Administration Tasks for Management Agents on Compute Instances

Disable Management Agents on Compute Instances

When using a compute instance, you can use the Oracle Cloud Agent capabilities to disable the Management Agent plugin.

Management Agent can be disabled by using the OCI Console or Compute APIs.

Before you proceed, confirm you have performed the prerequisites tasks that are required as described in Perform Prerequisites for Deploying Management Agents on Compute Instances.

Management Agents can be disabled by using the OCI Console or Compute API.
Note

After successfully disabling the Management Agent plugin on a Compute Instance, the Management Agent process is shutdown immediately. This operation leaves the Java runtime (JRE) on the disk which may get flagged as a potential security risk in the future if/when new vulnerabilities are discovered against that version of the Java runtime. To address it, a manual cleanup of the software and state directories are needed. For details, see below:
  • Remove the following directories on disk as a user with elevated privileges:
    /var/lib/oracle-cloud-agent/plugins/oci-managementagent/polaris
    /var/lib/oracle-cloud-agent/plugins/oci-managementagent/download

    The above should only be done if you stopped using Management Agent and have no plans to resurrect the agent in the future. If you plan to use Management Agent in the future, then you should enable auto-upgrade or get the agent regularly upgraded manually.

Disable Management Agent Using the Console

To see if the Management Agent plugin is disabled for an instance:
  1. Open the navigation menu and click Compute. Under Compute, click Instances.
  2. Click the instance that you're interested in.
  3. Click the Oracle Cloud Agent tab.
  4. Toggle the Disabled switch for the Management Agent plugin.

Disable Management Agent Using Compute API

For information about using the API, see REST APIs.

For information about SDKs, see Software Development Kits and Command Line Interface.

Use these API operations to manage the Management Agent as an Oracle Cloud Agent plugin:
  • LaunchInstance - enables or disables plugins, or stops all plugins, when you create an instance.

  • UpdateInstance - enables or disables individual plugins, and stops or starts all plugins, for an existing instance.

The following is an extract from the Java Sample found in the LaunchInstance or UpdateInstance API operations which allows the user to enable Management Agent during Launch or Update of the compute instance respectively:

... 
    .agentConfig(LaunchInstanceAgentConfigDetails.builder()
			.isMonitoringDisabled(false)
			.isManagementDisabled(true)
			.areAllPluginsDisabled(false)
			.pluginsConfig(new ArrayList<>(Arrays.asList(InstanceAgentPluginConfigDetails.builder()
					.name("Management Agent")   
					.desiredState(InstanceAgentPluginConfigDetails.DesiredState.esiredState.Disabled).build()))).build())
...

Where .name("Management Agent") indicates it's for Management Agent plugin and .desiredState(InstanceAgentPluginConfigDetails.DesiredState.Disabled).build()))).build()) indicates to disable the Management Agent plugin.

Upgrade Management Agents on Compute Instances

There are two methods available for upgrading the Management Agents:

Manual Upgrade

Before upgrading the Management Agent when using Oracle Cloud Agent from a compute instance, you need to confirm the following:
  • The Management Agent is enabled from the Oracle Cloud Agent interface.
  • The required policies have already been set up properly to have Management Agent fully functional.
To upgrade the Management Agent, run the following command:
sudo -u oracle-cloud-agent /usr/libexec/oracle-cloud-agent/plugins/oci-managementagent/oci-managementagent -cli -upgrade-native-agent

Automatic Upgrade

Management Agents service supports automatic upgrade.

The enable auto upgrade feature is set at tenancy level: Users can enable auto upgrade for all management agents residing in their current tenancy.

Default Auto Upgrade Status: Disable.

Requirements:

  • Permission: The MGMT_AGENT_UPDATE permission at the tenancy root compartment is required to enable auto upgrade feature. Use the following policy syntax:

    ALLOW GROUP <group_name> TO USE management-agents IN TENANCY

    For information about Management Agent polices, see Details for Management Agent.

  • Minimum Management Agent Version: 211116.xxxx or higher.

Enable Auto Upgrade

You can enable auto upgrade using the Management Agents console.

  • On the Management Agents home page, click Downloads and Keys from the left menu.

    The Agent Auto Upgrade pane is displayed at the top of the page.

    Enable Auto Upgrade

  • On the Agent Auto Upgrade pane, click Enable Auto Upgrade.

    The Enable Auto Upgrade window is displayed.

  • On the Enable Auto Upgrade window, click OK to enable auto upgrade for all management agents in the current tenancy

Disable Auto Upgrade

You can disable auto upgrade using the Management Agents console.

  • On the Management Agents home page, click Downloads and Keys from the left menu.

    The Agent Auto Upgrade pane is displayed at the top of the page.

    Disable Auto Upgrade

  • On the Agent Auto Upgrade pane, click Disable Auto Upgrade.

    The Disable Auto Upgrade window is displayed.

  • On the Disable Auto Upgrade window, click OK to disable auto upgrade for all management agents in the current tenancy.

For a list of available CLI commands to enable and disable auto upgrade, see Oracle Cloud Infrastructure CLI Command Reference.

Management Agent Source Credentials on Compute Instances

When a Management Agent is running on a compute instance, it needs to collect data from different sources. In some cases, source credentials may be needed.

For information about how to manage source credentials, see Management Agent Source Credentials.

Review Management Agent Logs and Configuration Files on Compute Instances

The Management Agent is running as oracle-cloud-agent OS user once it's enabled.

The following directories contain files with information about the log and configuration of your environment:

Agent log directory:
/var/lib/oracle-cloud-agent/plugins/oci-managementagent/polaris/agent_inst/log
Agent configuration directory:
/var/lib/oracle-cloud-agent/plugins/oci-managementagent/polaris/agent_inst/config
Agent utilities directory:
/var/lib/oracle-cloud-agent/plugins/oci-managementagent/polaris/agent_inst/bin

Management Agent Audit Logs on Compute Instances

The Management Agent service supports logging by the Audit service which automatically records calls to all supported Oracle Cloud Infrastructure public application programming interface (API) endpoints as log events. For more information, see Management Agent Audit Logs.