
In this playground we will show you how easy it is to manage your database set-up with Puppet. How you can add and manage tablespaces, users and profiles. We will also show you one line of Puppet code that makes your database secure.
The playground system contains a pre-installed puppet agent. There is no server available, so to run Puppet, you have to use the puppet apply
command. The playground text will guide you with this.
On the playground system, you will find an Oracle database with the sid DB01. We have created it using the ora_profile
module. The playground will guide you in your customisations.
Under this text, you see the working area. You can inspect the system and issue any command you like in the terminal. In the editor window, you can see the Puppet production environment. You can edit anything you wish. The documentation tab shows the documentation for the ora_config
module.
This system will self destruct in about one hour. So please don’t use it to build or create anything you wish to keep!
Ensure tablespacesAfter you have installed your software and created your primary database, most of the time, you need to have some specific tablespaces. You can do this by adding some data to your hiera data. In the editor tab, go to the directory Now add this data to it:
This data tells Puppet to ensure that the tablespace First Puppet runPuppet runs will read this data and make sure the tablespace is available with the specified properties. Puppet will detect that the tablespace is unknown and create it since we will apply Puppet for the first time with this data.
Let’s inspect the Puppet output. Somewhere near the top you’ll see:
This is the information Puppet provides you about the tablespaces it manages. When you look at the Puppet output, somewhere near the end, you will see this:
So Puppet created the tablespace. Second Puppet runOne of the essential features of Puppet is that it is idempotent. Idempotent means it will not apply changes a second time. So if we rerun Puppet, it should see that the tablespace already exists with the specified properties and do nothing. Let’s verify that and rerun Puppet:
We still see the message at the top that Puppet manages the tablespace, but we no longer have the creation message, just as we expected. Change tablespacesPuppet is not only very easy when creating (or ensuring) tablespaces. It is also straightforward to change an existing tablespace. We will use the same declarative hiera data to change some of the tablespace properties. We will use the tablespace we created before. Add some changesA very common use-case is to change the size and the max size of the tablespace. Let increase the size from 5G to 10G Let’s open the node-specific data file again. In the editor tab, go to the directory
and re-run Puppet again:
If you look at the output, you see this:
As a final check, let’s re-run Puppet and see if this change is also idempotent.
No changes were detected, so it is indeed idempotent. More tablespace propertiesThe previous example was very elementary. In reality, you probably need more options when defining a tablespace. No worries. Puppet supports all of the options AutoextendLet’s ensure that a second tablespace
And run Puppet:
We see:
A temporary tablespaceLet’s add the ‘TMP_TS_1` temporary tablespace. Here is the hiera data you have to add to the of the list of tablespaces.
When we run Puppet, we see:
An undo tablespaceLet’s add the ‘UNDO_TS_1` undo tablespace. Here is the hiera data you have to add to the of the list of tablespaces.
When we run Puppet, we see:
More informationSee the documentation what kind of table space properties you can manage with Puppet use. Manage profilesOne of the other database objects that are easy to manage with our Puppet modules is the database profile. A very common use-case is that we wish to change the properties of the default profile. The standard In the editor tab, go to the directory Now add this data to it:
First Puppet runPuppet runs will read this data and make sure the profile is available with the specified properties. Puppet will detect that the profile has a different value for
Let’s inspect the Puppet output. Somewhere near the top you’ll see:
This is the information Puppet provides you about the profiles it manages. When you look at the Puppet output, somewhere near the end, you will see this:
So Puppet adjusted the value for Second Puppet runOne of the essential features of Puppet is that it is idempotent. Idempotent means it will not apply changes a second time. So if we rerun Puppet, it should see that the Let’s verify that and rerun Puppet:
We still see the message at the top that Puppet manages the profile, but we no longer have the creation message, just as we expected. More informationSee the documentation what kind of profile properties you can manage with Puppet use. Manage database usersNow let’s add some database users (schema owners). Again you only need to add some yaml settings to your hiera data. For managing database users, we can use the hiera key Let’s start off with a database use where the application tables will be created. We call it In the editor tab, go to the directory Now add this data to it:
First Puppet runPuppet runs will read this data and make sure the database user is available with the specified properties. Puppet will detect that the user is unknown and create it since we will apply Puppet for the first time with this data.
Let’s inspect the Puppet output. Somewhere near the top you’ll see:
This is the information Puppet provides you about the users it manages. When you look at the Puppet output, somewhere near the end, you will see this:
So Puppet created the database user. Second Puppet runOne of the essential features of Puppet is that it is idempotent. Idempotent means it will not apply changes a second time. So if we rerun Puppet, it should see that the database user already exists with the specified properties and do nothing. Let’s verify that and rerun Puppet:
We still see the message at the top that Puppet manages the user, but we no longer have the creation message, just as we expected. Interactive usersPuppet also checks and changes the password of the specified database user. For static accounts containing application tables, that is most of the time what you want. But for interactive database users, this is mostly unwanted. If a database user changes his password, we don’t want Puppet to change it back. Fortunately, Puppet has you covered here as well. We are going to make the interactive user:
First Puppet runPuppet runs will read this data and make sure the database user is available with the specified properties. Puppet will detect that the user is unknown and create it since we will apply Puppet for the first time with this data.
Let’s inspect the Puppet output. Somewhere near the top you’ll see:
This is the information Puppet provides you about the users it manages. When you look at the Puppet output, somewhere near the end, you will see this:
So Puppet created the database user. Second Puppet runOne of the essential features of Puppet is that it is idempotent. Idempotent means it will not apply changes a second time. So if we rerun Puppet, it should see that the database user already exists with the specified properties and do nothing. Let’s verify that and rerun Puppet:
More informationSee the documentation what kind of user properties you can manage with Puppet use. Manage database parametersYou can also manage your database parameters with Puppet. When managing these with Let’s change the maxmimum number of open cursors for this database from For managing database users, we can use the hiera key In the editor tab, go to the directory Now add this data to it:
First Puppet runPuppet runs will read this data and make sure the parameters are available and have the correct value. Puppet will detect that the parameters have a different value since we will apply Puppet for the first time with this data.
Let’s inspect the Puppet output. Somewhere near the top you’ll see:
This is the information Puppet provides you about the parameters it manages. When you look at the Puppet output, somewhere near the end, you will see this:
So Puppet ensured that both parameters are present and set to the correct value. In this case, we set both the Second Puppet runOne of the essential features of Puppet is that it is idempotent. Idempotent means it will not apply changes a second time. So if we rerun Puppet, it should see that the database parameters are already set with the correct values and do nothing. Let’s verify that and rerun Puppet:
We still see the message at the top that Puppet manages the user, but we no longer have the creation message, just as we expected. More informationSee the documentation what kind of user properties you can manage with Puppet use. Secure your databaseA standard installed Oracle database is pretty open. Meaning insecure. The Center For Internet Security (CIS) has defined a benchmark for Oracle database security. With Puppet it is pretty easy to apply this benchmark to your database and make your database secure. Apply the CIS benchmarkIn the editor tab, go to the directory First noop Puppet runWhen you run Puppet now for the first time, it wil start inspecting the security and directly fix it. This is probably not what you want right now. For now to see what it will change, we will use the
You’ll see a large list of things that Puppet would change. The generated notices look like this:
The part after CustomisePuppet allows you to customise what rules you want and what rules you want to skip. At the top of te output you see this message:
We don’t want this message anymor. So we know for sure that we want to skip rule
The
Second noop Puppet runNo when we run Puppet, the warning will no longer be issues.
The real dealYou probably will have to apply more customisations for your database, but for teaching porposes, we are ready to apply all these changes to the database. Let’s run Puppet for real:
You like it?Do you like what you see here and want to test this on your own infrastructure? No problem. You can sign up for a free trial. If you have any questions, don’t hesitate to contact us. |
![]() ![]() |