When the cloud dies – getting into your windows VM



Now the cloud never fails right....?

Well just assume for a minute that's it's not this magical thing that never breaks and is fallible, and then take in one step further and imagine some kind of really nasty scenario where the managed domain controller is toasted and you see a horrible message like the screenshot below:



Game over right?

How do you ever get on to the machine to fix that - even if we (more...)

Azure scalesets – a useful technique?



This post is describing how to take an existing VMSS running instance and then using that as a baseline to create a new base image for all other instances going forward. Now ordinarily you would think why on earth are you doing this - surely you already have a defined base image and all instances are a copy of that?

Well in this case the instances had been edited directly and quite a lot of (more...)

Enabling diagnostics and antimalware extensions in VMSS



In a direct follow on from the last post here are the steps to add two further extensions - listing here for my own benefit......(all run from cloud shell)

First up AntiMalware extension (shamelessly borrowed from here http://www.techkb.onl/azure-installing-the-microsoft-antimalware-and-log-analytics-extensions-on-vm-scale-sets/)

In this case loaded using powershell (make sure to have correct subscription set before you run this)


$rgname = 'yourrgname'
$vmssname = 'yourvmssname'
$location = 'yourlocation'

# Retrieve the most recent version number (more...)

Domain joining a virtual machine scaleset instance automatically



We've been experimenting with Virtual Machine Scalesets (VMSS) within Azure. These allow you to dynamically add multiple copies of the 'same' machine to a 'group' so you can scale up to address peaks in load and then scale back down again. The simple use case always being the ecommerce site where you want more webservers running on black friday for example.

Now if you were doing a greenfield setup i doubt you would use scalesets (more...)

Windows cluster across Azure zones



Now I've done quite a bit of work with clusters over the past 20 years - including MC Service guard (HPUX) , HACMP (AIX) as well as Oracle OPS/RAC but until this week I'd never built a windows cluster. I'd had applications run on them and knew some of the basics but had never actually had to set one up.

In this specific case we had to build what i would call a 'normal' cluster (more...)

Power BI report of Azure resources



As our use of Azure is continually expanding so is our requirement for effective reporting and governance of that. However there still seem to be some gaps into what is actually possible (unless i missed something - which is entirely possible as the platform seems to change on a daily basis.....).

For example if i want to directly report on azure resources from Power BI i can't natively do that - there doesn't seem (more...)

More ‘hacking’ with ssh – piggybacking on the proxy…



Of late I've been more and more feeling like some bedroom network hacker in trying to test out some connectivity options to see which performs the best.

In this specific case I just want to scp some files from one server (on premise) to a server in public cloud - in this case Azure but it could be any cloud (or indeed any server actually).

With Azure we can copy stuff to a private address (more...)

Down the rabbit hole getting sqlnet client trace working



So I've been a 'non' DBA for getting on 2 years now but i still remember some stuff right...?

Or so i thought - so simple request just activate tracing for a client connection as we're trying to debug a problem - no issue i said that's easy - just set some flags in sqlnet.ora and away we go.....

Well it didn't turn out that way.

So to start with i just assumed i (more...)

Linux login with ldap



After an absence of a few weeks (due to just having too much work to do and not time to write anything up) i finally made the effort. It was prompted by the fact that what i though would be a relatively easy thing to set up turned out to be anything but and i spent way too many hours on this.

What i was trying to do was get authentication to linux machines working (more...)

Linux login using Azure Active Directory credentials



In the dim and distant past (2 years ago) - i wrote up a post here http://dbaharrison.blogspot.com/2016/11/linux-in-azure-single-sign-on.html talking about how you could authenticate users in linux against AAD for a nicer user management experience - this worked pretty well but wasn't perfect.

It now seems that Microsoft have done this themselves and made the whole thing a lot slicker.

The benefits of the new method are:

Access (including admin access) can be (more...)

linux and trusted certificates



Slightly unusual post for me - t's not really azure related (or indeed Oracle related from my past life) this is just talking about ssl certificates in general on linux machines - this particular example is for RHEL on Azure but actually thats largely irrelevant - the process would be pretty much the same on any platform in any hosting zone.

So in my example we had an intranet application hosted at https://blahblah.intranet.com (more...)

Four reasons to love cloud shell



Cloud shell is one of the nicest more recent additions to the azure 'family' (if i can call it that). I'm using it more and more and thought i would share a few things i discovered recently that enhance working with it. It's now surprising what you can actually do it.

The Azure portal is now getting closer and closer to allowing you to do almost everything from a browser.

So first up

1) You (more...)

vscode and azcli




I've been using vscode more and more - personally i think its great.

As an example of why i like it so much here is a quick walkthrough of some stuff with the extension that lets you work with the az command line tool.

First up you have to get the extension installed via the normal route - a description of the extension itself is shown in the screen grab below


As an example lets (more...)

Protecting an nginx ingress into kubernetes with a ‘real’ certificate



Following on from my last post where i use self signed certificates this post discusses how to use a 'proper' cert to do this properly and get rid of all the warnings. I did all of this in an AKS environment in Azure but the steps would be exactly the same for self hosted kubernetes or any other platform like EKS

The first step to doing this is to get a proper private key, generate (more...)

Converting a simple http container to one protected by https and Azure AD



So that titles a bit of a mouthful - what am I actually going to talk about here? We are currently looking at containerizing a number of our applications, as we have heavily invested into Azure our deployment 'pattern' of choice is using Azure Kubernetes Services (AKS) - there are other ways to host containers in Azure but I'm ignoring those - this seems to be the strategic direction Microsoft are going in and is (more...)

Modern apache authentication with Azure AD



One of the key topic areas for us at the moment is modernizing our applications - in most cases this is trying to move to more cloud native architectures like PaaS. However another aspect of this is dealing with the authentication process for applications - over time we (as most other companies will have) have built up a huge array of different authentication mechanisms (and authorization - but I'll ignore that for now). Users have (more...)

Some MySql/zabbix findings



This past week I've been looking in to creating some reports out of our zabbix database that we host in an Azure MySQL PaaS service (i.e. a proper PaaS where everything is managed via a web gui/api calls - there is no 'server' that can be logged in to - at least not by end PaaS consumers).

Now my MySQL experience is pretty limited - I've installed it in the past and run some (more...)

Monitoring java app servers (Tomcat) with Zabbix



This past week we've been trying to enhance our monitoring of java application servers (in our case Tomcat) using zabbix. This actually proved to be a lot more fiddly than we had hoped - and actually this is largely due to two reasons:

1) The documentation is not clear on the architecture
2) The error messages are somewhat misleading

Let me start off by talking about the first point - from the docs I have (more...)

Azure metadata service





I discovered this purely by chance this week and thought it would be useful to share.


Seems there is some functionality in Azure that lets you extract some information about the VM (that is not directly available on the VM itself) from the Azure platform itself - it's easier to explain what I mean by a simple example


If i'm logged in to a VM I have no way of knowing what type/size of VM (more...)

Azure AKS and the quest for a PaaS ftp server



Bit of a longer post this one as this took me ages to get working and involved me having to try to learn lots of new stuff to the level where i could make it work.....(without really truly understanding a lot of it - so if there are mistakes don't be surprised)

So what was i trying to do? - well we still receive some files from external 3rd parties via ftp, these should (more...)