This guide shows you how to resolve issues with version 2 of Google Cloud's Agent for SAP.
Logging
Check the logs in the directory that is specific to your operating system.
To view the logs for Google Cloud's Agent for SAP, navigate to the following paths:
Linux
/var/log/google-cloud-sap-agent.log
Windows
C:\Program Files\Google\google-cloud-sap-agent\logs\google-cloud-sap-agent.log
Common issues
Issue: Insufficient IAM permissions
Issue: Google Cloud's Agent for SAP logs show insufficient IAM permissions error.
Cause: The service account does not have the required IAM permissions to access the Cloud Monitoring API.
Resolution: In Google Cloud console, on the VM instance details page, note the
name of the VM service account. For example:
[email protected]
.
On the IAM & Admin home page, ensure that the service account includes
the following IAM roles:
Feature | Required IAM roles |
---|---|
SAP Host Agent metrics collection | |
Process Monitoring metrics collection |
|
Workload Manager evaluation metrics collection |
|
SAP HANA monitoring metrics collection |
|
For more information about the authentication required for Google Cloud's Agent for SAP, see Authentication and access.
To confirm the permissions that the Cloud Monitoring agent requires, see the following Monitoring documentation:
Issue: Incorrect access scopes for the VM service account
Issue: If you limit the access scopes on your host VM instance, then Google Cloud's Agent for SAP logs might show insufficient IAM permissions error.
Cause: Google Cloud's Agent for SAP requires minimum Cloud API access scopes on the host VM instance. This error occurs when the service account does not have the required access scopes.
Resolution: Access scopes are the legacy method of specifying permissions for your VM instance. Compute Engine recommends configuring your VM instances to allow all access scopes to all Cloud APIs and using only the IAM permissions of the VM service account to control access to Google Cloud resources.
To resolve this issue, as a best practice, set the all cloud-platform
access
scope on the VM instance, then securely limit the service account's API access with
IAM roles. For example:
https://www.googleapis.com/auth/cloud-platform
If you do limit the access scopes of your VM instance, then you must ensure that the host VM instance has the following access scopes:
https://www.googleapis.com/auth/source.read_write
https://www.googleapis.com/auth/compute
https://www.googleapis.com/auth/servicecontrol
https://www.googleapis.com/auth/service.management.readonly
https://www.googleapis.com/auth/logging.admin
https://www.googleapis.com/auth/monitoring
https://www.googleapis.com/auth/trace.append
https://www.googleapis.com/auth/devstorage.full_control
If you have enabled the collection of the Process Monitoring metrics, Workload Manager evaluation metrics, or the SAP HANA monitoring metrics, then the access scopes of the host VM instance must also have write access to publish metric data to your Google Cloud project:
https://www.googleapis.com/auth/monitoring.write
To change the access scopes, you need to stop your VM instance, make the changes, and then restart the VM instance. For instructions, see the Compute Engine documentation. You don't need to make any changes to permissions for IAM roles for this issue.
Issue: Missing or incorrect SAP Host Agent
Issue: Google Cloud's Agent for SAP logs show missing or incorrect SAP Host Agent error.
Cause: SAP Host Agent or the required minimum patch level for the SAP Host Agent is not installed. For Google Cloud's Agent for SAP to work, your SAP system must have the SAP Host Agent installed and the required minimum patch level for the Host Agent is maintained.
Resolution: To resolve this issue, install the required version of the SAP Host Agent. For instructions to install the SAP Host Agent, see the SAP documentation.
For version requirements for the SAP Host Agent, see the following SAP Notes:
- Linux: SAP Note 2460297 - SAP on Linux on Google Cloud Platform: Enhanced Monitoring
- Windows: SAP Note 1409604 - Virtualization on Windows: Enhanced Monitoring
Issue: Installation of Google Cloud's Agent for SAP failed
Issue: Installation of the agent fails when the package manager install
command (yum
, zypper
, or googet
) is executed.
Cause: Installation of the agent fails because the host server that is running the agent has been created without a public IP address.
Resolution: To resolve this issue, set up a NAT gateway that gives the host server outbound access to the internet. For information about how to set up a NAT gateway, see the deployment guide for your SAP system. For example, for SAP NetWeaver, see:
- Setting up a NAT gateway on a Compute Engine VM instance
- SAP NetWeaver on Linux Deployment Guide
- SAP NetWeaver on Windows Deployment Guide
Issue: Collection of the SAP HANA monitoring metrics failed
Issue: While upgrading from the monitoring agent for SAP HANA, after you install Google Cloud's Agent for SAP, you see an error message similar to the following:
tls: failed to verify certificate: x509: certificate relies on legacy Common Name field, use SANs instead
Cause: Google Cloud's Agent for SAP cannot start the collection of the SAP HANA monitoring metrics because the target SAP HANA instances use SSL certificates that are specified with Common Name (CN).
Resolution: To resolve this issue, complete the following steps:
For the SAP HANA instances that you want to monitor using Google Cloud's Agent for SAP, you must switch to using a Subject Alternate Name (SAN) SSL certificate instead of SSL certificates that are specified with Common Name (CN).
Establish an SSH connection with your host VM instance or Bare Metal Solution server.
Open the configuration file of Google Cloud's Agent for SAP:
/etc/google-cloud-sap-agent/configuration.json
In the
hana_monitoring_configuration
section, set the parameterenabled
totrue
.In the
hana_monitoring_configuration.hana_instances
section, perform the following for each SAP HANA instance that uses the TLS/SSL protocol for secure communication:Specify the parameter
enable_ssl
and set its value totrue
.Specify the parameter
host_name_in_certificate
and set the SAP HANA host name, as specified in the TLS/SSL certificate, as its value.Specify the parameter
tls_root_ca_file
and set the path, where the TLS/SSL certificate is stored, as its value.
Save the configuration file.
Restart Google Cloud's Agent for SAP for the new settings to take effect:
sudo systemctl restart google-cloud-sap-agent
Verify that the agent is collecting the SAP HANA monitoring metrics. For instructions, see View the other metrics.
Uninstall the monitoring agent for SAP HANA.
Issue: Connection refused error
Issue: SAP Host Agent logs show the connection refused error.
Cause: Google Cloud's Agent for SAP cannot start up because the port 18181
is not available. Google Cloud's Agent for SAP listens for requests on port 18181
.
This port must be available for the agent to start up.
Resolution: To resolve this issue, make sure that the port 18181
is available
for Google Cloud's Agent for SAP. If another service is using port 18181
, then you
might need to restart that other service or otherwise reconfigure it to use
another port.
Issue: For the OS images SLES 15 SP4 for SAP and later, Google Cloud's Agent for SAP is not running
Issue: When you use the SLES "for SAP" OS images, Google Cloud's Agent for SAP is preinstalled for you. But, for the OS images SLES 15 SP4 for SAP and later, the preinstalled Agent for SAP does not start on its own.
To verify that the agent is running or not, perform the following steps:
- Connect to your host VM instance or Bare Metal Solution server.
Run the following command:
systemctl status google-cloud-sap-agent
If the agent is not running, then the output contains
inactive (dead)
. For example:google-cloud-sap-agent.service - Google Cloud Agent for SAP Loaded: loaded (/usr/lib/systemd/system/google-cloud-sap-agent.service; disabled; vendor preset: disabled) Active: inactive (dead)
Cause: The Agent for SAP doesn't start on its own because of a problem with the OS packaging.
Resolution: To resolve the issue, perform the following steps:
- Connect to your host VM instance or Bare Metal Solution server.
Run the following commands:
sudo sed -i 's~ /usr/sap~ -/usr/sap~g' /usr/lib/systemd/system/google-cloud-sap-agent.service sudo systemctl restart google-cloud-sap-agent
Verify that the agent is running:
systemctl status google-cloud-sap-agent
You should see an output similar to the following:
google-cloud-sap-agent.service - Google Cloud Agent for SAP Loaded: loaded (/usr/lib/systemd/system/google-cloud-sap-agent.service; disabled; vendor preset: disabled) Active: active (running) since Wed 2023-07-12 03:07:23 UTC; 7s ago Main PID: 6117 (google_cloud_sa) Tasks: 6 Memory: 8.8M (max: 1.0G limit: 1.0G available: 1015.1M) CGroup: /system.slice/google-cloud-sap-agent.service └─ 6117 /usr/bin/google_cloud_sap_agent startdaemon
Getting support for Google Cloud's Agent for SAP
If you need help resolving a problem with Google Cloud's Agent for SAP, then gather the required diagnostic information and contact Cloud Customer Care. For more information, see Version 2: Google Cloud's Agent for SAP diagnostic information.