Oracle Cloud Infrastructure Documentation

Setting Up Oracle Cloud Infrastructure for Java Management Service

To find out where JMS is available, refer to the table in OCI Data Regions. From the list of data regions that provide your services, select the region closest to your Oracle Cloud users. JMS is a region specific service. See Regions and Domain Availability to learn more about Oracle Cloud Infrastructure regions.

Before you can use Java Management Service, you must ensure that your Oracle Cloud Infrastructure environment is set up correctly to allow the communication flow between all required components and cloud services.

You can setup the Oracle Cloud Infrastructure for Java Management Service either using:

Set Up Using a Wizard

To enable you to swiftly get going with JMS, the Onboarding Wizard creates and checks required policies, tags, and other configurations, while the Log Configuration Wizard covers missing log configurations. This section describes how to use the Onboarding Wizard and Log Configuration Wizard.

Note

The Onboarding Wizard sets up JMS using the standard OCI resources. To customize the OCI resources being created, follow the Manual Setup.
Prerequisites:
  • You've signed up for an account with Oracle Cloud Infrastructure and have received your sign-in credentials.
  • You've logged in to the Oracle Cloud Infrastructure Console and selected Java Management from the navigation menu.

Using the Onboarding Wizard

  1. Click Inspect Prerequisites.
  2. Click Allow to automate the creation of prerequisite OCI resources, such as permissions and polices.

    You'll be presented with an error message if JMS isn't successful and JMS will roll back any changes.

  3. Optional steps:
    1. Click Details to view the OCI resources that JMS will create on your behalf.
    2. Expand Policy Details to view a detailed description of the OCI resources that JMS will attempt to create on your behalf.
      Note

      The policies are created in the root compartment.
    3. Click Set up JMS to automate the creation of the OCI resources described.

      You'll be presented with a list of errors and their causes if JMS doesn't successfully create the policies on your behalf. JMS will roll back any changes.

Using the Log Configuration Wizard

  1. The Log Configuration wizard is presented by JMS if at least one fleet in a compartment has missing log configurations. Click Enable log configuration to automate log configuration for all fleets with missing log configurations.

    You'll be presented with an error message if JMS isn't successful and JMS will roll back any changes.

  2. Optional steps:
    1. Click View Details to view the fleets that have missing log configuration.
    2. Use the checkbox to define the scope of the operation.
    3. Click Enable log configuration to automate the creation of log configuration for all selected fleets. You'll be presented with a list of errors and their causes if JMS isn't successful. JMS will roll back any changes.
Note

To see the changes, you'll need to refresh the page or log off and then log on again.

Manual Setup

This section describes the manual steps to set up Oracle Cloud Infrastructure for Java Management Service. You can skip this section if you've used the Onboarding Wizard. (The Onboarding Wizard automates these steps. For more information, see Set Up Using a Wizard.)

Review the prerequisites and the overview of the steps.

Prerequisites:

Overview

  1. Sign in to Oracle Cloud Infrastructure.
  2. Create a compartment for your JMS resources.
  3. Create a new tag namespace.
  4. Create a new tag key.
  5. Create a user group for your JMS users.
  6. Create one or more user accounts for your JMS users.
  7. Create policies for your user group to access and manage JMS fleets, management agents, metrics, and tag namespaces.
  8. Create policies for your management agent install keys.
  9. Create a dynamic group of all management agents.
  10. Create policies for management agent communication.
  11. Create policies for log configuration
  12. Create policies to perform Advanced Features operations.

Steps

  1. Sign in to the Oracle Cloud Console as an administrator using the credentials provided by Oracle, as described in Signing into the Console.
    For more information, see Using the Console.
  2. Create a compartment for your JMS resources.
    When you sign up for OCI, Oracle creates your tenancy with a root compartment that holds all your cloud resources. You can setup a dedicated compartment for your Java Management project and create fleets.
    Note

    Its recommended that you use a single compartment for all your fleets. See Working with Compartments for more information.
    1. In the Oracle Cloud Console, open the navigation menu and click Identity & Security. Under Identity, click Compartments.
    2. Click Create Compartment.
    3. In the Create Compartment dialog box, enter a name for the compartment (for example, Fleet_Compartment), and a description. The compartment name is required when you create policies. (See Step 7.)
    4. Specify the parent compartment by selecting the root compartment for your tenancy from the drop-down list.
    5. Click Create Compartment.
    6. Find your new compartment in the table of compartments, then hover over the compartment's OCID. Click Copy to copy the OCID into the clipboard and then paste it into your favorite text editor. You'll require it in a later step.
    For more information, see Setting Up Your Tenancy and Managing Compartments.
  3. Create a new tag namespace.
    1. In the console navigation menu, click Governance & Administration. Under Governance, click Tag Namespaces.
    2. Click Create Tag Namespace.
    3. In the Create Tag Namespace dialog box, select the root compartment for your tenancy from the drop-down list.
    4. In the Namespace Definition Name field, enter the required name jms.
    5. In the Description field, enter a description, such as For OCI Java Management use only.
    6. Click Create Tag Namespace.
    For more information, see Managing Tags and Tag Namespaces.
  4. Create a new tag key definition in the new tag namespace.
    1. In the console navigation menu, under Governance, click Tag Namespaces.
    2. From the list of namespaces, click the name of your Namespace, jms.
    3. Click Create Tag Key Definition.
    4. In the Create Tag Key Definition dialog box, enter the required tag key name fleet_ocid and add a description, such as Use to tag a management agent with JMS fleet membership.
    5. Click Create Tag Key Definition.
  5. Create a user group.
    1. In the console navigation menu, click Identity & Security. Under Identity, click Groups.
    2. Click Create Group.
    3. In the Create Group dialog box, enter a name for the group (for example, FLEET_MANAGERS) and a description.
    4. Click Create.
    For more information, see Managing Groups.
  6. Create user accounts for each of your users by following these instructions, Adding Users.
    For more information, see Managing Users.
  7. Create policies for JMS fleets, management agents, metrics, and tag namespaces. A policy allows members of a user group to access and manage OCI resources and to monitor workloads.
    1. In console navigation menu, click Identity & Security. Under Identity, click Policies.
    2. Click Create Policy.
    3. In the Create Policy dialog box, enter a name for the policy (for example, JMS_Policy), and a description.
    4. Select the root compartment for your tenancy from the drop-down list.
    5. Click Show manual editor.
    6. In the text box, enter the following statements:
      ALLOW GROUP FLEET_MANAGERS TO MANAGE fleet IN COMPARTMENT Fleet_Compartment
ALLOW GROUP FLEET_MANAGERS TO MANAGE management-agents IN COMPARTMENT Fleet_Compartment
ALLOW GROUP FLEET_MANAGERS TO READ METRICS IN COMPARTMENT Fleet_Compartment
ALLOW GROUP FLEET_MANAGERS TO MANAGE tag-namespaces IN TENANCY

      Refer to Permissions Required for Each API Operation before assigning the roles.

    7. To monitor workloads on OCI using a JMS Plug-in, enter the following:
      ALLOW GROUP FLEET_MANAGERS TO MANAGE instance-family IN COMPARTMENT <Compartment_name>
ALLOW GROUP FLEET_MANAGERS TO READ instance-agent-plugins IN COMPARTMENT <Compartment_name>

      Where <Compartment_Name> is the compartment that contains the OCI instances you wish to monitor.

    8. Click Create.
    For more information, see Managing Policies.
  8. Create policies for the management agent install keys.
    1. Follow the instructions in Step 7 to access the manual editor.
    2. In the text box, enter the following statements:
      
ALLOW SERVICE javamanagementservice TO USE management-agent-install-keys IN COMPARTMENT Fleet_Compartment
ALLOW GROUP FLEET_MANAGERS TO MANAGE management-agent-install-keys IN COMPARTMENT Fleet_Compartment
  9. Create a dynamic group for management agents communication.
    To interact with the Oracle Cloud Infrastructure service endpoints, you must explicitly consent to let the management agents carry on the communication.
    1. In the console navigation menu, click Identity & Security. Under Identity, click Dynamic Groups.
    2. Click Create Dynamic Group.
    3. In the Create Dynamic Group dialog box, enter a name for the dynamic group (for example, JMS_DYNAMIC_GROUP), a description, and a matching rule to allow Management Agents to interact with the Oracle Cloud Infrastructure service end-points.
      For RULE 1, enter 
      ALL {resource.type='managementagent', resource.compartment.id='<fleet_compartment_ocid>'}
      Note

      Replace <fleet_compartment_ocid> with the OCID of the compartment that you created in Step 2. (You should have pasted it into a text editor.)

      To monitor workloads in OCI, permit the compute instances' management agents to register with the management agent cloud service of the compartment containing the OCI compute resources,

      For RULE 2, enter
      ANY {instance.compartment.id = '<fleet_compartment_ocid>'}
    4. Click Create.
    For more information, see Managing Dynamic Groups.
  10. Create policies for management agent communication.
    These policies enable the management agents to interact with JMS, allow JMS to store monitoring data in your tenancy, and use tag namespaces.
    1. Create a policy using the instructions in Step 7.
      Note

      You can also add the following statements to the policy created in Step 7, instead of creating a new one.

    2. Enter a name for the policy (for example, JMS_Agent_Policy), and a description.
    3. Select the root compartment for your tenancy from the drop-down list.
    4. Select the Manual Editor, and in the text box, enter the following statements:
      ALLOW DYNAMIC-GROUP JMS_DYNAMIC_GROUP TO USE METRICS IN COMPARTMENT Fleet_Compartment
ALLOW DYNAMIC-GROUP JMS_DYNAMIC_GROUP TO MANAGE management-agents IN COMPARTMENT Fleet_Compartment 
ALLOW SERVICE javamanagementservice TO MANAGE metrics IN COMPARTMENT Fleet_Compartment WHERE target.metrics.namespace='java_management_service' 
ALLOW DYNAMIC-GROUP JMS_DYNAMIC_GROUP TO USE tag-namespaces IN TENANCY
    5. Click Create.
  11. Create policies for log configuration. These policies allows JMS to interact with OCI Logging service for setting up Log Configuration for fleets in the compartment.
    1. Create a policy using the instructions in Step 7.
      Note

      You can also add the following statements to the policy created in Step 7, instead of creating a new one.

    2. Enter a name for the policy (for example, JMS_Logging_Policy), and a description.
    3. Select the root compartment for your tenancy from the drop-down list.
    4. Select the Manual Editor, and in the text box, enter the following statements:
      ALLOW SERVICE javamanagementservice TO MANAGE log-groups IN COMPARTMENT Fleet_Compartment
ALLOW SERVICE javamanagementservice TO MANAGE log-content IN COMPARTMENT Fleet_Compartment
ALLOW DYNAMIC-GROUP JMS_DYNAMIC_GROUP TO MANAGE log-content IN COMPARTMENT Fleet_Compartment
ALLOW GROUP FLEET_MANAGERS TO MANAGE log-groups IN COMPARTMENT Fleet_Compartment
ALLOW GROUP FLEET_MANAGERS TO MANAGE log-content IN COMPARTMENT Fleet_Compartment
    5. Click Create.
  12. Create policies to perform Advanced Features operations.
    1. Create a policy using the instructions in Step 7.
      Note

      You can also add the following statements to the policy created in Step 7, instead of creating a new one.

    2. Enter a name for the policy (for example, JMS_AdvancedFeatures_Policy), and a description.
    3. Select the root compartment for your tenancy from the drop-down list.
    4. Select the Manual Editor, and in the text box, enter the following statements:
      ALLOW SERVICE javamanagementservice TO READ instances IN tenancy
ALLOW SERVICE javamanagementservice TO INSPECT instance-agent-plugins IN tenancy
    5. Click Create.