Esta seção descreve as diferentes instruções de política criadas como parte de Configurando o Oracle Cloud Infrastructure para Frotas e Ativando Recursos Avançados.

Gerenciar recursos do OCI necessários para Frotas JMS

As seguintes instruções de política permitem que os usuários do grupo de usuários acessem e gerenciem Frotas JMS, agentes de gerenciamento, Plug-ins JMS e métricas:

ALLOW GROUP FLEET_MANAGERS TO MANAGE fleet IN COMPARTMENT Fleet_Compartment
ALLOW GROUP FLEET_MANAGERS TO MANAGE management-agents IN COMPARTMENT Fleet_Compartment
ALLOW GROUP FLEET_MANAGERS TO MANAGE jms-plugins IN COMPARTMENT Fleet_Compartment
ALLOW GROUP FLEET_MANAGERS TO READ METRICS IN COMPARTMENT Fleet_Compartment

Monitore cargas de trabalho na OCI

As seguintes instruções de política são usadas para monitorar cargas de trabalho no OCI:

ALLOW GROUP FLEET_MANAGERS TO MANAGE instance-family IN COMPARTMENT <instance_compartment>
ALLOW GROUP FLEET_MANAGERS TO READ instance-agent-plugins IN COMPARTMENT <instance_compartment> 

Chaves de instalação do agente de gerenciamento

As seguintes instruções de política permitem que as Frotas JMS e o grupo de usuários gerenciem chaves de instalação do agente de gerenciamento:

ALLOW resource jms server-components TO USE management-agent-install-keys IN COMPARTMENT Fleet_Compartment
ALLOW GROUP FLEET_MANAGERS TO MANAGE management-agent-install-keys IN COMPARTMENT Fleet_Compartment

Comunicação do agente de gerenciamento

As seguintes instruções de política permitem que os agentes de gerenciamento interajam com Plug-ins JMS e Frotas JMS e permitem que as Frotas JMS armazenem dados de monitoramento em sua tenancy:

ALLOW DYNAMIC-GROUP JMS_DYNAMIC_GROUP TO MANAGE jms-plugins IN COMPARTMENT Fleet_Compartment
ALLOW DYNAMIC-GROUP JMS_DYNAMIC_GROUP TO MANAGE jms-plugins IN COMPARTMENT <instance_compartment>
ALLOW DYNAMIC-GROUP JMS_DYNAMIC_GROUP TO MANAGE management-agents IN COMPARTMENT Fleet_Compartment
ALLOW DYNAMIC-GROUP JMS_DYNAMIC_GROUP TO USE METRICS IN COMPARTMENT Fleet_Compartment
ALLOW DYNAMIC-GROUP JMS_DYNAMIC_GROUP TO MANAGE metrics IN COMPARTMENT Fleet_Compartment WHERE target.metrics.namespace='java_management_service'
ALLOW DYNAMIC-GROUP JMS_DYNAMIC_GROUP TO USE METRICS IN COMPARTMENT <instance_compartment>
ALLOW resource jms server-components TO MANAGE metrics IN COMPARTMENT Fleet_Compartment WHERE target.metrics.namespace='java_management_service'

Configuração de log-in

As seguintes instruções de política permitem que as Frotas JMS interajam com o serviço OCI Logging para configurar a configuração de log para frotas no compartimento:

ALLOW resource jms server-components TO MANAGE log-groups IN COMPARTMENT Fleet_Compartment
ALLOW resource jms server-components TO MANAGE log-content IN COMPARTMENT Fleet_Compartment
ALLOW DYNAMIC-GROUP JMS_DYNAMIC_GROUP TO MANAGE log-content IN COMPARTMENT Fleet_Compartment
ALLOW GROUP FLEET_MANAGERS TO MANAGE log-groups IN COMPARTMENT Fleet_Compartment
ALLOW GROUP FLEET_MANAGERS TO MANAGE log-content IN COMPARTMENT Fleet_Compartment

Configurar instâncias do OCI Linux para Frotas JMS

ALLOW dynamic-group JMS_DYNAMIC_GROUP TO MANAGE instances IN COMPARTMENT <instance_compartment>

O JMS requer as seguintes instruções de política para funcionar com instâncias do OCI Linux:

ALLOW resource jms SERVER-COMPONENTS TO READ instances IN COMPARTMENT <instance_compartment>
ALLOW resource jms SERVER-COMPONENTS TO INSPECT instance-agent-plugins IN COMPARTMENT <instance_compartment>

Executar Recursos Avançados

O JMS requer determinadas instruções de política para ativar e executar recursos avançados em sua frota.

As seguintes instruções de política permitem que o JMS leia/grave no armazenamento de objetos:

ALLOW dynamic-group JMS_DYNAMIC_GROUP to MANAGE object-family IN COMPARTMENT Fleet_Compartment
ALLOW group FLEET_MANAGERS to MANAGE object-family IN COMPARTMENT Fleet_Compartment
ALLOW resource jms SERVER-COMPONENTS to MANAGE object-family IN COMPARTMENT Fleet_Compartment

ALLOW resource jms SERVER-COMPONENTS TO READ instances IN COMPARTMENT <instance_compartment>
ALLOW resource jms SERVER-COMPONENTS TO INSPECT instance-agent-plugins IN COMPARTMENT <instance_compartment>