Getting Started with Autonomous Linux
Set up policies and create an Autonomous Linux instance.
The following sections describe how to get started with the Autonomous Linux service.
Prerequisites
- Supported Image: Use the August 2021 Oracle Autonomous Linux platform image or later.
- IAM policies: Set the IAM policies required for the Autonomous Linux service. For more information about the required IAM policies, see Setting Up Required IAM Policies for Autonomous Linux.
- Oracle Cloud Agent: Ensure that the Oracle Cloud Agent software is installed and running on the instance. By default, the Oracle Cloud Agent is installed and running on the Oracle Autonomous Linux platform image. For more information about the Oracle Cloud Agent, see Managing Plugins with Oracle Cloud Agent.
- OS Management Service Agent and Oracle Autonomous Linux plugins: Ensure that the OS Management Service Agent and Oracle Autonomous Linux plugins are enabled and running on the instance. These plugins are enabled and running by default on the Oracle Autonomous Linux platform image. For more information about the Oracle Autonomous Linux plugin, see Autonomous Linux Components and Features.
- Beginning August 31, 2021, Oracle Autonomous Linux instances created
using
Oracle-Autonomous-Linux-7.9-2021.08-0
platform image or later are integrated with the OS Management service and not supported in the Oracle Cloud Free Tier. See Known Issues. Existing instances that were launched before August 31, 2021 can be migrated using thealx-migrate
script. - Autonomous Linux instances based on custom images are not supported.
Setting Up Required IAM Policies for Autonomous Linux
You must have the required privileges to create the policy. If you do not have required privileges, you should work with the administrator for your tenancy to either obtain the privileges to create the policies or to have the policies created for you.
Required Dynamic Group
Before you create the required IAM policies for Autonomous Linux, you need to create a dynamic group. A dynamic group can include instances based on instance OCID or include instances that reside in a compartment based on compartment OCID. For more information about dynamic groups, see Managing Dynamic Groups.
Required User Group
Before you create the required IAM policies for Autonomous Linux, you need to create a user group for non-admin users. This user group is used in a policy to allow users to view and manage events. For more information about user groups, see Managing Groups.
Required IAM Policies
For an Autonomous Linux instance to register with the OS Management service and manage autonomous updates and events, you must create the required IAM policies for Autonomous Linux.
Before you create the IAM policies, you first need to create a dynamic group and a user group.
- Required IAM Policies for a Tenancy
-
To apply the policies for Autonomous Linux to the tenancy, use the following policy statements. The first two policy statements are required for OS Management and might already be specified for your dynamic group (if you are adding to existing policies).
For a dynamic group:
Allow dynamic-group <dynamic_group_name> to read instance-family in tenancy Allow dynamic-group <dynamic_group_name> to use osms-managed-instances in tenancy Allow dynamic-group <dynamic_group_name> to use ons-topics in tenancy Allow dynamic-group <dynamic_group_name> to manage osms-events in tenancy
The third and fourth lines are required for Autonomous Linux instances to publish notifications and events, respectively.
For non-admin users:
Allow group <group_name> to manage osms-events in tenancy Allow group <group_name> to manage ons-topics in tenancy
These policies permit the user group to manage OSMS events and notification topics, respectively.
- Required IAM Policies for a Compartment
To apply the policies for Autonomous Linux only to a compartment inside the tenancy, use the following policy statements. The first two policy statements are required for OS Management and might already be specified for your dynamic group (if you are adding to existing policies).
Important
The policy statementAllow service osms to read instances in tenancy
must be set in tenancy. The other policy statements can be applied to a compartment inside the tenancy.For a dynamic group:
Allow dynamic-group <dynamic_group_name> to read instance-family in compartment <compartment_name> Allow dynamic-group <dynamic_group_name> to use osms-managed-instances in compartment <compartment_name> Allow dynamic-group <dynamic_group_name> to use ons-topics in compartment <compartment_name> Allow dynamic-group <dynamic_group_name> to manage osms-events in compartment <compartment_name>
The third and fourth lines are required for Autonomous Linux instances to publish notifications and events, respectively.
For non-admin users:
Allow group <group_name> to manage osms-events in compartment <compartment_name> Allow group <group_name> to manage ons-topics in tenancy
These policies permit the user group to manage OSMS events and notification topics, respectively.
- Required IAM Policy for Metrics
-
To allow the OS Management service to emit metrics, use the following policy.
Important
This policy must be specified at the tenancy level.Allow service osms to read instances in tenancy
After setting the policies, you must restart the Oracle Cloud Agent.
To restart the Oracle Cloud Agent on Autonomous Linux instances:
- Log in to your instance. See Connecting to an Instance.
- Restart the Oracle Cloud Agent service.
sudo systemctl restart oracle-cloud-agent.service
Beginning April 29, 2022, the IAM policy for Autonomous Linux instances has been simplified to require fewer policy statements. Although the previous policies still work, you can work with your tenancy or compartment administrator to reduce your IAM policy for Autonomous Linux to use latest IAM policies.
- Previous Required IAM Policies for a Tenancy
-
To apply the policies for Autonomous Linux to the tenancy, use the following policy statements. The first three policy statements are required for OS Management and might already be specified for your dynamic group (if you are adding to existing policies).
For a dynamic group:
Allow service osms to read instances in tenancy Allow dynamic-group <dynamic_group_name> to read instance-family in tenancy Allow dynamic-group <dynamic_group_name> to use osms-managed-instances in tenancy Allow dynamic-group <dynamic_group_name> to read osms-software-sources in tenancy Allow dynamic-group <dynamic_group_name> to manage osms-scheduled-jobs in tenancy where any {request.permission = 'OSMS_SCHEDULED_JOB_CREATE'} Allow dynamic-group <dynamic_group_name> to manage osms-managed-instances in tenancy Allow dynamic-group <dynamic_group_name> to use ons-topics in tenancy Allow dynamic-group <dynamic_group_name> to {OSMS_EVENT_READ, OSMS_EVENT_MANAGE, OSMS_EVENT_INSPECT} in tenancy
For a non-admin user:
Allow group <group_name> to {OSMS_EVENT_READ, OSMS_EVENT_MANAGE, OSMS_EVENT_INSPECT} in tenancy
- Previous Required IAM Policies for a Compartment
-
To apply the policies for Autonomous Linux only to a compartment inside the tenancy, use the following policy statements. The first three policy statements are required for OS Management and might already be specified for your dynamic group (if you are adding to existing policies).
Important
The policy statements that are set in tenancy must be set in tenancy. The other policy statements can be applied to a compartment inside the tenancy.For a dynamic group:
Allow service osms to read instances in tenancy Allow dynamic-group <dynamic_group_name> to read instance-family in compartment <compartment_name> Allow dynamic-group <dynamic_group_name> to use osms-managed-instances in compartment <compartment_name> Allow dynamic-group <dynamic_group_name> to read osms-software-sources in tenancy Allow dynamic-group <dynamic_group_name> to manage osms-scheduled-jobs in compartment <compartment_name> where any {request.permission = 'OSMS_SCHEDULED_JOB_CREATE'} Allow dynamic-group <dynamic_group_name> to manage osms-managed-instances in compartment <compartment_name> Allow dynamic-group <dynamic_group_name> to use ons-topics in compartment <compartment_name> Allow dynamic-group <dynamic_group_name> to {OSMS_EVENT_READ, OSMS_EVENT_MANAGE, OSMS_EVENT_INSPECT} in compartment <compartment_name>
For a non-admin user:
Allow group <group_name> to {OSMS_EVENT_READ, OSMS_EVENT_MANAGE, OSMS_EVENT_INSPECT} in compartment <compartment_name>
Creating an Autonomous Linux Instance
- Follow the steps to create an instance using the Oracle Autonomous Linux platform image, until the advanced options. Ensure
that the instance has either a public IP address or a service gateway, as described
in the prerequisites.Note
The Autonomous Linux service requires the OS Management Service Agent and Oracle Autonomous Linux plugins. These plugins are enabled by default in the Oracle Autonomous Linux platform image. - Click Create.
- Proceed to Verifying the Status of the Required Oracle Cloud Agent Plugins.
When registering with the OS Management service, Autonomous Linux instances subscribe to the default channel list and all other channel subscriptions are disabled. If you need to reenable any of these channels, you can do so using the Console, CLI, or REST APIs. For more information, see Managing Software Sources.
When registering with the OS Management service, Autonomous Linux instances subscribe to the default channel list and all other channel subscriptions are disabled. If you need to reenable any of these channels, you can do so using the Console, CLI, or REST APIs. For more information, see Managing Software Sources.
Verifying the Status of the Required Oracle Cloud Agent Plugins
The Autonomous Linux service requires that both the Oracle Autonomous Linux and OS Management Service Agent plugins are enabled and running.
On the Oracle Cloud Agent tab, when the Oracle Autonomous Linux plugin is enabled, the status for the plugin might not be shown properly as
Running
. To verify the actual status of the plugin,
follow these steps. After verifying that the Oracle Autonomous Linux and OS Management Service Agent plugins are running, you have completed the getting started tasks for setting up the Oracle Autonomous Linux instances. You can now use the Autonomous Linux service to manage the instance. Proceed to What to Do Next.
What to Do Next
After setting up an Oracle Autonomous Linux instance, proceed to Managing Autonomous Linux Settings where you can perform the following tasks:
- Update the schedule for daily autonomous updates
- Set the topic for event notifications
- Change the event collection setting