VirtualMachine

Moving VMs between Azure Zones

Sven Illert -

I am currently involved in a project that aims to migrate an on premises installation with about 150 Servers and 2 Exadata Database Machines into the Microsoft Azure cloud. Such a large project should include a reasonable amount of planning and as you probably know, that doesn’t always work perfectly from the start. In that phase considerations about high availability were made and since the project is located in a region that provides multiple availability zonss as a first line of defense, it was decided to spread systems across them. The details for the implementation were tracked in an Excel sheet which contains a lot of information about the target VM state including computing shape, ip addresses, target availability zone etc. That is then converted to several JSON files which provide the input for OpenTofu code.

Exadata@Azure with OpenTofu

Sven Illert -

In one of my recent projects I am building up an application environment in Azure using OpenTofu. That in itself is quite a challenge, since I mostly worked with the Oracle Cloud Infrastructure until this year. Another challenge is handling the Exadata@Azure part of the project since two different cloud worlds are involved. At first I had some problems with deploying an Exadata cluster in an Azure virtual network with an IPv4/IPv6 dual stack configuration. As per documentation that isn’t recommended at first, but since only one virtual network should be used I didn’t bother and tried to create it anyways using the dual stack vnet. Although no IPv6 prefix was configured for the delegated subnet which should be used by OCI, there was a bug when creating a network security group which didn’t ignore the IPv6 prefix of the vnet. That made the deployment process fail, because the virtual network in the OCI is an IPv4 only network and so it’s not possible to add IPv6 CIDRs to a NSG. Since the project has quite some relevance even for Oracle they fixed that in record speed of about 2 weeks.

Using RAW

Sven Illert -

I am by no means a database developer and use SQL and PL/SQL only for purposes to manage databases and working on it’s internals. Of course I have a basic understanding of it and my experience in developing/scripting in quite a large number of different languages during my career so far at least enables me to understand PL/SQL code written by others good enough for most purposes. But sometimes there are situations where one struggles to understand what’s happening and it is time to learn something new.

TLS, RAC and externally signed certificates

Sven Illert -

Recently I was working with a customer on a problem that once again was solved with an easy fix but which took quite some time to be found. So first let’s describe the situation: The environment consists of a Real Applciation Cluster with two nodes and several container databases. The software (all latest 19c) is set up with no role separation and a simple basic network setup consisting of 2 node ip addresses, 2 node vips and 3 SCAN ip addreses resolving to one SCAN name. A pretty basic setup and well known with many installations.

Using Letsencrypt with OCI

Sven Illert -

Security is one of the biggest topics and concerns in the IT industry nowadays and since more and more services a hosted in cloud environments, the need for secure configurations increases steadily. One small part is to secure any connections in some way or another so that nobody can see your precious data just by capturing data streams. For generic TCP connections the most common way to do this is using Transport Layer Security, or short: TLS and in former times called Secure Socket Layer, short: SSL. And with the release of Let’s Encrypt it became easier to obtain TLS certificates that are widely accepted.

Updates

Sven Illert -

In September I was not able to provide a technical blog post. But that doesn’t mean I was lazy the whole time. There are some updates to the blog and my person. Hugo vs. Jekyll As you might have already noticed, my blog is quite small in footprint and probably renders very fast on your client. This may be due to the fact that I use a static website generator. In the past this was Jekyll. I was quite happy with that in general, but not with the fact that maintaining it’s runtime environment might cause some hassle if your’e not used to use Ruby everyday. It’s not that I’m not able to handle it, but managing all that dependency stuff and keeping an ruby env up to date is just nothing that I want to do if I just want to create a nice little blog.

System users in OCI

Sven Illert -

Once you are hosting an application in some environment, doesn’t matter if on-premises or in the cloud, you want to get notified by the application when soemthing happens or you need to take action. As an example let’s assume that may be a GitLab community edition you manage yourself in the Oracle Cloud Infrastructure. For this purpose there’s an Email Delivery Service which you can use to send mails from your cloud applications. For this to work you have to configure DKIM and SPF records for a DNS domain and configure aproved sender email addresses that may be used by your application. Maybe I’ll cover that in another blog post but that shouldn’t be addressed here now.

CloudLand and DOAG Conference

Sven Illert -

This year I had the possibility to attend the DOAG CloudLand for the first time and also had the honor to talk about an OCI migration project from 2023. Although I had a rather unpleasant time slot during lunch on the last day, the audience was quite intereseted. Of course I also attended quite interesting talks from other people. In general the topics were quite container centric and basic infrastructure or even Oracle software had to be looked for. So I concentrated on the few pearls that weren’t to containered like security and IaC focused presentations. Things that were interesting for my daily business where in fact software like Trivy and of course OpenTofu. The latter is especially interesting since Oracle switched to it in it’s OCI cloud shell environments from the official Hashicorp terraform binary.