KQL is my new SQL

| Nov 14, 2019

As i continue on my cloud journey i find the odd occasion where something i'm working with throws me right back to my days as a DBA working with Oracle (other relational database are available.....).

This has never been more true than when i talk about KQL (yes KQL , that's not a typo)

KQL or "Kusto Query Language" to give it it's full name is the language used to work with a lot (more...)

Adventures in dns – conditional forwarding reverse dns requests

| Aug 31, 2019

Well that title is a bit of a mouthful but what i actually want to do is quite simple - take the case in the screenshot below - i can quite happily do the forward lookup (i.e. resolve a name to an ip address), however if i then try and lookup the ip address in dns to see what name that's linked to it doesn't work......

So in the case above i quite happily (more...)

When the cloud dies – getting into your windows VM

| Jul 28, 2019

Now the cloud never fails right....?

Well just assume for a minute that's it's not this magical thing that never breaks and is fallible, and then take in one step further and imagine some kind of really nasty scenario where the managed domain controller is toasted and you see a horrible message like the screenshot below:

Game over right?

How do you ever get on to the machine to fix that - even if we (more...)

Azure scalesets – a useful technique?

| Jul 16, 2019

This post is describing how to take an existing VMSS running instance and then using that as a baseline to create a new base image for all other instances going forward. Now ordinarily you would think why on earth are you doing this - surely you already have a defined base image and all instances are a copy of that?

Well in this case the instances had been edited directly and quite a lot of (more...)

Enabling diagnostics and antimalware extensions in VMSS

| Jul 16, 2019

In a direct follow on from the last post here are the steps to add two further extensions - listing here for my own benefit......(all run from cloud shell)

First up AntiMalware extension (shamelessly borrowed from here http://www.techkb.onl/azure-installing-the-microsoft-antimalware-and-log-analytics-extensions-on-vm-scale-sets/)

In this case loaded using powershell (make sure to have correct subscription set before you run this)

$rgname = 'yourrgname'
$vmssname = 'yourvmssname'
$location = 'yourlocation'

# Retrieve the most recent version number (more...)

Domain joining a virtual machine scaleset instance automatically

| Jun 26, 2019

We've been experimenting with Virtual Machine Scalesets (VMSS) within Azure. These allow you to dynamically add multiple copies of the 'same' machine to a 'group' so you can scale up to address peaks in load and then scale back down again. The simple use case always being the ecommerce site where you want more webservers running on black friday for example.

Now if you were doing a greenfield setup i doubt you would use scalesets (more...)

Windows cluster across Azure zones

| May 14, 2019

Now I've done quite a bit of work with clusters over the past 20 years - including MC Service guard (HPUX) , HACMP (AIX) as well as Oracle OPS/RAC but until this week I'd never built a windows cluster. I'd had applications run on them and knew some of the basics but had never actually had to set one up.

In this specific case we had to build what i would call a 'normal' cluster (more...)

Power BI report of Azure resources

| Apr 24, 2019

As our use of Azure is continually expanding so is our requirement for effective reporting and governance of that. However there still seem to be some gaps into what is actually possible (unless i missed something - which is entirely possible as the platform seems to change on a daily basis.....).

For example if i want to directly report on azure resources from Power BI i can't natively do that - there doesn't seem (more...)

More ‘hacking’ with ssh – piggybacking on the proxy…

| Mar 18, 2019

Of late I've been more and more feeling like some bedroom network hacker in trying to test out some connectivity options to see which performs the best.

In this specific case I just want to scp some files from one server (on premise) to a server in public cloud - in this case Azure but it could be any cloud (or indeed any server actually).

With Azure we can copy stuff to a private address (more...)

Down the rabbit hole getting sqlnet client trace working

| Mar 5, 2019

So I've been a 'non' DBA for getting on 2 years now but i still remember some stuff right...?

Or so i thought - so simple request just activate tracing for a client connection as we're trying to debug a problem - no issue i said that's easy - just set some flags in sqlnet.ora and away we go.....

Well it didn't turn out that way.

So to start with i just assumed i (more...)

Linux login with ldap

| Feb 24, 2019

After an absence of a few weeks (due to just having too much work to do and not time to write anything up) i finally made the effort. It was prompted by the fact that what i though would be a relatively easy thing to set up turned out to be anything but and i spent way too many hours on this.

What i was trying to do was get authentication to linux machines working (more...)

Linux login using Azure Active Directory credentials

| Jan 11, 2019

In the dim and distant past (2 years ago) - i wrote up a post here http://dbaharrison.blogspot.com/2016/11/linux-in-azure-single-sign-on.html talking about how you could authenticate users in linux against AAD for a nicer user management experience - this worked pretty well but wasn't perfect.

It now seems that Microsoft have done this themselves and made the whole thing a lot slicker.

The benefits of the new method are:

Access (including admin access) can be (more...)

linux and trusted certificates

| Nov 21, 2018

Slightly unusual post for me - t's not really azure related (or indeed Oracle related from my past life) this is just talking about ssl certificates in general on linux machines - this particular example is for RHEL on Azure but actually thats largely irrelevant - the process would be pretty much the same on any platform in any hosting zone.

So in my example we had an intranet application hosted at https://blahblah.intranet.com (more...)

Four reasons to love cloud shell

| Oct 25, 2018

Cloud shell is one of the nicest more recent additions to the azure 'family' (if i can call it that). I'm using it more and more and thought i would share a few things i discovered recently that enhance working with it. It's now surprising what you can actually do it.

The Azure portal is now getting closer and closer to allowing you to do almost everything from a browser.

So first up

1) You (more...)

vscode and azcli

| Oct 13, 2018

I've been using vscode more and more - personally i think its great.

As an example of why i like it so much here is a quick walkthrough of some stuff with the extension that lets you work with the az command line tool.

First up you have to get the extension installed via the normal route - a description of the extension itself is shown in the screen grab below

As an example lets (more...)

Protecting an nginx ingress into kubernetes with a ‘real’ certificate

| Oct 12, 2018

Following on from my last post where i use self signed certificates this post discusses how to use a 'proper' cert to do this properly and get rid of all the warnings. I did all of this in an AKS environment in Azure but the steps would be exactly the same for self hosted kubernetes or any other platform like EKS

The first step to doing this is to get a proper private key, generate (more...)

Converting a simple http container to one protected by https and Azure AD

| Oct 1, 2018

So that titles a bit of a mouthful - what am I actually going to talk about here? We are currently looking at containerizing a number of our applications, as we have heavily invested into Azure our deployment 'pattern' of choice is using Azure Kubernetes Services (AKS) - there are other ways to host containers in Azure but I'm ignoring those - this seems to be the strategic direction Microsoft are going in and is (more...)

Modern apache authentication with Azure AD

| Aug 16, 2018

One of the key topic areas for us at the moment is modernizing our applications - in most cases this is trying to move to more cloud native architectures like PaaS. However another aspect of this is dealing with the authentication process for applications - over time we (as most other companies will have) have built up a huge array of different authentication mechanisms (and authorization - but I'll ignore that for now). Users have (more...)

Some MySql/zabbix findings

| Aug 8, 2018

This past week I've been looking in to creating some reports out of our zabbix database that we host in an Azure MySQL PaaS service (i.e. a proper PaaS where everything is managed via a web gui/api calls - there is no 'server' that can be logged in to - at least not by end PaaS consumers).

Now my MySQL experience is pretty limited - I've installed it in the past and run some (more...)

Monitoring java app servers (Tomcat) with Zabbix

| Jul 16, 2018

This past week we've been trying to enhance our monitoring of java application servers (in our case Tomcat) using zabbix. This actually proved to be a lot more fiddly than we had hoped - and actually this is largely due to two reasons:

1) The documentation is not clear on the architecture
2) The error messages are somewhat misleading

Let me start off by talking about the first point - from the docs I have (more...)