You need to identify the OCI compartment where you want the feature enabled. Users of the Resource Monitoring and Discovery feature must have access to the Compute instances within this compartment. Once you've identified the OCI Compartment with the Compute instances containing the resources you want to monitor, you need to ensure the prerequisite policies have been set up.

If you have not already done so, you'll need to set up polices for the OS Management Hub service. These policies only need to be set up once, per compartment or per tenancy. Follow the OSMH Prerequisites instructions to set up policies for OS Management Hub.

You first need to create a dynamic group of Compute instances and then create policies on that dynamic group to enable OS Management Hub service.

A single instance can belong to a maximum of five dynamic groups. A good practice is to re-use the same dynamic group wherever possible across services instead of creating one or more dynamic groups for each service. Make a note of the dynamic group used to set up the policies for OS Management Hub service, and consider re-using that same dynamic group for the policies described in subsequent steps.

For more information about this limitation, see Managing Dynamic Groups.

To interact with the Oracle Cloud Infrastructure service end-points, users must explicitly create a dynamic group to allow Management Agents to communicate with the Management Agent service (MACS).

In this step, a dynamic group is created using the Identity and Access Management service from the OCI Console. This group includes all the management agents. This is a one-time set up step, as any new management agent being installed will automatically belong to this group based on resource type definition shown below. If you can, re-use the dynamic groups created while setting up the prerequisites the OS Management Hub service.

• To access the Identity and Access Management service, open the navigation menu. Under Identity & Security, go to Identity and click Dynamic Groups.

• Click Create Dynamic Group.

• In the Create Dynamic Group dialog box, enter a name for the dynamic group, a description and the matching rules, and then click Create Dynamic Group.

For more information, see OS Management Hub Policies.

Create a Dynamic Group of Management Agent Resources

For example, you create a dynamic group named Management_Agent_Dynamic_Group with the following under RULE 1:

ALL {resource.type='managementagent', resource.compartment.id='ocid1.compartment.oc1.examplecompartmentid'}

Where resource.type='managementagent' is the management agent resource type definition for Management Agent at dynamic group level, and resource.compartment.id value is the compartment id.

Create a Dynamic Group of Instances

For example, you create a dynamic group named AppmgmtMonitoredInstances with the following under RULE 1:

ALL {instance.compartment.id='<compartment-ocid>'}

Create a Policy for Agent Communication

Once both dynamic groups are created, you need to create a policies to allow the management agents to interact with the Management Agent service and to allow the management agents to upload data to Oracle Cloud Infrastructure Monitoring service.

ALLOW DYNAMIC-GROUP Management_Agent_Dynamic_Group TO USE METRICS IN COMPARTMENT <compartment_name> where target.metrics.namespace = 'oracle_appmgmt'

ALLOW DYNAMIC-GROUP AppmgmtMonitoredInstances TO {MGMT_AGENT_DEPLOY_PLUGIN_CREATE, MGMT_AGENT_INSPECT, MGMT_AGENT_READ} IN COMPARTMENT <compartment_name>

The following policies/permissions are specific to Resource Discovery and Monitoring. The policies only need to be set up once for each compartment or tenancy.

ALLOW GROUP AppmgmtUsers TO USE appmgmt-family IN COMPARTMENT <compartment_name>
ALLOW GROUP AppmgmtUsers TO READ metrics IN COMPARTMENT <compartment_name>

If the Compute instance existed before policy setup, bounce its Oracle Cloud Agent or wait 24 hours for policies to take effect.

ALLOW DYNAMIC-GROUP AppmgmtMonitoredInstances TO {APPMGMT_MONITORED_INSTANCE_READ, APPMGMT_MONITORED_INSTANCE_ACTIVATE} 
IN COMPARTMENT <compartment_name> where request.instance.id = target.monitored-instance.id

ALLOW DYNAMIC-GROUP AppmgmtMonitoredInstances TO {INSTANCE_READ,INSTANCE_UPDATE}
IN COMPARTMENT <compartment_name> where request.instance.id = target.instance.id

ALLOW DYNAMIC-GROUP AppmgmtMonitoredInstances TO {APPMGMT_WORK_REQUEST_READ, INSTANCE_AGENT_PLUGIN_INSPECT} 
IN COMPARTMENT <compartment_name>

Make sure the OS Management service is enabled/operational first. This is a prerequisite for automatic enabling functionality along with the policy setup performed above.

Within 15 minutes, the UI should start showing monitored resources/top processes.

The following procedure is only needed if the prior steps (which should have auto-deployed the agent) did not successfully occur for some reason.

Enabling Resource Discovery and Monitoring manually involves the following steps:

1. Deploy the Management Agent Plugin
2. Deploy the Stack Monitoring Management Agent Plugin

If you are planning to use the Java Management Service integration, you will also need to complete these additional steps.

Complete Java Management Service Setup

Ensure that the prerequisites have been performed for the Java Management Service. For more information on performing prerequisite setup tasks for the Java Management Service, see Setting Up Oracle Cloud Infrastructure for Java Management Service. Part of setting up the Java Management Service requires the creation of a group of Management Agents and instances. For those steps, consider re-using the dynamic groups created for the OS Management Hub service and Management Agent setup.

Conifigure Management Agents on OCI Hosts

Follow Configuring a Management Agent on an OCI Compute Instance instructions for each host on which you want to collect Java Runtime details. For Step 4 of the instructions, make sure to execute the setup script with the --enable-user-name flag as shown in section describing collection of user.name property.

Create a Fleet

Create a fleet to group your Java Management resources. For instructions on how to create a Java Management Service fleet, see Creating a Fleet Using an Existing Management Agent Configuration.

Configure the User Policy Statement

You need to add following policy to your AppmgmtUsers group.

ALLOW GROUP AppmgmtUsers TO READ fleet IN COMPARTMENT <compartment_name>