Set Up Oracle Cloud
Infrastructure for Management Agent Service 🔗
Before you can use the Management Agent service, you must ensure that your
Oracle Cloud Infrastructure environment is setup correctly to allow the communication flow
between all the components and cloud services.
This section explains the steps only relevant to setting up and working with
Management Agent service in Oracle Cloud Infrastructure (OCI). Follow these steps to
setup your Oracle Cloud Infrastructure environment:
Step 1: Create or designate the
compartments to use
Management Agent is an Oracle Cloud Infrastructure resource with its own resource
type (management-agents) and a unique Oracle Cloud identifier
(ocid). It always belongs to a compartment where the management
agent will get installed and upload it's metrics. There is no restriction on the
number of compartments you can create.
You can select an existing compartment or create a new compartment. The compartment
id and name is required when creating policies. For more information, see Managing Compartments from
Oracle Cloud Infrastructure documentation.
Step 2: Create a user
group
The Management Agent and the Agent install key
are defined as resources in Oracle Cloud Infrastructure. They are two different
resource types and you need to create policies that allow users to perform actions
on both resources.
Resource Type
Description
management-agents
Management Agent resource
management-agent-install-keys
Agent Install Key resource
For better user management, Oracle recommends creating policies that apply to a
specific group as opposed to individual users. Any user that belongs to a specific group
automatically inherits the policies and permissions of that specific group.
In this step you create a user group using the Identity and Access
Management service from the OCI Console.
To access the Identity and Access Management service, open
the navigation menu. Under Identity &
Security, go to Identity.
Click Groups.
Click Create Group.
In the Create Group dialog box, enter
a name for the group and a description, and then click
Create.
For example, you create a group named
AGENT_ADMINS.
Step 3: Create policies for
user group
Policies allow the user group to manage the Oracle Cloud Infrastructure
resources. For Management Agent, typically there are two resources: the management
agent (management-agents) and the agent install keys
(management-agent-install-keys).
Use Policy Builder to create policies
To create a policy you can use a template in Policy Builder. The policy
templates are only available when you create a new policy. After you create the
policy, you can use the policy editor to add, delete, or edit the policy
statements.
To create a policy using the Policy Builder:
In the Oracle Cloud console, click the navigation menu,
go to Identity & Security, and then under Identity select
Policies.
Select Create Policy.
Enter a name, description, and select a compartment for the
policy.
In the Policy Builder, from the Policy use cases menu,
select Management Agent.
Select one of the following template options from the Common
policy templates menu:
For more information about customizing a policy using the policy editor,
see Customizing Policies.
When writing policy statements, remember to chain-name compartments if
needed. For example, if your Agents_Compartment compartment belongs
to the business_unit_1 compartment, the correct compartment name to
use in the policy statement is
business_unit_1:Agents_Compartment.
Table 2-1 Policy Descriptions
Policy Statement
Description
ALLOW GROUP <group_name> TO
MANAGE management-agents IN COMPARTMENT
<compartment_name>
Allows any user that belongs to the user group to
manage the management-agents resource in the
specific compartment.
ALLOW GROUP <group_name> TO
MANAGE management-agent-install-keys IN COMPARTMENT
<compartment_name>
Allows any user that belongs to the user group to
manage the management-agent-install-keys resource
in the specific compartment.
ALLOW GROUP <group_name> TO
READ METRICS IN COMPARTMENT
<compartment_name>
Allows any user that belongs to the user group to
see metrics uploaded by management agents.
ALLOW GROUP <group_name> TO
READ ALARMS IN COMPARTMENT
<compartment_name>
Allows any user that belongs to the user group to
see alarms uploaded by management agents.
ALLOW GROUP <group-name> TO
READ USERS IN TENANCY
(Optional). Allows any user that belongs to the user
group to read user names in tenancy and display user names as
opposed to user ids in the Downloads and Keys
page from the user interface.
Let users have manage access to
Management Agents and the related install keys, metrics, alarms, and
users.
The let users have manage access policy statement includes all the
permissions for Management Agent, providing the ability to manage Management Agents,
install keys, and view metrics, alarms, and users for Management Agents.
In the following example, the manage access policies apply to the
USER_GROUP and allow this user group to perform all manage and
read actions in Agents_Compartment compartment.
Allow group {group name} to manage management-agents in {location}
Allow group {group name} to manage management-agent-install-keys in {location}
Allow group {group name} to read metrics in {location}
Allow group {group name} to read alarms in {location}
Allow group {group name} to read users in tenancy
Let users have read access to
Management Agents and the related install keys, metrics, alarms, and
users.
The let users have read-only access policy statement includes the
read-only permissions for Management Agent, providing the ability to view the
Management Agents, install keys, and the metrics, alarms, and users for Management
Agents.
In the following example, the read-only access policies apply to the
USER_GROUP and allow this user group to perform all read-only
actions in Agents_Compartment compartment.
Allow group {group name} to read management-agents in {location}
Allow group {group name} to read management-agent-install-keys in {location}
Allow group {group name} to read metrics in {location}
Allow group {group name} to read alarms in {location}
Allow group {group name} to read users in tenancy
You need to be familiar with Oracle Cloud Infrastructure
terminology and concepts like regions, tenancy, compartments and policies.
Also, you need to have privileges to create policies and groups.
Minimum disk requirement: 300 Mb of free disk space.
The memory usage is based on the service plug-in being deployed. Refer to the service plug-in documentation for details about the minimum memory requirement.
A user with sudo privileges responsible for installing the
Management Agent software on the host or virtual host.
Java Development Kit (JDK) or Java Runtime Environment
(JRE) must be installed on your host prior to installing the
Management Agent software.
Management Agent requires JDK8 only. Ensure you have downloaded and installed the
latest version of JDK8 or JRE8 (version
1.8u281 or higher) before starting the Management Agent software
installation process.
For details about JDK and JRE download and installation
instructions, see Java Downloads.
For AIX environments, Management Agent installation is supported only using OpenJDK8 for AIX.
IBM JDK is not supported.
Network Prerequisites
Management Agents communicate with Oracle Cloud Infrastructure using the Management
Agent service. If your network setup has a firewall, ensure you allow HTTPS
communication from the host on which the agent is to be deployed to allow
outbound communication.
Oracle Cloud Infrastructure is hosted in regions. Regions are grouped into realms. Your tenancy exists in a single realm and can access all regions that belong to that realm. You cannot access regions that are not in your realm. Currently, Oracle Cloud Infrastructure has multiple realms. There is one commercial realm. There are multiple realms for Government Cloud. For more information about regions and realms, see Regions and Availability Domains.
If the Management Agent service and the management agent are deployed in the Oracle Cloud Infrastructure commercial realm OC1, you need to make sure your host has access to *.oraclecloud.com.
You can use any available network connectivity tool to verify connectivity with the data center.
For information about the IP address ranges for services that are deployed in Oracle Cloud Infrastructure, see IP Address Ranges.
The following example table lists the ports that need to be open for communication.
Direction
Port
Protocol
Reason
Proxy server to external
443
HTTPS
Communication with Oracle Cloud Infrastructure services.