Add Credentials
Add credentials to an agent credential store:
-
Login as the user who installed the agent.
$ su oracle
-
Navigate to the
omcli
directory location.$ cd <AGENT_BASE_DIR>/agent_inst/bin
-
Start the agent if it’s not already running.
$ omcli start agent
-
Create and save a JSON file with all the credential information.
For example, you can save it with filename: cred.json.
There are different types of credentials:
-
HostSSHCreds: This a host credential using SSH Keys.
[ { "entity": "omc_host_linux.<HOST_NAME>", "name": "omc_oracle_<HOST_NAME>-HostSSHCreds", "type": "HostSSHCreds", "globalName": "emcosComplianceCredSSHKey", "description": "SSH Credential for the agent omcagentuser", "properties": [ { "name":"USERNAME", "value":"CLEAR[omcagentuser]" }, { "name":"SSH_PVT_KEY", "value":"FILE[<YourUsername>/.ssh/id_rsa]" }, { "name":"SSH_PUB_KEY", "value":"FILE[<YourUsername>/.ssh/id_rsa.pub]" } ] } ]
Where:
-
“entity” is the entity field. If you are working with a Linux agent, use the value: “omc_host_linux.<HOST_NAME>”. If you are working with an AIX agent, use the value: “omc_host_aix.<HOST_NAME>”. For example: “omc_host_linux.host1.example.com” for a Linux agent.
-
<HOST_NAME> is the fully qualified name of your host. For example: host1.example.com
-
“name” is any name for your credential. We recommend that you name this credential your host name followed by HostSSHCreds. For example: "host1.example.com-HostSSHCreds".
-
"type" is the credential type. “HostSSHCreds” is used for SSH Key credentials type.
-
"globalName" is the global name for the credential. It is the credential's name within a "global" namespace (where global actually is only global to this Oracle Management Cloud agent, not global throughout Oracle Management Cloud).
-
"description" is the credential description.
-
“SSH_PVT_KEY” is the OS user's private key, for public/private key-based authentication schemes.
-
“SSH_PUB_KEY” is the OS user's public key, for public/private key-based authentication schemes.
-
<YourUsername> is the OS user name used as your SSH credential.
-
All other field values must remain as listed. They are reserved values.
-
-
HostSSHPwdCreds: This is a host credential using SSH Password.
[ { "entity":"omc_host_linux.<HOST_NAME>", "name":"<HOST_NAME>-HostSSHPwdCreds", "type":"HostSSHPwdCreds", "globalName":"emcosComplianceCred", "description":"SSH Credential for the host entity", "properties":[ { "name":"USERNAME", "value":"CLEAR[<YourUsername>]"}, { "name":"PASSWORD", "value":"CLEAR[<YourPassword>]"} ] } ]
Where:
-
“entity” is the entity field. If you are working with a Linux agent, use the value: “omc_host_linux.<HOST_NAME>”. If you are working with an AIX agent, use the value: “omc_host_aix.<HOST_NAME>”. For example: “omc_host_linux.host1.example.com” for a Linux agent.
-
<HOST_NAME> is the fully qualified name of your host. For example: host1.example.com
-
“name” is any name for your credential. We recommend that you name this credential your host name followed by HostSSHPwdCreds. For example: "host1.example.com-HostSSHPwdCreds".
-
"type" is the credential type. “HostSSHPwdCreds” is used for SSH password credentials type.
-
"globalName" is the global name for the credential. It is the credential's name within a "global" namespace (where global actually is only global to this Oracle Management Cloud agent, not global throughout Oracle Management Cloud).
-
"description" is the credential description.
-
<YourUsername> is the OS user name used as your SSH credential.
-
<YourPassword> is the OS user’s password for your SSH credential.
-
All other field values must remain as listed. They are reserved values.
-
-
Other types: There are other credentials types that are used by different OMC components.
For example, the credential type: DBCredsNormal is a database credential used by Log Analytics for Oracle database instance credentials.
[ { "entity":"omc_oracle_db_instance.<Entity Name>", "name":"LCAgentDBCreds", "type":"DBCredsNormal", "usage":"LOGANALYTICS", "globalName":"AgentUserCredential", "description":"DB Credentials", "properties":[ { "name":"USERNAME", "value":"CLEAR[<DBUsername>]"}, { "name":"PASSWORD", "value":"CLEAR[<DBPassword>]"} { "name":"ROLE", "value":"CLEAR[<DBRole>]"} ] } ]
Where:
-
“entity” is the entity field. If you are working with an Oracle database instance, use the value: “omc_oracle_db_instance.<ENTITY NAME>”. For example: “omc_oracle_db_instance.example_instance/orcl” if your database name is:
example_instance
. -
“name” is any name for your credential. For example: "LCAgentDBCreds" is used for the name of the database credentials used by the cloud agent to collect the log data from the entity.
-
"type" is the credential type. “DBCredsNormal” is used for Oracle database credentials type.
-
"globalName" is the global name for the credential. It is the credential's name within a "global" namespace (where global actually is only global to this Oracle Management Cloud agent, not global throughout Oracle Management Cloud).
-
"usage" is the credentials usage. For example: "LOGANALYTICS" since this credential is used for Log Analytics.
-
"description" is the credential description.
-
<DBUsername> is the database user name used for the database credential. For example, SYS database user.
-
<DBPassword> is the database user’s password for your database credential. For example, the password of SYS database user.
-
<DBRole> is the database role for your database credential. For example, the SYSDBA database role for the database user. The ROLE property is optional.
-
All other field values must remain as listed. They are reserved values.
-
-
-
Add credentials using a JSON file.
$ omcli add_credentials agent -credential_file CREDENTIALS_FILE [ -encryption_method_gpg ] [ -allow_entityless ]
The command adds credentials based on the description in the JSON file.
Where:
-
-credential_file
: a credential file will be used. -
CREDENTIALS_FILE
: the filename of the credential file that will be used. The credentials are listed in theCREDENTIALS_FILE
file. For example, the name of the JSON file that you just created in step 4: cred.json. -
-encryption_method_gpg
: the credentials file has been encrypted using symmetric GNU Privacy Guard (gpg), and a passphrase may be needed. -
-allow_entityless
: the agent will not complain about credentials that are missing the entity field. However, a global name should be supplied if an entity is not.
For example, you can run the following:$ omcli add_credentials agent -credential_file cred.json
-