Symptom
How to install the SAP HANA XS advanced command-line client from the
SAP HANA Installation DVD and connect it to a running SAP HANA XS
advanced controller. This includes setting up the client to use SSL
(https).
Other Terms
SAP HANA XS advanced, command-line, client, installation, HANA, DVD, SSL, https
Reason and Prerequisites
Access to an SAP HANA installation DVD as well as an SAP HANA instance running SAP HANA XS advanced is needed.
SSL encryption (https) is enabled by default in any requests between infrastructure components of the SAP HANA XS advanced (controller, execution agent, and platform router).
This SAP Note includes instructions concerning how to enable SSL encryption between the platform router and clients (for example, a browser or the SAP HANA advanced command-line client).
SSL encryption (https) is enabled by default in any requests between infrastructure components of the SAP HANA XS advanced (controller, execution agent, and platform router).
This SAP Note includes instructions concerning how to enable SSL encryption between the platform router and clients (for example, a browser or the SAP HANA advanced command-line client).
Solution
Installation
To install the SAP HANA XS advanced command-line client:
To connect your SAP HANA XS advanced command-line client to the SAP HANA XS advanced controller using SSL encryption, first find out the URL to use connect your client to the controller API the URL consists of the following information:
Certificate issued by known CA
To find out whether or not the client recognizes the certificate issuer (certificate authority, CA), open a terminal and execute the following command:
Certificate issued by unknown CA
If the client does not recognize the controller certificate issuer, supply the needed SSL certificate to the client:
Logging in to the controller
As soon as the above command has succeeded, you can log in to the controller:
Further reading
For hints on how to supply custom SSL certificates for domains defined in SAP HANA XS advanced see SAP Note 2243019.
To install the SAP HANA XS advanced command-line client:
- Create a target folder ‹target› to store the client binaries
- Change to the subdirectory DATA_UNITS/XSA_CLIENT_10 on the installation medium
- Extract xs.onpremise.runtime.client_‹platform›-‹version›.zip to ‹target›
- In the target folder, bin subdirectory, there should now be a script called xs or xs.cmd, depending on the chosen platform
mkdir-p ‹target›
cd ‹installation_medium›/DATA_UNITS/XSA_CLIENT_10
unzip xs.onpremise.runtime.client_‹platform›-‹version›.zip -d ‹target›
ls ‹target›
Setting up the controller API URL and SSL certificatecd ‹installation_medium›/DATA_UNITS/XSA_CLIENT_10
unzip xs.onpremise.runtime.client_‹platform›-‹version›.zip -d ‹target›
ls ‹target›
To connect your SAP HANA XS advanced command-line client to the SAP HANA XS advanced controller using SSL encryption, first find out the URL to use connect your client to the controller API the URL consists of the following information:
- ‹hostname›: the "Local Host Name" specified during installation
- ‹port›: 3‹hana_instance_number›30
(the instance number, e.g. 00, is specified during installation)
Certificate issued by known CA
To find out whether or not the client recognizes the certificate issuer (certificate authority, CA), open a terminal and execute the following command:
cd ‹target›/bin
./xs api https://‹hostname›:‹port›
If this succeeds, the issuer is known and you can proceed to the step Logging in to the controller. Otherwise, continue with the following steps../xs api https://‹hostname›:‹port›
Certificate issued by unknown CA
If the client does not recognize the controller certificate issuer, supply the needed SSL certificate to the client:
- If the controller runs on the same host as the client, run the following command:
./xs api https://‹hostname›:‹port› --cacert ‹installation_path›/‹SID›/xs/controller_data/controller/ssl-pub/router/default.root.crt.pem
where ‹installation_path› is specified during installation (e.g. /hana/shared).
- If the controller runs on a different host than the client, copy the certificate file from the controller host to the client host and supply the path you copied the file to:
scp ‹admin_user›@‹controller_host›:‹installation_path›/‹SID›/xs/controller_data/controller/ssl-pub/router/default.root.crt.pem ‹target_directory›
./xs api https://‹hostname›:‹port› --cacert ‹target_directory›/default.root.crt.pem
./xs api https://‹hostname›:‹port› --cacert ‹target_directory›/default.root.crt.pem
where the ‹admin_user› could be either ‹SID›adm or root.
Alternatively, you could skip SSL validation, implying that the
client would trust any certificate. This, however, is not recommended
due to significant security implications.
./xs api https://‹hostname›:‹port› --skip-ssl-validation
Logging in to the controller
As soon as the above command has succeeded, you can log in to the controller:
./xs login
Further reading
For hints on how to supply custom SSL certificates for domains defined in SAP HANA XS advanced see SAP Note 2243019.
Header Data
| Released On | 27.11.2015 12:16:57 |
| Release Status | Released for Customer |
| Component | BC-XS XS Engine |
| Priority | Recommendations / Additional Info |
| Category | Installation information |
No comments:
Post a Comment