Академический Документы
Профессиональный Документы
Культура Документы
inOracleEnterpriseManager12cGuide
MokumisaleadingproviderofproductsandservicesforOracleVMandOracleVM
enabledEngineeredSystems.AllofMokumscustomersareOracleVMsuccessstories
thathavesavedMILLIONSinOraclelicensingandhardwarecosts.
White Case EBooks
Papers Studies
Copyright2016MokumSolutions,Inc.Allrightsreserved.
DistributionoftheHowtoRegisterOracleVMManagerinOracleEnterpriseManager
12cGuideorderivativeoftheworkinanyformisprohibitedunlesspriorpermissionis
obtainedfromtheCopyrightholder.
AbouttheAuthor
Theauthorofthe2016MokumOracleVirtualizationBuyersGuideisnoneotherthan
theownerofMokumSolutions,Inc.,RoddyRodstein.Roddyisoneofthemost
respectedOracleCloudComputingexperts,havingdesignedandmanagedmanyofthe
worldslargestandmostcomplexOracleprivateclouds.BeforeestablishingMokumin
March2011,RoddyspentthreeyearsatOracleontheOracleVMandOracleLinux
teamdesigningandsupportingOracle'slargestandmostcomplexcustomer
environments.BeforeOracle,RoddyspentsixyearsatCitrix,designingandsupporting
Citrix'slargestandmostcomplexcustomerenvironments,IncludingOracle's.
Oracle Private Cloud Implementation Services - Call Today +1 415 252-9164
Table of Contents
Oracle Enterprise Manager Infrastructure Cloud Introduction
Oracle VM Manager Registration Prerequisites
How to enable TCPS on Oracle VM Manager 3.1 and Above
1. Export the Oracle VM Manager keystore:
2. Import the Oracle VM Manager keystore into the Oracle Management Agent keystore:
List the Oracle VM Manager keystore
List the Oracle Management Agent keystore
Delete an Entry in the Oracle Management Agent keystore
How to Register Oracle VM Manager in Oracle Enterprise Manager 12c Cloud Control
How to Deregister Oracle VM Manager in Oracle Enterprise Manager 12c Cloud Control
Note: Unlike Oracle VM 2.x, which could only be managed by Oracle VM Manager or Oracle Enterprise Manager, not both, Oracle VM 3 and
above can be managed simultaneously by Oracle VM Manager along with the Oracle Enterprise Manager 12c Infrastructure Cloud.
Oracle VM provides Infrastructure as a Service (IaaS), Database as a Service (DBaaS), and Platform as a Service (PaaS) using virtual machine
technologies via theOracle Enterprise Manager self-service portal. Oracle VM can be enabled in Cloud Control by installing the Virtualization
plug-in on the Oracle Management Services (OMS), and by installing the Oracle Management Agent (OMA) with the Virtualization plug-in on a
managed Linux target with Oracle VM Manager. Once Oracle VM is enabled, Oracle VM Servers, virtual machines, Oracle VM Templates and
Assemblies can be managed, monitored and provisioned using the Oracle Enterprise Manager Infrastructure Cloud.
Tip: Oracle VM Servers, pools, storage, networks, virtual machines, templates, assemblies, etc, can be setup using Oracle VM Manager and/or
Cloud Control.
Figure 1 shows the Oracle VMInfrastructure Cloud home page. The Oracle VMInfrastructure Cloud home page isOracle Enterprise
Manager'sOracle VM Manager equivalent.
The Oracle Virtualization plug-in must be enabled on the Oracle Management Service host(s) as well as be deployed to the Oracle VM Manager
host. The Oracle Virtualization plug-in along with the Oracle Enterprise Manager 12c agent can be managed and deployed using Cloud Control. A
plug-in is an Enterprise Manager module that extends the managing and monitoring capabilities of the Oracle Management Service (OMS).
Oracle Enterprise Manager 12c plug-ins have a server (OMS) and an agent (Oracle Management Agent (OMA) component. The Oracle
Management Service collects plug-in data in XML format. The plug-in data is stored in the Oracle Management Repository (OMR) and is
visualized by the Oracle Management Service in Cloud Control.
Figure 2 shows each of the Enterprise Manager 12c Cloud Control components.
Enabling tcps on a fresh Oracle VM Manager installation is a two step process. The rst step is to generate the keystore using the
secureOvmmTcpGenKeyStore.sh script located in the /u01/app/oracle/ovm-manager-3/bin directory. The second step is to enable the tcps
service using the secureOvmmTcp.sh script, which is also located in the /u01/app/oracle/ovm-manager-3/bin directory.
Enabling tcps on an upgraded Oracle VM Manager system is a three step process. The rst step is to download My Oracle Support patch
14067211 and untar the keystore.tar in /u01/app/oracle/ovm-manager-3/bin directory. The second step is to generate the keystore as root using
the secureOvmmTcpGenKeyStore.sh script located in the /u01/app/oracle/ovm-manager-3/bin directory. The third step is to enable the tcps
service as root using the secureOvmmTcp.sh script, which is also located in the /u01/app/oracle/ovm-manager-3/bin directory.
The next example shows how to create the keystore on the Oracle VM Manager host. As root, type the following commands, when prompted
enter the keystore password (save this password!), your rst and last name, the name of your organizational unit, the name of your organization,
the name of your State or Province,your two-letter country code and the keystore password (Tip: use the same password as the initial keystore
password):
# cd /u01/app/oracle/ovm-manager-3/bin
# ./secureOvmmTcpGenKeyStore.sh
Next, enable the keystore using the secureOvmmTcp.sh script located in the same directory as the secureOvmmTcpGenKeyStore.sh script. As
root, type the following command, when prompted enter the OVM manager user name (admin), the OVM manager user password, and the
password for TCPS keystore (the keystore password that was entered2x above):
# ./secureOvmmTcp.sh
After successfully running the secureOvmmTcpGenKeyStore.sh and secureOvmmTcp.sh scripts, the Oracle VM Manager keystore le named
ovmmCoreTcps.ks is created in the <OVM_MANAGER_HOME> directory, i.e. /u01/app/oracle/ovm-manager-3/ovmmCoreTcps.ks.
Before restarting Oracle VM Manager and enableding the TCP over SSH service, the Core API will be listening on 127.0.0.1/localhost tcp 54321.
After restarting Oracle VM Manager, the Core API will be listening on tcps 54322 using the FQDN.
The above example shows that the TCP over SSH service is indeed running and listening on port 54322.
Oracle Enterprise Manager 12c Cloud Control Release 2 (12.1.0.2) and above with Oracle VM Manager 3.1.x and above requires the Oracle VM
Manager keystore to be imported into the Oracle VM Manager host's Oracle Management Agent (OMA) keystore.
The following example shows the stepsto export theOracle VM Manager's Weblogic serverSSL certicate from Firefox Release 40..
Access the Oracle VM Manager GUI using Firefox. Next, from the Firefox GUI Navigate to: Tools -> Options -> Advanced -> View Certs ->
Servers - Highlight the Oracle VM Manager's Weblogic serverSSL certicate -> Click Export -> Enter a name andselect the PIM Format. The
saved lewill have the.crt le extention.
Note: Please consult your Web browser'sdocumentation for the SSLcerticate export process.
2. Import the Oracle VM Manager's Weblogic Server SSL Certicat into the Oracle Management Agent keystore:
As the Oracle Management Agent user (the user the owns the $AGENT_HOME), import the Oracle VM Manager's Weblogic server SSL
certicate into the Oracle Management Agent keystore. Use the default keystore password "welcome", not the Oracle VM Manager keystore
password.
As the Oracle Management Agent user change into the directory with theexported .crt lefrom Step 1 above, for example, if the .crt le is in /tmp:
$ cd /tmp
Next, run the following command. Please substitute <AGENT_INSTANCE_HOME> with your<AGENT_INSTANCE_HOME> path:
$ <AGENT_INSTANCE_HOME>/bin/emctl secure add_trust_cert_to_jks -trust_certs_loc ./mymanager.crt -alias ovmm
For example:
$ /u01/app/oracle/product/agent_inst/bin/emctl secure add_trust_cert_to_jks -trust_certs_loc ./mymanager.crt-alias ovmm
Oracle Enterprise Manager Cloud Control 12c Release 4
Copyright (c) 1996, 2014 Oracle Corporation. All rights reserved.
Password:
Message : Certicate was added to keystore
ExitStatus: SUCCESS
TheOracle VM Manager's Weblogic server SSL certicate has just been successfully imported into the Oracle Management Agent keystore.
Next, in Cloud Control register the Oracle VM Manager host.
Note:If your working with multiple Oracle VM Managers, do not forget to use a different alias name for each certicate. For example:
$ /u01/app/oracle/product/agent_inst/bin/emctl secure add_trust_cert_to_jks -trust_certs_loc ./mymanager.crt-alias maneger01
$ /u01/app/oracle/product/agent_inst/bin/emctl secure add_trust_cert_to_jks -trust_certs_loc ./mymanager.crt-alias maneger02
$ /u01/app/oracle/product/agent_inst/bin/emctl secure add_trust_cert_to_jks -trust_certs_loc ./mymanager.crt-alias maneger03
The following two steps are applicable for Oracle VM Release 3.1, and 3.2. .
1. Export the Oracle VM Manager keystore:
Applicable for Oracle VMRelease 3.1, and 3.2. .
As root, change to the <OVM_MANAGER_HOME> directory and type:
#<JAVA_HOME>/bin/keytool -keystore <OVM_MANAGER_HOME>/ovmmCoreTcps.ks -exportcert -alias ovmm -le <le_loc_for_certicate>
The above example exports the Oracle VM Manager keystore to a le named export.jksin the /u01/app/oracle/ovm-manager-3/keystore
directory.
Tip: Backup the keystore directory along with the ovmmCoreTcps.ks le. If Oracle VM manager is rebuilt using the backup les will save lots of
time.
2. Import the Oracle VM Manager keystore into the Oracle Management Agent keystore:
Applicable for Oracle VM Release 3.1, and 3.2. .
As the Oracle Management Agent user (the user the owns the $AGENT_HOME), import the Oracle VM Manager keystore into the Oracle
Management Agent keystore. Use the default keystore password "welcome", not the Oracle VM Manager keystore password:
$ cd/u01/app/oracle/ovm-manager-3/
$ <AGENT_INSTANCE_HOME>/bin/emctl secure add_trust_cert_to_jks -trust_certs_loc ./keystore/export.jks -alias ovmm
Oracle Enterprise Manager Cloud Control 12c Release 2
Copyright (c) 1996, 2012 Oracle Corporation. All rights reserved.
Password:
The above examples shows the keystore alias name ovmm and the Certicate ngerprint.
The Oracle Management Agentkeystore can be listed by typing the following command as theOracle Management Agentuser with the default
"welcome" password. In this example we willconrm that the Oracle VM Manager keystore has been imported.
Note: Substitute the $JAVA_HOME path and the $AGENT_HOME path with your paths.
Note: Substitute the $JAVA_HOME path and the $AGENT_HOME path with your paths.
Then conrm that the entry has been deleted by typing listing the keystore, i.e.:
$ /u01/app/oracle/java/bin/keytool -list -keystore /u01/app/oracle/product/agent/agent_inst/sysman/cong/montrust/AgentTrust.jks
Enter keystore password:
The above example shows the same keystore as in the previous example less the ovmm key.
How to Register Oracle VM Manager in Oracle Enterprise Manager 12c Cloud Control
The rst step to register Oracle VM Manager is to authenticated to the Oracle Enterprise Manager 12c Cloud Control console. Once
authenticated, click the Enterprise menu, then select Oracle VMInfrastructure Cloud, and click Home to access the Oracle VMInfrastructure
Cloud page.
Note: Upgraded Oracle VM Manager 3.0.3 systems with TCPS enabled should be edited with the new TCPS details in Oracle Enterprise Manager.
Do not de-register 3.0.x versions of Oracle VM Manager from Oracle 12c Cloud console. De-registering Oracle VM Manager wipes all of the
Oracle VM target information from Oracle Enterprise Manager repository.
From the Oracle VMInfrastructure Cloud page, there are two options to access the Register Oracle VM Manager page.
1. Right click the Oracle VMInfrastructure Cloud link under the Target Navigation section, then on the submenu click Register Oracle VM
Manager
2. Click the Oracle VMInfrastructure Cloud drop down menu under the History menu, then click Register Oracle VM Manager.
From the Register Oracle VM Manager page, enter the Name, EM Agent URL, Oracle VM Manager Core, Automatic Synchronization, Monitoring
Credentials for Oracle VM Manager, Administration Credentials for Oracle VM Manager / Use Administration Credentials, Oracle VM Manager
Console URL, then click the Submit button.
Figure 5 shows the Oracle VM Manager registration page with the required entries listed in Table 1.
Table 1 shows the syntax of the required entries on the Oracle VM Manager registration page.
Table 1
The name entered in the Name text box is displayed on theOracle VMInfrastructure Cloudpage.
1. Name
Tip: The name can not be changed after the Oracle VM Manager host has been registered. Consider
using the hostname of the Oracle VM Manager host for the name.
The EM Agent URL is selected by clicking the magnifying glass icon. A pop-up window will appear,
select the Oracle VM Manager agent from the list. The EM Agent URL syntax is: https://<AGENT-
2. EM Agent URL FQDN>:3872/emd/main/
Note: The Oracle VM Manager host can be selected as long as the host is managed target by OEM
with the Oracle Virtualization plug-in.
Oracle VM 3.1 and above: Enter tcps://<ORACLE VM MANAGER HOST FQDN>:54322 in the
3. Oracle VM Manager Core Oracle VM Manager Core URL text box.
Up to Oracle VM 3.0: Enter tcp://<ORACLE VM MANAGER HOST FQDN>:54321 in the
Oracle VM Manager Core URL text box.
4. Automatic Synchronization Select the Automatic Synchronization check box to enable automated synchronization between OMS
and the Oracle VM API Core in a xed time interval. The default time interval is 5 minutes.
5. Monitoring Credentials for Oracle Enter the Oracle VM Manager admin user name and the admin password in the Monitoring
VM Manager Credentials for Oracle VM Manager text elds.
The Administration Credentials for Oracle VM Manager allowyou to select any Oracle VM Manager
1. Administration Credentials for user account for managing Oracle VM Manager via Cloud Control. For example, if you created an
Oracle VM Manager / Use Oracle VM Managerservice account, the service account could be used as the Administration
Administration Credentials Credentials for Oracle VM Manager.
If credentials are not specied, the monitoring credentials are used by default.
7. Oracle VM Manager Console URL Enter the non-SSL Oracle VM Manager URL, i.e.http://<ORACLE VM MANAGER HOST
FQDN>:7001/ovm/console/faces/login.jspx in the Oracle VM Manager Console URL text box.
8. Submit Once all of the information has been entered, click the Submit button to start the registration job.
After the Submit button is clicked, a job named REGISTEROVMMANAGER_SYSTEM is started. The REGISTEROVMMANAGER_SYSTEM job
can be accessed from a link on the Job Activity page. The Job Activity page is accessed by clicking the Enterprise menu, Job, then Activity.
Once the REGISTEROVMMANAGER_SYSTEM job successfully completes, the registered Oracle VM Manager system can be used to manage
and monitor your virtual infrastructure in Oracle Enterprise Manager 12c Cloud Control. For example, storage, networking, pools, virtual
machines and assemblies can be managed and monitored from Oracle VM Manager as well as from Oracle Enterprise Manager 12c Cloud
Control.
How to Deregister Oracle VM Manager in Oracle Enterprise Manager 12c Cloud Control
The ability to quickly deregister and register Oracle VM Manager in Cloud Control is an essential lifecycle operation. When a registered Oracle
VM Manager system is decommissioned or rebuild, it must be deregistered from Cloud Control before it can be registered and used again in
Cloud Control.
Tip: To reuse a deregistered Oracle VM Manager system, a copy of the original keystore should be used for the registration job in Cloud Control.
If a copy of the original keystore is not available, the previous keystore must be removed from the Oracle Management Agent, recreated, enabled
and imported into the Oracle Management Agent.
The rst step to Deregister an Oracle VM Manager system is to authenticated to Cloud Control. Once authenticated, click the Enterprise menu,
then select Infrastructure Cloud, and click Home to access the Oracle VMInfrastructure Cloud page. From the Oracle VMInfrastructure Cloud
page highlight and right click the Oracle VM Manager system to be Deregistered, click the Deregister menu item to proceed.
From the Conrmation page click the Deregister Oracle VM Manager button to submit the DEREGISTEROVMMANAGER_SYSTEM job.
From the Conrmation page click Close to close the Conrmation page or click the Job Details button to access the Job Activity page to track the
progress of the DEREGISTEROVMMANAGER_SYSTEM job.
Figure 9 shows the Conrmation page with the Job Details and Close buttons.
Once the DEREGISTEROVMMANAGER_SYSTEM job successfully completes, the registered Oracle VM Manager system and all of its targets
are removed from Cloud Control.
From the Job Activities page click the Status link to view the job details and if necessary to review and troubleshoot any failed operations.