1. Installing and Managing Oracle Management Cloud Agents
  2. Agent Administration Tasks
  3. Manage Agent Credentials
  4. Add Credentials

Add Credentials

Add credentials to an agent credential store:

  1. Login as the user who installed the agent.

    $ su oracle

  2. Navigate to the omcli directory location. 

    $ cd <AGENT_BASE_DIR>/agent_inst/bin

  3. Start the agent if it’s not already running.

    $ omcli start agent

  4. Create and save a JSON file with all the credential information.

    For example, you can save it with filename: cred.json.

    There are different types of credentials:

    • HostSSHCreds: This a host credential using SSH Keys. 

      [
  {
    "entity": "omc_host_linux.<HOST_NAME>",
    "name": "omc_oracle_<HOST_NAME>-HostSSHCreds",
    "type": "HostSSHCreds",
    "globalName": "emcosComplianceCredSSHKey",
    "description": "SSH Credential for the agent omcagentuser",
    "properties": [
     { "name":"USERNAME", "value":"CLEAR[omcagentuser]" },
     { "name":"SSH_PVT_KEY", "value":"FILE[<YourUsername>/.ssh/id_rsa]" },
     { "name":"SSH_PUB_KEY", "value":"FILE[<YourUsername>/.ssh/id_rsa.pub]" }
   ]
  }
]

      Where:

      • “entity” is the entity field. If you are working with a Linux agent, use the value: “omc_host_linux.<HOST_NAME>”. If you are working with an AIX agent, use the value: “omc_host_aix.<HOST_NAME>”. For example: “omc_host_linux.host1.example.com” for a Linux agent.

      • <HOST_NAME> is the fully qualified name of your host. For example: host1.example.com

      • “name” is any name for your credential. We recommend that you name this credential your host name followed by HostSSHCreds. For example: "host1.example.com-HostSSHCreds".

      • "type" is the credential type. “HostSSHCreds” is used for SSH Key credentials type.

      • "globalName" is the global name for the credential. It is the credential's name within a "global" namespace (where global actually is only global to this Oracle Management Cloud agent, not global throughout Oracle Management Cloud).

      • "description" is the credential description.

      • “SSH_PVT_KEY” is the OS user's private key, for public/private key-based authentication schemes.

      • “SSH_PUB_KEY” is the OS user's public key, for public/private key-based authentication schemes.

      • <YourUsername> is the OS user name used as your SSH credential.

      • All other field values must remain as listed. They are reserved values.

    • HostSSHPwdCreds: This is a host credential using SSH Password. 

      [
  {
    "entity":"omc_host_linux.<HOST_NAME>",
    "name":"<HOST_NAME>-HostSSHPwdCreds",
    "type":"HostSSHPwdCreds",
    "globalName":"emcosComplianceCred",
    "description":"SSH Credential for the host entity",
    "properties":[
      { "name":"USERNAME", "value":"CLEAR[<YourUsername>]"},
      { "name":"PASSWORD", "value":"CLEAR[<YourPassword>]"}
    ]
  }
]

      Where:

      • “entity” is the entity field. If you are working with a Linux agent, use the value: “omc_host_linux.<HOST_NAME>”. If you are working with an AIX agent, use the value: “omc_host_aix.<HOST_NAME>”. For example: “omc_host_linux.host1.example.com” for a Linux agent.

      • <HOST_NAME> is the fully qualified name of your host. For example: host1.example.com

      • “name” is any name for your credential. We recommend that you name this credential your host name followed by HostSSHPwdCreds. For example: "host1.example.com-HostSSHPwdCreds".

      • "type" is the credential type. “HostSSHPwdCreds” is used for SSH password credentials type.

      • "globalName" is the global name for the credential. It is the credential's name within a "global" namespace (where global actually is only global to this Oracle Management Cloud agent, not global throughout Oracle Management Cloud).

      • "description" is the credential description.

      • <YourUsername> is the OS user name used as your SSH credential.

      • <YourPassword> is the OS user’s password for your SSH credential.

      • All other field values must remain as listed. They are reserved values.

    • Other types: There are other credentials types that are used by different OMC components.

      For example, the credential type: DBCredsNormal is a database credential used by Log Analytics for Oracle database instance credentials. 

      [
  {
    "entity":"omc_oracle_db_instance.<Entity Name>",
    "name":"LCAgentDBCreds",
    "type":"DBCredsNormal",
    "usage":"LOGANALYTICS",
    "globalName":"AgentUserCredential",
    "description":"DB Credentials",
    "properties":[
      { "name":"USERNAME", "value":"CLEAR[<DBUsername>]"},
      { "name":"PASSWORD", "value":"CLEAR[<DBPassword>]"}
      { "name":"ROLE", "value":"CLEAR[<DBRole>]"}
    ]
  }
]

      Where:

      • “entity” is the entity field. If you are working with an Oracle database instance, use the value: “omc_oracle_db_instance.<ENTITY NAME>”. For example: “omc_oracle_db_instance.example_instance/orcl” if your database name is: example_instance.

      • “name” is any name for your credential. For example: "LCAgentDBCreds" is used for the name of the database credentials used by the cloud agent to collect the log data from the entity.

      • "type" is the credential type. “DBCredsNormal” is used for Oracle database credentials type.

      • "globalName" is the global name for the credential. It is the credential's name within a "global" namespace (where global actually is only global to this Oracle Management Cloud agent, not global throughout Oracle Management Cloud).

      • "usage" is the credentials usage. For example: "LOGANALYTICS" since this credential is used for Log Analytics.

      • "description" is the credential description.

      • <DBUsername> is the database user name used for the database credential. For example, SYS database user.

      • <DBPassword> is the database user’s password for your database credential. For example, the password of SYS database user.

      • <DBRole> is the database role for your database credential. For example, the SYSDBA database role for the database user. The ROLE property is optional.

      • All other field values must remain as listed. They are reserved values.

  5. Add credentials using a JSON file. 

    $ omcli add_credentials agent -credential_file CREDENTIALS_FILE [ -encryption_method_gpg ] [ -allow_entityless ]

    The command adds credentials based on the description in the JSON file.

    Where:

    • -credential_file: a credential file will be used.

    • CREDENTIALS_FILE: the filename of the credential file that will be used. The credentials are listed in the CREDENTIALS_FILE file. For example, the name of the JSON file that you just created in step 4: cred.json.

    • -encryption_method_gpg: the credentials file has been encrypted using symmetric GNU Privacy Guard (gpg), and a passphrase may be needed.

    • -allow_entityless: the agent will not complain about credentials that are missing the entity field. However, a global name should be supplied if an entity is not.

    For example, you can run the following:
    $ omcli add_credentials agent -credential_file cred.json