Functions – RedThunder.Blog

Managing multiple Let’s Encrypt certificates with Oracle Cloud Infrastructure

In my previous post I explained how you can use Let’s Encrypt and Oracle Cloud Infrastructure (OCI) serverless functions to obtain a publicly signed SSL certificate, and automatically manage its renewal lifecycle. The solution works as expected; I have a Let’s Encrypt certificate for my website automatically renewing 30 days before expiry. If you haven’t read my previous post I’d recommend taking a look before following the setup outlined below as it covers how the solution works, and some prerequisites.

Having multiple workloads running in various OCI regions I started thinking about a more elegant way to provision certificates across multiple regions. Certificates stored in the certificate service are only available to resources in the same region and would have required a function to be deployed in each region, and for each SSL certificate required.

I’ve since updated the solution to address this requirement. It is now possible to provision certificates across multiple OCI regions using a single OCI Function application. I’ve also taken the opportunity to implement other features such as:

Loading a list of certificates you want to manage from a JSON file stored in Object Storage.
Adding support for wildcard SSL certificates.
Adding support for Subject Alternative Names (SAN) in addition to the CN name.
Adding support for the use of DNS zones and Vaults that reside in different regions to the OCI Function.

Adding support to specify which vault, and region to use for a given certificate ensures that workloads with strict cryptographic key material requirements can still benefit from this solution.

If you’ve already followed the instructions from my previous post, the solution will continue to work as described. The only limitation being that it’ll only work for a single certificate. By following the steps below you can easily upgrade to issuing multiple certificates. If you haven’t set anything up yet that’s also fine as I’ll be covering the full install again here.

Let’s Encrypt serverless automation with Oracle Cloud Infrastructure

Let’s Encrypt made its debut back in late 2015. It is a free Certificate Authority provided by the Internet Security Research Group. The goal was to support the adoption of SSL / TLS to ensure the privacy of information sent over the public Internet. Let’s Encrypt is now serving over 2.5M certificates per day.

If you’re reading this it’s likely you’ve had to deal with SSL certificates before. It’s also likely some of you will have investigated an outage, only to find that an SSL certificate expired somewhere that no one knew about. Certificate discovery, management, and renewal can be time consuming and not much fun.

Cloud providers have made this job easier with the introduction of certificate services that are able to issue public Domain Validation (DV) certificates. Oracle Cloud Infrastructure (OCI) currently allows you to create private Certificate Authorities (CA’s), private Certificates, and private Certificate Authority bundles. Private certificate resources are used to secure communication across a private network, where certificates can be installed and trusted to enable secure communication.

But what about publicly signed certs for users connecting over the Internet? Using a private OCI certificate will result in a “certificate not trusted” error in your web browser; this is where Let’s Encrypt comes in. I’m going to show you how to run a completely automated serverless Let’s Encrypt solution in your OCI tenancy to install and automatically renew certificates that show as trusted in your web browser.

Virus & Malware Scanning Object Storage in OCI

If you’re like me, then working in IT means you also assume Tech Support duties for friends, family, and those distant relatives that only seem to call when they’ve got a problem.

I just clicked on this link, and my computer is doing something weird. I think my PC has a virus, what do I do?

When it’s just a single computer, the answer is simple, contain and validate the rouge software is removed, install an AV solution, change their passwords, enable MFA, and provide some education on what to look out for next time.

But now imagine you’re an organisation building a new application, or are moving applications to the cloud. Are you simply performing a lift-and-shift or are you planning to make use of cloud native services? Where are you going to store your data, specifically user uploaded files? Object Storage was built specifically to solve the challenges of how to store unstructured data in the cloud.

However, there is a catch. If you were previously storing files on a server file system, then it’s likely you were also running an anti-virus / anti-malware solution to identify malicious files. With Object Storage the underlying file system is transparent, so you can’t install AV, yet many compliance requirements still state “Uploaded files must be scanned for viruses and malware”.

A Better Mechanism for Periodic Functions Invocation?

Functions in Oracle Cloud Infrastructure are great. As a serverless execution environment with pre-built logging, metrics, etc. it allows developers to simply focus on their code and not worry about all of the supporting infrastructure, while still providing a lot of flexibility through the use of container primitives. As great as Functions are, they are reactive, they can only be invoked and can’t natively be configured to be executed in a spontaneous or scheduled manner. Often this won’t matter, as Functions will be invoked directly or indirectly by users, or in response to events, but sometimes you simply need a bit of code to run periodically.

Process Excel files with OIC + Oracle Functions

In this blog post I will explore how we can extend the native capabilities of Oracle Integration (OIC) with Oracle Functions to process Excel files.

Although OIC can handle a number of file formats natively, .xlsx or .xls files need a bit of extra love.

The inspiration for this blog comes of the back of several customer enquiries into this subject.

The simple solution for most customers is to convert the Excel file formats to CSV and subsequently process them with OIC. I will use this approach here too but with a little bit of help from other OCI services such as Oracle Functions, an API Gateway and Object Storage.

A video of this demo is available here.

C# Serverless on OCI

I had a meeting the other day with an Oracle Partner and the discussion was about serverless solutions and Oracle Functions was introduced. And the natural question to ask was, “What is your preferred language?”.

They answered, “Mostly PHP. We also use C#”.

I had to think a little. And navigating to the fnproject.io (the open-source project that Oracle Functions is based upon), it was clear that C# was supported. Here’s a quick tour through that experience.

fnproject.io supported languages – golang, Java, javascript, python, ruby and C#.

A couple of quick points:

I didn’t need to install ASP.Net anywhere.
I’m not bound by Windows as the host operating system.

And if ASP.Net is your language of choice, you can also check out Deploy highly available ASP.Net applications on Oracle Cloud Infrastructure in the Oracle Architecture Center (here).

OCI Arcade Now Has A CRM

As each project comes along, there’s something new to add to the OCI Arcade. It started off with the game and Autonomous Database. And then grew into including Kafka, Docker Swarm, Serverless with the FN Project, Terraform, OAuth, Ansible, In-Memory Data Grid with Coherence-CE and more recently with Arm. This time round we’ve adding in a Customer Relationship Management (CRM) solution. Why? Up to now, users has been a simple identifier to denote the scores and the events in the game. Nothing more; nothing less. By adding in a CRM into the mix, we’ve opening up the understanding about our contacts and customers providing a richer experience for those coming to the arcade. And ultimately, from a space where we are build, experiment and try something out – adding user profiles opens up endless possibilities. Check out the rest of this about how it’s changed and some of the things we needed to do to make this happen.

Get OCI Arcade Free on Arm

There’s been numerous announcements about Oracle Cloud Infrastructure (OCI) adding Arm-based Compute to the list of Virtual Machine (VM) Shapes. Check some of the announcements (here) and (here).

You can also watch it (here) too with Clay Magouyrk, Executive Vice President, Oracle Cloud Infrastructure. Note: The link above has more content and videos.

Have you seen the OCI Arcade? We have built the architecture deployable on OCI Always Free Tier.

Recently in the OCI Always Free Tier, an additional services has been added to include 4 cores and 24 GB of RAM of Ampere A1 Compute. With this additional capacity, it made sense for OCI Arcade to be ported to this A1 Compute Shape. Here is what we did and why.

Welcome To The OCI Arcade

Each of us will read this from our own perspective. Equally diverse are the outcomes and the actions that you might want to take away from this. So, I ask you: Be open. Find the opportunity. And execute.

This is something that we’ve built for the purposes of an infrastructure demonstration of Oracle Cloud Infrastructure (OCI). The code is available in an open public github repository and we’ve written articles on specific capabilities. We are open to collaborate in building more scenarios which allows this demonstration to scale.

We welcome you to the OCI Arcade

#WorldInnovationDay Tech Showcase

April 16-19 saw people from across the world come together to focus on three Sustainable Development Goals (SDGs) at the #WorldInnovationDay Hackathon. This blog highlights the technologies used to help accelerate the team’s execution. If you want to read more about the event itself – check out this previous blog (here).

Over the course of the weekend, Oracle Cloud tenancies with $500 USD credits were provided to each participant to use. It was not mandated that they use Oracle Cloud nor was it given to participants automatically. It was encouraging to see people open to explore and learn with Oracle Cloud. I want to thank the Oracle mentors supported the participants ensuring that whilst the teams explored, they could confidently execute and deliver. Here are the common requests from teams and the cloud services that they used over the weekend.