DATABASE ADMIN GUIDE

MDC Tenant Copy within a cluster - SAP HANA

of course, same approach applied between 2 clusters or systems!

Shaheer

Published in

databasetips

5 min readNov 23, 2020

Tech Experience Level — L2/L3

When you have several hundreds of databases running on SAP HANA, and they are all on MDC (Multi Database Containers), you might think of copy/move a tenant database from one MDC system to another MDC, or within same MDC. This is achieved by the database feature known as tenant copy/replication within SAP HANA.

Generally this is achieved with a mere mock HSR (HANA System Replication) like method, but a lot different, and you can achieve this with near zero downtime on source database!!!

Interested? let’s get most out of this activity, now.

Prerequisites

You must be running SAP HANA MDC database with ateast a tenant database running.
Ensure we have sufficient space available in data volumes (in order to accomodate the new database, the size consideration would be as same as source tenant database)
Download the extract_certificates.py script to setup trust between source and target databases.

Tech task to follow

I have 3 node cluster setup (database name :ABC) in this scenario, where we check on how to copy a tenant within the cluster (of same MDC):

Below, we can see all the processes running for ABC host is actually distributed across nodes — host1 and host2 ( simply, this database was setup with the name ABC, and as you know this is the default and first tenant in this container, since we added the host2 as worker node while setup this is distributed):

Now, we can navigate to $SECUDIR to generate a PSE key:

Using inbuilt sapgenpse commandline util, we can generate the key (with any name, here we name it as source.pse):

Download py script — extract_certificates.py from SAP Note 2175664, and pass new PSE file as argument and execute it. You’ll see a big chunk of key encrypted values (for readability I’ve removed few lines):

Connect to SYSTEMDB and create a PSE store

Make sure to turn on multiline [\mu] from hdbsql console

Now, apply the generated certificate to the newly created PSE store

Set the purpose of PSE to SSL since we communicate between the hosts in a secured layer

Make sure we have global.ini > listeninterface parameter set up as .global

You may query the cert details:

If we are using the same database cluster (of ABC) as target system to copy as new tenant, please follow along. If you’re using a different cluster system (than ABC MDC), then connect to the target and follow along.

Create the PSE store in target (SYSTEMDB, in my case I’m doing copy within ABC MDC):

In target, create credential with valid authetication details in order to communicate the target to the source database (Make sure you provide the source tenant database details in field followed by the keyword PURPOSE) as below:

Create the database ABCT01 (which is the target tenant database that we are replicating from source tenant datbase ABC), ensure we provide the source tenant nameserver port details in field followed by AT (you may provide also the FQDN if you see any connectivity issues):

If you encounter below issue, you need to disable ssl replication enforcement in database layer:

* 2: general error: nameserver failed to process the request;ltt exception: exception 7100011: Database connection to the source database error: target database has not configured local SSL communication.
Encrypted communication to the source database failed.
It seems that you tried to configure encrypted communication. Please check the ‘enforce_ssl_database_replication’ parameter (‘on’/’off’) under [multidb] section in global.ini in the target database; also verify the values of the ‘sslcryptoprovider’ (not required in high isolation mode), or ‘ssl’ parameters for both system databases. to enable or explicitely disable encrypted communication.
 SQLSTATE: HY000

Now that we have started the tenant copy, we need to check the progress, by connecting to source database SYSTEMDB, mainly the views:

SYS_DATABASES.M_DATABASE_REPLICAS
SYS_DATABASES.M_DATABASE_REPLICA_STATISTICS

You need to wait until the replication status can be seen as ACTIVE, which means all data in sync with target:

You can also notice the copied tenant database (ABCT01) details from SYS_DATABASE.M_SERVICES view:

Now, the replication is in sync, so we can safely stop the replication (here we call it as to finalize the replication, on target SYSTEMDB):

You can also check approx. size for the databases that we gone so far:

Thus, we have succesfully cloned the source to target, while the database is up and running!

Key Views

SELECT * FROM SYS_DATABASES.M_SERVICES;
SELECT * FROM SYS.CERTIFICATES;
SELECT * FROM PSES WHERE PURPOSE = ‘SSL’;
SELECT * FROM SYS_DATABASES.M_DATABASE_REPLICAS;
SELECT * FROM CREDENTIALS;

I’ll be glad to hear if you find this document helpful, also any feedback always welcome!