We are currently working on LGTM deployment, where the deployment activity involves certificate installation on the target hosts.
The deployment was successful in the Development environment. However, for Production and TE2 environments, the deployment did not proceed directly as it went for approval. To avoid approval dependency, the required hosts were whitelisted under reference number: .
Even after whitelisting the hosts, the deployment still went for approval. We have now scheduled a call with the CREDS team to understand what additional configuration or mapping is required.
As per the available FAQ, the technical account may also need to be mapped in ISAAC for the deployment to proceed without approval. We need support to confirm the complete requirement and identify what is currently missing, so that future LGTM deployments to Production and TE2 can proceed without manual approval for this account.
Request:
Please help review the current setup and confirm:
Whether the host whitelisting has been correctly applied.
Whether the technical account needs to be mapped in ISAAC.
Any additional approval bypass configuration required for Production and TE2.
What changes are needed so that LGTM certificate deployment can proceed without approval for this account. :::
A shorter title could be:
LGTM deployment going for approval despite host whitelisting
Here is a clean 2–3 line release summary for each item:
:::writing{variant="document" id="73924"} 1. Policy to disable HA for lower environments — Audit Mode
Introduced an audit-mode policy to identify HA-enabled instances across AMR, Redis, Cosmos DB, and DocumentDB in dev/test environments. This will help review unnecessary HA usage in lower environments and support future cost-optimization actions.
2. Azure Cosmos — ICC Evidence Document Update
Updated the Azure Cosmos ICC evidence documentation with the latest required evidence triggered by MERs. This ensures the relevant compliance artefacts remain current and aligned with ICC requirements.
3. Cosmos — Prod Database Refresh Script
Developed a script to copy required metadata from production to lower environments. This helps provide a more production-like setup in non-prod, improving testing reliability and validation quality.
4. Azure Cosmos vCore & AMR — Migration to Python / AKS Analysis
Completed analysis to support role assignment for Azure Cosmos vCore and Azure Managed Redis using a Python-based application approach. This is a step towards enabling Azure Function-based execution and reducing dependency on ADO pipelines.
5. Automation Solution for Pipeline Failure — Analysis
Performed analysis for improving the solution design around pipeline failure detection. The objective is to reduce false positives and improve identification of actual pipeline failures.
6. Agent Pool Fix — Invoke Pyfunc Pipeline
Worked on the agent pool fix required for the Invoke Pyfunc pipeline execution. This helps improve pipeline stability and ensures smoother automation runs. :::
We have one hour blocked, but if we are able to cover previous action items, today’s feedback, and agree on next actions earlier, we can close early.”
Thanks, lets now move to this iteration’s retro and capture fresh inputs on what went well, what did not go well, and what we can improve.”
----
Hi Team, thanks for joining. We’ll use this retro to quickly review the previous action items, then capture inputs for this iteration — what went well, what did not go well, and what we can improve. We don’t need to use the full hour if we finish early.
Before we start fresh inputs, let’s quickly revisit the takeaways from the previous retro and check whether we saw any improvement.”
Then close
Thanks, I’ll carry forward only the items that still need action. Let’s now move to this iteration’s retro inputs.”
Then for 10mins
Ending
Thanks everyone for the inputs. I’ll summarize the key points and action items after the call. We’ll review progress on these in the next retro.”
“We have covered the main points and actions, so we can give some time back. Thanks everyone.”
Hi Team,
This request has been assigned to DBA for running a query on application tables.
Could you please confirm if the expectation is really for DBA to execute this? As per usual controls, DBAs should not run application-level queries using privileged access on application-owned tables.
It looks like this may have been assigned to DBA a bit too quickly, so checking before we proceed.
Please confirm the application owner and the approved account/process to run this query.
Regards,
Nikhil
Title: Standard ID Remediation for Oracle LGTM Onboarding in Lower Environments
As a DBA / SRE working on Oracle LGTM onboarding,
I want to identify and remediate Standard ID related issues on lower environment Oracle hosts,
So that SRVAPD account deployment can complete successfully and LGTM onboarding can continue without repeated failures.
As part of the LGTM onboarding activity, we are currently working on Oracle databases. After completing a few batches, we started seeing failures during the deployment of the SRVAPD account.
Initial investigation showed that the failures were not related to the LGTM onboarding flow itself, but were caused by underlying Standard ID issues on several lower environment servers.
The following issues were observed across different hosts:
Based on the investigation, we decided to segregate the issues by category, identify the ones with major weightage, and start remediation for the most common and high-impact cases first.
Hello Friends! I am aliena part time blogger from Bihar. I am a student and I manage my study as well as my blog. I am 14 years old and I want to help those people who really want to do something on internet.
Copyright © 201. Metro UI Theme. Designed by: Templateism
