Update PHP version on Amazon EC2

It was time to update the PHP version on my WordPress server. WordPress gave me warnings; the site health plugin gave me a warning. Plugins gave me warnings. PHP, IT news sites, the internet, warnings everywhere.

I knew that my PHP version was very old. But still supported. At least until beginning of 2019. When I configured the server for the first time several years ago, the installed PHP version was already not the latest. It was what yum install php gave me. Updating software is crucial, so I decided to finally touch my running system.

WordPress provides a site explaining how to update your PHP version. The update process in the documentation goes like: write an email to your hoster. Or: Not working in my case. For those that want to know how to update PHP on a Amazon AMI EC2 instance, here are the stops and my lessons learned.


First, do a backup. Update WordPress and the plugins. Check that the plugins are compatible with PHP 7.2

  • Backup: See my blog on how to create a snapshot of a EC2 instance.
  • Update WordPress and plugins: Easy: just do as always and keep it up-to-date.
  • Check plugins for compatibility: A plugin is available to check the installed plugins and files for compatibility with PHP 7.x. Install and activate it and run a test.

The PHP Compatibility plugin is started from the WP Admin site. Hint: in my case, the plugin worked fine, but also crashed the server. After running it and saving the results, uninstall it.

This gives as an output an evaluation of the plugins and their compatibility status.


Next step is to update PHP. Use the package manager for this. I’ll split the installation process in two parts: PHP and the additional packages.

sudo yum update
sudo yum install php72
sudo yum install php72-opcache php72-mysqlfnd php72-gd php72-pecl-imagick php72-bcmath

Result installation PHP 7.2

Result Installation of additional PHP packages

Activate PHP

After installing PHP 7.2 it must be activated. The old PHP version is still the default one, meaning that calling php is not calling php 7.2. To change the paths, run alternative. It will show the available alternatives and asks which one you want to use. I am going to use php 7.2, so the input here was 2.

alternatives --config php

php -version

Now PHP 7.2 is installed and activated. After restarting Apache WordPress will run on a newer PHP version.

Let the world know

Create OAuth 2.0 scope in Keycloak

OAuth uses scopes to restrict access to resources. “Scope is a mechanism in OAuth 2.0 to limit an application’s access to a user’s account. An application can request one or more scopes, this information is then presented to the user in the consent screen, and the access token issued to the application will be limited to the scopes granted.” [link]

A service is assigned to a scope, therefore without being allowed to access a scope, you cannot access the resource. You can create scopes independently from the resource, that is: first create a scope, then assign the scope to a service you want to access. In reality, you should first create the service and then assign a scope to it.

After knowing the scope, log in to Keycloak and create a client scope. Later this scope will be assigned to a client. If the client authenticates then in Keycloak, the scope is assigned to it and the client can access the service.

Click on create

In the following form, enter the data for the OAuth scope:

  • Name: Scope for service. Here I used ZDEMO_CDS_SALESORDERITEM_CDS_0001, a scope for a CDS Service. Don’t worry, it’s just an example, Gateway does not work with OpenId Connect.
  • Description: SAP Gateway OData service
  • Protocol: openid-connect
  • Display on Consent Screen: off


The OAuth scope is created. It can now be assigned to a client.


When you change the scope of the service, you need to update the scope information here too.

Let the world know

Add OAuth 2.0 client in Keycloak

In this article I will show how to add an OAuth 2.0 client in Keycloak.

Log in to Keycloak and select a realm. In a new (empty) installation of Keycloak, the realm Master is selected by default. The realm name is important, as it is part of the URL used later for OAuth authentication.

To create a new OAuth 2.0 client, click on create.

Insert your information for the client. Make sure the openid-connect is selected as client protocol.

Client ID: oidclient
Client Protocol: openid-connect

Click on save and the client configuration screen is shown. Here you can add and alter additional information.


  • Access Type: confidential. This will require the OAuth 2.0 client to send a client secret to authenticate itself.
  • Service Accounts Enabled: On

  • Valid Redirect URIs: set to a valid one, like /

All other parameters should work as given.

Switch to tab Credentials

Here you can see the OAuth 2.0 client secret. As in the settings tab the access type was set to confidential, the client must send its client id and secret to Keycloak to authenticate itself. The client id is the name of the client (oidclient), and here you can see the secret: 7bc40…

You can now add the OAuth 2.0 scopes to the client.

Let the world know

How to install HANA Express Edition on Proxmox

It is easy to install SAP HXE on Proxmox. It’s just 3 steps.

  1. Preparation
  2. Install HXE
  3. Additional configuration


Before you can run HXE, first you have to download the files from SAP and configure a Proxmox VM for HXE and import the OVA image. I wrote a blog on how you can import an OVA image in Proxmox.

Install HXE

After importing the OVA image, you have a virtual machine with HXE. The image is only missing the installation of HXE. Start the VM.

  1. Select keyboard layout to use.

  1. Configure time zone.

  1. Login
Login: hxeadm
Passsord: HXEHana1

  1. Change password

After logging in, you will be asked to change your password.

  1. HXE Installation

After changing the password, HXE installation will be started automatically.

Provide HANA master password

Proxy configuration: y or n, depends on your network configuration.

Start XSA configuration.

Wait for XSA configuration to finish. This will block the console, but also allows you to check easily the current status of the installation.

Confirm values: Y

Installation starts. Grab coffee, a lot. More. Way more coffee.

When the installation successfully runs through, a congratulation message is written to shell.

To see the started services:

./HDB info

Additional configuration

Stop HXE

./HDB stop

Start HXE

./HDB start


Note the IP address and assign an alias to it in the /etc/hosts file of your laptop to be able to access HXE with a FQDN.

Let the world know

Installing SAP Enterprise Designer in HXE

To be able to install EA Designer in HXE, you first need to copy the eadesigner.tgz file to your HXE server. SAP is not making the file available as a free available standalone download. You get the file with the HXE downloader.

First “problem” to solve is how to get the file on your HXE. In my case: a VM running on Proxmox.

If you have the eadesigner.tgz file on your laptop, and HXE server is in the same network as you are (e.g. WLAN), you can copy the file using scp. As an alternative, you can host the eadesigner.tgz file on an HTTP server and download it from there. For tomcat, copy the file eadesigner.tgz to the root directory and start tomcat.


Copy file to: webapps/ROOT
Start tomcat: ./bin/startup


Go to Downloads directory:

cd /usr/sap/HXE/home/Downloads

Download file from HXE:

curl /easdesigner.tgz –outfile eadesigner.tgz


After having the file locally available in HXE you can start the installation procedure. Start with extracting the file content.

tar -xzvf eadesigner.tgz


Run installer


Enter setup information

  • HANA Instance number
  • SYSTEM user password
  • XSA_ADMIN user password

Confirm to continue installation: Y.

Installation starts

When you see the command line again, EA Designer is (or should be) installed.

Post installation

Confirm status of EA Designer

xs apps

Look for the column state. The following 3 services must be started

  • eadesigner
  • eadesigner-backend
  • eadesigner-service


The following service is only used during installation and can be in state stopped.

  • eadesigner-db

Access EA Designer

Note down the port of EA Designer.


Let the world know

Presentation SITMUC 2019

Event information

  • Location: SITMUC 2019, Munich, IBM Client Innovation Center Germany GmbH
  • Date: 19.10.2019
  • Site: Event website
  • Title: Multicloud or a look back from an architect
  • Presentation: PDF

Additional information

  • Fruit Checker App is not a productive app. It is a showcase with the intention to make people think about the possibilities: what can you do today, value that combination of services can bring, etc.
  • The idea for the architecture is to make sure that the underlying concepts is valid even when new implementations are started on top of it. The individual solutions have to fit in, without violating the general architectural concept. That is: a new house can be built, as long as it fits into Mannheim’s Quadrate idea. It may be small or large, but still fits a block and follows the number scheme.
  • Same for the transportation concept: as long as you follow the established protocols and paths, you will arrive as planned. To go from Karlsruhe to Mannheim, you can use car or train. Going by horse is possible, but not recommended. Same with systems: use HTTPS, REST, BAPI, Integration, etc, but don’t use something that is possible but makes no sense (communicate via FTP instead of SSH/SCP).
  • SAP CAPM is from SAP, and therefore it depends on SAP’s ideas what is possible and what not. Maybe on day the process will be open and less SAP driven, and then we may have a tool that is even better than Spring Data.
  • Some slides are not included for a simple reason: they only make sense in the context of a live talk.
Let the world know

Create an oData service from CDS

This blog is about how to create an oData service from a CDS View. The code and example follow closely SAP Help documentation and the included example on this topic:

I only cut the documentation overhead and make the information available in a single blog. As you can see in the above two links, the task consists of 2 steps:

  1. Create CDS View
  2. Expose OData service

For the example, I used NW ABAP 7.52 Developer Edition and ABAP in Eclipse (ADT) tools. If you have a “real” SAP NW ABAP System available, you may also implement the sample service there.

Create CDS Data Source

In ADT, create a new CDS Data Definition.

Name: ZDEMO_CDS_SalesOrderItem
Description: List Reporting for Sales Order Item

Click on next to go throught the wizard.

Paste the following code in the new created file: https://github.com/tobiashofmann/cds_sample_service/blob/master/ZDEMO_CDS_SalesOrderItem

@AbapCatalog.sqlViewName: 'ZDEMO_SOI_001'
@AbapCatalog.compiler.compareFilter: true
@AbapCatalog.preserveKey: true
@AccessControl.authorizationCheck: #CHECK
@EndUserText.label: 'List Reporting for Sales Order Item'
@OData.publish: true

define view ZDEMO_CDS_SalesOrderItem as select from SEPM_I_SalesOrderItem_E as Item {
  key Item.SalesOrder as SalesOrderID,
  key Item.SalesOrderItem as ItemPosition,
  Item._SalesOrder._Customer.CompanyName as CompanyName,
  Item.Product as Product,
  @Semantics.currencyCode: true
  Item.TransactionCurrency as CurrencyCode,
  @Semantics.amount.currencyCode: 'CurrencyCode'
  Item.GrossAmountInTransacCurrency as GrossAmount,
  @Semantics.amount.currencyCode: 'CurrencyCode'
  Item.NetAmountInTransactionCurrency as NetAmount,
  @Semantics.amount.currencyCode: 'CurrencyCode'
  Item.TaxAmountInTransactionCurrency as TaxAmount,
  Item.ProductAvailabilityStatus as ProductAvailabilityStatus

Save and activate the CDS View.

Activate OData Service

The above created a CDS Data Definition and when activating, some magic happened. What is missing is to activate the OData service. ADT won’t do this for you, this needs to be done manually in the Gateway System.


Click on Add Service

Search for services in the local system.

System Alias: LOCAL

Click on Get Services

The CDS Service is shown.

Select the service and click on Add selected Services

Add service dialog.

Package Assignment: $TMP (click on Local Object)

Test service

After performing the above steps, the CDS View is implemented and the OData service exposing the data is activate and can be used. You may now test the service to see if everything is working as expected.


Click on SAP Gateway Client. To test the service, use the URL:


Available entity sets can be seen by clicking on EntitySets.

Available options by clicking on Add URI Option

The see the top 2 results in json, the URL is:


Let the world know