Background
My project is using Entity Framework
Migrations are being deployed via OctopusDeploy by using the migrate.exe executable
Problem / Goal
I need to script a set of permissions to the database for an account on each system, e.g.
When deployed to dev, account1 must be granted datareader/datawriter access
When deployed to test, account2 must be granted datareader/datawriter access.
etc.
I'd like to use the same system for this that we're using so far (manual code-based migrations). If possible, I'd like to script the permission grants for a database and run them as part of our migrate.exe execution on deployment.
However, because I'll only have one "migration" that applies these permissions, I don't know to ensure I apply the right permissions to the right user in each environment.
Questions
Is there a recommended way to know or apply which environment the migrations are a part of when running migrate.exe so that I can run it against all environments without issue?
Can I pass in some sort of variable to migrate.exe which I can then use in my migrations?
Is there something wrong in my premise / assumptions when approaching this?
Related
I'm starting to configure Keycloak to run on production environment and I need to use a database in order to run more than one instance with a single configuration repository. I'm using Oracle as SGBD.
But I didn't find the scripts to create the database in the Keycloak's git.
Does anyone knows where can I find them?
You don't need to specifically run a separate set of SQL files. Keycloak will run it for you on first startup.
A bit of advice as it's not really obvious at first - you'll either need to remove and install the default Keycloak data source (KeycloakDS) or manually modify the standalone.xml to point to the setup you want. It took me a little bit to figure out the order that I needed to do things.
I have been quested for a while for a best practice to initialize the relational database schema and pre-populated data.
There are a couple of ways to make it happen:
Install the cf-ex-phpmyadmin and import the data and schema thru it
Use the VMC cli tool to create a tunnel the service from this link
If using ruby or python, use the db migration command in the manifest.yml. However, it will be executed on each instance and every time the instance re-stages.
Which one is commonly used and most effective?
VMC is very old and is no longer supported. I'd be surprised if it even works against a Cloud Foundry installation that has been deployed within the last couple years. You should use the new cf CLI.
If you were to put the command in your manifest, you could avoid having it run on every instance if you had a conditional guard that would only run the migrations if $CF_INSTANCE_INDEX equals 0, however it's not always a great idea to run migrations in your start command, since there is a hard timeout on your start command, and you don't want migrations to be interrupted if they are long migrations.
A good suggestion I've heard [1] is that migrations should be handled as a separate part of your deploy process, either by cf ssh or running them locally, pointed at the URL and credentials of your database service instance.
[1] credit to Travis Grathwell for this suggestion.
I am trying to configure CI using Visual Studio Online. I've configured GIT and made the build. It is automatically building with every push I make. I want to automatically publish my changes to my database (stored on my server). I've created publish config for that, made the connection string there and put the password in that config. It is working great however is there any way to store the password (other than plain text)?
It is a problem I have tried to fix myself (how do I have an open source project and still have builds with credentials in). The reality is that you can't store credentials in a public place and used by a public server without making them public.
You need to decide whether you trust VSO or not, if you do then you can give it your credentials and if you don't then you can't.
Normal things that you would do such as running the CI process under a service account or giving the account a certificate won't work for VSO because each build happens (seemingly from my testing) on a clean machine each time so you can't pre-configure security settings.
The best that you can really do is to only allow access to your database from known locations i.e. vso and whatever accesses the database rather than everywhere.
ed
I am a software developer with devlopment experience in C#, C++ .Net alongwith SQL Server 2005/08, Oracle and mysql. But somehow i dont get jBASE to work at Windows XP SP3 machine.
My goal is setup user accounts, create database on a JBASE ainstallation, authenticate and backup/restore few table via a C++ program. And i dont need to do it with builtin backup/restore tools of jBASE.
I am able to install jBASe 4.1 aling with all its accessories on my WINXPSP3 machine. I was able to run the jSlimserver and TEMENOUS server along with licnesing server. I was able to add the license key as well. But after that what i was supposed to do? i have no idea about it.
The docs and online help doesnt answer a simple question of how to create a database! The google search results from the jbase site all go to the 404 Pages!
Can a jBASE expert guide to the following steps:
Create a jBASE database.
Create users
Authenticate via those users
Connect to database
Create tables and insert data.
Connect via a C++ or C# program to connect to jBASE DB and backup/restore tables.
I know that this is too much too ask but i dont get to get the JBASE system. I cant get it to work on my System somehow. Btw, jdc and jexloree doesnt seem to do anything. I have checked that enironmental variables for jBASE are setup correctly and i have verified them. There are no extra JRE or JDK installations on my system. Besides all that, only licensing client, slim server and temenous server seem to run and listen for connections and no other execuatable ever seems to work.
A simple tutorial to achieve the objective will be highly appreciated. Also if anyone can point out the mistake that i have done or anything i might need to check, then please do so. I will be highly encouraged and obliged.
Thanks
Steve
I hope this will help, if you have not already found a why to do this.
Setup jBase User and Database
Create a Security Group called
'Jbase' or what every you want to
call it
Add a User to this group. I would
recommend adding your administrator
user to it as well
Create a folder in you file system
to save the database information
into
Assign the 'Jbase' Security group to
the folder, and give it "Full"
read/write/execute access.
Creating the database:
Make sure the current users you
are logged on with is the 'Jbase'
security group.
go to the command prompt, and CD
to the folder you create to store
the database
run the jShell 'jsh' from that
location
use CREATE-FILE to create the
files/tables you want to store your
information in.
Inserting data:
There are several ways to enter data. You can use ED, your can your programming environment, or you can create a quick MultiValue/jBase compiled server script to ask for the data and write them to a file/table.
I have SMO code which copies tables from one database to another. It runs fine in a desktop app. The same exact code put in a service, gives an error. The error is really obscure and doesn't hint about permissions.
I was wondering if the SMO objects need any kind of security to be used. Security context? Windows credentials.. etc? I am not talking about SQL Server security but security surrounding the use of the SMO methods.
You need full trust. You may have problems running this on certain hosted ASP.NET accounts, apps downloaded from the internet, or from shared drives, where CAS kicks in and gives the code something less than full trust and certain APIs won't be callable.
Are you using integrated security with your connection? If so, make sure the credentials that the service is running under have necessary access.
Make sure your service account (the account that your windows service is running as) has "Act as Part of Operating System" Policy.