Moving

My hosting at the University of Cambridge: people.ds.cam.ac.uk/psh35 is being discontinued. I am therefore moving this blog to Netlify:

Please update your bookmarks or feed reader to: https://curiousdba.netlify.app/

Netlify

This wasn’t as hard as it might have been. I took the opportunity to upgrade the theme, because GitHub complained about the security of some of the components. This caused the site not to build. The new version of the theme requires Hugo pipeline, which means it needs a recent version of Hugo extended. This won’t run (easily) on RHEL7 due to glibcxx being too old. However, Netlify does supply Hugo extended, and allows the user to pick a version. I needed to upgrade because of a conflict with the theme and the default Hugo version. I picked the latest and my blog built!

Here is a possible way to use git on Windows to work on a git repository in GitLab. The nice thing about GitLab is it uses git, so any Windows git client can be used. I prefer command line myself, but there are GUI options including the git supplied one which I will be using.

Installing software

I suggest using chocolatey to manage software. Follow the installation instructions on the chocolatey website to do this.

The Idea

Sometimes you see a private shared lane which has a gate to stop people using it, but the people who are allowed have padlocks in a chain. Anyone who has a padlock in the chain can open it with the key in their keyring.

Image from pixabay.

This is very much like how the secure keys work. If someone else wants to be able to use the gate, they have to get one of the three key holders to go to the gate with them, open their padlock, and insert their padlock into the chain.

I like Ansible, but I find one omission in the way it works is the lack of a way to manage secrets, i.e. things like private keys, passwords, and access tokens.

I stored passwords in the inventory file. This means the inventory file is large, and can’t be checked into version control, which makes it difficult to manage.

My first test is to create another git repository to check out onto the VM. This contains some application code which needs to be installed. To check this out to any one of 100 or so VMs I am using gitlabs deploy token functionality, which creates a URL like this:

Our PeopleSoft system has a couple of maintenance tasks which are kicked off from the database server. I am converting it to use Ansible and a management server, but in the meantime I need this to work.

We had been using Bitvise SSH server on Windows, but experienced problems with it locking up occasionally. Also we needed to create some new Windows VMs and wondered if there was a way to do the work without paying for more licenses. Also as we are upgrading to Windows server 2016, I am seeing if there is a way to automate this as part of my Ansible build.

Security Updates Not Included!

Oracle’s Deployment Package DPK is supposed to deliver all the software required and at the correct versions. However, it appears this isn’t true. PeopleSoft itself is at the current version in the DPK, but all the software it depends on only has the previous quarters security updates applied. This often leaves us vulnerable to some quite serious security flaws.

The solution is to apply the patches after applying the DPK. It is annoying that we have to do this, because the sales documentation at the time suggested everything would be at the correct version with the latest patches.

Here are some notes as to how to create test data from real data with SQL.

I created a package to do this. It generates SQL statements to mask columns which have personal data, so we don’t end up testing with real peoples data. Here are some things I made it do.

The procedure loops through a list of tables which is in a local table. In this case we are selecting across a database link. I use a SQL statement to discover the format of the remote table using dbms_sql.parse.

The Problem

Our release process means that we have to refresh test environments on a particular schedule around the date of the release. These dates were put into a confluence page, but we discovered that the problem with this is that if a release is moved we have to change all the refresh dates. Also sometimes projects mean particular environments aren’t refreshed or the schedule is altered slightly.

So it ends up that we have to: