Common Prerequisites for Deploying Oracle Management Cloud Agents

Before deploying Oracle Management Cloud agents (gateways, data collectors, or cloud agents) in your data center, ensuure that the following prerequisites are met:

General Prerequisites

  • If you have subscriptions to IT Analytics or Log Analytics, and if you want to collect data from an existing on-premises Oracle Enterprise Manager setup, then you need to have an existing deployment of any one of the following in your data center.

    • Oracle Enterprise Manager Cloud Control 12.1.0.3

    • Oracle Enterprise Manager Cloud Control 12.1.0.4

    • Oracle Enterprise Manager Cloud Control 12.1.0.5

    • Oracle Enterprise Manager Cloud Control 13.1.0.x

    • Oracle Enterprise Manager Cloud Control 13.2.0.x

  • If you have subscriptions to all of the Oracle Management Cloud services, Oracle recommends that you add them to the same identity domain.

  • When you’re deploying agents on UNIX-based hosts, root privileges are required, or you have to log in as a user with root privileges to be able to run the root.sh script (which is a part of the agent deployment process). Running root.sh as a root user adds entries in the /etc/init.d file to restart the agent automatically in case of server reboot. If you don’t wish to run root.sh post install or upgrade, it will not hamper any functionality,and the script can also be run later. If you have not run the script, when there is a server reboot, you must manually restart the agent

  • For UNIX-based hosts, ensure that the cloud agent has the correct privileges to read the log files from where data needs to be collected.

    You can use either of the following ways (in order of best practice) to make the log files readable to the cloud agent:

    • Use Access Control Lists (ACLs) to enable the cloud agent user to read the log file path and log files. ACL provides a flexible permission mechanism for file systems. Ensure that the full path to the log files is readable through ACL.

      To set up an ACL in a UNIX-based host:

      1. Determine whether the system that contains the log files has the acl package:

        rpm -q acl

        If the system contains the acl package, then the preceding command should return:

        acl-2.2.39-8.el5

        If the system doesn’t have the acl package, then download and install the package.

      2. Grant the cloud agent user read access to the required log file:

        setfacl -m u:<agentuser>:r file <path to the log file/log file name>

        Grant the cloud agent user read access to the leading path or folders as well by running the following command:

        setfacl -d -m u:<agentuser>:r file <path to the parent folder of the log file>

    • Place the cloud agent and the product that generates the logs in the same user group, and make the files readable to the entire group.

    • Install the cloud agent as the user that also owns the logs. This is difficult to achieve if there are a lot of different logs owned by different users on same host.

    • Make log files readable to all users. For example, chmod o+r <file>

  • Ensure that you deploy the Oracle Management Cloud agents in the following sequence

    1. Gateway

    2. Data Collector

    3. Cloud Agents

  • If you’ve already enrolled to an existing Oracle Management Cloud Service (such as IT Analytics or Log Analytics), and if you enroll another service for the same targets, then you can re-use the existing gateway, data collector, and cloud agents. Additional cloud agents can be deployed only if you want to monitor new targets.

  • TLS 1.2 version is supported for OMC agents.

  • If you are installing the cloud agent for the first time, you need a CURL version that supports the TLS 1.2 protocol. For steps on how to check the TLS protocol version, see Troubleshooting.

    Note:

    The TLS 1.2 protocol is not required if you are upgrading an agent.
  • While installing the agent, if the system hostname does not resolve to a fully qualified domain name (FQDN), because you are not using DNS, then, add the fully qualified domain name in the /etc/hosts file and ensure that it maps to the correct host name and IP address of the host. Ensure that the localhost is reachable and resolves to 127.0.0.1. The recommended format is as follows:

    <ip> <fully_qualified_host_name> <short_host_name>

    For example:

    If your hostname is "myhost" and your domain is example.com (IPv4):

    172.16.0.0 myhost.example.com myhost

    If your hostname is is "myhost" and your domain is example.com (IPv6):

    aaaa::111:2222:3333:4444 myhost.example.com myhost

    You can run the following commands to verify this. You should see the same hostname and IP address displayed.

     $getent hosts `hostname`
     $host `hostname -f`

    In the output, the fully qualified domain name must appear in the second field as specified in the /etc/hosts file.

    If you can ensure that there are no short host name duplicates in your environment, you can bypass the FQDN requirement by using the -ignorePrereqs argument as follows:

    AgentInstall.sh|AgentInstall.bat -ignorePrereqs ORACLE_HOSTNAME=<your short host name> [other required parameters]

    Note that the ORACLE_HOSTNAME value you specify in this case is not validated by the installer in any way. The agent installation will succeed and the agent will be configured with this exact host name value. You must ensure that the host name can be resolved to a valid address. Oracle Management Cloud will communicate with this agent at this address.

  • Ensure that the noexec option has not been set on the agent home mount point. If this parameter is set, the entire filesystem disallows execution. You can use the $mount command or check the filesystem in the mount options (/etc/fstab) to verify if the noexec option has been set.

  • Ensure that the agent install user has full control (read/write/delete permissions) on the entire directory (including the base directory) in which the agent is being installed. After installation, if you change the permissions in any of the directories, agent life cycle operations such as update or delete will fail.

Permissions Required for Installing Agent on Windows

You must deploy agent on windows as administrator and ensure that necessary permissions have been set as follows:

  • From the Start menu, click Settings, then click Control Panel. From the Control Panel window, click Administrative Tools, and then click Local Security Policy. Expand the Local Policies folder and open the User Rights Assignment folder and set the following permissions:

    • Act as part of the operating system

    • Adjust memory quota for a process

    • Replace process level tokens

    • Log on as a batch job

Permissions Required On the Agent Base Directory

From the 1.19 release, when an agent is upgraded, you need not run the root.sh script after the upgrade to restart the agent host machine. A symbolic link is defined in the Agent Base directory that points to the latest version of the Agent Oracle Home directory. Due to this, the Agent Base directory must have the following permissions:
  • The agent install user must be the owner of the directory.

  • Either the root user or the agent install user can be the owner of the agent base parent directories.

  • Only the owners of the Agent Base directory and its parent directories should have the write permissions on those directories.

Supported Operating Systems and Software Packages

This section covers the list of supported operating systems and software packages that are required for deployment of gateways, data collectors, and cloud agents on the target hot. requirements for deploying Oracle Management Cloud Agents.

The following table provides definitions for small, medium, and large deployments.

Size Number of Oracle Enterprise Manager Agents in Your Data Center Number of Targets
Small <100 <100
Medium 100-1,000 100-1,000
Large >1,000 >1,000

Software Package Requirements (for Target Host) for Deploying Gateways, Data Collectors, and Cloud Agents

The following table lists the software packages that are required for the target host.

Note:

Oracle recommends that you use a curl version that supports the TLS 1.2 protocol.
Operating System Required Packages
  • Red Hat Enterprise Linux 5 or higher (64 bit)

  • libaio-0.3.106-3.2

  • glibc-common-2.5-34

  • setarch-2.0-1.1

  • sysstat-7.0.2-3.el5

  • rng-utils-2.0-1.14.1.fc6

  • libstdc++-4.1.2-44.el5

  • Red Hat Enterprise Linux 6 or higher (64 bit)

  • libaio-0.3.107

  • glibc-common-2.12-1.7

  • sysstat-9.0.4

  • Red Hat Enterprise Linux 7 or higher (64 bit)

  • libaio-0.3.109-12.el7.x86_64

  • glibc-common-2.17-78

  • libstdc++-4.8.3-9

  • sysstat-7.0.2-12

  • Oracle Enterprise Linux 5 or higher (64 bit)

  • libaio-0.3.109-12.el7.x86_64

  • glibc-common-2.17-78

  • libstdc++-4.8.3-9

  • sysstat-7.0.2-12

  • Oracle Enterprise Linux 6 or higher (64 bit)

  • libaio-0.3.107

  • glibc-common-2.12-1.7

  • sysstat-9.0.4

  • Oracle Enterprise Linux 7 or higher (64 bit)

  • libaio-0.3.109-12.el7.x86_64

  • glibc-common-2.17-78

  • libstdc++-4.8.3-9

  • sysstat-7.0.2-12

  • SUSE Linux Enterprise Server 11 (x86_64)

  • Oracle recommends that you use a curl version that supports the TLS 1.2 protocol.
  • AIX 6.1 or higher

  • bos.adt.base(0.0)

  • bos.adt.lib(0.0)

  • bos.adt.libm(0.0)

  • bos.perf.libperfstat(0.0)

  • bos.perf.perfstat(0.0)

  • bos.perf.proctools(0.0)

  • rsct.basic.rte(0.0)

  • rsct.compat.clients.rte(0.0)

  • xlC.aix61.rte.(9.0.0.0)

  • xlC.rte.(9.0.0.0)

  • unzip 5.52

  • AIX 7.1 or higher

  • bos.adt.base(0.0)

  • bos.adt.lib(0.0)

  • bos.adt.libm(0.0)

  • bos.perf.libperfstat(0.0)

  • bos.perf.perfstat(0.0)

  • bos.perf.proctools(0.0)

  • rsct.basic.rte(0.0)

  • rsct.compat.clients.rte(0.0)

  • xlC.aix61.rte.(10.1.0.0)

  • xlC.rte.(10.1.0.0)

  • unzip 5.52

  • Solaris SPARC 10 or higher

  • SUNWbtool

  • Solaris SPARC 11 or higher

  • SUNWbtool

  • SunWhea or system/header

  • SUNWlibm

  • SUNWlibms

  • SUNWsprot

  • SUNWtoo

  • SUNWlibC

  • SUNWcsl

  • Microsoft Windows 2008 Enterprise R2 (Intel 64-bit, Developer) and higher

  • Microsoft Windows Server 2012 Standard (64 bit)

  • Microsoft Windows 2012 Standard R2 (Intel 64-bit, Developer) and higher

  • Microsoft Visual C++ 2008 Redistributable -x86

Note:

Oracle recommends that you use a curl version that supports the TLS 1.2 protocol.

Network Prerequisites

  • If you are unable to access the Oracle Management Cloud service or deploy the cloud agents due to a firewall, add *.oraclecloud.com to permit outbound communication.

  • To test the agent connectivity to OMC, run the following command on the host on which the agent is to be deployed and specify the <tenant_id> and the <data_center> as follows:

    curl -I https://<tenant id>.<data center>/registry
    curl -insecure -I https://<tenant id>.<data center>/registry

    For example:

    $ curl -I --insecure https://abc.itom.management.us2.oraclecloud.com/registry
    HTTP/1.0 200 Connection established
    HTTP/1.1 403 Forbidden
    Date: Thu, 30 Mar 2017 13:59:00 GMT
    X-Frame-Options: SAMEORIGIN
    Content-Type: application/json
    X-ORACLE-DMS-ECID: 005IzCOIQRUAxGj5p3WByY0003In0000z6
    APIGW: true
    Cache-Control: no-cache,no-store
    Content-Language: en
    
    $ curl -I https://abc.itom.management.us2.oraclecloud.com/registry
    HTTP/1.0 200 Connection established
    HTTP/1.1 403 Forbidden
    Date: Thu, 30 Mar 2017 13:59:03 GMT
    X-Frame-Options: SAMEORIGIN
    Content-Type: application/json
    X-ORACLE-DMS-ECID: 005IzCOU5wsAxGj5p3_AiY00045b0000zP
    APIGW: true
    Cache_Control: no-cache,no-store
    Content Language: en
  • You can also ping or telnet the data center.

    For example:

    For US data center: ping itom.management.us2.oraclecloud.com

    For Europe data center: ping itom.management.europe.oraclecloud.com

Deploying the Oracle Management Cloud Agents Over a Proxy Server

If you are trying to deploy the Oracle Management Cloud agents (or you need any host to connect to Oracle Management Cloud) over a proxy server, set the proxy variables, http_proxy and https_proxy on the host where you’re deploying the agents.

  • To set the proxy variables on Linux using Bash shell, follow these steps:

    If you are trying to deploy the Oracle Management Cloud agents (or you need any host to connect to Oracle Management Cloud) over a proxy server, set the proxy variables, http_proxy and https_proxy on the host where you’re deploying the agents.

    1. Run the following commands:
      • export http_proxy=http://www-hostname.abc.com:<port>/

      • export https_proxy=http://www-hostname.example.com:<port>/

    2. Before running the AgentInstall.sh script, in the terminal window, run the following command to test that the environment variables are set:

      • echo $http_proxy http://www-hostname.example.com:<port>/
      • echo $https_proxy http://www-hostname.example.com:<port>/
    3. If your proxy server requires a password, set the proxy variables as follows:

      • export http_proxy=http://<username>:<password>@www-hostname.abc.com:<port>/

      • export https_proxy=http://<username>:<password>@www-hostname.example.com:<port>/

      The password cannot contain any special characters such as @.

    4. Create a file for the proxy details, let us call it agent.properties and add the following parameters:

      cat agent.properties
      	OMC_PROXYHOST=<Your proxy server address>
      	OMC_PROXYPORT=<Your proxy server port>
      	OMC_PROXYREALM=<Your proxy realm>
      	OMC_PROXYUSER=<Your proxy user name>
      	OMC_PROXYPWD=<Your proxy user password>

    Once this file has been created, it can be used to deploy all cloud agents.

  • To set the proxy variables on Windows:

    1. Follow these steps:

      1. Right-click My Computer, and then click Properties.

      2. Click the Advanced tab and then click Environment variables.

      3. Click New to add a new variable name and value and add the following variables.

        • http_proxy=http://www-hostname.abc.com:<port>/

        • https_proxy=http://www-hostname.example.com:<port>/

    2. Before running the AgentInstall.bat script, in the command prompt, run the following command to test that the environment variables are set:

      • echo %http_proxy%  http://www-hostname.example.com:<port>/

      • https_proxy: http://<username>:<password>@www-hostname.example.com:<port>/

    3. If the proxy server requires a password, set the proxy variables as follows:

      • http_proxy: http://<username>:<password>@www-hostname.abc.com:<port>/

      • https_proxy: http://<username>:<password>@www-hostname.example.com:<port>/

    4. Create a file for the proxy details, let us call it agent.properties. Check whether the values of the proxy variables are set to your proxy server and port values:

      type agent.properties
      	OMC_PROXYHOST=<Your proxy server address>
      	OMC_PROXYPORT=<Your proxy server port>
      	OMC_PROXYREALM=<Your proxy realm>
      	OMC_PROXYUSER=<Your proxy user name>
      	OMC_PROXYPWD=<Your proxy user password>

      Ensure that you pass the agent.properties file as a parameter to the AgentInstall.sh or AgentInstall.bat script when you are deploying a gateway, a data collector, or cloud agents over a proxy server.

Enabling Collection of Database Performance Data (IT Analytics)

If you want to collect database performance data for IT Analytics, you need to set the following permissions on the cloud agent.

  • While deploying the cloud agent, ensure that cloud agent host user and the Enterprise Manager on-premises agent host user are the same. This will allow the user to connect to the database target using the Enterprise Manager monitoring credentials and collect database performance data.

  • If the cloud agent host user is different but belongs to the same group as the Enterprise Manager on-premises host user, the cloud agent host user must have read permissions on the sysman/emd/targets.xml and sysman/config/private.properties files. To grant read access, log in as the on-premises host user and grant the following permissions:

        cd $AGENT_HOME/agent_inst    # AGENT_HOME is the On Premise agent installation directory
        chmod g+x sysman
        chmod g+x sysman/emd
        chmod g+x sysman/config

    When execution permission is granted, all users in the group will have view and read access on the directory by default. If the permissions are not available, you can grant them as follows:

        cd $AGENT_HOME/agent_inst    # AGENT_HOME is the On Premise agent installation directory
        chmod g+r sysman/emd/targets.xml
        chmod g+r sysman/config/private.properties