Latest Posts

OCI Cloud Performance Management for On-Premises Databases – Part 2 – Database Configuration

In the part 1 of this blog post series, we have installed the Management Agent. Now it’s time to add the database. For this case an agent plug-in has to be installed first before we can configure the database.

More information about the management agent administration: https://docs.oracle.com/en-us/iaas/management-agents/doc/management-agents-administration-tasks.html

This is a small blog post series

My Setup

  • An OCI Tenant in datacenter EU-FRANKFURT-1
  • An empty compartment called datacenter-kestenholz
  • An on-premises database called CDB114, running on Oracle Linux 7
  • OCI Management Agent up and running

The goal is to handle the on-premises database in OCI. Output from the Trivadis TVD-Basenv(TM) framework which show the database up and running:

Service Plug-In Deployment

From the agent page, we select the Management Agent to see the details. Click on Deploy Plug-Ins.

Select the plug-in for the database management, press Update to deploy it on the management agent.

Now you see the confirmation that the deployment process is initiated.

After some seconds, you can see on the top right of the agent overview page, that the service plug-in is installed.

Register the External Database

In External Database menu, we register an external container database first. Be sure that the right compartment is selected.

Set the compartment and display name and click Register.

More about this process: https://docs.oracle.com/en-us/iaas/Content/Database/Tasks/externalcreating.htm

Connect to the External Database

After registration, the container database is added, but not connected. In this step we create a connector to setup the database in OCI.

Set display name, DNS hostname, port and service first.

The connector type cannot be changed, select the management agent from the connector agent id list, specify database connection credentials. I use the database schema SYSTEM. Click on Connect to External Container Database.

After some minutes, the work request is done and the database is connected. The database is in state Available.

We repeat the steps above to add the three external Pluggable Databases on the same way.

Enable Database Management

Before Database Management from OCI can be used, it has to be enabled. This is done on the page where the external Container Database is visible. According Oracle’s license handling, this has to be done manually. You can select between BYOL and License Included. After some minutes, the database management is enabled and the agent is updated. More about licensing and pricing in the next blog post number 3 which is coming soon.

Database Management – Database Groups and Fleet Summary

When Database Management is enabled in OCI for all Container and Pluggable Databases, the management agent starts to collect database related data. We can organized the external databases in groups.

In Database Management menu, create a new database group. In my case I named it Datacenter_Kestenholz which contains the previous added external databases.

When Database Management is enabled in OCI for all Container and Pluggable Databases, the Management Agent starts to collect database related data. Some moments later, the dashboard has the first values.

Note: The Container Database is not shown in the Fleet Summary dashboard at the moment, only Pluggable Databases are listed with performance data etc. – I will open a SR to clarify it.

Summary Part 2

When the Management Agent is up and running, adding a database is straight forward. But we have to clarify the license situation first. More about licensing and cost in the next blog post part 3.

Oracle Cloud Infrastructure – A small and secure Development Environment – Next Level: Terraform

In a previous blog post I wrote how to build a small and secure development environment in Oracle Cloud Infrastructure with an OpenVPN entry point and a compute instance in a private setup. Now there is the Terraform code available in GitHub to setup it on an easy and reusable way:

terraform-examples/oci/openvpnas at main · Trivadis/terraform-examples (github.com)

What you get

After executing the code, you will get this setup here:

  • an OpenVPN Access Server from OCI Marketplace
  • a Compute Instance

Prerequisites

  • Oracle OCI CLI installed and configured
  • Terraform up and running
  • Git client installed

SSH Key Access

An example private and public SSH key to get access on the compute instance in the private subnet is provided in subdirectory SSH, if you want to use your own SSH key – which is highly recommended – just replace the public key variable in file variables.tf with your own key:

Some Code Snippets

Terraform State File

In file backend.tf, the Terraform state is set  to local, there is also an example to store your state file in OCI Object Store. Please prepare the bucket first according the documentation here: Using Object Storage for State Files (oracle.com). Example:

Compute Instance Image

The compute instance as defined in compute.tf uses this images according your location – for other data centers or images, follow here is the link where all images are listed: https://docs.us-phoenix-1.oraclecloud.com/images/

OpenVPN Marketplace Image

 

Let’s Terraform it

0: Clone GitHub Directory

And go to openvpnas subdirectory.

1st: Set Variables

2nd: terraform init, plan and apply

Login and Go!

And after some minutes – you can get access to the OpenVPN Administrator Dashboard or get your client or profile. All required information like OpenVPN Access Server public IP, URL etc. are provided in the Terraform output.

Login into the compute instance with the private key and the private subnet IP address when the VPN tunnel is up and running:

Links and Documents

Summary

Setup an Oracle Cloud Infrastructure with Terraform is a good way to start in the IaC – Infrastructure as Code – world. Feel free to use this code a base for your next project. What’s your next level? Mine is to integrate the code in the Oracle Cloud Resource Manager – stay tuned!

OCI Cloud Performance Management for On-Premises Databases – Part 1 – Management Agent Installation

The OCI Management Agent service collects data from services and sources for monitoring and management in Oracle Cloud Infrastructure. In this blog post series I will show you how you can monitor and manage an on-premises Oracle databases in OCI. The communication between an agent and OCI requires an Agent Install Key and is based on HTTPS. Service Plugins extend a Management Agent for example for Oracle database performance monitoring and management or log analytics.

This is a small blog post series

My Setup

  • An OCI Tenant in datacenter EU-FRANKFURT-1
  • An OCI compartment called datacenter-kestenholz
  • An on-premises Container Database called CDB114, running on Oracle Linux 7
  • Three on-premises Pluggable Databases
The goal is to manage the on-premises database in Oracle Cloud Infrastructure OCI. Output from the Trivadis TVD-Basenv(TM) framework which show the database up and running:

Prerequisites for Management Agent Installation

  • Oracle Linux 6 or higher
  • Red Hat Enterprise Linux 6 or higher
  • CentOS 6 or 7
  • SUSE Linux Enterprise Server 12 or 15
  • Windows Server 2012 R2, 2016 or 2019

There are other prerequisites on the target server like the correct Java version (e.g. version 11 does not work) and sudo permissions. For the complete list of prerequisites, see here:

https://docs.oracle.com/en-us/iaas/management-agents/doc/perform-prerequisites-deploying-management-agents.html#GUID-BC5862F0-3E68-4096-B18E-C4462BC76271

Setup for OCI Management Agent

It is recommended to handle the agents in a separate user group and with policies. This allows us to define the Management Agent management on an fine granular level.

Group AGENT_ADMINS

According the documentation, I have created an user group called AGENT_ADMINS.

Policy Datacenter_Kestenholz_Agent_Policy

A new policy is created that allows the admin group to interact with the management agents, handle keys etc.

Dynamic Group Management_Agent_Dynamic_Group

New added agents in the compartment belong automatically to this group. Replace the OCID with the OCID for your compartment.

Policy Datacenter_Kestenholz_Agent_Communication_Policy

A policy is required that allows the agents to communicate with the OCI endpoints. This policy is important, otherwise you run in an communication error (see below in section troubleshooting).

Install On-Premises Management Agent

Create Agent Install Key

Go to Management Agent Menu / Downloads and Keys, create a new Agent Install Key. Set the compartment and the time how long the key is valid. In this example, I need to replace the key after one month.

When click on Download Key to File, a textfile is created with the ManagementAgentInstallKey and all other (optional) parameters which can be used for install. You can use this file as responsefile template later.

Download the Software and Transfer it to the Target Server

I use the Agent for Linux and transferred it to the target on-premises server into a stage directory as OS user root.

Create a Local Response File

This is an example of a simple two-lines response file for agent installation in the same folder where the rpm is located, called input.rsp. The parameter managementAgentInstallKey is visible in the OCI web interface, the CredentialWalletPassword is your password for the wallet.

RPM Installation

As OS user root (or a user with sudo permissions) – install the rpm file. Here you can see that the minimum required Java version is not met.

After installing the jdk-8u281-linux-x64.rpm to update the server Java version, the installer runs fine.


2nd try – successful

Agent Configuration

Run the install script with the created response file as additional parameter. The agent will be started automatically.

A systemd service is created.

Verify the Management Agent in Oracle Cloud Infrastructure

Immediately after the setup, the Management Agent is visible with status Active in OCI and starts uploading data.

Agent details:

Troubleshooting

Management Agent logfiles are located in directory /opt/oracle/mgmt_agent/agent_inst/log.

Example error when the policy for agent communication is not set properly:

From My Oracle Support: OCI : Management Agent Status Reporting As “Not Available” Post Installation (Doc ID 2745566.1)

Summary Part 1

The Management Agent installation and integration is easy to setup when all prerequisites are met. For troubleshooting you have full access on the agent logs. See you for blog post 2, where I try to integrate the  on-premises Oracle databases into OCI.

Oracle Cloud Infrastructure – A short Blog Post about a secure and small Development Setup

For an internal project I had the pleasure to setup a new Oracle Cloud Infrastructure environment for an APEX development team. Here is a short overview about the setup.

Requirements

  • VPN Access from everywhere – 2 people are working maximal at same time on the environment
  • Oracle Standard Edition 2 – no license available in project
  • Small monitoring to verify server stats
  • Instances can be started and stopped from the developers to save costs for example over night, weekend, holiday etc.

Architecture Diagram

Resource Network Usage Remarks
Open VPN Access Server Public Subnet VPN client access and traffic routing OCI Cloud Marketplace Image – OpenVPN Access Server (2 FREE VPN Connections) – OpenVPN Inc. – Oracle Cloud Marketplace
Management Server Private Subnet OCI-CLI, Monitoring Application server and database node start/stop with OCI-CLI, Grafana and Prometheus for monitoring
Application Server Private Subnet Tomcat ORDS, APEX
Database System Private Subnet OCI Database Standard Edition 2, Backup to Object Store enabled

Network Components

  • Regional private and public subnet
  • Security lists and network security groups
  • Private and public routing table
  • NAT gateway for regional private subnet

Monitoring

Grafana and Prometheus, running on the management server. The free shape VM.Standard.E2.1.Micro fits perfect for this small setup! The Prometheus node exporter runs on the database and the application server. I used this Grafana dashboard here: Prometheus Node Exporter Full dashboard for Grafana | Grafana Labs

Links

Next Steps

  • Adding Influx DB for persistence
  • Adding the Oracle database to Grafana monitoring
  • Optimizing shape size for the database server according usage

Other Ideas

  • Create a blueprint for internal developer environments
  • Automate the setup with Terraform and Ansible

Summary

Setting up this infrastructure in Oracle Cloud Infrastructure was fun. All developer requirements are fulfilled. Started with the Network and OpenVPN configuration – I really like their Marketplace instance – and the moved on to application and database server, step-by-step. There are many other ideas what we can do more based on this setup, the work will not run out. #ilike

Oracle Cloud Infrastructure Data Safe – How to burn down 201.44 Swiss Francs in 30 Seconds…

Is Data Safe really for free?

In the last autumn, the new Oracle Cloud Infrastructure feature called Data Safe was released. For sure, new features has to be tested. I have tested the Data Safe feature too and added a cloud database to Data Safe. But in my enthusiasm about this cool feature – or maybe it was just too late in the evening –  I did a mistake by adding the database target. Four days later, I recognized that Data Safe is charged in my account. Mmm, but should it not be for free? First reaction: I raised an SR and described the case. The nice guy from My Oracle Support realized the situation quickly:

Dear Mister Berger, you have used the wrong target type when adding the Oracle Cloud Infrastructure database as a new Data Safe target.

From the Service Request:

  • B91632 – Oracle Cloud Infrastructure – Data Safe for Database Cloud Service – Each (Includes 1 million audit records per target per month) – Free
  • B91631 – Oracle Cloud Infrastructure – Data Safe for Database Cloud Service – Audit Record Collection Over 1 Million Records (over 1 million audit records per target per month) – 0.0800 / 10,000 Audit Records Per Target Per Month
  • B92733 – Oracle Cloud Infrastructure – Data Safe for On-Premises Databases – Target Database Per Month – 200.00 Target Database Per Month + Includes 1 million audit records per target per month (pre-requisite under B91632)

Indeed, indeed. According My Oracle Support I have used the wrong target type. Instead Oracle Cloud Database, I used Oracle Database on Compute. And did not realized, the mistake and ignored the text below to the dropdown box. Shame on me 😉 –  here is the small, but important difference:

So far so good, the mistake was recognized. I deleted the target and added it from scratch with the correct target type. But this didn’t help, the charging went on.

Oracle Cloud Infrastructure Price List

Adding an other target type than Oracle Cloud Database is charged on monthly fee base as described here: Cloud Price List | Oracle

Cost and Usage Report

In the detailed  cost and usage report, the target is marked as deleted (suffix DELETED + deletion date), and charged.

All you can do is getting angry about that mistake and wait. After a month, the money was burned down, and there were no more Oracle Cloud Infrastructure Data Safe costs charged. As you can see, there are 201.44 CHF charged for a month.

I don’t know what Oracle has for a currency converter, but actual 200 USD are less that 180 CHF 😉

Lessons learned

Pity about the beautiful money – and for my next test run: RTFM.