Automation scripts

Edit online

The automation scripts are provided within the ING_sap.tar file as part of the SA z/OS product.

Important: The *SAPSRV add-on policy expects the z/OS UNIX scripts to be located in the home directory of the <sid>adm user.

The information that is contained in this topic provides the syntax description and the explanation of the parameters for each available script. When called without any parameters, all scripts print usage and version information. The SAP policy that is generated by the SAP HA wizard from the *SAPSRV add-on policy calls the scripts with parameters that are adapted to a specific SAP environment. When you use the scripts for a manually created SA z/OS policy for SAP, you need to adapt the parameters according to your SAP system.

Required SSH setup

The scripts start_as and stop_as use SSH to access remote application servers on Linux®, AIX®, or Windows platforms from z/OS UNIX System Services. In order to avoid interactive password authentication, you must generate a public or private key pair with ssh-keygen on z/OS UNIX and transfer the public key to the authorized_keys file on the remote application server platform. This key exchange must be done for every z/OS UNIX host where the start_as or stop_as scripts might run. This exchange must also be carried out for every remote SAP application server that is involved.

Make sure that the remote (virtual) host name is contained in the ~/.ssh/known_hosts file of the <sid>adm user in z/OS UNIX. This can be done by manually executing one sample ls command via SSH, checking the fingerprint of the remote host and answering the interactive question with yes as follows:

boecoh1> ssh ihlscoh4v ls
The authenticity of host 'ihlscoh4v (10.101.4.217)' can't be established.
ECDSA key MD5 fingerprint is bb:4e:1d:e1:63:75:73:c1:04:17:30:d1:9f:e3:33:c3.
Are you sure you want to continue connecting (yes/no)? yes
FOTS2274 Warning: 
Permanently added 'ihlscoh4v,10.101.4.217' (ECDSA) to the list of known hosts.
bin
public_html
...
...
Note: It might happen that under Linux the SSH key login does not work because the password of the <sid>adm user has expired. In this case you might add the no_pass_expiry option to your PAM configuration. This option ignores the expired password information and SSH key login is possible.

Required changes to protected web methods of sapstartsrv

The scripts use sapcontrol functions like GetVersionInfo, GetProcessList, and J2EEGetProcessList, for example to monitor the status of a remote SAP application server. Prior to SAP NetWeaver kernel 7.38, these functions are not protected and can be called without user authentication. The default set of unprotected functions has been changed with NetWeaver kernel 7.38 and later kernels. In order to use the function J2EEGetProcessList with later kernels without authorization, you need to apply one of the following settings in the profile of each Java application server:

  • service/protectedwebmethods=SDEFAULT -J2EEGetProcessList -GetVersionInfo
  • service/protectedwebmethods=DEFAULT

For a list of protected web methods of sapstartsrv refer to this URL:

Protected web methods of sapstartsrv

The following scripts are currently provided within the ING_sap.tar file as part of the SA z/OS product:

Table 1. Scripts for the *SAPSRV add-on policy of SA z/OS
Filename Description
Scripts available for explicit invocation (details and options can be found after this table)
start_as Sample shell script used to start a remote ABAP or Java™ application server instance.
stop_as Sample shell script used to stop a remote ABAP or Java application server instance.
check_as Sample script used to start the SAP monitor for remote ABAP or Java application server.
start_cs Shell script used to start the:
  • ABAP SAP Central Services (ASCS) instance
  • Enqueue replication server instance belonging to the ASCS
  • Java SAP Central Services (SCS) instance
  • Enqueue replication server instance belonging to the Java SCS
  • SAP Web Dispatcher instance
  • SAP Solution Manager Diagnostics Agent (SMDA)
start_sapsrv Shell script used to start the SAP Instance Service sapstartsrv for ASCS, SCS, ERS, WD, and SMDA instances.
checkwd Sample script used by the *SAPSRV add-on policy in SA z/OS to check the health of the SAP Web Dispatcher.
Scripts that are internally used by other scripts or by the *SAPSRV add-on policy
samsapctrl_asping Sample shell script to monitor the status of ABAP or Java application server. Used internally by check_as.
sapolicy.sap.map_USS The samsapctrl_asping script needs this message file. It must be installed in the same directory as the samsapctrl_asping script, namely in the home directory of the <sid>adm user.
sap_xplatform Cross platform library of functions, internally used by start_cs, start_sapsrv, and samsapctrl_asping scripts.
SAPWDMTR Sample REXX program to check, if the health check z/OS UNIX process wdispmon for a specific Web Dispatcher instance is running. Used internally in the monitor resource for the SAP Web Dispatcher in the *SAPSRV add-on policy.
SAPRASTP Sample REXX program to eliminate for an SA z/OS operator the usage of STOP FORCE mode when stopping a remote application server.