Manual Setup

This section describes the manual steps to set up Oracle Cloud Infrastructure for Java Management Service Fleets. You can skip this section if you've used the Onboarding Wizard. (The Onboarding Wizard automates these steps. For more information, see Set Up Using a Wizard.)

Review the prerequisites and the overview of the steps.

Prerequisites:

Overview

  1. Sign in to Oracle Cloud Infrastructure.
  2. Create a compartment for your JMS Fleets resources.
  3. Create a user group and one or more user accounts for your JMS users.
  4. Create a dynamic group of all management agents and compute instances, and create policies to access and manage JMS fleets.

Steps

  1. Sign in to the Oracle Cloud Console as an administrator using the credentials provided by Oracle, as described in Signing into the Console.
    For more information, see Using the Console.
  2. Create a compartment with name such as Fleet_Compartment for your JMS resources.
    When you sign up for OCI, Oracle creates your tenancy with a root compartment that holds all your cloud resources. You can set up a dedicated compartment for your Java Management project and create fleets.
    Note

    It's recommended that you use a single compartment for all your fleets. See Working with Compartments for more information.
    For more information, see Setting Up Your Tenancy and Managing Compartments.
  3. Create a user group with name such as FLEET_MANAGERS and add user accounts for those responsible for managing Fleets in JMS.
    Note

    See JMS Fleets Policy Statements and Permissions Required for Each API to understand the permissions and privileges that will be granted to each user within this group.
  4. Create a dynamic group with name such as JMS_DYNAMIC_GROUP for management agents communication.

    Add Rule 1 to grant Management Agents permission to communicate with Oracle Cloud Infrastructure service endpoints. This is required to monitor both on-premise and OCI instances:

    ALL {resource.type='managementagent', resource.compartment.id='<fleet_compartment_ocid>'}
    Note

    Replace <fleet_compartment_ocid> with the OCID of the compartment that you created in Step 2.

    (Optional) If you intend to monitor OCI Linux instances using JMS Fleets, add Rule 2 to allow Oracle Cloud Agent to work with JMS Fleets:

    ANY {instance.compartment.id = '<instance_compartment_ocid>'}
    Note

    1. Replace <instance_compartment_OCID> with the OCID of the compartment that contains the OCI Linux instances that you want to monitor with JMS Fleets.
    2. You need to apply these rules for each compartment that has OCI Linux instances that you want to monitor with JMS Fleets separately.
  5. Create a policy with name such as JMS_Policy in the root compartment with the following policy statements:
    ALLOW GROUP FLEET_MANAGERS TO MANAGE fleet IN COMPARTMENT Fleet_Compartment
    ALLOW GROUP FLEET_MANAGERS TO MANAGE management-agents IN COMPARTMENT Fleet_Compartment
    ALLOW GROUP FLEET_MANAGERS TO READ METRICS IN COMPARTMENT Fleet_Compartment
    ALLOW GROUP FLEET_MANAGERS TO MANAGE instance-family IN COMPARTMENT <instance_compartment>
    ALLOW GROUP FLEET_MANAGERS TO READ instance-agent-plugins IN COMPARTMENT <instance_compartment>
    ALLOW GROUP FLEET_MANAGERS TO MANAGE management-agent-install-keys IN COMPARTMENT Fleet_Compartment
    ALLOW GROUP FLEET_MANAGERS TO MANAGE log-groups IN COMPARTMENT Fleet_Compartment
    ALLOW GROUP FLEET_MANAGERS TO MANAGE log-content IN COMPARTMENT Fleet_Compartment
    ALLOW GROUP FLEET_MANAGERS TO MANAGE jms-plugins IN COMPARTMENT Fleet_Compartment
    
    ALLOW DYNAMIC-GROUP JMS_DYNAMIC_GROUP TO USE METRICS IN COMPARTMENT Fleet_Compartment
    ALLOW DYNAMIC-GROUP JMS_DYNAMIC_GROUP TO MANAGE management-agents IN COMPARTMENT Fleet_Compartment 
    ALLOW DYNAMIC-GROUP JMS_DYNAMIC_GROUP TO MANAGE log-content IN COMPARTMENT Fleet_Compartment
    ALLOW DYNAMIC-GROUP JMS_DYNAMIC_GROUP TO MANAGE instances IN COMPARTMENT <instance_compartment>
    ALLOW DYNAMIC-GROUP JMS_DYNAMIC_GROUP TO MANAGE metrics IN COMPARTMENT Fleet_Compartment WHERE target.metrics.namespace='java_management_service'
    ALLOW DYNAMIC-GROUP JMS_DYNAMIC_GROUP TO MANAGE jms-plugins IN COMPARTMENT Fleet_Compartment
    ALLOW DYNAMIC-GROUP JMS_DYNAMIC_GROUP TO USE METRICS IN COMPARTMENT <instance_compartment>
    
    ALLOW resource jms SERVER-COMPONENTS TO MANAGE metrics IN COMPARTMENT Fleet_Compartment WHERE target.metrics.namespace='java_management_service' 
    ALLOW resource jms SERVER-COMPONENTS TO USE management-agent-install-keys IN COMPARTMENT Fleet_Compartment
    ALLOW resource jms SERVER-COMPONENTS TO MANAGE log-groups IN COMPARTMENT Fleet_Compartment
    ALLOW resource jms SERVER-COMPONENTS TO MANAGE log-content IN COMPARTMENT Fleet_Compartment
    ALLOW resource jms SERVER-COMPONENTS TO READ instances IN COMPARTMENT <instance_compartment>
    ALLOW resource jms SERVER-COMPONENTS TO INSPECT instance-agent-plugins IN COMPARTMENT <instance_compartment>
    Note

    1. Replace <instance_compartment> with the name of the compartment that contains the OCI Linux instances that you want to monitor with JMS Fleets.
    2. Policy statements for <instance_compartment> need to be applied for each compartment that has OCI Linux instances that you want to monitor with JMS Fleets separately.
    3. To carry out advanced features you also need the policies outlined in Enabling Advanced Features

    See JMS Fleets Policy Statements for the description of these policy statements.