Pre-requisites for Monitoring a Oracle LDoms Server
There are several pre-requisites for an eG agent to be able to monitor a Oracle LDoms server and the guest VMs hosted on it.
-
Make sure that the firewall on the Oracle LDoms server is configured to allow outbound traffic from the eG agent to the eG management console. The port used for this communication is determined at the time the eG manager and agents are installed in your environment; port 7077 is the default. To configure the agent-manager communication, do the following:
-
Edit the ipf.conf file in the /etc/ipf directory on the Oracle LDoms server.
-
The sample contents of the file are as given below:
# Allow Outbound Traffic:
pass out quick proto tcp from any to any flags S keep state
pass out quick proto udp from any to any keep state
pass out quick proto icmp from any to any keep state
#
# SSHD - Allow Inbound from All Addresses to Port 22:
pass in quick proto tcp from any to any port = 22
#
# Block without Logging Inbound Ports 137, 138, 139, and 631:
block in quick proto udp from any to any port = 137
block in quick proto tcp from any to any port = 137
block in quick proto udp from any to any port = 138
block in quick proto tcp from any to any port = 138
block in quick proto udp from any to any port = 139
block in quick proto tcp from any to any port = 139
block in quick proto tcp/udp from any to any port = 631
block in quick proto http from any to any port = 7077
#
# Block and Log Everything Else Inbound (comment first line below to allow ping requests):
block in log first proto icmp from any to any
block in log first proto tcp/udp from any to any
-
If the firewall has been configured to block the port 7077, then an entry to that effect will be available in the ipf.conf file. For instance, in the sample contents above, the entry in Bold indicates that the port 7077 is currently blocked.
-
To enable eG agent-manager communication, simply comment the entry in Bold by prefixing it with a #, as indicated below:
# Allow Outbound Traffic:
pass out quick proto tcp from any to any flags S keep state
pass out quick proto udp from any to any keep state
pass out quick proto icmp from any to any keep state
#
# SSHD - Allow Inbound from All Addresses to Port 22:
pass in quick proto tcp from any to any port = 22
#
# Block without Logging Inbound Ports 137, 138, 139, and 631:
block in quick proto udp from any to any port = 137
block in quick proto tcp from any to any port = 137
block in quick proto udp from any to any port = 138
block in quick proto tcp from any to any port = 138
block in quick proto udp from any to any port = 139
block in quick proto tcp from any to any port = 139
block in quick proto tcp/udp from any to any port = 631
# block in quick proto http from any to any port = 7077
#
# Block and Log Everything Else Inbound (comment first line below to allow ping requests):
block in log first proto icmp from any to any
block in log first proto tcp/udp from any to any
-
Then, save the ipf.conf file.
-
To make sure that the changes take effect, execute the following command:
svcadm restart network/ipfilter
-
-
Also, ensure that the Oracle LDoms firewall allows the eG agent on the server to communicate with the Linux and Oracle guests of the server using SSH. If the firewall has blocked the SSH port (default is 22), then make sure that it is opened using the procedure discussed above.
-
Ensure that SSH is enabled on all Linux and Oracle guests to be monitored.
-
To enable the eG agent to communicate with the guest domains, an administrative account login and password must be provided when configuring the eG monitoring capabilities; different logins can be provided for different logical domains on the same Oracle server.
