1. Oracle Exadata Database Machine Getting Started Guide
  2. Prerequisites

2 Prerequisites

This chapter provides the prerequisites for Exadata Database Machine discovery.

The following topics are discussed:

Create a Database Server ILOM Service Processor User

For the Enterprise Manager Agent to communicate with an ILOM service processor, there must be a specific user ID established on the ILOM service processor.

Note:

Adding the specific user ID requires administrator level privilege on the ILOM service processor.

The specific ILOM user ID can be added in the ILOM service processor web interface, ILOM CLI, or with the ipmitool command. This example uses ILOM CLI.

For security reasons, the password to the ILOM service processor root user ID does not appear in the ILOM CLI commands in this example.

  1. Log in to the Service Processor as root:
    # ssh root@[Service Processor IP]
Password:
  2. Change to the users directory:
    # cd /SP/users
  3. Create the oemuser user and password:
    # create oemuser

Creating user...
Enter new password: ********
Enter new password again: ********

Created /SP/users/oemuser
  4. Change to the new user's directory and set the role:
    # cd oemuser
/SP/users/oemuser

set role='cro'
Set 'role' to 'cro'
  5. Test the ILOM user ID created in step 3 by listing the last 10 system events:

    • For Exadata X2 through X4:

      # ipmitool -I lan -H <ilom_hostname> -U oemuser -P <oemuser password> -L USER sel list last
      10\

    • For Exadata X5 and above (requires the -I lanplus command option): 

      # ipmitool -I lanplus -H <ilom_hostname> -U oemuser -P <oemuser password> -L USER sel list last 10
  6. Repeat steps 1 through 5 for the rest of the compute node ILOM service processors in your Oracle Database Machine.

Create an ExaCLI or RESTful API User

Enterprise Manager can monitor Exadata Storage Servers using cellcli, exacli, or RESTful API. In order to monitor and/or manage Exadata Storage Servers through exacli or the RESTful API, a user must be created and provided for Exadata Database Machine discovery. For more information on exacli or RESTful API user creation, see the Cell node sections in both Example 9-9 and Example 9-10 in Creating Users for Use with ExaCLI in Oracle Exadata Database Machine Maintenance Guide. These examples provide the steps to create both the celladministrator user and the cellmon user. Review the following best practice guidelines/requirements to determine if the celladministrator user is required:

  • As a best practice of using the least privileged user for an operation, always create and use the cellmon user for the monitoring credentials.

  • Create the celladministrator user only if one or both of these activities are required:

    • Set up of SNMP subscriptions for the Exadata Storage Servers

    • IORM administration

  • During discovery, for the Exadata Storage Server credentials, the following are the best practice recommendations/requirements:

    • Supply the cellmon user credentials if selecting exacli or RESTful API for monitoring

    • If setting up SNMP subscriptions, supply the celladministrator credentials for the SNMP setup (the celladministrator credential is required)

      Note:

      If SNMP subscriptions are not configured, then Enterprise Manager will not monitor key events such as hardware failures.

  • While making IORM change through Enterprise Manager, use the celladministrator credential.

Create an Exascale Monitoring User

Starting with Exadata System Software version 24.1, Enterprise Manager offers the capability to monitor Oracle Exadata Exascale. To monitor Exascale, create a user on the cluster with appropriate privileges. The user authentication uses public-private key pairs.

For the purpose of this example and throughout this document, the monitoring user will be esmonitor. See Oracle Exadata Exascale User-Specific Administration in Exascale User's Guide.

For use with Exascale, the public and private keys must be in PEM format. To create a key pair, use standard utilities such as openssl or the ESCLI utility on the Exadata compute node:

  1. Create a directory for your monitoring key pair:
    mkdir /home/oracle/eskey
  2. Protect this directory from access by other users:
    chmod 700 /home/oracle/eskey
  3. Generate your key using ESCLI:
    /opt/oracle/dbserver/dbms/bin/escli
    mkkey --private-key-file /home/oracle/eskey/esmonitor-priv.pem --public-key-file /home/oracle/eskey/esmonitor-pub.pem
  4. Protect your key from unauthorized access:
    chmod 600 /home/oracle/eskey/esmonitor-priv.pem /home/oracle/eskey/esmonitor-pub.pem
  5. Provide your public key to the Exadata Exascale administrator to provision your monitoring user.
  6. As the Exadata Exascale administrator, create the monitoring user, grant monitoring privileges and configure with the user's public key:
    escli --wallet <admin wallet location> ----ctrl <ExaCTRL server"port>
    mkuser esmonitor --id esmonitor
  7. Grant privileges to monitor the cluster and all vaults in the cluster:
    chuser esmonitor --privilege cl_monitor
    chuser esmonitor ---privilege +vlt_read
  8. Associate the public key with the user:
    chuser esmonitor --public-key-file1 esmonitor-pub.pem

Create SNMPv3 Users

If SNMPv3 will be used for Oracle Exadata Database Machine monitoring, ensure that the necessary SNMPv3 users are created on the components prior to discovering the Exadata to fully leverage monitoring through Enterprise Manager.

Note:

Oracle does not recommend to use MD5 as the AuthProtocol while creating SNMPv3 user for security reasons.

Create SNMPv3 Users on Compute Nodes and Storage Servers

The commands required to create SNMPv3 users on compute nodes and storage servers are similar, but make use of different command line interfaces and object names. In the following examples, run cellcli to get to the interactive prompt if on a storage server, and run dbmcli to get to the interactive prompt on a compute node. Specify the appropriate object name, cell and dbserver for compute node. The instructions differ between Exadata System Software releases. Please see the details for the respective Exadata System Software version in the sections below.

Note:

For additional information on these commands, please see the following references:
  • For information on CellCLI and the alter cell command, see Using the CellCLI Utility in the Oracle Exadata System Software User’s Guide.
  • For information on DBMCLI and the alter dbserver command, see Using the DBMCLI Utility in the Oracle Exadata Database Machine Maintenance Guide.
Create Individual SNMPv3 Users on Exadata 19.3 and Above

Exadata System Software version 19.3 and above supports maintaining SNMPv3 users individually. Use the following command to create an SNMPv3 user.

CLI> alter <cell|dbserver> snmpuser.<username> =(authprotocol=SHA,authpassword=<password>,privprotocol=AES,privpassword=<password>)

In the above command,

  • name: The user name

  • * is the only allowed value for the password

  • authProtocol: The authentication protocol. The supported protocol is SHA. The system prompts for the authentication password. The authentication password must have 8 to 12 alphanumeric characters.

  • privProtocol: Encryption protocol. The options supported are none, AES, and DES. The default value is none when privProtocol attribute is not specified. The system prompts for an encryption password if the encryption protocol is specified. The password must be exactly 8 alphanumeric characters long, and is case sensitive.

To change the password for an existing user:

CLI> alter <cell|dbserver> snmpuser.<username> =(authprotocol=SHA,authpassword=<newpassword>)

To delete a user:

CLI> alter <cell|dbserver> snmpuser.<username> =''
Create All SNMPv3 Users on Exadata 19.2. and Below

Exadata System Software versions 19.2 and below require maintenance of SNMPv3 users as a complete set. Use the following command to create an SNMPv3 user.

Note:

Be sure to include the details of all SNMPv3 users while creating a new user as the set will be replaced with this command. 
CLI> alter <cell|dbserver> snmpUser=((name=<username>, authProtocol=SHA, authPassword=<password>, privProtocol=DES, privPassword=<password>)[,<repeat_with_details_as_necessary_for_additional_users>])

Create SNMPv3 Users on Cisco Ethernet Switches

The below commands configure an SNMP user with authentication and privacy parameters on the Cisco Ethernet switches running NX-OS including the admin switch, and if this is a Exadata X8M, the RoCE switches.

Starting with Enterprise Manager 13.5 Release Update 13, while configuring SNMP, Enterprise Manager does not support AUTH protocol DES and PRIV protocol MD5 in Cisco Ethernet switches running NX-OS.

The passphrase can be any case-sensitive, alphanumeric string up to 64 characters.

switch# configure terminal
switch(config)#
switch(config)# snmp-server user <username> auth sha <passphrase> priv aes-128 passphrase

The below command displays information about one or more SNMP users.

switch(config)# show snmp user

Once all the configuration changes are done, the below command will save the configuration in persistent memory .

switch(config)# copy running-config startup-config
Create SNMP Community on Cisco Ethernet Switches

The below commands configure an SNMP community on the Cisco Ethernet switches running NX-OS including the admin switch, and if this is a Exadata X8M, the RoCE switches. 

switch# configure terminal
switch(config)#
switch(config)# snmp-server community <community> ro

The below command displays information about one or more SNMP communities.

switch(config)# show snmp community

Ensure that the ACL is not assigned to the community string.

Once all the configuration changes are done, the below command will save the configuration in persistent memory .

switch(config)# copy running-config startup-config

Create an SNMPv3 User in IB Switches

If the Exadata to be discovered is an IB Exadata, follow the below commands to create an SNMPv3 user on the IB switches.

Log in to the ILOM CLI of the switch as ilom-admin user.

Create the SNMPv3 user account by using the following create command: 

> create /SP/services/snmp/users/<v3user> privacyprotocol=<privacvy_protocol> privacypassword=<privacy_password> authenticationprotocol=<authentication_protocol> authenticationpassword=<authentication_password>

For example,

> create /SP/services/snmp/users/v3adminuser privacyprotocol=AES privacypassword=mypassword1 authenticationprotocol=SHA authenticationpassword=mypassword2

The user is created as part of the discovery flow of the switch. This is required only if the you want to explicitly add an SNMPv3 user.

To edit the SNMPv3 user account, run the following set command: 

> set /SP/services/snmp/users/<v3user> privacyprotocol=<privacvy_protocol>  privacypassword=<privacy_password> authenticationprotocol=<authentication_protocol> authenticationpassword=<authentication_password>

Run the following command to display information about one or more SNMP users:

> show -d properties /SP/services/snmp/users/<username>
Create SNMP Community for InfiniBand Switch Targets

Note:

To configure the SNMP community for an InfiniBand Switch:

  1. Log in to the InfiniBand Switch ILOM web interface using the URL https://<ib_switch_hostname> as root.

    Note:

    Try using Internet Explorer if the console does not display all fields/values in your browser of choice.

  2. Click ILOM Administration, then Management Access, and finally SNMP.
  3. Ensure the following values are set:
    State=Enabled
Port=161
Protocols=v1,v2c,v3

    If you need to make changes, make sure you click Save.

  4. Click ILOM Administration, then Management Access, then SNMP, and finally the Communities link. The page scrolls to the SNMP Communities table. In the SNMP Communities table, click Add.

    A new window opens.

  5. Type the community name into the Community Name field. Select the permissions from the Permission drop-down menu. Click Save.

    The community is created, and the window closes.

  6. Click Alert Management.
  7. If not already listed, for each Agent that monitors the InfiniBand Switch target, select an empty alert (one that has the Destination Summary 0.0.0.0, snmp v1, community 'public') and click Edit. Provide the following values:
    Level = Minor
Type = SNMP Trap
Address = [agent compute node hostname]
Destination Port = [agent port]
SNMP Version = v1
Community Name = public

    Click Save.

Enable SNMPv3 on PDUs

Follow the below steps to enable SNMPv3 on the PDUs.

  1. Access the PDU metering unit from a system on the network.
  2. Click on the Net Configuration link and log in as an admin user.
  3. Select the SNMP-Access tab.
  4. Click the SNMP v3 Enable checkbox to enable SNMP v3.
  5. Click Submit.

Create an SNMPv3 user on PDUs

Follow the below steps to create an SNMPv3 user on the PDUs.

  1. Access the PDU metering unit from a system on the network.
  2. Click on the Net Configuration link and log in as an admin user.
  3. Select the SNMP-Access tab.
  4. In the SNMPv3 table, perform the following
    1. Enter the SNMPv3 UserName.
    2. Select the Security Level auth / priv.
    3. Select SHA as the Auth Algorithm.
    4. Enter the Auth Password.
    5. Select AES as the Privacy Algorithm.
    6. Enter the Privacy Password.
    7. Select Enable.
  5. Click Submit.
Create SNMP Community on PDUs

Follow the below steps to create an SNMP community on the PDUs.

  1. Access the PDU metering unit from a system on the network.
  2. Click on the Net Configuration link and log in as an admin user.
  3. Select the SNMP-Access tab.
  4. In the NMS (SNMPv1/v2) table, perform the following
    1. Enter the SNMP IP address or host name of the first monitoring agent.
    2. Select the privacy level for read-write community as private or public.
    3. Select the privacy level for read-only community as private or public.
    4. Select the type of access from the menu.
    5. Select Enable.
  5. Click Submit.

Verify Software Versions

Verify the following software versions:

Exadata Storage Server Software

See Oracle Exadata Database Machine Supported Hardware and Software for specific supported Exadata Software releases. To verify the software version on the Exadata Storage Server, ssh to the Exadata Storage Server as the root, celladmin, or cellmonitor user. Run: 

# cellcli -e 'list cell detail'

Look for releaseVersion in the output.

InfiniBand Switch

To verify the version of the InfiniBand switch firmware in your environment:

  1. Log on to the management interface for the InfiniBand Switch (using SSH).
  2. Run the following command:
    # nm2version

    The output should be similar to this:

    # nm2version
Sun DCS 36p version: 2.2.13-2

    This example shows a supported configuration for deploying the plug-in to monitor.

  3. If the nm2version command returns output similar to this:
    # nm2version
NM2-36p version: 1.0.1-1

    Then you must upgrade your InfiniBand switch firmware. Follow the instructions listed in My Oracle Support (MOS) Document 888828.1

Cisco Ethernet Switch

Use the show version command to list the BIOS version, NXOS version, and the model details.

Log on to the management interface for the Cisco Switch (using SSH). Run the following command:

#show version

Here's an example output to the command:

Software
  BIOS: version 05.38
  NXOS: version 7.0(3)I7(8)
  BIOS compile time: 06/12/2019
  NXOS image file is: bootflash:///nxos.7.0.3.I7.8.bin
  NXOS compile time: 3/3/2020 20:00:00 [03/04/2020 04:49:49]

Hardware
  cisco Nexus9000 C9336C-FX2 Chassis
  Intel(R) Xeon(R) CPU D-1526 @ 1.80GHz with 24571608 kB of memory.
  Processor Board ID FDO230701AK

PDU Firmware

The PDU firmware version must be 2.10 or later. The current version can be obtained by logging into the web interface of the PDU. On the left side of the screen, click Module Info to view the PDU firmware version.

Software updates for the PDU are available at:

https://updates.oracle.com/Orion/PatchDetails/process_form?patch_num=12871297

Grid Infrastructure/DB Cluster

Grid Infrastructure/DB Cluster is required to be up and running before discovery.

Verify Names Resolution

The Enterprise Manager OMS server(s) require direct network access to each of the compute nodes. If the names of the compute nodes are not registered in the OMS nodes' DNS, then they will have to be manually entered in the /etc/hosts file for each OMS.

Each compute node should be verified to be able to resolve the hostnames of the ILOM servers, PDU's, Exadata Storage Servers, and InfiniBand and Cisco switches. Again, if the names of those components are not registered in DNS, then entries can be added to the /etc/hosts file of each compute node.

To manage the Exadata Database Machine components from Enterprise Manager Cloud Control 13c, it is necessary for your local machine to be able to resolve the host name of Cloud Control 13c.

To access any of the Exadata Database Machine components directly from your local machine, it is also necessary for your local machine to be able to resolve the names of those components.

Verify Firewall Configuration

To verify the firewall configuration:

  1. Enable ping

    In many secure network environments, it is normal for the ping service to be disabled. Enterprise Manager uses ping to establish the basic availability and status of the Exadata Database Machine components.

    • The compute nodes need to have the ping service and port enabled from the OMS Server(s).

    • All other Exadata Database Machine components (ILOM servers, PDU's, Exadata Storage Servers, InfiniBand switches, and Cisco switch) need to have the ping service and port enabled from the compute nodes (where the agents are running).

    Note:

    The ping traffic overhead is minimal. The agent pings the targets every five minutes.

  2. Open Database Ports

    The database listener ports must be opened for the Enterprise Manager OMS server(s). Note that Exadata Database Machine databases will use SCAN listeners; so, ports will need to be opened for the base compute node, the compute node virtual IP, and scan listeners addresses.

    For example, if an Exadata Database Machine quarter rack has been configured with two compute nodes - exadbnode1.example.com and exadbnode2.example.com - and the listeners are using port 1521, then port 1521 will have to be opened to the Enterprise Manager Server for the following addresses:

    • The compute node hostnames - exadbnode1.example.com and exadbnode2.example.com

    • The virtual IPs for each compute node - exadbnode1-vip.example.com and exadbnode1-vip.example.com

    • The scan listener hostname - scan-exadatadb

  3. Open Enterprise Manager Upload Port

    The Enterprise Manager Cloud Control 13c agents require access to the Enterprise Manager Servers upload service, normally configured on port 4889 for HTTP uploads and 4900 for HTTPS. To verify the ports assigned, run the following command on the OMS server command line. 

    $ emctl status oms -details

    These ports will need to be opened for each of the compute nodes.

  4. Open Agent Ports

    The OMS server(s) will need to be able to connect to the Enterprise Manager Cloud Control 13c Agent HTTP/HTTPS port on each compute node. The Agent port defaults to 3872. If port 3872 is not available, the next available port starting from port 1830 is used.

    To identify the port used:

    • Run the following command on the compute node command line:

      $ emctl status agent

    • Alternatively, you can look for the value of the EMD_URL property in the emd.properties file the following directory: <AGENT_HOME>/agent_inst/sysman/config

  5. Open SSH Ports (port 22)

    The Enterprise Manager Cloud Control 13c Agents require ssh access to the Exadata Database Machine components they monitor. As the Agents will run on the compute nodes the ssh ports, 22, on each of the Exadata Storage Servers, ILOMs, PDUs, InfiniBand switches, and Cisco switch will need to be opened for each of the compute nodes.

  6. Allow UDP Traffic (SNMP Ports) (Port 162)

    All Exadata Database Machine components need to be able to send SNMP traps to the Agents running on the compute nodes. SNMP uses the UDP protocol so the Agent port and port 162 need to be opened for UDP traffic between the Exadata Storage Servers, ILOMs, InfiniBand Switches, Cisco Switch, and the Agent.

Table 2-1 Firewall Ports

Component Ping service and port SNMP* SSH (port 22) Notes

PDU

From remote agent

Yes

Yes

Compute node ILOM

From remote agent

Yes

Yes

  1. Remote agent needs to be able to SSH to dom0.

  2. Need SNMP port open on dom0.

dom0

From remote agent

Yes

Yes

Exadata Storage Server

From remote agent

Yes

Yes

InfiniBand Switch

From remote agent

Yes

Yes

Cisco Switch

From remote agent

Yes

Yes

OMS

Yes

Upload http/https port - usually 3872

Agent

The OMS server(s) will need to be able to connect to the Enterprise Manager Cloud Control Agent HTTP/HTTPS port on each compute node. The Agent port defaults to 3872. If port 3872 is not available, the next available port starting from port 1830 is used.

User Roles

To manage the Exadata Database Machine in Enterprise Manager, you should consider creating Enterprise Manager roles and assigning them to the appropriate Enterprise Manager users. Creating these roles restricts the privileges that each user has, for example in deleting the plug-in or accessing reports. See Oracle Exadata Database Machine Administration.

Install Oracle Management Agent

Enterprise Manager Exadata discovery supports the use of either management network hostname or client network hostname for the compute nodes. When installing the Oracle Management Agent on the compute nodes, you should use the same hostname as used in Oracle Clusterware.

You can identify the hostname of the nodes in the cluster by running the olsnodes command on one of the compute nodes. It is recommended that a fully qualified hostname, including the domain name, be used when specifying an Oracle Management Agent hostname.

Oracle Management Agents need to be installed on each compute node and must not be installed on any other Exadata Database Machine components. For physical Exadata, the agents should be installed on each compute node. For virtual Exadata, the agents should be installed on each domU (virtual machine), and not on the dom0 (hypervisor).

For information on installing agents, refer to Installing Oracle Management Agents in Cloud Control Basic Installation Guide.

Manually Deploy Exadata and Related Plug-ins

Exadata and Systems Infrastructure plug-ins are the default plug-ins and are available for use. The. Virtual Infrastructure plug-in must be manually deployed in OMS as well as agent before starting the discovery process for Virtual Exadata.

You may need to manually deploy the Exadata and related plug-ins to the agents on each of the compute nodes when upgrading an existing agent plug-in installation. Deploy the Exadata, Systems Infrastructure, and for virtual Exadata the Virtual Infrastructure plug-ins manually if an older version of the plug-in(s) has been deployed to the agent already and you would like to upgrade to the latest version of the plug-in(s) deployed on the OMS.

To determine if the Exadata, Systems Infrastructure, and Virtual Infrastructure plug-ins are deployed on each compute node and what versions they are, you have two options:

  • From a terminal window, run the following command:

    emctl listplugins agent

    Note:

    The emctl listplugins agent command must be run on the compute node using the emctl in the agent installation directory.

  • From Enterprise Manager Cloud Control, click the Setup menu (upper right corner), Extensibility, and then Plug-ins.

To manually deploy the Exadata and related plug-ins:

  1. From the Enterprise Manager home page, click the Setup menu (upper right corner), Extensibility, and then Plug-ins.
  2. On the Plug-ins page, select the plug-in of choice from the Name list.

    Note:

    Check Exadata Storage Software Versions Supported by the Oracle Enterprise Manager Exadata Plug-in (Doc ID 1626579.1) on My Oracle Support for the latest supported plug-ins. Oracle recommends that you deploy the latest version of the Exadata and related plug-ins to the agent.

  3. To deploy the plug-in on Management Servers first, follow the instructions in Downloading, Deploying, and Upgrading Plug-Ins in Cloud Control Administrator's Guide.
  4. To deploy the plug-in on the Agent, click Deploy On, then Management Agent.
  5. On the Deploy Plug-in on Management Agent pop-up, click Add. A search pop-up will appear to allow you to search for targets to add. In the Target Type drop-down, select Agent, then click Search.

    Select a Target name from the results list and click Select. Repeat for each agent target.

  6. After you have added the agents, click Next on the Deploy Plug-in on Management Agent screen to review and verify the agent information.
  7. Click Deploy to deploy the plug-in to the agents.
  8. Once the plug-in has been deployed to all agents, a confirmation screen will appear. Click OK to dismiss the pop-up or Show Status to display the status of the agent in the Enterprise Manager Deployment Activities screen.

Prerequisites for Discovery Using EMCLI

The EMCLI based database machine discovery is performed through a deployment procedure which consumes an input file that contains all the required information like monitoring agents, configuration, components, and credentials. OMS and the monitoring agents should be Enterprise Manager 13.4 Release Update 4 or above.

Complete the following prerequisites tasks before you can discover the Exadata Database Machine targets using EMCLI:

Create Named Credentials for All the Target Types

The value for the credential parameter in the input file must be a named credential available in Enterprise Manager. The named credentials can be created using either EMCLI or by using the Enterprise Manager UI.

To create a named credential from the UI, navigate to Setup > Security > Named Credential.

To create a named credential using EMCLI, issue the command specified in the table in Named Credentials and Commands to Create Them. Named credential in the input file should follow the notation <CREDENTIAL_OWNER>:<NAMED_CREDENTIAL>. For example, credMap.schematicFileHostCred=SYSMAN:SCHEMATIC_HOST_CRED.

Named Credentials and Commands to Create Them

The following table lists the named credentials, and provides the sample command that you can run to create it:

Property Name and Description Sample Command
credMap.schematicFileHostCred

Credential of host where schematic file is present. This will be used to read schematic file and credential user should have read permission for schematic file. It’s mandatory to place the schematic file in the discovery agent host.

Target Type: host

Credential Type: HostCreds (username, password) 

emcli create_named_credential 
-cred_name='SCHEMATIC_HOST_CRED' 
-auth_target_type='host' 
-cred_type='HostCreds' 
-cred_scope='global' 
-target_type='host' 
-attributes="HostUserName:sample;HostPassword:XXXXXXXX"

Credential Type: HostSSHCreds (public, private key) 

emcli create_named_credential 
-cred_name='SCHEMATIC_HOST_SSH_CRED’ 
-cred_scope=global 
-cred_type=HostSSHCreds -auth_target_type=host 
-attributes="USERNAME:XX;SSH_PVT_KEY:pvt;SSH_PUB_KEY:pub” 
-input_file=“pvt:<PATH_TO_PRV_ FILE_EMCLI_INSTALL_BOX>;
pub:<PATH_TO_PUB_FILE_EMCLI_INSTALL_BOX >"

The private and public key file path is on the host where EMCLI is executed.
credMap.agentCred

These were the credential used to install the agents. These credentials are required to set up passwordless SSH between the agent and Exadata Storage Server.

Target Type: host / oracle_emd

Credential Type: HostCreds (username, password) 

emcli create_named_credential 
-cred_name='AGENT_HOST_CRED'
-auth_target_type='host' 
-cred_type='HostCreds' -cred_scope='global' 
-target_type='host' 
-attributes="HostUserName:sample;HostPassword:XXXXXXXX"

Credential Type: HostSSHCreds (public, private key) 

emcli create_named_credential 
-cred_name='AGENT_HOST_SSHCRED'
-cred_scope=global 
-cred_type=HostSSHCreds 
-auth_target_type=host 
-attributes="USERNAME:XXXX;SSH_PVT_KEY:pvt;SSH_PUB_KEY:pub” 
-input_file=“pvt:<PATH_TO_PRV_ FILE_EMCLI_INSTALL_BOX>;
pub:<PATH_TO_PUB_FILE_EMCLI_INSTALL_BOX >"

The private and public key file path is on the host where EMCLI is executed.
credMap.computenodeIlomCred

Compute node ILOM credential is required to promote ILOM access point.

Target Type: oracle_si_server_map

Credential Type: ilom_creds (username, password) 

emcli create_named_credential 
-cred_name='CN_ILOM_CRED’ 
-auth_target_type='oracle_si_server_map' 
-cred_type='ilom_creds'  
-cred_scope='global'
-attributes="username:XXXXX;password:XXXXXXX"

Credential Type: ilom_key_auth_creds (private key file, passphrase) 

emcli create_named_credential 
-cred_name=’CN_ILOM_SSH_CRED’
-auth_target_type=’oracle_si_server_map’ 
-cred_type=’ilom_key_auth_creds’
-cred_scope=’global’
-attributes=”username:XXXXX;privatekeyfile:<PRIVATE_KEY_PATH_ON_AGENT_BOX>”

The private key file path is on the agent box.
credMap.computenodeAdminCred

Compute node admin credential is required to setup SNMP subscription on compute node.

Target Type: host

Credential Type: HostCreds (username, password) 

emcli create_named_credential 
-cred_name='HOST_ADMIN_CRED'  
-auth_target_type='host'
-cred_type='HostCreds' 
-cred_scope='global'  
-target_type='host' 
-attributes="HostUserName:sample;HostPassword:XXXXXXXX"

Credential Type: HostSSHCreds (public, private key) 

emcli create_named_credential 
-cred_name='HOST_ADMIN_SSH_CRED'  
-cred_scope=global 
-cred_type=HostSSHCreds 
-auth_target_type=host 
-attributes="USERNAME:X;SSH_PVT_KEY:pvtkey;SSH_PUB_KEY:pubkey” 
-input_file=“pvt:<PATH_TO_PRV_ FILE_EMCLI_INSTALL_BOX>;
pub:<PATH_TO_PUB_FILE_EMCLI_INSTALL_BOX >"

The private and public key file path is on the host where EMCLI is executed.
credMap.computenodeSnmpCred

Compute node SNMP credential is required for alerts.

Target Type: oracle_si_server_map

Credential Type: SNMPV3Creds 

emcli create_named_credential 
-cred_name='CN_SNMP_V3_CRED' 
-auth_target_type='oracle_si_server_map' 
-cred_type='SNMPV3Creds' 
-cred_scope='global'
-attributes="authUser:XXXXX;authPwd:YYYY;
privProtocol:AES;privPwd:ZZZZZ;authProtocol:SHA;authPwd:WWWWW"

Credential Type: SNMPV1Creds (SNMP V1/V2) 

emcli create_named_credential 
-cred_name='CN_SNMP_CRED' 
-auth_target_type='oracle_si_server_map' 
-cred_type='SNMPV1Creds' 
-cred_scope='global'
-attributes="COMMUNITY:<community>"
credMap.computenodeIlomRestCred

Compute node REST credential to promote ILOM REST access point.

Target Type: oracle_si_server_map

Credential Type: AliasCredential (Alias, password) 

emcli create_named_credential 
-cred_name=ILOM_HTTP_CREDS 
-cred_scope=global
-cred_type=AliasCredential 
-auth_target_type=oracle_si_server_map
-attributes="Alias:root;Password:XXXXXXXX"
credMap.ibIlomCred

IB Switch ILOM admin credential is required to promote ILOM access point.

Target Type: oracle_si_netswitch

Credential Type: ilom_creds (username, password) 

emcli create_named_credential 
-cred_name='IB_ILOM_CRED’ 
-auth_target_type='oracle_si_netswitch' 
-cred_type='ilom_creds'  
-cred_scope='global'
-attributes="username:XXXXX;password:XXXXXXX"

Credential Type: ilom_key_auth_creds (private key file, passphrase) 

emcli create_named_credential 
-cred_name='IB_ILOM_SSH_CRED'
-auth_target_type='oracle_si_netswitch' 
-cred_type='ilom_key_auth_creds' 
-cred_scope='global'
-attributes="username:XXXXXX;
privatekeyfile:<PRIVATE_KEY_PATH_ON_AGENT_BOX>"

The private key file path is on the agent box.
credMap.ibSnmpCred

IB Switch SNMP credential is required to promote SNMP access point.

Target Type: oracle_si_netswitch

Credential Type: SNMPV1Creds 

emcli create_named_credential 
-cred_name='IB_SNMP_V1_CRED'  
-auth_target_type='oracle_si_netswitch'  
-cred_type='SNMPV1Creds'
-cred_scope='global' 
-attributes="COMMUNITY:public"

Credential Type: SNMPV3Creds 

emcli create_named_credential 
-cred_name='IB_SNMP_V3_CRED'  
-auth_target_type='oracle_si_netswitch' 
-cred_type='SNMPV3Creds' 
-cred_scope='global'
-attributes="authUser:XXXXX;authPwd:YYYY;
privProtocol:AES;privPwd:ZZZZZ;authProtocol:SHA;authPwd:WWWWW"
credMap.cellMonitorCred

Storage Server monitored using CellCLI – root user credential required to setup password less SSH between agent and Storage Server to monitor Storage Server.

Or

Storage Server monitored using ExaCLI/RESTAPI - monitoring credential required to monitor Storage Server.

Target Type: oracle_exadata

Credential Type: ExaCreds (CellCLI based monitoring) 

emcli create_named_credential 
-cred_name='CELL_ROOT_CRED' 
-auth_target_type='oracle_exadata'
-cred_type='ExaCreds' 
-cred_scope='global' 
-target_type='oracle_exadata'
-attributes="ExaUserName:root;ExaPassword:XXXXXXX"

Credential Type: ExaSSHCreds (CellCLI based monitoring) 

emcli create_named_credential 
-cred_name=CELL_SSH_CREDS  
-cred_type=ExaSSHCreds
-auth_target_type=oracle_exadata 
-attributes="USERNAME:root;SSH_PVT_KEY:pvtkey” 
-input_file=“pvtkey:<KEY_AVAILABLE_AT_EMCLI_INSTALL_BOX>”

The private and public key file path is on the host where EMCLI is executed.

Credential Type: ExaCLICred (ExaCLI/RESTAPI based monitoring) 

emcli create_named_credential 
-cred_name='CELL_EXACLI_CRED' 
-auth_target_type='oracle_exadata' 
-cred_type='ExaCLICred'  
-cred_scope='global'
-target_type='oracle_exadata' 
-attributes="ExaCLIUserName:celladmin;ExaCLIPassword:XXXXXXX"
credMap.cellSnmpCred

Storage Server SNMP credential is required to receive alert.

Target Type: oracle_exadata

Credential Type: SNMPV1Creds 

emcli create_named_credential 
-cred_name='CELL_SNMP_V1_CRED'  
-auth_target_type='oracle_exadata' 
-cred_type='SNMPV1Creds' 
-cred_scope='global'
-attributes="COMMUNITY:<community>"

Credential Type: SNMPV3Creds 

emcli create_named_credential 
-cred_name='CELL_SNMP_V3_CRED'  
-auth_target_type='oracle_exadata’ 
-cred_type='SNMPV3Creds' 
-cred_scope='global'
-attributes="authUser:XXXXX;authPwd:YYYY;
privProtocol:AES128;privPwd:ZZZZZ;authProtocol:SHA;authPwd:WWWWW"

To specify the privacy protocol name, use AES128 or DES.

credMap.cellSnmpSetupCred

Storage Server admin credential is required to setup SNMP subscription.

Target Type: oracle_exadata

Credential Type: ExaCreds (CellCLI based monitoring) 

emcli create_named_credential 
-cred_name='CELL_ADMIN_CRED' 
-auth_target_type='oracle_exadata'
-cred_type='ExaCreds' 
-cred_scope='global' 
-target_type='oracle_exadata'
-attributes="ExaUserName:YYYYYY;ExaPassword:XXXXXXX"

Credential Type: ExaSSHCreds (CellCLI based monitoring) 

emcli create_named_credential 
-cred_name=CELL_ADMIN_SSH_CREDS  
-cred_type=ExaSSHCreds
-auth_target_type=oracle_exadata 
-attributes="USERNAME:YYYYY;SSH_PVT_KEY:pvtkey” 
-input_file=“pvtkey:<KEY_AVAILABLE_AT_EMCLI_INSTALL_BOX>”

Credential Type: ExaCLICred (ExaCLI/RESTAPI based monitoring) 

emcli create_named_credential 
-cred_name='CELL_ADMIN_EXACLI_CRED' 
-auth_target_type='oracle_exadata' 
-cred_type='ExaCLICred'  
-cred_scope='global'
-target_type='oracle_exadata' 
-attributes="ExaCLIUserName:celladmin;ExaCLIPassword:XXXXXXX"
credMap.ciscoIosCred

Cisco Switch IOS credential is required to promote Cisco IOS access point

Target Type: oracle_si_netswitch

Credential Type: cisco_creds (username, password, privilege password) 

emcli create_named_credential 
-cred_name='CISCO_IOS_CRED'
-auth_target_type='oracle_si_netswitch' 
-cred_type='cisco_creds'
-cred_scope='global'
-attributes="username:XXXX;userpass:YYY;privpass:ZZZZ"

Credential Type: cisco_key_auth_creds (username, private key file, passphrase, privilege password) 

emcli create_named_credential 
-cred_name='CISCO_IOS_KEY_CRED'
-auth_target_type='oracle_si_netswitch'  
-cred_type='cisco_key_auth_creds'
-cred_scope='global' 
-attributes="username:XXXX;
privatekeyfile:<PRV_KEY_FILE_LOCATION_ON_AGENT_HOST>; 
privatekeypassphrase:YYYYYY;privpass:ZZZZ"

The private key file path is on the agent host.
credMap.ciscoSnmpCred

Cisco Switch SNMP credential is required to promote Cisco SNMP access point.

Target Type: oracle_si_netswitch

Credential Type: SNMPV1Creds 

emcli create_named_credential 
-cred_name='CISCO_SNMP_V1_CRED'  
-auth_target_type='oracle_si_netswitch' 
-cred_type='SNMPV1Creds' 
-cred_scope='global'
-attributes="COMMUNITY:public"

Credential Type: SNMPV3Creds 

emcli create_named_credential 
-cred_name='CISCO_SNMP_V3_CRED'  
-auth_target_type='oracle_si_netswitch' 
-cred_type='SNMPV3Creds' 
-cred_scope='global'
-attributes="authUser:XXXXX;authPwd:YYYY;
privProtocol:AES;privPwd:ZZZZZ;authProtocol:SHA;authPwd:WWWWW"
credMap.roceSwCred

RoCE Switch credential is required to promote RoCE IOS access point

Target Type: oracle_si_netswitch

Credential Type: cisco_creds (username, password, privilege password) 

emcli create_named_credential 
-cred_name='ROCE_IOS_CRED'
-auth_target_type='oracle_si_netswitch' 
-cred_type='cisco_creds'
-cred_scope='global'
-attributes="username:XXXX;userpass:YYY;privpass:ZZZZ"

Credential Type: cisco_key_auth_creds (username, private key file, passphrase, privilege password) 

emcli create_named_credential 
-cred_name='ROCE_IOS_KEY_CRED'
-auth_target_type='oracle_si_netswitch'  
-cred_type='cisco_key_auth_creds'
-cred_scope='global' 
-attributes="username:XXXX;
privatekeyfile:<PRV_KEY_FILE_LOCATION_ON_AGENT_BOX>; 
privatekeypassphrase:YYYYYY;privpass:ZZZZ"

The private key file path is on the agent box.
credMap.roceSnmpCred

This credential is required to promote ROCE SNMP access point.

Target Type: oracle_si_netswitch

Credential Type: SNMPV1Creds 

emcli create_named_credential 
-cred_name='ROCE_SNMP_V1_CRED'  
-auth_target_type='oracle_si_netswitch' 
-cred_type='SNMPV1Creds' 
-cred_scope='global'
-attributes="COMMUNITY:public"

Credential Type: SNMPV3Creds 

emcli create_named_credential 
-cred_name='ROCE_SNMP_V3_CRED'  
-auth_target_type='oracle_si_netswitch' 
-cred_type='SNMPV3Creds' 
-cred_scope='global'
-attributes="authUser:XXXXX;authPwd:YYYY;
privProtocol:DES;privPwd:ZZZZZ;authProtocol:SHA;authPwd:WWWWW"
credMap.pduHttpCred

PDU HTTP credential is required to promote PDU.

Target Type: oracle_si_pdu

Credential Type: http (username, password) 

emcli create_named_credential 
-cred_name='PDU_HTTP_CRED'
-auth_target_type='oracle_si_pdu' 
-cred_type='http'  
-cred_scope='global'
-attributes="username:YYYYY;password:XXXXX"
credMap.pduSnmpCred

PDU SNMP credential is required setup SNMP subscription.

Target Type: oracle_si_pdu

Credential Type: SNMPV1Creds 

emcli create_named_credential 
-cred_name='PDU_SNMP_CRED'
-auth_target_type='oracle_si_pdu' 
-cred_type=' SNMPV1Creds'  
-cred_scope='global'
-attributes="COMMUNITY:public"

Credential Type: SNMPV3Creds 

emcli create_named_credential
-cred_name='PDU_SNMP_V3_CRED'
-auth_target_type='oracle_si_pdu'
-cred_type='SNMPV3Creds'
-cred_scope='global'
-attributes="authUser:XXXXX;authPwd:YYYY
;privProtocol:AES;privPwd:ZZZZZ;authProtocol:SHA;authPwd:WWWWW"

Set Up SSH Key Authentication

To use SSH Keys for authentication during discovery, generate and install the public key on each target that must be discovered.

Generate the SSH Key

Use ssh-keygen tool to generate the new authentication key pairs for SSH. Command to generate key pair (Public key and Private Key) based on RSA authentication algorithm: 

ssh-keygen -f <FILE_NAME> -t rsa -N ""

In the above command:

  • -f option to indicate file name
  • -t option to indicate algorithm (rsa/dsa)
  • -N option to indicate passphrase

The same key pair can be used on all the monitoring agent hosts by copying them. Alternatively, you can generate different key pair on each monitoring agent host.

Add SSH Public Key to Each Target

Follow these steps to install the SSH public key on the various targets that you want to discover:

Add SSH Public Key to Exadata Storage Server and Exadata Compute Node

Copy the public key to the Exadata Storage Server, Compute Node, and the monitoring Agent host using the following command:

ssh-copy-id -i <RSA_PUBLIC_KEY_LOCATION> oracle@host
Add SSH Public Key to ILOM

You can use the following steps for InfiniBand ILOM as well as Compute Node ILOM:

  1. Log in to the ILOM as a user that has administration capabilities that will be used as part of Database Machine discovery.

  2. Navigate to the directory location of the user's SSH key.

  3. Add SSH public key to the user's account:

    set load_uri=<transfer_method>://<username>:<password>@<fully_qualified_hostname>/<path_to_public_key_filename>

    For example:

    set load_uri=scp://adminuser:userpswd@192.0.2.1/keys/sshkey_1.pub
Add SSH Public Key to Cisco Ethernet / RoCE Switch

  1. Log in to the switch.

  2. Enter the global configuration mode on the switch using the command:

    configure terminal

  3. Specify the public key for the user by pasting the entire content of the key in the specified location in the command:

    <username> admin sshkey <paste_entire_public_key_content>

  4. Save the configuration:

    copy running-config startup-config

Create the Input File

Create the input file with the details of the configuration parameters, and named credentials. You can optionally add or remove components from the configuration by using the skipComponentList or addComponentList parameters.

Similarly, for Virtual Exadata Database Machine discovery, you can provide the component details in the input file.

The following tables provide the information about all the parameters that can be used in the input file:

Following is an example input file created by using the configuration parameters, named credentials, and additional components:

############################################################
#         Discovery and Monitoring Agent 
############################################################ 
configMap.discoveryAgentUrl=https://cn01vm01.example.com:3442/emd/main/
configMap.monitorAgentUrl.0=https://cn01vm01.example.com:3442/emd/main/
configMap.monitorAgentUrl.1=https://cn02vm01.example.com:3442/emd/main/ 
############################################################
#          Database Machine Configuration and required configuration
############################################################ 

# 0 For No, 1 for Yes
configMap.isRemoteAgent=0
configMap.isIPV6=0 

# Identify if the network is roce or ib
configMap.networkType=roce
# Uncomment/update either the configMap.ibSwitchName or configMap.roceSwitchName parameter depending on what type of switch you have
#configMap.ibSwitchName=sw-iba0.example.com
configMap.roceSwitchName=sw-rocea0.example.com 

#directory must exist for file creation
configMap.outputFileLoc=/home/oracle/exadata_discovery/output.txt 

# Either CellCLI or ExaCLI or RESTAPI
configMap.cellMetricSrc=CellCLI 

#These properties would be considered if Storage Server is monitored using RESTAPI 
configMap.HttpsProtocol=TLSv1.2
configMap.TrustSelfSignedCert=1 

# 0 (no) or 1 (yes) to configure SNMP 
configMap.computenodeSnmpSub=1
configMap.cellSnmpSub=1 

#Location of the schematic file on discovery agent
configMap.schematicFileHost=cn01vm01.example.com
configMap.schematicFilePath=/opt/oracle.SupportTools/onecommand/databasemachine.xml 
############################################################
#          TARGET CREDENTIALS
############################################################
#Please provide named credentials for all target types of Database Machine.

# Remote Agent or Compute Node Host Credential
credMap.agentCred=SYSMAN:AGENT_HOST_CRED
credMap.schematicFileHostCred=SYSMAN:AGENT_HOST_CRED 

# CELL (Storage Server) Credentials
credMap.cellMonitorCred=SYSMAN:CELL_ROOT_CRED
credMap.cellSnmpCred=SYSMAN:CELL_SNMP_CRED
credMap.cellSnmpSetupCred=SYSMAN:CELL_ROOT_CRED 

# Compute Node Credentials
credMap.computenodeIlomCred=SYSMAN:CN_ILOM_CRED
credMap.computenodeAdminCred=SYSMAN:CN_ADMIN_CRED
credMap.computenodeSnmpCred=SYSMAN:CN_SNMP_CRED 

# PDU Credentials
credMap.pduSnmpCred=SYSMAN:PDU_SNMP_CRED
credMap.pduHttpCred=SYSMAN:PDU_HTTP_CRED 

# CISCO Switch (Admin) Credentials
credMap.ciscoIosCred=SYSMAN:CISCO_IOS_CRED
credMap.ciscoSnmpCred=SYSMAN:CISCO_SNMP_CRED 

# CISCO Switch (RoCE) Credentials
#credMap.roceSwCred=SYSMAN:ROCE_SWITCH_CRED
#credMap.roceSnmpCred=SYSMAN:ROCE_SNMP_CRED 

# Infiniband Switch Credentials
credMap.ibIlomCred=SYSMAN:IBILOM_ADMIN_CRED
credMap.ibSnmpCred=SYSMAN:SI_SWITCH_SNMP_CRED  

######################################################################
#             Virtual Platform Config Data
######################################################################
#Virtual Platform Credentials
#Uncomment/complete if this is a Virtual Database Machine (Virtual targets are not yet discovered in EM)
vpTargetMap.vpCred=SYSMAN:VP_CRED 

#Please provide virtual platform targets information
vpTargetMap.name.0=vp01.example.com
vpTargetMap.name.1=vp02.example.com 

############################################################
#          SKIP Components
############################################################
#Specify any components you wish to skip
componentMap.skipComponentList.0=pdu0.example.com
Configuration Parameters

The following table lists the mandatory configuration parameters and their details that must be specified in the input file for EMCLI based discovery:

Parameter Name and Description Allowed Value / Sample Value
configMap.discoveryAgentUrl

Discovery agent URL on which schematic file is available.

Allowed Value:

https://<em_agent_target_name>:<em_agent_port>/emd/main

Sample Value:

configMap.discoveryAgentUrl=https://agent1:1838/emd/main

configMap.monitorAgentUrl.0

configMap.monitorAgentUrl.1

Monitoring agent URL, one for primary and one for backup.

Allowed Value:

https://<em_agent_target_name>:<em_agent_port>/emd/main

Sample Value:

configMap.monitorAgentUrl.0=https://agent01:1838/emd/main

configMap.monitorAgentUrl.1=https://agent02:1838/emd/main
configMap.isRemoteAgent

This property indicates monitoring agent(s) is a remote one, that is installed outside of the Database Machine.

The purpose of a remote monitoring agent is to avoid consuming Database Machine resources for monitoring.

Allowed Value:

0 - Discovery is performed by a local agent

1 - Discovery is performed by remote agent

Sample Value:

configMap.isRemoteAgent=0
configMap.isIPV6

This property is to indicate IP Protocol used for communication.

Allowed Value:

0 - IPV4 Exadata Database Machine (Default)

1 – IPV6 Exadata Database Machine

Sample Value:

configMap.isIPV6=0
configMap.schematicFileHost

This property is to specify the host name on which schematic file available. On the same host, the discovery agent should also be present.

Allowed Value:

Host name

Sample Value:

configMap.schematicFileHost=adm01.example.com
configMap.schematicFilePath

This property is to specify the schematic file full path on the host (host name specified for property configMap.schematicFileHost).

Allowed Value:

Full path of schematic file.

Sample Value:

configMap.schematicFilePath=/opt/oracle.SupportTools/onecommand/databasemachine.xml
configMap.ibSwitchName

This property is to indicate the InfiniBand Switch name if configMap.networkType parameter is set to ib.

This property is mandatory based on the network type.

Allowed Value:

Fully qualified InfiniBand Switch host name

Sample Value:

configMap.ibSwitchName=sw-iba0.XXXX.YYY
configMap.roceSwitchName

This property is to indicate the RoCE Switch name if configMap.networkType parameter is set to roce.

This property is mandatory based on the network type.

Allowed Value:

Fully qualified ROCE Switch host name

Sample Value:

configMap.roceSwitchName=sw-ROCEa0.XXXX.YYY
configMap.cellMetricSrc

This property is to indicate Exadata Storage Server monitoring mechanism.

Allowed Value:

CellCLI / ExaCLI / RESTAPI

Sample Value:

configMap.cellMetricSrc=RESTAPI
configMap.outputFileLoc

This property is to indicate the full path of the file on OMS host to log Deployment Procedure (DBMachineSystemCheck’s) output.

Allowed Value:

Full path to file on OMS host

Sample Value:

configMap.outputFileLoc=/scratch/user/dp_output

The following table lists the optional configuration parameters and their details that you can specify in the input file for EMCLI based discovery:

Parameter Name and Description Allowed Value / Sample Value
configMap.isStatic

Database Machine discovery by default performs dynamic discovery by invoking IB commands and other commands. But, in some cases discovery may not be able to proceed with dynamic approach like IB Switch is not accessible, Failure in detecting rack type, etc.,

In this case static discovery would be useful. Static discovery depends on schematic file for identifying components.

Allowed Value:

0 - dynamic discovery be performed (Default)

1 – static discovery

Sample Value:

configMap.isStatic=0

configMap.DBMachineName

This property allows to define a custom name for Database Machine.

Allowed Value:

Any string can be specified as value for this property. If not specified discovery will automatically prepare a name for Exadata Database Machine as default.

Sample Value:

configMap.DBMachineName=DB Machine
configMap.ExadataGridName

This property allows to define a custom name for Exadata Grid.

Allowed Value:

Any string can be specified as value for this property. If not specified discovery will automatically prepare a name for Exadata Grid as default.

Sample Value:

configMap.ExadataGridName=Exadata Grid
configMap.networkType

This property is to indicate which network type is part of discovering Exadata Database Machine.

Allowed Value:

roce to indicate RoCE X8M

ib to indicate InfiniBand Network (Default)

Sample Value:

configMap.networkType=roce
configMap.HttpsProtocol

This property is to indicate communication protocol used for Exadata Storage Server communication. This property needs to specify when Storage Server is monitored using RESTAPI. Otherwise, this property is not required.

Allowed Value:

TLSv1.2 (Default)

Sample Value:

configMap.HttpsProtocol=TLSv1.2
configMap.TrustSelfSignedCert

This property is to indicate whether a self-signed certificate is used for communication with Storage Server.

Allowed Value:

0 or 1 (Default)

Sample Value:

configMap.TrustSelfSignedCert=1
configMap.computenodeSnmpSub

This property is to indicate whether SNMP Subscription for Compute Nodes is required.

Allowed Value:

0 - Skip SNMP Subscription (Default)

1 - Set up SNMP subscription

Sample Value:

configMap.computenodeSnmpSub=1
configMap.ilomVersionSupportRest

This property is to indicate whether to promote ILOM REST Access Point using the computenodeIlomRestCred credential.

Allowed Value:

true - Promote ILOM REST Access Point. When this property is set to true, you must also include the computenodeIlomRestCred property and its value in the input file.

false - Skip ILOM REST Access Point

Sample Value:

configMap.ilomVersionSupportRest=true
configMap.cellSnmpSub

This property is to indicate whether SNMP Subscription for Storage Servers is required.

Allowed Value:

0 - Skip SNMP Subscription (Default)

1 - Set up SNMP subscription

Sample Value:

configMap.cellSnmpSub=1
Parameters for Adding or Skipping Components

The following optional properties can be used to skip or add the components as part of EMCLI based discovery of Exadata Database Machine:

Property Name Description Example

componentMap.skipComponentList

Use this property to list the components that must be excluded from Exadata Database Machine discovery.

componentMap.skipComponentList.0=pdu1

componentMap.skipComponentList.1=pdu2

componentMap.addComponentList

Use this property to add new components to an existing database machine as part of Exadata Database Machine discovery.

componentMap.addComponentList.0=cel01

componentMap.addComponentList.1=cel02
Parameters for Adding or Skipping Virtual Platform Components

For Virtual Exadata Database Machine, the Virtual Platform targets can also be discovered as part of the EMCLI based Database Machine Discovery if not yet discovered in Enterprise Manager. The following input parameters can be used to specify the components:

Parameter Name and Description Sample Value
vpTargetMap.name

List of virtual platform targets to be discovered.

vpTargetMap.name.0=hostvp1

vpTargetMap.name.1=hostvp2

vpTargetMap.vpCred

Target Type: oracle_si_virtual_platform

Credential Type: DMOvsBasicCreds

emcli create_named_credential 
-cred_name='VP_CRED'
-auth_target_type='oracle_si_virtual_platform' 
-cred_type='DMOvsBasicCreds'
-cred_scope='global'
-attributes="OVSUsername:root;OVSPassword:XXXXXXXX"

Credential Type: DMOvsSshKeyCreds

emcli create_named_credential 
-cred_name='VPSSHCRED' 
-auth_target_type='oracle_si_virtual_platform' 
-cred_scope='global' 
-cred_type='DMOvsSshKeyCreds' 
-attributes="OVSUsername:root;OVSPassword:XXXXXXXX;
PassPhrase:test;SshPrivateKey:pvtkey;SshPublicKey:pubkey;" 
-input_file="pvtkey:<PVT_KEY_LOC>;pubkey:<PUB_KEY_LOC> "

The private and public key file path is on the host where EMCLI is executed.

Optional Verification of the Prerequisites

To ensure that all the required parameters are provided in the input file, run a prerequisite-check deployment procedure before submitting the Exadata Database Machine discovery deployment procedure. Use the input file that you created earlier in the prerequisite-check deployment procedure.

This prerequisite-check deployment procedure is optional because it is also executed as part of the discovery deployment procedure.

Run this EMCLI command to perform the prerequisite-check and collect the information about the targets related to the Exadata Database Machine:

 emcli submit_procedure -name=DBMachineSystemCheck -input_file="data://<input_file_absolute_path>"

For more information on the deployment procedure for EMCLI based discovery of Exadata Database Machine, see Deployment Procedure for EMCLI.

Prerequisites for Discovery and Monitoring Using Non-root User

You can optionally perform discovery and monitoring operations using a non-root user.

Topics:

Non-root User for Systems Infrastructure Remote Host Targets

To support the discovery through a non-root user, the list of commands used by the remote host and server OS metrics which require sudo privileges must be placed in the file /etc/sudoers.

Place the following commands in the sudoers file:

<non-root-username> ALL=(ALL) /usr/sbin/sminfo,/usr/bin/ipmitool,/bin/cat
      /etc/iscsi/iscsid.conf,/sbin/fdisk,/sbin/vgs,/sbin/pvs,/sbin/lvs,/sbin/dmsetup,/usr/sbin/dbmcli,/sbin/service,/sbin/initctl,/opt/oracle.cellos/compmon/exadata_mon_hw_asr.pl,/usr/local/bin/imageinfo,/usr/sbin/exadata.img.hw,/usr/sbin/ibnetdiscover,/usr/sbin/smartctl

Use EMCLI to discover the remote host using a non-root user. Specify the dispatch URL as 'sudo-ssh://<IP/hostname>:22 by running the following EMCLI command: 

emcli add_target -name=<REMOTE_HOST_NAME> -type=oracle_si_host_remote -host=<AGENT_HOST_NAME>
      -monitoring_cred='ssh_creds_set;oracle_si_host_remote_ssh;ssh_creds;username:<user>;userpass:<password>;'
      -subseparator=properties='=' -properties='dispatch.url=sudo-ssh://<target ip/hostname>:22'
      -access_point_name="<AP_NAME>" -access_point_type="oracle_si_host_remote_ssh"

Non-root User for Virtual Platform Targets

To be able to discover the virtual platform targets using the non-root user, you must first update the /etc/sudoers file with the list of commands used by the targets which require sudo privileges. Next, update the non-root user monitoring credentials with the sudo attributes.

Xen Virtual Platform

Content for the /etc/sudoers file for Xen virtual platform target: 

Cmnd_Alias OEM_MON_CMNDS = /usr/sbin/xl list*,/usr/sbin/xl info*,/usr/sbin/xl 
      network-list*,/usr/sbin/xl uptime*,/usr/sbin/xl
      vcpu-list*,/usr/sbin/dmidecode,/usr/sbin/xentop,/usr/bin/xenstore-read,/usr/bi n/xenstore-list,/usr/bin/xenstore-ls,/sbin/ethtool 
      <non-root-user>    ALL=(ALL)       NOPASSWD:OEM_MON_CMNDS

KVM Virtual Platform

Content for the /etc/sudoers file for KVM virtual platform target: 

non-root-user ALL=(ALL) NOPASSWD: /usr/bin/virsh list*, /usr/bin/virsh dominfo*,
      /usr/bin/virsh nodememstats*, /usr/bin/virsh domstats*, /usr/bin/virsh capabilities,
      /usr/bin/virsh domblklist*, /usr/bin/virsh domiflist*, /usr/bin/virsh vcpupin*,
      /usr/sbin/dmidecode, /sbin/ethtool, /usr/bin/ipmitool, /usr/sbin/imageinfo,
      /usr/local/bin/imageinfo, /opt/oracle/bda/bin/imageinfo, /opt/exadata_ovm/vm_maker,
      /usr/sbin/brctl

Update and save the monitoring credentials of the Virtual Platform target

Set the following sudo attributes:

  1. Set Privilege Type to sudo.

  2. Set Run as to root.

  3. Set the Privilege Command to /usr/bin/sudo -S -u %RUN_AS% %COMMAND%. Verify the path of sudo.

  4. Set Is Privileged User to Yes.

  5. Unless the requiretty flag is explicitly un-set for the non-root user in the /etc/sudoers file, set Enable Pseudo Terminal to Yes.

Now, you can use the non-root user instead of the sudo username for target discovery.