Frequently asked questions
This article provides answers to frequently asked questions (FAQ) about the SAP deployment automation framework on Azure.
Terraform deployment
What does the error "Incorrect parameter file" mean?
You might see this error when running a deployment. Make sure that you pass the correct path to the parameter file for the appropriate phase. For example, the Control Plane, Landscape, or System.
Can I create multiple SAP systems with an input file?
It's not currently possible to create multiple SAP systems with an input file, such as a CSV file.
How do I customize my naming convention?
The naming convention for the SAP automation framework carefully matches Azure naming standards. If you want to use your own naming conventions, follow the custom naming module instructions
What does the error " does not have secrets get permission on key vault" mean?
You might get the error Error: checking for existing Secret….User, group, or application…does not have secrets get permission on key vault.
Make sure that the deployment credentials have sufficient permissions to read the secrets from the deployment key vault. Also make sure that the SPN AppID and SPN Secret in the user's key vault are correct.
What does the error "the client does not have authorization to perform action Microsoft.Authorization/roleAssignments/write" mean?
You might get the error authorization.RoleAssignment.Client#Create: The client… with object ID… does not have authorization to perform action 'Microsoft.Authorization/roleAssignments/write' over scope…or scope is invalid.
Make sure that you pass the correct application ID and application secret for the deployment. Validate the credential details by looking at the secrets in the deployment credentials key vault.
What does the error "A resource with ID already exists... this resource needs to be imported into the State" mean?
You might see the error A resource with ID…already exists - to be managed via Terraform this resource needs to be imported into the State.
This error means that Azure resources were added outside of the Terraform deployment. Update the state file automation-advanced_state_management.md to fix.
Why are multiline commands failing because of a whitespace error?
Make sure that your deployment commands are well-formed. Use an editor to format the deployment commands properly before running them.
What does the error "error executing "/tmp/terraform_273760270.sh" mean?
You might see the error error executing "/tmp/terraform_273760270.sh": Process exited with status 127.
This error means there's an issue with the line endings in sap-hana/deploy/terraform/terraform-units/modules/sap_deployer/templates/configure_deployer.sh.tmpl.
Make sure to save this file with LF line endings, not CRLF. If you open the file in a Windows environment, the line endings might change from the original LF to CRLF.
What does the error "building account: getting authenticated object ID: Error parsing json result from the Azure CLI" mean?
You might see the error Error: building account: getting authenticated object ID: Error parsing json result from the Azure CLI: Error waiting for the Azure CLI: exit status 1: ERROR: Error occurred in request., ConnectionError: HTTPSConnectionPool(host='graph.windows.net', port=443): Max retries exceeded with url: /d1ffef09-2e44-4182-ad9c-d55a72c588a8/me?api-version=1.6 (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x040F73E8>: Failed to establish a new connection: [Errno 11002] getaddrinfo failed')).
Log out using the command az logout. Log in again using az login to resolve the issue.
What does the error "KeyVault Secret does not exist" mean?
You might see the error Error: KeyVault Secret <SECRET-NAME> …does not exist where <SECRET-NAME> is the secret's name.
Make sure that the user's key vault contains the following secrets. Replace <ENVIRONMENT> with your environment name.
<ENVIRONMENT>-subscription-id<ENVIRONMENT>-tenant-id<ENVIRONMENT>-client-id<ENVIRONMENT>-client-secret
What does the error "Either an Access Key / SAS Token must be specified or Azure AD Authentication must be enabled" mean?
You might see the error Either an Access Key / SAS Token or the Resource Group for the Storage Account must be specified - or Azure AD Authentication must be enabled when deploying the workload zone.
Make sure that you're passing the correct value for the storageaccountname parameter. Check that the parameter specifies the account that containers the Terraform state files.
What does the error "The repository path is incorrect!" mean?
You might get the error The repository path: \<REPO-PATH\> is incorrect!, where <REPO-PATH> is your repository path, when you run New-SAPAutomationRegion.
Find the path of the sap_deployment_automation.ini file. The file location depends on your execution environment. Possible locations are My Documents on Windows, or ~/sap_deployment_automation on Linux.
Enter the fully qualified path to the repository in the sap_deployment_automation.ini`` file under the Common Repo` variables.
Why do I get the error "Error loading state error" during the landscape phase?
You might see the error Error loading state error when you're running the landscape phase.
Find the path of the sap_deployment_automation.ini file. The file location depends on your execution environment. Possible locations are My Documents on Windows, or ~/sap_deployment_automation on Linux.
Check your `SAP_Automated_Deployment.ini file. Make sure that the values to each key don't have relative paths before the state file names.
Any values for state files must only contain the name of the state files from the related storage account. This account is in the SAP Library's resource group.
What does the error "blobName cannot be an empty string" mean?
You might get the error Error loading state: blobs.Client#Get: Invalid input: blobName' cannot be an empty string when you're deploying the workload zone.
If the workload zone didn't deploy successfully, delete the .terraform folder within WORKSPACES\Landscape\<ENVIRONMENT-FOLDER>. Then, try to deploy the workload zone again.
What does the error "Could not set the secrets" mean?
You might see the error Could not set the secrets. when deploying the workload zone.
This error message refers to the key vault being created in the workload zone. Make sure that you're passing the deployment credentials' key vault name for the vault parameter.
What does the error "'netAppAccounts' has been restricted in this region" mean?
You might see the error 'netAppAccounts' has been restricted in this region.
This error means the subscription isn't registered for the netAppAccounts resource provider. Register the provider to fix the issue.
Ansible configuration
What does the error "Retrieve SSH Key Secret Details" mean?
When you deploy the SAP HANA software from configuration_menu.sh, you might get the fatal error Retrieve SSH Key Secret Details.
Make sure that the name of the secrets in the user credentials' key vault match the environment naming prefix. For example, you might need to change DEV-<ID>-SAP01 to DEV-<ID>-SAP.