oracle
diff --git a/‎OracleManagementAgent/README.md
Lines changed: 112 additions & 62 deletions b/‎OracleManagementAgent/README.md
Lines changed: 112 additions & 62 deletions
diff --git a/‎OracleManagementAgent/dockerfiles/1.0.0/Dockerfile
Lines changed: 59 additions & 0 deletions b/‎OracleManagementAgent/dockerfiles/1.0.0/Dockerfile
Lines changed: 59 additions & 0 deletions
@@ -1,161 +1,211 @@
 # Oracle Management Agent Container Image
-This repository contains sample container configurations to facilitate installation and environment setup for DevOps users. This project includes Dockerfiles based on Oracle Linux and Oracle OpenJDK 8.
+
+This repository contains sample container configurations of [Oracle Management Agent](https://docs.oracle.com/en-us/iaas/management-agents/index.html) to facilitate installation and environment setup for DevOps users. This project includes Dockerfiles based on Oracle Linux and Oracle OpenJDK 8.
 
 The certification of Oracle Management Agent in a container does not require the use of any file presented in this
 repository. Customers and users are welcome to use them as starters, and customize/tweak, or create
 from scratch new scripts and Dockerfiles.
 
+> Note: The Oracle Management Agent container image no longer requires elevated privileges. You can now chose to create a new user for the agent when building the image or at runtime by providing the UID and GID values of an existing user account on the host system.
 
 ## How to build and run
 
-Oracle Management Agent image uses the official `oraclelinux:7-slim` container image as the base image.
+Oracle Management Agent image uses the official `oraclelinux:8-slim` container image as the base image.
 
-#### Prerequisites
+## Prerequisites
 
-1. [Download the Management Agent software](https://cloud.oracle.com/macs)
+1. [Download the Oracle Management Agent software](https://cloud.oracle.com/macs)
 
-    **Note: Select 'Downloads and Keys' then download 'Agent for LINUX (X86_64)' of the package type ZIP.**
+    > Note: Select 'Downloads and Keys' then download 'Agent for LINUX (X86_64)' of the package type ZIP.
 
-1. Copy the downloaded bundle to the same directory as the Dockerfile
+1. Copy the downloaded bundle to the same directory as the `Dockerfile`
 
     ```shell
-    $ cp oracle.mgmt_agent.zip OracleManagementAgent/dockerfiles/latest/
+    cp oracle.mgmt_agent.zip OracleManagementAgent/dockerfiles/latest/
     ```
 
-1. Follow the steps in the [Create Install Key](https://docs.oracle.com/en-us/iaas/management-agents/doc/management-agents-administration-tasks.html#GUID-C841426A-2C32-4630-97B6-DF11F05D5712) and [Configure a Response File](https://docs.oracle.com/en-us/iaas/management-agents/doc/install-management-agent-chapter.html#GUID-5D20D4A7-616C-49EC-A994-DA383D172486) sections of the [Management Agent](https://docs.oracle.com/en-us/iaas/management-agents/index.html) documentation to create an install key and save it locally as `input.rsp`.
+1. Change to the directory in which the `Dockerfile` for this container image is located
+
+    ```shell
+    cd OracleManagementAgent/dockerfiles/latest/
+    ```
 
-1. Copy the downloaded install key to the same directory as the Dockerfile
+1. Follow the steps in the [Create Install Key](https://docs.oracle.com/en-us/iaas/management-agents/doc/management-agents-administration-tasks.html#GUID-C841426A-2C32-4630-97B6-DF11F05D5712) documentation to download the install key.
+Next, follow the steps to [Configure a Response File](https://docs.oracle.com/en-us/iaas/management-agents/doc/install-management-agent-chapter.html#GUID-5D20D4A7-616C-49EC-A994-DA383D172486) and save it locally as `input.rsp` in the current directory.
+
+1. Create a directory on the host to store persisitent data. This directory will be bind mounted into the container at runtime.
 
     ```shell
-    $ cp input.rsp OracleManagementAgent/dockerfiles/latest/
+    rm -rf /oracle-management-agent
+    mkdir -p /oracle-management-agent
     ```
 
-1. Change to the directory in which the `Dockerfile` for this container image is located
+1. Create a local user account that will be used to run the container. This can be any user account on the host system and if the desired user already exists then this step can be skipped.
+
+    ```shell
+    groupadd -g 9100 orclmgmtagntgrp
+    useradd orclmgmtagntusr -u 9200 -g 9100 -m -s /bin/bash
+    ```
+
+    > Note: Remember to substitute `orclmgmtagntusr` and `orclmgmtagntgrp`, wherever applicable, with the desired user if you choose to skip this step.
+
+1. Change ownership of the directory holding persistent data to the desired user.
 
     ```shell
-    $ cd OracleManagementAgent/dockerfiles/latest/
+    chown -R orclmgmtagntusr:orclmgmtagntgrp /oracle-management-agent
     ```
 
 1. Ensure your tenancy is configured correctly by [applying the documented prerequisites for deploying management agents](https://docs.oracle.com/en-us/iaas/management-agents/doc/perform-prerequisites-deploying-management-agents.html)
 
-#### Steps to build and run using Docker Compose
+## Using Docker Compose
+
+1. Create .env file to populate the environment variables
 
-1. Create .env file to populate the hostname variable
     ```shell
-    $ echo "mgmtagent_hostname=mgmtagent912" > .env
+    echo "mgmtagent_hostname=mgmtagentcontainer1" > .env
+    echo "DOCKER_BASE_DIR=/oracle-management-agent" >> .env
+    echo "USERID=$(id -u orclmgmtagntusr)" >> .env
+    echo "GROUPID=$(id -g orclmgmtagntusr)" >> .env
     ```
-    **Note: Chose a unique hostname as it will be used to identify Management Agent in the UI.**
 
 1. Use Docker Compose CLI to build and run a container image
 
     ```shell
-    $ docker-compose up -d
+    docker-compose up --build -d
     ```
 
-#### Steps to build and run using Docker CLI 
+## Using Docker or Podman
 
 1. Build the container image
 
     ```shell
-    $ docker build -t oracle/mgmtagent-container .
+    > docker build -t oracle/mgmtagent-container .
     ```
 
-1. Create a Docker volume to share configs with the container
+1. Copy the Install Key (`input.rsp`) into the directory that will be bind mounted into the container and used for persistent storage
 
     ```shell
-    $ docker volume create mgmtagent-volume
-
-    # identify the mount point location to use in next steps
-    $ docker volume inspect mgmtagent-volume|grep Mountpoint
-        "Mountpoint": "/var/lib/docker/volumes/mgmtagent-volume/_data",
+    mkdir -p /oracle-management-agent/mgmtagent_secret/
+    cp input.rsp /oracle-management-agent/mgmtagent_secret/
+    chown -R orclmgmtagntusr:orclmgmtagntgrp /oracle-management-agent/mgmtagent_secret/
     ```
 
-1. Copy the Install Key (input.rsp) into the shared Docker volume Mountpoint
+1. Start a container
 
     ```shell
-    # create any necessary dirs
-    $ mkdir -p /var/lib/docker/volumes/mgmtagent-volume/_data/mgmtagent_secret
-    $ cp input.rsp /var/lib/docker/volumes/mgmtagent-volume/_data/mgmtagent_secret/
+    # commands given below expect user to be running in a bash shell
+    export USERID=$(id -u orclmgmtagntusr)
+    export GROUPID=$(id -g orclmgmtagntusr)
+    docker run --user $USERID:$GROUPID -d --name mgmtagentcontainer1 --hostname mgmtagentcontainer1 -v /oracle-management-agent/:/opt/oracle:rw --restart unless-stopped oracle/mgmtagent-container:latest
     ```
 
-1. Start a container
+    > Note: Refer to [description of the recommended run parameters](https://docs.docker.com/engine/reference/run) used above
+
+1. Remove the Install Key (`input.rsp`) from the host directory after [verifying the new Oracle Management Agent is registered and visible in the main Oracle Management Agent page](https://docs.oracle.com/en-us/iaas/management-agents/doc/install-management-agent-chapter.html#GUID-46BE5661-012E-4557-B679-6456DBBEAA4A)
 
     ```shell
-    $ docker run -d --name mgmtagent-container --hostname mgmtagent1 -v mgmtagent-volume:/opt/oracle:rw --restart unless-stopped oracle/mgmtagent-container:latest
+    > rm  /oracle-management-agent/mgmtagent_secret/input.rsp
     ```
 
-    **Description of Docker run parameters used above**
-    <!-- markdownlint-disable MD033 -->
-    | Parameter | Description |
-    | --------- | ----------- |
-    | -d | Starts mgmtagent-container in detached mode |
-    | --name mgmtagent-container | The name given to the container to identify it. |
-    | --hostname mgmtagent1 | Assign mgmtagent1 as the containers internal hostname. This can be any hostname compliant string and it will be used to identify the Management Agent instance in the OMC Console. |
-    | -v mgmtagent-volume | /opt/oracle:rw: Mounts the volume mgmtagent-volume created on host filesystem inside the container at /opt/oracle with Read/Write privileges. |
-    | --restart unless-stopped | Unless explicitly stopped, this restart policy restarts mgmtagent-container automatically when docker restarts. |
-    <!-- markdownlint-enable MD033 -->
+## Running custom user operations
+
+You can provide a custom shell script that will run before the Oracle Management Agent starts by following these steps
 
-1. Remove the Install Key (input.rsp) from the shared Docker volume Mountpoint after [verifying the new Management Agent is registered and visible in the main Management Agents page](https://docs.oracle.com/en-us/iaas/management-agents/doc/install-management-agent-chapter.html#GUID-46BE5661-012E-4557-B679-6456DBBEAA4A)
+1. Refer to [init-agent.sh](dockerfiles/latest/user-scripts/init-agent.sh) in the user-scripts directory
+
+    Modify the script `init-agent.sh` to add custom commands that execute each time before Oracle Management Agent starts
+
+1. Follow the steps to build and run a container and validate the output of `init-agent.sh` script is visible in the logs by running the following command
 
     ```shell
-    $ rm  /var/lib/docker/volumes/mgmtagent-volume/_data/mgmtagent_secret/input.rsp
+    > docker logs mgmtagent-container
     ```
 
-#### Steps to execute custom user operations
+## Troubleshooting
 
-Users can provide custom shell script commands to execute before starting Management Agent as described in the following steps
+Below are some possible solutions to common issues that may occur when running the Oracle Management Agent in a container
 
-1. Refer to [init-agent.sh](dockerfiles/latest/user-scripts/init-agent.sh) in the user-scripts directory
+1. mkdir: cannot create directory '/opt/oracle/bootstrap': Permission denied
 
-    Modify the script `init-agent.sh` to add custom commands that execute each time before Management Agent starts
+    * Ensure the mounted bind volume exists and is accessible by the user used to run the container
+    * Verify the user USERID and GROUPID used match the permissions set on the mounted bind volume
+    * Verify the mounted bind volume exists on the host
 
-1. Follow the steps to build and run a container and validate the output of `init-agent.sh` script is visible in the logs by running the following command
+1. Invalid argument: /opt/oracle/mgmtagent_secret/input.rsp
+
+    * Ensure the install key exists at the required location
+
+1. Oracle Management Agent registration failures due to old state files from a prior install
+    * Once a Oracle Management Agent instance is deregistered that instance must be shutdown and any associated state files must be removed from the filesystem. Starting a deregistered Oracle Management Agent instance again can result in unregistered agent failures.
+    This situation can present itself when old state files from a prior installation are present on the filesystem and made available to a new Oracle Management Agent container deployment. Run the command given below on the host filesystem to perform the necessary cleanup on the bind mount location and perform the deployment again starting at the prerequisites step.
 
     ```shell
-    $ docker logs mgmtagent-container
+    rm -rf /oracle-management-agent/
     ```
 
-#### Helpful administration commands
+## Helpful commands
 
-1. Starting a stopped Management Agent Container
+1. Starting a stopped Oracle Management Agent Container
 
     ```shell
-    $ docker start mgmtagent-container
+    docker start mgmtagent-container
     ```
 
-1. Stopping a running Management Agent Container
+1. Stopping a running Oracle Management Agent Container
 
     ```shell
-    $ docker stop mgmtagent-container
+    docker stop mgmtagent-container
     ```
 
-1. Inspecting logs of Management Agent Container
+1. Inspecting the logs of a running Oracle Management Agent container
 
     ```shell
-    $ docker logs mgmtagent-container
+    docker logs mgmtagent-container
     ```
 
-1. Cleanup volume using Docker Compose
+1. Gathering UID and GID of a user from the host environment
 
     ```shell
-    $ docker-compose down --volumes
+    id -u <username> # prints UID of user
+    id -g <username> # prints GID of user
     ```
 
-1. Cleanup volume using Docker CLI
+1. Creating a nominated user account during image development (optional)
 
     ```shell
-    $ docker volume rm mgmtagent-volume
+    groupadd -g <numeric-gid-value> <desired-groupname>
+    # example:
+    groupadd -g 9100 orclmgmtagntgrp
+
+    useradd <desired-username> -u <numeric-uid-value> -g <numeric-gid-value> -m -s /bin/bash
+    # example:
+    useradd orclmgmtagntusr -u 9200 -g 9100 -m -s /bin/bash
+
+    # Tip: Add useradd/groupadd to Dockerfile to create a nominated user during image development
     ```
 
+## Container Files for Older Releases
+
+The Oracle Management Agent older container files mentioned below are no longer actively maintained and they are kept in this repository for historical purposes only.
+
+* Oracle Management Agent container files version 1.0.0 [`docker-images/OracleManagementAgent/dockerfiles/1.0.0`](./dockerfiles/1.0.0)
+
+**Notes:**
+
+* Oracle Management Agent container files version 1.0.0 require elevated privileges to run and therefore are not compatible with the latest version found in this repository. Upgrading a version 1.0.0 container to run with the latest container files is also not supported for the same reason.
+
 ## License
+
 To download and run the Oracle Management Agent, regardless whether inside or outside a container, you must download the binaries from the Oracle website and accept the license indicated at that page.
 
 Oracle Linux is licensed under the [Oracle Linux End-User License Agreement](https://oss.oracle.com/ol/EULA).
 
-All scripts and files hosted in this project and GitHub [`docker-images/OracleManagementAgent`](./) repository, required to build the Docker images are, unless otherwise noted, released under the [UPL 1.0](https://oss.oracle.com/licenses/upl/) license.
+All scripts and files hosted in this project and GitHub [`docker-images/OracleManagementAgent`](./) repository, required to build the container images are, unless otherwise noted, released under the [UPL 1.0](https://oss.oracle.com/licenses/upl/) license.
 
 ## Support
+
 Oracle Management Agent container image is supported for the Linux images listed [here](https://docs.oracle.com/en-us/iaas/management-agents/doc/perform-prerequisites-deploying-management-agents.html#GUID-BC5862F0-3E68-4096-B18E-C4462BC76271). For more details please see My Oracle Support.
 
 ## Copyright
-Copyright (c) 2022 Oracle and/or its affiliates.
+
+Copyright (c) 2022, 2023 Oracle and/or its affiliates.
@@ -0,0 +1,59 @@
+# Copyright (c) 2023 Oracle and/or its affiliates.
+#
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+#
+# ORACLE DOCKERFILES PROJECT
+# --------------------------
+# This is the Dockerfile for Oracle Management Agent
+#
+# Base image of this dockerfile is Oracle Linux 7 Slim docker image.
+# 
+# REQUIRED FILES TO BUILD THIS IMAGE
+# ----------------------------------
+# (1) Management Agent software for Linux (Linux-x86_64/latest/oracle.mgmt_agent.zip)
+#
+# How to download the Management Agent software:
+# https://docs.oracle.com/en-us/iaas/management-agents/doc/install-management-agent-chapter.html
+# 
+# HOW TO BUILD THIS IMAGE
+# -----------------------
+# Put all downloaded files in the same directory as this Dockerfile
+# Run:
+#      $ docker build -t oracle/mgmtagent-container .
+#
+# This command is already scripted in build.sh so you can alternatively run
+#		$ bash build.sh
+#
+
+FROM oraclelinux:7-slim
+
+# Labels
+LABEL "provider"="Oracle"                                               \
+      "issues"="https://github.com/oracle/docker-images/issues"         \
+      "volume.data"="/opt/oracle"
+
+# Install packages to install and run Management Agent
+RUN set -eux; \
+    yum -y install \
+    java-1.8.0-openjdk-devel.x86_64 \
+    sudo \
+    unzip \
+    && rm -rf /var/cache/yum
+
+# Specify locale settings
+ENV LANG en_US.UTF-8
+ENV LC_ALL C
+
+# Copy container scripts to initialize the environment and start Management Agent
+COPY ./container-scripts/*.sh /opt/oracle-mgmtagent-bootstrap/scripts/
+RUN chmod 0544 /opt/oracle-mgmtagent-bootstrap/scripts/*.sh
+
+# Copy user provided scripts
+COPY ./user-scripts/init-agent.sh /opt/oracle-mgmtagent-bootstrap/scripts/
+RUN chmod 0544 /opt/oracle-mgmtagent-bootstrap/scripts/init-agent.sh
+
+# Copy Management Agent Installer Zip bundle
+COPY ./oracle.mgmt_agent.zip /opt/oracle-mgmtagent-bootstrap/packages/
+
+# Set watchdog as the entrypoint script (PID-1) for the container
+ENTRYPOINT ["/opt/oracle-mgmtagent-bootstrap/scripts/watchdog.sh"]