sales@mokumsolutions.com
Copyright 2014 Mokum Solutions, Inc. All rights reserved.
Distribution of the Oracle Cloud Cookbook or derivative of the work in any form
is prohibited unless prior permission is obtained from the Copyright holder.
About Mokum Solutions, Inc.
Founded in March 2011, Mokum Solutions, Inc. specializes in the implementation,
delivery and support of Oracle technologies in private and public clouds. Mokum
corporate headquarters are located in San Francisco, CA http://mokumsolutions.com
or call 1 415 252 9164
About the Author
The author of the Oracle Cloud Cookbook is none other than the owner of
Mokum Solutions, Inc., Roddy Rodstein. Roddy is one of the most respected
Oracle Cloud Computing experts, having designed and managed many of the
worlds largest and most complex Oracle private clouds. Before establishing
Mokum in March 2011, Roddy spent three years at Oracle on the Oracle VM
and Oracle Linux team designing and supporting Oracle's largest and most
complex customer environments. Before Oracle, Roddy spent six years at Citrix,
designing and supporting Citrix's largest and most complex customer environments,
Including Oracle's. With Mr. Rodsteins rich background and knowledge, there
can be no better resource for revealing the Oracle Cloud recipe.
Audience
The Oracle Cloud Cookbook is a comprehensive, field tested reference design that
guides you through each step to move to your Oracle software portfolio to an elastic
Oracle cloud using the Oracle VM product line, Oracle Linux, Oracle Engineered
Systems managed by Oracle Enterprise Manager 12c, with total control over Oracle
processor licensing.
http://mokumsolutions.com
Table of Contents
Oracle Enterprise Manager Infrastructure Cloud Introduction
Oracle VM Manager Registration Prerequisites
How to enable TCPS on Oracle VM Manager 3.1 and Above
1. Export the Oracle VM Manager keystore:
2. Import the Oracle VM Manager keystore into the Oracle Management Agent keystore:
List the Oracle VM Manager keystore
List the Oracle Management Agent keystore
Delete an Entry in the Oracle Management Agent keystore
How to Register Oracle VM Manager in Oracle Enterprise Manager 12c Cloud Control
How to Deregister Oracle VM Manager in Oracle Enterprise Manager 12c Cloud Control
Change Log
Revision
Change Description
Updated By
Date
1.0
Document Creation
Roddy Rodstein
09/20/11
1.2
Roddy Rodstein
05/23/12
1.3
Contect Refresh
Roddy Rodstein
10/06/12
1.4
Contect Refresh
Roddy Rodstein
01/16/14
4 of 15
http://mokumsolutions.com
Tip: Oracle VM Servers, pools, storage, networks, virtual machines, templates, assemblies, etc, can
be setup using Oracle VM Manager and/or Cloud Control.
Figure 1 shows the Infrastructure Cloud home page. The Infrastructure Cloud home page is Oracle
Enterprise Manager's Oracle VM Manager equivalent.
The Oracle Virtualization plug-in must be enabled on the Oracle Management Service host(s) as well
as be deployed to the Oracle VM Manager host. The Oracle Virtualization plug-in along with the
Oracle Enterprise Manager 12c agent can be managed and deployed using Cloud Control. A plug-in
is an Enterprise Manager module that extends the managing and monitoring capabilities of the
Oracle Management Service (OMS). Oracle Enterprise Manager 12c plug-ins have a server (OMS)
and an agent (Oracle Management Agent (OMA) component. The Oracle Management Service
collects plug-in data in XML format. The plug-in data is stored in the Oracle Management Repository
(OMR) and is visualized by the Oracle Management Service in Cloud Control.
Figure 2 shows each of the Enterprise Manager 12c Cloud Control components.
5 of 15
http://mokumsolutions.com
1. Oracle Enterprise Manager Release 1 (12.1.0.1) and above.
2. The Oracle Virtualization plug-in must be install and enabled on the Oracle Management
Service.
3. The Oracle VM Manager host must have the Oracle Management Agent (OMA) and be a
monitored target in Oracle Enterprise Manager 12c Cloud Control.
4. The Oracle VM Manager host must have the Oracle Virtualization plug-in.
5. The preferred credentials for the Oracle VM Manager host must be congured in Oracle
Enterprise Manager 12c Cloud Control.
6. The Oracle Management Service and the Oracle VM Manager host must have consistent name
resolution using DNS with both forward and reverse lookups.
7. Oracle VM Manager 3.1 and above require TCPS authentication.
8. Oracle Enterprise Manager Release 2 (12.1.0.2) and above with Oracle VM Manager 3.1 and
above must have the Oracle VM Manager keystore imported into the Oracle VM Manager host's
Oracle Management Agent keystore.
6 of 15
http://mokumsolutions.com
[Unknown]: State
What is the two-letter country code for this unit?
[Unknown]: country_code
Is CN=name, OU=unit, O=organization, L=City, ST=State, C=country_code correct?
[no]: yes
Enter key password for <ovmm>
Re-enter new password: password
Next, enable the keystore using the secureOvmmTcp.sh script located in the same directory as the
secureOvmmTcpGenKeyStore.sh script. As root, type the following command, when prompted
enter the OVM manager user name (admin), the OVM manager user password, and the
password for TCPS keystore (the keystore password that was entered 2x above):
# ./secureOvmmTcp.sh
Enabling OVMM TCP over SSH service
Please enter the OVM manager user name: username
Please enter the OVM manager user password: password
Please enter the password for TCPS key store : password
The job of enabling OVMM TCPS service is committed, please restart OVMM to take eect.
After successfully running the secureOvmmTcpGenKeyStore.sh and secureOvmmTcp.sh scripts,
the Oracle VM Manager keystore le named ovmmCoreTcps.ks is created in the
<OVM_MANAGER_HOME> directory, i.e. /u01/app/oracle/ovm-manager-3/ovmmCoreTcps.ks.
Tip: Before restarting Oracle VM Manager and enableding the TCP over SSH service, the Core API
will be listening on 127.0.0.1/localhost tcp 54321. After restarting Oracle VM Manager, the Core API
will be listening on tcps 54322 using the FQDN. To verify the listening port, as root, type "netstat -a |
grep 54321" for tpc localhost, and "netstat -a | grep 54322" for tcps with FQDN.
Next, restart Oracle VM Manager. As root, type:
# /sbin/service ovmm stop
# /sbin/service ovmm start
To verify the TCP over SSH service is running, as root type:
netstat -a | grep 54322
tcp
0
0 *:54322
*:*
LISTEN
The above example shows that the TCP over SSH service is indeed running and listening on port
54322.
Oracle Enterprise Manager 12c Cloud Control Release 2 (12.1.0.2) and above with Oracle VM
Manager 3.1.x and above requires the Oracle VM Manager keystore to be imported into the Oracle
VM Manager host's Oracle Management Agent (OMA) keystore.
7 of 15
http://mokumsolutions.com
/oracle/ovm-manager-3". Next, create a keystore directory, i.e. "mkdir keystore", then change the
ownership of the keystore directory to the group with the Oracle Management Agent user account,
i.e. "chown :dba ./keystore". Next, type the following command and when prompted for a password,
enter the Oracle VM Manager keypass password you entered in the previous examples:
Note: Substitute the $JAVA_HOME path and the <OVM_MANAGER_HOME> path with your paths.
# /u01/app/oracle/java/bin/keytool -keystore /u01/app/oracle/ovm-manager-3/ovmmCoreTcps.ks
-exportcert -alias ovmm -le ./keystore/export.jks
Enter keystore password:
Certicate stored in le <./keystore/export.jks>
#
The above example exports the Oracle VM Manager keystore to a le named export.jks in the
/u01/app/oracle/ovm-manager-3/keystore directory.
Tip: Backup the keystore directory along with the ovmmCoreTcps.ks le. If Oracle VM manager is
rebuilt using the backup les will save lots of time.
8 of 15
http://mokumsolutions.com
9 of 15
http://mokumsolutions.com
Note: Substitute the $JAVA_HOME path and the $AGENT_HOME path with your paths.
$ /u01/app/oracle/java/bin/keytool -delete -keystore /u01/app/oracle/product/agent/agent_inst
/sysman/cong/montrust/AgentTrust.jks -alias ovmm
Enter keystore password:
$
Then conrm that the entry has been deleted by typing listing the keystore, i.e.:
$ /u01/app/oracle/java/bin/keytool -list -keystore /u01/app/oracle/product/agent/agent_inst/sysman
/cong/montrust/AgentTrust.jks
Enter keystore password:
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 9 entries
verisignclass1pca, Oct 20, 2009, trustedCertEntry,
Certicate ngerprint (MD5): 51:86:E8:1F:BC:B1:C3:71:B5:18:10:DB:5F:DC:F6:20
verisignclass3ca, Oct 20, 2009, trustedCertEntry,
Certicate ngerprint (MD5): 10:FC:63:5D:F6:26:3E:0D:F3:25:BE:5F:79:CD:67:67
gtecybertrustglobalca, Oct 20, 2009, trustedCertEntry,
Certicate ngerprint (MD5): CA:3D:D3:68:F1:03:5C:D0:32:FA:B8:2B:59:E8:5A:DB
entrustsslca, Oct 20, 2009, trustedCertEntry,
Certicate ngerprint (MD5): DF:F2:80:73:CC:F1:E6:61:73:FC:F5:42:E9:C5:7C:EE
entrust2048ca, Oct 20, 2009, trustedCertEntry,
Certicate ngerprint (MD5): BA:21:EA:20:D6:DD:DB:8F:C1:57:8B:40:AD:A1:FC:FC
verisignserverca, Oct 20, 2009, trustedCertEntry,
Certicate ngerprint (MD5): 74:7B:82:03:43:F0:00:9E:6B:B3:EC:47:BF:85:A5:93
gtecybertrustca, Oct 20, 2009, trustedCertEntry,
Certicate ngerprint (MD5): C4:D7:F0:B2:A3:C5:7D:61:67:F0:04:CD:43:D3:BA:58
entrustgsslca, Oct 20, 2009, trustedCertEntry,
Certicate ngerprint (MD5): 9D:66:6A:CC:FF:D5:F5:43:B4:BF:8C:16:D1:2B:A8:99
verisignclass2ca, Oct 20, 2009, trustedCertEntry,
Certicate ngerprint (MD5): B3:9C:25:B1:C3:2E:32:53:80:15:30:9D:4D:02:77:3E
The above example shows the same keystore as in the previous example less the ovmm key.
10 of 15
http://mokumsolutions.com
From the Infrastructure Cloud page, there are two options to access the Register Oracle VM
Manager page.
1. Right click the Infrastructure Cloud link under the Target Navigation section, then on the
submenu click Register Oracle VM Manager
2. Click the Infrastructure Cloud drop down menu under the History menu, then click
Register Oracle VM Manager.
Figure 4 shows both menu options to select Register Oracle VM Manager.
From the Register Oracle VM Manager page, enter the Name, EM Agent URL, Oracle VM
Manager Core, Automatic Synchronization, Monitoring Credentials for Oracle VM
Manager, Administration Credentials for Oracle VM Manager / Use Administration
Credentials, Oracle VM Manager Console URL, then click the Submit button.
Figure 5 shows the Oracle VM Manager registration page with the required entries listed in Table 1.
11 of 15
http://mokumsolutions.com
Table 1 shows the syntax of the required entries on the Oracle VM Manager registration page.
Table 1
Oracle VM Manager
Registration Page Title
1. Name
Tip: The name can not be changed after the Oracle VM Manager
host has been registered. Consider using the hostname of the
Oracle VM Manager host for the name.
The EM Agent URL is selected by clicking the magnifying glass
icon. A pop-up window will appear, select the Oracle VM Manager
agent from the list. The EM Agent URL syntax is:
https://<AGENT-FQDN>:3872/emd/main/
Note: The Oracle VM Manager host can be selected as long as the
host is managed target by OEM with the Oracle Virtualization
plug-in.
2. EM Agent URL
4. Automatic
Synchronization
5. Monitoring Credentials
for Oracle VM Manager
Enter the Oracle VM Manager admin user name and the admin
password in the Monitoring Credentials for Oracle VM Manager
12 of 15
http://mokumsolutions.com
text elds.
The Administration Credentials for Oracle VM Manager allow you
to select any Oracle VM Manager user account for managing
1. Administration
Oracle VM Manager via Cloud Control. For example, if you
Credentials for Oracle VM created an Oracle VM Manager service account, the service
Manager / Use
account could be used as the Administration Credentials for
Administration
Oracle VM Manager.
Credentials
If credentials are not specied, the monitoring credentials are
used by default.
7. Oracle VM Manager
Console URL
8. Submit
Once all of the information has been entered, click the Submit
button to start the registration job.
13 of 15
http://mokumsolutions.com
From the Conrmation page click the Deregister Oracle VM Manager button to submit the
DEREGISTEROVMMANAGER_SYSTEM job.
Figure 8 shows the Deregister Oracle VM Manager conrmation page.
14 of 15
http://mokumsolutions.com
From the Conrmation page click Close to close the Conrmation page or click the Job Details
button to access the Job Activity page to track the progress of the
DEREGISTEROVMMANAGER_SYSTEM job.
Figure 9 shows the Conrmation page with the Job Details and Close buttons.
15 of 15