Database Reference
In-Depth Information
•
Provisioning of a database
•
Resetting a user password
•
Creating a user
•
Running an export of a schema
•
And many more…
More fundamental tasks such as installing an operating system for the Oracle database server or deploying the
Oracle database software are not listed here since they should already be automated. You can read more about these
tasks in Chapters 5 and 6 covering the Linux installation and Oracle deployment.
It would appear logical not to allow any operation that could negatively affect the availability of the service to be
automated. Not only could that cause much unwanted disruption, security problems with the code could also lead
to malicious denial of service attacks. Shutting down or otherwise restarting a database or database service should
probably not be in scope of a project to automate. Consider the simplified example in Figure
1-5
.
Figure 1-5.
Greatly simplified automation architecture with sample workflow
Figure
1-5
describes one possible way to set up an automation gateway. A dedicated automation server,
which has been specifically security hardened and equipped with an intrusion detection system (IDS) will accept
communication from users via a self-service portal. The communication between the portal and automation server
can be in many forms. In the past XML messages proved to be a popular means of communication, if sent securely.
After verification of the validity of the message, to prevent illegal command injection, the request will be inserted into
a workload queue. In addition to the syntax check there should also be a query against the enterprise trouble-ticket
system to ensure that the raised request has been duly approved. The FIFO (first in first out) queuing mechanism can
be configured either to execute the incoming requests immediately or delayed, depending on the request's urgency.
A one-time password should be generated for access to the database system, either from a local system or the
enterprise standard authentication system. Access to the database server itself could be granted via SSH keys. And it
goes without saying that all operations must be logged, ideally in a central location that cannot be tampered with.
The actual execution of the management task is most likely trivial in comparison. In the most basic form a shell
script calls sqlplus with the verified and validated parameters and executes the task. Another possibility is the use of
the Enterprise Manager command line interface to perform a task, but as with any development-related task there
is more than one way to do it.
Search WWH ::
Custom Search