Management Agents Administration Tasks

Management Agents Console Overview

The Management Agents console is the user interface for the OCI Management Agent service that allows you to view and administer Management Agents and Management Gateways.

You can perform basic and advanced operations depending on your needs. The overview page provides important information and links to the resources configured on the Management Agents service. Console also provides access to the Management Agents (agents) and Management Gateways (gateways) configured, and also dashboards to visualize relevant data in charts.

To open the Management Agents console:

Sign in to OCI and open the navigation menu from the OCI Console.
Under Observability & Management, click Management Agent.
Go to the left menu and select a compartment from the Compartment drop-down list.
The Management Agents console displays.

The Management Agents console displays a menu on the left with the following options:

Overview

The Overview page displays useful information about the Management Agent service and the Management Agents and Management Gateways installed.

You can select the Subcompartments check box, near the compartment selector drop-down to get an overview of the agent details across the selected compartment and it's child compartments.

The Overview page provides summary information about the Management Agents and Management Gateways in your environment and consists of the following charts:

Agents: Number of Management Agents installed.
Agent Availability: Management Agent availability status. The following are the statuses available:
- Active: The Management Agent service is communicating with the Management Agent.
- Silent: The Management Agent service is not communicating with the Management Agent. The communication with the agent was established after the agent installation, but something happened and there might be a communication problem between the Management Agent service and the agent.
- Not Available: The Management Agent installation process is running and the Management Agent service hasn't established communication with the agent yet.
Note

Starting December 9th 2024, any agent that remains in a silent state for 60 days will be deleted from the system.
Alarms: Management Agents and Gateways alarm details from OCI Monitoring service.

The subcompartments option is currently not supported for this chart.
For information about setting up alarms and notifications, see:
Agent Operating Systems: Operating system versions of the Management Agents installed.
Agent Versions: Management Agent versions.
Agent Service Plug-ins: Service plug-ins that have been deployed by the Management Agents.
Data Sent by Agents: Amount of data that is being sent to the service plug-ins by the Management Agents. The subcompartments option is currently not supported for this chart.
Gateways: Number of Management Gateways installed.
Gateway Availability: Management Gateways availability status.
Data Sent by Gateways: Amount of data that is being sent to the service plug-ins by the Management Gateways. The subcompartments option is currently not supported for this chart.

The following screenshot is an example of the Management Agents Overview page.

Overview page that shows information about the management agents installed.

Dashboards

You can use dashboards to visualize, explore, and analyze data in easy-to-interpret charts. For information, see Work with Dashboards.

Agents

The Agents page lists all the Management Agents (agents) and Management Gateways (gateways) installed in a selected compartment.

The Agents page has the following options:

Agents and Gateways

To select a compartment:

Go to the left pane. Under Scope, select the desired compartment from the Compartment drop-down list.
- Use the Include Subcompartments check box to list all the accessible agents in subcompartments.
  
  The default maximum number of agents and gateways listed is 1,000. To customize your selection, go to the left pane and use Filters.
  
  Policy requirement: Ensure you have the inspect management-agents permission at the selected compartment level to be able to list all the subcompartments from that compartment. For example: ALLOW GROUP <group_name> TO INSPECT management-agents IN TENANCY

The Agents and Gateways page displays a table listing all the Management Agents and Management Gateways installed.

The table consists of the following columns:

Name: Shows the Management Agent or Gateway name.
Host: Shows the host name where the Management Agent or Gateway is installed.
Availability: Shows the Management Agent or Gateway status.
Operating system: Shows the operating system of the host where the Management Agent or Gateway is installed.
Version: Shows the version of the installed Management Agent or Gateway.
Plug-ins: Shows the name of the service plug-in that has been deployed by the Management Agent.
Created: Shows the date when the Management Agent or Gateway was installed.
: Shows more actions available for a specific Management Agent or Gateway.

The following screenshot is an example of the Agents and Gateways list.

Agents and Gateways page that shows all management agents and management gateways installed.

You can click on a specific agent or gateway to open up the details page and quickly go and get more information.

Note

Ensure you have READ management-agents permission to be able to see the agent or gateway details.

Agents Details

The Agents Details page shows information about the selected agent.

Use Deploy plug-ins to deploy a plug-in on the selected agent.
Use Enable Agent Logs to enable Logging Analytics service to gather Management Agent log files for the selected agent. For information, see Enable Agent Logs.
Use Manage DataSources to view or edit properties and dimensions of the datasource type configured with the selected agent. For information, see Manage DataSources.
Use More actions to Add tags or Delete an agent.
The Agent Information tab shows detailed agent information. It displays the host name, compartment name, agent version, operating system, service plug-ins deployed on it, work requests, datasoruces and more.
- Service Plug-ins: Use the Service Plug-ins link to list all the service plug-ins deployed on this specific Management Agent. For more information, see Deploy Service Plug-ins.
- DataSources: Use the DataSources link to list all the datasources configured on this specific Management Agent. For more information, see Manage DataSources.

Agent details page that shows information about a management agent installed.

Gateway Details

The Gateway Details page shows detailed information about a gateway.

The Gateway Information tab shows detailed gateway information. It displays the host name, compartment name, gateway version, operating system, associated agents and more.

Associated Agents: Use the Associated Agents link to list all the Management Agents configured to use this specific Management Gateway. The Associated Agents pane displays the id, host, availability and operating systems information of the Management Agents.

Management Gateway details page that shows the information about a management gateway installed.

Agents with DataSource

The Agents with DataSource page displays a table listing all the agents with datasources configured.

The table consists of the following columns:

Name: Name of the agent.
DataSource type: Type of the datasource. For example: Prometheus.
DataSource: Total number of data sources associated with the agent.
Availability: Agent availability.
Created: Timestamp when the agent was created.

You can click on a specific agent to open up the details page and quickly go and get more information.

Downloads and Keys

The Downloads and Keys page displays information about the Management Agent download file and the Management Agent install keys created.

It consists of the Agent Software Download pane at the top and the Agent Install Keys pane at the bottom.

Agent Software Download

The Software Download pane has a table consisting of the following columns:

Download: Shows the Management Agent download file name.
Package type: Shows the package type: ZIP or RPM.
Version: Shows the Management Agent version installed.
Size (MB): Shows the Management Agent size.
SHA-256 Checksum: Shows the information to confirm file integrity.

The following screenshot is an example of the Software Download pane.

Software Download pane

Agent Install Keys

The Agent Install Keys pane has a Create Key button to create an Agent Install Key. It also displays a table consisting of the following columns:

Key Name: Shows the Management Agent install key name.
Compartment: Shows the compartment name where the Management Agent install key was created.
Created by: Shows information about the user who created the Management Agent install key.
Created: Shows the date of the Management Agent install key creation.
Days Remaining: Shows the number of days remaining until the Management Agent install key expires.
Agents Installations Remaining: Shows the number of installations remaining for each Management Agent install key.
Action Item Menu: It shows more actions available for an Agent Install Keys like, Copy Key to Clipboard, Download Key to File, and Delete Key.

Import Certificates for Management Agent

During the Management Agent installation process, you can import custom trusted certificates. Select the option for your environment.

Import Custom Trusted Certificates for a Standalone Management Agent

For a standalone Management Agent installation, you can follow these steps to import a custom trusted certificate.

Create a directory to store the additional trusted Root Certificate Authority (CA) certificates in the PEM format. In the following example, the tmp directory is an example. You can use any directory and confirm the Agent user has read access to every directory in the path for the certificates.
```
mkdir /tmp/crt
```
Next, enter the following command to copy all the custom trusted certificates in PEM format to the new directory created in the previous step.
```
cp *.pem /tmp/crt
```
Set permissions for the directory and it's contents to allow the standalone agent to access the certificates.
```
chmod 644 /tmp/crt
```
To add custom trusted certificates to the Management Agent during the installation or configuration, you need to specify the directory for the certificates in the input.rsp response file.
```
importTrustedCertsDirectory=/tmp/crt
```
Now, you can run the installation to import the certificates into the Management Agent.
After installation, you can use the following command and replace the following with values for your environment, to verify the trusted certificates successfully imported into the Agent's keystore. Replace the <CUSTOM_CERTIFICATE_FILE_NAME> with the custom certificate file name in your environment, for example: my-cert.pem
```
keytool -list -keystore /opt/oracle/mgmt_agent/agent_inst/config/security/comm/commwallet.jks -alias <CUSTOM_CERTIFICATE_FILE_NAME>
```
The commwallet.pem file is a custom certificate that's added to the Agent's trusted certificate store.

Import Custom Trusted Certificates for the Oracle Cloud Agent (OCA) Management Agent Plug-in on a Compute Instance

If you using the Oracle Cloud Agent (OCA) Management Agent plug-in on a compute instance, then you can follow these steps to install a custom trusted certificate during the installation process.

Use the following commands to create a trustedcerts directory to import the trusted certificates to this location: /var/lib/oracle-cloud-agent/plugins/oci-managementagent/. Confirm the oracle-cloud-agent user is an owner of the directory.
```
cd /var/lib/oracle-cloud-agent/plugins/oci-managementagent/
mkdir trustedcerts
chown oracle-cloud-agent:oracle-cloud-agent trustedcerts/
```
Copy all the custom trusted certificates in PEM format to the new directory created in the previous step.
```
cp *.pem /var/lib/oracle-cloud-agent/plugins/oci-managementagent/trustedcerts
```
Now, you can run the OCA Agent installation to import the certificates into the Management Agent.
After installation, you can use the following command to verify the trusted certificates successfully imported into the Agent's keystore. Replace the <CUSTOM_CERTIFICATE> with the custom certificate file name in your environment, for example: my-cert.pem
```
keytool -list -keystore /var/lib/oracle-cloud-agent/plugins/oci-managementagent/polaris/agent_inst/config/security/comm/commwallet.jks -alias <CUSTOM_CERTIFICATE>
```
The commwallet.pem file is a custom certificate that's added to the Agent's trusted certificate store.

Update Certificates for Management Agent

Update Custom Trusted Certificates for a Standalone Management Agent

Update Custom Trusted Certificates for the Oracle Cloud Agent (OCA) Management Agent Plug-in on a Compute Instance

Update Custom Trusted Certificates for a Standalone Management Agent

To update an existing certificate with a custom trusted certificate for a standalone Management Agent, you can use the following commands:

Create a new directory for the custom certificates. In the following example, the tmp directory is an example. You can use any directory and confirm the Agent user has read access to every directory in the path for the certificates.
```
mkdir /tmp/customcerts 
```
Copy all the custom certificates in the PEM format to this new staging directory.
```
 cp *.pem /tmp/customcerts
```
Set permissions for the staging directory and it's contents to allow the standalone agent to access the certificates.
```
 chmod 644 /tmp/customcerts
```
To update the existing certificates with the custom certificates use the following command, and replace the following with values for your environment:
- Replace the first argument is the path to the folder containing the custom certificates.
- Replace the second argument with the path for the agent_inst.
```
sudo -u 
mgmt_agent /opt/oracle/mgmt_agent/agent_inst/bin/update_trusted_certs.sh /tmp/customcerts /opt/oracle/mgmt_agent/agent_inst
```
To verify the update after executing the command, run the following command to check the configuration and confirm the existing certificates updated successfully with the custom certificates.
```
keytool -list -keystore /opt/oracle/mgmt_agent/agent_inst/config/security/comm/commwallet.jks -alias <CUSTOM_CERTIFICATE_FILE_NAME>
```

Update Custom Trusted Certificates for the Oracle Cloud Agent (OCA) Management Agent Plug-in on a Compute Instance

If you are using the OCA Management Agent plug-in on a compute instance, then you can use the following commands to update an existing certificate with a trusted custom certificate.

Create a new directory for the custom certificates. In the following example, the tmp directory is an example. You can use any directory and confirm the Agent user has read access to every directory in the path for the certificates.
```
mkdir /tmp/customcerts 
```
Copy all the custom certificates in the PEM format to this new staging directory.
```
 cp *.pem /tmp/customcerts
```
Set permissions for the staging directory and it's contents to allow the standalone agent to access the certificates.
```
 chmod 777 /tmp/customcerts
```

To import the certificates to an existing agent using the oci-managementagent command line tools use the following command:

 sudo -u oracle-cloud-agent /usr/libexec/oracle-cloud-agent/plugins/oci-managementagent/oci-managementagent -cli -trusted-certs-dir=/tmp/trustedcerts

Example Output:

Import Trusted Certificates Management Agent ...
Log file path: /var/log/oracle-cloud-agent/plugins/oci-managementagent/oci-managementagent_importcerts.log
Trusted Certificates added

Deploy Service Plug-ins

Management Agents allow you to deploy service plug-ins for different Oracle Cloud Infrastructure (OCI) services.

Service plug-ins can be deployed to management agents enabling to perform tasks for those services. Any given management agent can have multiple service plug-ins.

Available Service Plug-ins

The following service plug-ins are available:

Database Management and Operations Insights Service.
Java Management Service.
Java Usage Tracking.
Logging Analytics.
Operations Insights Host Service.
Stack Monitoring.

For more information about OCI services, see Oracle Cloud Infrastructure (OCI) services.

Note

If there's any OCI service plug-in update available, it will get updated automatically.

Deploy a Service Plug-in

You can deploy a service plug-in using any of the following methods:

Deploy a Service Plug-in Using the Agents Page

Use this method when the Management Agent is already installed as described in Install Management Agents.

To deploy a plug-in using the Agents page, do the following:

From the left menu, click on Agents to open up the Agents page.
From the Agents list, click on the desired agent where you want to deploy the plug-in.

The Agent detail page is displayed.
Click Deploy Plug-ins.

The Deploy Plug-ins window is displayed.
Select the plug-in and click Update.

The selected plug-in will be deployed on the desired agent.

Deploy a Service Plug-in During the Management Agent Installation

Use this method when a plug-in deployment is performed during the Management Agent installation process.

Follow the instructions to download the agent software and create an agent install key as described in Download the Management Agent Software and Create Install Key.
Download the agent install key file.

Go to the Agent Install Keys page and from the action menu, select Download Key to File option.

The Download Key to File option allows you to download a response file template. For details, Download Install Key.
Edit the response file template using a text editor and create a custom response file.

Follow the instructions to create a response file using the download a response file template option as described in Option 1: Download a response file template to create a response file.

The response file template contains agent parameters, including the service plug-in parameter, which is required for deploying a plug-in.

To deploy a service plug-in as part of the Management Agent installation process, customize the Service.plugin.<plugin_name>.download parameter.

For example, if you want to deploy the DataSafe plug-in during the agent installation, the parameter value will be: Service.plugin.datasafe.download=true

For more information about agent parameters supported in the response file, see Review Agent Parameters.
Install the Management Agent as described in Install Management Agent to complete the installation.

Post Deployment Tasks

After deploying a service plug-in, you can do the following:

Check Service Plug-in Status

On the Agent Details page, go to Agent information and click the Service Plug-in link.
The Service Plug-ins pane is displayed with the following information: Name, Status and Message.

If the Management Agent has more than one service plug-in deployed, information of all service plug-ins is displayed.

If the deployment is successful, you can see Running under Status.

If the deployment has issues, you can see Failed under Status with an error description under Message.

Check Work Request Status

When a service plug-in is being deployed, a work request is generated to track the deployment process.

To check the work request status, do the following:

On the Agent Details page, go to Agent information and click the Work request link.
The Work Requests pane is displayed with the following information: Id, Operation Type, Plugin Name, Status and Time Accepted.

It shows all the work requests for the last 30 days.

If the deployment is successful, the work request shows Succeeded under Status.

If the deployment has issues, the work request shows Failed under Status . You can use the Id information for troubleshooting.

Enable Agent Logs

The Enable Agent Logs option allows you to enable continuous collection of the agent logs to the Logging Analytics service.

This feature onboards the selected agent with Logging Analytics, and enables automatic upload of the agent's log files to Logging Analytics. For information about Log Analytics OCI service, see Logging Analytics.

Prerequisites

The status of the selected agent is Active.
Tenancy has to be onboarded to Logging Analytics service.
Logging Analytics plugin has to be deployed to the selected agent.

Enable Agent Logs

To enable logs, do the following:

From the Agents list page, click on the desired agent.

The Agent details page is displayed.
Click Enable Agent Logs.

The Enable logs: Agent window for the selected agent is displayed.
Select a Log Group Compartment from the dropdown list.
Select a Log Group from the dropdown list.
If you want to create a new Log group, click Create Log Group.

At the Create Log Group window, enter the Log Group Name and a Description. After, click Create.
Click Enable.

Troubleshooting:

For each agent, there is a corresponding entity (resource) that gets created in Logging Analytics. If no matching entity is found for the selected agent, logging cannot be enabled. To enable logs in this case, retry after sometime or manually add the agent as an entity in Logging Analytics. For information, see Create an Entity to Represent Your Log-Emitting Resource from Logging Analytics.

Verify Agent Logs Source Association

Once the logs are enabled, the association can be viewed in Logging Analytics.

Navigate to Observability & Management and go to Logging Analytics.
On the Logging Analytics page, go to Administration.
From the left menu, select Sources.

From the center pane, select Oracle Management Agent Logs and verify the agent is listed under the Associated Entities list.

Logs are only enabled with the selected log group in Agent Details page.

To setup purge policy of the log data, see Purge Log Data from Logging Analytics.

Disable Agent Logs

Disabling agent logs stops the continuous upload of logs of the selected agent to Logging Analytics.

To disable logs, do the following:

Click Disable Agent Logs.
The disable agent logs window for the selected agent is displayed.
Click Disable.

Manage DataSources

Manage DataSources allows you to view or edit the properties and dimensions of the datasources configured with the selected agent, such as the Prometheus datasource.

Prometheus DataSource Prerequisites:

The Management Agent was deployed using Management Agent version 231231.0001 or higher.
For Prometheus Exporter, the Management Agent should be on the same virtual machine (VM) or on a VM with access to the Exporter's endpoint. This Management Agent is configured to scrape metrics from the running Prometheus Exporter.

To manage datasources, do the following:

From the Agents list page, click on the desired agent.

The Agent details page is displayed.
Click Manage DataSources.
The DataSources window displays a table with the following columns:
- Name: Name of the datasource.
- Type: Type of the datasource. For example: Prometheus.
- State: Status of the datasource.
- Time Created: Timestamp when the datasource was created.
- : Shows more actions available for a specific datasource.
If you click on a specific datasource name, the View DataSource window is displayed.
Use the View DataSource to display all the information about a datasource.

For example: You can view the metric data from Prometheus Exporter.
Use Add DataSource to add a datasource.
- Select the DataSource type from the dropdown list. For example: Prometheus.
- Use Name to enter the new datasource name.
- Select Metric compartment from the dropdown list.
- Enter Metric namespace.
- Enter URL which Prometheus Exporter uses to publish its metrics.
- Use the Custom metric dimensions to add a metric dimension.
- Use Optional properties if needed.
Delete DataSource: Use the action menu to delete a datasource.
Edit DataSource: Use the action menu to edit properties a datasource.
For example, you can modify the Prometheus exporter URL which publishes the metric data to OCI Monitoring service.

Note

For Prometheus Exporter, you must create policies.

Control Management Agents

One of the administration tasks is to control the state of the Management Agents. You can start, stop and verify the status of the Management Agents.

Start Agents

To start the agent service, do the following:

On Linux:

Login as a user with sudo permissions.
Run the following command:

For Oracle Linux 6: sudo /sbin/initctl start mgmt_agent

For Oracle Linux 7: sudo systemctl start mgmt_agent

On Windows:

Login as an Administrator user and open a Command Prompt window.
Run the following command: net start mgmt_agent

On Solaris:

Login as a user with sudo permissions to execute commands as the root user.
Run the following command:

sudo /etc/init.d/mgmt_agent start

Stop Agents

To stop the agent service, do the following:

On Linux:

Login as a user with sudo permissions.
Run the following command:

For Oracle Linux 6: sudo /sbin/initctl stop mgmt_agent

For Oracle Linux 7: sudo systemctl stop mgmt_agent

On Windows:

Login as an Administrator user and open a Command Prompt window.
Run the following command: net stop mgmt_agent

On Solaris:

Login as a user that has sudo privilege to execute commands as root user.
Run the following command:

sudo /etc/init.d/mgmt_agent stop

Verify Agents

To verify the agent status, do the following:

On Linux:

Login as a user with sudo permissions.
Run the following command:

For Oracle Linux 6: sudo /sbin/initctl status mgmt_agent

For Oracle Linux 7: sudo systemctl status mgmt_agent

For more details, check the log file: /opt/oracle/mgmt_agent/agent_inst/log/mgmt_agent.log.

On Windows:

Login as an Administrator user and open a Command Prompt window.
Run the following command: sc query mgmt_agent

For more details, check the log file: C:\Oracle\mgmt_agent\agent_inst\log\mgmt_agent.log.

On Solaris:

Login as a user that has sudo privilege to execute commands as root user.
Run the following command: sudo /etc/init.d/mgmt_agent status

For more details, check the log file: /opt/oracle/mgmt_agent/agent_inst/log/mgmt_agent.log.

Manage Install Keys

Create Install Key

You need to create an install key before installing Management Agent.

An install key is issued against your identity domain and validates the authenticity of the installation. Ensure you create the install key before starting the Management Agent installation.

To create an install key:

On the Management Agents home page, click Download and Keys from the left menu to view the Install Keys pane.
The Install Keys pane displays at the bottom of the page.
On the Install Keys pane, click Create Key to create a key.
Enter the required details in the Create Key window.
1. In the Key Name field, specify a name to identify the key.
2. In the Compartment field, select the compartment from the drop-down list. This is the compartment where the agent resource will be created.
3. In the Maximum Installs field, specify a number that indicates the maximum number of installs that can be associated with the key. Default value is 1000.
4. In the Valid for field, specify a number that indicates the period the key is valid for. The default value is 1 week.
5. The Unlimited checkbox is optional.
  
  If it's selected, the key can be used for an unlimited number of agent and gateway installations and the key never expires.
  
  Risks of using unlimited keys: Oracle recommends to keep the life time of an Install Key to a minimum required time and limited number of agents. Ensure that you keep the downloaded key in a secure location to protect confidentiality. If the unlimited install key is compromised, an attacker can install rogue agents in your tenancy. A regular audit of your tenancy's agents can help to mitigate any potential risks associated with unlimited install keys. When an unlimited install key is not needed anymore, make sure to delete it either using the Management Agents Console or CLI.
A new key is created.

The Install Keys pane offers different options available to manage the keys. During a later step, the Download Key to File option is useful to download a file that can be used as a response file template as described in Configure a Response File.

For more information about managing the install keys, see Manage Install Keys.

Note

If you are installing a Management Gateway, you can use the same install key to install Management Gateway and Management Agent. For information about Management Gateway, see Management Gateway.

Copy Install Key

You can copy an install key to clipboard from the Install Keys pane.

On the Management Agents home page, click Download and Keys from the left menu to view the Install Keys pane.
The Install Keys pane is displayed.
From the list of install keys, select the key that you want to copy to clipboard.
On the right side of the selected key, click the action menu and select Copy Key to Clipboard.

The key is copied to clipboard.

The Copy Key to Clipboard option is useful to copy and paste the value of the key when creating the response file during the agent configuration process. For more details, see Create a Response File.

Download Install Key

You can download an install key from the Install Keys pane.

On the Management Agents home page, click Download and Keys from the left menu to view the Install Keys pane.
The Install Keys pane is displayed listing all the existing keys.
From the list of install keys, select the key that you want to download.
On the right side of the selected key, click the action menu and select Download Key to File.

A file is downloaded.

The Download Key to File option is useful to download a file with the agent parameters that can be used as a response file during the agent installation process. For more details, see Create a Response File.

Delete Install Key

You can delete an install key from the Install Keys pane.

On the Management Agents home page, click Download and Keys from the left menu to open the Install Keys pane.

The Install Keys pane is displayed listing all the existing keys.
From the list of install keys, select the key that you want to delete.
On the right side of the selected key, click on the action menu and select Delete Key.
Click on Delete Key.
Press Delete to confirm the operation.

The Delete Key option is useful when you suspect that an unauthorized user has obtained the value of an agent install key.

Upgrade Management Agents

There are two methods available for upgrading the Management Agents:

Automatic Upgrade

Management Agents service supports automatic upgrade.

Enabling the auto upgrade feature is done at the tenancy level: Users can enable auto upgrade for all management agents residing in their current tenancy.

Requirements:

Permission: The MGMT_AGENT_UPDATE permission at the tenancy root compartment is required to enable auto upgrade feature. Use the following policy syntax:
```
ALLOW GROUP <group_name> TO USE management-agents IN TENANCY
```
For information about Management Agent polices, see Details for Management Agent.
Minimum Management Agent Version: 210918.1427 or higher.

Default Auto Upgrade Status: Disable.

Topics

Enable Auto Upgrade

You can enable auto upgrade using the Management Agents console.

On the Management Agents home page, click Downloads and Keys from the left menu.

The Agent Auto Upgrade pane is displayed at the top of the page.
On the Agent Auto Upgrade pane, click Enable Auto Upgrade.

The Enable Auto Upgrade window is displayed.
On the Enable Auto Upgrade window, click OK to enable auto upgrade for all management agents in the current tenancy

Disable Auto Upgrade

You can disable auto upgrade using the Management Agents console.

On the Management Agents home page, click Downloads and Keys from the left menu.

The Agent Auto Upgrade pane is displayed at the top of the page.
On the Agent Auto Upgrade pane, click Disable Auto Upgrade.

The Disable Auto Upgrade window is displayed.
On the Disable Auto Upgrade window, click OK to disable auto upgrade for all management agents in the current tenancy.

For a list of available CLI commands to enable and disable auto upgrade, see Oracle Cloud Infrastructure CLI Command Reference.

Manual Upgrade

Management Agent supports manual upgrade for the following operating systems:

Linux Manual Upgrade (RPM file)

To upgrade an agent on Linux using an RPM file, do the following:

Download the latest version of the RPM file containing the agent software download file. See Download the Management Agent Software.
To upgrade the agent, run the rpm command with the rpm -U upgrade option:
```
sudo rpm -U <rpm_file_name.rpm>
```

Linux Manual Upgrade (ZIP file)

To upgrade an agent on Linux using a ZIP file, do the following:

Download the latest version of the ZIP file containing the agent software download file. See Download the Management Agent Software.
Navigate to the directory where you have downloaded the management agent software ZIP file and unzip it to any preferred location.

To upgrade the agent, run the installer.sh script with the -u option:

installer.sh -u

The output looks similar to the following:

sudo ./installer.sh -u 
Checking pre-requisites
    Checking available disk space for agent upgrade    
    Checking agent version

Executing install
    Unpacking software zip
    Copying files to destination dir (/opt/oracle/mgmt_agent)
    Updating communication wallet
    Creating 'mgmt_agent' daemon
    Starting mgmt_agent
    Agent Install Logs: /opt/oracle/mgmt_agent/installer-logs/installer.log.0

Agent upgrade successful

Windows Manual Upgrade

To upgrade an agent on Windows, do the following:

Login as an Administrator user and open a command prompt window.
Download the latest version of the ZIP file containing the agent software download file. See Download the Management Agent Software.
Navigate to the directory where you have downloaded the management agent software ZIP file and unzip it to any preferred location.

To upgrade the agent, run the installer.bat script with the -u option: installer.bat -u.

The output looks similar to the following:

C:\Users\test_agent>installer.bat -u 
Checking pre-requisites

     Checking if C:\Oracle\mgmt_agent\200821.0751 directory exists 
     Checking available disk space for agent install
     Checking Java version
              Java version: 1.8.0_261 found at C:\Program Files\Java\jdk1.8.0_261

Executing Upgrade
        Unpacking software zip
        Copying files to destination dir(C:\Oracle\mgmt_agent)
        Initializing software from template
        Creating mgmt_agent service

Agent Upgrade  successful

Solaris Manual Upgrade

To upgrade an agent on Solaris, do the following:

Download the latest version of the ZIP file containing the agent software download file. See Download the Management Agent Software.
Navigate to the directory where you have downloaded the management agent software ZIP file and unzip it to any preferred location.

To upgrade the agent, login as root user and run the installer.sh script with the -u option:

installer.sh -u

The output looks similar to the following:

sudo ./installer.sh -u 
Checking pre-requisites
    Checking available disk space for agent upgrade    
    Checking agent version

Executing install
    Unpacking software zip
    Copying files to destination dir (/opt/oracle/mgmt_agent)
    Updating communication wallet
    Creating 'mgmt_agent' daemon
    Starting mgmt_agent
    Agent Install Logs: /opt/oracle/mgmt_agent/installer-logs/installer.log.0

Agent upgrade successful

AIX Manual Upgrade (ZIP file)

To upgrade an agent on AIX using a ZIP file, do the following:

Download the latest version of the ZIP file containing the agent software download file. See Download the Management Agent Software.
Navigate to the directory where you have downloaded the management agent software ZIP file and unzip it to any preferred location.

To upgrade the agent, run the installer.sh script with the -u option:

installer.sh -u

The output looks similar to the following:

sudo ./installer.sh -u 
Checking pre-requisites
        Checking available disk space for agent upgrade
        Checking agent version

Executing install
        Unpacking software zip
        Copying files to destination dir (/opt/oracle/mgmt_agent)
        Updating communication wallet
        Creating mgmt_agent daemon
        Starting mgmt_agent
        Agent Install Logs: /opt/oracle/mgmt_agent/installer-logs/installer.log.0

Agent upgrade successful

Remove Management Agents

When removing a management agent associated with a host, the management agent is unregistered from Management Agents Cloud Service before it’s removed from the host.

You can remove an agent from a host for the following reasons:

An agent deployed on the target host is no longer necessary.
You no longer need to collect data, performance metrics or logs from a specific target host.
You modified your deployment topology.

This topic explains how to remove Management Agents.

Remove Agents from User Interface

To remove agents from the user interface, do the following:

Select the agent from the Agents list and click on the Action Menu.

Figure 4-1 Delete Agent
Click on Delete Agent.
Press Delete to confirm the selection.

The agent will get removed from Management Agent user interface, but the agent software won't get deleted from the target host. Users are required to connect to the host and manually remove the agent software from the host. For Linux, use the rpm command with -e option.

Remove Agents from Command Line Interface

When removing an agent from the command line interface, the agent and the agent software will be removed from the host.

Remove (uninstall) Management Agent from the following operating systems:

Linux using RPM command

Execute the rpm command with the -e option.

sudo rpm -e <rpm_name>

Linux using uninstaller script

Execute the uninstaller.sh script if you installed the agent using the ZIP files.

The output looks similar to the following:

$ sudo bash /opt/oracle/mgmt_agent/agent_inst/bin/uninstaller.sh
Executing pre-remove step from uninstall
Attempting to remove the agent from Management Agent Cloud service, please do not interrupt...
Attempting to remove the agent from Management Agent Cloud service, please do not interrupt...
Agent was removed from Management Agent Cloud service successfully.
Detected Oracle Linux Server (Red Hat family):
Stopping mgmt_agent...
Removing mgmt_agent daemon from systemd...
Removed symlink/etc/systemd/system/multi-user.target.wants/mgmt_agent.service.
Agent was removed from the host successfully.
Executing post-remove step from uninstall
Agent state directory was removed from the host successfully.

Note

If you installed the Management Agent using an external volume on Linux, the Management Agent uninstaller script removes all the data under the /opt/oracle/mgmt_agent directory, and in some operating systems, it also removes the target directory the symlink points to.

Windows

Open a Command Prompt window, navigate to the agent install base directory and execute the uninstaller.bat script.

The output looks similar to the following:

C:\Oracle>mgmt_agent\uninstaller.bat
Removing agent from Management Agent Cloud Service
Attempting to remove the agent from Management Agent Cloud service, please do not interrupt...
Agent was removed from Management Agent Cloud service successfully.
Removing agent service from the host
Agent service was removed from the host successfully
Removing agent directories

Ensure that all other command prompt windows are closed or that they are not pointing to the agent home directory before running the uninstaller.bat script.

Solaris

Execute the uninstaller.sh script as root user.

The output looks similar to the following:

sudo bash /opt/oracle/mgmt_agent/agent_inst/bin/uninstaller.sh
Executing pre-remove step from uninstall
Attempting to remove the agent from Management Agent Cloud service, please do not interrupt...
Attempting to remove the agent from Management Agent Cloud service, please do not interrupt...
Agent was removed from Management Agent Cloud service successfully.
Detected Oracle Linux Server (Red Hat family):
Stopping mgmt_agent...
Removing mgmt_agent daemon from systemd...
Removed symlink /etc/systemd/system/multi-user.target.wants/mgmt_agent.service.
Agent was removed from the host successfully.
Executing post-remove step from uninstall
Agent state directory was removed from the host successfully.

AIX

Execute the uninstaller.sh script as root user.

The output looks similar to the following:

sudo sh /opt/oracle/mgmt_agent/agent_inst/bin/uninstaller.sh
Executing pre-remove step from uninstall
Attempting to remove the Agent from Management Agent Cloud service, please do not interrupt...
Attempting to remove the Agent from Management Agent Cloud service, please do not interrupt...
Agent was removed from Management Agent Cloud service successfully.
Detected AIX:
Stopping mgmt_agent...
Waiting for mgmt_agent to exit...
Stopped mgmt_agent.
Removing mgmt_agent daemon...
0513-083 Subsystem has been Deleted.
Agent was removed from the host successfully.
Executing post-remove step from uninstall
Agent state directory was removed from the host successfully.

Use a Non-default OS User to Install Management Agent

Oracle recommends to perform the Management Agent installation using the default OS user: mgmt_agent, but depending on your requirements, you may need to perform the installation using a different OS user.

This section describes how to install the Management Agent using a different user from mgmt_agent, the default OS user.

Prerequisites

Note

When choosing an OS user other than mgmt_agent to perform the Management Agent installation on Linux or Unix systems, the following considerations need to be taken:

Select an OS user with limited privileges.
The default mgmt_agent OS user is a least privilege OS user with no login shell. If you decide to select another OS user instead, ensure the chosen user has limited privileges.
Management Agent is a multi-threaded application and each thread (LWP) counts towards the OS user limit. Ensure that the user limit (ulimit) for max user processes is set accordingly by checking:
```
ulimit -u
```
Choosing an inadequate limit can result in instability of the Management Agent and applications running as the OS user selected.

Identify a valid OS user to perform the Management Agent installation and use it as value for the RUN_AGENT_AS_USER variable.
Oracle recommends that the selected OS user should have least privileges and no login shell.
```
id -un <username>
```
Example 1:
```
id -un myexistinguser
```
The myexistinguser OS user exists. The output returns the value of the selected user and looks similar to the following:
```
myexistinguser
```
Example 2:
```
id -un mytestuser2
```
The mytestuser2 OS user doesn't exist and it's not a valid user. The output returns no user value and looks similar to the following:.
```
id: mytestuser2: no such user
```
Identify the user's primary group to use as value for the AGENT_USER_GROUP variable.
Ensure the value for AGENT_USER_GROUP is the primary user group of the selected OS user.
Note

Using a secondary group is not supported and it can result in a corruption of the Management Agent.
```
id -gn <username>
```
Example:
```
id -gn myexistinguser
```
The output looks similar to the following:
```
staff
```

Set Environment Variables and Install Management Agent

Set the following environment variables:

RUN_AGENT_AS_USER=<selected_OS_user_for_ManagementAgent_installation>
AGENT_USER_GROUP=<OS_primary_group_of_selected_OS_user>

Example:

RUN_AGENT_AS_USER=myexistinguser
AGENT_USER_GROUP=staff

Ensure the above environment variable are accessible by the root OS user.
By default, the environment variables are not shared with the root user.
Verify the environment variables are set properly by running the following:
```
sudo su
echo $RUN_AGENT_AS_USER
echo $AGENT_USER_GROUP
```
For example, the output looks like the following:
```
myexistinguser
staff
```
If root is unable to access the environment variables, edit /etc/sudoers file and add the following:
```
Defaults env_keep+=RUN_AGENT_AS_USER
Defaults env_keep+=AGENT_USER_GROUP
```
The above ensures the RUN_AGENT_AS_USER and AGENT_USER_GROUP environment variables are preserved and accessible by the root user.

After updating the /etc/sudoers file, set the environment variables again and verify root can access the environment variables.
Once verification is complete, you can start the Management Agent installation: Log in as root, set the environment variables, and start the Management Agent installation.

Depending on your preferred method, you can follow the instructions from Install Management Agent on Linux (RPM file) or Install Management Agent on Linux (ZIP file).

For example, follow the instructions from Install Management Agent on Linux (RPM file). In this case, skip step 1 since you are already root and there's no need of sudo privileges. Start at step 2: rpm -ivh <rpm_file_name.rpm>

Management Agent Source Credentials

This section describes how to manage source credentials which may be needed to allow the Management Agent to collect data from certain data sources.

After deploying plug-ins on a Management Agent, you may need to configure source credentials to allow the agent to collect data from different sources.

Each source of data manages credentials in a different way. Configuring source credentials is specific to the type of plug-in or service that was deployed on the agent. Refer to the plug-in or service documentation for more information.

Credential Types

The agent's credential store can store credentials that are known and understood by the agent (for example, Oracle Database credentials), as well as credentials which are only understood by the specific service. The agent validates built-in credential types, but it also accepts other free-form types without any validation.

Free-Form Credentials

A user can define credentials of any type, containing one or more sensitive properties. Since they are free-form, they cannot be classified.

For example:

SSHKeyCreds

SSH RSA key credentials where SSH key credentials are needed by the agent.

This is an example of how the credentials might look. SSHUserName, SSHPrivateKey and SSHPublicKey are case-sensitive properties.

{"source":"<DATA_SOURCE_NAME>", 
"name":"OSCreds", 
"type":"SSHKeyCreds", 
"description":"<DESCRIPTION>", 
"properties":[
{"name":"SSHUserName","value":"<USER_NAME>"},               
{"name":"SSHPrivateKey","value":"<RSA_PRIVATE_KEY>"},
{"name":"SSHPublicKey","value":"<PUBLIC KEY>"]}

For example:

{"source":"host.myvm.example.com", 
"name":"OSCreds", 
"type":"SSHKeyCreds", 
"description":"SSH keys for a twoods user", 
"properties":[
{"name":"SSHUserName","value":"twoods"},               
{"name":"SSHPrivateKey","value":"-----BEGIN RSA PRIVATE KEY-----\nMIICXQIBAAKBgQCKWjoLfOKsjglGQcKwB0zm1o/OabClELjcOOTS1FJh6pzvrDeL\nn3IfIW9VUiyfGNkjnj4cuO0mVctaQgGVtT6H+4fL8HKjWqPg9S+uc0WBKBzaLi9H\nAoGACZctlORIVkvWSr9+PnOTGiFfgKCE9TxOhD2RZyf+ufjofhjDFPOtlojbzd9P\nZovzaWurxJPxJIon+Y6/y1/wAKUFisOlY2XJl76NKXm/00OGSfocQ3WsxapEsWwR\nalRL0l5FhXVpTV5OH3M4Dy5ksIcDqiV6r\nMejuJ++3AHlflzzoITtmS3RDlpSsd27ZH9vzV9HgFQU3volRgOZqnVm/oGXWwjl7\n-----END RSA PRIVATE KEY-----"},
{"name":"SSHPublicKey","value":"-----BEGIN PUBLIC KEY-----\nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCKWjoLfOKsjglGQcKwB0zm1o/O\nabClELjcOOTS1FJh6pzvrDeLn3IfIW9VUiyfQAcfTWRwb0JtzMcRONQIDAQAB\n-----END PUBLIC KEY-----"]}

Built-in Credentials

The agent has several built-in credential types. Any service plug-in can deliver credentials to the agent using one of the following credential types:

Credential Type for Management Gateways and Proxies

ProxyCreds

These credentials are used for authenticating Management Gateway or network proxies.

Prerequisites: The agent should be configured with a Management Gateway or proxy using the following two properties:

GatewayServerHost. For example: GatewayServerHost=myproxy.example.com
GatewayServerPort. For example: GatewayServerPort=80

The below credentials properties are case-sensitive:

ProxyUser: the user name for authentication with the proxy.
ProxyPassword: the password used to authenticate the user.

{"source":"<DATA_SOURCE_NAME>", 
"name":"ManagementAgent-Proxy", 
"type":"ProxyCreds", 
"description":"<DESCRIPTION>", 
"properties":[
{"name":"ProxyUser","value":"<USER_NAME>"},               
{"name":"ProxyPassword","value":"<USER_PASSWORD>"}]}

For example:

{"source":"agent.ocid1.managementagent.oc1.iad.amaabb", 
"name":"ManagementAgent-Proxy", 
"type":"ProxyCreds", 
"description":"Proxy Credentials", 
"properties":[
{"name":"ProxyUser","value":"joe"},               
{"name":"ProxyPassword","value":"welcome_1"}]}

Note

These credentials are used by the agent for communicating with Oracle Cloud Infrastructure services. Changing its format or removing the credential can have an adverse effect on the agent's ability to communicate back to Oracle Cloud Infrastructure services.

Credential Type for Databases

DBCreds

These credentials are used for authenticating to an Oracle database using TCP protocol.

The below properties are case-sensitive:

DBUserName: the database user name.
DBPassword: the database user's password.
DBRole: the database user's role. It can be: SYSDBA, SYSOPER, NORMAL. If it's not specified, NORMAL will be used.

{"source":"<DATA_SOURCE_NAME>", 
"name":"SQLCreds", 
"type":"DBCreds", 
"description":"<DESCRIPTION>", 
"properties":[
{"name":"DBUserName","value":"<DB_USER_NAME>"},               
{"name":"DBPassword","value":"<DB_USER_PASSWORD>"},               
{"name":"DBRole","value":"<DB_ROLE>"}]}

For example:

{"source":"auditvault_db.myhost", 
"name":"SQLCreds", 
"type":"DBCreds", 
"description":"This is a credential that can be used for operations on DATASAFE databases.", 
"properties":[
{"name":"DBUserName","value":"sys"},               
{"name":"DBPassword","value":"sys"},               
{"name":"DBRole","value":"SYSDBA"}]}

DBANOCreds

These credentials are used for authenticating to an Oracle database using TCP protocol.

The below properties are case-sensitive:

DBUserName: the database user name.
DBPassword: the database user's password.
DBRole: the database user's role. It can be: SYSDBA, SYSOPER, NORMAL. If it's not specified, NORMAL will be used.
DBEncryptionTypes: the parenthesized, comma-separated list of encryption algorithms.
DBEncryptionLevel: the level of encryption specified by the client. It can be: REJECTED, ACCEPTED, REQUESTED, REQUIRED. If it's not specified, ANO services' default will be used.
DBChecksumTypes: the parenthesized, comma-separated list of checksum algorithms.
DBChecksumLevel: the level of integrity specified by the client (REJECTED, ACCEPTED, REQUESTED, REQUIRED). If it's not specified, ANO services' default will be used.

{"source":"<DATA_SOURCE_NAME>", 
"name":"SQLCreds", 
"type":"DBANOCreds", 
"description":"<DESCRIPTION>", 
"properties":[
{"name":"DBUserName","value":"<DB_USER_NAME>"},               
{"name":"DBPassword","value":"<DB_USER_PASSWORD>"},               
{"name":"DBRole","value":"<DB_ROLE>"},               
{"name":"DBEncryptionTypes","value":"<DB_ENCRYPTION_TYPE>"},               
{"name":"DBEncryptionLevel","value":"<DB_ENCRYPTION_LEVEL>"},               
{"name":"DBChecksumTypes","value":"<DB_CHECKSUM_TYPE>"},               
{"name":"DBChecksumLevel","value":"<DB_CHECKSUM_LEVEL>"}]}

For example:

{"source":"auditvault_db.myhost", 
"name":"SQLCreds", 
"type":"DBANOCreds", 
"description":"This is a credential that can be used for operations on DATASAFE databases.", 
"properties":[
{"name":"DBUserName","value":"sys"},               
{"name":"DBPassword","value":"sys"},               
{"name":"DBRole","value":"SYSDBA"},               
{"name":"DBEncryptionTypes","value":"(AES256,AES192,AES128,3DES168,3DES112)"},               
{"name":"DBEncryptionLevel","value":"REQUIRED"},               
{"name":"DBChecksumTypes","value":"(SHA2)"},               
{"name":"DBChecksumLevel","value":"REQUESTED"}]}

DBTCPSCreds

These credentials are used for authenticating using TCPS.

The below properties are case-sensitive:

DBUserName: the database user name.
DBPassword: the database user's password.
DBRole: the database user's role. It can be: SYSDBA, SYSOPER, NORMAL. If it's not specified, NORMAL will be used.
ssl_trustStoreType: the type of the trust store.
ssl_trustStoreLocation: the location on the file system of the trust store wallet. It must be accessible to the agent user.
ssl_trustStorePassword: the password for the trust store wallet.
ssl_keyStoreType: the type of the key store.
ssl_keyStoreLocation: the location on the file system of the key store wallet. It must be accessible to the agent user.
ssl_keyStorePassword: the password for the key store wallet.
ssl_server_cert_dn: the domain name of the server cert.

Note

Starting with Management Agent version: 230207.1529 (February 2023), the ssl_server_cert_dn property is optional. (For example: {"name":"ssl_server_cert_dn","value":"<SERVER_CERT_DN>"}).
If the server wallet contains a value for it, then the user can provide it in the credentials. If it is absent in the wallet, then the user doesn't have to provide it in the credentials at all.

For earlier versions, the management agent expects the credentials to contain this property. However, to indicate that there is no value for ssl_server_cert_dn, the user needs to specify the "unknownDn” value.

{"source":"<DATA_SOURCE_NAME>", 
"name":"SQLCreds", 
"type":"DBTCPSCreds", 
"description":"<DESCRIPTION>", 
"properties":[
{"name":"DBUserName","value":"<DB_USER_NAME>"},               
{"name":"DBPassword","value":"<DB_USER_PASSWORD>"},               
{"name":"ssl_trustStoreType","value":"<STORE_TYPE>"},               
{"name":"ssl_trustStoreLocation","value":"<STORE_LOCATION>"},               
{"name":"ssl_trustStorePassword","value":"<STORE_PASSWORD>"},               
{"name":"ssl_keyStoreType","value":"<KEY_STORE_TYPE>"},               
{"name":"ssl_keyStoreLocation","value":"<KEY_STORE_LOCATION>"},               
{"name":"ssl_keyStorePassword","value":"<KEY_STORE_PASSWORD>"},               
{"name":"ssl_server_cert_dn","value":"<SERVER_CERT_DN>"}]}

For example:

{"source":"auditvault_db.myhost_pdb1_regress", 
"name":"SQLCreds", 
"type":"DBTCPSCreds", 
"description":"This is a TCPS credential that can be used for operations on DATASAFE databases.", 
"properties":[
{"name":"DBUserName","value":"C#AUDIT"},               
{"name":"DBPassword","value":"welcome_1"},               
{"name":"ssl_trustStoreType","value":"JKS"},               
{"name":"ssl_trustStoreLocation","value":"/home/jks_wallets/ewalletT.jks"},               
{"name":"ssl_trustStorePassword","value":"welcome_1"},               
{"name":"ssl_keyStoreType","value":"JKS"},               
{"name":"ssl_keyStoreLocation","value":"/home/jks_wallets/ewalletK.jks"},               
{"name":"ssl_keyStorePassword","value":"welcome_1"},               
{"name":"ssl_server_cert_dn","value":"CN=myvm.example.com"}]}

Add or Update Credentials

To add credentials or update existing ones, use the credential_mgmt.sh script with the upsertCredentials operation.

The credential_mgmt.sh script is located in the /opt/oracle/mgmt_agent/agent_inst/bin directory.

Syntax

credential_mgmt.sh -o upsertCredentials -s [service-name]

Note

For Management Agents running on compute instances using the Oracle Cloud Agent plugin, the credential_mgmt.sh script location is under /var/lib/oracle-cloud-agent/plugins/oci-managementagent/polaris/agent_inst/bin.

Create a JSON file with the credential information.

The below example is a credential type format for a datasafe_db source named orcl123:

{"source":"datasafe_db.orcl123", 
"name":"audit_cred", 
"description":"This is the audit credential for orcl123 Oracle RDBMS system.", 
"properties":[ 
{"name":"username","value":"CLEAR[scott]"}, 
{"name":"password","value":"CLEAR[tiger]"}]
}

For example, you can save the file as my_credentials.json.

Add credentials using a JSON file.

credential_mgmt.sh -o upsertCredentials -s [service-name]

For example, you can run the following for DataSafe service using my_credentials.json file:

cat my_credentials.json | sudo -u mgmt_agent /opt/oracle/mgmt_agent/agent_inst/bin/credential_mgmt.sh -o upsertCredentials -s datasafe

Delete JSON file created in step 1.

The credential JSON file contains sensitive information. Customers are responsible for deleting the credential JSON file after completing the add or update credential operation.

Delete Credentials

To delete credentials, use the credential_mgmt.sh script with the deleteCredentials operation.

The credential_mgmt.sh script is located in the /opt/oracle/mgmt_agent/agent_inst/bin directory.

Syntax

credential_mgmt.sh -o deleteCredentials -s [service-name]

Create a JSON file using the following format:
```
{"source":"datasafe_db.orcl123"
 "name":"audit_cred"} 
```
For example, you can save the file as my_credentials.json.

Delete credentials using a JSON file.

credential_mgmt.sh -o deleteCredentials -s [service-name]

For example, you can run the following for DataSafe service using my_credentials.json file:

cat my_credentials.json | sudo -u mgmt_agent /opt/oracle/mgmt_agent/agent_inst/bin/credential_mgmt.sh -o deleteCredentials -s datasafe

Delete JSON file created in step 1.

The credential JSON file contains sensitive information. Customers are responsible for deleting the credential JSON file after completing the delete credential operation.

Add or Update Credential Alias

To add a credential alias or update an existing one, use the credential_mgmt.sh script with the aliasCredentials operation.

The credential_mgmt.sh script is located in the /opt/oracle/mgmt_agent/agent_inst/bin directory.

Syntax

credential_mgmt.sh -o aliasCredentials -s [service-name]

Create a JSON file using the following format:

{"alias":
 {"source":"datasafe_db.orcl123",
  "name":"audit_cred"},
 "credential":
  {"source":"datasafe_db.host.1521.orcl123",
   "name":"datasafe_cred"}}

For example, you can save the file as my_credentials.json.

Add a credential alias using a JSON file.

credential_mgmt.sh -o aliasCredentials -s [service-name]

For example, you can run the following for DataSafe service using my_credentials.json file:

cat my_credentials.json | sudo -u mgmt_agent /opt/oracle/mgmt_agent/agent_inst/bin/credential_mgmt.sh -o aliasCredentials -s datasafe

Delete JSON file created in step 1.

The credential JSON file contains sensitive information. Customers are responsible for deleting the credential JSON file after completing the add or update credential alias operation.

Delete Credential Alias

To delete a credential alias, use the credential_mgmt.sh script with the unaliasCredentials operation.

The credential_mgmt.sh script is located in the /opt/oracle/mgmt_agent/agent_inst/bin directory.

Syntax

credential_mgmt.sh -o unaliasCredentials -s [service-name]

Create a JSON file using the following format:
```
{"source":"datasafe_db.orcl123",
 "name":"audit_cred"}
```
For example, you can save the file as my_credentials.json.

Delete a credential alias using a JSON file.

credential_mgmt.sh -o unaliasCredentials -s [service-name]

For example, you can run the following for DataSafe service using my_credentials.json file:

cat my_credentials.json | sudo -u mgmt_agent /opt/oracle/mgmt_agent/agent_inst/bin/credential_mgmt.sh -o unaliasCredentials -s datasafe

Delete JSON file created in step 1.

The credential JSON file contains sensitive information. Customers are responsible for deleting the credential JSON file after completing the delete credential alias operation.

Management Agent Audit Logs

The Management Agent service supports logging by the Audit service. This service automatically records calls to all supported Oracle Cloud Infrastructure public application programming interface (API) endpoints as log events.

Management Agents Auditing

The Management Agent service supports the management-agent keyword from the Audit service.

You can use the OCI Console to view the log events for the Management Agents service.

Open the navigation menu. Under Governance and Administration, go to Governance and click Audit.

The Audit service is displayed.

To search for the Management Agents log events, select the desired compartment and enter management-agent under the KEYWORDS field.

For more information about Audit service, see Overview of Audit in the Oracle Cloud Infrastructure documentation.

Using Java with Management Agent

Management Agent requires a Java Runtime Environment (JRE) to be pre-installed in any environment where the Management Agent is being deployed. For information about Management Agent prerequisites, see Generic Prerequisites for Deploying Management Agents.

JRE is used to run Management Agent. Oracle recommends to upgrade to the latest JRE version available as new updates become available with bug fixes and security patches.

This section explains how to upgrade JRE for the Management Agent.

Upgrade JRE on Linux

These instructions describe how to upgrade JRE on Linux 64-bit platforms, including the following: Oracle Linux, CentOS, Ubuntu and SUSE Linux.

Upgrade JRE Using RPM Package

This is the preferred upgrade method. It installs the latest JRE version in the appropriate location.

To upgrade JRE using the RPM package file found on the Java download page, do the following:

Download JRE.
Download the latest JRE version from: https://www.oracle.com/java/technologies/downloads/#java8.
Shutdown the Management Agent.
```
sudo systemctl stop mgmt_agent
```

Upgrade JRE.

sudo rpm -Uvh jre-8u<VERSION>-linux-x64.rpm

Update Java symbolic links.
Change the system default Java symbolic links to refer to the new JRE location by using the update-alternatives command.
```
sudo update-alternatives --config java
```
Alternatively, if the update-alternatives command is not available for your platform, you can change the default Java symbolic links manually

To update the symbolic links to change the default Java manually, use the following:
```
sudo ln -s <path-to-java_home>/bin/java /usr/bin/java
```
Verify the JRE upgrade.
Verify the environment uses the new JRE as default by running the following:
```
env -i java -version
```
The output looks similar to:
```
java version "1.8.0_xxx"
...
```
Start the Management Agent.
```
sudo systemctl start mgmt_agent
```
Verify the Management Agent is running with the updated JRE.
```
grep "java.runtime.version" /opt/oracle/mgmt_agent/agent_inst/log/startup.info
```
The output looks similar to:
```
java.runtime.version=1.8.0_<VERSION>
```

Upgrade JRE Using Compressed Archive

To upgrade JRE using the compressed archive (tar file), do the following:

Download latest JRE file.
Download the latest version from https://www.oracle.com/java/technologies/downloads/#java8.
Shutdown Management Agent.
```
sudo systemctl stop mgmt_agent
```
Extract the JRE Java compressed file to the Java location.
In the below example, the Java target location is /usr/lib/jvm/ directory
```
sudo tar -xvfz jre-8u<VERSION>-linux-x64.tar.gz -C /usr/lib/jvm/
```
Update Java symbolic links.
Change the system default Java symbolic links to refer to the new JRE location by using the update-alternatives command.
```
# install/register the new java with alternatives
sudo update-alternatives --install "/usr/bin/java" "java" "<path-to-java_home>/bin/java" 1

# set executables as default using update-alternatives command
sudo update-alternatives --set java "<path-to-java_home>/bin/java"
```
Alternatively, if the update-alternatives command is not available for your platform, you can change the default Java symbolic links manually.

To update the symbolic links to change the default Java manually, use the following:
```
sudo ln -s <path-to-java_home>/bin/java /usr/bin/java
```
Verify the JRE upgrade.
Verify the environment uses the new JRE as default by running the following:
```
env -i java -version
```
The output looks similar to:
```
java version "1.8.0_xxx"
...
```
Start the Management Agent.
```
sudo systemctl start mgmt_agent
```
Verify the Management Agent is running with the updated JRE.
```
grep "java.runtime.version" /opt/oracle/mgmt_agent/agent_inst/log/startup.info
```

The output looks similar to:

java.runtime.version=1.8.0_<VERSION>

Upgrade JRE on Windows

This topic explains how to upgrade JRE on supported Windows 64-bit platforms to run Management Agent.

Management Agent installations on Windows environments require to set the environment variable JAVA_HOME prior to the installation. For details, see Update Custom JAVA_HOME for Windows environment to set the JAVA_HOME variable to a location that can be changed in the future.

To upgrade JRE on Windows, do the following:

Download the JRE installer file.
Download the latest JRE version from https://www.oracle.com/java/technologies/downloads/#java8.
Shutdown the Management Agent.
```
sc stop mgmt_agent 
```
Upgrade JRE.
- Double-click the installer file downloaded in Step 1 to execute it and follow the interactive instructions provided by the installer.
  If you prefer to perform a silent install, use the following command:
```
# Optional Command Line Silent Install
# Start the installer with silent (/s) switch and store output to jre8-install.log file with log (/L) switch
jre-8u<VERSION>-windows-x64.exe /s /L C:/jre8-install.log
```
Alternative: If you prefer not to use the installer file mentioned above, extract the compressed archive file to the desired location.

Update the Junction (Java symbolic links).

Delete the existing Junction and create a new one, pointing it to the new JRE location.

rd C:\Oracle\jre8-latest
mklink /J "C:\Oracle\jre8-latest" "C:\Program Files\Java\jre1.8.0_<VERSION>
Junction created for C:\Oracle\jre8-latest <<===>> C:\Program Files\Java\jre1.8.0_<VERSION>

Verify the JRE upgrade.
Verify the environment uses the new JRE as default by running the following:
```
echo %JAVA_HOME%
C:\Oracle\jre8-latest

%JAVA_HOME%/bin/java -version
# output example:
java version "1.8.0_<VERSION>"
...
```
Start the Management Agent.
```
sc start mgmt_agent 
```
Verify the Management Agent is running with the updated JRE.
Confirm the java.runtime.version setting matches the newly installed JRE.
```
findstr "java.runtime.version" C:\Oracle\mgmt_agent\agent_inst\log\startup.info
java.runtime.version=1.8.0_<VERSION>
```

Update Custom JAVA_HOME

There are environments that don't have a system default Java location. In those cases, Oracle recommends updating the custom JAVA_HOME location before starting the JRE upgrade process.

When using a custom JAVA_HOME location for the Management Agent installation, upgrading the JRE can cause issues if the Java version is included in the JAVA_HOME path. The solution is to create a symbolic link for the JAVA_HOME path which should make no reference to the JRE version number.

Scenario: The environment has one JRE version, but the JAVA_HOME path has the version number included in the path, even though it points to a different JRE version after an upgrade.

Linux Scenario: The environment has JRE version: jre1.8.301 and the JAVA_HOME path is set as JAVA_HOME=/custom/jre1.8.301. When upgrading to a new JRE version, for example jre1.8.311, the new JRE gets installed with a JAVA_HOME variable that points to location: /custom/jre1.8.301.
Windows Scenario: The environment has JRE version: jre1.8.301 and the JAVA_HOME path is set as JAVA_HOME=C:\custom\jre1.8.301. When upgrading to a new JRE version, for example: jre1.8.311, the new JRE gets installed with a JAVA_HOME variable that points to location: C:/custom/jre1.8.301.

Problem: The above setup will result in JRE version confusion as the JAVA_HOME path refers to a value 'jre1.8.301' even though the actual JRE version after the upgrade is jre1.8.311.

Solution: Create a symbolic link with no version number included as part of it, and use it as the JAVA_HOME setting to install the Management Agent.

A symbolic link with no version number reference simplifies the JRE upgrade process. The upgrade will only require a change to where the symbolic link points to.

Linux Solution: JAVA_HOME=/custom/jre8-latest -> /custom/jre1.8.301
Windows Solution: JAVA_HOME=C:\custom\jre8-latest -> C:\custom\jre1.8.301

Oracle Cloud Infrastructure Documentation Try Free Tier

Management Agents Console Overview 🔗

Overview 🔗

Dashboards 🔗

Agents 🔗

Downloads and Keys 🔗

Agent Software Download 🔗

Agent Install Keys 🔗

Import Certificates for Management Agent 🔗

Update Certificates for Management Agent 🔗

Deploy Service Plug-ins 🔗

Enable Agent Logs 🔗

Manage DataSources 🔗

Control Management Agents 🔗

Manage Install Keys 🔗

Create Install Key 🔗

Copy Install Key 🔗

Download Install Key 🔗

Delete Install Key 🔗

Upgrade Management Agents 🔗

Automatic Upgrade 🔗

Manual Upgrade 🔗

Remove Management Agents 🔗

Use a Non-default OS User to Install Management Agent 🔗

Management Agent Source Credentials 🔗

Credential Types 🔗

Free-Form Credentials 🔗

Built-in Credentials 🔗

Credential Type for Management Gateways and Proxies

Credential Type for Databases

Add or Update Credentials 🔗

Delete Credentials 🔗

Add or Update Credential Alias 🔗

Delete Credential Alias 🔗

Management Agent Audit Logs 🔗

Using Java with Management Agent 🔗

Upgrade JRE on Linux 🔗

Upgrade JRE Using RPM Package 🔗

Upgrade JRE Using Compressed Archive 🔗

Upgrade JRE on Windows 🔗

Update Custom JAVA_HOME 🔗

Oracle Cloud Infrastructure Documentation
Try Free Tier

Management Agents Console Overview

Overview

Dashboards

Agents

Downloads and Keys

Agent Software Download

Agent Install Keys

Import Certificates for Management Agent

Update Certificates for Management Agent

Deploy Service Plug-ins

Enable Agent Logs

Manage DataSources

Control Management Agents

Manage Install Keys

Create Install Key

Copy Install Key

Download Install Key

Delete Install Key

Upgrade Management Agents

Automatic Upgrade

Manual Upgrade

Remove Management Agents

Use a Non-default OS User to Install Management Agent

Management Agent Source Credentials

Credential Types

Free-Form Credentials

Built-in Credentials

Add or Update Credentials

Delete Credentials

Add or Update Credential Alias

Delete Credential Alias

Management Agent Audit Logs

Using Java with Management Agent

Upgrade JRE on Linux

Upgrade JRE Using RPM Package

Upgrade JRE Using Compressed Archive

Upgrade JRE on Windows

Update Custom JAVA_HOME