Understanding Groups

Groups provide a way to manage and monitor a collection of instances in OS Management Hub. You can use groups to apply errata, update software, and schedule jobs for common content management tasks.

Creating a group involves selecting the OS (and software sources for Oracle Linux) and then adding instances to the group. The group's instances must have the same OS vendor, OS version, architecture, and location (either OCI or on-premises or third-party cloud). Groups standardize content so that all members of the group have a consistent release and patch level. In large-scale deployments, groups help automate content management tasks.

For groups, you can schedule jobs for common content management tasks, such as scheduling recurring update jobs to apply security vulnerability patches and bug fixes. You can schedule jobs to run immediately or for a future date and time. After scheduling jobs, you can then monitor the status of pending and completed jobs. See Listing Jobs Associated with a Group.

For additional visibility and reporting status, the service provides reports for groups where you can view information about the members of a group within a compartment. Reports help you detect anomalies in the group, such as group members whose updates failed or that haven't communicated with the service. See Viewing Reports for a Group.

What happens when an instance joins the group?

The instance inherits the group's scheduled jobs. For Oracle Linux instances, the service:

  • Replaces the instance's software sources with the software sources listed in the group manifest.
  • Installs the latest available versions of the packages in the group manifest from the software sources in the group.
  • Installs the modules and profiles in the group manifest from the software sources in the group.

For Oracle Linux instances, the service does not:

  • Remove any existing packages or modules. This means the instance will contain packages and modules not listed on the group manifest.

What happens when an instance leaves the group?

No changes are made to the OS content on the instance. The software on the instance remains as it was when the instance left the group. The instance is no longer managed as part of the group and won't be included in any recurring group jobs. Consider creating recurring update jobs for the instance to ensure it receives regular security and other updates.

Group Manifest (Oracle Linux only)

You define the set of packages and modules to install to a group of Oracle Linux instances using the group manifest. The group manifest lists the software sources, and the minimum required packages and modules for a group. Any changes you make to the group manifest are reflected on the current members of the group. For example, if you add a package to the group, that package is added to all instances in the group.

Note

To ensure content consistency across group members, schedule regular update jobs to ensure members are updated to the latest versions of content.
Why does the group manifest differ from what's on the instance?

The group manifest doesn't list a complete package and module inventory for group members, nor does it enforce complete content alignment across the group. It specifies the minimum level of packages and modules to install on group members.

An individual instance will contain packages not listed on the group manifest. These include:

  • Packages installed before the instance joined the group.
  • Packages installed outside of the service (for example, by using dnf install).

There might be packages on the group manifest that aren't on the instance if:

  • Packages were removed from a group member outside of the service (for example, by using dnf remove).
What happens when the group manifest changes?

When the group manifest changes, the service applies those changes to all current members of the group. For example, removing a package from the manifest removes the package from all instances in the group.