Getting Started

Before you can use the Stack Monitoring service, you must ensure that your Oracle Cloud Infrastructure environment is setup correctly to allow communication between the different components and services. This section explains the steps to set up Oracle Cloud Infrastructure for Stack Monitoring.

Follow these steps to set up your Oracle Cloud Infrastructure environment:

Step 1: Create or designate a compartment to use

You can create a new compartment or use an existing one to install and configure the Stack Monitoring service. For information about compartments, see Managing Compartments.

When designating a monitoring compartment, make sure you use the same compartment for your agents as well as native OCI resources (e.g. Databases, Computes,...). For example if your EBS Instance (on OCI compute) and EBS Database are in different compartments, consider moving them to the same compartment if you want to see them in a single view. This will provide visibility to the entire stack.

Step 2: Install Management Agents

The Management Agent is a prerequisite for using the Stack Monitoring service. Users are expected to follow the appropriate Management Agent documentation.

For more information about agent installation, see:

Step 3: Create a dynamic group of all Management Agents

To interact with the Oracle Cloud Infrastructure service end-points, users must explicitly create a dynamic group to allow Management Agents to communicate with the Management Agent service (MACS).

In this step, a dynamic group is created using the Identity and Access Management service from the OCI Console. This group includes all the management agents. This is a one-time set up step, as any new management agent being installed will automatically belong to this group based on resource type definition shown below.

  • To access the Identity and Access Management service, open the navigation menu. Under Identity & Security, go to Identity and click Dynamic Groups.

  • Click Create Dynamic Group.

  • In the Create Dynamic Group dialog box, enter a name for the dynamic group, a description and the matching rules, and then click Create Dynamic Group.

Create a Dynamic Group of Management Agent Resources

Note

If you have an existing dynamic group of Management Agent resource types for given compartment, reuse it whenever possible. Do not create a new one.

For example, you create a dynamic group named Management_Agent_Dynamic_Group with the following under RULE 1:

ALL {resource.type='managementagent', resource.compartment.id='ocid1.compartment.oc1.examplecompartmentid'}

Where resource.type='managementagent' is the Management Agent resource type definition for Management Agent at dynamic group level, and resource.compartment.id value is the compartment id.

Create a Policy for Agent Communication

Once the dynamic group is created, you need to create a policies to allow the Management Agents to interact with the Management Agent service and to allow the Management Agents to upload data.

Policy Description
ALLOW DYNAMIC-GROUP Management_Agent_Dynamic_Group TO USE METRICS IN COMPARTMENT <compartment_name> where target.metrics.namespace = 'oracle_appmgmt' Allow the agent to upload metrics to Telemetry into 'oracle_appmgmt' namespace. Here, the Management_Agent_Dynamic_Group is a dynamic group of management agents in a compartment
ALLOW DYNAMIC-GROUP Management_Agent_Dynamic_Group TO {STACK_MONITORING_DISCOVERY_JOB_RESULT_SUBMIT} IN COMPARTMENT <compartment_name> Allow the agent to upload data to the discovery service. Here, the Management_Agent_Dynamic_Group is a dynamic group of management agents in a compartment

Step 4: Create users and groups

Stack Monitoring users and groups are created using the Identity and Access Management (IAM) service from Oracle Cloud Infrastructure. For information about creating and managing users and groups using the Identity and Access Management (IAM) service, see Managing Users and Managing Groups.

Create the following user groups that are needed for the Stack Monitoring.

Group Description
StackMonitoringAdminGrp Group for Users that perform admin/operator related operations. Example: Perform discovery of E-Business Suite and WebLogic entities.
StackMonitoringViewerGrp Group for Users that perform viewer related operations. Example: View discovered entities, metrics, alarms, and jobs..

Step 5: Create required policies

Stack Monitoring policies are created using the Identity and Access Management (IAM) policies. This document provides specific examples to configure your tenancy to leverage Stack Monitoring. For general information regarding OCI policies, see Getting Started with Policies.

Create Policies for Administrative Operations

The following is the list of policies to be defined to allow the users that can perform administration operations, i.e., the users that belong to the StackMonitoringAdminGrp group.

Policy Description
ALLOW GROUP StackMonitoringAdminGrp TO MANAGE stack-monitoring-family IN COMPARTMENT <compartment_name> Allow the users in the StackMonitoringAdminGrp group to do admin operations in a compartment. Eg. discovery and lifecycle operations on resources.
ALLOW GROUP StackMonitoringAdminGrp TO {MGMT_AGENT_DEPLOY_PLUGIN_CREATE, MGMT_AGENT_INSPECT, MGMT_AGENT_READ} IN COMPARTMENT <compartment_name> Allow the users in the StackMonitoringAdminGrp group to list/read agents and deploy Stack Monitoring Management Agent plugin during resource discovery when Management Agent doesn't have the plugin yet in the scope of the compartment.
ALLOW GROUP StackMonitoringAdminGrp TO READ metrics IN COMPARTMENT <compartment_name> Allow the users in the StackMonitoringAdminGrp group to read metrics in a compartment
ALLOW GROUP StackMonitoringAdminGrp to READ instances IN COMPARTMENT<compartment_name> Allow the users in the StackMonitoringAdminGrp group to read instances in a compartment
ALLOW GROUP StackMonitoringAdminGrp to MANAGE external-database-family IN COMPARTMENT <compartment_name> Allow the users in the StackMonitoringAdminGrp group to manage external databases in a compartment
ALLOW GROUP StackMonitoringAdminGrp to MANAGE alarms IN COMPARTMENT<compartment_name> Allow the users in the StackMonitoringAdminGrp group to manage alarms in a compartment
ALLOW GROUP StackMonitoringAdminGrp to USE ons-topics IN COMPARTMENT <compartment_name> Allow the users in the StackMonitoringAdminGrp to list, create, update, delete, and move subscriptions for topics in the tenancy.

Create Policies for View Operations

The following is the list of policies to be defined to allow the users that can only view the resources. The users that belong to the StackMonitoringViewerGrp group.

Policy Description
ALLOW GROUP StackMonitoringViewerGrp to READ stack-monitoring-family IN COMPARTMENT <compartment_name> Allow the users in the StackMonitoringViewerGrp group to read stack monitoring resources in a compartment
ALLOW GROUP StackMonitoringViewerGrp TO {MGMT_AGENT_INSPECT, MGMT_AGENT_READ} IN COMPARTMENT <compartment_name> Allow the users in the StackMonitoringViewerGrp group to list/read Management Agents in the scope of the compartment.
ALLOW GROUP StackMonitoringViewerGrp to READ metrics IN COMPARTMENT <compartment_name> Allow the users in the StackMonitoringViewerGrp group to read metrics in a compartment
ALLOW GROUP StackMonitoringViewerGrp to READ instances IN COMPARTMENT<compartment_name> Allow the users in the StackMonitoringViewerGrp group to read instances in a compartment
ALLOW GROUP StackMonitoringViewerGrp to READ external-database-family IN COMPARTMENT<compartment_name> Allow the users in the StackMonitoringViewerGrp group to read external databases in a compartment
ALLOW GROUP StackMonitoringViewerGrp to READ alarms IN COMPARTMENT<compartment_name> Allow the users in the StackMonitoringViewerGrp group to read alarms in a compartment