Saturday, May 14, 2022

Windows commands line cheat sheet for DBAs

This image has an empty alt attribute; its file name is image.png
Intro

We all know Windows is the preferred platform for Oracle DBAs !! I hear that every day :D. All right, maybe not so much ;). But Jokes aside, when your client has the majority of his DB workload running on windows, it’s hard to dodge the job. It becomes even more challenging to switch to GUI clicks when coming from Linux world. That’s why I had to google a lot along my years working on non Unix shops. After a while, I wound up curating a bunch of useful tips through the years and kept them in a text file, however I think a web page is a way better place to navigate than a raw text in a notepad anytime a quick help is needed.

This list won’t have a specific structure but I’ll try to keep it coherent.


Basic windows Checks

Check OS versions

C:\>winver 
-- A Window will appear

C:\>systeminfo | findstr OS
OS Name:                   Microsoft Windows Server 2012 Standard
OS Version:                6.2.9200 N/A Build 9200
OS Manufacturer:           Microsoft Corporation
OS Configuration:          Member Server

OS Build Type:             Multiprocessor Free
BIOS Version:              Phoenix Technologies LTD 6.00, 9/21/2015


Check uptime and last boot

Choose from following options 


C:\> systeminfo | find "System Boot Time"
System Boot Time:          2022-05-04, 8:59:32 PM

C:\> NET STATS srv
Statistics since 2022-05-04 8:59:55 PM

C:\> wmic OS GET CSName,LastBootUpTime
CSName   LastBootUpTime
BROKDBA  20220504205932.600144-240


Check Service Uptime

Extract the service PID from the service name

C:\> sc queryex MSSQLSERVER

SERVICE_NAME: MSSQLSERVER TYPE : 10 WIN32_OWN_PROCESS STATE : 4 RUNNING (STOPPABLE, PAUSABLE, ACCEPTS_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 5068 ----> Copy PID FLAGS :

Check the uptime in PowerShell

PS C:\> Get-Process | select name, id, starttime | select-string 5068
  @{Name=sqlservr; Id=5068; StartTime=11/24/2020 09:46:20}


Check CPUs

-- Dos Command line
C:\> wmic CPU Get NumberOfCores,NumberOfLogicalProcessors /Format:List

NumberOfCores=6 NumberOfLogicalProcessors=12

-- Powershell

PS C:\> WmiObject -class win32_processor -Property Name, NumberOfCores, NumberOfLogicalProcessors | Format-List -Property Name, NumberOfCores, NumberOfLogicalProcessors

Name                      : Intel(R) Core(TM) i7-9750H CPU @ 2.60GHz
NumberOfCores             : 6
NumberOfLogicalProcessors : 12

Check running Services

PS C:\>  net start
...
OracleOraDB19Home1TNSListener
...
Windows Search
Windows Update
..

Manage services

--- Start stop
C:\>  net start/stop "SERVICE-NAME"

--- Delete a Service

C:\> SC DELETE "SERVICE-NAME"


User management

Show current user

PS C:\> whoami

Domain\myUser

List user group members

PS C:\> NET LOCALGROUP ORA_DBA
Alias name     ORA_DBA
Comment        Oracle DBA Group
Members
-------------------------------------
DOMAIN\dbadmin
DOMAIN\User2
NT AUTHORITY\SYSTEM

Add new user

Syntax: net user username password /ADD /DOMAIN


C:\> net user Oracle * /add /MyDomain

Type a password for the user: ***** Retype the password to confirm: ****
The command completed successfully.

-- Change password

C:\> net user Oracle *
Type a password for the user:
Retype the password to confirm:

list all processes in Windows

Choose from following options 

C:\> tasklist

--- Via WMI ( more details)
C:\> wmic process

--- PowerShell
PS C:\>  get-process


tail -f in PowerShell

PS C:\>  Get-Content -Path "C:\APP\ORACLE\diag\rdbms\PATH\trace\alert_MYDB.log" -Wait


Storage 

Check system Block size

C:\> fsutil fsinfo ntfsinfo D:
NTFS Volume Serial Number :                          
Version :                                                                            
Bytes Per Sector  :               512 Bytes Per Physical Sector :       <Not Supported> Bytes Per Cluster :               4096      -------- 4K /64K etc.. Bytes Per FileRecord Segment    : 1024
Clusters Per FileRecord Segment: 

Check (shared) drive space usage

This is specially useful to check shared drive overall usage as you can’t see the info through the explorer

C:\> fsutil volume diskfree D:
Total # of free bytes        : 37252968448
Total # of bytes             : 858856091648
Total # of avail free bytes  : 37252968448 --> 34.69GB free

There is simple script check_freespace.bat you can use to get the result in GB units

C:\> check_freespace.bat \\RemoteServer\S01$
Total # of free bytes        : 2846.80 GB
Total # of bytes             : 3311.81 GB
Total # of avail free bytes  : 2846.80 GB

Map/unmap network drives

 Workstations/ servers might have network drives attached to them. Here are ways to add and delete the mapping

1. Map shared drive to Z:
C:\> net use Z: \\StorageServer\Drive$ /user:MyUser Mypassword /persistent:Yes

2. Delete mapping
C:\> net use Z: /delete

-- Delete all mappings
C:\> net use * /delete


Miscellaneous  

 

Grep in Windows

File content or command output filtering . with below  metacharacters : 
. any character  
*’ zero or more occurrences of previous character or class

C:\> FINDSTR /i /r /c:"^ORA-600*" alert_MyDB.log

-- Using PowerShell

PS C:\> Select-String "^ORA-1146"

--- ls | grep equivalent
C:\> DIR /B | findstr /i /r /c:"alert.*log"
alert_MyDB.log

File naming & variable Substrings

Get a substring of a string of a variable from position X in string with Y characters length.%Variable:~X,Y%:

C:\> SET VAR=FOOBARFOOBA
C:\> ECHO %VAR:~3,8%
BARFOOBA

Timestamp a logfile (tested in Windows server)

Example: db_bkp_YYYYMMDD_HHMMSS.log

ECHO db_bkp_%date:~-4,4%%date:~-10,2%%date:~-7,2%_%time:~0,2%%time:~3,2%%time:~6,2%.log
C:\> db_bkp_20220514_134656.log

Date section filter description

  • %date:~-4,4% : the last 4 characters of the current locale date which is obviously the year, YYYY

  • %date:~-10,2% : the tenth and ninth characters from right side of the current locale date, MM

  • %date:~-7,2% : the seventh and sixth characters from right side of the current locale date , the day,DD

  • %time:~0,2% : the first 2 characters of the current locale time which is the hour,HH

  • %time:~3,2% : the fourth and fifth character of the current locale time which is the minute ,Min

  • %time:~6,2% : the seventh and eighth caractere of the current local time which is the seconds,SS


kill process

You can either use the PID or the full name of the process. Both can be extracted through tasklist command

taskkill /F /PID 11764
taskkill /IM "SocketHeciServer.exe" /F

Time Zone

Check and set Time Zone in your machine

--- Get
tzutil /g
Eastern Standard Time
--- list
tzutil /l
--- Set
tzutil /s "Mountain Standard Time"

File system permissions

 List and set privileges on a file or directory

C:\> cacls D:\oracle
D:\oracle BUILTIN\Administrators:(OI)(CI)F
          NT AUTHORITY\SYSTEM:(OI)(CI)F
          Server\ORA_OraDB19Home1_SVCACCTS:(OI)(CI)F
          Domain\User1:(OxI)(CI)F

Inherited folder permissions are given as:

  • OI - Object inherit - This folder and files. (no inheritance to subfolders)

  • CI - Container inherit - This folder and subfolders.

  • IO - Inherit only - The ACE does not apply to the current file/directory

    F : Full control


    Change permission to a file to the current user .

    C:\> icacls .\private.key /inheritance:r /grant:r "%username%":"(R)"

    First attribute will remove all inheritance, the second will grant a new RO permission for the current user to private.key..

    Check/kill connected RDP sessions

     List the sessions from a windows server command line not from your workstation

    C:\> query session /server:RemoteServer

    SESSIONNAME       USERNAME                 ID  STATE   TYPE        DEVICE
    services                                    0  Disc
    console                                     1  Conn
    rdp-tcp#1 RemoteUser 2 Active rdpwd
    rdp-tcp                                 65536  Listen

    Kill remote rdp session (ID: 2)

    C:\> reset session 2 /server:RemoteServer

    Note: You can also check remote sessions connected to the local server using qwinsta command


    Open Environment Variable window (as admin)

    You can either use the RunasAdmin or a direct command to get a your advanced system properties opened as system

    C:\> RunAs.exe /user:Administrator "rundll32 sysdm.cpl,EditEnvironmentVariables"
    Enter the password for Administrator: ***

    --- Option 2 direct access as admin:
    C:\> SystemPropertiesAdvanced

    Note: Once the window is displayed –> click environment variables

     

    Scheduler via command line

    In this example we will create a task that runs a cleanup script and addit to the task scheduler for a nightly run (10PM)

    Script : archive_cleanup.ps1
    1. Define the trigger, user, and action
    $Trigger= New-ScheduledTaskTrigger -At 10:00pm –Daily
    $User= "NT AUTHORITY\SYSTEM"
    $Action= New-ScheduledTaskAction -Execute "PowerShell.exe" -Argument "-ExecutionPolicy Bypass -File J:\archive_cleanup.ps1"

    2. Create and specify the name of the task
    Register-ScheduledTask -TaskName "CleanupDBarchives" -Trigger $Trigger -User $User -Action $Action -RunLevel Highest –Force


    Conclusion

    • These entries have accompanied my day to day work on Windows servers for quite sometime

    • It might become redundant when you regularly look for the same thing in google without remembering the syntax.

    • This will finally replace my messy text file, so I won’t waste time looking for quick command line tricks on windows.

    • The goal was to get this accessible to me in the first place but I hope it will be a good reference for those non GUI fans, who are usually allergic to NT OS.

    Thanks for reading


    Friday, April 29, 2022

    Hashicorp Terraform Associate certification takeaways

    Intro


    The thing we usually forget when completing a certification is to save a mental image of the topics that were exciting to learn or the concepts that we had no clue about right before starting the preparation. This is what practitioners should focus on after every major Cloud cert exam, as it provides an accurate snapshot of your feeling about the certification material. Therefore, when I was asked about my impressions on the Terraform Associate Certification exam, I decided to share my thoughts in my blog around the prep, and my feedback on the course I followed.


    After timidly starting my "terraform for dummies" blog series, one cloud at a time (OCI, AWS, GCP, Azure) and even On-Prem, It didn't make sense not to take this exam and I am glad It finally happened.
    Hashicorp is an exciting company & their disruptive vision is a game changer in a world where automation is King.

     

    The exam summary 

    Table of contents

    All you need to know about the exam can be found in the official Page. But bellow is what to expect in a nutshell:

    Length: 1 hours.

    Questions:  57

    Exam format: Multiple choice and multiple select

    Recommended experience:  Hands-on experience on deployments on any major Cloud platform.

    Pass/actual Score: 70%.

    Score per topic: Available and broke down into 9 content area.

    Terraform version: 0.12 and higher.

    Exam center:  PSI Online (requires GitHub account)

    Retake Policy: 7 days between exam failed attempts. Max 4 exam attempts in total in a one year period.

    Pass confirmation: Results and badge in less than 1 hour.

    Preparation time: Few weekends if you have already deployed with terraform (videos+ labs + practice exams) .

    Impressions 

    It may feel intimidating at first for a tech that’s still young but just getting familiar with the syntax and trying few deployment samples in AWS can help getting into it. Now of course, I didn’t really start from scratch considering all my deployments shenanigans in 4 major cloud providers, but I was still far from having what it takes to pass. Above all, what really surprised me when starting my prep journey is how little I knew about the extent of their services and features available in the OSS version of terraform. Those were exciting bits that I can’t wait to use, like remote backends, Terraform Cloud along with modules that I hate less now :). More about it in the Last tip section.

    By the way, If you’re too broke for ACloudGuru, jump right to 100% FREE section 

    Exam guide | Official material

    Again the content is available in the official hashcorp certification page including the study guide and exam review. It is broken down into 9 areas. I have put Hashicorp Doc/tutorial link for each sub section respectively.

      What I liked about it

      Believe it or not, I completely missed that Hashicorp had lab tutorials for each topic in their study guide. That’s so cool because you get to practice in a timed sandbox just by following their instructions and all for free. It’s too late for me, but I wanted to emphasize on Hashicorp’s efforts here, as labs are very important to prepare for this exam. 


      I know these are a lot of things to cover, but just keep in mind that at the end of the day the key workflow is:
      Write –> terraform Plan –> terraform Apply> Terraform Destroy


      Courses I followed

      As usual first thing people do is shop online for the best training material and possibly free. But in my case I took advantage of already available course in my CloudGuru Subscription.  


      I. A Cloud Guru:
      HashiCorp Certified Terraform Associate

      This required paying a yearly subscription for which I thank my Company for sponsoring this learning path.This image has an empty alt attribute; its file name is image-11.png

      • Pros
        • This is by far the best learning platform I ever tried, not just for preparing certs but also to follow tailored paths where you can learn by practicing through 100s of labs available
        • Moosa Khalid was very effective making the course interesting & easy to follow without unnecessary frills 
        • The themed labs in this course are available at the end of each section
        • It also has an exam practice which can be very handy
        • Modules , variable types (Collections,complex types), and concepts like vault were very well covered 
      • Cons
        • Although most topics, labs did the job, I found that some points still lacked detailed/necessary coverage 
        • Missing examples on attributes for init subcommand  like –backend or out
        • Missing different Ways to configure a remote Backend depending on the chosen source
        • Missing different ways to call modules
      • Pro Tip : skip the second half of the labs and do them all together when finishing with the theory(videos)     

      100% Free resources  


      I. Youtube

      1. HashiCorp Terraform Associate Certification Course - Pass the Exam! By @AndrewBrown


      Content:
      It’s 12 hours long and was dropped few months ago but still valid. Andrew is very popular in the Cloud community as he has a lot of free courses in YouTube beside his learning platform in examPro . I didn’t follow this one but he never ceases to deliver , as I followed a couple of his free courses in the past.

      1. Learn Terraform by Building a Dev Environment – Full Course for Beginners By @Derek Morgan

        Content:

        This will not meant to answer all the exam questions but will rather help you get the necessary skills to get familiar with terraform deployments in AWS. That is why it is only 1 hour and half long. I didn’t need it but it’s a good start before diving into the exam theory concepts.


        II. Exam practice/ Articles 

         There are many but the only one that stood out for my is the following medium blog post by Bhargav Bachina 

        III. My notes and labs

        This is basically a mix of  Bhargav’s Sample questions with tips I gathered during my learning from ACG/other . This was more than enough to confidently pass teh exam. I still use it today to refresh my memory on terraform options and tricky commands. 

        Link: BrokeDBA Bundles Notes on Hashicorp terraform associate exam

        Pro-Tip:
        Another way to learn about terraform in any cloud platform is to read my Terraform for dummies Blog Series.


        Last tip (goodies)

        The online courses won’t help clear all the exam questions, so you better train a bit more. The last contribution I wanted to share is few tricks/notes on things I learned that I had no clue about before preparing the exam

        • Terraform init options
          $ terraform init -backend=false     -- skip backend
          $ terraform init -get=false         -- skip modules
          $ terraform init -get-plugins=false -- skip plugins
        • Module location: terraform/modules/
        • Syntax for referencing a registry module: <NAMESPACE>/<NAME>/<PROVIDER>
          module "consul" {
             source = "hashicorp/consul/aws"
             version = "0.1.0"
          }
        • Syntax for referencing a private registry module : <HOSTNAME>/<Org-NAME>/<NAME>/<PROVIDER>
          module "vpc" {
             source = "app.terraform.io/My_corp/vpc/aws" –> 
             version = "0.9.3"
          }
        • Preview the behavior of the command terraform destroy
          $ terraform plan –destroy
        • Save the execution plan
          $ terraform plan -out=filename
        • Manually source module into your working directory
          $ terraform init -from-module=MODULE-SOURCE
        • target only specific resources when you run a terraform plan/destroy
          -target=resource
        •  Update the state prior to checking differences when you run a terraform plan
          $ terraform plan -refresh=true
        • Provide remaining arguments when using partial configuration
          - Interactively:
          - File: terraform init -backend-config=PATH
          - Command-line key/pair: terraform -backend-config="KEY=VALUE"
           

        Conclusion


        As I said It was long overdue but I am very glad I finally passed terraform associate exam. It is a very exciting realm and I can’t wait learn even more each day. I hope this blog post will help those who are interested in taking a step forward to start their preparation journey as I did few months ago. Best of luck !! 

        Automation is here today I tell ya :).


        Thank you for reading

        Saturday, April 16, 2022

        Terraform for dummies part 6: Deploy Oracle DB System 21c using terraform

        Intro

        What’s the point of moving a database to the Cloud if we can’t automatically deploy it. After blogging about web compute provisioning on AWS,OCI, Azure, & GCP using terraform. The least I could do as a (future-ex) DBA is to terraform database provisioning in Oracle Cloud. On top of that, I also wanted to include a bastion service session to connect to the DBCS instance in the private subnet .


        This image has an empty alt attribute; its file name is image-7.png


        Here’s a link to my GitHub repo linked to this lab: brokedba/terraform-provider-oci/database-system

        Where do I find a good OCI Database deployment sample?
        I explored the official Oracle Cloud GitHub repository, but I couldn’t find a simple stack with no frills. I mean, when you want to deploy a database for the first time, you don’t want to spin 10 other app components that have nothing to do with your DB. I then decided to gather the bare minimum using a function called terraform import that will retro-engineer the code from an existing database and carried on from there.  

        Overview & topology

        The above illustration shows the different components involved in this OCI Terraform Database stack.

        • VCN 

        • Database Cloud system 21c with 1 PDB

        • Bastion service + Bastion session using port forwarding SSH  targeting the DB instance

        • 2x Subnets

          • DB Subnet: private / linked to default route table

          • App Subnet: public / linked to app route table

        • 2x route tables

          • Default route table >  routes to NAT Gateway &Service gateway

          • App route table      >  routes to internet gateway

        • 2x security lists

          • db sec list   ports : ingress 22/1521  from app subnet

          • App sec list ports ": ingress 22/80/443 , egress 1521

        I.Terraform setup


        II. Clone the repository

        • Run terraform init that will install OCI provider plugin automatically

          $ terraform init
          $ terraform -v | grep provider  
            + provider registry.terraform.io/hashicorp/oci v3.83.1   

            III. terraform config content

            • Let's see what's in the database-system directory. Here, only *.tf files matter along with tfvars

              $ tree
              ├── bastion.tf ---> OCI Bastion terraform declaration code
              ├── database.tf ---> OCI DBCS terraform declaration code
              ├── datasources.tf ---> data source declaration code (i.e to fetch shape ocids)
              ├── terraform.tfvars ---> TF_environment_variables needed to authenticate to OCI
              ├── outputs.tf ---> displays the DBCS/Bastion resources detail after the deploy
              ├── variables.tf ---> Resource variables needed for the deploy
              └── vcn.tf ---> Our Networking terraform declaration code

            • Adjust the required authentication parameters in terraform.tfvars according to your tenancy and DB info 

            • # Adapt the below variables to your own tenancy authentication configuration
              $ vi terraform.tfvars
              export TF_VAR_tenancy_ocid="ocid1.tenancy.oc1..aaaaaaaa" # change me
              export TF_VAR_user_ocid="ocid1.user.oc1..aaaaaaaa" # change me export TF_VAR_compartment_ocid="ocid1.tenancy.oc1..aaaaaaaa" # change me
              export TF_VAR_fingerprint=$(cat PATH_To_Fing/oci_api_key_fingerprint)# change me export TF_VAR_private_key_path=PATH_To_APIKEY/oci_api_key.pem # change me export TF_VAR_ssh_public_key=$(cat PATH_To_PublicSSH/id_rsa.pub) # change me export TF_VAR_region="ca-toronto-1" # change me export TF_VAR_db_admin_password="DBwelcome2022##" $ . terraform.tfvars

            Terraform files OVERVIEW:

            I will only show excerpts from database.tf /output.tf to have an idea but all *.tf files are accessible on my Repo.

            database.tf

            • As shown in the below declaration, highlighted in green are variables and the grey ones are data source based

              resource "oci_database_db_system" "MYDBSYS" {
              availability_domain = data.oci_identity_availability_domains.ad1.availability_domains[0].name
                compartment_id      = var.compartment_ocid
                database_edition = var.db_edition
                db_home {
                  database {
                    admin_password = var.db_admin_password
                    db_name        = var.db_name
                    pdb_name       = var.pdb_name
                    character_set  = var.character_set
                    ncharacter_set = var.n_character_set
                    db_workload    = var.db_workload
                    db_backup_config {
                      auto_backup_enabled     = var.db_auto_backup_enabled
                      auto_backup_window      = var.db_auto_backup_window
                      recovery_window_in_days = var.db_recovery_window_in_days
                    }
                  }
                  db_version = var.db_version
                }
                shape                   = var.db_system_shape
                license_model           = var.license_model
                subnet_id               = oci_core_subnet.terraDB.id
                private_ip              = var.db_system_private_ip
                ssh_public_keys         = ["${var.ssh_public_key}"]
                hostname                = var.hostname
                data_storage_size_in_gb = var.data_storage_size_in_gb
                node_count              = data.oci_database_db_system_shapes.db_system_shapes.db_system_shapes[0]["minimum_node_count"]
                display_name = var.db_system_display_name
              }

              All variables can of course be changed to your liking in the variables.tf

              output.tf

              • Here we just grab any relevant information related to the DBCS and the Bastion service like the ssh command

                #########################
                ##  DBCS INSTANCE OUTPUT
                #########################

                output "hostname" {
                description = " id of created instances."
                value       = oci_database_db_system.MYDBSYS.hostname
                }

                output "private_ip" {
                description = "Private IPs of created instances."
                value       = oci_database_db_system.MYDBSYS.private_ip
                } output "DB_STATE" {
                  value = oci_database_db_system.MYDBSYS.state
                }
                output "DB_Version" {   value = oci_database_db_system.MYDBSYS.version
                }
                output "db_system_options" {
                  value = oci_database_db_system.MYDBSYS.db_system_options
                }

                #########
                # BASTION
                #########
                output "bastion_name" {
                value = oci_bastion_session.mybastion_session.bastion_name
                }

                output "bastion_session_name" {
                  value = oci_bastion_session.mybastion_session.display_name
                }

                output "bastion_session_state" {
                  value = oci_bastion_session.mybastion_session.state
                }

                output "bastion_session_target_resource_details" {
                  value = oci_bastion_session.mybastion_session.target_resource_details
                }

                output "bastion_session_ssh_connection" {
                  value = oci_bastion_session.mybastion_session.ssh_metadata.command
                }


              IV. DBCS Stack deployment


                Make sure you copied the adjusted terraform-tfvars file and sourced it. You can then run the plan command (output is truncated for more readability) 

                $ terraform plan
                  ------------------------------------------------------------------------
                   Terraform will perform the following actions:
                
                  ... # VCN declaration 
                # oci_bastion_bastion.mybastion will be created
                + resource "oci_bastion_bastion" "mybastion" { ...
                # oci_bastion_session.mybastion_session will be created
                + resource "oci_bastion_session" "mybastion_session" {
                ...
                + target_resource_details {
                       + session_type                               = "PORT_FORWARDING"
                       + target_resource_display_name               = (known after apply)
                       + target_resource_operating_system_user_name = (known after apply)
                       + target_resource_port                       = 22
                       + target_resource_private_ip_address         = "192.168.78.10"
                     }
                  }
                # oci_core_subnet.terraApp will be created
                + resource "oci_core_subnet" "terraApp" { ...
                # oci_core_subnet.terraDB will be created
                + resource "oci_core_subnet" "terraDB" {
                + availability_domain        = "gwmA:CA-TORONTO-1-AD-1"
                    + cidr_block                 = "192.168.78.0/24"
                ...
                # oci_core_virtual_network.vcnterra will be created
                + resource "oci_core_virtual_network" "vcnterra" {
                + cidr_block               = "192.168.64.0/20"
                + display_name             = "db-vcn"
                    + dns_label                = "terravcn"
                ...}
                ..
                # oci_database_db_system.MYDBSYS will be created
                + resource "oci_database_db_system" "MYDBSYS" {
                + availability_domain                     = "gwmA:CA-TORONTO-1-AD-1"
                + database_edition                        = "STANDARD_EDITION"
                + data_storage_size_in_gb                 = 256
                + display_name                            = "DBCSDEMO"
                + hostname                                = "hopsdb-oci"
                + license_model                           = "LICENSE_INCLUDED"
                + private_ip                              = "192.168.78.10"
                + shape                                   = "VM.Standard2.4"
                + ssh_public_keys =[...
                + db_home {
                + db_version                   = "21.0.0.0"
                ...
                + database {
                + db_workload                    = "OLTP"
                + db_name                        = "MYCDB"
                + pdb_name                       = "PDB1"
                ...
                + db_backup_config { …
                + backup_destination_details {
                }
                         }
                       }
                   } 
                + db_system_options {
                     + storage_management = (known after apply) }

                Plan: 15 to add, 0 to change, 0 to destroy.
                Changes to Outputs:
                  + DB_STATE                                = (known after apply)
                  + DB_Version                              = (known after apply)
                  + Subnet_CIDR_DB                          = "192.168.78.0/24"
                  + Subnet_Name_DB                          = "db-sub"
                  + bastion_name                            = (known after apply)
                  + bastion_session_name                    = "Session-Mybastion"
                  + bastion_session_ssh_connection          = (known after apply)
                  + bastion_session_state                   = (known after apply)
                  + bastion_session_target_resource_details = [
                + db_system_options                       = (known after apply)
                  + hostname                                = "hopsdb-oci"
                  + private_ip                              = "192.168.78.10"
                  + vcn_id                                  = (known after apply)
                  + vcn_name                                = "db-vcn"

                Now let’s provision our DBCS instance (output has been truncated for more visibility)

                $ terraform apply -auto-approve
                ...
                oci_core_virtual_network.vcnterra: Creation complete after 1s

                oci_core_security_list.terraApp_sl: Creation complete after 1s

                oci_core_internet_gateway.igtw: Creation complete after 1s
                oci_core_security_list.terra_sl: Creation complete after 1s
                oci_core_route_table.apprt: Creation complete after 1s
                oci_core_service_gateway.obj-svcgw: Creation complete oci_core_nat_gateway.natgw: Creation complete after 3s

                oci_core_default_route_table.rt: Creation complete after 0s
                oci_core_subnet.terraApp: Creation complete after 5s
                oci_core_subnet.terraDB: Creation complete after 5s
                oci_database_db_system.MYDBSYS: Creating...
                oci_core_drg.drgw: Creation complete after 9s
                oci_core_drg_attachment.drgw_attachment: Creation complete after 15s
                oci_database_db_system.MYDBSYS: Creation complete after 50m58s
                Apply complete! Resources: 15 added, 0 changed, 0 destroyed

                CONNECTION TO YOUR DBCA INSTANCE 


                As mentioned earlier I included  a bastion service session to remote log into the target database instance in the private subnet from my workstation through port forwarding tunnel. You want to know the full ssh command ?? look no further! it is already displayed in my terraform output after the apply >> bastion_session_ssh_connection

                This image has an empty alt attribute; its file name is image-8.png

                SSH connection Usage

                • Final ssh command will  looks like this, notice I added & to run it in the background, so I won’t have to open another session to login to the private DB instance. 

                # ssh -i ~/.ssh/id_rsa_oci -N -L 22:192.168.78.10:22 -p 22 ocid1.bastionsession.oc1.ca-toronto-1.amaaaaaavr**a@host.bastion.ca-toronto-1.oci.oraclecloud.com &
                • Run the final ssh command to access the target resource using a sort of loopback where localhost is forwarded into the target instance IP through the opened proxy tunnel. 

                # ssh -i  ~/.ssh/id_rsa_dbcs opc@localhost
                [opc@hopsdb-oci ~]$  sudo dbcli describe-component --- target instance
                System Version
                ---------------
                22.1.1.1.0
                Component                                Installed Version    Available Version
                ---------------------------------------- -------------------- --------------------
                GI                                        21.1.0.0.0            21.5.0.0
                DB                                        21.1.0.0.0            21.5.0.0


                [opc@hopsdb-oci]$ sudo dbcli list-databases ID DB Name DB Type DB Version CDB Class Storage Status DbHomeID ------- ---------- -------- ----------- ----- ----- -------- ---------- ----------- a3** MYCDB Si 21.1.0.0.0 true Oltp ASM Configured 9a841-****

                What you should know

                Terraform registry Doc for oci provider is not up to date i.e node_count in db_system resource is really required

                image

                The list of valid releases will change and can break your deployment. (i.e 19.11.0.0 was recently dropped from the list) you may want to use base release first.


                CONCLUSION

                • We have demonstrated in this tutorial how to quickly deploy a Database instance using terraform in OCI and leverage along with all necessary network resources

                • Remember that all used attributes in this exercise can be modified in the variables.tf file.

                • Adding a bastion service on top of the stack including the required ssh command to access the dbcs instance is a great value (port 1512 can also be forwarded to connect from sqldevelopper)

                • From this stack you can safely add new components via sub-modules or new resources in the .tf files

                • With this simple example you have no excuse not to try a terraform deployment for your databases in OCI

                • You can also import the stack into your resource manager service or even pipeline them in Gitlab/GitHub or OCI Devops