A great feature of Oracle Enterprise Manager Cloud Control 12c Release 3 is that it allows you to remotely deploy the Oracle Management Agent 12c to targets running various operating systems such as Redhat Enterprise Linux Server, Oracle Solaris, HP-UX, Microsoft Windows Server and IBM AIX, as long as you can communicate with the Secure Shell (SSH) ports of the remote targets.
Such a feature can be really helpful in a data center environment, where you may have a myriad targets mostly located in the data center, or perhaps may be even spread across multiple geographically disparate data centers, as it can help to automate the deployment of the management agents across all targets.
In my tutorial below, I will demonstrate to you how to remotely deploy an Oracle Management Agent 12c onto an Oracle Solaris 10 x64 target present in the local area network of the Redhat Enterprise Linux Server 6.0 x86-64, using OEM Cloud Control 12c R3.
Time Duration: 30 to 60 minutes (45 minutes on an average!)
Prerequisites:
1. Configure privilege delegation at the OS level on both the Redhat Enterprise Linux Server 6.0 x86-64 and the remote Oracle Solaris 10 x64 target.
2. Ensure that both OEM Cloud Control 12c R3 and the remote Oracle Solaris 10 x64 target are running.
3. Configure privilege delegation in OEM Cloud Control 12c R3 for both the Redhat Enterprise Linux Server 6.0 x86-64 and the remote Oracle Solaris 10 x64 target.
4. Download and apply the Oracle Management Agent 12c software for Oracle Solaris x64 with 'Self Update' (present in Setup -> Extensibility) in OEM Cloud Control 12c R3.
Note: For more information on the above points 1 and 3, kindly visit the following link:
http://dba-omkar.blogspot.in/2013/08/configuring-privilege-delegation-in.html
Question: Why do we need privilege delegation, or root privileges in the Oracle Management Agent 12c deployment process?
Answer: OEM Cloud Control 12c R3 can perform an auto discovery of all the targets in the network provided that it has an existing agent, which can be used to perform the discovery. 'Nmap' is used for scanning the network, for which it requires root privileges, so that it can use raw sockets for 'Syn Scanning', which is a technique used to detect open ports through firewalls. Hence, we need to either configure privilege delegation on the host or provide root credentials to enterprise manager, with the former being a safer option than the latter.
Agent Deployment Process:
1. Go to Setup -> Add Target -> Configure Auto Discovery in OEM Cloud Control 12c R3 -
The Configure Auto Discovery wizard will load, as indicated by the above screenshot.
Click on 'Configure Network Scan Discovery' to configure Network Scan-based Auto Discovery, for 'Host and Oracle VM Manager'.
2. The Network Scan Discovery wizard will load -
You can use this page to search, browse, and create specifications for the discovery of host operating systems and virtual servers using Nmap. Kindly click on 'Create' to create a new Network Scan Discovery.
Note: Always schedule the discovery on a configurable interval. Also kindly note that once the specification is created, it can be reused later to scan again.
3. The Create Network Scan Discovery wizard will load -
Click on '+Add' in the Network Scans section, and a popup box will appear in order to search and select agents -
You may search and select agents present on hosts. Such agents will be used to perform the network scan discovery. Kindly note that the more the number of agents selected, the faster will be the performed discovery. In my example, I have selected just a single agent to perform the network scan discovery.
4. Enter the IP Ranges to Scan for the Scanning Agent -
One of the following formats are allowed -
A. Hostname: The hostname of the remote target on which the Oracle Management Agent 12c has to be deployed.
B. IP Address: The IP address of the remote target on which the Oracle Management Agent 12c has to be deployed.
C. IP Range: The IP address range of the remote target(s) on which the Oracle Management Agent 12c has been to deployed. Use '/' for 'either...or...' (e.g. 192.168.2.5/9), '-' for sequential listing (e.g. 192.168.2.7-20), or ',' for selective listing (e.g. 192.168.2.8,40,79).
In Schedule, select Start 'Immediately', and 'Do not repeat'.
In Credentials, select 'Preferred', but ensure that the privileged host credentials are root or root delegated credentials. Optionally, you can use named privileged delegated credentials, or even set up new privileged delegated credentials.
Moreover, you may even add, edit, or remove the default Nmap Scan Services and Ports -
Click 'Save and Submit Scan' once done and a job will be submitted immediately to perform the auto discovery of the target host(s).
5. The status of the host discovery will be 'Scheduled' initially -
It will move to 'In Progress' and then to 'Succeeded' once you keep on clicking 'Refresh Network Scan Results' -
Select the 'Succeeded' search and click 'View Discovered Targets...'
6. The Auto Discovery Results will be displayed -
Select the correct target from the list of discovered targets and click 'Promote'.
7. The Add Target wizard will be displayed -
You can add unmanaged hosts and select their respective platforms, so that the Oracle Management Agent 12c can be deployed on these hosts, thereby converting them to managed hosts.
By default, the promoted targets will appear automatically in this list - make sure you select the right platform!
Note: The Oracle Management Agent 12c software must be available to proceed to the next step of the process. If the platform name is appended with 'Agent Software Unavailable', then download and apply the software for that platform using 'Self Update' (present in Setup -> Extensibility).
Click on 'Next' to continue...
The agent installation details section of the wizard will be displayed -
The targets' platforms, agent software version and target hostnames will be displayed.
You have to select each host and then enter the following agent installation details pertaining to the host -
A. Installation Base Directory: It is the path of the Oracle Management Agent 12c base directory on the target host.
B. Instance Directory: It is the path where the Oracle Management Agent 12c instance will be deployed.
C. Named Credential: It is the delegated credential for the 'oracle' user on the target host.
D. Privileged Delegation Setting: It is the 'Sudo' or 'PowerBroker' setting used to delegate the root privileges to the oracle user.
E. Port: It is the port number of the Oracle Management Agent 12c. By default, it is 3872.
Click on 'Optional Details' to check them out -
You can select the preinstallation and the postinstallation scripts to execute, as well as specify the additional parameters. In our example, we are not doing any such thing, so kindly leave these fields blank.
Click 'Next' to continue...
The review section of the wizard will be displayed -
Kindly ensure that all the provided details in the wizard are correct, and then click 'Deploy Agent' to begin the Oracle Management Agent 12c deployment process.
8. The agent deployment process will begin -
The agent deployment process is a 3-step process:
1. Initialization: It involves performing remote validations and transferring the agent software to the destination host.
2. Remote Prerequisite Check: It involves performing a set of prerequisite checks on the destination host in order to affirm whether the Oracle Management Agent 12c can be successfully deployed on it, or not.
3. Agent Deployment: It involves installing, configuring and securing the agent on the destination host, running Root.sh with privileged delegation, collecting the agent installation logs, and performing the final clean up operation after the agent has been successfully deployed on the destination host.
When the initialization step begins, the remote validations will be performed first in order to ascertain whether it is possible to login successfully into the destination host -
The agent software will then be transferred to the destination host and the initialization step will complete -
The remote prerequisite check will then be performed in order to affirm whether the agent can be deployed successfully on the destination host -
Once the remote prerequisite check is complete, the agent deployment process will begin -
The agent deployment process will then complete after a while -
Click 'Done' to successfully end the agent deployment process.
Congratulations! You have successfully deployed the Oracle Management Agent 12c onto the remote Oracle Solaris 10 x64 target using OEM Cloud Control 12c R3.
Hope you had a good time reading this article! :)
Such a feature can be really helpful in a data center environment, where you may have a myriad targets mostly located in the data center, or perhaps may be even spread across multiple geographically disparate data centers, as it can help to automate the deployment of the management agents across all targets.
In my tutorial below, I will demonstrate to you how to remotely deploy an Oracle Management Agent 12c onto an Oracle Solaris 10 x64 target present in the local area network of the Redhat Enterprise Linux Server 6.0 x86-64, using OEM Cloud Control 12c R3.
Time Duration: 30 to 60 minutes (45 minutes on an average!)
Prerequisites:
1. Configure privilege delegation at the OS level on both the Redhat Enterprise Linux Server 6.0 x86-64 and the remote Oracle Solaris 10 x64 target.
2. Ensure that both OEM Cloud Control 12c R3 and the remote Oracle Solaris 10 x64 target are running.
3. Configure privilege delegation in OEM Cloud Control 12c R3 for both the Redhat Enterprise Linux Server 6.0 x86-64 and the remote Oracle Solaris 10 x64 target.
4. Download and apply the Oracle Management Agent 12c software for Oracle Solaris x64 with 'Self Update' (present in Setup -> Extensibility) in OEM Cloud Control 12c R3.
Note: For more information on the above points 1 and 3, kindly visit the following link:
http://dba-omkar.blogspot.in/2013/08/configuring-privilege-delegation-in.html
Question: Why do we need privilege delegation, or root privileges in the Oracle Management Agent 12c deployment process?
Answer: OEM Cloud Control 12c R3 can perform an auto discovery of all the targets in the network provided that it has an existing agent, which can be used to perform the discovery. 'Nmap' is used for scanning the network, for which it requires root privileges, so that it can use raw sockets for 'Syn Scanning', which is a technique used to detect open ports through firewalls. Hence, we need to either configure privilege delegation on the host or provide root credentials to enterprise manager, with the former being a safer option than the latter.
Agent Deployment Process:
1. Go to Setup -> Add Target -> Configure Auto Discovery in OEM Cloud Control 12c R3 -
The Configure Auto Discovery wizard will load, as indicated by the above screenshot.
Click on 'Configure Network Scan Discovery' to configure Network Scan-based Auto Discovery, for 'Host and Oracle VM Manager'.
2. The Network Scan Discovery wizard will load -
You can use this page to search, browse, and create specifications for the discovery of host operating systems and virtual servers using Nmap. Kindly click on 'Create' to create a new Network Scan Discovery.
Note: Always schedule the discovery on a configurable interval. Also kindly note that once the specification is created, it can be reused later to scan again.
3. The Create Network Scan Discovery wizard will load -
Click on '+Add' in the Network Scans section, and a popup box will appear in order to search and select agents -
You may search and select agents present on hosts. Such agents will be used to perform the network scan discovery. Kindly note that the more the number of agents selected, the faster will be the performed discovery. In my example, I have selected just a single agent to perform the network scan discovery.
4. Enter the IP Ranges to Scan for the Scanning Agent -
One of the following formats are allowed -
A. Hostname: The hostname of the remote target on which the Oracle Management Agent 12c has to be deployed.
B. IP Address: The IP address of the remote target on which the Oracle Management Agent 12c has to be deployed.
C. IP Range: The IP address range of the remote target(s) on which the Oracle Management Agent 12c has been to deployed. Use '/' for 'either...or...' (e.g. 192.168.2.5/9), '-' for sequential listing (e.g. 192.168.2.7-20), or ',' for selective listing (e.g. 192.168.2.8,40,79).
In Schedule, select Start 'Immediately', and 'Do not repeat'.
In Credentials, select 'Preferred', but ensure that the privileged host credentials are root or root delegated credentials. Optionally, you can use named privileged delegated credentials, or even set up new privileged delegated credentials.
Moreover, you may even add, edit, or remove the default Nmap Scan Services and Ports -
Click 'Save and Submit Scan' once done and a job will be submitted immediately to perform the auto discovery of the target host(s).
5. The status of the host discovery will be 'Scheduled' initially -
It will move to 'In Progress' and then to 'Succeeded' once you keep on clicking 'Refresh Network Scan Results' -
Select the 'Succeeded' search and click 'View Discovered Targets...'
6. The Auto Discovery Results will be displayed -
Select the correct target from the list of discovered targets and click 'Promote'.
7. The Add Target wizard will be displayed -
You can add unmanaged hosts and select their respective platforms, so that the Oracle Management Agent 12c can be deployed on these hosts, thereby converting them to managed hosts.
By default, the promoted targets will appear automatically in this list - make sure you select the right platform!
Note: The Oracle Management Agent 12c software must be available to proceed to the next step of the process. If the platform name is appended with 'Agent Software Unavailable', then download and apply the software for that platform using 'Self Update' (present in Setup -> Extensibility).
Click on 'Next' to continue...
The agent installation details section of the wizard will be displayed -
The targets' platforms, agent software version and target hostnames will be displayed.
You have to select each host and then enter the following agent installation details pertaining to the host -
A. Installation Base Directory: It is the path of the Oracle Management Agent 12c base directory on the target host.
B. Instance Directory: It is the path where the Oracle Management Agent 12c instance will be deployed.
C. Named Credential: It is the delegated credential for the 'oracle' user on the target host.
D. Privileged Delegation Setting: It is the 'Sudo' or 'PowerBroker' setting used to delegate the root privileges to the oracle user.
E. Port: It is the port number of the Oracle Management Agent 12c. By default, it is 3872.
Click on 'Optional Details' to check them out -
You can select the preinstallation and the postinstallation scripts to execute, as well as specify the additional parameters. In our example, we are not doing any such thing, so kindly leave these fields blank.
Click 'Next' to continue...
The review section of the wizard will be displayed -
Kindly ensure that all the provided details in the wizard are correct, and then click 'Deploy Agent' to begin the Oracle Management Agent 12c deployment process.
8. The agent deployment process will begin -
The agent deployment process is a 3-step process:
1. Initialization: It involves performing remote validations and transferring the agent software to the destination host.
2. Remote Prerequisite Check: It involves performing a set of prerequisite checks on the destination host in order to affirm whether the Oracle Management Agent 12c can be successfully deployed on it, or not.
3. Agent Deployment: It involves installing, configuring and securing the agent on the destination host, running Root.sh with privileged delegation, collecting the agent installation logs, and performing the final clean up operation after the agent has been successfully deployed on the destination host.
When the initialization step begins, the remote validations will be performed first in order to ascertain whether it is possible to login successfully into the destination host -
The agent software will then be transferred to the destination host and the initialization step will complete -
The remote prerequisite check will then be performed in order to affirm whether the agent can be deployed successfully on the destination host -
Once the remote prerequisite check is complete, the agent deployment process will begin -
The agent deployment process will then complete after a while -
Click 'Done' to successfully end the agent deployment process.
Congratulations! You have successfully deployed the Oracle Management Agent 12c onto the remote Oracle Solaris 10 x64 target using OEM Cloud Control 12c R3.
Hope you had a good time reading this article! :)
No comments:
Post a Comment