I like the concept behind the Oracle Enterprise Manager Hybrid Cloud Architecture to connect my on-premise OMS with targets in the Oracle cloud. The Agent communicates via SSH tunnel to target servers, no other ports than SSH 22 are open against the world wide web. An I was interested to find out, if the installation of such an agent works for other cloud providers than Oracle too.
Create a Oracle Linux Instance in Amazon AWS
I have created a small Oracle Linux instance in Amazon AWS and inserted the public IP into the /etc/hosts file of the Oracle Management Server. Why I have used an Oracle Linux? According the documentation, at the moment only Oracle Linux x86-64 is supported to use this hybrid feature.
On the Amazon instance I installed the 12c prerequisite package (yum install oracle-rdbms-server-12cR1-preinstall) to be sure that libraries etc. are available and the user oracle is created. And finally I added the public key in the authorized_keys file of the user oracle so that connects via SSH without a password are possible.
Hint: Test your passwordless SSH connection with a tool like Putty or MobaXterm.
Login Credential
For the login via SSH tunnel, in Enterprise Manager 13c a named credential has to be created with the SSH keys which were used by the Amazon instance. This credential us used later in the agent deployment process. For further information how to create such a credential, please take a look into the Hybrid Coud documentation https://docs.oracle.com/cd/E24628_01/doc.121/e24473/hybrid-cloud.htm#BABJACHI.
Hybrid Agent Deployment – First Run
After setting the DNS information and SSH configuration, it’s time to start a Hybrid Agent deployment. EM13c – Setup – Add Target – Install Agent on Host. The most important thing is that the checkbox for the Hybrid Cloud Agent is enabled at the bottom of the browser window.
Host Name does not map to an Oracle Public Cloud Virtual Host – Investigation
The deployment has started. But in the prerequisites phase the remote validation fails with this message: The provided host name does not map to an Oracle Public Cloud virtual host. You can deploy Hybrid Cloud Agents only on Oracle Public Cloud virtual hosts.
It looks like the prerequisites check is verifying the hostname. In the deployment logfile from the Oracle Management Server, I found these lines:
2016-08-23_09-12-32:INFO:/bin/hostname -d execution was successful on host ec2-52-12-34-56.eu-central-1.compute.amazonaws.com 2016-08-23_09-12-32:INFO:output: eu-central-1.compute.internal 2016-08-23_09-12-32:INFO:error-stream: 2016-08-23_09-12-32:INFO:exit-code: 0 2016-08-23_09-12-32:INFO: Jsch Validation Failed Problem :Oracle Public Cloud host check failed. Recommendation: Ensure that the host name you provide map to an Oracle Public Cloud virtual host.
Oracle is doing a simple hostname -d command to verify if the host is running in the Oracle Cloud. I have verified the hostname -d command on Oracle Cloud instance, and the output there is different:
[root@berger1 ~]# hostname -d compute-a420942.oraclecloud.internal [root@berger1 ~]#
But my Amazon instance has this output here:
[oracle@ip-172-31-12-345 ~]$ hostname -d eu-central-1.compute.internal
Lets fake the Amazon instance hostname and try the deployment again. I added this line into the Amazon instance /etc/hosts with the new domainname.
172.31.12.345 ip-172-31-12-345.oraclecloud.internal ip-172-31-12-345
Now the hostname -d command shows me the new name according the Oracle cloud instances.
[root@ip-172-31-12-345 sysconfig]# hostname -d oraclecloud.internal
Hybrid Agent Deployment – Second Run
EM13c – Retry, using same inputs. And the error is gone, the agent is installed successfully. After running the scripts
- /u00/app/oracle/product/agent13c/agent_13.1.0.0.0/root.sh
- /home/oracle/oraInventory/orainstRoot.sh
as user root, the Amazon instance is added as new host.
Summary
With a simple change for the hostname -d command, you can install the Oracle Hybrid Agent on targets outside the Oracle cloud. BTW, this works for local instances too. All other ports than SSH 22 are closed. And that’s an important thing when you work with cloud products.