19 Monday Jul 2021
Posted in Cloud, General, Oracle, Technology
Just a quick post to say that I’ve had another post published over on Oracle’s blog site about Automating developer setup in Oracle Cloud Infrastructure. You can read it at: https://blogs.oracle.com/cloud-infrastructure/post/automating-developer-setup-in-oci
05 Monday Jul 2021
Posted in Cloud, development, General, Oracle, Technology
Tags
@oracledevs, @soacommunity, actions, always free, arm, CICD, Cloud, flake8, free, GitHub, OCI, Oracle, pytest, python, unit test
While there is a deserved amount of publicity around the introduction of ARM compute onto OCI with the ARM Ampere CPU offering, and the amazing level of always free compute being provided (24GB of memory and 4 cores which can be used in any combination of servers). There have been some interesting announcements that perhaps haven’t drawn as much attention that they deserve. This includes OCI support for GitHub Actions, plus several new DevOps services and an Artifact Registry. We’ll comeback to the new services in another post. Today, let’s look at GitHub Actions.
GitHub recently introduced a new feature called GitHub Actions. In essence it has become possible to establish a basic event driven CI/CD pipeline driven directly by events in GitHub. The Actions (sometimes also referred to as workflows) are executed by what are known as GitHub Runners, if you’re familiar with Jenkins, then you could think of these as slave nodes. The smart thing is that you can either use GitHub provided (aka GitHub Hosted) compute to execute the actions (effectively a bit of Azure) and pay for the service to execute the actions. If you’re using GitHub professionally or setup your own workers in other clouds or even potentially on-premise, these are known as self hosted GitHub runners. The other clouds includes Oracle who have provided a configuration that can build runner nodes (and yes you can use the Ampere free compute).
There are a number of ways to get a runner working both using paid VMs or using the always free capacity.
For someone who produces utilities and makes them freely available; and wants to run at least unit tests on code and code checks. The ability to automatically run the unit tests is particularly handy. When extending an existing piece of functionality I tend to focus on testing that bit of code, this means I don’t need to rerun lots of tests, I can set the actions up to repeat those tests as I make changes and if I break something then I’ll know immediately. So combining the free compute with the ability to auto execute tests on a commit without needing to run my own dedicated Jenkins server is perfect.
The compute can be setup either by using the scripts generated by the GitHub UI for setting up runners, which can be seen when you navigate to the Runner configuration (settings menu at the stop of the page, and Runners on the left menu) as highlighted here with 1 & 2
We need to set the Operating System and Architecture for the runner (3), this will impact the binaries needed, and the code offered in the centre of the screen (4). This does mean that you need to run these scripts and ensure that the processes start and stop safely within the VM. The alternative in Oracle cloud is to use predefined image using a link like this (https://cloud.oracle.com/resourcemanager/stacks/create?zipUrl=https://github.com/oracle-quickstart/oci-github-actions-runner/releases/download/orm-deploy/orm.zip). As you can see from the URL itself, it is passing to the OCI a stack that has been already created (and made freely available in GitHub).
The library of Oracle quick start configurations can be found at https://github.com/oracle-quickstart
Following the URL will take us into the Resource Manager which presents a multi paged form capturing the relevant details that will enable it to generate the server and required supporting infrastructure in the correct compartment. The first step is to acknowledge an constraints, licensing conditions that the package imposes as highlighted with the red square.
Once complete we casn move onto the next page. We can see the example screens below the A1 (Ampere) CPU being selected using up 4 GB of RAM and 1 OCPU of the 4 available as free.
Aside from choosing the compute shape, I’ve selected a version of the Oracle Linux v8 suitable for the processor type.
You’ll not, you will also be promoted for the GitHub details, with your repository to be supported, and the associated token, which comes from the presented script values in the initial Runner setup, we highlighted the value in the first diagram as (5) and should correlate to (A) in the details below.
There is a gotchya to be careful of. When we put our repository into a browser URL it really isn’t bothered by the terminating slash or not in the name, but as shown below as (B) we have included the terminating slash. The authentication of communication is very sensitive to such details. People have reported that they see issues with the Runner being connected to GitHub, but all executions of actions fail (when we saw this within 1-2 seconds) and when you try to drill in, there is no information. To confirm the issue, you need to SSH into the runner server and navigate into the /actions-runner/_diags folder to see if things being reported in the log files are showing as going awry.
Once the runner is deployed, then it will show up after all while in the list of runners. Note in this screenshot we have a fresh runner having experienced the previously described connectivity issue. To see the runners defined, again we go through Settings (1) on the top menu and Actions (2) on the left. Once the runner has made successful contact then it will show in the list of runners.
With the runner ready we need to create a Job. This bit is a little tricky. You can develop from scratch your own Job definitions, but it will require some effort in mastering the YAML notation. The alternative is to see if there is a prepared job definition. It is possible to use pre-existing templates by clicking on the New workflow button as highlighted below. This will take you the catalogue of predefined flows.
The following image shows the predefined list of workflows. GitHub will make a recommendation based on its analysis of the repository, in this case it has filtered out to show Python workflows. But you’re not bound to these, this is just GitHub trying to simplify the effort involved.
To get a job definition started, from the workflow templates, select the Set up this workflow button. This will result in a copy of the YAML configuration file being put into a folder within the project as you can see in the next image.
Looking more closely at the YAML file describing the action, we see the following, which describes when the action be executed, in this case a push or pull on the main branch.
The default example is geared to Ubuntu which brings us to one the niggles we’ve encountered. The job will try to setup the environment for us.
You’ll note that there is a step that uses python-version: ${{ matrix.python-version }} – this is going to try setup Python for the three versions listed in the matrix list defined. That doesn’t sound problematic until you dig into the documentation provided by the link https://help.github.com/actions/language-and-framework-guides/using-python-with-github-actions. This web page describes how Python works with GitHub Runners. For a Python on a hosted GitHub runner you have to do things yourself. Fortunately the VM configuration provided mean Python 3.6 is installed that will work on the ARM architecture. But we do need to remove a chunk of logic that sets up the runner. Incidentally, if you look at the link to the supported Python versions, they work for both Windows and Linux but only on an x86 CPU.
We do still want to retain the use of PIP to ensure that latest versions of the packages are always in use.
# This workflow will install Python dependencies, run tests and lint with a variety of Python versions
# For more information see: https://help.github.com/actions/language-and-framework-guides/using-python-with-github-actions
name: Python package
on:
push:
branches: [ main ]
pull_request:
branches: [ main ]
jobs:
build:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
python-version: [3.7, 3.8, 3.9]
steps:
- uses: actions/checkout@v2
- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@v2
with:
python-version: ${{ matrix.python-version }}
- name: Install dependencies
run: |
python -m pip install --upgrade pip
python -m pip install flake8 pytest
if [ -f requirements.txt ]; then pip install -r requirements.txt; fi
- name: Lint with flake8
run: |
# stop the build if there are Python syntax errors or undefined names
flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics
# exit-zero treats all errors as warnings. The GitHub editor is 127 chars wide
flake8 . --count --exit-zero --max-complexity=10 --max-line-length=127 --statistics
- name: Test with pytest
run: |
pytest
Having removed the Python setup configuration, we need to ensure the utilities Flake8 and PyTest can be called either by modifying the PATH variable or tweaking the way the utilities are invoked. Rather than messing with the VM OOTB configuration or writing a script that is pulled onto the runner to perform further setup I’ve opted to adjust the call. These changes can be seen at https://github.com/mp3monster/oci-utilities/blob/main/.github/workflows/python-package.yml, and …
# This workflow will install Python dependencies, run tests and lint with a variety of Python versions
# For more information see: https://help.github.com/actions/language-and-framework-guides/using-python-with-github-actions
name: Python package
on:
push:
branches: [ main ]
jobs:
build:
runs-on: oci
strategy:
fail-fast: false
steps:
- uses: actions/checkout@v2
- name: Install dependencies
run: |
python -m pip install --upgrade pip
python -m pip install flake8 pytest
if [ -f requirements.txt ]; then pip install -r requirements.txt; fi
- name: Lint with flake8
run: |
# stop the build if there are Python syntax errors or undefined names
python -m flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics
# exit-zero treats all errors as warnings. The GitHub editor is 127 chars wide
python -m flake8 . --count --exit-zero --max-complexity=10 --max-line-length=127 --statistics
- name: Test with pytest
run: |
python -m pytestWe’ve also made use of the requirements.txt to ensure the OCI Python SDK is installed for use. We now have an action that performs code analysis with Flake8 (details also here) which will spot any obvious coding errors and pytest which includes the ability to locate and run the native Python unittest based tests. All the results are then bundled up and returned back to GitHub.
By clicking on the build we can review all of the steps the run takes and the results of flake8 and pytest for example.
GitHub’s documentation raises the risk of connecting Actions to public repositories. This comes down a couple of things. Firstly, the actions of public users could depending upon your configuration trigger the workflow (which is why we’ve removed the pull request from the triggers). Within GitHub you can limit on a public project who can push, in this case, we’ve put the maximum limits into the Settings, so only approved collaborators are allowed to perform any of the approved operations like fork etc.
Whilst this reduces the opportunities to keep triggering the workflow – consuming your resources, which may cost but also could be a form of denial of service by the fact it will be disrupting your genuine worker runs.
There are a couple of other mitigations that could be applied to further tighten this up:
Knowing the limitations, and the syntax of the workloads not looking difficult to master, we’ll probably develop more unit tests and deploy them. Plus also go back to the Groovy stuff as well. The big test will be how easy it is to reconstruct a container image of the Log Simulator.
31 Monday May 2021
Last night saw the final chapter of Logging in Action with Fluentd go back to my editor. The next step is that Chapter (and others I hope) will go to MEAP, so early readers not only get the final chapter, but also the raft of improvements we’ve made. Along with that, the manuscript goes for a full peers review. Once that’s back, its time for a round of edits as I address the feedback then into copy editing and Manning sign off review.
As you might have guessed, we’ve kept busy with an article in the 25th edition of OraWorld. This follows Part 1 talking about GraphQL with a look at considerations for API Security.
In addition to that we’re working on a piece around automation of OCI management activities such as setting up developers, allowing them a level of freedom to experiment without accidentally burning through all your credits by spinning up Exadata servers or 500 node Kubernetes clusters.
We might even have some time to write more about APIs and integration.
26 Wednesday May 2021
Posted in Cloud, General, Oracle, Technology
Tags
alwaysFree, logging, OCI, shape, VM
OCI Always Free compute node has a restriction that isn’t clearly documented or obvious when you go to a instantiate such compute resources. That restriction is the absence of OCI Custom logging. This is a little surprising given that this capability is based on Fluentd and the compute footprint needed by Fluentd is so small. In the following screen shot, as you can see when configuring the compute, there is no reason to believe you can’t use OCI Logging for custom logs.
But when you go to configure the custom logging on your running compute, you can see that the feature is disabled with the message about the restriction. It would have been nice, to have the warning on the creation phase, as if I’d manually setup the VM then went to switch on OCI Logging knowing where I’d deployed my applications, I’d have wasted time in the setup.
Solution, use one of the AMD Flex or Previous Generation to minimize the footprint to your needs.
We’ve been told that the this constraint has been addressed. In addition Oracle also introduced the new Ampere offering which allows for nodes with a form factor of upto 4 OCPU and 24GB of RAM using the new ARM chips. You can also use variations on this such as 4x 1 OCPU 6GB RAM
19 Wednesday May 2021
Posted in General, Oracle, Technology
Tags
blog, book, Capgemini, conference, FluentD, IaaS, manning, monitoring, OCI, Oracle, WorldFestival
We recently received an invite to write a guest blog post for Oracle. We’re please to say it has gone live, and can be found at https://blogs.oracle.com/cloud-infrastructure/oracle-cloud-infrastructure-logging-and-alert-rapid-smoke-testing-of-config-and-alerts. A little different to my typical posts. Hope you find it interesting.
We’ve also scored another success, this time we’ve been invited to speak at WorldFestival in August, this is an online conference organized by the same team behind DeveloperWeek. This is the first time outside of an Oracle linked event where I’ve been amongst the first few named speakers, so proud of that. The conference looks really interesting as it looks beyond just core developer themes with conference tracks on Space & Transportation, Smart Cities, Robotics, Digital Health to name a few of the 12 streams. Worth checking out.
08 Tuesday Dec 2020
Posted in Cloud, General, Oracle, Technology
OKit is a tremendous tool for the visual design and development for your Oracle Cloud environment. Visualizing your networks, positioning of service gateways and so on makes it a lot easier than filling in web forms or writing Terraform files as you can see the relationships between the different parts far more easily. For the same reason really that a lot of people use Visio and other tools for this work. The real beauty is that OKit can generate the Terraform and Ansible scripting that can then be used to deliver the implementation.
The tool isn’t currently an official Oracle product, but something built by the Oracle A-Team (a small team of gurus who have a role blending developer advocacy, architect supporting customers for the special edge cases and providing thought leadership). But we can hope that someone brings it into the fold and perhaps even incorporates it securely into the cloud dashboard. In the mean time, the code in its entirety is available on GitHub.
Continue reading15 Tuesday Sep 2020
Posted in Cloud, General, Oracle, Technology
Tags
Cloud, data, DIPC, integration, marketplace, OCI, ODI, ODI CS, Oracle, Spark
Oracle’s data integration product landscape outside of GoldenGate has with the arrival of Oracle Cloud been confusing at times. This has meant finding the right product documentation can be challenging, and knowing which product to use in your own technology road-map can be harder to formulate. I believe the landscape is starting to settle now. But to understand the position, let’s look at the causes of disturbance and the changes that have occurred.
This has come from I think a couple of key factors. The organizational challenges triggered by Thomas Kurian’s departure which has resulted in rather than the product organization being essentially in three parts aligning roughly to Infrastructure, Platform and Applications to being two Infrastructure and Apps. Add to this Oracle’s cloud has gone through two revolutions. Generation 1 now called Classic was essentially a recognition that they needed an answer to Microsoft, Google and AWS quickly (Oracle are now migrating customers off classic). Then came Generation 2, which is a more considered strategy which is leveraging not just the lowest level stack of virtualization (network and compute), but driving changes all the way through the internals of applications by having them leverage common technologies such as microservices along with a raft of software services such as monitoring, logging, metering, events, notifications, FaaS and so on. Essentially all the services they offer are also integral to their own offerings. The nice thing about Gen2 is you can see a strong alignment to CNCF (Cloud Native Compute Foundation) along with other open public standards (formal or de-facto such as Microprofile with Helidon and Apache). As a result despite the perceptions of Oracle, modern apps are standard a better chance of portability.
Oracle’s Data Integration capabilities, cloud or otherwise have been best known as Oracle Data Integrator or ODI. The original ODI was the data equivelent of SOA Suite implementing Extract Load Transform (ELT) rather than ETL as it meant the Oracle DB was fully leveraged. This was built on the WebLogic server.
Oracle cloud came along, and there is a natural need for ODI capabilities. Like SOA Suite, the first evolution was to provide ODI Cloud Service just like SOA Suite had SOA Cloud Service. Both are essentially the same on-premises product with UIs to manage deployment and configuration.
ODI’s cloud transformation for the cloud lead ODI CS evolving into DIPC (Data Integration Platform Cloud). Very much an evolution, but with a more web centered experience for designing the integrations. However, DIPC is no longer available (except possible to customers already using it).
Whilst DIPC had been evolving the requirement to continue with on-premises ODI capabilities is needed. Whilst we don’t know for sure, we can speculate that there was divergent development happening creating overhead as ODI as an on-prem solution remained. We then saw the arrival of ODI Marketplace, this provides an easier transition, including taking into account licensing considerations. DIPC has been superseded by ODI Marketplace.
Oracle has developed a Marketplace just like the other major players so that 3rd party vendors could offer their technologies on the Oracle cloud, just as you can with Azure and AWS. But Oracle have also exploited it to offer their traditional products normally associated with on-premise deployments in the cloud. As a result we saw ODI Marketplace. A smart move as it offers the possibility of exploiting on-prem licensing into the cloud along with portability.
So far the ODI capabilities in its different forms continued to leverage its WebLogic foundations. But by this time the Gen2 Oracle Cloud and the organizational structures behind it has been well established, and working up the value stack. Those products in the middleware space have been impacted by both the technology strategies and organization. As a result API for example have been aligned to the OCI native space, but Integration Cloud has been moved towards the Apps space. in many respects this reflects a low code vs code native model.
Earlier this year (2020) Oracle launched a brand new ODI product, to use its full name Oracle Cloud Infrastructure Data Integration. This is an OCI native (i.e. Gen2 solution leveraging microservices technologies).
This new product appears to be a very much ground up build as it exploits Apache Spark and Function as a Service (FaaS) as foundational elements. As a ground up build, it doesn’t inherit all the adapters the original ODI can offer. This does mean as a solution today it is very focused on some specific needs around supporting the data movement between the various Oracle Cloud storage and Database as a Service solutions rather than general ingestion and extraction processes.
Products are evolving, but the direction of travel appears to be resolving. But we are still in that period where there are capability gaps between the Gen2 native solution and the traditional ODI via Marketplace solution. As a result the question becomes less which product, but when and if I have to invest in using ODI Marketplace how to migrate when the native product catches up.
02 Tuesday Jun 2020
Posted in API Platform CS, APIs & microservices, General, Technology
A couple of years ago I got to discuss some of the design ideas behind API Platform Cloud Service. One of the points we discussed was how API Platform CS kept the configuration of APIs entirely within the platform, which meant some version management tasks couldn’t be applied like any other code. Whilst we’ve solved that problem (and you can see the various tools for this here API Platform CS tools). The argument made that your API policies are pretty important, if they get into the public domain then people can better understand to go about attacking your APIs and possibly infer more.
Move on a couple of years, Oracle’s 2nd generation cloud is established an maturing rapidly (OCI) and the organisational changes within Oracle mean PaaS was aligned to SaaS (Oracle Integration Cloud, Visual Builder CS as examples) or more cloud native IaaS. The gateway which had a strong foot in both camps eventually became aligned to IaaS (note that this doesn’t mean that the latest evolution of the API platform (Oracle Infrastructure API) will lose its cloud agnostic capabilities, as this is one of unique values of the solution, but over time the underpinnings can be expected to evolve).
Any service that has elements of infrastructure associated with it has been mandated to use Terraform as the foundation for definition and configuration. The Terraform mandate is good, we have some consistency across products with something that is becoming a defacto standard. However, by adopting the Terraform approach does mean all of our API configurations are held outside the product, raising the security risk of policy configuration is not hidden away, but conversely configuration management is a lot easier.
This has had me wondering for a long time, with the use of Terraform how do we mitigate the risks that API CS’s approach was trying to secure? But ultimately the fundamental question of security vs standardisation.
Any security expert will tell you the best security is layered, so if one layer is found to be vulnerable, then as long as the next layer is different then you’re not immediately compromised.
What this tells us is, we should look for ways to mitigate or create additional layers of security to protect the security of the API configuration. These principles probably need to extend to all Terraform files, after all it not only identifies security of not just OCI API, but also WAF, networks that are public and how they connect to private subnets (this isn’t an issue unique to Oracle, its equally true for AWS and Azure). Some mitigation actions worth considering:
This may sound a touch paranoid, but as the joke goes….
Just because I’m paranoid, it doesn’t mean they’re not out to get me
As it goes the standardisation is actually a dimension of security. (This article illustrates the point and you can find many more). The premise is, what can be ensured as the most secure environment, one that is consistent using standards (defacto or formal) or one that is non standard and hard to understand?
15 Sunday Mar 2020
Posted in General, Oracle, Technology
A few weeks ago Oracle announced a new tool for all Oracle cloud users including the Always Free tier. Cloud Shell provides a Linux (Oracle v7.7) environment to freely use ( (within your tenancy’s monthly limits) – no paying for VM or using your limited set of VMs (for free-tier users) or anything like that.
As you can see the Shell can be started using a new icon at the top right (highlighted). When you open the shell for the 1st time, it takes a few moments to instantiate – and you’ll see the message at the top of the console window (also highlighted). The window provides a number of controls which allows you to expand to full screen and back again etc.
The shell comes preconfigured with a number of tools, such as Terraform with the Oracle extensions, OCI CLI, Java and Git, so linking to Developer Cloud or GitHub for example to manage your scripts etc is easy (as long as you know you GIT CLI – cheat sheet here). The info for these can be seen in the following screenshots.
In addition to the capabilities illustrated, the Shell is set up with:
The benefit of all of this is that you can work from pretty much any device you like. It removes the need to manage and refresh security tokens locally to run scripts.
A few things to keep in mind whilst trying to use the Shell:
The shell makes for a great environment to manage and perform infrastructure development from and will be a dream for Linux hard code users. For those who like to be lazy with a visual IDE, there are ways around it (e.g. edit in GitHub) and sync. But power users will be more than happy with vim or vi.
Oracle’s own documentation can be fiound at https://docs.cloud.oracle.com/en-us/iaas/Content/API/Concepts/cloudshellintro.htm
19 Monday Nov 2018
Posted in development, General
Tags
IaaS, infrastructure, Microservices, monolith, OCI, Oracle, Terraform
Another Oracle Developer Meet-up took place in London yesterday. This meet-up focused on Terraform and Microservices. The summary of the evening slides:
Chris Hollies’ slides can be found at here. As demo’s aren’t included in the deck, the following videos are alternatives:
Our second session, that I presented on how we can establish paths of transition that make it easy to adopt microservices. The presentation material for this is available here:
End-to-End OIC to SAP integration
A blog-post by blog-post journey of a ERP Cloud Solutions Degree Apprentice
from Technology to Music
Demystifying cloud technologies...
Technofunctional Blogs
Business, Technology and more
Personal, design, inspiration, interests.
by Jürgen Kress
Oracle Cloud Stuff
My thoughts on Enterprise Software Technologies...and more.
Achieving business objectives through technology standards
Success & Satisfaction with the Cloud
Thoughts of a lifelong music hoarder...
A Blog for Event and Data Analytics
You must be logged in to post a comment.