TLS, RAC and externally signed certificates

Sven Illert -

Recently I was working with a customer on a problem that once again was solved with an easy fix but which took quite some time to be found. So first let’s describe the situation: The environment consists of a Real Applciation Cluster with two nodes and several container databases. The software (all latest 19c) is set up with no role separation and a simple basic network setup consisting of 2 node ip addresses, 2 node vips and 3 SCAN ip addreses resolving to one SCAN name. A pretty basic setup and well known with many installations.

Using Letsencrypt with OCI

Sven Illert -

Security is one of the biggest topics and concerns in the IT industry nowadays and since more and more services a hosted in cloud environments, the need for secure configurations increases steadily. One small part is to secure any connections in some way or another so that nobody can see your precious data just by capturing data streams. For generic TCP connections the most common way to do this is using Transport Layer Security, or short: TLS and in former times called Secure Socket Layer, short: SSL. And with the release of Let’s Encrypt it became easier to obtain TLS certificates that are widely accepted.

Updates

Sven Illert -

In September I was not able to provide a technical blog post. But that doesn’t mean I was lazy the whole time. There are some updates to the blog and my person. Hugo vs. Jekyll As you might have already noticed, my blog is quite small in footprint and probably renders very fast on your client. This may be due to the fact that I use a static website generator. In the past this was Jekyll. I was quite happy with that in general, but not with the fact that maintaining it’s runtime environment might cause some hassle if your’e not used to use Ruby everyday. It’s not that I’m not able to handle it, but managing all that dependency stuff and keeping an ruby env up to date is just nothing that I want to do if I just want to create a nice little blog.

System users in OCI

Sven Illert -

Once you are hosting an application in some environment, doesn’t matter if on-premises or in the cloud, you want to get notified by the application when soemthing happens or you need to take action. As an example let’s assume that may be a GitLab community edition you manage yourself in the Oracle Cloud Infrastructure. For this purpose there’s an Email Delivery Service which you can use to send mails from your cloud applications. For this to work you have to configure DKIM and SPF records for a DNS domain and configure aproved sender email addresses that may be used by your application. Maybe I’ll cover that in another blog post but that shouldn’t be addressed here now.

CloudLand and DOAG Conference

Sven Illert -

This year I had the possibility to attend the DOAG CloudLand for the first time and also had the honor to talk about an OCI migration project from 2023. Although I had a rather unpleasant time slot during lunch on the last day, the audience was quite intereseted. Of course I also attended quite interesting talks from other people. In general the topics were quite container centric and basic infrastructure or even Oracle software had to be looked for. So I concentrated on the few pearls that weren’t to containered like security and IaC focused presentations. Things that were interesting for my daily business where in fact software like Trivy and of course OpenTofu. The latter is especially interesting since Oracle switched to it in it’s OCI cloud shell environments from the official Hashicorp terraform binary.

What time is it in heaven?

Sven Illert -

Maybe you have realized that when you deploy a compute instance in your favourite cloud environment that the “hardware” clock is set to UTC - which is the coordinated universal time. And that of course totally makes sense, since your cloud provider is operating a global business. That also isn’t a problem if you handle your times and dates in your Oracle database application properly with a timezone component. For this you can save time related data in the TIMESTAMP WITH TIME ZONE datatype. So you can easily at any time present the value in the desired timezone value.

Shared memory connection with godror

Sven Illert -

Recently I was playing around with the go programming language by google. Although I am not a fan of this company anymore for various reasons, the programming language is fun to work with. Especialy when it comes to development of CLI utilities it has quite some advantages and combines the ease of use like perl and the feature of producing a compiled binary like from C. Also I am a big fan of strictly typed languages.

DOAG Database 2024

Sven Illert -

Recently me and some of my colleages from Robotron visited the DOAG Database conference in Düsseldorf. I also spoke about Transparent Data Encryption and it’s little helpers on Oracle Engineered Systems. You may already have read about some of these in my blog in the past. I was happy that although during my speech nobody asked a question - which is kind of irritating since you can’t know if that’s out of misinterest or because you answered already everything - that afterwards some people told me it was a quite good and useful speech. Feedback is always welcome and I appreciate that!