Connect Oracle Enterprise Manager 13 to Amazon’s Cloudwatch cloudwatch

Connect Oracle Enterprise Manager 13 to Amazon’s Cloudwatch

Oracle Enterprise Manager 13C has been introduced as a ‘single pane of glass’. Managing and monitoring all the assets, in or out of the public cloud.

But when creating an RDS- database instance in Amazon’s cloud, it is monitored by Cloudwatch, and it’s not possible to install a so-called Oracle Hybrid Cloud Agent to connect directly to the Oracle Management Service of OEM13c. Luckily there’s a plugin to connect with Cloudwatch. This article will cover the installation of this plugin and connection of OEM13 to the RDS database instance.

A few steps has to be taken:

– Download AWS plugin

– Download and install Amazon certificate (o.s. –level)

– Install plugin on OEM13C

– Gather connect endpoint-information from your RDS database-instance

– Configure the connection with the RDS database instance.

 

Download AWS plugin

 

Download the AWS plugin, not at edelivery.com, but at the old oracle/technet – site.

Beware of this sentence on that page.

“Have questions about this plugin?  Oracle does not support this Plug-in, but community support is provided via the Oracle Enterprise Manager OTN Forum

When downloaded, there’s no need to unzip the file.

 

Download and install Amazon certificate (o.s.-level)

 

Download from : https://rds.amazonaws.com/doc/rds-ssl-ca-cert.pem

Import in java store –> # keytool -import -noprompt -trustcacerts –alias amazonrds -file rds-ssl-ca-cert.pem –keystore <jdk-directory>/cacerts –storepass changeit

Where ‘changeit’ is the default password for the java-store, and ‘amazonrds’ a chosen name is.

Confirm if the certificate has been stored: –> keytool -list -keystore <jdk-directory>/cacerts | grep -i amazonrds

 

Install plugin on OEM13C

First the plugin has to be imported through EMCLI: 

./emcli import_update -file=/home/oracle/scripts/12.1.0.1.0_oracle.em.aws_2000_0.zip –omslocal .

Deploy the plugin through OEM13C – plugin page (setup –> extensibility –> plugins) on Management server ánd Agent.

image

There’s a note involved:

– Deployment usually takes about 10 minutes to complete. During that time, all connected users will be disconnected from Enterprise Manager. Even though the confirmation page displays, clicking Show Status will display “This webpage is not available” while deployment of the plug-in progresses. –

Example screenshot while deploying at Management Agent.

image

O.k. It has been deployed:

image

 

Gather connect endpoint-information from your RDS database-instance

 

Information you need from Amazon:

– Security credentials (account –> Security credentials)

image

– Instance information (Services –> RDS –> DB Instances ).

 

image

And through the Availability Zone in the instance lookup the rds and cloudwatch (starts with monitoring…) endpoints in the following document:

http://docs.aws.amazon.com/general/latest/gr/rande.html#cw_region 

 

Configure the connection with the RDS database instance through GUI

It should be able to configure the connection through the GUI, so I chose setup –> add target –> add target declarative.

image

Choose the AWS connection in the following screen:

image

 

In the next screen you’ll need to fill in all the information you gathered from the Amazon site regarding keys, endpoints etc:

image

But…. while editing this form, I keep getting the error ‘Passwords do not match’ (and they really do !)…..

So.. back to EMCLI.

Configure the connection with the RDS database instance through commandline

./emcli login -username=sysman -password=sysman_password

./emcli sync

./emcli add_target -name=”<target_name>” -type=”AmazonRDSService” -host=”<host>” -properties=”RDS_BaseURI=<RDS_BaseURI>;BaseURI=<BaseURI>;InstanceId=<instanceid>;Period=300″ -subseparator=properties=”=“

./emcli set_monitoring_credential -set_name=”AWSKeyCredentialSet” -target_name=”<target_name>” -target_type=”AmazonRDSService” -cred_type=”AWSKeyCredential” -attributes=”AccessKeyId:<Access_key>;SecretKey:<secret_key>“

./emcli set_monitoring_credential -set_name=”SSLTrustStoreCredentialSet” -target_name=”<target_name>” -target_type=”AmazonRDSService” -cred_type=”StoreCredential” -attributes=”StoreLocation: <jdk-directory>\cocacerts;StoreType:JKS;StorePassword:<storepassword>”

Where:

  • target_name is the name you will see in OEM – chosen name.
  • host is the host running the Management Agent, probably the same as your OMS host.
  • RDS_BaseURI is from the information gathered from AWS, depending on the availability zone (start with rds…)
  • BaseURI is from the information gathered from AWS, depending on the availability zone (starts with monitoring…)
  • Instancename is the RDS Instance Name
  • Access_key is the key provided when setting up your Amazon account (security credentials)
  • Secret_key is the key provided when setting up your Amazon account (security credentials)
  • Storepassword is default ‘changeit’.

 

In the list of OEM13C targets you should see the Amazon RDS service popping up:

image

Clicking on this you will get the information page of the RDS instance in OEM13C.

image

 

Sources:

Download AWS plugin:  http://www.oracle.com/technetwork/oem/grid-control/downloads/oem-aws-plugin-1852739.html
Download Amazon certificate: https://rds.amazonaws.com/doc/rds-ssl-ca-cert.pem
Amazon Endpoint information: http://docs.aws.amazon.com/general/latest/gr/rande.html#cw_region
Lazy DBA blog: http://oemcloud.blogspot.nl/2013/07/getting-oracle-enterprise-manager-cloud.html