb  9 20:40:04 UTC 2023
Script parameters: --passwords-url file:///hana/mounts/hxepasswd.json --agree-to-sap-license
HANA version: 2.00.061.00.1644229038
Linux kernel version: 4.18
New host: '13b8532788ec'
Setting HANAs host name to '13b8532788ec' ...
Checking allowed mountpoints ...
Checking system requirements ...
Checking /proc/sys prerequisites and limits...
SAP HANA Lifecycle Management - HdbContainer 2.6.70
***************************************************
Checking container...
Checking system requirements...
Checking linux settings...
SAP HANA instance executed.
Log file written to '/var/tmp/HdbContainer_check_container_2023-02-09_20.40.05.log' on host '13b8532788ec'.
Log files copied to '/hana/mounts/trace/13b8532788ec' on host '13b8532788ec'.
Check succeeded: /proc/sys prerequisites and limits
Checking syscalls ...
    WARNING: Operation not permitted: move_pages
    ok: mbind
Check failed: syscalls
Please add permissions for the named operations by whitelisting them in a seccomp profile.
You can get a matching profile by calling 'docker run --rm <hana_image> --print seccomp.json > seccomp.json' and apply it to the container start via 'docker run --security-opt seccomp=seccomp.json ...'.
Checking mount consistency ...
Checking content structure version ...
Checking version compatibility ...
Start type: initial
Entering pre start phase ...
Downloading password file from file:///hana/mounts/hxepasswd.json (parameters: --max-time 30 --insecure) ...
  % Total        % Received % Xferd  Average Speed   Time        Time         Time  Current
                                     Dload  Upload   Total   Spent        Left  Speed
100        35  100        35        0         0  35000          0 --:--:-- --:--:-- --:--:-- 35000
Deleting local password file: /hana/mounts/hxepasswd.json
Creating consistency check files ...
Extracting initial content to /hana/shared/HXE/HDB90/13b8532788ec
tar: Removing leading `/' from member names
/hana/shared/HXE/HDB90/localhost/lock/
/hana/shared/HXE/HDB90/localhost/work/
…..
…..
…..
< not all of the output is shown >
…..
…..
/usr/sap/HXE/HDB90/HDB info
hxeadm           1564         1529   0.0          41424           3264  \_ ps fx -U hxeadm -o user:8,pid:8,ppid:8,pcpu:5,vsz:10,rss:10,args
Entering post start phase ...
Creating tenant database ...
0 rows affected (overall time 72.342746 sec; server time 72.341416 sec)
HDB info after tenant database creation ...
USER              PID         PPID  %CPU            VSZ            RSS COMMAND
hxeadm              1            0   0.0          21064           4020 /bin/bash /run_hana --passwords-url file:///hana/mounts/hxepasswd.json --agree-to-sap-license
hxeadm            959            1   0.2         380824          48280 hdbdaemon
hxeadm            965          959  98.4        4099736        2426716  \_ hdbnameserver
hxeadm           1440          959   0.4         728852         169072  \_ hdbcompileserver
hxeadm           1441          959   0.4         812092         192120  \_ hdbpreprocessor
hxeadm           1473          959   4.5        1731012         623564  \_ hdbwebdispatcher
hxeadm           1600          959   107        3345392        1994736  \_ hdbindexserver -port 39040
hxeadm           1030            1   0.0         497156          35912 hdbrsutil  --start --port 39001 --volume 1 --volumesuffix mnt00001/hdb00001 --identifier 1675975290
hxeadm           1647            1   0.0         497228          38204 hdbrsutil  --start --port 39040 --volume 2 --volumesuffix mnt00001/hdb00002.00003 --identifier 1675975345
hxeadm           1757            1   0.0          20152           3088 /bin/sh /usr/sap/HXE/HDB90/HDB info
hxeadm           1792         1757   0.0          41424           3388  \_ ps fx -U hxeadm -o user:8,pid:8,ppid:8,pcpu:5,vsz:10,rss:10,args
Processing hooks in folder /hana/hooks/post_start ...
Hook candidates:
    /hana/hooks/post_start/201_hxe_optimize
    /hana/hooks/post_start/203_set_hxe_info
    /hana/hooks/post_start/hxe_scripts (ignored, not an executable regular file)
Executing hook /hana/hooks/post_start/201_hxe_optimize ...
    Optimizing HDB server...
    
    Start "HXE" tenant database. This may take a while...
    Enable debugger in workbench...
    Enable statistics server...
    Enable diserver server...
    Do garbage collection...
    Collect garbage on "hdbnameserver"...
    Shrink resource container memory on "hdbnameserver"...
    Collect garbage on "hdbindexserver"...
    Shrink resource container memory on "hdbindexserver"...
    Collect garbage on "hdbcompileserver"...
    Shrink resource container memory on "hdbcompileserver"...
    Collect garbage on "hdbpreprocessor"...
    Shrink resource container memory on "hdbpreprocessor"...
    Collect garbage on "hdbdiserver"...
    Shrink resource container memory on "hdbdiserver"...
    Reclaim data volume on hdbnameserver...
    Reclaim data volume on hdbindexserver...
    Release free log segments on hdbnameserver...
    Release free log segments on hdbindexserver...
    HDB is successfully optimized.
Finished execution of hook /hana/hooks/post_start/201_hxe_optimize (exit code 0)
Executing hook /hana/hooks/post_start/203_set_hxe_info ...
Finished execution of hook /hana/hooks/post_start/203_set_hxe_info (exit code 0)
Finished execution of hooks in folder /hana/hooks/post_start
Finished post start sequence
Duration of start operations ...
        (Pre start) Hook /hana/hooks/pre_start/010_license_agreement: 0s
        (Pre start) Hook /hana/hooks/pre_start/110_clean_hdbdaemon_status: 0s
        (Pre start) Hook /hana/hooks/pre_start/120_clean_pid_files: 0s
        (Pre start) Hook /hana/hooks/pre_start/130_update_clean_wdisp: 0s
        (Pre start) Hook /hana/hooks/pre_start/310_init_ssfs: 60s
        (Pre start) Hook /hana/hooks/pre_start/320_config_cert: 0s
        (Pre start) Hook /hana/hooks/pre_start/330_custom_afls: 0s
        (Pre start) Prep persistence: 20s
        Pre start: 81s
        HANA startup: 34s
        (Post start) Tenant creation: 73s
        (Post start) License import: 0s
        (Post start) Hook /hana/hooks/post_start/201_hxe_optimize: 10s
        (Post start) Hook /hana/hooks/post_start/203_set_hxe_info: 0s
        Post start: 87s
        Overall: 203s
Ready at: Thu Feb  9 20:43:27 UTC 2023
Startup finished!

7: Test SAP HANA Express

Open a new ssh session.

Check the container is running.

[root@ip-172-31-8-96 ~]# podman ps -a
CONTAINER ID  IMAGE                                                         COMMAND                       CREATED            STATUS                              PORTS                                                                                                                                                                     NAMES
13b8532788ec  docker.io/saplabs/hanaexpress:2.00.061.00.20220519.1  --passwords-url f...  4 minutes ago  Up 4 minutes ago (healthy)  0.0.0.0:1128-1129->1128-1129/tcp, 0.0.0.0:39013->39013/tcp, 0.0.0.0:39017->39017/tcp, 0.0.0.0:39041-39045->39041-39045/tcp, 0.0.0.0:59013-59014->59013-59014/tcp  hxecont

Connect into the container

[root@ip-172-31-8-96 containers]# podman exec -it hxecont bash

hxeadm@hxehost:/usr/sap/HXE/HDB90>

Log into SAP HANA Express and run a query.

hxeadm@hxehost:/usr/sap/HXE/HDB90> hdbsql
Welcome to the SAP HANA Database interactive terminal.
                                             

Type:  \h for help with commands              
           \q to quit                             
hdbsql=> \c -i 90 -d HXE -u system -p HXEHana1
Connected to HXE@localhost:39013
hdbsql HXE=> select USER_NAME, USER_DEACTIVATED from SYS.USERS;
USER_NAME,USER_DEACTIVATED
"SYS","TRUE"
"SYSTEM","FALSE"
"_SYS_STATISTICS","FALSE"
"_SYS_TABLE_REPLICAS","TRUE"
"_SYS_EPM","TRUE"
"_SYS_REPO","TRUE"
"_SYS_SQL_ANALYZER","TRUE"
"_SYS_TASK","TRUE"
"_SYS_AFL","TRUE"
"_SYS_WORKLOAD_REPLAY","TRUE"
"_SYS_DATA_ANONYMIZATION","TRUE"
"_SYS_ADVISOR","TRUE"
"_SYS_PLAN_STABILITY","TRUE"
13 rows selected (overall time 6545 usec; server time 298 usec)
hdbsql HXE=>

Summary

SAP HANA Express is available for free for application development and prototyping and productive use for up to 32 GB of RAM. SAP supports SAP HANA Express Edition in containers and has supplied an SAP HANA Express docker image to Docker Hub. In this blog we tested pulling down the docker image onto a RHEL 9.1 host and running SAP HANA Express in a container using the Podman tool.

In the next blog we will demonstrate deploying the SAP Hana Express docker on Red Hat OpenShift Service on AWS (ROSA) .