sap_swpm: Execution and monitoring timeouts not aligned

[rob0d]

I am testing SWPM+SUM execution and obviously that's taking a lot longer than the standalone SWPM run.

I have hit an issue that despite the monitoring timeout lines 81-82 which is is effectively set to 60000 seconds (~16 hrs):

  retries: 1000
  delay: 60

However the async execution timeout in line 70 is set to 32400 (9 hrs):

async: 32400

I would suggest to align these two as it failed for me unexpectedly while running SUM despite the monitoring output still showing there are few hours left.

Change the timeout to higher values if SUM execution was enabled? Keep it longer at all times? I think with SUM we need around 24 hours.

NOTE: I am wondering how to handle this as SUM execution is partially manual and SWPM is waiting for that to finish.

[sean-freeman]

@rob0d I agree with aligning the time, 24 hours is very long-running but I agree with the principle.

---

Regarding your side note, if executing sap_swpm Ansible Role with SUM and it pauses on approval, to achieve your aim it would be good if you can test the following shell script commands (so they can be converted into Ansible and appended). I haven't returned to this code for a very long time.

# View files from SUM Observer: https://localhost:1129/lmsl/sumobserver/S01/monitor/index.html
# https://localhost:1129/lmsl/sumobserver/S01/analysis/SUMOBSERVER.XML
# https://localhost:1129/lmsl/sumobserver/S01/analysis/SUMDIALOG.XML
# https://localhost:1129/lmsl/sumobserver/S01/analysis/SAPup_troubleticket.log
# https://localhost:1129/lmsl/sumobserver/S01/analysis/SAPup_troubleticket.zip
# https://localhost:1129/lmsl/sumobserver/S01/analysis/SUMJAVAOBSERVER.XML


# View files from SUM ABAP: https://localhost:1129/lmsl/sumabap/S01/slui/
# /lmsl for LSML API/interface
# https://localhost:1129/lmsl/sumabap/S01/slui/
# https://localhost:1129/lmsl/sumabap/S01/summanifest.mf
# /slp for SL Protocol API/interface
# https://localhost:1129/slp/sumabap/S01/dialogs
# https://localhost:1129/slp/sumabap/S01/metadialogui5
# https://localhost:1129/slp/sumabap/S01/roadmap
# https://localhost:1129/slp/sumabap/S01/actions
# https://localhost:1129/slp/sumabap/S01/monitor
# https://localhost:1129/slp/sumabap/S01/metadata
# https://localhost:1129/slp/sumabap/S01/versions
# https://localhost:1129/slp/sumabap/S01/properties
# https://localhost:1129/slp/sumabap/S01/config



# Define SAP System ID
sap_system_id_upper="S01"
sap_system_id_adm="s01adm"
sap_system_id_adm_password='NewPass$321'

# Retrieve observer file
curl --insecure --user "$sap_system_id_adm":"$sap_system_id_adm_password" https://localhost:1129/lmsl/sumobserver/$sap_system_id_upper/analysis/SUMOBSERVER.XML


# NOTE: the trailing slash is important for authentication realm in the internal browser logic of /slui/
sum_lxml_init=$(
curl "https://localhost:1129/lmsl/sumabap/$sap_system_id_upper/slui/" \
--insecure --location --cookie-jar cookies.log --cookie cookies.log \
--user "$sap_system_id_adm":"$sap_system_id_adm_password")


# Use --verbose mode instead of --head, otherwise error "HTTP/1.1 501 Not Implemented"
# NOTE: use Request Header 'X-CSRF-Token: Fetch' to obtain token for POST - however this may cause no Response payload
sum_slp_csrf_token=$(curl "https://localhost:1129/slp/sumabap/$sap_system_id_upper/config" \
--insecure --location --cookie-jar cookies.log --cookie cookies.log \
--user "$sap_system_id_adm":"$sap_system_id_adm_password" \
--header 'Accept: */*' \
--header 'Accept-Encoding: gzip, deflate, br' \
--header 'DNT: 1' \
--header 'Connection: keep-alive' \
--header 'Sec-Fetch-Dest: empty' \
--header 'Sec-Fetch-Mode: cors' \
--header 'Sec-Fetch-Site: same-origin' \
--verbose \
--silent \
--header 'X-CSRF-Token: Fetch' \
--header 'X-Requested-With: XMLHttpRequest' \
2>&1 | grep '< X-CSRF-Token' | awk -F ': ' '{print $2}')


sum_slp_config_xml=$(curl "https://localhost:1129/slp/sumabap/$sap_system_id_upper/config" \
--insecure --location --cookie-jar cookies.log --cookie cookies.log \
--user "$sap_system_id_adm":"$sap_system_id_adm_password" \
--header 'Accept: */*' \
--header 'Accept-Encoding: gzip, deflate, br' \
--header 'DNT: 1' \
--header 'Connection: keep-alive' \
--header 'Sec-Fetch-Dest: empty' \
--header 'Sec-Fetch-Mode: cors' \
--header 'Sec-Fetch-Site: same-origin' \
--header "X-CSRF-Token: $sum_slp_csrf_token" \
--header 'X-Requested-With: XMLHttpRequest')


sum_slp_execute=$(curl "https://localhost:1129/slp/sumabap/$sap_system_id_upper/config" \
--request POST \
--insecure --location --cookie-jar cookies.log --cookie cookies.log \
--user "$sap_system_id_adm":"$sap_system_id_adm_password" \
--header 'Accept: */*' \
--header 'Accept-Encoding: gzip, deflate, br' \
--header 'DNT: 1' \
--header 'Connection: keep-alive' \
--header 'Sec-Fetch-Dest: empty' \
--header 'Sec-Fetch-Mode: cors' \
--header 'Sec-Fetch-Site: same-origin' \
--compressed \
--header "X-CSRF-Token: $sum_slp_csrf_token" \
--header 'X-Requested-With: XMLHttpRequest' \
--header "Content-Type: application/x-www-form-urlencoded; charset=UTF-8" \
--header 'Accept-Language: en-GB,en;q=0.5' \
--header 'Origin: https://localhost:1129' \
--header "Referer: https://localhost:1129/lmsl/sumabap/$sap_system_id_upper/slui/" \
--data-raw "$sum_slp_config_xml")

[rob0d]

Hi @sean-freeman,

I ran SWPM+SUM only once and SWPM got killed by Ansible because the runtime reached the timeout value (I left it over night thinking I have enough time). I was able to finish SUM and I think it needed input twice.
I will have another go next week (the full end-to-end process) and have a look at the script you posted.
I'm not entirely clear what does reading XML config from "https://localhost:1129/slp/sumabap/$sap_system_id_upper/config" and posting it back to the same URL do? Can you please elaborate?
Thanks.

[sean-freeman]

@rob0d For Phase PREP_EXTENSION/BIND_PATCH titled Select Support Packages That You Want to Include, you GET the config and POST the config so that all Support Package Components are patched to the Package "Target Level". Otherwise in some cases, SAP SUM is started automatically but will pause at 10% indefinitely waiting for the end-user to confirm.

[sean-freeman]

@rob0d Hope that made sense?

[rob0d]

HI Sean. Sorry I didn't get back to you. I was hoping to test it this week, but had issues with the deployment and things got delayed. I am planning to get to try a few times next week and report back.

[rob0d]

Hi @sean-freeman,
Only a partial success.
The first 4 steps worked fine: got the observer file, collected csfr token, saved the config as XML.
Unfortunately posting to the config URL returns this:

Forbidden
You are not authorized to access the specified resource or execute the requested action

So GET works, POST doesn't.
I will be testing this again tomorrow. I will try to get the URL that's called when "Next" button is presses in SLUI to see if that can be used instead.

[sean-freeman]

@rob0d That sounds like the reason why I did not finish that code. At least the first 4 steps worked.

I think the POST is what the SLUI "Next" button executes; please forgive me, this was quite a while ago.

If you find correct final command, I will make it a priority to append into the sap_swpm Ansible Role.

[rob0d]

Hi @sean-freeman,
A bit more details. Yes, you are right, the next button does a POST to the config URL.
There are two points where SUM stops:

• First at the list of versions at %10
• Second towards the end when it prompts to run SPAU

Both behave in the same way. The steps are identifiable via sumobserver.xml and both do a POST to the config URL.
Looking at what browser does.
It gets the same 403 message your script got, but browser then does another GET to the same URL and refreshes the CSFR Token and then does another POST to the same URL.
I couldn't test it as when I've done it in the browser it moved on. However I will be doing a few more in 1-2 weeks, so I will modify the script to emulate the same behaviour and get a fresh token and see if that works.

[rob0d]

Hi @sean-freeman,

I had a look at it again and I tried to do another GET to get an updated CSFR token and then do POST, but I am still getting permission denied. I'm not sure if I missed something. However, I have collected network logs from the browser when doing it manually. Would you be able to have a look at them to check if there is anything that can be changed in your script to make it work?
I am not able to post the logs here, but can share them privately.

[sean-freeman]

@rob0d Drop me a msg direct > galaxy.yml#L19

[sean-freeman]

@rob0d Drop me an email as above, then we can close this GH Issue ? The outstanding action is irrelevant to the GH Issue itself, and a new GH Issue for tracking it should probably be created