VCS OCIIP resource shows MONITOR TIMEDOUT  if OCI auth running on port 443 unreachable from RHEL Virtual machine in OCI

Problem

The OCIIP resource type shows MONITOR TIMEDOUT  

<ociIp resource name>        State                    <servername> OFFLINE|MONITOR TIMEDOUT
<ociIp resource name>        State                    <servername> OFFLINE|MONITOR TIMEDOUT

Error Message

There are no error messages. The Monitor process will show in stuck state in the process table

# ps -ef | grep -i ociip
xxx xxxx x x:x x.x.x.x OverlayIP 1 ReservedPublicIP 1 NICDevice 1 eth0 RouteTableId 1 tempCompartmentID 1 ocid1.compartment.oc1 .xxxxx  tempInstanceID 1 ocid1.instance.oc1.xxxx  tempPrivateIPID 1 AEPTimeout 1 60 OpenStatus 1 0

Cause

This issue can occur if the appropriate policies are not configured and the auth service is not reachable.

Solution

1) Ensure the following policies are configured:

■ Allow dynamic-group <group name>  to manage private-ips in compartment <compantmanet name>
■ Allow dynamic-group <group name>  to use subnets in compartment <compantmanet name>
■ Allow dynamic-group <group name>  to inspect vnic-attachments in compartment <compantmanet name>
■ Allow dynamic-group <group name>  to manage vcns in compartment <compantmanet name>
■ Allow dynamic-group <group name>  to manage vnics in compartment <compantmanet name>
■ Allow dynamic-group <group name>  to read instances in compartment <compantmanet name>
■ Allow dynamic-group <group name>  to manage route-tables in compartment <compantmanet name>

2) Ensure port 443 is open to the auth service of the region.

Example: auth.me-jeddah-1.oraclecloud.com should be reachable at port 443 from the VM instance.

Here, me-jeddah-1 should be replaced with the region in which the VM is actually running.