Perform Prerequisites for Deploying Management Agents
Set Up Oracle Cloud Infrastructure for Management Agent Service
Before you can use the Management Agent service, you must ensure that your Oracle Cloud Infrastructure environment is setup correctly to allow the communication flow between all the components and cloud services.
-
There are important terminology and concepts to help you get started with Oracle Cloud Infrastructure. For information, see Oracle Cloud Infrastructure Getting Started.
Step 1: Create or designate the compartments to use
Management Agent is an Oracle Cloud Infrastructure resource with its own resource
type (management-agents) and a unique Oracle Cloud identifier
(ocid). It always belongs to a compartment where the management
agent will get installed and upload it's metrics. There is no restriction on the
number of compartments you can create.
You can select an existing compartment or create a new compartment. The compartment id and name is required when creating policies. For more information, see Managing Compartments from Oracle Cloud Infrastructure documentation.
Step 2: Create a user group
The Management Agent and the Agent install key are defined as resources in Oracle Cloud Infrastructure. They are two different resource types and you need to create policies that allow users to perform actions on both resources.
| Resource Type | Description |
|---|---|
| management-agents | Management Agent resource |
| management-agent-install-keys | Agent Install Key resource |
In this step you create a user group using the Identity and Access Management service from the OCI Console.
-
To access the Identity and Access Management service, open the navigation menu. Under Identity & Security, go to Identity.
-
Click Groups.
-
Click Create Group.
-
In the Create Group dialog box, enter a name for the group and a description, and then click Create.
For example, you create a group named
AGENT_ADMINS.
Step 3: Create policies for user group
Policies allow the user group to manage the Oracle Cloud Infrastructure
resources. For Management Agent, typically there are two resources: the management
agent (management-agents) and the agent install keys
(management-agent-install-keys).
Use Policy Builder to create policies
To create a policy you can use a template in Policy Builder. The policy templates are only available when you create a new policy. After you create the policy, you can use the policy editor to add, delete, or edit the policy statements.
To create a policy using the Policy Builder:
- In the Oracle Cloud console, click the navigation menu, go to Identity & Security, and then under Identity select Policies.
- Select Create Policy.
- Enter a name, description, and select a compartment for the policy.
- In the Policy Builder, from the Policy use cases menu, select Management Agent.
- Select one of the following template options from the Common policy templates menu:
7. Click Create.
For more information about the policy builder, see Writing Policy Statements with the Policy Builder.
For more information about customizing a policy using the policy editor, see Customizing Policies.
When writing policy statements, remember to chain-name compartments if
needed. For example, if your Agents_Compartment compartment belongs
to the business_unit_1 compartment, the correct compartment name to
use in the policy statement is
business_unit_1:Agents_Compartment.
Table 2-1 Policy Descriptions
| Policy Statement | Description |
|---|---|
ALLOW GROUP <group_name> TO
MANAGE management-agents IN COMPARTMENT
<compartment_name> |
Allows any user that belongs to the user group to
manage the management-agents resource in the
specific compartment.
|
ALLOW GROUP <group_name> TO
MANAGE management-agent-install-keys IN COMPARTMENT
<compartment_name> |
Allows any user that belongs to the user group to
manage the management-agent-install-keys resource
in the specific compartment.
|
ALLOW GROUP <group_name> TO
READ METRICS IN COMPARTMENT
<compartment_name> |
Allows any user that belongs to the user group to see metrics uploaded by management agents. |
ALLOW GROUP <group_name> TO
READ ALARMS IN COMPARTMENT
<compartment_name> |
Allows any user that belongs to the user group to see alarms uploaded by management agents. |
ALLOW GROUP <group-name> TO
READ USERS IN TENANCY |
(Optional). Allows any user that belongs to the user group to read user names in tenancy and display user names as opposed to user ids in the Downloads and Keys page from the user interface. |
Let users have manage access to Management Agents and the related install keys, metrics, alarms, and users.
The let users have manage access policy statement includes all the permissions for Management Agent, providing the ability to manage Management Agents, install keys, and view metrics, alarms, and users for Management Agents.
In the following example, the manage access policies apply to the
USER_GROUP and allow this user group to perform all manage and
read actions in Agents_Compartment compartment.
Allow group {group name} to manage management-agents in {location}
Allow group {group name} to manage management-agent-install-keys in {location}
Allow group {group name} to read metrics in {location}
Allow group {group name} to read alarms in {location}
Allow group {group name} to read users in tenancyLet users have read access to Management Agents and the related install keys, metrics, alarms, and users.
The let users have read-only access policy statement includes the read-only permissions for Management Agent, providing the ability to view the Management Agents, install keys, and the metrics, alarms, and users for Management Agents.
In the following example, the read-only access policies apply to the
USER_GROUP and allow this user group to perform all read-only
actions in Agents_Compartment compartment.
Allow group {group name} to read management-agents in {location}
Allow group {group name} to read management-agent-install-keys in {location}
Allow group {group name} to read metrics in {location}
Allow group {group name} to read alarms in {location}
Allow group {group name} to read users in tenancyGeneric Prerequisites for Deploying Management Agents
Before deploying Management Agents in your hosts, ensure that the following prerequisites are met:
Oracle Cloud Infrastructure Requirements
-
You need to be familiar with Oracle Cloud Infrastructure terminology and concepts like regions, tenancy, compartments and policies. Also, you need to have privileges to create policies and groups.
Before proceeding, you must confirm that you already set up your Oracle Cloud Infrastructure environment correctly as described in Set Up Oracle Cloud Infrastructure for Management Agent Service.
Supported Operating Systems
Table 2-2 Supported Operating Systems
| Operating System | Version |
|---|---|
|
AIX (Only PPC 64-bit architecture) |
AIX 7.3 It's only supported when using OpenJDK8 for AIX. |
|
CentOS |
7 (64 bit), 8 (64 bit) |
|
macOS Intel x64 and AArch64(ARM64) |
12 (Monterey), 13 (Ventura),14 (Sonoma)
It's only supported when using Java Management service. For details, see Java Management service, specifically the Installing a Management Agent section. |
|
Oracle Linux |
6 (64 bit), 7 (64 bit), 8 (64 bit), 9 (64bit) |
| Oracle Linux on AArch64(ARM64) | 7 (64 bit), 8 (64 bit), 9 (64bit) |
| Oracle Solaris | 11 |
|
Red Hat Enterprise Linux |
6 (64 bit), 7 (64 bit), 8 (64 bit), 9 (64bit) |
|
SUSE Linux Enterprise Server |
12 (64 bit), 15 (64 bit) |
| Ubuntu | 20.04 |
|
Windows Server |
2022 (64 bit), 2019 (64 bit), 2016 (64 bit), 2012 R2 (64 bit) |
|
Windows Desktop |
11 (64 bit), 10 (64 bit), 10 (32 bit) It's only supported when using Java Management service. For details, see Java Management service, specifically the Installing a Management Agent section. |
Operating System Requirements
-
Minimum disk requirement: 300 Mb of free disk space.
-
The memory usage is based on the service plug-in being deployed. Refer to the service plug-in documentation for details about the minimum memory requirement.
-
A user with
sudoprivileges responsible for installing the Management Agent software on the host or virtual host. -
Java Development Kit (JDK)orJava Runtime Environment (JRE)must be installed on your host prior to installing the Management Agent software.Management Agent requires JDK8 only. Ensure you have downloaded and installed the latest version of
JDK8orJRE8(version 1.8u281 or higher) before starting the Management Agent software installation process.For details about JDK and JRE download and installation instructions, see Java Downloads.
For information about JDK and JRE upgrade, see Using Java with Management Agent.
- For AIX environments, Management Agent installation is supported only using OpenJDK8 for AIX.
IBM JDK is not supported.
Network Prerequisites
-
Management Agents communicate with Oracle Cloud Infrastructure using the Management Agent service. If your network setup has a firewall, ensure you allow HTTPS communication from the host on which the agent is to be deployed to allow outbound communication.
Oracle Cloud Infrastructure is hosted in regions. Regions are grouped into realms. Your tenancy exists in a single realm and can access all regions that belong to that realm. You cannot access regions that are not in your realm. Currently, Oracle Cloud Infrastructure has multiple realms. There is one commercial realm. There are multiple realms for Government Cloud. For more information about regions and realms, see Regions and Availability Domains.
If the Management Agent service and the management agent are deployed in the Oracle Cloud Infrastructure commercial realm
OC1, you need to make sure your host has access to*.oraclecloud.com.You can use any available network connectivity tool to verify connectivity with the data center.
For information about the IP address ranges for services that are deployed in Oracle Cloud Infrastructure, see IP Address Ranges.
The following example table lists the ports that need to be open for communication.Direction Port Protocol Reason Proxy server to external
443
HTTPS
Communication with Oracle Cloud Infrastructure services.