Pre-setup steps for the Hybrid cloud include setting up one of your local Enterprise Manager agents (either on the OMS server or a target server, the latter is preferred) as the Hybrid Gateway agent, creating SSH keys for the OMS server, and creating a Named Credential with SSH key credentials for the hybrid cloud.
In the first part of this article series, we looked at the first two pre-steps. We will now continue.
Pre-Step 3:
Create a Named Credential for use with the Hybrid Cloud as follows.
Create a Named Credential “NC_OPC_DBCS”, this should be selected with “Authenticating Target Type” as “Host”, and “Credential Type” as “SSH Key Credentials”, and “Scope” as “Global”.
If “SSH Key Credentials” do not appear in the drop down list of Credential Type, then you need to run the work-around listed in My Oracle Support (MOS) Note 1640062.1, this is a PL/SQL block to be executed as SYSMAN in the OMS repository.
On the create screen, in the private and public key fields, cut and paste the appropriate SSH keys from the Oracle Home’s .ssh directory. This is shown in the screenshot below.
Pre-Step 4:
When running the Enterprise Manager deployment procedure “Clone to Cloud” that we will see later on, the “Secure Copy Files” step may fail with the error message "rsync: Failed to exec ssh: Permission denied (13)” in certain cases where the local OMS server has been set up with “enforcing” SELINUX security.
A quick workaround to this is to change SELINUX to “permissive” in the file /etc/selinux/config, as the root user on the OMS server:
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=permissive
# SELINUXTYPE= can take one of these two values:
# targeted - Targeted processes are protected,
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
Reboot your system. After reboot, confirm that the getenforce command returns permissive:
[root@em12c ~]# getenforce
Permissive
Note that if your company mandates that SELINUX should be set to “enforcing” for security reasons, then you will need to configure the SELINUX to allow RSYNC to be executed from the agent (i.e. via script).
This is more complicated than the quick workaround above, and as such is beyond the scope of this article. You will need to work with your security administrator for the correct steps to set up SELINUX to allow individual commands such as RSYNC.
Other Requirements
The other requirements are as follows, and these are obvious. You will need an account (either trial or production) for the Oracle Public Cloud (OPC) at cloud.oracle.com, for the Database Cloud Service.
You will have created an Oracle database service (a server with an Oracle database) on the Oracle public cloud in advance, and it would be up and running.
You will need the IP address of this cloud database server which will be used in this Hybrid Cloud setup. You would have also set up putty access from your laptop to the cloud database server.
For example, the following screenshot shows an Oracle Public Cloud database server that has been created. The IP address is displayed, but blanked out for privacy reasons.
Note that we have created the “Extreme Performance” type of Enterprise Edition database, so that the Enterprise Manager Management packs such as Diagnostics, Tuning, Database Lifecycle Management (DBLM) Packs etc. can be used on the cloud database. The type of database is also displayed in the screenshot below.
You can then install the Hybrid Cloud Agent as follows.
Initial Steps
Login as the oracle unix user to the EM12c OMS Server, and change to the .ssh directory under the oracle unix home:
cd .ssh
Open the file “id_rsa.pub” in this directory using vi, and copy the text to the clipboard.
This is the OMS server public key. This was generated during the pre-setup steps (as explained in the pre-setup instructions).
From your laptop, open an SSH session using Putty to the OPC database server, and as the oracle unix user, perform these steps:
cd ~/.ssh
vi authorized_keys
In this file, paste the OMS public key (make sure no line breaks), and save the file.
Then from a UNIX session on the OMS server, ssh to the Oracle Public Cloud database server using the IP address, and accept the connection when asked.
We continue the Hybrid Cloud setup using Enterprise Manager, in Part III of this article series.