Search
Navigation
Top 60 Oracle Blogs
Oakies Blog Aggregator
Quick and easy masking
I had a request from a client a while back regarding masking of data. They had an application with sensitive data in the Production environment (where access and audit were very tightly controlled) but the issue was how to respect that sensitivity in non-Production environments whilst still preserving full size data sizes for application testing.
After some conversations about requirements, it turned out that since (even in non-Production environments) all access to application components was logged and audited, the issue was simply protecting against “inadvertent” access to sensitive data. For example, in the application, if I searched for “males with black hair with an interest in technology” I should never see the name “Connor McDonald” on screen in the results, because simply viewing that data could be treated as a breach of privacy.
Addenda: Anyone adding a comment to this post with “Shouldn’t that be males with black hair with a hint of grey” will be banned forever 
I suggested Data Redaction as a potential solution, but they wanted the data actually obfuscated within the database. Then I suggested Data Masking which definitely does the job, but they felt this offered far more than their simple requirement of just obfuscate the data and retain the distribution of data to preserve performance characteristics as much as possible.
So ultimately here is the basis of a little routine I created for them to obfuscate their data to satisfy their requirement of not viewing meaningful data in their non-Production environments. Please read the footnote at the end of this post before you consider using this code. The logic here is straight forward
- Take the alphanumeric characters in a logical order as a single string.
- Use DBMS_RANDOM to come up with 255 variations of that string and store them in an array.
- Use the TRANSLATE function to perform a simple obfuscation of the input string.
That translation could then be used during the process of copying data from Production, or as a post-copy task.
First I’ll demo the concept of coming up with randomised strings. Here’s a simple anonymous block to create 10 random strings based on a base string of: ABC….Zabc…z0123456789
SQL> set serverout on
SQL> declare
2 type rand_list is table of varchar2(62) index by pls_integer;
3 source varchar2(62) := 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
4 perms rand_list;
5 source_variant varchar2(62);
6 begin
7 for i in 1 .. 10 loop
8 source_variant := null;
9 for j in ( select rownum r from dual connect by level <= 52 order by dbms_random.value )
10 loop
11 source_variant := source_variant || substr(source,j.r,1);
12 end loop;
13 for j in ( select rownum r from dual connect by level <= 10 order by dbms_random.value )
14 loop
15 source_variant := source_variant || substr(source,52+j.r,1);
16 end loop;
17 perms(i) := source_variant;
18 dbms_output.put_line(source_variant);
19 end loop;
20 end;
21 /
xrLCuowbNfvXlMJSBKctPyheZWTnQUjYAdizkFVOIHGsmDRpaEqg5637918402
OkVxApdsLqTlyvgYXQGaSeNPMCjZEJhHRtbcIBrowKUunifzDFmW8013742695
gcVxtNeMdBuRJhvYrnkCIWzoyFwfLpqSATabQGUZKmDOEilPHsXj5601892743
vOUuisITyJjbaQLqfnpFVBoCrYtzHeDAmWExPkNwgScXKRlZGMhd3104879256
VLZkXndmytCWRwKeNgYifvTESzGFhHcqaMJPoljxUsAQrubOpBDI7302189564
VfPLKmObZzBMCpgrjUaQYieRNJykDwtnuWXFxdTEIlScqvohAGsH0138924756
ABMkfozebljnPGqHJhpNwxYEUCuQLyDrOasIgtFZKVmciTXSdvRW5702139864
iNjrmVTlyzFSLswfBvaWKUAHIZOcgMPYXCGqeoDJbhpktERdQunx1976045328
hiYGzxMEZFPcmkutbDlrCeynSITKHNJaXAwfpRsdqLjvQUoWVOgB0479632158
uZpPXOHLAvzricdjtqSQBKVhYoFfmUxEDNCwWlIJsbRgkMeGynaT6451328790
So a simple obfuscation could be:
SQL> select
2 translate(
3 'Connor McDonald',
4 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789',
5 'ehZAFjmtYwWilTRDnCcLrvQqEpakKGPMxXyudVUNsoJOBfzSIbHg2163095784')
6 from dual;
TRANSLATE('CONN
---------------
ZsNNsO lKAsNaVG
Armed with this, I can create a package which extends this to choose from 255 random strings and use these as a simple obfuscator for source data.
SQL> create or replace
2 package masker is
3 function rand_masks(p_size int default 255, p_refresh varchar2 default 'N',p_seed number default 0) return sys.odcivarchar2list pipelined;
4 function standard_source return varchar2;
5 function idx_entry(p_idx int, p_size int default 255, p_refresh varchar2 default 'N',p_seed number default 0) return varchar2;
6 function mask(p_input varchar2) return varchar2;
7 end;
8 /
Package created.
SQL> create or replace
2 package body masker is
3 perms sys.odcivarchar2list := sys.odcivarchar2list();
4
5 procedure init(p_size int,p_seed int) is
6 source varchar2(62) := 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
7 source_variant varchar2(62);
8 begin
9 dbms_random.seed(p_seed);
10 perms.delete;
11 perms.extend(p_size);
12 for i in 1 .. p_size loop
13 source_variant := null;
14 for j in ( select rownum r from dual connect by level <= 52 order by dbms_random.value )
15 loop
16 source_variant := source_variant || substr(source,j.r,1);
17 end loop;
18 for j in ( select rownum r from dual connect by level <= 10 order by dbms_random.value )
19 loop
20 source_variant := source_variant || substr(source,52+j.r,1);
21 end loop;
22 perms(i) := source_variant;
23 -- dbms_output.put_line(source_variant);
24 end loop;
25 end;
26
27 function rand_masks(p_size int default 255, p_refresh varchar2 default 'N',p_seed number default 0) return sys.odcivarchar2list pipelined is
28 begin
29 if perms.count < p_size or p_refresh in ('Y','y') then
30 init(p_size,p_seed);
31 end if;
32
33 for i in 1 .. p_size
34 loop
35 pipe row ( perms(i));
36 end loop;
37
38 return;
39 end;
40
41 function standard_source return varchar2 is
42 begin
43 return 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
44 end;
45
46 function idx_entry(p_idx int, p_size int default 255, p_refresh varchar2 default 'N',p_seed number default 0) return varchar2 is
47 begin
48 if perms.count < p_size or p_refresh in ('Y','y') then
49 init(p_size,p_seed);
50 end if;
51 return perms(p_idx);
52 end;
53
54 function mask(p_input varchar2) return varchar2 is
55 begin
56 return translate(p_input,masker.standard_source,masker.idx_entry(ascii(p_input)));
57 end;
58
59 end;
60 /
Package body created.
Now I’ll test this with some sample data
SQL> create table t ( pk int, n varchar2(50));
Table created.
SQL>
SQL> insert into t values (1,'Connor McDonald');
1 row created.
SQL> insert into t values (2,'Chris Saxon');
1 row created.
SQL> insert into t values (3,'Maria Colgan');
1 row created.
SQL> insert into t values (4,'Bobby Curtis');
1 row created.
SQL> insert into t values (5,'Joel Kallman');
1 row created.
SQL> insert into t values (6,'Steven Feuerstein');
1 row created.
SQL> insert into t values (7,'Connor McDonald');
1 row created.
SQL> select pk, n, masker.mask(n) diddled
2 from t;
PK N DIDDLED
---------- -------------------------------------------------- ------------------------------
1 Connor McDonald sAJJAe CvnAJjWt
2 Chris Saxon sweOy RjrAJ
3 Maria Colgan czEJz BhMbzm
4 Bobby Curtis nkjjI EpzLBS
5 Joel Kallman oYfi luiiIuj
6 Steven Feuerstein CyUrUE SUtUWQyUXE
7 Connor McDonald sAJJAe CvnAJjWt
7 rows selected.
There we go! A simple obfuscator that runs quite efficiently on source data whilst preserving the distribution of the data.
Footnote: Remember that any masking scheme that does not completely randomize the obfuscation of source data is not a complete encryption or security solution. Most mechanisms to deduce source data from a manipulated variant of that data involves distribution analysis of letters, n-grams, words and phrases. The moment you preserve distribution of source data for (say) performance and/or optimizer plan preservation, you are allowing for source data to be derived if there is enough of it available to perform that analysis. Remember that this is not a substitute for appropriate security and encryption protections.
Microsoft Webinar on the Future of the DBA- Certifications
Thanks to those that attended of the over 1600 registrations for the Microsoft webinar yesterday on the future of the DBA in the Cloud. This was a fun session for me, as I got to demo one of my favorite skill areas since starting at Microsoft- automation of cloud deployments in Azure.
Bash’in it
Its natural that others would be doing this, but I’m writing all my main scripts in BASH, which prepares the environments, calls the Azure CLI commands and then other scripts, (Power Shell, Json Templates, etc.) from the main “wrapper” script. I’m also deploying, not only the infrastructure or databases, but logical objects and data as part of my deployment, so its pretty fun as this evolves.
So Many Questions
While the pre-recorded webinar was presented to attendees, I was busy answering questions from them. There were so many, that I and two others were barely able to keep up with the sheer onslaught! There were a significant number of questions surrounding certifications for DBAs and developers around Azure certification and how to know what certifications to get and what the path is to achieve certification. I’d like to first point out this great URL from Microsoft learning that can assist:
https://www.microsoft.com/en-us/learning/browse-all-certifications.aspx?certificationtype=role-based
This site, depending on the role and area you are interested in, will create a certification path for the specialist. I think it will provide the answers that many were looking for during the webinar, but if there are more questions around certifications, please don’t hesitate to post in the comments below.
A second set of questions were around what to study if going to migrate to Azure. The first recommendation is to become familiar with the SQL Server Migration Assistant. This tool is incredibly robust and versatile. I use it with customers to ease migration woes from not just SQL Server on-prem to the cloud, but also Oracle, DB2 and even WID, (Window Internal Databases, yeah, those are the databases behind Windows servers) migrations.
This tool will provide you with a full review of your current environment, what definite and potential issues you need to address before you can migrate over the DDL to an Azure DB in the cloud. Once you are happy, it can perform the migration. Once the migration of the DDL is complete, then it can then identify how much data and migrate the data over. As these are single insert processes, I recommend “unchecking” the few “whale in the pond” tables and manually migrate those tables with a different tool, such as AZ Copy via blob storage, Azure Fast Data Transfer or even a BCP process with blog storage.
Skills
Next, on professional skills outside of certification- Azure is on Linux and unlike other database platforms that have always run on Linux, you may not have a Linux admin that can support you, so you may need to know more starting out. Consider learning Linux administration fundamentals, not just how to manage a database on Linux.
For language skills, learn BASH and Python. Both languages are going to support you for the long haul. That’s not saying that your Power shell scripts aren’t going to be transitioned over to Linux hosts. Start working with the Azure Cloud Shell now, creating Cloud storage to migrate your scripts over and update them to support Azure. Learning BASH, as it is a more mature scripting language, (its just older and has a ton of other Unix scripting languages that have fed into it…) will make you more effective.
Python is taking over the world by storm, not just in data science, but in DevOps, too. I do feel that DBAs will be more involved in DevOps in the future and should acquire the skills to make them more valuable to these teams.
Hopefully the following links help get you started and thank you again for attending the webinar. Hopefully we’ll have another one very soon!
Azure Training from Microsoft Learning
Linux Certification from Microsoft Learning
Tags: Webinar
Del.icio.us |
Facebook
|
TweetThis |
Digg
|
StumbleUpon
|
Copyright © DBAKevlar [Microsoft Webinar on the Future of the DBA- Certifications], All Right Reserved. 2019.
In-table predicates
This note was prompted by a recent email asking about the optimizer’s method for estimating the selectivity of a predicate which compared two columns in the same table – for example: “where orders.amount_invoiced = orders.amount_paid”. It’s been about 14 years since I wrote “Cost Based Oracle – Fundamentals” so my memory of what I wrote (and whether I even mentioned this case) was rather hazy, so I sent off a quick reply and decided to do a little checking.
It turned out that I’d already written a blog note with a throwaway comment about the estimates and a general workaround for optimizer problems caused by examples of this kind. The comment I made about the estimate was that the selectivity seems to be the smaller of the selectivities of (using the example above) “amount_paid = :unpeekable_bind” and “amount_invoice = :unpeekable_bind”. I’m fairly sure I’ve made similar comments several times in the past, but after replying to the email I started to wonder whether this would still be true if there were histograms on the columns. So I ran up a little test and here, to start things off, is the code to generate the data I used for testing:
rem
rem Script: column_equality_2.sql
rem Author: Jonathan Lewis
rem Dated: Apr 2019
rem Purpose:
create table t1(
id number(8,0),
n1 number(6,0)
)
;
create table t2(
id number(8,0),
n1 number(6,0)
)
;
create table t3(
n1 number(6,0),
n2 number(6,0),
v1 varchar2(50)
)
;
execute dbms_random.seed(0)
insert into t1
with generator as (
select
rownum id
from dual
connect by
level <= 1e4 -- > comment to avoid WordPress format issue
)
select
rownum id,
trunc(10 * abs(dbms_random.normal)) n1
from
generator v1
;
insert into t2
with generator as (
select
rownum id
from dual
connect by
level <= 1e4 -- > comment to avoid WordPress format issue
)
select
rownum id,
trunc(10 * abs(dbms_random.normal)) n1
from
generator v1
;
insert into t3 (n1, n2, v1)
select
t1.n1,
t2.n1,
rpad(rownum,50)
from
t1, t2
where
t1.id = t2.id
;
commit;
begin
dbms_stats.gather_table_stats(
ownname => null,
tabname => 'T1',
method_opt => 'for all columns size 1 for columns n1 size 254'
);
dbms_stats.gather_table_stats(
ownname => null,
tabname => 'T2',
method_opt => 'for all columns size 1 for columns n1 size 254'
);
dbms_stats.gather_table_stats(
ownname => null,
tabname => 'T3',
method_opt => 'for all columns size 254 for columns v1 size 1'
);
end;
/
select
table_name, column_name, num_distinct, density, histogram,
low_value, high_value
from
user_tab_cols
where
table_name in ('T1','T2','T3')
and column_name in ('N1','N2')
order by
table_name, column_name
;
TABLE_NAME COLUMN_NAME NUM_DISTINCT DENSITY HISTOGRAM LOW_VALUE HIGH_VALUE
--------------- --------------- ------------ ---------- --------------- ---------- ----------
T1 N1 38 .00005 FREQUENCY 80 C128
T2 N1 38 .00005 FREQUENCY 80 C126
T3 N1 38 .00005 FREQUENCY 80 C128
N2 38 .00005 FREQUENCY 80 C126
I’ve created two sets of 10,000 rows each of normally distributed data – but taken the absolute values so I’ve only got half the bell curve, and I’ve scaled up by a factor of 10 and truncated. This has given me two similar but slightly different sets of values which happen to cover 38 distinct values each.
I’ve then generated my test set by joining these two tables on the unique (though not declared as such) id column to give a table with the same number of rows and two skewed sets of data. The calls to dbms_stats create histograms on the skewed data sets, and I’ve reported a few significant numbers about the 4 relevant columns.
Looking at the column statistics we have num_distinct = 38 across the board – so my observation from paragraph 2 above would tend to suggest that the optimizer would report 10,000/38 = 263 as the cardinality estimate for the predciate “t3.n1 = t3.n2” (I’m fairly confident that in this case 1/num_distinct will be preferred over using the density from user_tab_cols). But here’s what we get from a call to explain plan:
explain plan for
select
v1
from
t3
where
n1 = n2
;
select * from table(dbms_xplan.display);
--------------------------------------------------------------------------
| Id | Operation | Name | Rows | Bytes | Cost (%CPU)| Time |
--------------------------------------------------------------------------
| 0 | SELECT STATEMENT | | 564 | 32148 | 18 (6)| 00:00:01 |
|* 1 | TABLE ACCESS FULL| T3 | 564 | 32148 | 18 (6)| 00:00:01 |
--------------------------------------------------------------------------
Predicate Information (identified by operation id):
---------------------------------------------------
1 - filter("N1"="N2")
The estimate is 564 – which is a pretty good estimate in this case (the actual result was 552) as the two columns were randomly generated and there’s no correlation between them. Unfortunately this is quite a long way of my assumption of 263, so where did the optimizer get that number from?
Here’s a query (with result set) that you may recognise from an earlier post.
break on report skip 1
compute count of value on report
compute sum of t1_frequency on report
compute sum of t2_frequency on report
compute sum of product on report
column product format 999,999,999
with f1 as (
select
endpoint_value value,
endpoint_number - lag(endpoint_number,1,0) over(order by endpoint_number) frequency
from
user_tab_histograms
where
table_name = 'T3'
and column_name = 'N1'
),
f2 as (
select
endpoint_value value,
endpoint_number - lag(endpoint_number,1,0) over(order by endpoint_number) frequency
from
user_tab_histograms
where
table_name = 'T3'
and column_name = 'N2'
)
select
f1.value,
f1.frequency t1_frequency,
f2.frequency t2_frequency,
f1.frequency * f2.frequency product
from
f1, f2
where
f2.value = f1.value
order by
f1.value
;
VALUE T1_FREQUENCY T2_FREQUENCY PRODUCT
---------- ------------ ------------ ------------
0 777 768 596,736
1 806 753 606,918
2 794 779 618,526
3 808 763 616,504
4 752 749 563,248
5 627 729 457,083
6 623 628 391,244
7 584 616 359,744
8 544 597 324,768
9 512 546 279,552
10 441 439 193,599
11 409 342 139,878
12 345 370 127,650
13 318 300 95,400
14 257 282 72,474
15 244 242 59,048
16 214 206 44,084
17 172 193 33,196
18 161 140 22,540
19 113 114 12,882
20 108 93 10,044
21 95 81 7,695
22 72 55 3,960
23 54 56 3,024
24 43 36 1,548
25 38 31 1,178
26 23 18 414
27 18 23 414
28 7 14 98
29 9 13 117
30 14 11 154
31 4 2 8
32 5 3 15
33 1 3 3
35 4 1 4
37 2 2 4
---------- ------------ ------------ ------------
36
9998 9998 5,643,754
I’m querying the histoggram information for the two columns, and where t3.n1 and t3.n2 have a value in common I’ve reported the two frequencies for that value and the product of the frequencies. For convenience I’ve included a count and a couple of sums to show that there isn’t a perfect match in the set of values for the two columns. The most important number at the bottom of the page, though, is the sum of the products of frequencies of common values. Take that value and divide by 10,000 and you get 564.3754 – compare that with the cardinality estimate of the predicate “t3.n1 = t3.n2”, it’s a perfect match (allowing for rounding).
The query against user_tab_histograms is the query I used to calculate the cardinality of a join where there were frequency histograms on the columns at both ends of the join. The optimizer’s estimate for “intra-table” predicates is consistent with its estimate for joins (in the special cases of “no histograms” and “two frequency histograms”, at least). Viewing it from a slightly different angle: the selectivity of the predicate “n1 = n2” can be derived as “the cardinality estimate for joining t3 to itself” divided by “the cardinality of the cartesian join” (the latter being num_rows * num_rows, of course).
Just as a closing demo – lets generate a plan for the appropriate self-join of t3 and check the cardinality estimate:
explain plan for
select
t3a.v1, t3b.v1
from
t3 t3a, t3 t3b
where
t3a.n2 = t3b.n1
;
select * from table(dbms_xplan.display);
---------------------------------------------------------------------------
| Id | Operation | Name | Rows | Bytes | Cost (%CPU)| Time |
---------------------------------------------------------------------------
| 0 | SELECT STATEMENT | | 5643K| 581M| 138 (83)| 00:00:01 |
|* 1 | HASH JOIN | | 5643K| 581M| 138 (83)| 00:00:01 |
| 2 | TABLE ACCESS FULL| T3 | 10000 | 527K| 13 (8)| 00:00:01 |
| 3 | TABLE ACCESS FULL| T3 | 10000 | 527K| 13 (8)| 00:00:01 |
---------------------------------------------------------------------------
Predicate Information (identified by operation id):
---------------------------------------------------
1 - access("T3A"."N2"="T3B"."N1")
As expected the (rounded) join cardinality is reported as 5,643K.
So the selectivity of the single table predicate “n1 = n2” will be (5,643,000 / (10,000 * 10,000) = 0.05643 and the cardinality estimate of the single table query will be 10,000 * 0.05643 = 564.3 QED.
I haven’t tested any other variations of types of histogram, degree of overlap of value ranges, etc. but I suspect that the general principle is probably going to give the selectivity as (or with the appearance of): “estimated cardinality of self-join” / “square of num_rows (allowing for nulls)”.
APEX Upgrade redux
I posted about my APEX upgrade to 19 yesterday, and someone was quick to point out to me that they believed I hadn’t covered all of the steps.
“What if your APEX instance needs to call web services?” they said. “You need to update your Access Control Lists.”
I hadn’t thought of that, so I logged onto one of my other APEX instances that was still at version 18, and checked the current ACLs
SYS> select acl,
2 principal,
3 privilege
4 from dba_network_acl_privileges
5 order by acl, principal, privilege;
ACL PRINCIPAL PRIVILEGE
-------------------------------------------------- -------------------- ----------
/sys/acls/oracle-sysman-ocm-Resolve-Access.xml ORACLE_OCM resolve
NETWORK_ACL_192DBA180AEB40AD98A73ACCD309FF8F APEX_180200 http
NETWORK_ACL_296C00CF7F2744BAB526D4C4E85FE189 GGSYS resolve
NETWORK_ACL_296C00CF7F2744BAB526D4C4E85FE189 GSMADMIN_INTERNAL resolve
4 rows selected.
I can see the potential issue here. On upgrade, I’ll have a new schema which would need the same ACLs granted as the existing APEX 18 schema. Then I went ahead and upgraded this instance to version 19, and lo and behold, check out this nice little touch in the upgrade.
SYS> select acl,
2 principal,
3 privilege
4 from dba_network_acl_privileges
5 order by acl, principal, privilege;
ACL PRINCIPAL PRIVILEGE
-------------------------------------------------- -------------------- ----------
/sys/acls/oracle-sysman-ocm-Resolve-Access.xml ORACLE_OCM resolve
NETWORK_ACL_0F93A8F653EC43DC9D90457B1151A330 APEX_190100 http
NETWORK_ACL_192DBA180AEB40AD98A73ACCD309FF8F APEX_180200 http
NETWORK_ACL_296C00CF7F2744BAB526D4C4E85FE189 GGSYS resolve
NETWORK_ACL_296C00CF7F2744BAB526D4C4E85FE189 GSMADMIN_INTERNAL resolve
5 rows selected.
The upgrade took care of the ACLs for me! That’s pretty cool.
Ansible tips’n’tricks: provision multiple machines in parallel with Vagrant and Ansible
Vagrant is a great tool that I’m regularly using for building playground environments on my laptop. I recently came across a slight inconvenience with Vagrant’s Virtualbox provider: occasionally I would like to spin up a Data Guard environment and provision both VMs in parallel to save time. Sadly you can’t bring up multiple machines in parallel using the VirtualBox provisioner according to the documentation . This was true as of April 11 2019 and might change in the future, so keep an eye out on the reference.
I very much prefer to save time by doing things in parallel, and so I started digging around how I could achieve this goal.
The official documentation mentions something that looks like a for loop to wait for all machines to be up. This isn’t really an option, I wanted more control over machine names and IP addresses. So I came up with this approach, it may not be the best, but it falls into the “good enough for me” category.
Vagrantfile
The Vagrantfile is actually quite simple and might remind you of a previous article:
1 Vagrant.configure("2") do |config|
2 config.ssh.private_key_path = "/path/to/key"
3
4 config.vm.define "server1" do |server1|
5 server1.vm.box = "ansibletestbase"
6 server1.vm.hostname = "server1"
7 server1.vm.network "private_network", ip: "192.168.56.11"
8 server1.vm.synced_folder "/path/to/stuff", "/mnt",
9 mount_options: ["uid=54321", "gid=54321"]
10
11 config.vm.provider "virtualbox" do |vb|
12 vb.memory = 2048
13 vb.cpus = 2
14 end
15 end
16
17 config.vm.define "server2" do |server2|
18 server2.vm.box = "ansibletestbase"
19 server2.vm.hostname = "server2"
20 server2.vm.network "private_network", ip: "192.168.56.12"
21 server2.vm.synced_folder "/path/to/stuff", "/mnt",
22 mount_options: ["uid=54321", "gid=54321"]
23
24 config.vm.provider "virtualbox" do |vb|
25 vb.memory = 2048
26 vb.cpus = 2
27 end
28 end
29
30 config.vm.provision "ansible" do |ansible|
31 ansible.playbook = "hello.yml"
32 ansible.groups = {
33 "oracle_si" => ["server[1:2]"],
34 "oracle_si:vars" => {
35 "install_rdbms" => "true",
36 "patch_rdbms" => "true",
37 }
38 }
39 end
40
41 end
Ansibletestbase is my custom Oracle Linux 7 image that I keep updated for personal use. I define a couple of machines, server1 and server2 and from line 30 onwards let Ansible provision them.
A little bit of an inconvenience
Now here is the inconvenient bit: if I provided an elaborate playbook to provision Oracle in line 31 of the Vagrantfile, it would be run serially. First for server1, and only after it completed (or failed…) server2 will be created and provisioned. This is the reason for a rather plain playbook, hello.yml:
$ cat hello.yml
---
- hosts: oracle_si
tasks:
- name: say hello
debug: var=ansible_hostname
This literally takes no time to execute at all, so no harm is done running it serially once per VM. Not only is no harm done, quite the contrary: Vagrant discovered an Ansible provider in the Vagrantfile and created a suitable inventory file for me. I’ll gladly use it later.
How does this work out?
Enough talking, time to put this to test and to bring up both machines. As you will see in the captured output, they start one-by-one, run their provisioning tool and proceed to the next system.
$ vagrant up
Bringing machine 'server1' up with 'virtualbox' provider...
Bringing machine 'server2' up with 'virtualbox' provider...
==> server1: Importing base box 'ansibletestbase'...
==> server1: Matching MAC address for NAT networking...
[...]
==> server1: Running provisioner: ansible...
[...]
server1: Running ansible-playbook...
PLAY [oracle_si] ***************************************************************
TASK [Gathering Facts] *********************************************************
ok: [server1]
TASK [say hello] ***************************************************************
ok: [server1] => {
"ansible_hostname": "server1"
}
PLAY RECAP *********************************************************************
server1 : ok=2 changed=0 unreachable=0 failed=0
==> server2: Importing base box 'ansibletestbase'...
==> server2: Matching MAC address for NAT networking...
[...]
==> server2: Running provisioner: ansible...
[...]
server2: Running ansible-playbook...
PLAY [oracle_si] ***************************************************************
TASK [Gathering Facts] *********************************************************
ok: [server2]
TASK [say hello] ***************************************************************
ok: [server2] => {
"ansible_hostname": "server2"
}
PLAY RECAP *********************************************************************
server2 : ok=2 changed=0 unreachable=0 failed=0
As always the Ansible provisioner created an inventory file I can use in ./.vagrant/provisioners/ansible/inventory/vagrant_ansible_inventory. The inventory looks exactly as described in the |ansible| block, and it has the all important global variables as well.
$cat ./.vagrant/provisioners/ansible/inventory/vagrant_ansible_inventory
# Generated by Vagrant
server2 ansible_host=127.0.0.1 ansible_port=2201 ansible_user='vagrant' ansible_ssh_private_key_file='/path/to/key'
server1 ansible_host=127.0.0.1 ansible_port=2200 ansible_user='vagrant' ansible_ssh_private_key_file='/path/to/key'
[oracle_si]
server[1:2]
[oracle_si:vars]
install_rdbms=true
patch_rdbms=true
After ensuring both that machines are up using the “ping” module, I can run the actual playbook. You might have to confirm the servers’ ssh keys the first time you run this:
$ ansible -i ./.vagrant/provisioners/ansible/inventory/vagrant_ansible_inventory -m ping oracle_si
server1 | SUCCESS => {
"changed": false,
"ping": "pong"
}
server2 | SUCCESS => {
"changed": false,
"ping": "pong"
}
All good to go! Let’s call the actual playbook to provision my machines.
$ ansible-playbook -i ./.vagrant/provisioners/ansible/inventory/vagrant_ansible_inventory provisioning/oracle.yml TASK [Gathering Facts] *************************************************************** ok: [server1] ok: [server2] TASK [test for Oracle Linux 7] ******************************************************* skipping: [server1] skipping: [server2]
And we’re off to the races. Happy automating!
SSIS vs. Oracle GG
This is the third in a series of product identifications between Oracle and Microsoft to assist those attempting to understand the similarities and differences between these essential parts of any data platform environments.
In this post, I’m going to describe the similarities and differences between Microsoft SQL Server Integration Services and Oracle Golden Gate. Hang on, it’s a bit of a bumpy ride. as neither service is out there on its own, (other’s piggy back off of them) and there’s definitely some new products on the Microsoft side that aren’t taken into consideration.
The first thing to know is that this is not taking all the detailed features into each product into account. Both are essentially self-service products, so if someone wants to build something in the product, even if it wasn’t originally designed for it, they most likely will be able to. I’m looking high level at the original purpose for the product and how I can create, (as close as possible) apple to apple comparison environment for the two.
The second is that the diagrams should help you visualize how they are different and the fundamental architecture for each.
Microsoft SSIS
SQL Server Integration Services, (SSIS) has been around a LONG time, first shining in the SQL world as Data Transformation Services, (DTS) back in SQL Server 7. The product uses a SQL Server repository to store integration processes in groups, called packages and are a bedrock of many ETL processing in the SQL world. With the introduction of Azure cloud, Azure Data Factory, (ADF) includes the ability to integrate SSIS packages into it’s offering, creating an SSISDB repository database, making the most of customers existing integration packages and helping them move into newer capabilities with ADF data flows and pipelines.
To create something that does appear to fulfill the same feature overlap as Oracle GG, I added in log shipping, as Oracle GG does handle replication better, (IMHO) than SSIS.
https://dbakevlar.com/wp-content/uploads/2019/04/ssis_ls-300x168.jpg 300w, https://dbakevlar.com/wp-content/uploads/2019/04/ssis_ls-768x430.jpg 768w" sizes="(max-width: 1024px) 100vw, 1024px" />
Oracle Golden Gate
Oracle Golden Gate also grew out of a predecessor product, first known as Change Data Capture, (CDC) which was a set of stored procedures and packages inside the Oracle database, then Oracle Streams, taking it one step further, till it evolved into the Oracle Golden Gate product.
To create a similar diagram to the SSIS one, I’ve incorporated a secondary Oracle product, Data Integrator, to help grant us an apple to apple view, as I feel SSIS does a better job at integration of data than Oracle GG does.
https://dbakevlar.com/wp-content/uploads/2019/04/oragg_odi-300x169.jpg 300w, https://dbakevlar.com/wp-content/uploads/2019/04/oragg_odi-768x433.jpg 768w" sizes="(max-width: 1024px) 100vw, 1024px" />
The Gist
Both products use a database repository to store and perform essential processing, but as Oracle GG sourced from the need to move data, especially data migrations to engineered systems, (which it was almost essential to ease this migration scenario) it is very easy to install, easy to use and has little impact to the database, as it uses the log data to perform the process, including updating transactional processing post the initial load. In the SQL world, log shipping is the tool of choice to perform this type of processing, (even more so than replication, just as Oracle GG has replaced older forms of replication with its own version.)
SSIS is a product that has stood the test of time, packages being valuable enough that they’ve integrated the product into Azure Data Factory. The ease of use for those that have been using it for a couple decades makes it simpler for companies to move to the cloud without fear of having to migrate all their ETL work over from scratch.
Hopefully the scenario I’ve created in the diagrams help understand how the products overlap and how they are different, adding in the two secondary products to help balance them out.
With that, I’m going to bed- it’s a busy time of the year here in Microsoft land. 
Want to change the future Amazon RDS performance monitoring?
UPDATE: All slots for this study have been filled.
On the other and would love your feedback. Please send any ideas about what you’d like to see in RDS performance monitoring to me at kylelf at amazon.com
Thanks
Have you ever used Amazon RDS console to manage performance on an RDS database and had ideas on how to make it better? The Amazon UX Research team for AWS is collaborating with me to recruit for an upcoming user research study with Amazon Relational Database Service (RDS) performance monitoring. Sessions will take place between Monday, April 22, 2019 – Friday, April 26, 2019. In this study Amazon is looking to speak to experienced Database Administrators who currently use RDS. The sessions will be conducted remotely on WebEx and will be 1 hour long. As appreciation for your time and feedback, participants will receive a $100 Amazon.com gift card for completing a session (if your company guidelines permit).
If you are interested, sign up for this confidential study here: (Note that the study has limited spots, first come first serve.)
https://app.acuityscheduling.com/schedule.php?owner=14014140&calendarID=2201515
After you sign up, and if you get a slot, the Amazon UX team will send you a WebEx invite for your session.
Application Express 19.1
AskTOM moved to Application Express 19.1 without any major issues last weekend. That in itself is a nice endorsement for APEX, given that the AskTOM application dates back nearly 20 years to 2001, and predates even the existence of APEX.
The only fix that we had to make was that AskTOM uses the static CDN files that Joel Kallman blogged about to make it nice and snappy wherever in the world it is used. The reference to those files have a hard-coded version number so that needed to updated. For AskTOM, we have a plugin that uses some jQuery elements that went pear-shaped when referencing the old version 18 files, but after a quick fix to that reference all was well.
Given that AskTOM is running on APEX 19 I figured I best upgrade my local PC installation as well. I find the standard documentation a little bit cryptic when I want to perform an upgrade because the docs have to cover all of the possible scenarios (CDB vs non-CDB, web listener vs EPG, etc), and as such when you click on the section on Upgrading, you don’t appear to the get a step by step guide on what to do.
But the secret is in the second paragraph:
“following any of the installations scenarios in the guide upgrades your Oracle Application Express instance…”
so here’s what I did to upgrade my local installation which is installed within a pluggable database, and running with a standalone ORDS listener. (I stress, always consult the standard documentation set before commencing your upgrade).
- Downloaded APEX and unzipped into an appropriate location
- Connected as SYSDBA in the pluggable database where APEX is installed
- Ran the standard installation script (which will automatically detected this be an upgrade)
@apexins.sql SYSAUX SYSAUX TEMP /i/- Let ORDS know that an upgrade had been done.
java -jar ords.war validate- And the reset the REST services component post-upgrade
and I was done! No dramas encountered and APEX on my PC is now on 19.1
Note: I moved my original APEX installation to a backup area, and placed the new version 19 installation in place of the old location, so I did not have to move or copy any images and static files around. Your approach may be different, so just to reiterate – consult the standard docs before diving into your upgrade.
Of course, all the dark mode fan bois will be telling me to switch to Dark Mode 
but for me, I think it would be wrong to maintain a classic 2000’s application such as AskTOM in anything but brilliant white
More chances to bulk process
I’m sure most of us have read or heard at a conference the benefits of array fetching and array binding when it comes to passing data back and forth to the database. And we’ve all seen the numerous demo scripts in PL/SQL along the lines of:
FORALL i in 1 .. n
INSERT ...
As such, there is a misconception out there that you are only going to be able to use bulk binding for basic DML operations. So I thought I’d share this example that came in via AskTOM recently. We got asked if there was any means of improving the performance of this row-by-row operation where the DML was a complex Text index search, with the additional complication that on a row by row basis, the DML may fail but that this was an anticipated outcome that needed to be handled and moved past. The scenario presented was as follows:
- A table SOURCE_DATA containing rows of free format text,
- A table SEARCH_TERMS that would be populated by users, applications indicating a list of words/phrases that would searched for within SOURCE_DATA,
- A table SEARCH_RESULTS that would contain a one row per search term to indicate the phrase was found in SOURCE_DATA.
To enable text searching, a text index is created on SOURCE DATA, otherwise the setup below is straightforward.
SQL> create table SOURCE_DATA
2 ( id number,
3 name varchar2(50) );
Table created.
SQL>
SQL> create sequence SOURCE_SEQ start with 1 increment by 1;
Sequence created.
SQL>
SQL> insert into SOURCE_DATA
2 select SOURCE_SEQ.nextval,'abc'||rownum from dual
3 connect by rownum<=10000;
10000 rows created.
SQL> insert into SOURCE_DATA
2 select SOURCE_SEQ.nextval,'pqr'||rownum from dual
3 connect by rownum<=10000;
10000 rows created.
SQL> insert into SOURCE_DATA
2 select SOURCE_SEQ.nextval,'xyz'||rownum from dual
3 connect by rownum<=10000;
10000 rows created.
SQL> insert into SOURCE_DATA
2 select SOURCE_SEQ.nextval,'name'||rownum from dual
3 connect by rownum<=50000;
50000 rows created.
SQL> commit;
Commit complete.
SQL>
SQL> exec ctx_ddl.create_stoplist('keep_all_stopwords', 'BASIC_STOPLIST');
PL/SQL procedure successfully completed.
SQL>
SQL> create index SOURCE_IDX_TEXT on SOURCE_DATA(name)
2 indextype is ctxsys.context
3 parameters ('stoplist keep_all_stopwords sync (on commit)');
Index created.
SQL>
SQL> create table SEARCH_TERMS
2 ( search_name varchar2(50) );
Table created.
SQL>
SQL> create table SEARCH_RESULTS
2 ( search_name varchar2(50) );
Table created.
SQL>
SQL> insert into SEARCH_TERMS values ('xyz1');
1 row created.
SQL> insert into SEARCH_TERMS values ('xyz10000');
1 row created.
SQL> insert into SEARCH_TERMS values ('n');
1 row created.
SQL> commit;
Commit complete.
With the data above, the intent here is to do a wildcard text search in SOURCE_DATA for the value “xyz1”, and then a wildcard text search for “xyz10000” and so forth for each row in SEARCH_TERMS. Here is the first cut of the code provided by the poster on AskTOM. We loop around for each entry in SEARCH_TERMS and perform an INSERT-WHERE-EXISTS query. However, because this is a wild-card search, then it is possible for errors to be returned from a Text query, which necessitates the exception handler in the code. We can see how this can manifests itself with a sample run.
SQL>
SQL> create or replace
2 procedure testInsert as
3 v_errcode NUMBER;
4 v_errm VARCHAR2(200);
5 begin
6 for a in ( select * from SEARCH_TERMS )
7 loop
8 dbms_output.put_line('Loading-' || a.search_name);
9 begin
10 insert into SEARCH_RESULTS
11 select a.search_name
12 from dual
13 where (
14 select count(*)
15 from SOURCE_DATA b
16 where contains(b.name, '%' || a.search_name || '%') > 0
17 and rownum <= 2 ) = 1;
18
19 exception
20 when others then
21 v_errcode := sqlcode;
22 v_errm := substr(sqlerrm, 1, 200);
23 dbms_output.put_line('Error code ' || v_errcode || ': ' || v_errm);
24 end;
25 end loop;
26
27 end;
28 /
Procedure created.
SQL>
SQL> set serverout on
SQL> exec testInsert
Loading-xyz1
Loading-xyz10000
Loading-n
Error code -29902: ORA-29902: error in executing ODCIIndexStart() routine
ORA-20000: Oracle Text error:
DRG-51030: wildcard query expansion resulted in too many terms
PL/SQL procedure successfully completed.
For the first two search terms, the check works fine, but for the search term of “n”, it is deemed “too vague” by Text engine and returns the error “DRG-51030: wildcard query expansion resulted in too many terms”. But since this is an expected error (since search phrases come from an arbitrary source) we catch the error and move on to the next phrase. The poster on AskTOM was looking for a mechanism to speed this up, since once there was a large number of search phrases, the row-by-row approach became the familiar cliché “slow-by-slow”.
But even with a scenario like this, array processing via bulk binding can be utilised. I’ve recoded the example to use bulk binding. Even though we have a complex SQL with a Text query, along with the need for an error handler, we can still take advantage of array processing. Using the SQL%BULK_EXCEPTIONS structure, we still get access to rows in error.
SQL>
SQL> create or replace
2 procedure testInsert as
3 v_errcode number;
4 v_errm varchar2(200);
5
6 type row_list is table of varchar2(100) index by pls_integer;
7 r row_list;
8
9 bulk_failed exception;
10 pragma exception_init(bulk_failed, -24381);
11
12 l_cnt int;
13 begin
14 select search_name bulk collect into r from SEARCH_TERMS;
15
16 forall i in 1 .. r.count save exceptions
17 insert into SEARCH_RESULTS
18 select r(i)
19 from dual
20 where (
21 select count(*)
22 from SOURCE_DATA b
23 where contains(b.name, '%' || r(i) || '%') > 0
24 and rownum <= 2 ) = 1;
25
26 exception
27 when bulk_failed then
28 l_cnt := sql%bulk_exceptions.count;
29 for i in 1 .. l_cnt loop
30 dbms_output.put_line('failed: ' || i || ' value: ' ||
31 r(sql%bulk_exceptions(i).error_index) ||' : ' ||
32 sqlerrm(-sql%bulk_exceptions(i).error_code));
33 end loop;
34 end;
35 /
Procedure created.
SQL>
SQL> set serverout on
SQL> exec testInsert
failed: 1 value: n : ORA-29902: error in executing ODCIIndexStart() routine
PL/SQL procedure successfully completed.
SQL>
So don’t be too quick to dismiss the opportunities to use bulk binding in your applications. If you can code the SQL in PL/SQL, you can probably (re)code to use array processing.
Describe Upgrade
Here’s an odd little change between Oracle versions that could have a stunning impact on the application performance if the thing that generates your client code happens to use an unlucky selection of constructs. It’s possible to demonstrate the effect remarkably easily – you just have to describe a table, doing it lots of times to make it easy to see what’s happening.
rem rem Script: describe_18c.sql rem Author: Jonathan Lewis rem Dated: Apr 2019 rem create table t1 as select * from all_objects where rownum = 1 ; set heading off set feedback off set pagesize 0 set linesize 156 set trimspool on set termout off set serveroutput on execute snap_rowcache.start_snap execute snap_libcache.start_snap start start_10000 -- start_1 contains "describe t1" set termout on set serveroutput on spool temp execute snap_rowcache.end_snap execute snap_libcache.end_snap spool off
The start_10000 script is my mechanism for running a simple piece of code many times, and as the comment following it says, all I’m doing is repeating “describe t1”. The calls to “snap” something are examples of procedures I use to find the changes recorded in various dynamic performance views over short periods of time (there’s an example of the code for v$mystat here) In this case, as the names suggest, the snapshots record the changes in v$rowcache (the dictionary cache) and v$librarycache (the library cache). I’ve put a simple variant of the code at the end of the blog note so you don’t have to do all the preparation if you want to run a quick test for yourself.
Here are the results I get when running the test in Oracle 18.3.0.0
--------------------------------- Dictionary Cache - 05-Apr 19:00:00 Interval:- 27 seconds --------------------------------- Parameter Sub# Usage Fixed Gets Misses Scans Misses Comp Mods Flushes --------- ----- ----- ----- ---- ------ ----- -------------- ---- ------- dc_objects 0 0 260,051 0 0 0 0 0 0 dc_users 0 0 260,000 0 0 0 0 0 0 --------------------------------- Library Cache - 05-Apr 19:00:00 Interval:- 27 seconds --------------------------------- Type Description Gets Hits Ratio Pins Hits Ratio Invalid Reload ----- ----- ---- ---- ----- ---- ---- ----- ------- ------ NAMESPACE TABLE/PROCEDURE 10,003 10,003 1.0 280,028 280,028 1.0 0 0
Before showing you corresponding figures from 12.2.0.1 I’ll just point out that in version 18.3.0.0 of Oracle the structure of view all_objects gives me a table of 26 columns. Think about that and the 10,000 describes while looking at the number above, then look at the corresponding 12.2.0.1 results:
--------------------------------- Dictionary Cache - 05-Apr 19:00:00 Interval:- 28 seconds --------------------------------- Parameter Usage Fixed Gets Misses Scans Misses Comp Mods Flushes --------- ----- ----- ---- ------ ----- -------------- ---- ------- dc_users 0 0 2 0 0 0 0 0 0 dc_objects 0 0 9 0 0 0 0 0 0 --------------------------------- Library Cache - 05-Apr 19:04:17 Interval:- 28 seconds --------------------------------- Type Description Gets Hits Ratio Pins Hits Ratio Invalid Reload ----- ----- ---- ---- ----- ---- ---- ----- ------- ------ NAMESPACE TABLE/PROCEDURE 10,005 10,005 1.0 20,018 20,018 1.0 0 0
The internal mechanism of the “describe” call has changed between 12.2.0.1 to 18.3.0.0.
For each describe in 18.3, for each column in the table you see a “get” on dc_users and dc_objects in v$rowcache and you see one “get” on the TABLE/PROCEDURE namespace in v$librarycache, and (2 + number of columns) “pins”. In 12.2.0.1 there are no gets on the dictionary cache and only 1 get and two pins in the library cache for each describe.
As a couple of extra checks I modified the test to query from a 12c client to and 18c server, then from an 18c client to a 12c server. The big numbers appeared in the former test (i.e. when the server is 18c) and the small number for the latter (when the server is 12c). I also tried a couple of other variations on the theme:
- If the table t1 doesn’t exist when I run the test then there are no gets on the row cache, and I see 2 gets and pins (with hits) on the library cache per describe.
- If I run the test using “decribe other_schema.t1“ the pins (and hits) on the library cache go up by 1 per describe
- If I execute “alter session set current_schema = other_schema” so that “describe t1” is actually describing a table in another schema the pins (and hits) on the library cache go up by 1 per describe
- If I run the test in the SYS schema, 18c behaves like 12c !! But SYS is often a little wierd compared to other schemas
Enabling the 10051 trace – I can see that both versions report an OPI call type = 119: “V8 Describe Any” for each call to “describe” (which, presumably, corresponds to the OCIDescribeAny() low-level function call). And that’s really where this blog started, and why lots of people might need to be aware (at least in the short term) of this change in behaviour across versions .
Welcome to the Real World.
My demonstration is clearly silly – no-one does hundreds of describes per second in a real application, surely. Well, not deliberately, and not necessarily with the intent to do a full describe, but sometimes n-tier development environments end up generating code that does things you might not expect. One such example is the way that JDBC can handle a requirement of the form:
insert into tableX( id, ......) values (my_sequence.nextval, ...) returning id into ?;
In the course of handling this requirement one of the coding strategies available to JDBC ends up executing the type 119 “V8 Describe Any” call. Imagine the effect this has when you have a couple of dozen concurrent sessions totalling a couple of million single row inserts per hour. The competition for library cache pins and row cache gets is massive – and the memory structures involved are all protected by mutexes. So when a a client of mine recently upgraded their system from 11.2.0.4 to 18.3.0.0 they saw “library cache: mutex X” waits change from a few hundred seconds per hour to tens of thousands of seconds, and “row cache mutex” leaping up from nowhere in the “Top timed events” to reporting further even more thousands of seconds of wait time per hour.
The actual impact of this issue will depend very strongly on how much use you (or your ORM) makes of this construct. The problem may be particularly bad for my client because of the very large number of concurrent executions of a very small number of distinct statements that all address the same table. For low concurrency, or for a wide range of different tables and statements, you may not see so much contention.
If you are seeing contention for “row cache mutex” and “library cache: mutex X”, then a quick corroborative test (if you are licensed for the performance and dianostic packs) is to check the top_level_call# and top_level_call_name from v$active_session_history:
select
top_level_call#, top_level_call_name, count(*)
from v$active_session_history
group by
top_level_call#, top_level_call_name
order by
count(*)
If (119, ‘V8 Describe Any’) shows up as a significant fraction of the total then you’re probably looking at this issue.
Java is not my strong point – but here’s a trivial piece of standalone Java that you can use to demonstrate the issue if you’re familiar with running Java on the server. There are a few notes inline to explain necessary preparatory steps and code changes:
/*
To create a class file, you need to execute
javac temptest2.java
This generates file temptest2.class
If this is successful then execute
java temptest {number of iterations} {commit frequency}
e.g.
java temptest2 10000 10
To be able to compile, you need a CLASSPATH environment variable
e.g. export CLASSPATH=$CLASSPATH:$ORACLE_HOME/jdbc/lib/ojdbc8.jar
For java to see the created class the CLASSPATH must also include
the holding directory
e.g. export CLASSPATH=$CLASSPATH:/mnt/working
Example combined setting:
export CLASSPATH=$CLASSPATH:$ORACLE_HOME/jdbc/lib/ojdbc8.jar:/mnt/working
A schema will need to be created to hold two objects,
And the connection string in the code below will need to be modified -
and the listener has to be started and the database registered to it.
Database objects:
-----------------
create sequence s1;
create table test(
id number,
code varchar2(32),
descr varchar2(32),
insert_user varchar2(32),
insert_date date
);
*/
import java.sql.*;
import oracle.jdbc.OracleDriver;
import java.util.Date;
public class temptest2
{
public static void main (String arr[]) throws Exception
{
DriverManager.registerDriver(new oracle.jdbc.OracleDriver());
Connection con = DriverManager.getConnection
("jdbc:oracle:thin:@localhost:1521:or18","test_user","test");
Integer iters = new Integer(arr[0]);
Integer commitCnt = new Integer(arr[1]);
con.setAutoCommit(false);
doInserts( con, iters.intValue(), commitCnt.intValue() );
con.commit();
con.close();
}
static void doInserts(Connection con, int count, int commitCount )
throws Exception
{
int rowcnt = 0;
int committed = 0;
long start = new Date().getTime();
for (int i = 0; i < count; i++ ) {
PreparedStatement ps = con.prepareStatement(
"insert into test (id, code, descr, insert_user, insert_date) " +
"values (s1.nextval,?,?, user, sysdate)",
new String[]{"id"}
);
ps.setString(1,"PS - code" + i);
ps.setString(2,"PS - desc" + i);
ps.executeUpdate();
ResultSet rs = ps.getGeneratedKeys();
int x = rs.next() ? rs.getInt(1) : 0;
System.out.println(x);
rowcnt++;
ps.close();
if ( rowcnt == commitCount )
{
con.commit();
rowcnt = 0;
committed++;
}
}
long end = new Date().getTime();
con.commit();
System.out.println
("pstatement " + count + " times in " + (end - start) + " milli seconds committed = "+committed);
}
}
/*
*
* Sample from trace file after setting events 10046 and 10051:
*
* OPI CALL: type=119 argc= 7 cursor= 0 name=V8 Describe Any
* OPI CALL: type=94 argc=38 cursor= 0 name=V8 Bundled Exec
* PARSE #140693461998224:c=0,e=15,p=0,cr=0,cu=0,mis=0,r=0,dep=0,og=1,plh=3884345238,tim=1368184246
* EXEC #140693461998224:c=0,e=135,p=0,cr=0,cu=4,mis=0,r=1,dep=0,og=1,plh=3884345238,tim=1368184411
* OPI CALL: type=105 argc= 2 cursor= 0 name=Cursor close all
* CLOSE #140693461998224:c=0,e=15,dep=0,type=3,tim=1368185231
* OPI CALL: type=14 argc= 0 cursor= 0 name=COMMIT
* XCTEND rlbk=0, rd_only=0, tim=1368185291
* OPI CALL: type=119 argc= 7 cursor= 0 name=V8 Describe Any
* OPI CALL: type=94 argc=38 cursor= 0 name=V8 Bundled Exec
* PARSE #140693461998224:c=0,e=20,p=0,cr=0,cu=0,mis=0,r=0,dep=0,og=1,plh=3884345238,tim=1368187929
* EXEC #140693461998224:c=0,e=162,p=0,cr=0,cu=4,mis=0,r=1,dep=0,og=1,plh=3884345238,tim=1368188141
* OPI CALL: type=105 argc= 2 cursor= 0 name=Cursor close all
* CLOSE #140693461998224:c=0,e=6,dep=0,type=3,tim=1368189336
* OPI CALL: type=14 argc= 0 cursor= 0 name=COMMIT
* XCTEND rlbk=0, rd_only=0, tim=1368189373
*
*/
You’ll notice that I’ve prepared, executed and closed a statement inside a loop. The problem wouldn’t happen if I prepared the statement before the loop and closed it after the loop, doing nothing but the execute inside the loop; but the code is simply modelling the “single row processing” effect that typically appears through ORMs.
You’ll have to decide for yourself how to take snapshots of the dynamic performance views while this code is running, and how to emable tracing – but anyone who want to fiddle with the code is probably better at coding Java than I am – so it’s left as an exercise to the reader (I used a logon trigger for the traces, and snap_rowcache and snap_libcache from another session).
There is a certain cruel irony to this issue. For years I have been telling people that
insert into my_table(id, ...) values(my_sequence.nextval,...) returning id into :bind1;
is more efficient than:
select my_sequence.nextval into :bind1 from dual;
insert into my_table(id,.....) values(:bind1, ...);
If, at present, you’re using Hibernate as your ORM it generates code that does the (inefficient, bad practice) latter and you won’t see the “describe” problem.
Footnote
If you want a very simple SQL*Plus script to see the effect – and have privileges to query v$rowcache and v$librarycache – here’s a hundred describes with a little wrapper to show the effect:
em
rem The schema running this script must not be SYS
rem but must be granted select on v_$rowcache and
rem v_$librarycache. For the results to be clearly
rem visible the test needs to be run while virtually
rem nothing else is running on the instance.
rem
rem In 18.3.0.0 every describe seems to access
rem dc_users, dc_objects, and pin the library cache
rem once for every column in the table described
rem (plus a fixed "overhead" of 2 pins and one get)
rem
rem When run by SYS the counts fall back to the
rem 12.2 numbers -i.e. only two pins and one get
rem on the libraray cache with no accesses to the
rem dictionary cache
rem
rem The excess gets and pins disappear in 19.2,
rem thought the pin count on the library cache
rem goes up to 4 per describe.
rem
drop table t1 purge;
create table t1(
n1 number,
n2 number,
n3 number,
n4 number,
n5 number,
n6 number,
n7 number
)
;
-- variant create table t1 as select * from all_objects where rownum = 1;
set serveroutput off
set linesize 167
set trimspool on
spool temp_desc
select namespace, gets, pins from v$librarycache where namespace = 'TABLE/PROCEDURE';
select parameter, gets from v$rowcache where parameter in ('dc_users','dc_objects') and subordinate# is null;
spool off
set termout off
describe t1
describe t1
describe t1
describe t1
describe t1
describe t1
describe t1
describe t1
describe t1
describe t1
describe t1
describe t1
describe t1
describe t1
describe t1
describe t1
describe t1
describe t1
describe t1
describe t1
describe t1
describe t1
describe t1
describe t1
describe t1
describe t1
describe t1
describe t1
describe t1
describe t1
describe t1
describe t1
describe t1
describe t1
describe t1
describe t1
describe t1
describe t1
describe t1
describe t1
describe t1
describe t1
describe t1
describe t1
describe t1
describe t1
describe t1
describe t1
describe t1
describe t1
describe t1
describe t1
describe t1
describe t1
describe t1
describe t1
describe t1
describe t1
describe t1
describe t1
describe t1
describe t1
describe t1
describe t1
describe t1
describe t1
describe t1
describe t1
describe t1
describe t1
describe t1
describe t1
describe t1
describe t1
describe t1
describe t1
describe t1
describe t1
describe t1
describe t1
describe t1
describe t1
describe t1
describe t1
describe t1
describe t1
describe t1
describe t1
describe t1
describe t1
describe t1
describe t1
describe t1
describe t1
describe t1
describe t1
describe t1
describe t1
describe t1
describe t1
set termout on
set serveroutput on
spool temp_desc append
select namespace, gets, pins from v$librarycache where namespace = 'TABLE/PROCEDURE';
select parameter, gets from v$rowcache where parameter in ('dc_users','dc_objects') and subordinate# is null;
spool off
set doc off
doc
Sample output from 18.3
=======================
NAMESPACE GETS PINS
---------------------------------------------------------------- ---------- ----------
TABLE/PROCEDURE 27449 71108
PARAMETER GETS
-------------------------------- ----------
dc_users 17341
dc_objects 115830
NAMESPACE GETS PINS
---------------------------------------------------------------- ---------- ----------
TABLE/PROCEDURE 27555 72017
PARAMETER GETS
-------------------------------- ----------
dc_users 18041
dc_objects 116533
Note change in rowcache gets - one per column per describe on each parameter.
Note change in library cache pins - (one per column + 2) per describe.
Sample output from 12.2
=======================
NAMESPACE GETS PINS
-------------------- ---------- ----------
TABLE/PROCEDURE 13393 20318
PARAMETER GETS
-------------------------------- ----------
dc_users 4889
dc_objects 31413
NAMESPACE GETS PINS
-------------------- ---------- ----------
TABLE/PROCEDURE 13504 20539
PARAMETER GETS
-------------------------------- ----------
dc_users 4889
dc_objects 31416
No change in v$rowcache
Only the same single get and the "+2" pins per describe in v$librarycache
#
The good news is that I sent this text to a colleague who has access to Oracle 19, and the problem goes away (almost completley) – there are just two extra pins on the library cache in Oracle 19 compared to Oracle 12, and no gets on the rowcache dc_users and dc_objects. This suggests that it’s a known issue (even though there’s no visible bug report, and the problem is still present in 18.5) so it may be possible to get a backport of the version 19 code for vesion 18 fairly quickly. If not the best temporary workaround is probably to bypass the ORM and manually code for a function call that processes an anonymous PL/SQL block – but I haven’t tested that idea yet.
There is a JDBC cursor cache available – and if this were enabled than the prepared statement that was closed by the code would be kept open by the JDBC cache (and, of course, still be present in Oracle’s v$open_cursor) and Oracle wouldn’t receive any further parse or “describe” calls. Unfortunately it seems that there’s a cursor leak (still) in the JDBC caching algorithm that will lead to sessions hitting Oracle error “ORA-01000: maximum open cursors exceeded.”
Acknowledgements.
I’d particularly like to thank Lasse Jenssen who spent a couple of hours with me (when he could have been attending some interesting sessions) at the OUG Ireland conference a few days ago, working through various tests and strategies to pin down the problem and attempt to circumvent it. (Any criticism of the Java code above should, nevertheless be aimed at me).
Update
This problem is now visible on MoS as: Bug 29628952 : INCREASED ROW CACHE GETS ON DC_OBJECTS AND DC_USERS FOR DESCRIBE IN 18C AND LATER.
It’s also visible as Bug 29628647 : INCREASED GETS FOR DC_OBJECTS AND DC_USERS FOR DESCRIBE, unfortunately this latter bug has been associated with version 19.2 – where the problem doesn’t exist so the analyst has reported back (quite corretly) with “I see no problem.”
.png){kind=small}
Tweets
Popular content
Today's:
Monthly archive
- April 2002 (1)
Recent comments
1 year 17 weeks ago
1 year 29 weeks ago
1 year 33 weeks ago
1 year 34 weeks ago
1 year 39 weeks ago
2 years 8 weeks ago
2 years 28 weeks ago
3 years 6 weeks ago
3 years 42 weeks ago
3 years 42 weeks ago