UKOUG2018 - I Know what you did Last Summer [in my Database].pptx

1. Copyright © 2014, eProseed and/or its affiliates. All rights reserved. | Confidential I KNOW WHAT YOU DID LAST SUMMER… ( IN MY DATABASE )! About an Oracle database Journal solution An Oracle DBA’s “journal story”, in a “devops” (architect?) role, working agile, in a third-party database environment… 

2. Copyright © 2014, eProseed and/or its affiliates. All rights reserved. | Confidential Oracle Platinum Partner Awarded 19 excellence awards in 8 years 9 Oracle ACE Directors and 3 ACE Associates 14 offices worldwide EPROSEED

3. Copyright © 2014, eProseed and/or its affiliates. All rights reserved. | Confidential $ WHOAMI  Marco Gralike  Principal Consultant  eProseed SA, NL  Oracle ACE Director for XMLDB / JSON / DBIM  marco.gralike@eproseed.com  Database Beta Test Lead since DB 11.1.0.6  Database Administrator since DB 6.  Personal website  www.xmldb.nl  www.gralike.com 4

4. Copyright © 2014, eProseed and/or its affiliates. All rights reserved. | Confidential WHERE HAVE I BEEN…? • Daytime: – Worldwide customers – eProseed internal environments • Nighttime: – If “No Cloud” stuff tonight, then…! 5

7. Copyright © 2014, eProseed and/or its affiliates. All rights reserved. | Confidential GOAL FOR THE PROJECT Rebuilding an old Oracle forms environment (Designer based) into a new Oracle SOA environment using microservices architecture. • Limited Licenses (Government org.) • Easy maintained • 3 years build (replacing donor, transplant, allocation, matching forms) • Supporting journaling – audit on placing, statistics, correct matching 9

8. Copyright © 2014, eProseed and/or its affiliates. All rights reserved. | Confidential CONTINUOUS INTEGRATION 10 Developer Workstation IDE Build (Local) Code Review Crucible (optional) SonarQube Testing TestLink or Zephire Repository Management Nexus Issue Tracking System JIRA Version Control System Bitbucket Continuous Integration Bamboo External Repositories Apache Central Oracle Maven Application Servers JEE Specific scripts Documentation Confluence CI Agent

9. Copyright © 2014, eProseed and/or its affiliates. All rights reserved. | Confidential DATABASE RELATED 1. User creates SQL or PL/SQL code and drops it in GIT repo 2. Bamboo orchestrates merge and delivers new deployment scripts of all, but also DB code 3. Via database customer PL/SQL procedure, the scripts are executed in correct order a) VERSION table is maintained per schema at beginning of execution b) {…my setup is executed} c) End of customer procedure 4. Bamboo acts on result 11

10. Copyright © 2014, eProseed and/or its affiliates. All rights reserved. | Confidential ARCHITECTURE GOALS - JOURNAL • Replacing self build journal environment • Keeping track on all transactions – Being able to travel back in time (across / in context of table relations) – What: • DML (update, insert, delete) / DDL (alter) – Who / Where & How: • Hardware and software info, application info, session info, etc. • KISS • C.I. supported solution 12

11. Copyright © 2014, eProseed and/or its affiliates. All rights reserved. | Confidential OLD JOURNAL ENVIRONMENT • Approximately 620 tables • 261 of these are “journal” tables ( *_JN ) • These are populated, maintained via triggers on the original table 13

12. Copyright © 2014, eProseed and/or its affiliates. All rights reserved. | Confidential • Production Database – Single instance – 12cR2 – Retention time 2 years – Micro Service application backend • Content store / BI database – Single instance – 12cR2 – Retention time indefinite (def. by law?) – Audit / checking / reporting 14 TECHNICAL - SETUP 12C DATABASE

13. Copyright © 2014, eProseed and/or its affiliates. All rights reserved. | Confidential • ODA machine • Single Instance 12cR2 • Third party maintained • Development done by – Customer & eProseed 15 LOGISTICAL - SETUP 12C DATABASE

14. Copyright © 2014, eProseed and/or its affiliates. All rights reserved. | Confidential GREAT – NEW FEATURES ORACLE 12.1 FLASHBACK! • The WHAT – Oracle 9i Flashback Query functionality • The WHO/WHERE/HOW – Oracle 12cR1 new feature functionality User Context Tracking Export, Import Table history Database Hardening / Application Packaging FDA Optimization (Compression) 16

15. Copyright © 2014, eProseed and/or its affiliates. All rights reserved. | Confidential GREAT – NEW FEATURES ORACLE 12.1 FLASHBACK! • The WHAT – Oracle 9i Flashback Query functionality • The WHO/WHERE/HOW – Oracle 12cR1 new feature functionality User Context Tracking Export, Import Table history Database Hardening / Application Packaging FDA Optimization (Compression)  additional license (Adv. Compression) 17

16. Copyright © 2014, eProseed and/or its affiliates. All rights reserved. | Confidential GREAT – NEW FEATURES ORACLE 12.1 FLASHBACK! • The WHAT – Oracle 9i Flashback Query functionality • The WHO/WHERE/HOW – Oracle 12cR1 new feature functionality User Context Tracking Export, Import Table history (Oracle 12c manual note) Database Hardening / Application Packaging 18

17. Copyright © 2014, eProseed and/or its affiliates. All rights reserved. | Confidential GREAT – NEW FEATURES ORACLE 12.1 FLASHBACK! • The WHAT – Oracle 9i Flashback Query functionality • The WHO/WHERE/HOW – Oracle 12cR1 new feature functionality User Context Tracking Database Hardening / Application Packaging Not really easy implementing via Continuous Integration supporting KISS? Lacking decent documentation Not really needed, more a nice to have for the future Instable / strange results? 19

18. Copyright © 2014, eProseed and/or its affiliates. All rights reserved. | Confidential GREAT – NEW FEATURES ORACLE 12.1 FLASHBACK! User Context Tracking  Bare essentials what we needed anyway  “Missing” views (dba_* | user_* | cdb_*)  …like “which tablespace with which flashback archive with which flashback application name…”  What to do with multiple flashback archive methods regarding retention times (and respective flashback different flashback tablespaces) Grants for SYS base tables and PL/SQL… 20

20. Copyright © 2014, eProseed and/or its affiliates. All rights reserved. | Confidential PRIVS – SO FAR… -- Flashback management / journaling related GRANT SELECT ON sys.dba_sys_privs TO CORE_ADMIN;GRANT SELECT ON sys.dba_role_privs TO CORE_ADMIN;GRANT SELECT ON sys.dba_objects TO CORE_ADMIN;GRANT SELECT ON sys.dba_users TO CORE_ADMIN;GRANT SELECT ON sys.dba_ts_quotas TO CORE_ADMIN;GRANT SELECT ON sys.dba_flashback_archive_ts TO CORE_ADMIN;GRANT SELECT ON sys.sys_fba_app TO CORE_ADMIN;GRANT SELECT ON sys.sys_fba_app_tables TO CORE_ADMIN;GRANT SELECT ON sys_fba_fa TO CORE_ADMIN;GRANT SELECT ON sys_fba_barrierscn TO CORE_ADMIN;GRANT SELECT ON sys_fba_cols TO CORE_ADMIN;GRANT SELECT ON sys_fba_context TO CORE_ADMIN;GRANT SELECT ON sys_fba_context_aud TO CORE_ADMIN;GRANT SELECT ON sys_fba_context_list TO CORE_ADMIN;GRANT SELECT ON sys_fba_dl TO CORE_ADMIN;GRANT SELECT ON sys_fba_partitions TO CORE_ADMIN;GRANT SELECT ON sys_fba_period TO CORE_ADMIN;GRANT SELECT ON sys_fba_trackedtables TO CORE_ADMIN;GRANT SELECT ON sys_fba_tsfa TO CORE_ADMIN;GRANT SELECT ON sys_fba_users TO CORE_ADMIN;GRANT SELECT ON sys_mfba_nchange TO CORE_ADMIN;GRANT SELECT ON sys_mfba_nrow TO CORE_ADMIN;GRANT SELECT ON sys_mfba_ntcrv TO CORE_ADMIN;GRANT SELECT ON sys_mfba_stage_rid TO CORE_ADMIN;GRANT SELECT ON sys_mfba_tracked_txn TO CORE_ADMIN;GRANT SELECT ON fba_config_tables TO CORE_ADMIN; -- Needed for user/process FBA auditing w/PLSQL GRANT EXECUTE ON dbms_session to CORE_ADMIN;GRANT EXECUTE ON dbms_session to RECIPIENT;GRANT EXECUTE ON dbms_session to ALLOCATION;GRANT EXECUTE ON dbms_session to BACKBONE;GRANT EXECUTE ON dbms_session to DWH; 22

21. Copyright © 2014, eProseed and/or its affiliates. All rights reserved. | Confidential ROLES… -- Flashback management / journaling related GRANT FLASHBACK ARCHIVE ON FLASHBACK_DEFAULT TO CORE_ADMIN; GRANT FLASHBACK ARCHIVE ADMINISTER TO CORE_ADMIN; GRANT EXECUTE ON DBMS_FLASHBACK_ARCHIVE TO CORE_ADMIN; GRANT CREATE ANY CONTEXT TO CORE_ADMIN; 23

22. Copyright © 2014, eProseed and/or its affiliates. All rights reserved. | Confidential WHAT WILL HAPPEN…? • USER HAS THE PRIVILEGES TO PUT HIS OWN TABLE IN FLASHBACK ARCHIVE MODE • USER HAS NO QUOTA ON THE FLASHBACK ARCHIVE TABLESPACE SQL> alter table country flashback archive; 24

23. Copyright © 2014, eProseed and/or its affiliates. All rights reserved. | Confidential WHAT WILL HAPPEN…? • USER HAS THE PRIVILEGES TO PUT HIS OWN TABLE IN FLASHBACK ARCHIVE MODE • USER HAS NO QUOTA ON THE FLASHBACK ARCHIVE TABLESPACE SQL> alter table country flashback archive; Table BACKBONE.COUNTRY altered. 25

24. Copyright © 2014, eProseed and/or its affiliates. All rights reserved. | Confidential WHAT WILL HAPPEN…? • USER HAS THE PRIVILEGES TO PUT HIS OWN TABLE IN FLASHBACK ARCHIVE MODE • USER HAS NO QUOTA ON THE FLASHBACK ARCHIVE TABLESPACE SQL> alter table country flashback archive; Table BACKBONE.COUNTRY altered. UNDO TABLESPACE WILL RUN OUT OF SPACE DATABASE WILL BE STALLED FOR ALL 26

27. Copyright © 2014, eProseed and/or its affiliates. All rights reserved. | Confidential BUILDING YOUR OWN • ONE central package – That’s why I needed so many sys related privileges – Build-in instrumentation (thanks to “logger”) – Avoiding the mentioned issues – Still a bit hardcoding in it – Makes use of its own “meta data config table” – Hoping for Oracle solutions, “version conditioning compilation” setup • Executed by an ADMIN user (nobody else) – Enabling all or nothing for every schema part of the application – Can be used in the Continuous Integration setup – Makes use of the VERSION table of the customer • [TABLE_NAME]_LOG views created (scripted) with Flashback Archive Query build-in 29

28. Copyright © 2014, eProseed and/or its affiliates. All rights reserved. | Confidential SPECIAL THANKS TO… • Stefan Oehrli, Trivadis AG – Great query to find people with UNLIMITED TABLESPACE system privilege or QUOTA on TABLESPACE • Martin Giffy D'Souza et. All – Maintaining a great PL/SQL logger debugging, instrumentation, timing and logging framework in PL/SQL. – YouTube video • Tim Hall 30

32. Copyright © 2014, eProseed and/or its affiliates. All rights reserved. | Confidential FEATURE ENHANCEMENTS TO ORACLE • Do something about the quota tablespace issue • Do something about the missing views • Do something about “The audit issue”  “The audit issue” A user always can disable his enabled flashback table (because its his/her own table)… If done so, “lags” will be introduced in history timeline. • BUGS: Have to report CDB.PDB issue (when cause found) • ToDo: Create dynamically new Flackback Archive views 34

33. Copyright © 2014, eProseed and/or its affiliates. All rights reserved. | Confidential FINAL THOUGHTS • Simple KISS end solution • Hopefully the 12.1 new features will be improved • There went more work into building it, than I hoped for… • You shouldn’t use it for AUDIT purposes. 35

34. Copyright © 2014, eProseed and/or its affiliates. All rights reserved. | Confidential REFERENCES • Tim Hall – https://oracle-base.com/articles/12c/flashback-data-archive-fda-enhancements-12cr1 • DBI Services – https://blog.dbi-services.com/oracle-database-12c-flashback-data-archive-fda-new-features/ • Oracle Documentation – https://docs.oracle.com/database/121/ADFNS/adfns_flashback.htm#ADFNS1008 36

UKOUG2018 - I Know what you did Last Summer [in my Database].pptx

Esté a ler uma amostra.

Confira estes a seguir

UKOUG2018 - I Know what you did Last Summer [in my Database].pptx

Mais Conteúdo rRelacionado

Semelhante a UKOUG2018 - I Know what you did Last Summer [in my Database].pptx (20)

Mais de Marco Gralike (20)

Mais recentes (20)