Red hat provides a playbook that can be used for SAP HANA configuration on RHEL. This ansible script sets environment variables and kernel values in order to optimize the environment for SAP workloads.
However you may encounter errors during the installation procedure. This article explains how to bypass them in order to run it on a RHEL 8.4 environment.
The first error you will notice is the sap_domain. This occurs if you have not set a value for this variable on vars.
In order to resolve this issue run the playbook using
sap_domain variable. ansible-playbook site.yml --extra-vars sap_domain=yourdomain
The second issue you will notice is that RHEL 8.4 does not belong to the supported distributions.
The compatibility is stored on the ansible collection vars section and you should edit that.
Add 8.3 or 8.4 version and save the file.
The last error you may notice would be about required packages.
Add the below repositories:
subscription-manager repos --enable=rhel-8-for-x86_64-appstream-rpms \
Rerun the ansible playbook.
Verify the changed states of various tasks and check active tuned profile
If you try to allocate more than 128GB on swap partition for a Redhat installation you will notice that is not possible through installer. This is a known bug on Redhat bugzilla that is mentioned as resolved. However I tried to allocate 256GB swap with a RedHat 8.2 installer and I got the maximum size which is 128GB. In this article you will learn how to increase swap size manually.
First validate that there is available space on the volume group. (140g available on my case)
Then extend the swap logical volume
Deactivate swap file
Reactivate swap partition.
You can verify swap space with
As security is one of the most important things on your infrastructure, you should enable logging for all commands and actions that a user performs (logins included).
In this article I will explain the procedure using auditd which comes preinstalled with many Linux distributions.
First things first, check if auditd is already installed and started on your system.
Then go to the rules file and open it with your favorite editor.
Add the below two rules to the end of the file.
-a exit,always -F arch=b32 -S execve -k auditcmd
-a exit,always -F arch=b64 -S execve -k auditcmd
Then execute on terminal:
You should then restart the service. Trying to do so with systemctl you may encounter the below error:
Execute auditd stop and start using the below commands:
service auditd stop
service auditd start
Verify existing rules:
You are now ready and you can test the logging functionality. Perform a sudo action with a non root user.
Locate the action from logs.