Back to the main page

OCI Management Gateway

Intro

March 2024

The Management Gateway is a single point of communication between the Management Agents and OCI. This allows usage of Management Agent on hosts that don't have direct access to OCI.
The clients uploads are buffered inside the Gateway, hence messages should be delivered to the OCI even in case of client failure.

Prerequisites

CI Management Agent Service setup

Compartment, user group, policy (allow user group to manage two OCI resource types: management agent and agent install key).

Generic prerequisites for deploying Management Gateway

Supported OS for Management Gateway: OL 6-8. Management Gateway requires a dedicated host. The /tmp doesn't have the noexec flag set if you are mounting it.
Installed JDK or JRE version 1.8u281 or higher before installing Management Gateway.

Install Management Gateway

Observability & Management - Management Agents - Downloads and Keys

- List management agents and gateway. 
#!/bin/python
import oci
import argparse

parser = argparse.ArgumentParser(description=f"List Mgmt Gateway or Agent images")
parser.add_argument("-t", "--type", help="Install type, AGENT or GATEWAY", required=True)
args = parser.parse_args()
type = args.type

# Example compartment
comp_ocid = "ocid1.compartment.oc1.."
# Use default config file ~/.oci/config
config = oci.config.from_file()

# Initialize service client with default config file
management_agent_client = oci.management_agent.ManagementAgentClient(config)

show_mgmt_agent_images = management_agent_client.list_management_agent_images(
    compartment_id=comp_ocid,
    install_type=type
)
print(show_mgmt_agent_images.data)

# ---- Run the script, the result is truncated. 

$ list_mgmt_agent_images.py -t GATEWAY
[{
    "object_name": "Linux-x86_64/latest/oracle.mgmt_gateway.rpm",  
  },
  "package_architecture_type": "X86_64",
  "package_type": "RPM",
  "platform_name": "Linux-x86_64",
  
}, {
    "object_name": "Linux-Aarch64/latest/oracle.mgmt_gateway.rpm",
  },
  "package_architecture_type": "UNKNOWN_ENUM_VALUE",
  "package_type": "RPM",
  "platform_name": "Linux-Aarch64",
 
}]

Download Management Gateway RPM. Create Key (download key to the file to be used later). Install Gateway RPM and configure Gateway by using Key from the response file (ManagementAgentInstallKey = your-key).
OCI note:
During the installation process, you must provide a string for the Agent Install Key. Create a key here, copy it to the clipboard and paste it into the installation. If a key is deleted from this table, it will not be valid for future agent installations. Deleting a key has no effect on agents that have already been installed.

- Install and configure gateway 
# --- Install JRE, JDK
$ dnf install jre1.8 jdk1.8

# ---- Install Mgmt Agent RPM
$ dnf localinstall oracle.mgmt_gateway.230622.2155.1689204733.Linux-x86_64.rpm

# --- Result of install

Checking pre-requisites
	Checking if /opt/oracle/mgmt_agent directory exists
	Checking if 'mgmt_agent' user exists
	Checking Java version
        JAVA_HOME is not set or not readable to root
        Trying default path /usr/bin/java
        Java version: 1.8.0_381 found at /usr/bin/java
    Checking agent version
Installing       : oracle.mgmt_gateway-230622.2155.1689204733-1.x86_64     
Running scriptlet: oracle.mgmt_gateway-230622.2155.1689204733-1.x86_64     
Executing install
    Unpacking software zip
    Copying files to destination dir (/opt/oracle/mgmt_agent)
    Initializing software from template
    Checking if JavaScript engine is available to use
    Creating 'mgmt_gateway' daemon
    Gateway Install Logs: /opt/oracle/mgmt_agent/installer-logs/installer.log.0
    Setup gateway using input response file (run as any user with 'sudo' privileges)
    Usage:
        sudo /opt/oracle/mgmt_agent/agent_inst/bin/setupGateway.sh opts=[FULL_PATH_TO_INPUT.RSP]
Gateway install successful


# --- Configure Gateway
$ /opt/oracle/mgmt_agent/agent_inst/bin/setupGateway.sh opts=/tmp/gateway.rsp

# --- Result of configuration
Executing configure
    Parsing input response file
    Validating install key
    Generating communication wallet
     Generating security artifacts
    Registering Management Gateway
        Found service plugin(s): [GatewayProxy]
Starting gateway...
Gateway started successfully
Starting plugin deployment for: [GatewayProxy]
Deploying service plugin(s)...Done.
    GatewayProxy : Successfully deployed external plugin

Gateway setup completed and the gateway is running.
In the future gateway can be started by directly running: sudo systemctl start mgmt_gateway

Please make sure that you delete /tmp/gateway.rsp or store it in secure location.

Creating gateway system properties file
Creating properties file
Creating or validating certificates
Waiting for Management Gateway to create or validate certificates...
Creating wallets
Waiting for Management Gateway to start...
Management Gateway Plugin set up successfully.

# --- Verify the Service is running
$ systemctl status -l mgmt_gateway

Post install tasks for Mgmt Gateway

Configure Management Agents with Management Gateway

Each Management Agent has to be configured to use Management Gateway, instead of using the OCI service directly ("regular proxy").

Configure a new Management Agent to use the Management Gateway, ex OL9 

$ dnf install jre1.8 jdk1.8

$ dnf localinstall oracle.mgmt_agent.230727.1916.Linux-x86_64.rpm

Running transaction
  Preparing        :    
  Running scriptlet: oracle.mgmt_agent-230727.1916-1.x86_64 
Checking pre-requisites
    Checking if any previous agent service exists
    Checking if OS has systemd or initd
    Checking available disk space for agent install
    Checking if /opt/oracle/mgmt_agent directory exists
    Checking if 'mgmt_agent' user exists
        'mgmt_agent' user already exists, the agent will proceed installation without creating a new one.
    Checking Java version
    Checking agent version
  Installing       : oracle.mgmt_agent-230727.1916-1.x86_64 
  Running scriptlet: oracle.mgmt_agent-230727.1916-1.x86_64

Executing install
        Unpacking software zip
        Copying files to destination dir (/opt/oracle/mgmt_agent)
        Initializing software from template
        Checking if JavaScript engine is available to use
        Creating mgmt_agent daemon
        Agent Install Logs: /opt/oracle/mgmt_agent/installer-logs/installer.log.0
        Setup agent using input response file (run as any user with 'sudo' privileges)
        Usage:
                sudo /opt/oracle/mgmt_agent/agent_inst/bin/setup.sh opts=[FULL_PATH_TO_INPUT.RSP]

Agent install successful
  Verifying  : oracle.mgmt_agent-230727.1916-1.x86_64   
Installed:
  oracle.mgmt_agent-230727.1916-1.x86_64
Complete!

# Configuration.

# On Linux gateway, gateway.properties file is located in /opt/oracle/mgmt_agent/plugins/GatewayProxy/stateDir/config directory. 
# The response file is :

ManagementAgentInstallKey = 
GatewayServerHost = mgmt-gateway-dev.subnet.tenancy.oraclevcn.com
GatewayServerPort = 4480

# Run configuration:

$ /opt/oracle/mgmt_agent/agent_inst/bin/setup.sh opts=/tmp/response.txt

Executing configure
    Parsing input response file
    Validating install key
    Generating communication wallet
    Generating security artifacts
    Registering Management Agent
    Setting proxy for agent communication
Starting agent...

# If there is error that agent cannot start, wait for 5 min and it will start.

Configure an existing Management Agent to use the Management Gateway

Host Observability with Stack Monitoring

Observability & Management
Application Performance Management
Slack Monitoring
Resource discovery (type: host, name: 'on-prem-host-name', agent: 'select available on-prem host agent')
Enterprise summary.

Metric Extension

Under Stack Monitoring, look for Metric Extensions.
Create one for Resource Type "Host - Linux" and Collection Method "OS Command".
The simple shell script reports number of local users and groups, like: 54,84 (delimiter for output is comma). The metric extension has two metrics, UserNumber and GroupNumber.

Back to the main page