Sunday, July 7, 2013

Getting Oracle Enterprise Manager Cloud Control to talk to Amazon RDS Instances

Getting Oracle Enterprise Manager Cloud Control to talk to Amazon RDS Instances

Oracle provides an OEM Cloud Control plug-in to monitor Amazon RDS Instances, and while the majority of the Installation Guide is straight forward, it fails to give you some rather vital information to get things working. The purpose of this post is to provide you with the missing information.

It is assumed you have your RDS Instance up and running along with Oracle Enterprise Manager Cloud Control, you will also need at least one OEM Agent.

Let's begin.

1. Download the Oracle Enterprise Manager for Amazon Web Services (AWS) Plug-in from http://www.oracle.com/technetwork/oem/grid-control/downloads/oem-aws-plugin-1852739.html

2. Follow the Instructions in the downloaded guide up to the Add Targets for Monitoring section.

We now need to go and get some additional information


3a. Get Amazon Relational Database Service (RDS) endpoint
eg. for Asia Pacific (Sydney) Region it is rds.ap-southeast-2.amazonaws.com

3b. Get Amazon CloudWatch Endpoint         
eg. for Asia Pacific (Singapore) Region it is monitoring.ap-southeast-1.amazonaws.com

4.  Download the public certificate for Amazon RDS at https://rds.amazonaws.com/doc/rds-ssl-ca-cert.pem 

4a. You will now need to import that certificate into your keystore. You can import the certificate using the keytool utility.

#  keytool -import -noprompt -trustcacerts -alias amazonrds -file rds-ssl-ca-cert.pem -keystore /u01/app/oracle/Middleware/jdk16/jdk/jre/lib/security/cacerts -storepass password

The default password changeit and you can name the alias to be whatever you want, I have used amazonrds.

4b. Confirm you added it by running the following command.


# keytool -list -keystore /u01/app/oracle/Middleware/jdk16/jdk/jre/lib/security/cacerts | grep -i amazonrds


5. Now add the target RDS Instance to OEM Cloud Control. You can add it using the command line, or through Cloud Control, via the Setup -> Add Target menu.
For this example we will use the command line.
Login into emcli:
# emcli login -username=sysman -password=sysman_password
# emcli sync
# emcli add_target -name="TARGET_DATABASE" -type="AmazonRDSService" -host="hostwithagent.com" -properties="ProxyHost=proxy.com;ProxyPort=8080;RDS_BaseURI=https://rds.ap-southeast-2.amazonaws.com;BaseURI=http://monitoring.ap-southeast-1.amazonaws.com;InstanceId=INSTANCENAME;Period=300"  -subseparator=properties="="
  • ·         TARGET_NAME is the name you will see in OEM
  • ·         host is the host running the Management Agent, probably the same as your OMS host.
  • ·         Proxy and proxy port are only needed if you access the internet through a proxy.
  • ·         RDS_BaseURI is from step 3a
  • ·         BaseURI is from step 3b
  • ·         INSTANCENAME is the RDS Instance Name


# emcli set_monitoring_credential -set_name="AWSKeyCredentialSet"  -target_name=" TARGET_DATABASE "  -target_type="AmazonRDSService" -cred_type="AWSKeyCredential"  -attributes="AccessKeyId:accesskey;SecretKey:secretkey"
  • ·         accesskey and secret key are provided when your Amazon account is setup, I would recommend setting up an account just from Monitoring.


# emcli set_monitoring_credential  -set_name="SSLTrustStoreCredentialSet"  -target_name="TARGET_DATABASE"  -target_type="AmazonRDSService"  -cred_type="StoreCredential"  -attributes="StoreLocation:/u01/app/oracle/Middleware/jdk16/jdk/jre/lib/security/cacerts;StoreType:JKS;StorePassword:password"
  • ·         StoreLocation is the location of your cacert file in the JAVA_HOME directory.
  • ·         password is the keystore password, default is changeit


That’s it!

I hope this post has helped, and please let me know if there are any errors or omissions.

6 comments:

  1. I have been trying to do this and keep running into an issue with the adding of the target. Can you help me understand what the issue is?

    D:\OEM\fmw3\Oracle_WT\jdk>emcli add_target -name="onnpap01" -type="AmazonRDSService" -host="oem12clab";RDS_BaseURI=https
    ://rds.us-east-1.amazonaws.com;BaseURI=http://monitoring.us-east-1.amazonaws.com;InstanceId=onnpap01;Period=300"  -subse
    parator=properties="="
    Error: Specified host oem12clab;RDS_BaseURI=https://rds.us-east-1.amazonaws.com;BaseURI=http://monitoring.us-east-1.amaz
    onaws.com;InstanceId=onnpap01;Period=300รก -subseparator=properties== does not exist in the repository

    ReplyDelete
  2. Hi,

    Do you know which permissions an AWS account should have to monitor a RDS database?

    We cannot find this anywhere!

    Thank you,

    ReplyDelete
  3. Thank you for your post. Got it working for OEM13C, very valuable information. Had problems with the GUI in OEM13C.
    Regards,
    Job Oprel
    https://technology.amis.nl/author/job-oprel

    ReplyDelete
  4. Thanks for providing this informative information you may also refer.
    http://www.s4techno.com/blog/2015/12/21/protect-instances-from-termination-by-auto-scaling/

    ReplyDelete
  5. Nice information provided by you, for more updates on AWS keep touch with us AWS Online Course Hyderabad

    ReplyDelete
  6. It's so nice article thank you for sharing a valuable content. Click here: Python Online Training

    ReplyDelete