As a DBA I find that people think I know about how to tune SQL. They present me with a query that looks simple, but on inspection has views on views on complex views, and has an explain plan of over 100 lines! It is difficult to know where to start, particularly when you don’t know what the SQL is supposed to be doing, or understand the structure of the data within the database.
I am working on extending my automation to do some new things. We refresh test environments from production. Previously we used to copy all the code from production back to development. Now we build the VMs from scratch, so we don’t need to do this any more, but it would be convenient to call the VM build in the middle of the refresh.
Often configuring a system involves running scripts and passing passwords as a parameter. If all goes well, this is fine, Ansible just reports the task has changed. If not, the password is logged, which is bad if the output is being sent to people who shouldn’t know it. Here are some thoughts on how to get round that.
Start with the following playbook for demonstration purposes:
And run it:
My hosting at the University of Cambridge: people.ds.cam.ac.uk/psh35 is being discontinued. I am therefore moving this blog to Netlify:
Please update your bookmarks or feed reader to: https://curiousdba.netlify.app/
This wasn’t as hard as it might have been. I took the opportunity to upgrade the theme, because GitHub complained about the security of some of the components. This caused the site not to build. The new version of the theme requires Hugo pipeline, which means it needs a recent version of Hugo extended. This won’t run (easily) on RHEL7 due to glibcxx being too old. However, Netlify does supply Hugo extended, and allows the user to pick a version. I needed to upgrade because of a conflict with the theme and the default Hugo version. I picked the latest and my blog built!
Here is a possible way to use git on Windows to work on a git repository in GitLab. The nice thing about GitLab is it uses git, so any Windows git client can be used. I prefer command line myself, but there are GUI options including the git supplied one which I will be using.
I suggest using chocolatey to manage software. Follow the installation instructions on the chocolatey website to do this.
Sometimes you see a private shared lane which has a gate to stop people using it, but the people who are allowed have padlocks in a chain. Anyone who has a padlock in the chain can open it with the key in their keyring.
This is very much like how the secure keys work. If someone else wants to be able to use the gate, they have to get one of the three key holders to go to the gate with them, open their padlock, and insert their padlock into the chain.
I like Ansible, but I find one omission in the way it works is the lack of a way to manage secrets, i.e. things like private keys, passwords, and access tokens.
I stored passwords in the inventory file. This means the inventory file is large, and can’t be checked into version control, which makes it difficult to manage.
My first test is to create another git repository to check out onto the VM. This contains some application code which needs to be installed. To check this out to any one of 100 or so VMs I am using gitlabs deploy token functionality, which creates a URL like this:
Our PeopleSoft system has a couple of maintenance tasks which are kicked off from the database server. I am converting it to use Ansible and a management server, but in the meantime I need this to work.
We had been using Bitvise SSH server on Windows, but experienced problems with it locking up occasionally. Also we needed to create some new Windows VMs and wondered if there was a way to do the work without paying for more licenses. Also as we are upgrading to Windows server 2016, I am seeing if there is a way to automate this as part of my Ansible build.
