Perform Prerequisites for Deploying Management Agents

Set Up Oracle Cloud Infrastructure for Management Agents

Before you can use the Management Agent service, you must ensure that your Oracle Cloud Infrastructure environment is setup correctly to allow the communication flow between all the components and cloud services.

There are important terminology and concepts to help you get started with Oracle Cloud Infrastructure as they are described in the Oracle Cloud Infrastructure documentation.

This section explains the steps only relevant to setting up and working with Management Agent service in Oracle Cloud Infrastructure. Follow these steps to setup your Oracle Cloud Infrastructure environment:
Note

Starting March 29, 2022, dynamic group policies, related to Management Agent, are not required to be added manually since OCI Management Agent cloud service will automatically enforce the authorization and permissions in the backend.

For more information about dynamic group policies requirement for other Observability & Management OCI services, refer to the specific OCI service documentation.

Step 1: Create or designate compartment(s) to use

The Management Agents is an Oracle Cloud Infrastructure resource with its own resource type (management-agents) and a unique Oracle Cloud identifier (ocid). It always belongs to a compartment where the management agent will get installed and upload its metrics. There is no restriction on the number of compartments you can create.

You can create a new compartment or use an existing one. The compartment id and name is required when creating policies. For more information, see Managing Compartments from Oracle Cloud Infrastructure documentation.

Step 2: Create a user group

The management agent and the agent install key are defined as resources in Oracle Cloud Infrastructure. They are two different resource types and you need to create policies that allow users to perform actions on both resources.

Resource Type Description
management-agents Management Agent resource
management-agent-install-keys Agent Install Key resource

Oracle recommends to create policies that apply to a specific group as opposed to individual users for better user management. Any user that belongs to a specific group automatically inherits the policies and permissions of that specific group.

In this step you create a user group using the Identity and Access Management service from the OCI Console.

  • To access the Identity and Access Management service, open the navigation menu. Under Identity & Security, go to Identity.

  • Click Groups.

  • Click Create Group.

  • In the Create Group dialog box, enter a name for the group and a description, and then click Create.

    For example, you create a group named AGENT_ADMINS.

Step 3: Create policies for user group

Policies allow the user group to manage the Oracle Cloud Infrastructure resources. In this case, there are two resources: the management agent (management-agents) and the agent install keys (management-agent-install-keys).

Table 2-1 Create Policies

Policy Statement Description
ALLOW GROUP <group_name> TO MANAGE management-agents IN COMPARTMENT <compartment_name> It allows any user that belongs to the user group to manage the management-agents resource in the specific compartment.
ALLOW GROUP <group_name> TO MANAGE management-agent-install-keys IN COMPARTMENT <compartment_name> It allows any user that belongs to the user group to manage the management-agent-install-keys resource in the specific compartment.
ALLOW GROUP <group_name> TO READ METRICS IN COMPARTMENT <compartment_name> It allows any user that belongs to the user group to see metrics uploaded by management agent.
ALLOW GROUP <group-name> TO READ USERS IN TENANCY Optional policy statement. It allows any user that belongs to the user group to read user names in tenancy and display user names as opposed to user ids in the Downloads and Keys page from the user interface.
For example, the following commands create policies for AGENT_ADMINS user group to allow it to perform all functions in Agents_Compartment compartment.
ALLOW GROUP AGENT_ADMINS TO MANAGE management-agents IN COMPARTMENT Agents_Compartment
ALLOW GROUP AGENT_ADMINS TO MANAGE management-agent-install-keys IN COMPARTMENT Agents_Compartment
ALLOW GROUP AGENT_ADMINS TO READ METRICS IN COMPARTMENT Agents_Compartment
ALLOW GROUP AGENT_ADMINS TO READ USERS IN TENANCY

When working with policy statements, remember to chain-name compartments if needed. For example, if your Agents_Compartment compartment belongs to the business_unit_1 compartment, the correct compartment name to use in the statement will be business_unit_1:Agents_Compartment.

Generic Prerequisites for Deploying Management Agents

Before deploying Management Agents in your hosts, ensure that the following prerequisites are met:

Oracle Cloud Infrastructure Requirements

  • You need to be familiar with Oracle Cloud Infrastructure terminology and concepts like regions, tenancy, compartments and policies. Also, you need to have privileges to create policies and groups.

    Before proceeding, you must confirm that you already set up your Oracle Cloud Infrastructure environment correctly as described in Set Up Oracle Cloud Infrastructure for Management Agents.

Supported Operating Systems

Table 2-2 Supported Operating Systems

Operating System Version

Oracle Linux

6 (64 bit), 7 (64 bit), 8 (64 bit)

Red Hat Enterprise Linux

6 (64 bit), 7 (64 bit), 8 (64 bit)

CentOS

7 (64 bit), 8 (64 bit)

SUSE Linux Enterprise Server

12 (64 bit), 15 (64 bit)

Windows Server

2019 (64 bit), 2016 (64 bit), 2012 R2 (64 bit)

Windows Desktop

10

It's only supported when using Java Management service. For details, see Java Management service and Installing a Management Agent for Java Management Service.

Oracle Solaris 11
Ubuntu 20.04

Operating System Requirements

  • Minimum disk requirement: 300 Mb of free disk space.

  • The memory usage is based on the service plug-in being deployed. Refer to the service plug-in documentation for details about the minimum memory requirement.

  • A user with sudo privileges responsible of installing the Management Agent software on the host or virtual host.

  • Java Development Kit (JDK) or Java Runtime Environment (JRE) must be installed on your host prior to installing the Management Agent software.

    Ensure you have downloaded and installed the latest version of JDK or JRE (version 1.8u281 or higher) before starting the Management Agent software installation process.

    For details about JDK and JRE download and installation instructions, see Java Downloads.

    For information about JDK and JRE upgrade, see Using Java with Management Agent.

Network Prerequisites

  • Management Agents communicate to Oracle Cloud Infrastructure using the Management Agent service. If your network setup has a firewall, ensure you allow HTTPS communication from the host on which the agent is to be deployed to allow outbound communication.

    Oracle Cloud Infrastructure is hosted in regions. Regions are grouped into realms. Your tenancy exists in a single realm and can access all regions that belong to that realm. You cannot access regions that are not in your realm. Currently, Oracle Cloud Infrastructure has multiple realms. There is one commercial realm. There are multiple realms for Government Cloud. For more information about regions and realms, see Regions and Availability Domains.

    If the Management Agent service and the management agent are deployed in the Oracle Cloud Infrastructure commercial realm OC1, you need to make sure your host has access to *.oraclecloud.com.

    You can use any available network connectivity tool to verify connectivity with the data center.

    For information about the IP address ranges for services that are deployed in Oracle Cloud Infrastructure, see IP Address Ranges.

    The following example table lists the ports that need to be open for communication.
    Direction Port Protocol Reason

    Proxy server to external

    443

    HTTPS

    Communication with Oracle Cloud Infrastructure services.