Pakistan's First Oracle Blog

 I worked as pure Oracle DBA from 2001 to 2015 and then transitioned to being a Cloud Engineer. One question I am always asked is what it takes to do that transition? How long does it take? How hard it is? In this video I am going to share my journey of transition from Oracle DBA to a Cloud Engineer and share the lessons learned plus some tips to make this transition smooth. 

 Cloud engineers spend a fair bit of their time in Linux terminals along with GUI tools. After working with various terminals, let me share with you what an ideal Linux terminal for a cloud engineer looks like to me. By ideal, I mean more productive, easy to use and present. 

Kubernetes Python client is used to perform operations on Kubernetes resources in the cluster from your Python code.

Pre-requisites:

• A Running Kubernetes Cluster (Note: I am using AWS EKS cluster)
• Install Kubernetes client for Python with pip by using command: pip install kubernetes
• kubectl utility to verify the resources (Optional)

All the code files used in this video are present in my github repo and the link is in video description.

For more detail, here is step by step procedures.

 If you want to create your cloud resources such as AWS EC2, S3 bucket etc from within Kubernetes, then you need to use Crossplane. Its an open source project. Following is step  by step instructions to install crossplane on AWS EKS.

-- Make sure kubectl version is v1.23 and helm version is v3.8.2

-- All files which are being used in this code are available at github.

Step 1: Create EKS cluster

Step 2: Run following commands:

For IAM Setup:

ACCOUNT_ID=$(aws sts get-caller-identity --query Account --output text)

# A permissions boundary is an advanced feature for using a managed policy to set the maximum permissions that an identity-based policy can grant to an IAM entity. permission-boundary.json file is available in github repo here.

sed -i.bak "s/ACCOUNT_ID/${ACCOUNT_ID}/g" permission-boundary.json

aws iam create-policy \

    --policy-name crossplaneBoundary \

    --policy-document file://permission-boundary.json

# Amazon EKS supports using OpenID Connect (OIDC) identity providers as a method to authenticate users to your cluster. crossplane-ssp is my cluster's name. You can use your own.

OIDC_PROVIDER=$(aws eks describe-cluster --name crossplane-ssp --query "cluster.identity.oidc.issuer" --output text | sed -e "s/^https:\/\///")

PERMISSION_BOUNDARY_ARN="arn:aws:iam::${ACCOUNT_ID}:policy/crossplaneBoundary"

read -r -d '' TRUST_RELATIONSHIP <<EOF

{

  "Version": "2012-10-17",

  "Statement": [

    {

      "Effect": "Allow",

      "Principal": {

        "Federated": "arn:aws:iam::${ACCOUNT_ID}:oidc-provider/${OIDC_PROVIDER}"

      },

      "Action": "sts:AssumeRoleWithWebIdentity",

      "Condition": {

        "StringLike": {

          "${OIDC_PROVIDER}:sub": "system:serviceaccount:crossplane-system:provider-*"

        }

      }

    }

  ]

}

EOF

echo "${TRUST_RELATIONSHIP}" > trust.json

# IAM role for provider-aws

aws iam create-role --role-name crossplane-provider-aws --assume-role-policy-document file://trust.json --description "IAM role for provider-aws" --permissions-boundary ${PERMISSION_BOUNDARY_ARN}

aws iam attach-role-policy --role-name crossplane-provider-aws --policy-arn=arn:aws:iam::aws:policy/AdministratorAccess

# Annotate the service account to use IRSA.

sed -i.bak "s/ACCOUNT_ID/${ACCOUNT_ID}/g" aws-provider.yaml

# Install Crossplane

kubectl create namespace crossplane-system

helm repo add crossplane-stable https://charts.crossplane.io/stable

helm repo update

helm install crossplane --namespace crossplane-system --version 1.10.1 crossplane-stable/crossplane

# wait for the provider CRD to be ready.

kubectl wait --for condition=established --timeout=300s crd/providers.pkg.crossplane.io

kubectl apply -f aws-provider.yaml

# wait for the AWS provider CRD to be ready.

kubectl wait --for condition=established --timeout=300s crd/providerconfigs.aws.crossplane.io

kubectl apply -f aws-provider-config.yaml

#create resources

kubectl apply -f ec2.yaml

kubectl get instance

kubectl describe instance

kubectl apply -f s3.yaml

kubectl get Bucket

kubectl describe Bucket

 More often than not, if you are installing or upgrading or downgrading kubectl for Windows or Linux, then during download you might face following error:

$ curl -O https://s3.us-west-2.amazonaws.com/amazon-eks/1.23.13/2022-10-31/bin/windows/amd64/kubectl.exe

  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current

                                 Dload  Upload   Total   Spent    Left  Speed

  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0

curl: (60) SSL certificate problem: self signed certificate in certificate chain

More details here: https://curl.haxx.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not

establish a secure connection to it. To learn more about this situation and

how to fix it, please visit the web page mentioned above.

Solution:

The solution to above error is to use the curl command with --ssl-no-revoke flag as follows:

curl -O https://s3.us-west-2.amazonaws.com/amazon-eks/1.23.13/2022-10-31/bin/windows/amd64/kubectl.exe --ssl-no-revoke

and it would work.

I hope that helps.

 Cloud has evolved a lot and so has the role of Cloud Engineer. Normally, the role of engineer in any given field is to build something on the basis of design given by architects and then hand-over that built infrastructure to the operations team. That's not really the case in Cloud. The boundaries are blurry and fuzzy. But one thing is for sure. As a cloud engineer you are required to have breadth and depth in various disciplines within and outside of the cloud. If you are thinking of applying as cloud engineer and want to know latest state of as how to approach cloud engineer interview , then following are some pointers:

Make sure you have few stories prepared from your work as cloud engineer to be told as an example usage of above concepts and services. Make sure you highlight your contribution. Make sure to know what are the latest happenings in cloud. Make sure you display your willingness to evolve as cloud is still evolving. Go in and hit it out of the park.  

 Amazon Elastic File System (EFS) is a shared storage for EC2 instances service from AWS. EFS is a serverless, fully elastic file storage so that you can share file data without provisioning or managing any storage infrastructure. EFS is a file storage service for Amazon EC2 instances. With EFS, the applications have storage when they need it because storage capacity grows and shrinks automatically as you add and remove files.

I hope that helps.

ORA-12518, TNS:listener could not hand off client connection fix is still hard as this is still one of the most common error occurring in the Oracle setup on on-prem or cloud VMs.

Step 1: Check listener status

> lsnrctl status

> lsnrctl start

Step 2: Check database status

> ps -ef | grep pmon

> sqlplus '/ as sysdba'

> startup

Step 3: Check process related limits

        > show parameter processes OR select value from v$parameter where name = 'processes';

        > select count(*) from v$processes

> select status,count(*) from v$session

    -- Check the no of processes

> SELECT s.program,s.machine,count(p.spid) from v$session s,v$process p where 

s.paddr = p.addr group by s.program,s.machine having count(p.spid) > 5;

--Check the no of sessions

> SELECT s.program,s.machine,count(*) from v$session s group by s.program,s.machine;

> alter system set processes = 500 scope = spfile;

> Restart the Oracle instance. i.e. shutdown immediate and then startup commands.

Step 4: Check the resources usage limit in Oracle

> select RESOURCE_NAME,CURRENT_UTILIZATION,MAX_UTILIZATION,LIMIT_VALUE from v$resource_limit where resource_name in ('sessions','processes');

Note: If you have tried all of above and still the issue is occuring, then you need to check with your application owners to make sure that sessions are being closed gracefully. 

Also check if the server is under-resourced in terms of memory and CPU. 

 As we know, the role of cloud engineer is over-arching and the boundaries are fuzzy. Depending upon the organization, it could be just building cloud infrastructure but the truth of the matter is that these days a cloud engineer is supposed to do or at least facilitate support to everything which touches the cloud.

The Application software which runs in cloud doesn't exist in vaccum. It not only contains code but also makes use of various cloud services. A typical cloud application lives in a virtual network, makes use of egress and ingress rules, obeys the identity access management, and follows defined security patterns. That is the key concept here. No matter if the application resides on virtual machine, or it's serverless, or it's container based; it has to remain in the ambit of security guardrails defined by your cybersecurity team.

It's the job of cloud engineer to make sure that application developers have clear idea about it while they build thier application. From CICD to production access for users, developers should know what's the defined secure path. For example, if the application needs to talk to some public end points, don't let developers put the application in public subnet, or create their own internet gateways. Give them a proper secure way to do so.

 The short answer is 'a fair bit' and the long answer is:

- Every IT professional in and outside of cloud must know about cybersecurity to some degree. Not only professional, but these days every technology user should at least have the basic's right. That is why, the cybersecurity is becoming more and more part of cloud engineer's job.

As per of cloud security, Cloud engineer should cover areas like Cloud Infrastructure Security and Cloud Application Security. 

From cybersecurity perspective, the responsibility of a cloud engineer is to identify and remediate risks through security assessments and automated compliance monitoring. Plus Cloud engineer's role is to provide support to other stake-holders. 

 This video lists down 4 Ways to delete a resource in Terraform in a simply and easy language with commands and full demo.

At first glance, both Terraform Locals and Terraform Variables look the same. This video explains in simple words as what's the difference between locals and variables in terraform with example and demo.

 ChatGPT is a chatbot which is based on complex AI and ML algorithm. This video describes in simple Urdu what is ChatGPT and also gives a real time demo.