Re: Protecting production from "us"

From: Rumpi Gravenstein <rgravens_at_gmail.com>
Date: Thu, 3 Dec 2015 16:53:53 -0500
Message-ID: <CAEpg1wCrep9--nk8eWht4HRPdgUGaZpAd7e=dGQ=N5apLjXozA_at_mail.gmail.com>

Agreed -- the server side script is the way to go. I'm planning on looking into that as well.

On Thu, Dec 3, 2015 at 3:27 PM, Alfredo Abate <alfredo.abate_at_gmail.com> wrote:

> I like Jeremy's server side control better for the terminal background
> colors. I'll have to look into that one.
>
> Thanks for that tip.
>
> Alfredo
>
>
>
> On Thu, Dec 3, 2015 at 1:05 PM, Jeremy Schneider <
> jeremy.schneider_at_ardentperf.com> wrote:
>
>> On Thu, Dec 3, 2015 at 11:45 AM, Herring, David <HerringD_at_dnb.com> wrote:
>> > · Should we look into some kind of additional controls where
>> > commands like "srvctl stop…" cannot be run under our own accounts using
>> > "sudo -u oracle" but instead need a different account on production?
>> For
>> > example, normally our unfortunate DBA would use his "scapebob" Linux
>> account
>> > but perhaps to perform a production shutdown he'd need to connect as
>> > "scapebob-rw", a new, special account just for dangerous production
>> > activities.
>>
>> I think that I'd be hesitant to introduce too much variation between
>> production and test environments when it comes to processes. It's a
>> major advantage if you can test your processes in the test tier, then
>> run those same processes verbatim (key-for-key) in production
>> afterwards.
>>
>> > · The problem in our situation was over confusion with multiple
>> > windows. Do people set a Linux TMOUT to something short like 10 or 15
>> > minutes, to hopefully avoid accidentally leaving production putty
>> sessions
>> > open?
>>
>> I feel like a short timeout is likely to cause more frustration in the
>> trenches than what it's worth, for anyone who spends any significant
>> amount of time troubleshooting production systems. Often you have
>> multiple windows open and switch between them... an aggressive timeout
>> really makes that much more difficult.
>>
>> > · Beyond changing the linux prompt and text colors (we set $PS1
>> with
>> > escape sequences and various key, env-specific values) do you do
>> anything
>> > else for protection of production?
>>
>> Personally, I think background color is your best bet. Only difference
>> from Alfredo's suggestion would be that I'd prefer having it be
>> controlled server-side rather than relying on each engineer to setup
>> all their terminal connections correctly. Not to mention that you
>> could get the *wrong* bg color if it's client-side and somehow
>> somebody ssh's between tiers.
>>
>> --
>> http://about.me/jeremy_schneider
>> --
>> http://www.freelists.org/webpage/oracle-l
>>
>>
>>
>

-- 
Rumpi Gravenstein

--
http://www.freelists.org/webpage/oracle-l

Received on Thu Dec 03 2015 - 22:53:53 CET

This message: [ Message body ]
Next message: Harville, Steve: "RE: Protecting production from "us""
Previous message: Jeff Smith: "RE: Protecting production from "us""
In reply to: Alfredo Abate: "Re: Protecting production from "us""

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message