DevOps in your Oracle Stack

Copyright SageLogix, Inc, 2016. All Rights Reserved1

Using Puppet to Manage Oracle StacksTim KrupinskiSolution Architect - SageLogix


Agenda

Explaining DevOps Provisioning Services (IaaS) Security & Compliance Use Case – Puppet with Weblogic 12c Change Control


ExplainingDevOps


What is DevOps?

DevOps is a term combining Development and Operations More importantly…

– Represents a paradigm shift for IT management– Focuses on quicker deployments– Reduces human interaction– Relies on defining environments (or infrastructure) through code


But we’re not a coding shop

DevOps transforms the way you manage all aspects of your environments

Impacts…– Change Control– Compliance– Security

Don’t focus on the “D” Word


Why Adopt DevOps?From “State of DevOps 2016”


Puppet Chef Ansible SaltStack CFEngine

If only there were a tool…

How do we get there?


Introducing PuppetInsert Picture Here


Puppet Overview

Cross Platform – works with Windows, Linux, Solaris, and more Central idea is a “Manifest”

– Manifest describes the state of a system– Using an abstraction layer, manifests are platform agnostic

Works in a master / slave configuration Also works in “standalone” mode Extremely flexible and extensible to meet specific needs


Puppet Overview (Cont’d)

Manage configuration files via Templates Leverage “Puppet Forge” to download third party add-ons Currently Puppet Forge has plugins for just about everything…


Puppet Forge Oracle Modules

A plethora of user-supported modules are currently offered in the Puppet Forge…


Use Case with IaaS

Leverage Puppet Templates Combine with Oracle’s Orchestration API Benefits

– Write once, run often– Semantic– Extensible

Managing Orchestrations to Deploy a Server


Example Puppet Template

Puppet Template for a generic

TNSNAMES.ORA file


Example Orchestration File

Oracle Orchestration File that deploys an Oracle Linux server with two

volumes


Puppet with Compliance, Security, and Maintenance


Defining “Compliance”

Traditional definitions – PCI, HIPAA, SOX, etc…

Also extends to encompass any internal process, standards, etc– E.G. how you define firewall settings, or RBAC policies

Otherwise known as “check the box” type approach

Not your dad’s SOX


How Compliant Are You?

Situation: Need to produce a compliance report to determine whether you are following industry best-practices following a security breach.



2001 Solution: Task an intern with running through a list of possibly hundreds of metrics, on each system, and compile the results in an ad-hoc Excel file.

Time to complete: A week? Several weeks? A month?

Risk: Humans are bad at repetitive things, high chance of inaccurate data in the report



2010 Solution: Consult your bag-o-scripts that’s been homegrown in-house over the past decade.

Time to complete: A few days? A week?

Risk: Scripts don’t work consistently, and aren’t compatible with newer components of your IT footprint



2016 Solution: Just run an OpenSCAP report

Time to Complete: A few minutes.

Risks: You might have to look up the command again.


Benefits of OpenScap


Benefits of OpenScap


OpenSCAP Summary

Can use a tool like Puppet to manage reporting across infrastructure

Cross platform and open source

Ships with Oracle Linux

Oh, and it also does automatic remediation to fix violations

automatically


Summary

We can use our DevOps tool (Puppet) with our compliance tool (OpenSCAP) to reliably report on the state of our infrastructure in a real-time, human-readable way.

We can extend Puppet to even go so far as to automatically remediate issues when it finds them in an OpenSCAP report.


Case Study Using Puppet to deploy Weblogic 12c


The Problem

Client wanted to do a greenfield installation of Weblogic 12c

Between Development, Test, QA and Production, total deployment consisted of 9 different servers

Each server had specific requirements depending on the environment


Step 1 – The Manifest and Templates

A. Defined a class within puppet called “Weblogic 12c” and defined a manifest for it

B. Created a Template for the response files needed, which dynamically generated the correct configuration based on the host name and type (Dev, Test, Production)

C. Presented the mount point with software to relevant servers

Total Lead Time: 1 week


Step 2 – Test

Total Lead Time:2-3 Days


Step 3 - Deploy


What about a patch?

Follow the same method:– Write Once– Test– Deploy Often

Applies to Opatch (The patching utility for Oracle software) Also applies to OS

Or Change Control In General


Change Control

Clear and concise definitions of your environment Combine with a version control system like Git to have a full paper trail

of when changes were made, and who made them Better understanding of which change potentially caused a defect in a

system

Some benefits of using Puppet with CC


Technology

DevOps in your Oracle Stack