Manual Setup

This section describes the manual steps to set up Oracle Cloud Infrastructure for JMS Fleets. You can skip this section if you've used the Onboarding Wizard. (The Onboarding Wizard automates these steps. For more information, see Set Up Using a Wizard.)

Review the prerequisites and the overview of the steps.

Prerequisites:

You've signed up for an account with Oracle Cloud Infrastructure and have received your sign-in credentials.
You've read Set Up Oracle Cloud Infrastructure for Management Agents.

Overview

Sign in to Oracle Cloud Infrastructure.
Create a compartment for your JMS Fleets resources.
Create a new tag namespace.
Create a new tag key.
Create a user group and one or more user accounts for your JMS users.
Create a dynamic group of all management agents.
Create policies to access and manage JMS fleets.

Steps

Sign in to the Oracle Cloud Console as an administrator using the credentials provided by Oracle, as described in Signing into the Console.
For more information, see Using the Console.
Create a compartment with name such as Fleet_Compartment for your JMS resources.
When you sign up for OCI, Oracle creates your tenancy with a root compartment that holds all your cloud resources. You can setup a dedicated compartment for your Java Management project and create fleets.
Note

It's recommended that you use a single compartment for all your fleets. See Working with Compartments for more information.

For more information, see Setting Up Your Tenancy and Managing Compartments.
Create tag namespace jms with description such as For OCI Java Management use only.
For more information, see Managing Tags and Tag Namespaces.
Create tag key definition with fleet_ocid tag key name and description such as Use to tag a management agent with JMS fleet membership in the jms tag namespace.
Create a user group with name such as FLEET_MANAGERS and add user accounts for those responsible for managing Fleets in JMS.

Note

See JMS Fleets Policy Statements and Permissions Required for Each API to understand the permissions and privileges that will be granted to each user within this group.
Create a dynamic group with name such as JMS_DYNAMIC_GROUP for management agents communication. Management agents must be explicitly granted permission to communicate with Oracle Cloud Infrastructure service endpoints.
Add Rule 1:
```
ALL {resource.type='managementagent', resource.compartment.id='<fleet_compartment_ocid>'}
```
Note

Replace <fleet_compartment_ocid> with the OCID of the compartment that you created in Step 2.
To monitor workloads in OCI, add Rule 2:
```
ANY {instance.compartment.id = '<instance_compartment_ocid>'}
```
Note
1. Replace <instance_compartment> with the name of the compartment that contains the OCI Linux instances that you want to monitor with JMS Fleets.
2. You need to apply these policies for each compartment that has OCI Linux instances that you want to monitor with JMS Fleets separately.

Create a policy with name such as JMS_Policy in the root compartment with the following statements:

ALLOW GROUP FLEET_MANAGERS TO MANAGE fleet IN COMPARTMENT Fleet_Compartment
ALLOW GROUP FLEET_MANAGERS TO MANAGE management-agents IN COMPARTMENT Fleet_Compartment
ALLOW GROUP FLEET_MANAGERS TO READ METRICS IN COMPARTMENT Fleet_Compartment
ALLOW GROUP FLEET_MANAGERS TO MANAGE tag-namespaces IN TENANCY
ALLOW GROUP FLEET_MANAGERS TO MANAGE instance-family IN COMPARTMENT <instance_compartment>
ALLOW GROUP FLEET_MANAGERS TO READ instance-agent-plugins IN COMPARTMENT <instance_compartment>
ALLOW resource jms server-components TO USE management-agent-install-keys IN COMPARTMENT Fleet_Compartment
ALLOW GROUP FLEET_MANAGERS TO MANAGE management-agent-install-keys IN COMPARTMENT Fleet_Compartment
ALLOW DYNAMIC-GROUP JMS_DYNAMIC_GROUP TO USE METRICS IN COMPARTMENT Fleet_Compartment
ALLOW DYNAMIC-GROUP JMS_DYNAMIC_GROUP TO MANAGE management-agents IN COMPARTMENT Fleet_Compartment 
ALLOW resource jms server-components TO MANAGE metrics IN COMPARTMENT Fleet_Compartment WHERE target.metrics.namespace='java_management_service' 
ALLOW DYNAMIC-GROUP JMS_DYNAMIC_GROUP TO USE tag-namespaces IN TENANCY
ALLOW resource jms server-components TO MANAGE log-groups IN COMPARTMENT Fleet_Compartment
ALLOW resource jms server-components TO MANAGE log-content IN COMPARTMENT Fleet_Compartment
ALLOW DYNAMIC-GROUP JMS_DYNAMIC_GROUP TO MANAGE log-content IN COMPARTMENT Fleet_Compartment
ALLOW GROUP FLEET_MANAGERS TO MANAGE log-groups IN COMPARTMENT Fleet_Compartment
ALLOW GROUP FLEET_MANAGERS TO MANAGE log-content IN COMPARTMENT Fleet_Compartment
ALLOW dynamic-group JMS_DYNAMIC_GROUP TO MANAGE instances IN COMPARTMENT <instance_compartment>

Note

Replace <instance_compartment> with the name of the compartment that contains the OCI Linux instances that you want to monitor with JMS Fleets.
You need to apply these policies for each compartment that has OCI Linux instances that you want to monitor with JMS Fleets separately.

See JMS Fleets Policy Statements for the description of these policy statements.

Oracle Cloud Infrastructure Documentation