In this video, you will learn about using OS Management Service for Oracle Linux instances. When you are considering to use Oracle Linux OS within OCI, you get a collection of benefits to begin with. With Oracle Linux, you get enterprise premier support within OCI. It includes support for Oracle Linux features such as Ksplice, KVM, Docker, Kubernetes, Gluster, and Ceph. All these are standard features available to take care of various Linux features, for example, Kubernetes; you may want to set up your own compute instances and set up Docker within them or Gluster for the open-source file systems or use the safe for storage and related features. All these, you get support from Oracle as a default when you use Oracle Linux within your compute instances. You obviously get latest updates to your OS binaries and packages. You have optimizations for the Cloud specifically. When you're using Oracle Linux in a genetic way, you might have to work out based on the hardware, what specific updates are required? But when you use Oracle Linux within Oracle Cloud, there are quite a few enhancements or optimizations that are provided, built into the Linux database package, including things such as OCI utilities which can be used to pick it off certain utilities. For example, to provision additional Phoenix or take care of [inaudible] configuration for your block storage service, et cetera. When such updates are made available, you have regional copy of the yum repositories. Remember, when you are using OCI and if there are different regions that you are subscribed to, inter-region traffic, there is a price involved. What Oracle takes care is, within each region, inside the object store, there is yum repositories created. Oracle takes care of replicating or making the updates available in all regions locally so that when you are updating using OS Management or any other tool to get the latest updates there is no additional network transfer costs that comes in because the yum is mirrored across all region. With OS Management as a service, you have the ability to automate this whole process of updating, which makes it easy to use and time-consuming, and most importantly, the service itself is free of cost. When you are using Oracle Linux within OCI, please remember, it is free of cost, including the support you get. The entire stack hardware is managed by Oracle and supported by Oracle. OS is from Oracle and supported by Oracle. Any other application or database that you run from Oracle, the entire stack, you get support from Oracle and no need to budget for OS licensing. For example, if you use Red Hat Linux, for the support you would have to pay separately. Here, you get the support free of cost when you are using Oracle Linux within OCI. Next, when you want to use OS Management for your Linux instances, number 1, you need to set up a dynamic group within the tenancy wherein you will have to allow the instances which have the Oracle Linux to use the OS Management Service. There are specific policy statements that have to be written to the dynamic group so that the compute instances that are members of this dynamic group have privileges to use the OS Management Service. You would have to grant this dynamic group the ability to retrieve the OS Management details, et cetera. For OS Management to capture metrics about what has been applied and things like that, you need to allow the Service OS Management to emit metrics so that you can integrate it with your monitoring and notifications. The Oracle Linux specific instances you use generally are provided using the Oracle-provided images and in such images, you by default get the Oracle Management agent installed. For example, if I go to one of my compute instances which I have provisioned, where I use the Oracle Linux environment. If you look at any of these instances, there would be the Cloud agent option that is available. Starting last year 2020 onwards the various images have a default agent that is installed and you have one of the agency Oracle as the OS Management agent, which should be enabled within the compute instance. That is a prerequisite before you can use OS Management inside your compute instances. Then if you have only the agent, but you don't have the OS Management agent because the Cloud agent is an agent which has various other services supported from an agent functionality. If the OSMS. If MS Agent is not installed, you can explicitly install it in the compute instance. You will have these prerequisites to be taken care of before you go ahead and enable OS management for your Linux compute instances. Once OS management is enabled and IAM privileges are granted. If you go to a compute instances OS management page, which is available under the left-hand side over here. If you go to that, you will see the view for, what are the updates available? You can see here, the updates available within this example is shown as there is none from a security perspective, there are some bug fixes and enhancements available. You can go and install all of them that or schedule it to be done later or view the details about the various packages that will be installed. You will get a lot of flexibility in terms of how you can apply them. If you go into the details page, you will see, for a given instance, what is the list of packages installed? You can click on it and schedule them to be applied at a particular point. You can go and see the scheduled jobs which are there for your compute instance. This is an example of managing each individual instance of Oracle Linux explicitly by using OS management to schedule and apply updates. But how does this get the updates? There is the concept of a software source that has to be configured. Every compute instance based on its OS image that it has used will have a particular parent software source automatically assigned from within Oracle cloud, which is the base software source to get the updates. But beyond that, you can also add additional child sources which you can see here, this is a parent source, but there are various child sources depending on what packages you want to get updates from. The base might give you only certain specific packages for updates, but the other child sources or additional sources that might give you details far additional packages, updates that are available based on what you have installed in your compute instance. You can configure custom software sources of your choice, but you cannot update your own packages into these custom sources. They have to come from the Yum repositories only and may be in the future that would also be made available. If you want to add additional software sources to a given compute instance, you can add and choose the software sources that you'll want to use for a given compute instance, then you have the ability, as I told you, to create an instance group. How do you do that? From the Compute Service, go to OS Management. Within that, go to Instance Group, you create an instance group by choosing whether it is a Linux or Windows-based instance. Create an instance group and add specific compute instances into them based on the OS management service that is available. As a group, you can apply specific packages to the entire group. This can be done immediately or you can schedule and get the execution of this done at the time which you find is appropriate for applying these patches. When you are grouping instances into an instance group, in short, all the instances are of the same OS release. For example, you should not keep Oracle Linux 6 and Oracle Linux 7 instances in the same group because the behavior of updates and practice can give unpredictable or inconsistent results. Keep that in mind when you create your managed instance groups. How do you go and identify any specific vulnerability updates that are available? For Oracle Linux, you will have a CVE lookup. This fundamentally is a means to look up specific security vulnerabilities and exposures that have been identified and fixes given and given as an example of two updates available. If you click on any one of them, you get the details about what all updates come. You also get to see dependencies. What other packages may have can be updated will also be given. You can, by installing a particular update, dependencies are also taken care of with this service. Once you have applied a package in a compute instance or an instance group, it is applied immediately, or you can schedule them to be updated at a particular point in time wherein you are scheduling jobs. Once you have scheduled jobs, you can reschedule them or explicitly random at a particular time, or make them skip, etc, which are also features available when you want to manage our jobs within OS management service. As a service, the management has the capability to capture the matrix. Remember when we looked at the prerequisites for using OS management, I mentioned let the service emit metrics. If it is going to emit, then you will be having information about how many instances are managed, how many are not managed? How many of them have updates? How many of them have security updates, etc given to you as a metric. You can configure alarms to give you notifications whenever such metrics are captured. This is an overview of using OS management with Linux from an Oracle. Any other software OS that is given by any other provider, you don't have this feature. It is available only with Oracle Linux as of today. That brings us to the end of using OS management for Oracle Linux-based compute instances.
