Automate Patching for Oracle Database in your Private Cloud
Who we are Experts At Your Service > Over 50 specialists in IT infrastructure > Certified, experienced, passionate Based In Switzerland > 100% self-financed Swiss company > Over CHF 8 mio. Turnover Leading In Infrastructure Services > More than 150 customers in CH, D & F > Over 50 SLAs dbi FlexService contracted Automate Patching for Oracle Database in your Private Cloud 22.11.2017 Page 2
About me Nicolas Jardot Senior Consultant +41 79 835 02 95 nicolas.jardot[at]dbi-services.com Automate Patching for Oracle Database in your Private Cloud 22.11.2017 Page 3
Agenda 1.Introduction 2.Patching automation with Ansible 3.Demo 4.Conclusion Automate Patching for Oracle Database in your Private Cloud 22.11.2017 Page 4
Introduction > What are we calling Cloud? > Why speaking about patching? > Oracle Database patching 2 4 1 3 Automate Patching for Oracle Database in your Private Cloud 22.11.2017 Page 5
Introduction What are we calling Cloud? Is Cloud just a marketing/buzz word? > Cloud mostly means operating as a Service > PaaS, DBaaS, aso How can we define Cloud? > Graphical Interface as a portal > Automation Who said autonomous? > Back-charging Pay as you use My personal Cloud definition > Operate your system so the client sees it as a service Page 6
Introduction Why speaking about patching? Reminder: the WannyCry case > Microsoft released security patch on March 2017 > The ShadowBrokers disclosed vulnerability details in April > Worldwide attack started on 15 May 2017 Does it really matter? > Some UK hospitals were impacted to the point some operations were rescheduled > Renault had to stop production sites several days due to the attack > Businesses were impacted The security patch was available since 2 months before a global attack > Time window to test/validate/apply patches is reducing Page 7
Introduction Oracle Database patching Oracle Critical Patch Update program > Collection of security fixes for Oracle products > Released every quarter around 17 th : January, April, July, October > Security alert for critical security issues: 2 in November 2017 > Available on OTN: https://www.oracle.com/technetwork/topics/security/alerts-086861.html Database patching is evolving > CPU/SPU or PSU in Oracle Database 11g > PSU / Proactive Bundle Patch for Oracle Database 12c R1 > RU / RUR starting in Oracle Database 12c R2 Use favorites in My Oracle Support > Doc ID 2118136.2: Download reference for Oracle DB patches > Doc 756671.1: Master note about patch program (previously recommended patches) Page 8
Patching automation with Ansible > Introduction to Ansible > Ansible language > Ansible tasks, playbook and roles 2 4 1 3 Automate Patching for Oracle Database in your Private Cloud 22.11.2017 Page 9
Patching automation with Ansible Introduction to Ansible Ansible is a simple automation language > Open source automation tool > Designed for multi-tier deployment > Agentless Ansible relies on SSH and Python > Push based > Tasks oriented easy to read Ansible is very popular > Extra-module available on Github: https://github.com/ansible > Lots of existing code available on Ansible Galaxy: https://galaxy.ansible.com/ Non exhaustive use cases > Configuration > Provisioning Page 10
Patching automation with Ansible Introduction to Ansible Ansible allows running ad-hoc commands against host $ ansible dbinstances -m ping DB1 SUCCESS => { "changed": false, "failed": false, "ping": "pong" } Ansible gather facts about your systems > You can dynamically adapts your code based on variables $ ansible DB1 -m setup DB1 SUCCESS => { "ansible_facts": { "ansible_architecture": "x86_64", "ansible_bios_version": "VirtualBox", "ansible_distribution": "OracleLinux", "ansible_distribution_version": "7.4", } } Page 11
Patching automation with Ansible Ansible language Ansible code is written in YAML > Human readable way to represent serializable data > Close to JSON and Python --- - name: Install Oracle binaries hosts: dbinstances vars_files: - vars/psu_{{ oracle_version }}_{{ psu_release }}.yml roles: - role: deploy_oracle_home YAML pitfalls > Use indentation but do NOT support tabulation > Create lists be careful with : too Page 12
Patching automation with Ansible Ansible language Ansible is declarative / desired state based > No need for you to test the result > Ansible will assure the declaration is true > Modules should be idempotent Running multiple time should be the same as running only once Ensure the user oracle exists with the required groups - name: Prepare user oracle user: name: oracle password: '{{ oracle_user_pwd }}' groups: - dba - vboxsf Page 13
Patching automation with Ansible Ansible tasks, playbook and roles Playbooks are composed of 1 or more plays > A play is a YAML document describing tasks > A play allows to group actions to certain hosts > Multiple plays are useful for multi-tiers deployment Page 14
Patching automation with Ansible Ansible tasks, playbook and roles Playbooks run against hosts > Need to declare your components in an inventory > Inventory can be dynamically generated Ansible roles allows to create deployment units > Roles contains tasks but also variables > Easily create reusable playbooks with variables > Roles and directory layout helps to organize the code. ansible.cfg deploy_oracle_home.yml inventory Dev group_vars dbservers default_ora_config host_vars DB1 hosts roles create_db tasks main.yml Page 15
Demo 1 > Quick word about Vagrant > Test infrastructure 2 3 4 Automate Patching for Oracle Database in your Private Cloud 22.11.2017 Page 16
Demo Quick word about Vagrant Vagrant is a tool for building virtual machines > Open source tool > Easy way to create reproducible environment > Support several providers (VirtualBox, VMware, AWS, ) > Support provisioning tool like Ansible, Chef or Puppet Vagrant is used to provision standard Linux servers > Oracle Linux boxes available at https://yum.oracle.com/boxes Page 17
Demo Test infrastructure Ansible host Create VM Prepare VM Create DB Linux server DB1 Oracle 12.1.0.2 PSU 170718 Patch DB DB1 Oracle 12.1.0.2 PSU 171017 Page 18
Conclusion 1 2 3 4 Automate Patching for Oracle Database in your Private Cloud 22.11.2017 Page 19
Conclusion Automation increases your security > Develop once, run many in standard way even in parallel > Reduce human errors Automation allows you to commit your infrastructure > Developers commit the business code > Save the code helping to run the code > Playbooks/recipes can be saved in source control and versioning tool (Git, SVN, ) Page 20
Conclusion What s the link with the Cloud? Once playbooks are ready, create your portal to run them and build your Cloud > Ansible Tower > Ansible AWX > Jenkins > Semaphore Ansible integrates well if you go for public Cloud > Ansible has modules to manage/provision AWS EC2 instances > Inventory can be dynamically generated > Maintain your Cloud environment at same level dbi services 26.04.2015 Page 21
Basel Delémont Zürich Any questions? Please do ask! Nyon We would love to boost your IT-Infrastructure How about you? Automate Patching for Oracle Database in your Private Cloud 22.11.2017 Page 22
Let s meet at booth 242