InfoScale™ 9.0 Cluster Server Bundled Agents Reference Guide - Linux

Last Published:
Product(s): InfoScale & Storage Foundation (9.0)
Platform: Linux
  1. Introducing bundled agents
    1.  
      About bundled agents
    2.  
      Resources and their attributes
    3.  
      Modifying agents and their resources
    4.  
      Attributes
    5.  
      IMF-aware agents
    6.  
      Enabling debug log messages
    7.  
      VCS support for multi-pathing solutions
  2. Storage agents
    1.  
      About the storage agents
    2. DiskGroup agent
      1.  
        IMF awareness
      2.  
        Dependencies for DiskGroup agent
      3.  
        Agent functions for DiskGroup agent
      4.  
        State definitions for DiskGroup agent
      5.  
        Attributes for DiskGroup agent
      6.  
        Resource type definition
      7. Notes for DiskGroup agent
        1.  
          High availability fire drill
        2.  
          Using volume sets
        3.  
          Setting the noautoimport flag for a disk group
        4.  
          Configuring the Fiber Channel adapter
        5.  
          Using the DiskGroup agent with IMF
      8. Sample configurations for DiskGroup agent
        1.  
          DiskGroup resource configuration
      9.  
        Debug log levels for DiskGroup agent
    3. DiskGroupSnap agent
      1.  
        Dependencies for DiskGroupSnap agent
      2.  
        Agent functions for DiskGroupSnap agent
      3.  
        State definitions for DiskGroupSnap agent
      4.  
        Attributes for DiskGroupSnap agent
      5. Notes for DiskGroupSnap agent
        1.  
          Fire drill configuration after upgrading VCS
        2.  
          Configuring the SystemZones attribute for the fire drill service group
        3.  
          Configuring the FireDrill service group
        4.  
          Adding the ReuseMntPt attribute to the ArgList attribute for the Mount agent type
        5.  
          Configuration considerations
        6.  
          Agent limitations
      6.  
        Resource type definition for DiskGroupSnap agent
      7. Sample configurations for DiskGroupSnap agent
        1.  
          Typical main.cf configuration for DiskGroupSnap agent
        2.  
          Sample main.cf of DiskGroupSnap with Oracle resource
      8.  
        Debug log levels for DiskGroupSnap agent
    4. Volume agent
      1.  
        Dependencies for Volume agent
      2.  
        Agent functions for Volume agent
      3.  
        State definitions for Volume agent
      4.  
        Attributes for Volume agent
      5.  
        Resource type definition for Volume agent
      6.  
        Sample configuration for Volume agent
      7.  
        Debug log levels for Volume agent
    5. VolumeSet agent
      1.  
        Dependencies for VolumeSet agent
      2.  
        Agent functions for VolumeSet agent
      3.  
        State definitions for VolumeSet agent
      4.  
        Attributes for VolumeSet agent
      5.  
        Resource type definition for VolumeSet agent
      6. Sample configurations for VolumeSet agent
        1.  
          A configured VolumeSet that is dependent on a DiskGroup resource
      7.  
        Agent notes for VolumeSet agent
      8.  
        Inaccessible volumes prevent the VolumeSet agent from coming online
      9.  
        Debug log levels for VolumeSet agent
    6. LVMLogicalVolume agent
      1.  
        Dependencies
      2.  
        Agent functions
      3.  
        State definitions
      4.  
        Attributes
      5.  
        Resource type definition
      6. LVMLogicalVolume agent notes
        1.  
          Disabling new tunables on RHEL9
      7.  
        Sample configuration
      8.  
        Debug log levels
    7. LVMVolumeGroup agent
      1.  
        Dependencies for LVMVolumeGroup agent
      2.  
        Agent functions for LVMVolumeGroup agent
      3.  
        State definitions for LVMVolumeGroup agent
      4.  
        Attributes for LVMVolumeGroup agent
      5.  
        Resource type definition for LVMVolumeGroup agent
      6. LVMVolumeGroup agent notes
        1.  
          Disabling new tunables on RHEL9
        2.  
          Data protection using LVMVolumeGroup Agent
        3.  
          Enabling volume group activation protection
      7. Sample configurations for LVMVolumeGroup agent
        1.  
          Linux configuration 1
        2.  
          Linux Configuration 2
      8.  
        Debug log levels for LVMVolumeGroup agent
    8. Mount agent
      1.  
        IMF awareness
      2.  
        Dependencies for Mount agent
      3.  
        Agent functions for Mount agent
      4.  
        State definitions for Mount agent
      5.  
        Attributes for Mount agent
      6.  
        Resource type definition for Mount agent
      7.  
        Notes for Mount agent
      8.  
        Support for spaces in directory names
      9.  
        Support for multiple bindfs
      10.  
        High availability fire drill
      11.  
        VxFS file system lock
      12.  
        IMF usage notes
      13.  
        Enabling Level two monitoring for the Mount agent
      14.  
        RHEL 7 and RHEL 8: NFS file system version
      15.  
        RHEL 7 and RHEl 8: Configuring bind mounts
      16.  
        Support for Amazon EFS
      17. Sample configurations for Mount agent
        1.  
          Basic configuration for Mount agent
        2.  
          Sample configuration to support bind mount of subdirectories
        3.  
          VxFS mount lock example for Mount agent
        4.  
          NFS mount example for Mount agent
        5.  
          EFS mount example for Mount agent
      18.  
        Debug log levels for Mount agent
      19.  
        Mount agent limitations
    9. VMwareDisks agent
      1.  
        Agent functions
      2.  
        State definitions
      3.  
        Attributes
      4.  
        Resource type definition
      5.  
        Sample configurations
      6.  
        How the VMwareDisks agent communicates with the vCenter Server instead of the ESX/ESXi host
      7. Assigning customized privileges to VMwareDisks agent
        1.  
          About assigning privileges to VMwareDisks agent
        2.  
          Creating a role with customized privileges for VMwareDisks agent
        3.  
          Creating an ESX user account
        4.  
          Integrating an ESX user account with Active Directory
        5.  
          Assigning a role to an ESX user account
      8.  
        Managing storage
    10. SFCache agent
      1.  
        Resource dependency
      2.  
        Agent functions
      3.  
        State definitions
      4.  
        Attributes
      5.  
        Resource type definition
      6. Notes for SFCache agent
        1.  
          Configuring SFCache resource with CVM/CFS
      7.  
        Debug log levels
    11.  
      AWS EBSVol agent
    12.  
      AzureDisk agent
    13.  
      GoogleDisk agent
  3. Network agents
    1. About the network agents
      1. Agent comparisons
        1.  
          IP and NIC agents
        2.  
          IPMultiNIC and MultiNICA agents
        3.  
          802.1Q trunking
    2. IP agent
      1.  
        High availability fire drill for IP agent
      2.  
        Dependencies for IP agent
      3.  
        Agent functions for IP agent
      4.  
        State definitions for IP agent
      5.  
        Attributes for IP agent
      6.  
        Resource type definition for IP agent
      7. Sample configurations for IP agent
        1.  
          IPv4 Configuration
        2.  
          IPv6 Configuration
      8.  
        Debug log levels for IP agent
    3. NIC agent
      1.  
        Dependencies for NIC agent
      2.  
        Bonded network interfaces for NIC agent
      3.  
        Agent functions for NIC agent
      4.  
        State definitions for NIC agent
      5.  
        Attributes for NIC agent
      6.  
        Resource type definition for NIC agent
      7. Notes for the NIC agent
        1.  
          Monitoring bonded NICs for NIC agent
        2.  
          Setting Mii and miimon for NIC agent
        3.  
          High availability fire drill for NIC agent
      8.  
        Case 1
      9.  
        Case 2
      10.  
        Case 3
      11. Sample configurations for NIC agent
        1.  
          Configuration for using Mii for NIC agent
        2.  
          Configuration for using network hosts for NIC agent
        3.  
          IPv6 configuration for NIC agent
      12.  
        Debug log levels for NIC agent
    4. IPMultiNIC agent
      1.  
        Dependencies for IPMultiNIC agent
      2.  
        Agent functions for IPMultiNIC agent
      3.  
        State definitions for IPMultiNIC agent
      4.  
        Attributes for IPMultiNIC agent
      5.  
        Resource type definition for IPMultiNIC agent
      6. Sample configuration: IPMultiNIC and MultiNICA
        1.  
          IPv4 configuration for IPMultiNIC agent
        2.  
          IPv6 configuration for IPMultiNIC agent
        3.  
          Mixed mode configuration - IPv4 and IPv6 for IPMultiNIC agent
      7.  
        Debug log levels
    5. MultiNICA agent
      1.  
        Dependencies for MultiNICA agent
      2. IP Conservation Mode (ICM) for MultiNICA agent
        1.  
          Configuration for MultiNICA agent
        2.  
          Operation for MultiNICA agent
      3. Performance Mode (PM) for MultiNICA agent
        1.  
          Configuration for MultiNICA agent
        2.  
          Operation for MultiNICA agent
      4.  
        Agent function for MultiNICA agent
      5.  
        Attributes for MultiNICA agent
      6.  
        Resource type definition for MultiNICA agent
      7. Sample configurations for MultiNICA agent
        1.  
          MultiNICA and IPMultiNIC Performance Mode configuration
        2.  
          MultiNICA and IPMultiNIC IP Conservation Mode Configuration
      8.  
        IPv6 configuration for MultiNICA agent
      9.  
        Mixed mode configuration - IPv4 and IPv6 for MultiNICA agent
      10.  
        Debug log levels for MultiNICA agent
    6. DNS agent
      1.  
        Dependencies for DNS agent
      2.  
        Agent functions for DNS agent
      3.  
        State definitions for DNS agent
      4.  
        Attributes for DNS agent
      5.  
        Resource type definition for DNS agent
      6. Agent notes for DNS agent
        1. About using the VCS DNS agent on UNIX with a secure Windows DNS server
          1.  
            Software requirement for DNS agent
          2.  
            Configuration requirement for DNS agent
        2.  
          High availability fire drill for DNS agent
        3.  
          Monitor scenarios for DNS agent
        4.  
          Sample Web server configuration for DNS agent
        5.  
          Secure DNS update for BIND 9 for DNS agent
        6.  
          Setting up secure updates using TSIG keys for BIND 9 for DNS agent
      7. Sample configurations for DNS agent
        1.  
          Basic IPv6 configuration for DNS agent
        2.  
          IPv6 CNAME sample configuration for DNS agent
        3.  
          IPv4 A sample configuration for DNS agent
      8.  
        Debug log levels for DNS agent
    7. AWSIP agent
      1.  
        Prerequisites
      2.  
        Dependencies
      3.  
        Agent functions
      4.  
        State definitions
      5.  
        Attributes
      6.  
        Resource type definition
      7.  
        Samples configurations
    8. AWSRoute53 agent
      1.  
        Prerequisites
      2.  
        Dependencies
      3.  
        Agent functions
      4.  
        State definitions
      5.  
        Attributes
      6.  
        Resource type definition
      7.  
        Sample configuration
    9.  
      AzureIP agent
    10. AzureDNSZone agent
      1.  
        Prerequisites
      2.  
        Dependencies
      3.  
        Agent functions
      4.  
        State definitions
      5.  
        Attributes
      6.  
        Resource type definition
      7.  
        Samples configurations
      8.  
        Delegating a domain to Azure DNS
    11.  
      GoogleIP agent
    12.  
      OCIIP agent
  4. File share agents
    1.  
      About the file service agents
    2. NFS agent
      1.  
        Dependencies for NFS agent
      2.  
        Agent functions for NFS agent
      3.  
        State definitions for NFS agent
      4.  
        Attributes for NFS agent
      5.  
        Resource type definition for NFS agent
      6. Notes for NFS agent
        1.  
          Prerequisites for NFS lock recovery
        2.  
          Using NFSv4
      7.  
        Sample configurations for NFS agent
      8.  
        Debug log levels for NFS agent
    3. NFSRestart agent
      1.  
        Dependencies for NFSRestart agent
      2.  
        Agent functions for NFSRestart agent
      3.  
        State definitions
      4.  
        Attributes for NFSRestart agent
      5.  
        Resource type definition for NFSRestart agent
      6. Notes for NFSRestart agent
        1.  
          About high availability fire drill
        2.  
          Providing a fully qualified host name
        3.  
          Support for systemd
      7. Sample configurations for NFSRestart agent
        1.  
          Basic agent configurations
      8.  
        Debug log levels for NFSRestart agent
    4. Share agent
      1.  
        Dependencies for Share agent
      2.  
        Agent functions for Share agent
      3.  
        State definitions for Share agent
      4.  
        Attributes for Share agent
      5.  
        Resource type definition for Share agent
      6. Notes for Share agent
        1.  
          Support for spaces in directory names
        2.  
          High availability fire drill
        3.  
          About entering an IP address in the Client attribute
      7.  
        Sample configurations for Share agent
      8.  
        Debug log levels for Share agent
    5. About the Samba agents
      1.  
        The Samba agents
      2.  
        Before using the Samba agents
      3.  
        Supported versions for Samba agents
      4. Notes for configuring the Samba agents
        1.  
          Samba agents in systemd environments
        2.  
          Enabling VCS to detect services started and stopped by smb
        3.  
          Configuring multiple SambaServer resources
        4.  
          Configuring Samba for non-standard configuration files or non-standard lock directories
      5. SambaServer agent
        1.  
          Dependencies for SambaServer agent
        2.  
          Agent functions for SambaServer agent
        3.  
          State definitions for SambaServer agent
        4.  
          Attributes for SambaServer agent
        5.  
          Resource type definitions for SambaServer agent
        6.  
          Sample configurations for SambaServer agent
        7.  
          Debug log levels for SambaServer agent
      6. SambaShare agent
        1.  
          IMF awareness
        2.  
          Dependencies for SambaShare agent
        3.  
          Agent functions for SambaShare agent
        4.  
          State definitions for SambaShare agent
        5.  
          Attributes for SambaShare agent
        6.  
          Resource type definition for SambaShare agent
        7.  
          Sample configuration for SambaShare agent
        8.  
          Debug log levels for SambaShare agent
    6. NetBios agent
      1.  
        Dependencies for NetBios agent
      2.  
        Agent functions for NetBios agent
      3.  
        State definitions for NetBios agent
      4.  
        Attributes for NetBios agent
      5.  
        Resource type definition for NetBios agent
      6.  
        Sample configuration for NetBios agent
      7.  
        Debug log levels for NetBios agent
  5. Service and application agents
    1.  
      About the services and applications agents
    2. Apache HTTP server agent
      1.  
        Dependencies
      2.  
        Agent functions
      3.  
        State definitions
      4.  
        Attributes
      5.  
        Resource type definition
      6. Apache HTTP server notes
        1.  
          Tasks to perform before you use the Apache HTTP server agent
        2.  
          About detecting application failure
        3.  
          About bringing an Apache HTTP server online outside of VCS control
        4.  
          About high Availability fire drill
        5.  
          Using Apache agent with IMF
      7. Sample configurations
        1.  
          Running two instances of httpd for Linux
        2.  
          Sample main.cf file
        3.  
          Basic IPv6 configuration
        4.  
          Sample output of the amfstat command
      8.  
        Debug log level
    3. Application agent
      1.  
        IMF awareness
      2.  
        High availability fire drill for Application agent
      3.  
        Dependencies for Application agent
      4.  
        Agent functions
      5.  
        State definitions for Application agent
      6.  
        Attributes for Application agent
      7.  
        Resource type definition for Application agent
      8. Notes for Application agent
        1.  
          Using Application agent with IMF
        2.  
          Level two monitoring through MonitorProgram
        3.  
          Using Application agent with ProPCV
        4.  
          Requirement for programs
        5.  
          Requirement for default profile
        6.  
          Support for cloned Application agent
        7.  
          Application monitoring inside Docker container
        8.  
          Using the hadockersetup utility
        9.  
          Requirement for systemd support
      9. Sample configurations for Application agent
        1.  
          Configuration 1 for Application agent
        2.  
          Configuration 2 for Application agent
        3.  
          Configuration 3 for Application agent
        4.  
          Configuration 4 for Application agent
        5.  
          Configuration 5 for Application agent
      10.  
        Debug log levels for Application agent
    4.  
      AppMonHB agent
    5. AzureAuth agent
      1.  
        Using Azure managed identity
    6. CoordPoint agent
      1.  
        Coordination Point server as a coordination point
      2.  
        SCSI-3 based disk as a coordination point
      3.  
        Dependencies
      4.  
        Agent functions
      5.  
        State definitions
      6.  
        Attributes
      7.  
        Resource type definition
      8. Notes for the CoordPoint agent
        1.  
          CoordPoint agent I/O fencing reporting activities
        2.  
          AutoStartList attribute
        3.  
          Detailed monitoring for the Coordpoint resource
        4.  
          The ActionOnCoordPointFault attribute set to RefreshRegistrations
      9.  
        Sample configuration
      10.  
        Debug log levels
    7. KVMGuest agent
      1.  
        Dependencies for KVMGuest agent
      2.  
        Agent functions for KVMGuest agent
      3.  
        State definitions for KVMGuest agent
      4.  
        Attributes for KVMGuest agent
      5.  
        Resource type definition for KVMGuest agent
      6. Notes for KVMGuest agent
        1.  
          Support for guests created on RHEL 6, RHEL 7 (KVM environment), and SuSE Enterprise Linux 11 SP2 and SP3
        2.  
          Storage and network configurations
        3.  
          Guest live migration
        4.  
          Managing virtual machines in RHEV environment
        5.  
          Managing ISO image in SuSE KVM
        6.  
          Using VCS to migrate virtual machines
        7.  
          Configuring the KVMGuest agent for DR in a global cluster setup
        8.  
          Configuring a non-admin user for RHEV-M that is using AD-based domain
        9.  
          Virtual machine failover if host crashes
        10.  
          KVMGuest agent requires curl and xpath commands in RHEV environment
        11.  
          RHEV environment: If a node on which the VM is running panics or is forcefully shutdown, VCS is unable to start the VM on another node
      7. Sample configurations for KVMGuest environment
        1.  
          Sample Configuration 1
        2.  
          Sample Configuration 2
        3.  
          Sample Configuration 3
      8. Sample configurations for RHEV environment
        1.  
          Sample Configuration 1
        2.  
          Sample Configuration 2
        3.  
          Sample Configuration 3
      9.  
        Sample Configuration for SuSE KVM
      10.  
        Debug log levels for KVMGuest agent
    8. Process agent
      1.  
        IMF awareness
      2.  
        High availability fire drill for Process agent
      3.  
        Dependencies for Process agent
      4.  
        Agent functions for Process agent
      5.  
        State definitions for Process agent
      6.  
        Attributes for Process agent
      7.  
        Resource type definition for Process agent
      8. Usage notes for Process agent
        1.  
          Prerequisites for processes
      9. Sample configurations for Process agent
        1.  
          Configuration for Process agent
      10.  
        Debug log levels for Process agent
    9. ProcessOnOnly agent
      1.  
        Dependencies
      2.  
        Agent functions
      3.  
        State definitions
      4.  
        Attributes
      5.  
        Resource type definition
      6. ProcessOnOnly agent usage notes
        1.  
          Requirement for programs
      7.  
        Sample configurations
      8.  
        Debug log levels
    10. RestServer agent
      1.  
        Service group resource dependencies
      2.  
        Agent functions
      3.  
        State definitions
      4.  
        Attributes
      5.  
        Resource type definition
      6.  
        Sample configuration
      7.  
        Troubleshooting information
  6. Infrastructure and support agents
    1.  
      About the infrastructure and support agents
    2. NotifierMngr agent
      1.  
        Dependency
      2.  
        Agent functions
      3.  
        State definitions
      4.  
        Attributes
      5.  
        Resource type definition
      6. Sample configuration
        1.  
          Configuration
      7.  
        Debug log levels
    3. Proxy agent
      1.  
        Dependencies
      2.  
        Agent functions
      3.  
        Attributes
      4.  
        Resource type definition
      5. Sample configurations
        1.  
          Configuration 1
        2.  
          Configuration 2
        3.  
          Configuration 3
      6.  
        Debug log levels
    4. Phantom agent
      1.  
        Dependencies
      2.  
        Agent functions
      3.  
        Resource type definition
      4. Sample configurations
        1.  
          Configuration 1
        2.  
          Configuration 2
    5. RemoteGroup agent
      1.  
        Dependency
      2.  
        Agent functions
      3.  
        State definitions
      4.  
        Attributes
      5.  
        Resource type definition
      6.  
        Debug log levels
  7. Testing agents
    1.  
      About the testing agents
    2. ElifNone agent
      1.  
        Dependencies for ElifNone agent
      2.  
        Agent function for ElifNone agent
      3.  
        State definitions for ElifNone agent
      4.  
        Attributes for ElifNone agent
      5.  
        Resource type definition for ElifNone agent
      6.  
        Sample configuration for ElifNone agent
      7.  
        Debug log levels for ElifNone agent
    3. FileNone agent
      1.  
        Dependencies for FileNone agent
      2.  
        Agent functions for FileNone agent
      3.  
        State definitions for FileNone agent
      4.  
        Attribute for FileNone agent
      5.  
        Resource type definition for FileNone agent
      6.  
        Sample configuration for FileNone agent
      7.  
        Debug log levels for FileNone agent
    4. FileOnOff agent
      1.  
        Dependencies for FileOnOff agent
      2.  
        Agent functions for FileOnOff agent
      3.  
        State definitions for FileOnOff agent
      4.  
        Attribute for FileOnOff agent
      5.  
        Resource type definition for FileOnOff agent
      6.  
        Sample configuration for FileOnOff agent
      7.  
        Debug log levels for FileOnOff agent
    5. FileOnOnly agent
      1.  
        Dependencies for FileOnOnly agent
      2.  
        Agent functions for FileOnOnly agent
      3.  
        State definitions for FileOnOnly agent
      4.  
        Attribute for FileOnOnly agent
      5.  
        Resource type definition for FileOnOnly agent
      6.  
        Sample configuration for FileOnOnly agent
      7.  
        Debug log levels for FileOnOnly agent
  8. Replication agents
    1.  
      About the replication agents
    2. RVG agent
      1.  
        Dependencies
      2.  
        Agent functions
      3.  
        State definitions
      4.  
        Attributes
      5.  
        Resource type definitions
      6.  
        Sample configurations
    3. RVGPrimary agent
      1.  
        Dependencies
      2.  
        Agent functions
      3.  
        State definitions
      4.  
        Attributes
      5.  
        Resource type definitions
      6.  
        Sample configurations
    4. RVGSnapshot
      1.  
        Dependencies
      2.  
        Agent functions
      3.  
        State definitions
      4.  
        Attributes
      5.  
        Resource type definitions
      6.  
        Sample configurations
    5. RVGShared agent
      1.  
        Dependencies
      2.  
        Agent functions
      3.  
        State definitions
      4.  
        Attributes
      5.  
        Resource type definitions
      6.  
        Sample configurations
    6. RVGLogowner agent
      1.  
        Dependencies
      2.  
        Agent functions
      3.  
        State definitions
      4.  
        Attributes
      5.  
        Resource type definitions
      6.  
        RVGLogowner agent notes
      7.  
        Sample configurations
    7. RVGSharedPri agent
      1.  
        Dependencies
      2.  
        Agent functions
      3.  
        State definitions
      4.  
        Attributes
      5.  
        Resource type definitions
      6.  
        Sample configuration
    8. VFRJob agent
      1.  
        Overview
      2. Dependencies for VFRJob agent
        1.  
          Group dependency for VFRJob agent in Custer File Systems or VxFS File Systems
        2.  
          Group dependency for VFRJob agent in VxFS File Systems
      3.  
        High availability of scheduler and replicator daemons
      4.  
        Agent functions for VFRJob agent
      5.  
        State definitions for VFRJob agent
      6.  
        Attributes for VFRJob agent
      7.  
        Resource type definitions for VFRJob agent
      8.  
        High availability of VFR daemons
      9.  
        Configuration of VFRJob service groups on the source system
      10.  
        Sample configuration of VFRJob agent on source system
      11.  
        Configuration for VFRJob service groups on the target system
      12.  
        Sample configuration of VFRJob agent on target system
      13.  
        Changing file replication direction
      14. Notes for the VFRJob agent
        1.  
          Using a different port number for the replication daemon

OCIIP agent

The OCIIP agent helps to fail over IP (PrivateIP, OverlayIP, or ReservedPublicIP) within the OCI environment.

The OCIIP agent performs the following activities:

  • Fetches the NIC details, associates the private IP with the NIC, and disassociates the private IP from the NIC.

  • Associates and disassociates the Public IP address with the Private IP address.

  • Manages the route table entries of the overlay IP for failover across subnets.

The OCIIP agent uses OCI Python APIs to associate IP resources with OCI VM instance.

Prerequisites

  • Oracle Python modules should be present on each cluster node.

    Install the Python SDK 2.102.0 for OCI on each of the cluster nodes by running the following commands:

    • /opt/VRTSpython/bin/pip install --upgrade pip

    • /opt/VRTSpython/bin/pip install oci==2.102.0

  • The following steps summarize the process flow for setting up and using instances as principals: Create a dynamic group.

  • In the dynamic group definition, you provide the matching rules to specify which instances you want to allow to make the API calls against the services.

  • Create a policy granting permissions to the dynamic group to access services in your tenancy (or compartment).

  • A developer configures the application that is built using the Oracle Cloud Infrastructure SDK to authenticate using the instance principals provider.

  • Deploy the application and the SDK to all the instances that belong to the dynamic group.

  • The deployed SDK makes calls to Oracle Cloud Infrastructure APIs as allowed by the policy (without configuring API credentials).

  • For each API call that an instance makes, the Audit service logs the event and records the OCID of the instance as the value of principalId in the event log.

  • Minimum permissions that are required for a policy:

    • PRIVATE_IP_READ

    • PRIVATE_IP_UPDATE

    • PRIVATE_IP_ASSIGN

    • PRIVATE_IP_UNASSIGN

    • PRIVATE_IP_ASSIGN_PUBLIC_IP

    • PRIVATE_IP_UNASSIGN_PUBLIC_IP

    • SUBNET_ATTACH

    • SUBNET_DETACH

    • VNIC_UPDATE

    • PUBLIC_IP_READ

    • PUBLIC_IP_UPDATE

    • ROUTE_TABLE_READ

    • ROUTE_TABLE_UPDATE

Sample policy statements

  • Allow dynamic-group OCIIP-MIN-PERMISSIONS-DG to manage private-ips in compartment Test

  • Allow dynamic-group OCIIP-MIN-PERMISSIONS-DG to use subnets in compartment Test

  • Allow dynamic-group OCIIP-MIN-PERMISSIONS-DG to inspect vnic-attachments in compartment Test

  • Allow dynamic-group OCIIP-MIN-PERMISSIONS-DG to manage vcns in compartment Test

  • Allow dynamic-group OCIIP-MIN-PERMISSIONS-DG to inspect vnics in compartment Test

  • Allow dynamic-group OCIIP-MIN-PERMISSIONS-DG to read instances in compartment Test

  • Allow dynamic-group OCIIP-MIN-PERMISSIONS-DG to manage route-tables in compartment Test

Attributes

This section summarizes the required attributes of the OCIIP agent.

Table: Required attributes

Attribute

Description

PrivateIP

Secondary private IP address of the OCI instance.

This value is mandatory if OverlayIP value is not provided.

NICDevice

Name of the network device.

OverlayIP

Overlay IP provides IP failover functionality for the nodes that are spread across subnets. Overlay IP must be outside of the VCN CIDR block in which the nodes are present. This value is mandatory if PrivateIP is not provided.

RouteTableId

OCI IDs of route tables under which we need to add route entries for OverlayIP. When OverlayIP is configured, we have to provide value of this attribute.

ReservedPublicIP

This IP is used in IP configuration to map the Public IP address to a secondary private IP address. When ReservedPublicIP attribute is configured then it is mandatory to provide PrivateIP value.

Resource type

OCIIP types.cf 

type OCIIP (
static str ArgList[] = { PrivateIP, OverlayIP, ReservedPublicIP, 
NICDevice, RouteTableId, tempCompartmentID, tempInstanceID, 
tempPrivateIPID }
str PrivateIP
str OverlayIP
str ReservedPublicIP
str NICDevice
str RouteTableId[]
temp str tempCompartmentID
temp str tempInstanceID
temp str tempPrivateIPID
)

Sample configurations

Sample configuration with PrivateIP

OCIIP  ip-res-OCI (
PrivateIP = "11.1.1.1"
NICDevice = "eth0"
)
IP ip-res (
Address = "11.1.1.1"      
Device = "eth0"      
NetMask = "111.111.111.0"
)
ip-res-OCI requires ip-res

Sample configuration with Overlay IP

OCIIP  ip-res-OCI (
OverlayIP = "111.111.1.1"
RouteTableId = "ocid1.routetable.oc1.phx.
aaaaaaaaxxu32fw6gilbyxlly2kqjq37p7xzl6a"
NICDevice = "eth0"
)
IP ip-res (      
Address = "111.111.1.1"      
Device = "eth0"      
NetMask = "255.255.255.0"
)
ip-res-OCI requires ip-res

Sample configuration with Reserved public IP

OCIIP ip-res-OCI (
PrivateIP = "11.1.11.1"
ReservedPublicIP = "111.111.111.111"
NICDevice = eth0
)
IP ip-res (
Device = eth0
Address = "11.1.11.1"
NetMask = "255.255.255.0"
)

ip-res-OCI requires ip-res

Figure: Sample service group dependency

Sample service group dependency
Agent functions

Open

PrivateIP: Get the compartmentId, vmId of the OCI instance and OCIID of IPs automatically using the metadata information.

OverlayIP: Get the compartmentId, vmId of the OCI instance automatically using the metadata information.

Reserved public IP: Get the compartmentId, vmId of the OCI instance automatically using the metadata information.

Online

PrivateIP: Check if same IP is assigned to any other cluster node, if yes then unassign it.

Assign the IP to the network interface provided.

OverlayIP: Fetch the RouteTableID attribute. If RouteTableID is blank then return failure, else check if route entry with given overlay IP exists in given route tables and it's next hop ID is instance ID which is other cluster node. If yes then delete route entry.

Create route entry in given route table with "Destination CIDR Block" as provided Overlay IP and next hop is current instance ID.

Reserved public IP: Check if same Reserved Public IP is assigned to any other cluster node, if yes then unassign it.

Assigns the PrivateIP and Reserved Public IP to the Ethernet provided.

Offline/Clean

PrivateIP: Detach IP from the NIC device.

OverlayIP: Delete route entry containing given overlay IP and next hop as current instance ID.

Reserved Public IP: Detach PrivateIP and associated Reserved Public IP from the NIC device.

Monitor

PrivateIP:

  • Return offline if:

    • IP is not attached to NIC

  • Return online if:

    • IP with valid private IP is attached to NIC given by user.

  • Return unknown if:

    • OCI Python SDKs are not installed.

    • Required privileges are not present to perform operations on NIC and VM.

    • Private IP is given in wrong format

    • Private IP address is already assigned to any other NIC outside Cluster's VM.

OverlayIP:

  • Return offline if:

    • Route entry with given overlay IP and it's next hop ID is current instance ID that does not exists in given route table.

  • Return online if:

    • Route entry with given overlay IP and it's next hop ID is current instance ID, exists in given route table.

  • Return unknown if:

    • OCI Python SDKs are not installed.

    • Failures in fetching required attributes values.

    • OverlayIP is given in wrong format.

    • RouteTableID not provided.

    • RouteTableID not found, or the route entry not found in the given route table.

    • Both private IP and overlay IP is specified in configuration or none of them provided.

Reserved public IP:

  • Return offline if:

    • Reserved Public IP and corresponding Private IP is not attached to NIC.

  • Return online if:

    • Reserved Public IP and corresponding Private IP with valid IP address is attached to NIC given by user.

  • Return unknown if:

    • OCI Python SDKs are not installed.

    • Required privileges are not present to perform operations on NIC and VM.

    • Reserved Public IP or Private IP is given in wrong format.

    • Reserved Public IP address is already assigned to any other NIC outside Cluster's VM .

State definition

ONLINE       

  • Private IP: Indicates that the Private IP is assigned to the NIC.

  • Reserved public IP: Indicates that the Private IP is assigned and reserved public IP is associated with the private IP.

  • Overlay IP: Indicates that the Route table entry exists for the overlay IP.

OFFLINE

  • Private IP: Indicates that the Private IP is not assigned to the NIC.

  • Public IP: Indicates that the Private IP is not assigned, or reserved public IP is not associated with the private IP.

  • Overlay IP: Indicates that the Route table entry does not exist for the overlay IP.

UNKNOWN

One of the following can be true:

  • OCI Python SDK is not installed or installed with unsupported version.

  • Required privileges are not present to perform operations on OCI VNIC and instances.

  • Private IP, Reserved Public IP, or Overlay IP is specified in wrong format.

  • Private IP, Reserved Public IP, or Overlay IP is already in use.

  • The NICDevice attribute value is invalid.

  • In case of Overlay IP, route table id(s) are invalid.

  • IP Configuration has invalid details on NIC.

  • Both or none of the Overlay IP and Private IP are set. Only one should be set.

FAULTED

  • Indicates that the IP resources cannot not be brought online or abruptly stopped outside of VCS control.

Debug log levels

The OCIIP agent uses the DBG_1 and DBG_2 debug log level.

Modules tested

Arctera has tested and approved the OCIIP agent with the following modules:

Table:

OCIIP Python module

Version

OCI

2.102.0