Oracle Linux

Windows 10 WSL 2, Docker and Oracle – a perfect Partnership

I admit it, I was not a friend of Oracle databases running in Docker containers for a long time. My database systems for testing and demo purposes were all running in VMware, Virtual Box or in the Oracle Cloud. But I have used the Windows Subsystem for Linux since beginning, to work with the Oracle Oracle Cloud Infrastructure CLI, Git Integration etc.. And what I really like is the WSL extension for Visual Studio Code which gives me to chance, to edit Ansible Vault files in Windows without any additional Linux based VM running.

With the update of the existing Windows Subsystem for Linux (WSL) architecture to version 2, the Docker Desktop for Windows is now fully integrated and able to run Docker container in WSL as a lightweight VM. Now it’s time to change my mind, why not use Docker to try out new Oracle features, do some development stuff and more?

What to we need to run Oracle databases in WSL 2 Docker Containers?

  1. WSL 2
  2. Docker Desktop for Windows
  3. Docker images with an Oracle Database – I may use the images (oehrlis/docker) from my workmate Stefan Oehrli (oradba.ch)- merci vöumou

This blog post shows you how to setup WSL 2 to run Docker images. Sure, you can use the Oracle provided Docker images or self created images too. But I have verified the Oracle repository today, the Dockerfile version is 19.3.0. And I don’t have the passion, to create new Dockerfiles for example to run 19.8 and download additional RU software.

Installing Windows Subsystem 2 for Linux

Enable Windows Subsystem for Linux basic Functionality

Start Windows PowerShell as Administrator and enable WSL.

dism.exe /online /enable-feature /featurename:Microsoft-Windows-Subsystem-Linux /all /norestart

Do not restart Windows 10 at the moment.

Activate Windows Subsystem for Linux 2

Check your version before enabling WSL 2, the criteria from the install document must be meet – for example for my x64 platform:

  • Running Windows 10, updated to version 1903 or higher, Build 18362 or higher for x64 systems.

Let’s check it with Windows logo key + R and winver – my version us 1904:

Enable the ‘Virtual Machine Platform’ – this component is required for WSL 2.

dism.exe /online /enable-feature /featurename:VirtualMachinePlatform /all /norestart

Restart the Windows machine. Now wsl.exe is available as command in Power Shell.

Set WSL 2 as default when installing Linux distributions from Microsoft Store like Ubuntu and SLES.

 

 

Getting Windows 10 ready for Docker

Install Docker Desktop for Windows

Run the Docker Desktop Installer executable. Let the checkboxes activated.

Two minutes later.

Start Docker and verify the Availability

After starting the Docker Desktop, you get a notification that Docker is starting. Docker is recognising that WSL is installed.

Docker is now ready to use.

Open a new PowerShell as Administrator and verify if docker and docker-compose are available.

docker version --format '{{.Server.Version}}

docker-compose --version

Install Git

Link: https://git-scm.com/download/win

We use Git to checkout the Oracle docker containers later. There are several Git clients for Windows available. I use the one from git-scm.com. Just run the executable. After the successful installation, verify Git availability in PowerShell.

git --version

Go for the Oracle Database

Startup the Oracle Docker Image

Before cloning of the Git repository, I created a new directory in my Workplace folder.

Clone Docker Image Repository

The content of my cloned directory Oracle Database 19.0.0.0.

We use Docker Compose here, this makes it very easy to handle networking stuff like port forwarding. Example content of the docker-compose.yml file. In this case, I have not configured the Docker Volume Base, the files for the container are created in a subfolder of the clone directory.

# multitenant tenant database
tdb190c:
image: ${DOCKER_USER}/${DOCKER_REPO}:19.8.0.0
container_name: tdb190c
hostname: tdb190c
restart: unless-stopped
network_mode: bridge
volumes:
- ${DOCKER_VOLUME_BASE}/tdb190c:/u01
- ./config:/u01/config
ports:
- "1521:1521"
environment:
CONTAINER: 'TRUE'
INSTANCE_INIT: /u01/config
ORACLE_SID: TDB190C

After pulling, let’s start the container with docker-compose.

docker-compose up -d tdb190c

In the background, the database will be created and configured – example output in Docker Desktop.

SQL Developer Connect

Verify in the Shell if the Oracle database and the listener are running – example output from the Trivadis Toolbox component TVD-Basenv.

Summary

The integration of Docker in Windows Subsystem for Linux is fast and easy to configure. I like the idea to run a lightweight VM inside my existing WSL. In future, before I think about to start a VMware or Virtual Box VM to do some Oracle testing stuff, I will verify if there is Docker image available. And I will definitely spend more time to discover the possibilities of Docker 🙂

Install Oracle 19c RDBMS on Oracle Linux 8 – avoid [WARNING] [INS-08101] Unexpected error while executing the action at state: ‘supportedOSCheck’

Oracle RDBMS 19c is now certified on Oracle Linux 8. Unfortunately the Oracle Universal Installer in Silent Mode fails when checking the OS version. My OS release:

[oracle@olten dbhome_1]$ cat /etc/oracle-release
Oracle Linux Server release 8.2

Oracle Universal Installer in Silent Mode

The OUI installer in silent mode stops and shows this error message: [WARNING] [INS-08101] Unexpected error while executing the action at state: ‘supportedOSCheck’. There is no parameter available like -ignoreOS or whatever, but two workarounds.

[oracle@olten dbhome_1]$ ./runInstaller -ignorePrereq -waitforcompletion -silent \
-responseFile /u01/app/oracle/product/19.0.0/dbhome_1/install/response/db_install.rsp \
oracle.install.option=INSTALL_DB_SWONLY \
> -responseFile /u01/app/oracle/product/19.0.0/dbhome_1/install/response/db_install.rsp \
> oracle.install.option=INSTALL_DB_SWONLY \
> ORACLE_HOSTNAME=mohnweg.kestenholz.net \
> UNIX_GROUP_NAME=oinstall \
> INVENTORY_LOCATION=/u01/app/oraInventory \
> SELECTED_LANGUAGES=en,en_GB \
> ORACLE_HOME=/u01/app/oracle/product/19.0.0/dbhome_1 \
> ORACLE_BASE=/u01/app/oracle \
> oracle.install.db.InstallEdition=EE \
> oracle.install.db.OSDBA_GROUP=dba \
> oracle.install.db.OSBACKUPDBA_GROUP=dba \
> oracle.install.db.OSDGDBA_GROUP=dba \
> oracle.install.db.OSKMDBA_GROUP=dba \
> oracle.install.db.OSRACDBA_GROUP=dba \
> SECURITY_UPDATES_VIA_MYORACLESUPPORT=false \
> DECLINE_SECURITY_UPDATES=true
Launching Oracle Database Setup Wizard...

[WARNING] [INS-08101] Unexpected error while executing the action at state: 'supportedOSCheck'
CAUSE: No additional information available.
ACTION: Contact Oracle Support Services or refer to the software manual.
SUMMARY:
- java.lang.NullPointerException
Moved the install session logs to:
/u01/app/oraInventory/logs/InstallActions2020-05-18_09-48-44AM

Workaround 1

Set the OS parameter in your terminal to a previous version and re-start the Oracle Universal Installer.

export CV_ASSUME_DISTID=OEL7.8

Workaround 2

Edit the file cvu_config which is located in $ORACLE_HOME/cv/admin, change the line from

# Fallback to this distribution id
#CV_ASSUME_DISTID=OEL5

to

# Fallback to this distribution id
CV_ASSUME_DISTID=OEL7.8

Save the file and re-start the Oracle Universal Installer.

Et voilà

Some moments later… the WARNING message about the inventory can be ignored. OUI has created there some files from the previous attempt.

Launching Oracle Database Setup Wizard...

[WARNING] [INS-32047] The location (/u01/app/oraInventory) specified for the central inventory is not empty.
   ACTION: It is recommended to provide an empty location for the inventory.
The response file for this session can be found at:
 /u01/app/oracle/product/19.0.0/dbhome_1/install/response/db_2020-05-18_10-04-19AM.rsp

You can find the log of this install session at:
 /tmp/InstallActions2020-05-18_10-04-19AM/installActions2020-05-18_10-04-19AM.log

As a root user, execute the following script(s):
        1. /u01/app/oraInventory/orainstRoot.sh
        2. /u01/app/oracle/product/19.0.0/dbhome_1/root.sh

Execute /u01/app/oraInventory/orainstRoot.sh on the following nodes:
[olten]
Execute /u01/app/oracle/product/19.0.0/dbhome_1/root.sh on the following nodes:
[olten]


Successfully Setup Software.
Moved the install session logs to:
 /u01/app/oraInventory/logs/InstallActions2020-05-18_10-04-19AM

Oracle Universal Installer in GUI Mode

In the OUI Graphical User Interface you can ignore the message which occurs when the installer starts:

Summary

The installation of the RDBMS software by GUI is not my favourite. I try to use the silent method whenever it’s possible. And with a small workaround, this can be successfully done with 19c on OL8.

Oracle Cloud Infrastructure and SSH Keys – Jump!

Jump!

In our Trivadis Oracle Cloud Infrastructure training environments, we never use direct access to an application or database server by a public IP address. For this case, we use an Oracle Linux based bastion host which acts as a jump host. For security reasons, I never put any SSH keys on a bastion host to connect from there to the target instances. If your bastion host is compromitted, your SSH keys are lost! In one of the last trainings, some participants had problems with. So I decided to blog about. This blog post shows you the different methods to connect to an Oracle Cloud Infrastructure private/public network by using a bastion host. 

SSH Keys

Oracle Cloud Infrastructure Linux based offerings like compute instances and virtual machines for databases are accessible by SSH key as per default. For working with these machines, I use these three types of SSH keys:

  • id_rsa_oci – Private key generated by ssh-keygen
  • id_rsa_oci.pub – Public key generated by ssh-keygen
  • id_rsa_oci.ppk – Puttygen-converted private key

This gives me the flexibility, to connect to running OCI instances on different ways like Putty, MobaXterm, Windows Subsystem for Linux, WinSCP etc. 

Oracle Cloud Infrastructure Sample Setup

 

Host Public IP Private IP Accessible by
Bastion Host 140.238.216.114 10.0.0.2 SSH 
Windows Application Server   10.0.1.2 RDP
Oracle Database Server   10.0.2.2 SSH

 

Reminder: In OCI only SSH port 22 is open in the subnet security lists as per default when the VCN is created by the VCN Wizard. If you want to allow connection from the public to the private subnet by RDP and Oracle Net, then port 3389 and 1521 must be added in the security list for the private subnet. Create stateful ingress rules and restrict the source connections to the bastion host private IP range.

Build your own SSH Tunnel

There different ways to build a SSH (tunnel) configuration to Oracle Cloud Infrastructure instances on a Windows based platform, my favourites:

  1. Windows Subsystem for Linux (WSL)
  2. MobaXterm
  3. Putty

Here are some connection examples how to work with instances in a private subnet via bastion host with this three methods. As a Windows 10 user, for some connections I d’ like to use WSL Ubuntu more and more – now available in version 20 🙂

1. Connect by using Windows Subsystem for Linux (WSL)

Test: Verify the Connection to the Bastion Host public IP Address

$ ssh -i .ssh/id_rsa_oci opc@140.238.216.114
Last login: Mon Apr 27 15:47:54 2020 from 139.178.22.30
[opc@bastion-host ~]$ oci-metadata | grep hostname
hostname: bastion-host

Database Server: SSH Connect via Bastion Host

This opens a session on the database server as user opc.

$ ssh -i .ssh/id_rsa_oci -o ProxyCommand="ssh -i .ssh/id_rsa_oci -W %h:%p opc@140.238.216.114" opc@10.0.2.2
Last login: Mon Apr 27 15:51:32 2020 from 10.0.0.2
[opc@dbsrv01 ~]$ sudo su - oracle
Last login: Mon Apr 27 15:51:47 UTC 2020 on pts/0
[oracle@dbsrv01 ~]$ . oraenv
ORACLE_SID = [DB0427] ?
The Oracle base has been set to /u01/app/oracle
[oracle@dbsrv01 ~]$ sqlplus / as sysdba

SQL*Plus: Release 19.0.0.0.0 - Production on Mon Apr 27 15:52:14 2020
Version 19.6.0.0.0

Copyright (c) 1982, 2019, Oracle. All rights reserved.


Connected to:
Oracle Database 19c Standard Edition 2 Release 19.0.0.0.0 - Production
Version 19.6.0.0.0

SQL> show pdbs

CON_ID CON_NAME OPEN MODE RESTRICTED
---------- ------------------------------ ---------- ----------
2 PDB$SEED READ ONLY NO
3 PDB01 READ WRITE NO

Database Server: Create a new SSH Tunnel to forward port 1521 as port 15210

This opens a connection to the bastion host.

$ ssh -i .ssh/id_rsa_oci -A -L 15210:10.0.2.2:1521 opc@140.238.216.114
Last login: Mon Apr 27 15:48:23 2020 from 139.178.22.30
[opc@bastion-host ~]$

Database Server: Connect to the Database by SQL Developer

Use port 15210 and localhost as hostname.

Verify the Oracle Net service name from the DBA panel menu.

Application Server: Create a new SSH Tunnel to forward port 3389 as port 33890

This opens a connection to the bastion host.

$ ssh -i .ssh/id_rsa_oci -A -L 33890:10.0.1.2:3389 opc@140.238.216.114
Last login: Mon Apr 27 15:48:23 2020 from 139.178.22.30
[opc@bastion-host ~]$

Application Server: Connect to the Windows Desktop by Remote Desktop Connection

Use port 33890 and localhost as hostname.

2. Connect by using MobaXterm

Database Server: SSH Connect via Bastion Host

This opens a session ion the database server as user opc.

Fill in Remote Host, Specify username and Port. Activate Use private key and select the local private SSH key in Putty format.

Activate Connect through SSH gateway, fill in Gateway SSH server, Port, User. Activate Use private key and select the local private SSH key in Putty format.

Start the session.

As you can see in the MobaXterm Header, X-Forwarding works too.

Database Server: Create a new SSH Tunnel to forward port 1521 as port 15210

Open MobaXterm Tunneling menu and add a New SSH tunnel. Fill in Forwarded port, Remote server, Remote port, SSH server, SSH login and SSH port. Save the tunnel settings. For an application server tunnel, just replace Remote server, Remote port and Forwared port settings.

Add the private SSH key in Putty format by click on the key icon. Start the tunnel.

Database Server: Connect to the Database by SQL Developer

Use port 15210 and localhost as hostname.

Verify the database control file settings from the DBA panel menu.

3. Connect by using Putty

Database Server: SSH Connect via Bastion Host

As prerequisite, I have created a Putty session called OCI Bastion Host for the jump host connection with the SSH private key in Putty format and user opc. This session is now used as Proxy.

Fill in database server private IP. The red one is the already existing session.

Add proxy command and save session settings. Optioanl enable proxy diagnostics.

plink "OCI Bastion Host" -agent -nc %host:%port

Open the new created session to connect to database server with user opc.

Application Server: Create a new SSH Tunnel to forward port 3389 as port 33890

This opens a connection to the bastion host. Fill in bastion host public IP. 

Add private key file in Putty format and enable checkbox Allow agent forwarding.

Add a port forwarding rule for RDP. Save session.

Open the new created session to enable port forwarding for Remote Desktop Protocol.

Application Server: Connect to the Windows Desktop by Remote Desktop Connection

Use port 33890 and localhost as hostname.

Alternative Method – Start Putty from Command Line

Start Putty with the port forwarding settings by command line. This opens a Putty session and port 3389 can be used. No addtional settings are required.

C:\> putty.exe -ssh -A -i C:\oci\ssh\id_rsa_oci.ppk -L 33890:10.0.1.2:3389 opc@140.238.216.114

Summary

A bastion host is an “easy-to-setup” alternative to a VPN connection without any huge infrastructure overhead. There are several ways how to connect & tunnel to the target servers. Use the method which are you familiar with it, but NEVER place SSH keys on a bastion host. 

And now: click here to make some noise – Jump by Van Halen

Links

OCI Database Backup Service Configuration – Avoid 401 Unauthorized Error

While I a preparing new exercises for an Oracle Cloud Infrastructure training, I ran into an issue while configuring the Oracle Database Backup Service for the Object Storage. The OCI backup module installer returns an error 401.

My Environment

  • Oracle Linux 7 Virtual Box Machine
  • Oracle 19c RDBMS

Backup Service Module Installation Error

The installation was done according the documenation https://docs.oracle.com/en/cloud/paas/db-backup-cloud/csdbb/oracle-database-cloud-backup-module-oci.html

oracle@ocivm01:~/ [ONPREM] java -jar oci_install.jar 
-host https://objectstorage.eu-frankfurt-1.oraclecloud.com 
-pvtKeyFile /home/oracle/.ssh/oci_api_backup_key.pem 
-pubFingerPrint 1c:79:c5:d5:e4:3a:6e:f5:07:xx:xx:xx 
-uOCID ocid1.user.oc1..aaaaaaaanqt5qrcbwwseeud7cjfxqcip123456789abcdefghi 
-tOCID ocid1.tenancy.oc1..aaaaaaaac3gjl7xgpxu3wmmqh2ha123456789abcdefghi 
-walletDir $ORACLE_BASE/opc_wallet 
-libDir $ORACLE_HOME/lib 
-configFile /u01/app/oracle/admin/ONPREM/opc_config/ONPREM.ora 
-bucket db_backup_doag00

Error Message – java.io.IOException: testConnection: 401 Unauthorized

Oracle Database Cloud Backup Module Install Tool, build 12.2.0.1.0DBBKPCSBP_2018-11-09
Error: Could not authenticate to Oracle Database Cloud Backup Module
Exception in thread "main" java.lang.RuntimeException: java.io.IOException: testConnection: 401 Unauthorized.
at oracle.backup.opc.install.BmcConfig.testConnection(BmcConfig.java:305)
at oracle.backup.opc.install.BmcConfig.doBmcConfig(BmcConfig.java:164)
at oracle.backup.opc.install.BmcConfig.main(BmcConfig.java:156)
Caused by: java.io.IOException: testConnection: 401 Unauthorized.
at oracle.backup.opc.install.BmcConfig.testConnection(BmcConfig.java:290)
... 2 more

What I have verified:

  • Private key format and permissions
  • OCIDs
  • FingerPrint

But all of them were correct. There is no My Oracle Support note available about this error together with Oracle Database Backup Service. But after some more investigation, I found this note here: EBSCloudBackup.pl Failed When Performing Database Tier Upload Task (Doc ID 2588278.1) – bingo! This note described exactly my case with the cloud backup. The machine time is wrong!

My actual Machine Time and Date

The timezone CEST is correct. But wait, here in Kestenholz at the famous Jurasüdfuss / Switzerland, we have 14:38 local time. The virtual machine was 2 hours “in the future”. Let’s install the NTP service deamon.

oracle@ocivm01:~/ [ONPREM] timedatectl
      Local time: Fri 2019-10-11 16:38:39 CEST
  Universal time: Fri 2019-10-11 14:38:39 UTC
        RTC time: Fri 2019-10-11 14:38:40
       Time zone: Europe/Zurich (CEST, +0200)
     NTP enabled: no
NTP synchronized: no
 RTC in local TZ: no
      DST active: yes
 Last DST change: DST began at
                  Sun 2019-03-31 01:59:59 CET
                  Sun 2019-03-31 03:00:00 CEST
 Next DST change: DST ends (the clock jumps one hour backwards) at
                  Sun 2019-10-27 02:59:59 CEST
                  Sun 2019-10-27 02:00:00 CET

NTP Installation and Configuration

[root@ocivm01 ~]# yum -y install ntp
[root@ocivm01 ~]# systemctl start ntpd
[root@ocivm01 ~]# systemctl enable ntpd

Now the time is right:

oracle@ocivm01:~/ [ONPREM] timedatectl
Local time: Fri 2019-10-11 14:42:40 CEST
Universal time: Fri 2019-10-11 12:42:40 UTC
RTC time: Fri 2019-10-11 14:42:19
Time zone: Europe/Zurich (CEST, +0200)
NTP enabled: no
NTP synchronized: no
RTC in local TZ: no
DST active: yes
Last DST change: DST began at
Sun 2019-03-31 01:59:59 CET
Sun 2019-03-31 03:00:00 CEST
Next DST change: DST ends (the clock jumps one hour backwards) at
Sun 2019-10-27 02:59:59 CEST
Sun 2019-10-27 02:00:00 CET

OCI Backup Configuration – 2nd Try

Now the oci_installer.jar runs fine and the configuration will be created. Et voilà.

Oracle Database Cloud Backup Module Install Tool, build 12.2.0.1.0DBBKPCSBP_2018-11-09
Oracle Database Cloud Backup Module credentials are valid.
Backups would be sent to bucket db_backup_doag00.
Oracle Database Cloud Backup Module wallet created in directory /u01/app/oracle/opc_wallet.
Oracle Database Cloud Backup Module initialization file /u01/app/oracle/admin/ONPREM/opc_config/ONPREM.ora created.
Downloading Oracle Database Cloud Backup Module Software Library from Oracle Cloud Infrastructure.
Download complete.

Lesson learned

Take care about time and date settings when you build virtual machines for testing purposes. And aways install a time service like NTP or chrony.

Monitor your Oracle Cloud Free Tier with Grafana on Oracle Linux 8

In a previous blog post I wrote about monitoring Oracle Cloud Infrastructure components by Grafana. In the meantime, we got the Oracle Cloud Free Tier. Here is an updated version.

This blog post shows you how to install and configure the Grafana plugin based on the Oracle blog entry https://blogs.oracle.com/cloudnative/data-source-grafana on an Oracle Enterprise Linux 8 server.

Steps to monitor the Oracle Cloud Free Tier by the OCI Grafana Plugin

  1. Install and configure the Oracle Cloud Infrastructure CLI – by download or by YUM install
  2. Configure Group, User and Policy in Oracle Cloud Infrastructure Console
  3. Install Grafana and the OCI Plugin
  4. Configure the Grafana DataSource
  5. Create a new Dashboard with OCI Metrics

Machine Requirements

The server needs access to the internet.

Install and configure the Oracle Cloud Infrastructure CLI

Link: https://docs.cloud.oracle.com/iaas/Content/API/SDKDocs/cliinstall.htm

In this step, the software will be installed an configured. The new created SSH public key has to be added in the OCI console for further actions.

As OS user root we create a new user for OCI actions. 

# groupadd oci
# useradd oci -g oci
# passwd oci

Login as user oci, execute the CLI download and installation script. Answer questions with Y / Enter to get the default installation.

$ bash -c "$(curl -L https://raw.githubusercontent.com/oracle/oci-cli/master/scripts/install/install.sh)"

Default values:

install directory /home/oci/lib/oracle-cli
executable directory /home/oci/bin
OCI scripts /home/oci/bin/oci-cli-scripts
optional CLI packages db
shell/tab completion Y
path to rc file /home/oci/.bashrc

 

After the successful CLI installation, you have to configure it.

$ /home/oci/bin/oci setup config

Based on your OCI account, these information are required – let the config and key location on default values.

config location /home/oci/.oci/config
user OCID OCI > Identity > Users > [YOUR_USER] > OCID
tenancy OCID OCI > Administration > Tenancy Details > [YOUR_TENANCY] > OCID
region choose your region, e.g. eu-zurich-1
generate a new key pair Y -> only if you don’t have already created a key pair
key directory /home/oci/.oci
key name oci_api_key

 

Add the content of the public key file in the OCI console to your user which you want to work with.

Attention: Be sure that you add the public key to the user which you have used for the CLI configuration!

Test the CLI configuration – example to list all compartments in your tenant.

$ /home/oci/bin/oci iam compartment list --all | grep name
      "name": "ManagedCompartmentForPaaS",
      "name": "Mohnweg",

Alternative Method Oracle Linux 7 – YUM Repository

Thanks to Sergio Leunissen from Oracle for his input, the Python SDK and oci utilities are is available in the YUM repository too and ready to install. Take a look at his blog post to see how to work with the Python SDK and OCI metadata:

Configure Group, modify User and add a Policy in Oracle Cloud Infrastructure Web Interface

Group

Create a new OCI group called Grafana. OCI > Identity > Groups.

Modify User

Add the selected user to the group – for example this is my user.

Add a Policy

Create a new policy called GrafanaPolicy. OCI > Identity > Policies.

allow group grafana to read metrics in tenancy
allow group grafana to read compartments in tenancy

Install Grafana and the OCI Plugin

Link: https://grafana.com/grafana/download?platform=linux

Login as user root and install Grafana.

# wget https://dl.grafana.com/oss/release/grafana-6.3.6-1.x86_64.rpm
# yum localinstall grafana-6.3.6-1.x86_64.rpm

Enable auto start and start the Grafana server manually.

# systemctl enable grafana-server.service
# systemctl daemon-reload
# systemctl start grafana-server

Enable port 3000 (Grafana default port in firewall – the port can be changed in /etc/grafana/grafana.ini) to provide web access to Grafana.

# firewall-cmd --permanent --zone=public --add-port=3000/tcp
# firewall-cmd --reload

# firewall-cmd --permanent --zone=public --list-ports
3000/tcp

Install the Grafana Oracle Cloud Infrastructure oci-datasource plugin.

# grafana-cli plugins install oci-datasource
# service grafana-server restart

Verify the Grafana plugin directory with the installed plugin.

# ls -la /var/lib/grafana/plugins
total 0
drwxr-xr-x. 3 grafana grafana 28 Sep 30 08:05 .
drwxr-xr-x. 4 grafana grafana 50 Sep 30 08:04 ..
drwxr-xr-x. 3 root    root    18 Sep 30 08:05 oci-datasource

Grafana needs the configuration file and the SSH Key from the user oci. As user root, copy the files and set the ownership to OS user grafana.

# cp -r /home/oci/.oci /usr/share/grafana
# chown -R grafana:grafana /usr/share/grafana/.oci

Change the path to the key file in /usr/share/grafana/.oci/config.

# vi /usr/share/grafana/.oci/config

From:

key_file=/home/oci/.oci/oci_api_key.pem

To:

key_file=/usr/share/grafana/.oci/oci_api_key.pem

Create a new Dashboard based on OCI Metrics

Open your browser and log in into Grafana with [SERVERNAME]:3000. Username and password are admin/admin. You have to change your initial password imme diately.

Add data source

Select Oracle Cloud Infrastructure

Configure the Data Source

Fill in your tenancy OCI, region and set Environment = Local. Test the connection. For troubleshooting see Grafana logfile in directory /var/log/grafana. If your default region like ZRH / EU-ZURICH-1 is not listed, then you have to edit the a plugin file as described below. Otherweise no metrics are shown.

Example to use Grafana for the Datacenter eu-zurich-1:

Edit the file /var/lib/grafana/plugins/oci-datasource/dist/constants.js and add your missed region – restart Grafana.

_export('regions', regions = ['ca-toronto-1', 'eu-frankfurt-1', 'uk-london-1', 'us-ashburn-1', 'us-phoenix-1','eu-zurich-1']);

Error message in the grafana.log when your region is not added in file content.js but you select the region as data source:

{ RawResponse={400 Bad Request 400 HTTP/1.1 1 1 map[Content-Length:[105] 
 Content-Type:[application/json] Date:[Mon, 30 Sep 2019 06:21:25 GMT] 
Opc-Request-Id:[777d41435b6f545f2aab5f1e10d9f278/15461D7746D5EAD60CC00B46095A5BDE/FD316A5328D8FD17D0B68205CF5C80F4]] 
0xc0004c64c0 105 [] false false map[] 0xc0 00150800 0xc000133b80} Items=[] 
OpcRequestId=<nil> }\n: Service error:InvalidParameter. token recognition error at 
: '$'\n $metric[1m].max()\n . http status code: 400. Opc request id: 777d41435b6f545f2aab5f1e10d9f278/15461D7746D5

Create a new Dashboard and Add Query

Create a Query to visualize Data

In this dashboard example I used the region eu-zurich-1, my compartment, the namespace oci_autonomous_database and the metric CpuUtilization.

There are a lot of other metrics available like:

  • CurrentLogons
  • ExecutionCount
  • Sessions
  • StorageUtilization (in %)
  • etc.

Available Metrics

 Learn more about metrics and monitoring in the OCI documentation here:

Summary

The OCI Grafana plugin is a nice solution to visualize your Oracle Cloud Free Tier environment based on Open Source software. Take care, Grafana needs access to the OCI CLI SSH information for the Oracle Cloud Infrastructure connection.