I was wondering if it were possible to push a SQL Server login via a chef recipe, without going through something like PowerShell. We already push an RBAC file to maintain users on a DB on creation time, but I would like to be able to also push logins for SQL Server via chef. I see that there's a sql_server cookbook, but it seems like it's mainly for installing/configuring SQL Servers, and there doesn't seem to be an option to push a specific login with a log in name and hash.
As you noted, this isn't a feature of the sql_server cookbook. At it's heart, Chef is just running commands and manipulating files so if you know how to do whatever is required to create a SQL Server user from the command line, you can write a Chef recipe for it. Check out the execute and powershell_script resources as a starting point. There is also some integration with the Microsoft DSC system which might already have resource types for this.
Related
I posted a similar question before, but I have now came back to the point where I need to deal with this and after some tuning I have managed to get rid of all the errors, except one warning that basically tells me that the path provided to the package not finding any files in the directory (which is false). This almost makes me want to believe this is again a permissions issue. As when I run the package locally it all works fine. Here is the warning:
Same message appears when I right click SSIS package under the catalogue and directly try to execute the job.
I made sure that the caller has full permissions to the folder in question
SQL Server Agent Job calls the job like so
With a single step in it to execute the SSIS package from the catalogue:
The history of the executions is all successful and the history of SQL Agent job is all green
One of the suggestions I got was to open SQL Server Configuration manager but I don't appear to have access to that. I am new to this whole process so I am not sure if authentication has something to do with it or the sa account's permissions.
Note: I am working on this on a remote dev server and not directly on my pc.
Any help would be greatly appreciated.
Since you're running the package as the Agent Service Account:
The permissions need to be applied to the SQL Server Agent Service Account or its per-service SID.
You can see the service account with PowerShell like this:
PS C:\Users\david> (Get-WmiObject win32_service | where Name -eq "SQLSERVERAGENT").StartName
NT Service\SQLSERVERAGENT
Turns out the database instance was on a whole different server that I wasn't even given access to. That server obviously didn't have the path specified in the SSIS package, so what I had to do is create a folder for files in the correct server, reroute my files there, and change the SSIS package path after obtaining the access to the server where DB instance lives. Me being new to all this, it was absolute frustration especially since our team is small and I am new in it I can't just ask someone questions about this all the time. Hopefully this will save someone a lot of time.
Having an issue getting a SQL Server linked server to Oracle working while using a tnsnames.ora file on a network share.
If I copy the tnsnames.ora file to the local server, the linked servers work fine. However, we keep the file on a network share. My sql service accounts have read access to the share. I configure TNS_ADMIN system variable to the network share, the linked servers no longer work. I get ora-12154: could not resolve the connect identifier specified. tnsping and sqlplus work on the server. When I use process monitor to investigate further, I see:
Operation: createFile
Result: ACCESS DENIED
...
Impersonating: domain\MyLogin
This seems like an issue, but is maybe a false positive? If a process is trying to impersonate my account and access a remote resource it will fail since we don't have Kerberos configured to handle double-hop.
SQLPlus and TNSPing work just fine with the network share configured.
I've looked at this post and tried the items that seemed relevant, but had no success.
Additional Info:
sqlnet.ora has this:
SQLNET.AUTHENTICATION_SERVICES= (NTS)
NAMES.DIRECTORY_PATH= (TNSNAMES, EZCONNECT)
I am able to open a file browser as a service account and open the tnsnames file.
I had this same issue while trying to connect a oracle 10g database via my WCF serivce developed in .NET 4.0 framework.
I was having multiple instances of ORACLE installed in my system. So, I modified the ORACLE_HOME to point to the Oracle 10g and it worked.
Also check the following:
Your service name might have an alias, so Make sure that your listener is listening for the same service name that you are using and check for both local and global entries. Check:
$ORACLE_HOME/network/admin/tnsnames.ora
Check your global_name setting with this SQL:
select * from global_name;
Also, Please make sure you add the Key TNS_ADMIN in the registry and create a enviroinment variable with name TNS_ADMIN
Regedit->HKEY_LOCAL_MACHINE->Software->Oracle->RightClick NEW->StringValue and name
Specify the correct path where the oracle is installed for Example
X:oracleproduct32bit10.0.1.0.0NETWORKADMIN
Edit
The below video also looks quite helpful. Please check.
https://www.youtube.com/watch?v=Sec8WG8gQPg
As an Oracle DBA I sometimes have to work with Windows. Maybe you can adopt from my experiences with Oracle on Windows.
Scenario:
An Oracle DB runs under a domain user. I want to restore a database from a backup which is located on a Windows share (sounds like "read" but it obviously isn't). I (or let's say the windows team) did not manage to find the proper way to grant the required permissions.
After many tries, the admins grant "everything" to the entire Oracle server.
Even though the Oracle process runs in a user context we did not find a set of permissions for the user only. Only the permissions for the entire server enabled the restore process to access the data.
From security point of view this is a horrible solution! But maybe it will help you to come closer to a solution (and if so, please share :-)).
When I extract a data-tier application from a Microsoft Azure SQL database that has a Master Key, I was unable to import it into SQL server on my local PC.
You will find others had this issue here: SSMS 2016 Error Importing Azure SQL v12 bacpac: master keys without password not supported
However the steps provided as the answer did not work on my installation.
Steps are
1. Disable auditing on the server (or database)
2. Drop the database master key with DROP MASTER KEY command.
Microsoft Tech Support verified this solution did not work on my installation of SQL Server and after actually taking remote control of my PC and trouble shooting, they were unable to determine why this was occurring.
I needed to find a way to remove the Master Key from the bacpac file. I have a Powershell script to remove the Master Key from the BACPAC file but it requires extracting, renaming files and running scripts from Windows Powershell to get the db imported.
Does anyone have a program or set of scripts which would automate the process of removing the Master Key and importing a SQL DB from Azure with a single command?
I am new to this forum. Please do not be harsh with this post. I am trying to do the best I can to help others to save the many hours I spent coming up with this.
I have cobbled together a T-SQL script which calls a Windows Powershell script (also cobbled from multiple sources) to extract a data-tier application (database) from Microsoft Azure SQL database and import it into a database on my local SQL Server by running ONE command. Over the months I found some of the code that is in my scripts from other blogs etc. I am not able to provide the credit due to those folks as I didn't keep track of where I got the info. If you are reading this and you see your code, please take credit. I apologize for not being able to give you the credit for your work.
There may be configuration settings on your PC and your local SQL server that need adjustments as this entire solution requires pretty much full access to your computer. If you run into trouble with compatibility, let me know and I will do the best I can to let you know how my system is configured in case it will help you.
I am using Windows 10 Pro and Microsoft SQL Server Developer (64-bit) v12.0.5207.0
I have placed the two files that do all the work on GitHub here: https://github.com/Wingloader/Auto-Azure-BACPAC-Download.git
GetNewBacpac-forGitHub.sql
GetAzureDB-forGitHub.ps1
WARNING: The Powershell script file will store your SQL sa password and your Azure SQL login in clear text!
If you don't want to do this, don't use this solution.
My computer is owned and controlled solely by me so I am able to open up the security in my system and I am willing to assume the responsibility of safeguarding it.
The basic steps of my solution are are accomplished as follows: (steps 1 and 2 are optional as I like to keep a version of the DB I am working with as of the point in time I pull down a clean production copy of my Azure DB)
Back up the current DB as MyLocalDB.bak.
Restore that backup from step 1 to a new DB with the previous day stamped at the end of the DB name (e.g., MyLocalDB20171231)
Delete the original MyLocalDB database (needed so we can recreate the DB with the original name later on)
Pull down the production database from Azure and create a new database with the name MyLocalDB.
The original DB is deleted in step 3 so that the restored DB can use the original name (important when you have data connections referring to that DB name)
In Step 4, the work of extracting the data-tier application DB from Azure is initiated by this line in the T-SQL:
EXEC MASTER..xp_cmdshell '%SystemRoot%\System32\WindowsPowerShell\v1.0\powershell.exe -File C:\Git\GetUpdatedAzureDB\GetAzureDB.ps1"'
The Powershell script does the following:
The target for the extract is a file named today.bacpac (hardcoded). The first thing to do is delete that file if it already exists.
Extract the DB from Azure into the today.bacpac file.
Note: my DB on Azure has a Master Key for encryption. This will need to be removed from the files prior to importing the bacpac file into your local DB or it will fail (this may not be required in SQL 2017 according to my previous conversations with MS Support). If you do not use a Master Key, you can either strip out the code that does this step or just leave it alone. It won't remove anything if it isn't there. It would just add a little overhead to the program.
Open the today.bacpac file (zip file) and remove the MasterKey node from the Origin.xml file.
Modify the Model.xml file to updates the SHA hash length. This is required in order for the file not to appear to have been tampered with when SQL opens the bacpac file.
Re-zips the files back into a new file today-patched.bacpac
Runs this line of code (from Powershell) to import the bacpac file into SQL Server
&C:\Program Files (x86)\Microsoft SQL Server\140\DAC\bin\SqlPackage.exe" /Action:Import /SourceFile:"C:\Git\GetUpdatedAzureDB\today-patched.bacpac" /TargetConnectionString:"Data Source=MyLocalSQLServer;User ID=sa; Password=MySAPassword; Initial Catalog=MyLocalDB; Integrated Security=false;"
After editing the two files to provide updated paths, usernames and passwords, run the SQL script. You do not need to edit the scripts again. You can run the SQL script again without modification and it will create a new copy of your Azure DB.
Done!
I'm running through the SQL Server 2014 install wizard, stopping before I get to the final step and then trying to use the Configuration.inf file to do "silentInstalls" on multiple servers. But, in the wizard I set the services (Ex: SQL Agent, ...) to a domain user, which requires a password. That password information is not included in the Configuration.inf file, so the unattended install obviously fails.
Questions:
I have to use a domain user if I am going to be using replication and other resources that require the SQL Server to communicate with each other, right?
How do I include the password for the domain service user in the Config.inf file?
Thanks,
Chris
I don't know what else you're using, but you don't need to use a domain user for replication. You can use a SQL account if you'd like (the documentation says so).
For the password issue, take a look at the list of parameters you can pass setup.exe (here). You can mix and match parameters and a config.ini. As such, you can set it up such that all you specify via command line switches is the various passwords you'll need (assuming that the service account is the same between all of your installs).
I am a software developer with devlopment experience in C#, C++ .Net alongwith SQL Server 2005/08, Oracle and mysql. But somehow i dont get jBASE to work at Windows XP SP3 machine.
My goal is setup user accounts, create database on a JBASE ainstallation, authenticate and backup/restore few table via a C++ program. And i dont need to do it with builtin backup/restore tools of jBASE.
I am able to install jBASe 4.1 aling with all its accessories on my WINXPSP3 machine. I was able to run the jSlimserver and TEMENOUS server along with licnesing server. I was able to add the license key as well. But after that what i was supposed to do? i have no idea about it.
The docs and online help doesnt answer a simple question of how to create a database! The google search results from the jbase site all go to the 404 Pages!
Can a jBASE expert guide to the following steps:
Create a jBASE database.
Create users
Authenticate via those users
Connect to database
Create tables and insert data.
Connect via a C++ or C# program to connect to jBASE DB and backup/restore tables.
I know that this is too much too ask but i dont get to get the JBASE system. I cant get it to work on my System somehow. Btw, jdc and jexloree doesnt seem to do anything. I have checked that enironmental variables for jBASE are setup correctly and i have verified them. There are no extra JRE or JDK installations on my system. Besides all that, only licensing client, slim server and temenous server seem to run and listen for connections and no other execuatable ever seems to work.
A simple tutorial to achieve the objective will be highly appreciated. Also if anyone can point out the mistake that i have done or anything i might need to check, then please do so. I will be highly encouraged and obliged.
Thanks
Steve
I hope this will help, if you have not already found a why to do this.
Setup jBase User and Database
Create a Security Group called
'Jbase' or what every you want to
call it
Add a User to this group. I would
recommend adding your administrator
user to it as well
Create a folder in you file system
to save the database information
into
Assign the 'Jbase' Security group to
the folder, and give it "Full"
read/write/execute access.
Creating the database:
Make sure the current users you
are logged on with is the 'Jbase'
security group.
go to the command prompt, and CD
to the folder you create to store
the database
run the jShell 'jsh' from that
location
use CREATE-FILE to create the
files/tables you want to store your
information in.
Inserting data:
There are several ways to enter data. You can use ED, your can your programming environment, or you can create a quick MultiValue/jBase compiled server script to ask for the data and write them to a file/table.