TLS
Using terraform import to migrate resources
Sven Illert -
Terraform is a nice tool when managing infrastructures in your cloud environment. It becomes really powerful when it comes to mass deployment and managing resources where you don’t need to repeat yourself too much. I think many of us experienced the start of a project with singleton resources when we were bloody newbies. But as time passes by the need for a more scalable solution emerges and you need to transform that singleton into a more iterative manner of resource management.
QuickFix: SSH HMAC problems on ODA 19.22
Sven Illert -
Oracle lately introduced the Oracle Database Appliance Software Release 19.22 with the usual fixes and updates to all of it’s components. It also provides an eagerly awaited fix to the included ASR manager, so now you can use that again. But where’s light, there also may be some shadow. If you are using a newer version of PuTTY on Windows, a recent version of OpenSSH on macOS, you might get the following errors after patching the system to 19.22.
Talks in 2024
Sven Illert -
I am happy to announce that I will be appearing at least at two conferences organized by DOAG, the German Oracle user group. The first talk will be held at the DOAG Datenbank 2024 and the topic is Transparent Data Encryption auf Engineered Systems - Kleine Helfer which is about TDE and their helpers on engineered systems on premises and in the OCI. I love this conference in Düsseldorf and am happy to be there again.
IPv6 and private subnets in OCI
Sven Illert -
IPv6 is raoming around since many years, it was launched in 1998. That’s 26 years ago and it is still not used by default in many locations. Why is that, especially when IPv6 is the recommended protocol for internet communication? Unfortunately IPv6 isn’t default even with modern cloud providers like Oracle with it’s OCI. Of course you will get a world wide usable and routed subnet if you like, but you have to enable it by yourself in the first place. You’ll get DHCPv6 for free with recurring adresses, so that you can name things even after a reboot. But in difference to IPv4 you’re not able to communicate with the internet if your resource is in a private subnet as shown in the diagram below.
Cloning an OCI Vault secured PDB - Part II
Sven Illert -
Last year I tried to duplicate a TDE encrypted pluggable database from one Exadata Cloud Machine to another into a separate CDB which is not a standby system of the first one. Normally this is not a big problem, because you can copy over the encryption key(s) from the source within the clone command. But that does not work when your encryption keys are stored in the OCI Vault service. Just for refresh, this is the error you’ll get if you try.
Oracle PDBs in a Data Guard environment
Sven Illert -
Oracle introduced it’s container based database configuration with Oracle 12.1, which dates back to the year of 2013. So it’s ten years in the wild and the adoption process is still in progress as not all of my customers have migrated to the new architecture yet, even if is enforced with the upcoming 23c release. Although this architectural change has brought a variety of useful features that make the daily business for an DBA a lot easier, there are some problems in combination with Data Guard.
SQLcl and wallet authentication
Sven Illert -
In the recent months I was involved in a large project that is run in Oracle Cloud Infrastructure and of course includes some Oracle databases on Exadatas. As per best practice I have set up an operations compute instance that is used to run maintenance scripts against the databases running on these machines. To use that I have installed SQLcl from the official Oracle Linux repositories because the tool would get updated automatically when the host is updated via os management. I also installed the instant client via the repositories for the same reason.
Cloning an OCI Vault secured PDB
Sven Illert -
On some days you just want want to perform a simple task, one you have done several times before and know that it will not take too much time to complete. But sometimes you will face a new challenge and spend a whole day to fix an issue that can’t be fixed. Such a day was today. What happened? I wanted to clone a PDB via DB link from a source CDB to a target CDB. So far so easy, isn’t it?