Post Syndicated from Balaji Iyer original https://aws.amazon.com/blogs/devops/database-continuous-integration-and-automated-release-management-workflow-with-aws-and-datical-db/
Just as a herd can move only as fast as its slowest member, companies must increase the speed of all parts of their release process, especially the database change process, which is often manual. One bad database change can bring down an app or compromise data security.
We need to make database code deployment as fast and easy as application release automation, while eliminating risks that cause application downtime and data security vulnerabilities. Let’s take a page from the application development playbook and bring a continuous deployment approach to the database.
By creating a continuous deployment database, you can:
- Discover mistakes more quickly.
- Deliver updates faster and frequently.
- Help developers write better code.
- Automate the database release management process.
The database deployment package can be promoted automatically with application code changes. With database continuous deployment, application development teams can deliver smaller, less risky deployments, making it possible to respond more quickly to business or customer needs.
In our previous post, Building End-to-End Continuous Delivery and Deployment Pipelines in AWS, we walked through steps for implementing a continuous deployment and automated delivery pipeline for your application.
In this post, we walk through steps for building a continuous deployment workflow for databases using AWS CodePipeline (a fully managed continuous delivery service) and Datical DB (a database release automation application). We use AWS CodeCommit for source code control and Amazon RDS for database hosting to demonstrate end-to-end database change management — from check-in to final deployment.
As part of this example, we will show how a database change that does not meet standards is rejected automatically and actionable feedback is provided to the developer. Just like a code unit test, Datical DB evaluates changes and enforces your organization’s standards. In the sample use case, database table indexes of more than three columns are disallowed. In some cases, this type of index can slow performance.
Prerequisites
You’ll need an AWS account, an Amazon EC2 key pair, and administrator-level permissions for AWS Identity and Access Management (IAM), AWS CodePipeline, AWS CodeCommit, Amazon RDS, Amazon EC2, and Amazon S3.
From Datical DB, you’ll need access to software.datical.com portal, your license key, a database, and JDBC drivers. You can request a free trial of Datical here.
Overview
Here are the steps:
- Install and configure Datical DB.
- Create an RDS database instance running the Oracle database engine.
- Configure Datical DB to manage database changes across your software development life cycle (SDLC).
- Set up database version control using AWS CodeCommit.
- Set up a continuous integration server to stage database changes.
- Integrate the continuous integration server with Datical DB.
- Set up automated release management for your database through AWS CodePipeline.
- Enforce security governance and standards with the Datical DB Rules Engine.
1. Install and configure Datical DB
Navigate to https://software.datical.com and sign in with your credentials. From the left navigation menu, expand the Common folder, and then open the Datical_DB_Folder. Choose the latest version of the application by reviewing the date suffix in the name of the folder. Download the installer for your platform — Windows (32-bit or 64-bit) or Linux (32-bit or 64-bit).
Verify the JDK Version
In a terminal window, run the following command to ensure you’re running JDK version 1.7.x or later.
# java –version
java version "1.7.0_75"
Java(TM) SE Runtime Environment (build 1.7.0_75-b13)
Java HotSpot(TM) Client VM (build 24.75-b04, mixed mode, sharing)
The Datical DB installer contains a graphical (GUI) and command line (CLI) interface that can be installed on Windows and Linux operating systems.
Install Datical DB (GUI)
- Double-click on the installer
- Follow the prompts to install the application.
- When prompted, type the path to a valid license.
Install JDBC drivers
- Open the Datical DB application.
- From the menu, choose Help, and then choose Install New Software.
- From the Work with drop-down list, choose Database Drivers – http://update.datical.com/drivers/updates.
- Follow the prompts to install the drivers.
Install Datical DB (CLI)
Datical DB (CLI only) can be installed on a headless Linux system. Select the correct 32-bit or 64-bit Linux installer for your system.
- Run the installer as root and install it to /usr/local/DaticalDB.
sudo java -jar ../installers/<Datical Installer>.jar -console
- Follow the prompts to install the application.
- When prompted, type the path to a valid license.
Install JDBC drivers
- Copy JDBC drivers to /usr/local/DaticalDB/jdbc_drivers.
sudo mkdir /usr/local/DaticalDB/jdbc_drivers
copy JDBC Drivers from software.datical.com to /usr/local/DaticalDB/jdbc_drivers
sudo cp <license_filename> /usr/local/DaticalDB/repl
sudo chmod 777 /usr/local/DaticalDB/repl/<license_filename>
2. Create an RDS instance running the Oracle database engine
Datical DB supports database engines like Oracle, MySQL, Microsoft SQL Server, PostgreSQL, and IBM DB2. The example in this post uses a DB instance running Oracle. To create a DB instance running Oracle, follow these steps.
Make sure that you can access the Oracle port (1521) from the location where you will be using Datical DB. Just like SQLPlus or other database management tools, Datical DB must be able to connect to the Oracle port. When you configure the security group for your RDS instance, make sure you can access port 1521 from your location.
3. Manage database changes across the SDLC
This one-time process is required to ensure databases are in sync so that you can manage database changes across the SDLC:
- Create a Datical DB deployment plan with connections to the databases to be managed.
- Baseline the first database (DEV/CI). This must be the original or best configured database – your reference database.
- For each additional database (TEST and PROD):
a. Compare databases to ensure the application schema are in sync.
b. Resolve any differences.
c. Perform a change log sync to get each setup for Datical DB management.
Datical DB creates an initial model change log from one of the databases. It also creates in each database a metadata table named DATABASECHANGELOG that will be used to track the state. Now the databases look like this:
Note: In the preceding figure, the Datical DB model and metadata table are a representation of the actual model.
Create a deployment plan
-
- In Datical DB, right-click Deployment Plans, and choose New.
- On the New Deployment Plan page, type a name for your project (for example, AWS-Sample-Project), and then choose Next.
- Select Oracle 11g Instant Client, type a name for the database (for example, DevDatabase), and then choose Next.
- On the following page, provide the database connection information.
- For Hostname, enter the RDS endpoint..
- Select SID, and then type ORCL.
- Type the user name and password used to connect to the RDS instance running Oracle.
- Before you choose Finish, choose the Test Connection button.
When Datical DB creates the project, it also creates a baseline snapshot that captures the current state of the database schema. Datical DB stores the snapshot in Datical change sets for future forecasting and modification.
Create a database change set
A change set describes the change/refactoring to apply to the database.
From the AWS-Sample-Project project in the left pane, right-click Change Log, select New, and then select Change Set. Choose the type of change to make, and then choose Next. In this example, we’re creating a table. For Table Name, type a name. Choose Add Column, and then provide information to add one or more columns to the new table. Follow the prompts, and then choose Finish.
The new change set will be added at the end of your current change log. You can tag change sets with a sprint label. Depending on the environment, changes can be deployed based on individual labels or by the higher-level grouping construct.
Datical DB also provides an option to load SQL scripts into a database, where the change sets are labeled and captured as objects. This makes them ready for deployment in other environments.
Best practices for continuous delivery
Change sets are stored in an XML file inside the Datical DB project. The file, changelog.xml, is stored inside the Changelog folder. (In the Datical DB UI, it is called Change Log.)
Just like any other files stored in your source code repository, the Datical DB change log can be branched and merged to support agile software development, where individual work spaces are isolated until changes are merged into the parent branch.
To implement this best practice, your Datical DB project should be checked into the same location as your application source code. That way, branches and merges will be applied to your Datical DB project automatically. Use unique change set IDs to avoid collisions with other scrum teams.
4. Set up database version control using AWS CodeCommit
To create a new CodeCommit repository, follow these steps.
Note: On some versions of Windows and Linux, you might see a pop-up dialog box asking for your user name and password. This is the built-in credential management system, but it is not compatible with the credential helper for AWS CodeCommit. Choose Cancel.
Commit the contents located in the Datical working directory (for example, ~/datical/AWS-Sample-Project) to the AWS CodeCommit repository.
5. Set up a continuous integration server to stage database changes
In this example, Jenkins is the continuous integration server. To create a Jenkins server, follow these steps. Be sure your instance security group allows port 8080 access.
sudo wget -O /etc/yum.repos.d/jenkins.repo http://pkg.jenkins-ci.org/redhat/jenkins.repo
For more information about installing Jenkins, see the Jenkins wiki.
After setup, connect to your Jenkins server, and create a job.
- Install the following Jenkins plugins:
For this project, you will need to install the following Jenkins plugins:
- AWS CodeCommit plugin
- DaticalDB4Jenkins plugin
- Hudson Post Build Task plugin
- HTML Publisher plugin
- To configure Jenkins for AWS CodeCommit, follow these steps.
- To configure Jenkins with Datical DB, navigate to Jenkins, choose Manage Jenkins, and then choose Configure System. In the Datical DB section, provide the requested directory information.
For example:
Add a build step:
Go to your newly created Jenkins project and choose Configure. On the Build tab, under Build, choose Add build step, and choose Datical DB.
In Project Dir, enter the Datical DB project directory (in this example, /var/lib/jenkins/workspace/demo/MyProject). You can use Jenkins environment variables like $WORKSPACE. The first build action is Check Drivers. This allow you to verify that Datical DB and Jenkins are configured correctly.
Choose Save. Choose Build Now to test the configuration.
After you’ve verified the drivers are installed, add forecast and deploy steps.
Add forecast and deploy steps:
Choose Save. Then choose Build Now to test the configuration.
6. Configure the continuous integration server to publish Datical DB reports
In this step, we will configure Jenkins to publish Datical DB forecast and HTML reports. In your Jenkins project, select Delete workspace before build starts.
Add post-build steps
1. Archive the Datical DB reports, logs, and snapshots
To expose Datical DB reports in Jenkins, you must create a post-build task step to copy the forecast and deployment HTML reports to a location easily published, and then publish the HTML reports.
2. Copy the forecast and deploy HTML reports
mkdir /var/lib/jenkins/workspace/Demo/MyProject/report
cp -rv /var/lib/jenkins/workspace/Demo/MyProject/Reports/*/*/*/forecast*/* /var/lib/jenkins/workspace/Demo/MyProject/report 2>NUL
cp -rv /var/lib/jenkins/workspace/Demo/MyProject/Reports/*/*/*/deploy*/deployReport.html /var/lib/jenkins/workspace/Demo/MyProject/report 2>NUL
3. Publish HTML reports
Use the information in the following screen shot. Depending on the location where you configured Jenkins to build, your details might be different.
Note: Datical DB HTML reports use CSS, so update the JENKINS_JAVA_OPTIONS in your config file as follows:
Edit /etc/sysconfig/jenkins and set JENKINS_JAVA_OPTIONS to:
JENKINS_JAVA_OPTIONS="-Djava.awt.headless=true -Dhudson.model.DirectoryBrowserSupport.CSP= "
7. Enable automated release management for your database through AWS CodePipeline
To create an automated release process for your databases using AWS CodePipeline, follow these instructions.
- Sign in to the AWS Management Console and open the AWS CodePipeline console at http://console.aws.amazon.com/codepipeline.
- On the introductory page, choose Get started. If you see the All pipelines page, choose Create pipeline.
- In Step 1: Name, in Pipeline name, type DatabasePipeline, and then choose Next step.
- In Step 2: Source, in Source provider, choose AWS CodeCommit. In Repository name, choose the name of the AWS CodeCommit repository you created earlier. In Branch name, choose the name of the branch that contains your latest code update. Choose Next step.
- In Step 3: Build, chose Jenkins.
To complete the deployment workflow, follow steps 6 through 9 in the Create a Simple Pipeline Tutorial.
8. Enforce database standards and compliance with the Datical DB Rules Engine
The Datical DB Dynamic Rules Engine automatically inspects the Virtual Database Model to make sure that proposed database code changes are safe and in compliance with your organization’s database standards. The Rules Engine also makes it easy to identify complex changes that warrant further review and empowers DBAs to efficiently focus only on the changes that require their attention. It also provides application developers with a self-service validation capability that uses the same automated build process established for the application. The consistent evaluation provided by the Dynamic Rules Engine removes uncertainty about what is acceptable and empowers application developers to write safe, compliant changes every time.
Earlier, you created a Datical DB project with no changes. To demonstrate rules, you will now create changes that violate a rule.
First, create a table with four columns. Then try to create an index on the table that comprises all four columns. For some databases, having more than three columns in an index can cause performance issues. For this reason, create a rule that will prevent the creation of an index on more than three columns, long before the change is proposed for production. Like a unit test that will fail the build, the Datical DB Rules Engine fails the build at the forecast step and provides feedback to the development team about the rule and the change to fix.
Create a Datical DB rule
To create a Datical DB rule, open the Datical DB UI and navigate to your project. Expand the Rules folder. In this example, you will create a rule in the Forecast folder.
Right-click the Forecast folder, and then select Create Rules File. In the dialog box, type a unique file name for your rule. Use a .drl extension.
.
In the editor window that opens, type the following:
package com.datical.hammer.core.forecast
import java.util.Collection;
import java.util.List;
import java.util.Arrays;
import java.util.ArrayList;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.collections.ListUtils;
import com.datical.db.project.Project;
import com.datical.hammer.core.rules.Response;
import com.datical.hammer.core.rules.Response.ResponseType;
// ************************************* Models *************************************
// Database Models
import com.datical.dbsim.model.DbModel;
import com.datical.dbsim.model.Schema;
import com.datical.dbsim.model.Table;
import com.datical.dbsim.model.Index;
import com.datical.dbsim.model.Column;
import org.liquibase.xml.ns.dbchangelog.CreateIndexType;
import org.liquibase.xml.ns.dbchangelog.ColumnType;
/* @return false if validation fails; true otherwise */
function boolean validate(List columns)
{
// FAIL If more than 3 columns are included in new index
if (columns.size() > 3)
return false;
else
return true;
}
rule "Index Too Many Columns Error"
salience 1
when
$createIndex : CreateIndexType($indexName: indexName, $columns: columns, $tableName: tableName, $schemaName: schemaName)
eval(!validate($columns))
then
String errorMessage = "The new index [" + $indexName + "] contains more than 3 columns.";
insert(new Response(ResponseType.FAIL, errorMessage, drools.getRule().getName()));
end
Save the new rule file, and then right-click the Forecast folder, and select Check Rules. You should see “Rule Validation returned no errors.”
Now check your rule into source code control and request a new build. The build will fail, which is expected. Go back to Datical DB, and change the index to comprise only three columns. After your check-in, you will see a successful deployment to your RDS instance.
The following forecast report shows the Datical DB rule violation:
To implement database continuous delivery into your existing continuous delivery process, consider creating a separate project for your database changes that use the Datical DB forecast functionality at the same time unit tests are run on your code. This will catch database changes that violate standards before deployment.
Summary:
In this post, you learned how to build a modern database continuous integration and automated release management workflow on AWS. You also saw how Datical DB can be seamlessly integrated with AWS services to enable database release automation, while eliminating risks that cause application downtime and data security vulnerabilities. This fully automated delivery mechanism for databases can accelerate every organization’s ability to deploy software rapidly and reliably while improving productivity, performance, compliance, and auditability, and increasing data security. These methodologies simplify process-related overhead and make it possible for organizations to serve their customers efficiently and compete more effectively in the market.
I hope you enjoyed this post. If you have any feedback, please leave a comment below.
About the Authors
Balaji Iyer is an Enterprise Consultant for the Professional Services Team at Amazon Web Services. In this role, he has helped several Fortune 500 customers successfully navigate their journey to AWS. His specialties include architecting and implementing highly scalable distributed systems, serverless architectures, large scale migrations, operational security, and leading strategic AWS initiatives. Before he joined Amazon, Balaji spent more than a decade building operating systems, big data analytics solutions, mobile services, and web applications. In his spare time, he enjoys experiencing the great outdoors and spending time with his family.
Robert Reeves is a Chief Technology Officer at Datical. In this role, he advocates for Datical’s customers and provides technical architecture leadership. Prior to cofounding Datical, Robert was a Director at the Austin Technology Incubator. At ATI, he provided real-world entrepreneurial expertise to ATI member companies to aid in market validation, product development, and fundraising efforts. Robert cofounded Phurnace Software in 2005. He invented and created the flagship product, Phurnace Deliver, which provides middleware infrastructure management to multiple Fortune 500 companies. As Chief Technology Officer for Phurnace, he led technical evangelism efforts, product vision, and large account technical sales efforts. After BMC Software acquired Phurnace in 2009, Robert served as Chief Architect and lead worldwide technology evangelism.
️
on Twitter
⛅🛰
🤖
https://t.co/ycTSDR1h1Q
One of the core pillars of academic research is sharing.
