1. Cloud Administration Guide
  2. Setting Up and Using Oracle Compute
  3. Discovering an Oracle Public Cloud Machine

11 Discovering an Oracle Public Cloud Machine

This chapter describes the process for discovering and adding the Oracle Public Cloud Machine as a target that can be monitored and managed by Enterprise Manager. It also covers the steps for adding (or registering) the associated Oracle Compute Site as a target.

Deploying a Shared Management Agent to the Privileged Control VMs

Before you can discover the Oracle Public Cloud Machine target, you must deploy a shared Management Agent to the two privileged control VMs installed by default in the Oracle Public Cloud Machine rack. These VMs have access to the Ethernet admin network, and are needed by Management Agents monitoring hardware targets.

Deploying a Management Agent to the First Privileged Control VM

To deploy a Management Agent to the first privileged control VM in the Oracle Public Cloud Machine rack:

  1. Log into Oracle Compute node 2 as the oracleadmin user.

  2. Identify the first control VM. To do so, run the following command:

    discover -f shellvars |grep controlvm |grep Eth-admin

    Note:

    The control VM information is also provided when running the PCMA tool.

    The command will return the IP addresses of the two privileged control VMs; for example:

    rack_0_control_vm_controlvm1_Eth-admin=10.000.000.01
rack_0_control_vm_controlvm2_Eth-admin=10.000.000.02

    After getting the IP Address, resolve and get the host name.

    Note:

    If the control VM2 on your rack is not accessible from outside the rack using this IP, then you can use the Ethernet-over-InfiniBand (EoIB) management IP/ hostname. To get this information:
    discover -f shellvars |grep controlvm |grep EoIB-oms
rack_0_control_vm_controlvm1_EoIB-oms=10.000.000.01
rack_0_control_vm_controlvm2_EoIB-oms=10.000.000.02

  3. Log in to the first privileged control VM as the root user.

  4. From the Setup menu in Enterprise Manager, select Add Target, then Add Targets Manually

  5. On the Add Targets Manually page, select the Add Host Targets option, then click Add Host as shown in

  6. On the Add Target page, click Add  ( Add).

  7. Enter the host name of the first privileged control VM (for example, host1.example.com) and select Linux x86-64 from the Platform drop-down menu.

    Click Next.

  8. On the Installation Details page, enter the following agent installation details:

    1. Installation Base Directory: Enter /opt/emagent in this field. This directory is the location where you want to install the Management Agent. Make sure that the directory you specify here is empty. If the directory does not exist, then the wizard will create it automatically.

    2. Instance Directory: Enter /opt/emagent_instance/ in this field. This directory is the location where you want to store Management Agent-related configuration files. You must deploy shared Agents using this Management Agent, then make sure the directory location you enter is not a shared location.

    3. Named Credential: Select the named credential for the oracle user. The permissions of the oracle user were set earlier when you ran the visudo command in step 4. This named credential is used for connecting from the OMS to the control VM using SSH and for installing the Management Agent.

      If you need to create a new credential, follow the instructions in Setting a New Named Credential.

    4. Privileged Delegation Setting: By default, this field is pre-populated with the settings to allow for the named credential to use the sudo command. If this field is blank, then enter the following information in the field: 

      /usr/bin/sudo -u %RUNAS% %COMMAND%

    5. Port: By default, 3872 is pre-filled in text input box. If this field is blank, then enter 3872. This value is the port on which the Management Agent can communicate with the OMS.

    Click Next.

  9. On the Review page, verify that the information you have entered is correct, as shown in figure 11–3 below:

    Click Deploy Agent.

  10. On the Add Host page, Enterprise Manager performs the necessary tasks to deploy the agent, including a set of prerequisite checks.

    Click Refresh to refresh the page details. The Agent Details area shows the success or failure of each step. Any failure or other error message regarding agent deployment is displayed.

    Allow for approximately 5 minutes to complete the deployment.

  11. Click Done. The Add Targets Manually page will reload to Deploying the Management Agent to the Second Privileged Control VM.

  12. After you have added the host to the shared again and clicked Done, the Add Targets Manually page will reload to proceed with the next step to Discovering the Oracle Public Cloud Machine Target.

    Note:

    Additional Configuration

    • Run the following commands on the Management Agent monitoring the Oracle Compute targets:

      <AGENT_INST_HOME>/bin/emctl setproperty agent -allow_new -name _disableLoadDPFromCache -value true

      <AGENT_INST_HOME>/bin/emctl setproperty agent -allow_new -name agentJavaDefines -value "-Xmx512M -XX:MaxPermSize=96M"

    Restart the Management Agent.

Setting a New Named Credential

Select the named credential that can be used for connecting to the remote hosts using SSH and installing the Management Agent. On the Installation Details, click the plus ( Plus Icon) to add a new named credential for the oracle user. In the Create new Named Credential pop-up, enter the following information:

  1. User Name: This user name is set on the host. This user name will require the appropriate permissions in order to run the root scripts.

  2. Password/Confirm Password: Enter the password of the user name for the host. Enter the password again to confirm.

  3. Run Privilege: Make sure that None is the value.

  4. Save As: Select this option and enter a name to save the credentials. This name will appear as the Named Credential in Enterprise Manager. Click OK to save the new named credential.

Deploying the Management Agent to the Second Privileged Control VM

After you have deployed the Management Agent to the first privileged control VM, you will deploy it to the second.

  1. After you click Done from the Add Host page, the Add Target Manually page displays. You can also access this page from the Setup menu. Select Add Target, then Add Targets Manually.

  2. On the Add Targets Manually page, select the Add Host Targets option, then click Add Host.

  3. On the Add Target page, click Add (Add).

  4. Enter the host name of the second privileged control VM (for example, host1.example.com) and select Linux x86-64 from the Platform drop-down menu.

    Click Next.

  5. On the Installation Details page, expand the Deployment Type section (Figure 11–5) and select Add Host to Shared Agent. This will install a new Management Agent using a shared Oracle home of an existing Management Agent. This option is enabled only when all the hosts selected on the Hosts and Platform screens belong to the same platform.

    Then, click the search icon ( Search) to select a target.

  6. On the Installation Details page, enter the following agent installation details:

    1. Oracle Home: Once you select the target, the default location (/opt/emagent) of the shared Management Agent is populated in this field.

    2. Instance Directory: Enter /opt/emagent_instance in this field. This is the directory location where the Management Agent-related configuration files will be stored. You must deploy Shared Agents using this Management Agent, then make sure the directory location you enter is not a shared location.

    3. Named Credential: Select the named credential that you created in Setting a New Named Credential. This named credential is used for connecting from the OMS to the control VM using SSH and for installing the Management Agent.

    4. Privileged Delegation Setting: By default, this field is pre-populated with the settings to allow for the named credential to use the sudo command. If this field is blank, then enter the following information in the field:

      /usr/bin/sudo -u %RUNAS% %COMMAND%

    5. Port: By default, 3872 is pre-filled in text input box. If this field is blank, then enter 3872. This value is the port on which the Management Agent can communicate with the OMS.

    Click Next.

  7. On the Review page, verify that the information you have entered is correct. Click Deploy Agent.

  8. On the Add Host page, Enterprise Manager performs the necessary tasks to deploy the agent, including a set of prerequisite checks.

    Click Refresh to refresh the page details. The Agent Details area shows the success or failure of each step. Any failure or other error message regarding agent deployment is displayed.

    Allow for approximately 5 minutes to complete the deployment.

  9. After you have added the host to the shared again and clicked Done, the Add Targets Manually page will reload to proceed with the next step to Discovering the Oracle Public Cloud Machine Target.

Discovering the Oracle Public Cloud Machine Target

After the Management Agent has been deployed, the next step is to discover the Oracle Public Cloud Machine target:

  1. After you click Done from the Add Host page, the Add Target Manually page displays. You can also access this page from the Setup menu. Select Add Target, then Add Targets Manually.

  2. On the Add Targets Manually page, select the Add Targets Using Guided Process option. Select Oracle Public Cloud Machine from Target Types, and click Add Using Guided Process.

  3. On the Discovery Inputs page, enter the following information:

    • Name: Enter a name for the Oracle Public Cloud Machine target.

    • Agent: Select the Management Agent to use for the Oracle Public Cloud Machine discovery. Click the search icon ( Search) to search for the Management Agent. Select a target name from the search pop-up and click Select.

      Note:

      Select the Management Agent on the privileged control VM here.

    • SSH Authentication (optional): Enter an SSH key passphrase for the oracle Management Agent user. This is used to enable Enterprise Manager to collect monitoring data.

    • SNMP Authentication: Enter the community name configured for SNMP communication. This will be used to collect the monitoring data from switches and PDUs.

    • PDU Monitoring: Select the Discover and monitor Power Distribution Units checkbox to enable monitoring of these units.

    • Ethernet Switch Monitoring: If you select the Discover and monitor ethernet switch checkbox, you must provide the iOS ethernet switch credentials. This will be used to collect monitoring data from the ethernet switch.

      Click Next.

  4. Enterprise Manager begins the finding targets process. Allow for approximately 5 minutes to complete.

  5. In the Targets and Agents Assignment area on the Discovery Review page, the Monitoring Agent value is pre-populated. You can enter a Backup Monitoring Agent location.

  6. Click Submit. Enterprise Manager begins the saving targets process. Allow for approximately 5 minutes to complete.

    A confirmation pop-up will appear once the targets are saved. Click Close to continue to the next step for Registering the Oracle Compute Site.

Registering the Oracle Compute Site

To register the Oracle Compute Site, follow these steps:

  1. From the Setup menu, select Add Target, then Add Targets Manually.

  2. On the Add Targets Manually page, select Add Non-Host Targets Using Guided Process, then select Oracle Compute Site from the Type menu.

  3. Click Add Using Guided Process and continue with the steps below.

  4. On the Register Oracle Compute Site page, add the following Site Details information:

    • Target Name: The name to be used for the Oracle Compute site being created.

    • Monitoring Agent: Select your local OMS agent.

    • Service Manager Endpoint URL: Enter the PSM URL provided by Oracle Cloud Operations.

      Leave the other fields blank.

  5. Add the following Credentials information:

    • Endpoint URL: Enter the Compute API endpoint provided by Oracle Cloud Operations (https://<endpoint URL IP>) This is the URL to which you submit HTTP requests or commands. To discover the Oracle Compute target, you must ensure that the Oracle Compute Site security certificate has been added to the Monitoring Agent keystore.

    • User Name: The user name (/cloud/monitor) required to access the Endpoint URL.

    • Password: The password required to access the Endpoint URL. Click Test Connection to test the site credentials.

  6. In the Other Credentials information (optional):

    • SNMP V3 Credentials: Leave this field blank.

  7. Click Continue. The Oracle Compute site is discovered along with the targets in the following hierarchy:

    • Oracle Compute Cluster

    • Oracle Server

    • Oracle Virtual Platform

    • Oracle VM Instance

    • Oracle Compute Orchestration

    To view the Oracle Compute Site Home page after the Oracle Compute site has been discovered, from the Targets menu, select All Targets, then click on the Oracle Compute Site target under Groups, Systems, and Services. The newly added Oracle Compute Site will now be listed.

Importing the Site Certificate

When using Enterprise Manager and a Secure Socket Layer (SSL) protocol to discover and monitor the Oracle Compute Site, the Secure Certificate must be imported before a secure communication link can be established. The Management Agent (running on the first privileged control VM) maintains a Java Keystore (JKS) truststore containing certificates of Certification Authorities (CAs) that it can trust or self signed certificates when establishing a secure connection.

The JKS Agent truststore is available at the following location:

$ORACLE_HOME/sysman/config/montrust/AgentTrust.jks

where ORACLE_HOME is the Management Agent instance home.

To download the certificate (CA Certificate or Root Certificate), follow these steps:

  1. Open a browser window and enter the site URL in the address window.

  2. Expand by clicking on I Understand the Risk and click Add Exception.

  3. Under Certificate Status click the View button on the right hand side.

  4. Click the Details tab. In the left hand side bottom column, click Export.

  5. Save the certificate at your desired location with desired filename.

After downloading the certificate, you must update the Agent truststore (AgentTrust.jks). If a signed certificate from a self signed CA is being used on the Oracle Compute site, then the Root CA certificate for this must be added to JKS Agent truststore so that Management Agent can discover and monitor these Oracle Compute sites. To update the AgentTrust.jks, enter the following command:

emctl secure add_trust_cert_to_jks -password <password> -trust_certs_loc <loc> -alias <alias>

where:

  • password is the password for the AgentTrust.jks (if not specified, you will be prompted for the password at the command line)

  • trust_certs_loc is the location of the certificate file to be imported.

  • alias is the alias of the certificate to be imported.

For example: emctl secure add_trust_cert_to_jks -password welcome -trust_certs_loc /home/asaral/certs/emdev1_nimbula.crt -alias emdev1_nimbula

Discovering the Oracle Cloud Service Infrastructure Targets

Prerequisites

To discover Oracle Cloud Service Targets running on an Oracle Public Cloud Machine rack, follow these steps:

  1. Login to the First Privileged Control VM as oracle user and change directory to <Agent Base directory in Control VM1>/plugins/oracle.sysman.vi.discovery.plugin_13.2.1.0.0/scripts/exalogicDiscovery.

  2. Edit the AGENT_HOME environment variable and specify the location of the home directory of agent running in Control VM1.

  3. Open the properties/em_discover.properties file and specify the location of the private and public key files (PRIVATE_KEY_FILE, PUBLIC_KEY_FILE). The private and public keys must be the same as the keys provided during Private/public keys must be same as that of the keys provided while setting up the PCMA tool.

  4. Open the properties/inputparams.properties file and edit the passwords for the administration users.

    Note:

    It is recommended that the passwords are stored as blank values in the inputparams.properties file.

  5. Modify the Oracle Management Service URL property in the inputparams.properties file (property: EMCLI_OMS_URL).

  6. Login as oracle user and run the opcm_targets_discovery.sh script which does the following:

    • Downloads and sets up emcli in the control vm1.

    • Extracts relevant rack and target information using Exaware Discovery. The results are found in the properties/em_discover.properties file.

    • Deploys the Management Agent to all other control VMs as the shared agent.

    • Discovers all OPC services (TAS DC, TAS Central, SIM, PSM, Internal OTD, External OTD and Infra DBs).

    • Sets up a job (VIDECOUPLEDPROV_AUTO%) in Enterprise Manager for SDI decoupled provisioning. The scheduled job discovers the ICS instances created in Oracle Public Cloud as ICS and ICS POD targets.

  7. Discovery of the some of the Oracle Cloud Services targets may fail if the adminuri returned from the Exaware discovery is incorrect. This can be corrected by editing the properties/em_discover.properties file as follows:

    • Edit the properties/em_discover.properties file and correct the wls_psm_direct_ext_adminuri, tas_central_direct_ext_adminuri, tas_dc_direct_ext_adminuri, and wls_sim_direct_ext_adminuri properties.

    • Run the opcm_targets_discovery.sh script again.

  8. Navigate to the Oracle Public Cloud Machine System page to verify if all the discovered services appear on the page.

    Note:

    You can run the script again if required. When run for the second time, the script will skip the services that have already been discovered.

What You See After Discovery

After your Oracle Public Cloud Machine is installed and configured using ECU, the state of the machine is as follows:

  • Compute Nodes

    All nodes are re-imaged with the OPCM Base Image, or Oracle Linux for nodes tagged as physical. The first two compute nodes are assigned as dedicated management nodes. All the control instances are provisioned on these two nodes as part of the cloud services installation.

  • Infrastructure Components

    All discovered services appear under the Control Infrastructure tab of the OPCM System and also on the home page of the OPCM Control System:

    Services appear only after the instructions in Discovering the Oracle Cloud Service Infrastructure Targets are performed successfully.

    The following components are installed:

    • Infrastructure Database

    • Shared IdM

    • TAS

    • Cloud UI

    • SDI

    • Grill

    • Load Balancing tier

    • ICS Management VM

    • PSM

  • Network

    • An Ethernet management network connects to the interfaces of the compute nodes, switching components, and storage nodes.

    • InfiniBand partitions configured for six infrastructure service networks created by ECU.

    • Network Time Protocol (NTP) is configured on all hardware components.

  • Storage

    • DNS configured on storage nodes.

  • Log Viewer

    The following log sources are integrated into this unified log viewer:

    • Logs from various WebLogic service domains.

    • Grill server logs located at /var/log/chef.log.

    For more details about the Log Viewer, see Enabling Log Viewer.

  • Control infrastructure

    • The following tenants are created for cloud infrastructure and services:

      Tenants Description

      control-ibe

      N/A

      control-inf

      The tenant in which the Privileged Control and Infrastructure Database instances run.

      control-lbi

      N/A

      cloud

      The cloud administrator and cloud monitor are created in this tenant to manage the entire cloud resources and Oracle Compute Cloud Services.

      internalLB

      For hosting instances that handle service requests between infrastructure components of the cloud services

      mcs

      N/A

    • The following control instances are created and running on the two management nodes:

      Control Instances Description

      cipc-1 and cipc-2

      Two Privileged Control Instances. The instance hosts the OMS agent, Dataguard Observer, DNS forwarder, and ELLC tools.

      cidb-1 and cidb-2

      Two Control Infrastructure Database Instances. The database is deployed for the requirements of the Infrastructure Components.

      cipsm-1 and cipsm-2

      Control instances for Oracle Cloud PaaS Engine for Java Cloud Service

      cilbi-1 and cilbi-2

      Control Infrastructure Load Balancer Internal. The internal Load Balancer is used for internal communication between the services within Oracle Public Cloud Machine.

      cilbe-1 and cilbe-2

      Control Infrastructure Load Balancer External. The external Load Balancer if used for communication outside the Oracle Public Cloud Machine rack.

      cigrill-1

      Control Infrastructure Grill Server. Grill provides the core tooling and infrastructure related to the instantiation and configuration of service instances and the lifecycle of those instances.

      cisim-iam-1, cisim-ohs-2, cisimoid-1

      Control Infrastructure SIM. The instances host the Shared IdM that provides identification, authentication, and authorization of all infrastructure components for platform services.

      cisdi-1

      Control Infrastructure SDI. The instance hosts the components to assist in the management of the cloud services.

      csics-1

      Messaging Cloud Service