Perform Prerequisites for Deploying Management Agents

Set Up Oracle Cloud Infrastructure for Management Agents

Before you can use the Management Agent service, you must ensure that your Oracle Cloud Infrastructure environment is setup correctly to allow the communication flow between all the components and cloud services.

There are important terminology and concepts to help you get started with Oracle Cloud Infrastructure as they are described in the Oracle Cloud Infrastructure documentation.

This section explains the steps only relevant to setting up and working with Management Agent service in Oracle Cloud Infrastructure. Follow these steps to setup your Oracle Cloud Infrastructure environment:

Step 1: Create or designate compartment(s) to use

The Management Agents is an Oracle Cloud Infrastructure resource with its own resource type (management-agents) and a unique Oracle Cloud identifier (ocid). It always belongs to a compartment where the management agent will get installed and upload its metrics. There is no restriction on the number of compartments you can create.

You can create a new compartment or use an existing one. The compartment id and name is required when creating policies. For more information, see Managing Compartments from Oracle Cloud Infrastructure documentation.

Step 2: Create a user group

The management agent and the agent install key are defined as resources in Oracle Cloud Infrastructure. They are two different resource types and you need to create policies that allow users to perform actions on both resources.

Resource Type Description
management-agents Management Agent resource
management-agent-install-keys Agent Install Key resource

Oracle recommends to create policies that apply to a specific group as opposed to individual users for better user management. Any user that belongs to a specific group automatically inherits the policies and permissions of that specific group.

In this step you create a user group using the Identity and Access Management service from the OCI Console.

  • To access the Identity and Access Management service, open the navigation menu. Under Governance and Administration, go to Identity.

  • Click Groups.

  • Click Create Group.

  • In the Create Group dialog box, enter a name for the group and a description, and then click Create.

    For example, you create a group named AGENT_ADMINS.

Step 3: Create policies for user group

Policies allow the user group to manage the Oracle Cloud Infrastructure resources. In this case, there are two resources: the management agent (management-agents) and the agent install keys (management-agent-install-keys).

Table 2-1 Create Policies

Policy Statement Description
ALLOW GROUP <group_name> TO MANAGE management-agents IN COMPARTMENT <compartment_name> It allows any user that belongs to the user group to manage the management-agents resource in the specific compartment.
ALLOW GROUP <group_name> TO MANAGE management-agent-install-keys IN COMPARTMENT <compartment_name> It allows any user that belongs to the user group to manage the management-agent-install-keys resource in the specific compartment.
ALLOW GROUP <group_name> TO READ METRICS IN COMPARTMENT <compartment_name> It allows any user that belongs to the user group to see metrics uploaded by management agent.
ALLOW GROUP <group-name> TO READ USERS IN TENANCY Optional policy statement. It allows any user that belongs to the user group to read user names in tenancy and display user names as opposed to user ids in the Downloads and Keys page from the user interface.
For example, the following commands create policies for AGENT_ADMINS user group to allow it to perform all functions in Agents_Compartment compartment.
ALLOW GROUP AGENT_ADMINS TO MANAGE management-agents IN COMPARTMENT Agents_Compartment
ALLOW GROUP AGENT_ADMINS TO MANAGE management-agent-install-keys IN COMPARTMENT Agents_Compartment
ALLOW GROUP AGENT_ADMINS TO READ METRICS IN COMPARTMENT Agents_Compartment
ALLOW GROUP AGENT_ADMINS TO READ USERS IN TENANCY

When working with policy statements, remember to chain-name compartments if needed. For example, if your Agents_Compartment compartment belongs to the business_unit_1 compartment, the correct compartment name to use in the statement will be business_unit_1:Agents_Compartment.

Step 4: Create a dynamic group of all agents

To interact with the Oracle Cloud Infrastructure service end-points, customers must explicitly consent to let the management agents carry on the communication.

In this step, a dynamic group is created using the Identity and Access Management service from the OCI Console. This group includes all the management agents. This is a one-time set up step, as any new management agent being installed will automatically belong to this group based on resource type definition shown below.

  • To access the Identity and Access Management service, open the navigation menu. Under Governance and Administration, go to Identity and click Dynamic Groups.

  • Click Create Dynamic Group.

  • In the Create Dynamic Group dialog box, enter a name for the dynamic group, a description and the matching rules, and then click Create Dynamic Group.

    For example, you create a dynamic group named Management_Agent_Dynamic_Group with the following under RULE 1:

    ALL {resource.type='managementagent', resource.compartment.id='ocid1.compartment.oc1.examplecompartmentid'}

    Where resource.type='managementagent' is the managementagent resource type definition for Management Agent at dynamic group level, and resource.compartment.id value is the compartment id used in step 1.

Step 5: Create policies for agent communication

Once the dynamic group is created, you need to create policies to allow the management agents to interact with the Management Agent service and to allow the management agents to upload data to Oracle Cloud Infrastructure Monitoring service.

You may need to add similar policies if your service expects the management agent to deposit data to different services.

Table 2-2 Policies for Agent Communication

Policy Statement Description
ALLOW DYNAMIC-GROUP <dynamic_group_name> TO MANAGE management-agents IN COMPARTMENT <compartment_name> It allows management agents to interact with Management Agent cloud service in the specific compartment.
ALLOW DYNAMIC-GROUP <dynamic_group_name> TO USE METRICS IN COMPARTMENT <compartment_name> It allows management agents to upload data to OCI Monitoring service in the specific compartment.
ALLOW DYNAMIC-GROUP <dynamic_group_name> TO USE tag-namespaces in compartment <compartment_name> Optional. It's required only if you specify tags at the time of the management agent installation.
For example, the following commands allow ManagemntAgentAdmins dynamic group to interact with the Management Agent service in Agents_Compartment compartment, and upload data to Monitoring service from Oracle Cloud Infrastructure.
ALLOW DYNAMIC-GROUP ManagemntAgentAdmins TO MANAGE management-agents IN COMPARTMENT Agents_Compartment
ALLOW DYNAMIC-GROUP ManagemntAgentAdmins TO USE METRICS IN COMPARTMENT Agents_Compartment

When working with policy statements, remember to chain-name compartments if needed. For example, if your Agents_Compartment compartment belongs to the business_unit_1 compartment, the correct compartment name to use in the statement will be business_unit_1:Agents_Compartment.

Generic Prerequisites for Deploying Management Agents

Before deploying Management Agents in your hosts, ensure that the following prerequisites are met:

Oracle Cloud Infrastructure Requirements

  • You need to be familiar with Oracle Cloud Infrastructure terminology and concepts like regions, tenancy, compartments and policies. Also, you need to have privileges to create policies and groups.

    Before proceeding, you must confirm that you already set up your Oracle Cloud Infrastructure environment correctly as described on Set Up Oracle Cloud Infrastructure for Management Agents.

Supported Operating Systems

Table 2-3 Supported Operating Systems

Operating System Version

Oracle Linux

6 (64 bit), 7 (64 bit), 8 (64 bit)

Red Hat Enterprise Linux

6 (64 bit), 7 (64 bit), 8 (64 bit)

CentOS

6 (64 bit), 7 (64 bit)

SUSE Linux Enterprise Server

12 (64 bit)

Windows Server

2019 (64 bit)

2016 (64 bit)

2012 R2 (64 bit)

Operating System Requirements

  • Minimum disk requirement: 300 Mb of free disk space.

  • The memory usage is based on the service plug-in being deployed. Refer to the service plug-in documentation for details about the minimum memory requirement.

  • A user with sudo privileges responsible of installing the Management Agent software on the host or virtual host.

  • Java Development Kit (JDK) must be installed on your host prior to installing the Management Agent software.

    Ensure you have downloaded and installed JDK version 1.8 Update 162 (JDK 1.8u162) or higher before starting the Management Agent software installation process. See Java Downloads.

Network Prerequisites

  • Management Agents communicate to Oracle Cloud Infrastructure using the Management Agent service. If your network setup has a firewall, ensure you allow HTTPS communication from the host on which the agent is to be deployed to allow outbound communication.

    Oracle Cloud Infrastructure is hosted in regions. Regions are grouped into realms. Your tenancy exists in a single realm and can access all regions that belong to that realm. You cannot access regions that are not in your realm. Currently, Oracle Cloud Infrastructure has multiple realms. There is one commercial realm. There are multiple realms for Government Cloud. For more information about regions and realms, see Regions and Availability Domains.

    If the Management Agent service and the management agent are deployed in the Oracle Cloud Infrastructure commercial realm OC1, you need to make sure your host has access to *.oraclecloud.com.

    You can use any available network connectivity tool to verify connectivity with the data center.

    For information about the IP address ranges for services that are deployed in Oracle Cloud Infrastructure, see IP Address Ranges.

    The following example table lists the ports that need to be open for communication.
    Direction Port Protocol Reason

    Proxy server to external

    443

    HTTPS

    Communication with Oracle Cloud Infrastructure services.