OCI interview questions

-

OCI compartment is a logical entity used to organize and isolate different OCI cloud resources. It helps to organize resources based on business units, project teams or applications.

It can be created using OCI console, API, CLI

Some of the key features are 

-> Access control -> it has got its own set of policies

-> resource management -> resources are managed and controlled within the compartments

-> monitoring -> we can monitor and track the resource usage 

Example:

you are working for a customer and has to manages the resources across the deck .Let us say the entire infra is divided into prod and non prod and under prod you have database servers and middle ware . Also for the non prod you do have database deck and middle ware deck.


Lets create a root compartment as "ABCCOM" and under this you create a compartment by the name "ABC_PROD" and "ABC_NONPROD"

under APC_PROD you create child compartments like "PROD_MDS" and "PROD_DBS"

under "ABC_NONPROD" you create child compartments like "NONPRD_MDS" and "NONPRD_DBS"


eg: On the OCI console you can go to respective object and then select for move option to move to another compartment

eg: oci compute instance update --instance-id <instance-id> --compartment-id <new-compartment-id>


How to create access control to a compartment 

Let us say you want to make prod group to access all resources of "APC_PROD" compartment 

go to OCI console and then go to group and created a group called prod 

next create a policy and write the below text 

allow group prod to manage all-resources in compartment APC_PROD 

Now go to policy and add the group , this eventually  allow all the users of the group PROD to access resources of compartment APC_PROD


$$$$$$$$$$$$$$$$$$$$ Lets build from network INfra $$$$$$$$$$$$$$$$$$

create VCN and define a CIDR for the root compartment 




what is an end point?
An endpoint typically is a URL or access point , using URL we can connect to the specific OCI service 

What do you mean by API?
API in OCI or any cloud refer to a set of rest API , which is an alternate platform to manage the cloud resources instead of managing through a console. The APIs ideally require valid REST API key to authenticate and will be authorized using 
role based user access.


what are key parameters for a config file in OCI?
[<profile-name>]
user=<user-ocid>
fingerprint=<api-key-fingerprint> // this is nothing but public key 
key_file=<path-to-private-key>
tenancy=<tenancy-ocid>
region=<region-code>

The fingerprint is a short, unique identifier that is derived from the public key using a hash function


After this  run the command 
oci setup config

How REST API will be managed?
REST API will be managed automaticalluy using programming languages like Python,java,Ruby..etc 

Can you write any small program for REST API?


import oci 
config=oci.config.from_file()
compute_client=oci.core.computeclient(config)
instance_details = oci.core.models.LaunchInstanceDetails(
    compartment_id='ocid1.compartment.oc1..example',
    display_name='MyInstance',
    shape='VM.Standard2.1',
    source_details=oci.core.models.InstanceSourceDetails(
        source_type='image',
        source_id='ocid1.image.oc1.iad.example'
    ),
    create_vnic_details=oci.core.models.CreateVnicDetails(
        subnet_id='ocid1.subnet.oc1.iad.example',
        assign_public_ip=True
    )
)
response=compute_client.launch_instance(instance_details)
print('instance_created with ID',response.data.id);


How keys are managed in OCI?

In OCI 2 types of keys are generated 

API key pairs -> This is a PEM key which is a combination of public and private key. The reason is it is universally supported by different secure tools like openssl like using openssl we can rsa key from API key pair
openssl rsa -in keypair -out *.rsa 

So this RSA can be used by putty to generate PPK as RSA can generate RSA public and RSA private keys

SSH KEY PAIRS ->  This is a generation of a public and private keys . So a public key will be used for encryption and 
private key will be used for decryption

OCI vault is a logical entity used to centrally manage managing and storing secrets in OCI.
using the OCI Vault, you can avoid the need to manage multiple sets of keys and credentials separately, which can simplify your security management and reduce the risk of key and credential theft.



What is a stateless and statefull?

In case of stateless, the security rule don't keep track of the connection state , that is we have define the rule separately for each packet 
In case of statefull the security rule keep the track of the connection 

Lets say for example 

We have an VM instance is hosting an application and it has received an incoming request from HTTP protocol so 
in this case stateful connection will records the information like from which source it has received the request, and the 
respective port . So it will create a new connection and automatically allow the return traffic for that connection, which in this case would be the HTTP response sent back from the instance to the client.

In contrast, in a stateless system, the security rules do not maintain information about the connection state. Each packet is evaluated independently, which means that if you want to allow return traffic for established connections, you need to explicitly define egress rules to permit that traffic.



 What is the OCI API gateway?
A virtual network appliance in a regional subnet is an API gateway in the OCI. Back-end services such as public, private, and partner HTTP APIs and Oracle Functions get through an API gateway.

What comes in the standard package?
The Oracle Database standard package is designed to simplify the deployment of an Oracle database in OCI. It includes pre-configured resources such as compute instances, block storage volumes, and network components.

You are opting for a standard package. Do you need to pay extra for TDE?
No, Oracle Database is included in all packages, including the regular, enterprise, high-performance, and extreme performance packages. Encryption of Transparent Data

Define a snapshot in the context of an Oracle database.
Oracle uses snapshots, also known as materialized views, to duplicate data to non-master sites in a synchronized environment. In a data warehouse context, snapshots are utilized to cache "expensive" searches. In other words, a snapshot is a replica of the target master table taken at a specific point in time.



 What is a hash cluster in Oracle?
Hash clustering is a technique for storing data in hash tables and improving data retrieval performance. The hash function is applied to the cluster key value of each table row and stored in a hash cluster.

 How can I delete the compartment in OCI?
To delete the compartment in OCI, select Identity & Security from the navigation menu. Select Compartments from the Identity menu. The compartments in your tenancy are listed. To delete a compartment, go to the Actions menu and select Delete Compartment.

What does a dynamic routing gateway in OCI do?
Dynamic Routing Gateways (DRGs) are routing gateway that allows you to change your route. A DRG serves as a virtual router, connecting your on-premises networks to VCNs and routing traffic between VCNs. A routing table connects with each DRG attachment and routes packets entering the DRG to the next hop.

What are Oracle data masking and subsetting?
Oracle Data Masking and Subsetting Pack is a flexible solution for masking and subsetting sensitive production data shared across non-production settings.

steps to do masking 

Connect to your Oracle database using SQL*Plus or SQL Developer.

Create a new directory object in your database to store the exported data files. For example:
CREATE DIRECTORY dpump_dir AS '/u01/app/oracle/admin/DPUMP';


Run the Data Pump export utility to export the data from the source database to a dump file. For example:
expdp hr/hr DIRECTORY=dpump_dir DUMPFILE=hr_dump.dmp


Oracle provides several built-in tools and commands for data masking and subsetting. Here are the basic steps for performing data masking and subsetting using the Oracle Data Pump utility and the Data Masking Pack:

Connect to your Oracle database using SQL*Plus or SQL Developer.

Create a new directory object in your database to store the exported data files. For example:


CREATE DIRECTORY dpump_dir AS '/u01/app/oracle/admin/DPUMP';
Run the Data Pump export utility to export the data from the source database to a dump file. For example:


expdp hr/hr DIRECTORY=dpump_dir DUMPFILE=hr_dump.dmp
Install the Data Masking Pack using the Oracle Universal Installer.

Create a masking configuration file that defines the masking rules and parameters for the data to be masked. For example:
DECLARE
  handle NUMBER;
BEGIN
  handle := dbms_datapump_utl.create_masking_handle();
  dbms_datapump_utl.add_column(handle, 'EMPLOYEES', 'FIRST_NAME', 'FIRST_NAME', 'FIRST_NAME', 'VARCHAR2', 100, NULL, NULL, 'Random');
  dbms_datapump_utl.add_column(handle, 'EMPLOYEES', 'LAST_NAME', 'LAST_NAME', 'LAST_NAME', 'VARCHAR2', 100, NULL, NULL, 'Random');
  dbms_datapump_utl.add_column(handle, 'EMPLOYEES', 'EMAIL', 'EMAIL', 'EMAIL', 'VARCHAR2', 100, NULL, NULL, 'Random');
  dbms_datapump_utl.add_column(handle, 'EMPLOYEES', 'PHONE_NUMBER', 'PHONE_NUMBER', 'PHONE_NUMBER', 'VARCHAR2', 20, NULL, NULL, 'Random');
  dbms_datapump_utl.add_column(handle, 'EMPLOYEES', 'SALARY', 'SALARY', 'SALARY', 'NUMBER', NULL, NULL, NULL, 'Random');
  dbms_datapump_utl.execute_masking(handle);
END;
/

Run the Data Pump import utility to import the masked data from the dump file into the target database. For example:
impdp hr/hr DIRECTORY=dpump_dir DUMPFILE=hr_dump.dmp TRANSFORM=DATAPUMP_MASKING_EXPRESSIONS:config_file.txt

example masking table output 

+----+-------------+------------+-----------------------------+---------------+---------+
| ID | FIRST_NAME  | LAST_NAME  | EMAIL                       | PHONE_NUMBER  | SALARY  |
+----+-------------+------------+-----------------------------+---------------+---------+
| 1  | Etczrjwxd   | Vpmdorrlk  | mkljtrbllo@shxbhtgfue.com    | (210) 550-9948| 23750   |
+----+-------------+------------+-----------------------------+---------------+---------+
| 2  | Zfbywsmmr   | Iqmztkanb  | pmnqwmxoie@przwijgaub.com    | (905) 236-2931| 15510   |
+----+-------------+------------+-----------------------------+---------------+---------+
| 3  | Ixvlbkjkr   | Obonvnkyz  | wcdyfmfnph@wnolymcjrj.com    | (356) 973-9832| 10240   |
+----+-------------+------------+-----------------------------+---------------+---------+
| 4  | Sjxvzqsrq   | Uitfvlwbu  | jmfljwjyak@hviuaaemri.com    | (426) 778-1492| 6200    |
+----+-------------+------------+-----------------------------+---------------+---------+
| 5  | Trfpyzkqr   | Wcvsjmifw  | vspkkmzjyj@pjlebnelul.com    | (225) 587-4493| 29040   |
+----+-------------+------------+-----------------------------+---------------+---------+

Subsetting is a technique used to create a smaller, representative subset of a larger dataset. It is often used in situations where it is impractical or unnecessary to work with the entire dataset.

To apply subsetting, you can use the Oracle Data Pump utility to export a subset of the data from the source database to a new, smaller database. You can specify a subset of rows or a subset of columns to be included in the exported dataset.

What is the Oracle Audit Vault?
Oracle Audit Vault and Database Firewall analyze Oracle and non-Oracle database traffic to detect and block risks and combine audit data from databases, operating systems, directories, and other sources to improve compliance reporting.

 What is the Oracle Wallet Manager used for?
Wallet owners use Oracle Wallet Manager to manage and modify the security credentials in their Oracle wallets.


Where can you store your oracle database backup in the Oracle Cloud?
Oracle offers a dependable and scalable cloud object storage solution. According to the Oracle website, this is an 8000 TB storage used to store and access data in ever-growing databases. This is the location where Oracle database backup data saves.

Can you explain what an Availability Domain is?
An Availability Domain is a single data center within Oracle Cloud Infrastructure. It is made up of a cluster of servers, storage, and networking resources that are isolated from other Availability Domains.

How do you create an image of your compute instance using Oracle Cloud Infrastructure?
You can create an image of your compute instance using Oracle Cloud Infrastructure by using the Console or the API. To create an image using the Console, first stop the instance that you want to image. Then, go to the Images section of the Console and click the Create Image button. Enter the required information and click the Create Image button. To create an image using the API, use the CreateImage operation.

Is there any limit on the number of volumes that can be attached to a single compute instance? If yes, then what is the maximum allowed number of volumes?
Yes, there is a limit on the number of volumes that can be attached to a single compute instance. The maximum number of volumes allowed is eight.

Do I need to have SSH access enabled for my compute instance in order to attach a persistent volume?
No, you do not need to have SSH access enabled for your compute instance in order to attach a persistent volume. You can attach a persistent volume to your compute instance through the Oracle Cloud Infrastructure Console.

What is the main advantage of using the DNS service provided by Oracle Cloud Infrastructure?
The main advantage of using the DNS service provided by Oracle Cloud Infrastructure is that it is highly available and scalable. The DNS service is designed to handle large amounts of traffic and can easily scale to meet the needs of your application.

What is the purpose of the “Caching Security Rules” feature present in the WAF Management Console?
The “Caching Security Rules” feature allows you to cache the results of WAF evaluations for a period of time, so that subsequent requests for the same resources can be served more quickly. This can be helpful in reducing the load on your WAF and improving performance.

 What is the method used by the FastConnect facility to connect two networks across public internet?
The FastConnect facility uses a technique called “virtual private networking” (VPN) to connect two networks across the public internet. VPNs use a combination of encryption and tunneling to create a secure, private connection between two networks.

Can you give me examples of where I would use block storage as opposed to object storage?
Block storage is well suited for applications that require low latency, such as databases or virtual machines. Object storage is better suited for storing large amounts of data that is infrequently accessed.

 What should I do if my compute instance doesn’t start after rebooting?
If your compute instance doesn’t start after rebooting, the first thing you should check is the status of the instance. You can do this by logging into the Oracle Cloud Infrastructure console and checking the instance’s status. If the instance is in a stopped state, you will need to start it manually.

If the instance is in a running state, but you are still unable to connect to it, you should check the security groups associated with the instance. Make sure that the security groups are configured correctly and that they allow traffic on the port you are trying to connect to.


What is fleet patching 

Fleet patching is not limited to OCI VM instances, but can be used for any instances that run supported operating systems and meet certain requirements.

In terms of pre-checks, fleet patching performs several checks before applying patches to instances in a fleet. These checks include:

Health check: Checks the overall health of the instances in the fleet, such as whether they are running or stopped, and whether they have any unresolved issues.

Dependency check: Checks that the patches do not have any dependencies that are not met, such as other patches or software versions.

Conflict check: Checks that the patches do not conflict with any other software or configurations on the instances.

Capacity check: Checks that the instances have sufficient resources, such as CPU, memory, and storage, to apply the patches.

Prerequisite check: Checks that the instances meet any prerequisites for the patches, such as minimum software versions or configurations.

If any of these checks fail, the patching job will not proceed until the issues are resolved.

Fleet patching can be a powerful tool for managing patching at scale, but it is important to use it carefully and to ensure that the patches being applied do not cause any unintended consequences or conflicts. It is recommended to test patches on a smaller subset of instances before applying them to an entire fleet, and to monitor the fleet closely during and after patching to ensure that the patches were applied successfully and that there are no issues.






















Comments

Post a Comment

Popular posts from this blog

Understanding Terraform

-
 Terraform is a tool used  for building, changing, and versioning infrastructure safely and efficiently. A Terraform can manage multiple cloud services using a provider plugin  Terraform work flow? Terraform work flow will be comprised of validate -> plan -> apply and finally destroy. what is the important file of terraform which records the actions of Terraform apply? For every Terraform execution the action will be recorded in a file called Terraform state file .  The terraform init command is used to initialise a working directory containing Terraform configuration files. During init, the configuration is searched for module blocks, and the source code for referenced modules is retrieved from the locations given in  their source arguments. The terraform plan command is used to create an execution plan. It will not modify things in infrastructure. The terraform apply command is used to apply the changes required to reach the desired state of the configur...
Read more

How to make CRS and ASM not to restart after server reboot

-
I have noticed that server rebooting is taking lot of time on a VM machine for every reboot, so I have decided to auto start of the crs and ASM service During this phase I have noticed an attribute called auto_start when I try to execute the below command crsctl stat res -p This AUTO_START attribute is there for several resources like ora.ASM ,ora.crs,ora.DATA_DG it has got 2 options restore(0) , never(2) and always (1) always (1)  Causes the resource to restart when the node restarts regardless of the resource’s state when the node stopped -restore (0)  Does not start the resource at restart time if it was in an offline state, such as STATE=OFFLINE, TARGET=OFFLINE, when the node stopped. The resource is restored to its state when the node went down. The resource is started only if it was online before and not otherwise. -never (2)  Oracle Clusterware never restarts the resource regardless of the resource’s state when the node is stopped. So I have dec...
Read more

How to repair ASM disk header

-
Image
What is ASM disk header corruption? ASM disk header corruption is a loss or damage to the disk header which contains the metadata essential for the operation and availability of an ASM disk group in Oracle. Imagine that you have an ASM disk corruption in any of the ASM diskgroups that have critical business data and the diskgroup has been configured as "EXTERNAL" redundancy, meaning that if one disk is inaccessible the whole diskgroup will be unavailable. Now what? Is your only option to restore it from backup by recreating the diskgroup or are there any other faster ways to recover the data? Here you need to find out whether it’s a complete loss of data in the ASM disk or is it just a header corruption. Hopefully for you, this is just a header corruption. Because, yes, there is a way out!  Below find the steps to restore from the ASM header corruption. Most of the data in the ASM disk header is of interest to that disk only. However, some information in the ASM disk header ...
Read more