sqlserveronlinux
23 TopicsSQL Server Containers and SQL Server on Linux Now Available on Windows via WSL!
We're kicking off 2025 with exciting news! We are thrilled to announce that developers can now easily get started with SQL Server container images and SQL Server on Linux installations directly on their Windows machines using Windows Subsystem for Linux (WSL). This new capability is designed to streamline your development process, making it more efficient and versatile. Why Use SQL Server on WSL? With WSL, you can run a Linux environment directly on Windows without the overhead of a traditional virtual machine. This means you can now develop and test your SQL Server applications in a Linux environment, right from your Windows desktop. Here are some key benefits: Seamless Integration: Easily switch between Windows and Linux environments. Development Focused: Ideal for development and testing purposes. Giving Developers access to the power of both Windows and Linux at the same time on a Windows machine. For detailed instructions on installation and getting started with WSL, please refer Install WSL | Microsoft Learn. Important Note: This setup is intended for development and testing purposes only and is not supported for production environments. There are two ways to get started with SQL Server on WSL: Install SQL Server as a systemd service: This allows you to manage it using systemctl commands. Deploy SQL Server containers in WSL: You can also deploy SQL Server containers, with the option for persistent storage if needed. For more information, please refer to the tutorial on WSL 2: Install SQL Server on Windows Subsystem for Linux - SQL Server on Microsoft Learn. Getting Started Install WSL: If you haven't already, install WSL on your Windows machine. You can follow the official Microsoft documentation for a step-by-step guide. Choose your Linux distribution: We recommend running SQL Server in WSL environments on one of the Supported platforms as documented, for the version of SQL Server you intend to run. Set Up SQL Server Containers: Pull the latest SQL Server container images from the Docker Hub and set them up in your WSL environment. (and/or) Install SQL Server on Linux: Alternatively, you can install SQL Server directly on your Linux distribution within WSL. Thanks, Andrew Carter (lead), Eric Julien from the Engineering team, Rafid Lafta from CSS and Randolph West for the Technical documentation.1.2KViews6likes2CommentsSecure SQL Server on RHEL with SELinux
SQL Server 2022 marked a significant milestone by enabling you to run SQL Server on RHEL 9 as a confined application. Our commitment to prioritizing security mechanisms ensures that enforcing security policies on Linux systems is more straightforward than ever. In this blog post, we'll explore how you can effectively integrate SQL Server deployments with SELinux and provide you with valuable resources. For detailed information, please visit our official documentation: Get Started With SQL Server on SELinux - SQL Server | Microsoft Learn. What is SELinux (Security-Enhanced Linux)? SELinux is a robust security architecture for Linux systems that defines access controls for applications, processes, and files. It provides Mandatory Access Control (MAC) through security policies, which are sets of rules that dictate what can or cannot be accessed. This gives administrators greater control over who can access the system. For details, I recommend the following articles: What is SELinux (Security-Enhanced Linux). SELinux Architecture as seen in Red Hat Systems SQL Server and SELinux To enforce SELinux-based security policies for SQL Server 2022 and higher versions, you need to install the supported mssql-server-selinux package as documented here, which includes customized SELinux-specific rules that enable you to run SQL Server as a confined application. Here are the prerequisites: Ensure SELinux is enabled and in enforcing mode on the RHEL system. You can check this using the command sestatus, and the output should look like this: For further information on enabling SELinux please follow the official documentation Changing SELinux states and modes | Red Hat Product Documentation. Install the mssql-server-selinux package, which installs SQL Server and enables the custom SELinux policy that confines the SQL Server processes. It resets the selinuxuser_execmod Boolean, and the SQL Server service is configured to the mssql_server_t domain (type). To learn more about the different types defined in the 'mssql-server-selinux' package for SQL Server and how you can customize the data path or log path for SQL Server when running as a confined application, please refer to the official documentation: Get Started With SQL Server on SELinux - SQL Server | Microsoft Learn. Thanks, Andrew Carter (Lead), Pierre-Louis Caron-Auger and Eric Julien from the Engineering team and our partners from Red Hat Engineering.281Views0likes0CommentsAnnouncing the Availability of adutil for RHEL 9 and Ubuntu 22.04 !
We’re thrilled to share that adutil, the Active Directory Utility for SQL Server, is now officially supported on RHEL 9 and Ubuntu 22.04. If you’ve been waiting for this, your patience has paid off! Let’s dive into the details. What Is adutil? adutil is a powerful tool that simplifies Active Directory integration with SQL Server on Linux-based deployments. It enables seamless authentication, user management, and keytab configuration. Whether you’re running SQL Server on RHEL 9 or Ubuntu 22.04, you can now harness the full capabilities of adutil. Getting Started Join Your Host Machine to the Domain: Before diving into adutil, ensure that your host machine is part of the domain. Follow the steps outlined in our article: Join SQL Server on Linux to Active Directory - SQL Server | Microsoft Learn. Installing adutil on RHEL 9: Execute the following commands to add the RHEL 9 Prod repository and install adutil: sudo curl -o /etc/yum.repos.d/msprod.repo https://packages.microsoft.com/config/rhel/9/prod.repo ## Now you are ready to install adutil using the command: sudo ACCEPT_EULA=Y yum install -y adutil ## you can check the adutil version using the command and ensure the version is 1.1.138 adutil --version Installing adutil on Ubuntu 22.04: Follow these steps to add the repository and install adutil: ## add the repo and required package signature curl https://packages.microsoft.com/keys/microsoft.asc | sudo tee /etc/apt/trusted.gpg.d/microsoft.asc curl https://packages.microsoft.com/config/ubuntu/22.04/prod.list | sudo tee /etc/apt/sources.list.d/msprod.list ## now update the repo and install adutil sudo apt-get update sudo ACCEPT_EULA=Y apt-get install -y adutil Explore adutil’s Features Account Creation: Easily create and manage user accounts tied to Active Directory. Keytab Configuration: Set up keytabs for secure authentication. User Management: Handle user permissions and access. For detailed guidance, refer to our comprehensive article: Introduction to adutil - Active Directory Utility - SQL Server | Microsoft Learn. Updated on 22nd November 2024: Streamlining User Account Security with Adutil: AES 128/256-bit Encryption Now Supported With the release of Adutil version 1.1.143 and later, you can now easily create and modify user accounts to enable or disable AES 128/256-bit encryptions for kerberos. This update, available starting from version 1.1.143, includes built-in support for Kerberos AES 128-bit and AES 256-bit encryption by default. A few samples to help you get started. ## You can see the -D parameter to diable the AES 128/256 encryption for the account, by default when you use the adutil create command it creates with these options set for the account $ adutil user create --help create - Creates a new AD user account Usage: create [name] Positional Variables: name Name of the user account to create Flags: --version Displays the program version string. -h --help Displays help with available flag, subcommand, and positional value parameters. -n --name Name of the user account to create --distname Distinguished name of the account -o --ouname Organizational Unit of the account (takes precedence over distinguished name) --upn OPTIONAL: User principal name for the created account --desc OPTIONAL: Description for the account being created --password OPTIONAL: Password for the user being created -D --disableaessupport OPTIONAL: Disable AES 128 and 256 support -d --debug Display additional debugging information when making LDAP/Kerberos calls. --accept-eula Accepts the current EULA for adutil. This has no effect if the EULA has already been accepted. If --ouname and --distname are omitted, the value set by `adutil config set ou` will be used ## Similarly you see the -E and -D command to enable and disable the AES account options respectively when using the adutil user modify command: $ adutil user modify --help modify - Modify an existing AD user account Usage: modify [name] Positional Variables: name Name of the user account to modify Flags: --version Displays the program version string. -h --help Displays help with available flag, subcommand, and positional value parameters. -n --name Name of the user account to modify --distname Distinguished name of the account -o --ouname Organizational Unit of the account (takes precedence over distinguished name) -E --enableaessupport OPTIONAL: Enable AES 128 and 256 support -D --disableaessupport OPTIONAL: Disable AES 128 and 256 support -d --debug Display additional debugging information when making LDAP/Kerberos calls. --accept-eula Accepts the current EULA for adutil. This has no effect if the EULA has already been accepted. If --ouname and --distname are omitted, the value set by `adutil config set ou` will be used ## When you use the adutil user create command as shown below the user is created with the AES 128/256 encryptions set for the account $adutil user create --name testuser --distname CN=testuser,CN=Users,DC=CONTOSO,DC=COM ## If you intend to create a user without this properties set then use the -D option as shown below $adutil user create --name AESdisableduser --distname CN=AESdisableduser ,CN=Users,DC=CONTOSO,DC=COM -D ## if you wish to modify the kerberos AES encryption for an account here is a sample for the same: $ adutil user modify --name testuser --distname CN=testuser,CN=Users,DC=CONTOSO,DC=COM -D Successfully disabled AES encryption for ('testuser', 'CONTOSO.COM') ## you could also enable the kerberos AES encryption for an account as shown below: $ adutil user modify --name aesdisableduser --distname CN=aesdisableduser,CN=Users,DC=CONTOSO,DC=COM -E Successfully enabled AES encryption for ('aesdisableduser', 'CONTOSO.COM') You can now use Adutil to modify existing user accounts to enable or disable these encryption options. This new feature eliminates the need for manually enabling these settings in Active Directory, as detailed in step #2 of this document Fun Fact: Ansible and adutil Did you know that Ansible can simplify your SQL Server deployment? The Ansible-based SQL Server collection leverages adutil behind the scenes to enable AD authentication for SQL Server on Linux. Explore more in the Red Hat Hybrid Cloud Console documentation: Automation Hub - microsoft.sql | Ansible Automation Platform (redhat.com) and our official documentation: Quickstart: Deploy SQL Server on Linux using an Ansible playbook - SQL Server | Microsoft Learn Get ready to enhance your SQL Server experience with adutil on RHEL 9 and Ubuntu 22.04! Thanks, Engineering Lead: Vaibhao Tatte Engineering Team: Dwaipayan Barman, Parameswara Reddy Bodeddula1.8KViews2likes0CommentsSQL Server 2022 for RHEL 9 and Ubuntu 22.04 is now Generally Available (GA)
We are happy to announce that Starting CU 10 release for SQL Server 2022 , SQL Server 2022 on RHEL 9 and Ubuntu 22.04 is now generally available (GA), meaning you can run production workload on SQL Server 2022 deployed on Red Hat Enterprise Linux (RHEL) 9 and Ubuntu 22.04. For SQL Server 2022 on RHEL 9, the SELinux integration that enables you to run SQL Server 2022 on RHEL 9 as confined application is also now generally available. If you've had the preview packages installed previously, we recommend that you please uninstall the preview bits and upgrade to SQL Server 2022 GA packages available at the following repos, for steps on how to update repos refer the Configure repositories for installing and upgrading SQL Server on Linux - SQL Server | Microsoft Learn documentation. For RHEL 9 use the repo: https://packages.microsoft.com/config/rhel/9/ For Ubuntu 22.04 use the repo: https://packages.microsoft.com/config/ubuntu/22.04/ For further details on getting started with the installation of SQL Server 2022 on RHEL 9 refer: RHEL: Install SQL Server on Linux - SQL Server | Microsoft Learn & for SQL Server on Ubuntu 22.04 refer: Ubuntu: Install SQL Server on Linux - SQL Server | Microsoft Learn SQL Server 2022 container images on RHEL 9 & Ubuntu 22.04 also generally available: SQL Server 2022 on RHEL 9 and Ubuntu 22.04 are also available as container images and generally available (GA). It is easy for you to get started. Like always, you can use both podman and/or docker tool. To pull and run the production ready SQL Server 2022 images on RHEL 9 use the tag: 2022-CU10-rhel-9.1 #Pull the image podman pull mcr.microsoft.com/mssql/rhel/server:2022-CU10-rhel-9.1 #Run a container using the above image podman run -e 'ACCEPT_EULA=Y' -e 'MSSQL_SA_PASSWORD=<YourP@ssword>' -e 'MSSQL_PID=Developer' -h sql22rhel9 --name sql22rhel9 -p 1433:1433 -d mcr.microsoft.com/mssql/rhel/server:2022-CU10-rhel-9.1 To pull and run the production ready SQL Server 2022 images on Ubuntu 22.04 use the tag: 2022-CU10-ubuntu-22.04 #Pull the image docker pull mcr.microsoft.com/mssql/server:2022-CU10-ubuntu-22.04 #Run a container use the above image docker run -e 'ACCEPT_EULA=Y' -e 'MSSQL_SA_PASSWORD=<YourP@ssword>' -e 'MSSQL_PID=Developer' -h sql22ubu2204 --name sql22ubu2204 -p 1433:1433 -d mcr.microsoft.com/mssql/server:2022-CU10-ubuntu-22.047.1KViews3likes6CommentsUnlock power of data in Azure- With SQL Server on Linux Azure VMs and Azure AI search
In a world awash with data, the challenge lies in our ability to comprehend and engage with it seamlessly. My colleague Muazma has shed light on this topic in her insightful blog: “Chat with your data in Azure SQL Database,”. Inspired by her work, I pondered the possibility of applying similar principles to SQL Server on Linux VMs hosted on Azure. This blog is a result of that contemplation and here are the steps that we cover in this blog: We’ll begin by setting up a Linux-based Virtual Machine on Azure and proceed to install SQL Server on it. Next, we’ll implement TLS 1.2 encryption to secure connections to SQL Server, utilizing certbot for certificate creation with Let’s Encrypt serving as the certificate authority. We’ll then import Kaggle’s dataset into SQL Server using the Import Flat File wizard. Following that, we’ll create the Azure AI search and associated indexes, with the Azure SQL Server on Linux VM as the data source. Lastly, we’ll utilize Azure OpenAI studio to interact with the data. To follow my lead, all you need is an Azure Subscription and an account set up to gain access to Azure OpenAI Studio. Step 1: Create the Azure SQL Server on Linux based VM: Let’s start by setting up a Linux-based VM on Azure. For this demonstration, I’ll be configuring an Ubuntu 22.04 VM. Below is the script to first create a resource group, followed by the creation of a VM named SQLLinux22 running Ubuntu 22.04. # let's create the resource group using the command: az group create --name myrgdemo --location centralindia #lets create VM using Ubuntu image, I am using this image: 0001-com-ubuntu-minimal-jammy az vm create --resource-group myrgdemo --name sqllinux22 --size "Standard_B4ms" --location "central india" --image "Canonical:0001-com-ubuntu-minimal-jammy:minimal-22_04-lts:22.04.202405131" --admin-username "amvin" --admin-password "MY$trongPass123*#" --authentication-type all --generate-ssh-keys Once the VM is set up, proceed to install SQL Server by following the guidelines provided in the official Microsoft documentation. Step 2: Enable TLS 1.2 Encryption on SQL Server on Linux, to secure SQL Server connections: Following the installation of SQL Server, it’s time to move on to step 2: enabling TLS 1.2 encryption to secure connections to SQL Server. But first, you need to set up a DNS name for the VM you’ve created, as it’s necessary for generating the certificate. You can configure the DNS name via the Azure portal. Once it’s set up, it will appear as shown. Remember to also enable port 80 in the VM’s Network Settings, which is required by Certbot for certificate creation. With that completed, it’s now time to install Certbot and generate the necessary certificate. Log into the VM using your preferred SSH client and execute the following commands. These will install Certbot and then create the certificate using the DNS name you have set up. amvin@sqllinux22:~$ sudo snap install --classic certbot 2024-05-16T21:11:23Z INFO Waiting for automatic snapd restart... certbot 2.10.0 from Certbot Project (certbot-eff✓) installed ## After the installation go ahead and create the certificate and private key file. amvin@sqllinux22:~$ sudo certbot certonly --standalone --key-type rsa --preferred-challenges http -d sqllinux22.centralindia.cloudapp.azure.com Saving debug log to /var/log/letsencrypt/letsencrypt.log Enter email address (used for urgent renewal and security notices) (Enter 'c' to cancel): xxxxxxxxxxx - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Please read the Terms of Service at https://letsencrypt.org/documents/LE-SA-v1.4-April-3-2024.pdf. You must agree in order to register with the ACME server. Do you agree? - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (Y)es/(N)o: Y - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Would you be willing, once your first certificate is successfully issued, to share your email address with the Electronic Frontier Foundation, a founding partner of the Let's Encrypt project and the non-profit organization that develops Certbot? We'd like to send you email about our work encrypting the web, EFF news, campaigns, and ways to support digital freedom. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (Y)es/(N)o: Y Account registered. Requesting a certificate for sqllinux22.centralindia.cloudapp.azure.com Successfully received certificate. Certificate is saved at: /etc/letsencrypt/live/sqllinux22.centralindia.cloudapp.azure.com/fullchain.pem Key is saved at: /etc/letsencrypt/live/sqllinux22.centralindia.cloudapp.azure.com/privkey.pem This certificate expires on 2024-08-14. These files will be updated when the certificate renews. Certbot has set up a scheduled task to automatically renew this certificate in the background. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - If you like Certbot, please consider supporting our work by: * Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate * Donating to EFF: https://eff.org/donate-le - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ## With this we have now created the required files as shown below: root@sqllinux22:/etc/letsencrypt/live/sqllinux22.centralindia.cloudapp.azure.com# ll total 28 drwxr-xr-x 2 root root 4096 May 16 21:13 ./ drwx------ 3 root root 4096 May 16 21:13 ../ -rw-r--r-- 1 root root 692 May 16 21:13 README lrwxrwxrwx 1 root root 66 May 16 21:13 cert.pem -> ../../archive/sqllinux22.centralindia.cloudapp.azure.com/cert1.pem lrwxrwxrwx 1 root root 67 May 16 21:13 chain.pem -> ../../archive/sqllinux22.centralindia.cloudapp.azure.com/chain1.pem lrwxrwxrwx 1 root root 71 May 16 21:13 fullchain.pem -> ../../archive/sqllinux22.centralindia.cloudapp.azure.com/fullchain1.pem lrwxrwxrwx 1 root root 69 May 16 21:13 privkey.pem -> ../../archive/sqllinux22.centralindia.cloudapp.azure.com/privkey1.pem Move the certificate and necessary files to the “/var/opt/mssql/secrets” directory for SQL Server’s use and to enable TLS 1.2 encryption as demonstrated below. After enabling TLS 1.2 encryption, please restart SQL Server. # copy the cert and key to the secrets folder as shown below, we are converting the key # from .pem format to .key using the openssl option. sudo cp /etc/letsencrypt/live/sqllinux22.centralindia.cloudapp.azure.com/fullchain.pem /var/opt/mssql/secrets/fullchain.pem sudo openssl rsa -in /etc/letsencrypt/live/sqllinux22.centralindia.cloudapp.azure.com/privkey.pem -out /var/opt/mssql/secrets/privkey.key # Enable TLS 1.2 as shown below using the mssql-conf for SQL Server sudo /opt/mssql/bin/mssql-conf set network.tlscert /var/opt/mssql/secrets/fullchain.pem sudo /opt/mssql/bin/mssql-conf set network.tlskey /var/opt/mssql/secrets/privkey.key sudo /opt/mssql/bin/mssql-conf set network.tlsprotocols 1.2 sudo /opt/mssql/bin/mssql-conf set network.forceencryption 0 # Restart SQL Server and confirm that TLS 1.2 is enabled as seen in the errorlog: amvin@sqllinux22:~$ sudo systemctl restart mssql-server # Now, lets read the errorlog, to confirm the certificate is loaded root@sqllinux22:~# cat /var/opt/mssql/log/errorlog | grep "Allowed TLS" 2024-05-16 21:23:16.78 Server Successfully initialized the TLS configuration. Allowed TLS protocol versions are ['1.2']. Allowed TLS ciphers are ['ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:!DHE-RSA-AES256-GCM-SHA384:!DHE-RSA-AES128-GCM-SHA256:!DHE-RSA-AES256-SHA:!DHE-RSA-AES128-SHA']. Step 3: Load the dataset into SQL Server using the Import Flat file Wizard: Now that we’ve reached the third step, it’s time to load the dataset into SQL Server on the Linux Azure VM. I connected to the SQL Server Azure VM using SQL Server Management Studio (SSMS) on my Windows machine and downloaded the dataset locally. Next, I utilized the SSMS import flat file wizard to transfer the data from the file to SQL Server on the Azure VM. Once the dataset is loaded into the table, the data is displayed as follows. Step 4: Create the Azure AI search service, Index and import data from SQL Server: With data loaded, let's log in to the Azure Portal, search for AI search -> click on create and create the search service as shown below: once, the search service is created, we need to link it to the Azure SQL Server VM to import the data into the search. During the import process, it’s crucial to ensure that you map the correct data type. In this instance, I chose the string data type for all columns during the import. Additionally, take note of the essential facets of the columns that I have enabled as shown below. After the index is created and the data is imported, it should appear as follows, and you can also execute a sample query to confirm that you can retrieve data as illustrated below: Step 5: Use Azure OpenAI Studio to chat with your data: That's it, we are now in the final stage where using Azure OpenAI studio I can create a "Chat playground AI model", configure the DataSource to the Azure AI search, index that I created above, and you are now ready to chat with your data as shown below. Try asking scenario and context-based questions like "What products to buy for a kid's birthday?", "Suggest items to buy for decor of a room". Hope you enjoyed reading this! Happy Friday!2.7KViews1like1CommentEnabling Azure Key Vault for SQL Server on Linux
Enhancing Security with EKM using Azure Key Vault in SQL Server on Linux: We’re excited to announce that Extensible Key Management (EKM) using Azure Key Vault in SQL Server on Linux is now generally available from SQL Server 2022 CU12 onwards, which allows you to manage encryption keys outside of SQL Server using Azure Key Vaults. In this blog post, we’ll explore how to leverage Azure Key Vault as an EKM provider for SQL Server on Linux. Azure Key Vault: The Bridge to Enhanced Security is a cloud-based service that securely stores keys, secrets, and certificates. By integrating Azure Key Vault with SQL Server, you can benefit from its scalability, high performance, and high availability. Refer Set up Transparent Data Encryption (TDE) Extensible Key Management with Azure Key Vault - SQL Server | Microsoft Learn for more details. Setting Up EKM with Azure Key Vault Here’s a streamlined version of the setup process for EKM with Azure Key Vault on SQL Server for Linux: Initialize a Microsoft Entra service principal. Establish an Azure Key Vault. Set up SQL Server for EKM and register the SQL Server Connector. Finalize SQL Server configuration. The full guide for setting up AKV with SQL Server on Linux is available here Set up Transparent Data Encryption (TDE) Extensible Key Management with Azure Key Vault - SQL Server | Microsoft Learn . For SQL on Linux, omit steps 3 and 4 and proceed directly to step 5. I’ve included screenshots below for your quick reference that covers the SQL Server configuration to use AKV. Run the below commands to enable EKM in SQL Server and register the SQL Server Connector as EKM provider. Please note: SQL Server requires manual rotation of the TDE certificate or asymmetric key, as it doesn’t rotate them automatically. Regular key rotation is essential for maintaining security and effective key management. Conclusion Using Azure Key Vault for EKM with SQL Server on Linux boosts security, streamlines key management, and supports compliance. With data protection being paramount, Azure Key Vault’s integration offers a robust solution. Stay tuned for more insights on SQL Server on Linux! :old_key:️:locked: Official Documentation: Extensible Key Management using Azure Key Vault - SQL Server Setup Steps for Extensible Key Management Using the Azure Key Vault Azure Key Vault Integration for SQL Server on Azure VMs3.7KViews1like0CommentsHPE SGLX - The new Azure VM extension for SQL Server on Linux
Overview Mission critical SQL Server instances have the need to utilize high availability and disaster recovery features to ensure business continuity. SQL Server on Linux supports HPE Serviceguard as one of the supported clustering solutions. To know more, please refer to HPE Serviceguard for Linux. We have an official documentation that provides detailed steps on how you can configure SQL Server Always On availability groups with HPE Serviceguard for Linux. The purpose of this blog is to inform you about the HPE Serviceguard Extension available in Azure marketplace. This extension allows users to easily create Azure linux-based VMs with SQL Server and HPE Serviceguard pre-installed. As a result, customers can quickly configure SQL Server high availability (HA) solutions. The Serviceguard - Azure VM marketplace extension is available in all Azure regions for use. Let's get started! Create an Azure virtual machine using Azure portal: Log in to Azure portal – portal.azure.com Create Resource group in Azure under the subscription or choose existing resource group of choice. Choose SQL Server on Linux based marketplace image (RHEL or SUSE) and configure the VM on the basis of disks, virtual network, etc. On the Advanced tab of VM creation, click on “Select an extension to install.” Search for HPE Serviceguard for Linux Click on load more and select the extension. Under ‘Select Serviceguard Add-on to install’ , Select Microsoft SQL server on Linux if it’s non-quorum server node machine and select ‘Centralized Serviceguard Management and Arbitration’ if you need Serviceguard quorum server and SGMGR+ (UI) to be configured,. Enter Serviceguard administrative user “sgmgr” password and confirm the same. Proceed to create the VM upon entering the SGLX extension details. After you have configured the other two VMs using the steps as outlined above, you can follow this documentation starting from "Create HPE Service guard cluster" section to configure SQL Server Always On availability groups for SQL Server on Linux3.8KViews1like0CommentsAlways on Availability Groups for SQL Server containers on Kubernetes - The DH2i's DxOperator way!!
Update as on 12 Feb 2024: The DH2i Operator is released on 6th Feb 2024, and generally available as per the latest blog from our Partner DH2i, I recommend you read this for further information: DxOperator for SQL Server Availability Group - DH2I. Recently, I had the privilege of presenting with OJ Ngo from DH2i, our partners who offer the cluster stack for SQL Server on Windows, Linux and containers, at PASS Data Community Summit 2023. In this session, we revealed the private preview of the DxOperator!! - A simple and effective option to deploy SQL Server containers with availability groups configured in high availability mode, with DxEnterprise cluster stack, all deployed on Kubernetes platform. Prerequisites A Kubernetes cluster to deploy SQL Server instances. For this demo, I am using Azure Kubernetes Service (AKS) cluster. A client machine to run the kubectl commands and manage the object creation and administration on the Kubernetes cluster, today I am going to use a windows machine and here are the instructions to setup kubectl to connect and manage AKS cluster. On the same client machine, I also have the SSMS (SQL Server Management Studio) or Azure Data Studio (ADS) installed to connect to SQL Server instances and view availability groups. What does this operator do? This operator allows you to complete all the following tasks in 5 commands and less than 5 minutes!! Deploy three or more SQL Server instances on a Kubernetes cluster with specific mssql-config parameters. Configure and install DxEnterprise cluster. Create and configure an empty SQL Server Always On availability group (AG) and join all the three or more SQL Server instances to this AG. You don’t believe me! Well do it with me to believe it. Do you have 5 minutes now? Yes, then setup the pre-requisites and let's get rolling: Step1: Create the configmap object on the Kubernetes cluster that has the SQL Server specific mssql-conf settings defined. Here is a sample script: # Create a file called mssqlconfig.yaml, with your specific mssql-conf settings added to it: apiVersion: v1 kind: ConfigMap metadata: name: mssql-config data: mssql.conf: | [EULA] accepteula = Y [network] tcpport = 1433 [sqlagent] enabled = true # Now run the command to create the object: kubectl apply -f "D:\operator\mssqlconfig.yaml" Step 2: Now, create a secret object to store the sa account password and another secret to store dxe passkey and license key, as shown below: # Create the secret to store the sa password for SQL Server. kubectl create secret generic mssql --from-literal=MSSQL_SA_PASSWORD= "MyP@SSw0rd1!" # Create the secret to store the license key for DH2i. You can get the developer license from -> https://dh2i.com/trial/. Replace the XXXX-XXXX-XXXX-XXXX with your License Key. kubectl create secret generic dxe --from-literal=DX_PASSKEY="MyP@SSw0rd1!" --from-literal=DX_LICENSE=XXXX-XXXX-XXXX-XXXX Step 3: Install the private preview operator using the following commands: # download the operator yaml from and save as v1beta2.yaml: dxoperator.dh2i.com/dxe/files/v1beta2.yaml # Now install the operator using the command: kubectl apply -f ”D:\operator\v1beta2.yaml” Step 4: Finally, provide the SQL Server and AG details like the name, limits and then watch the deployment happen: # create a file called crd_v1.yaml ( you can name it as you like) and copy the content as is, if you want to deploy 3 containers with the instance name contoso-sql-0, contoso-sql-1 and contoso-sql2 and configure AG between the three instances apiVersion: dh2i.com/v1beta2 kind: DxEnterpriseSqlAg metadata: name: contoso-sql spec: synchronousReplicas: 3 asynchronousReplicas: 0 # ConfigurationOnlyReplicas are only allowed with availabilityGroupClusterType set to EXTERNAL configurationOnlyReplicas: 0 availabilityGroupName: CONTOSOAG # For a contained availability group, add the option CONTAINED availabilityGroupOptions: null # Valid options are EXTERNAL (automatic failover) and NONE (no automatic failover) availabilityGroupClusterType: EXTERNAL createLoadBalancers: true template: spec: dxEnterpriseContainer: image: "docker.io/dh2i/dxe:beta" imagePullPolicy: Always acceptEula: true clusterSecret: dxe vhostName: VHOST1 joinExistingCluster: false # QoS – guaranteed (uncomment to apply) resources: limits: memory: 1Gi cpu: '1' # Configuration options for the required persistent volume claim forDxEnterprise volumeClaimConfiguration: storageClassName: null resources: requests: storage: 1Gi mssqlServerContainer: image: "mcr.microsoft.com/mssql/server:latest" imagePullPolicy: Always mssqlSecret: mssql acceptEula: true mssqlPID: Developer mssqlConfigMap: mssql-config # QoS – guaranteed (uncomment to apply) resources: limits: memory: 2Gi cpu: '2' # Configuration options for the required persistent volume claim for SQL Server volumeClaimConfiguration: storageClassName: null resources: requests: storage: 2Gi # Now deploy the custom resource using the command: kubectl apply -f "D:\operator\crd_v1.yaml" That’s it, now relax you’ve worked hard, wait for a few minutes, see the deployment happen, when it completes you see this: Step 5: Connect to your SQL Server primary instance to run the below T-SQL command to add a database “test” to your AG “CONTOSOAG” #T-SQL Command on the primary, create a database and back up the same to add it to the AG. create database test go backup database test to disk = '/var/opt/mssql/data/test.bak' #Add the newly created database to the availability group "CONTOSOAG" ALTER AVAILABILITY GROUP [CONTOSOAG] ADD DATABASE [test]; Once this step is completed view the cluster using AG dashboard as shown below: This is you regular AG deployed on Kubernetes with SQL Server containers based on your requirement!! Let us know what you think and how was your experience?5.5KViews2likes2Comments