Oracle Cloud

Required Permissions

Integrating Oracle Public Cloud with Morpheus requires access to a service account with at least the permission set listed below. When creating an Oracle Cloud integration scoped to a specific compartment, the service account needs access only to the listed resource families within the chosen compartment. If the Cloud will be scoped to all compartments, the service account will need access to the listed resource families at the root compartment.

  • Oracle Cloud Policy Requirements

    Allow group <GROUP CONTAINING SERVICE USER> to manage cluster-family in compartment <CHOSEN COMPARTMENT OR ROOT COMPARTMENT>

    Allow group <GROUP CONTAINING SERVICE USER> to manage compute-management-family in compartment <CHOSEN COMPARTMENT OR ROOT COMPARTMENT>

    Allow group <GROUP CONTAINING SERVICE USER> to manage data-catalog-family in compartment <CHOSEN COMPARTMENT OR ROOT COMPARTMENT>

    Allow group <GROUP CONTAINING SERVICE USER> to manage dns in compartment <CHOSEN COMPARTMENT OR ROOT COMPARTMENT>

    Allow group <GROUP CONTAINING SERVICE USER> to manage file-family in compartment <CHOSEN COMPARTMENT OR ROOT COMPARTMENT>

    Allow group <GROUP CONTAINING SERVICE USER> to manage instance-family in compartment <CHOSEN COMPARTMENT OR ROOT COMPARTMENT>

    Allow group <GROUP CONTAINING SERVICE USER> to manage object-family in compartment <CHOSEN COMPARTMENT OR ROOT COMPARTMENT>

    Allow group <GROUP CONTAINING SERVICE USER> to manage virtual-network-family in compartment <CHOSEN COMPARTMENT OR ROOT COMPARTMENT>

    Allow group <GROUP CONTAINING SERVICE USER> to manage volume-family in compartment <CHOSEN COMPARTMENT OR ROOT COMPARTMENT>

Add Oracle Public Cloud

Important

A Keypair (both public and private key) must be added to Morpheus with the Public Key in ssh-rsa format. The Public Key in PEM format needs to be added to Oracle Cloud users keys in Oracle Cloud console for authentication.

Note

Information on uploading the Public Key and generating Tenancy’s OCID and User’s OCID can be found at https://docs.cloud.oracle.com/iaas/Content/API/Concepts/apisigningkey.htm

To get started, navigate to Infrastructure > Clouds. Click + ADD and select Oracle Public Cloud to begin a new one. Configure the following options for the new Cloud:

Cloud Configuration

NAME

Name of the Cloud in Morpheus

CODE

Unique code used for api/cli, automation and policies.

LOCATION

Description field for adding notes on the cloud, such as location.

VISIBILITY

For setting cloud permissions in a multi-tenant environment. Not applicable in single tenant environments.

TENANT

If Visibility is set to Private, select the Tenant the Cloud resources will assigned to.

ENABLED

When disabled, automatic Cloud sync is paused and the Cloud will not be selectable for provisioning.

AUTOMATICALLY POWER ON VMS

When enabled, Morpheus will maintain the expected power state of managed VMs. Morpheus will power on any managed VMs in the Cloud that have been shut down for unknown reasons (not powered off by Morpheus) to ensure availability of services.

Note

When “AUTOMATICALLY POWER ON VMS” is enabled, the power state of managed VMs should be maintained in Morpheus. This setting is not applicable to discovered/unmanaged resources.

Details

TENANCY OCID

The OCID string from Tenancy Information section in Oracle Cloud

USER OCID

OCID String for the OPC API user

SELECT KEY PAIR

Select a keypair added to Morpheus matching the public key added to specified OPC API user

REGION

Select the OPC region (populates after successful account authentication)

COMPARTMENT

Choose to scope the Cloud to all compartments or to one specific compartment (populates after successful account authentication)

INVENTORY

Turn on for Morpheus to discover and sync existing VMs

Advanced Options

DOMAIN

Specify a default domain for instances provisioned to this Cloud.

SCALE PRIORITY

Only affects Docker Provisioning. Specifies the priority with which an instance will scale into the cloud. A lower priority number means this cloud integration will take scale precedence over other cloud integrations in the group.

APPLIANCE URL

Alternate Appliance url for scenarios when the default Appliance URL (configured in admin > settings) is not reachable or resolvable for Instances provisioned in this cloud. The Appliance URL is used for Agent install and reporting.

TIME ZONE

Configures the time zone on provisioned VM’s if necessary.

DATACENTER ID

Used for differentiating pricing among multiple datacenters. Leave blank unless prices are properly configured.

NETWORK MODE

Unmanaged or select a Network Integration (NSX, ACI etc)

LOCAL FIREWALL

On or Off. Enable to managed Host and VM firewall/IP Table rules (linux only)

SECURITY SERVER

Security Server setting is for Security Service Integrations such as ACI

TRUST PROVIDER

Select Internal (Morpheus) or an existing Trust Provider Integration

STORAGE MODE

Single Disk, LVM or Clustered

BACKUP PROVIDER

Select a backup provider. Depending on the Cloud type and any currently-configured backup plugins you may select Internal Backups (Morpheus) or another configured backup solution

REPLICATION PROVIDER

Sets the default Replication Provider for the Cloud. Select an existing Replication Provider Integration

GUIDANCE

Enable Guidance recommendations on cloud resources.

COSTING

Enable for Morpheus to sync Costing data from the Cloud provider, when available. For on-prem Clouds, enabling costing activates a costing service designed to mirror the live costing experience of public clouds, including invoicing with line items and real-time cost data (Operations > Costing > Invoices). If your organization utilizes reserved instances and you want to pull in related pricing data, some Cloud integrations include the option to select Costing and Reservations. If this is not relevant, select Costing to save money on additional calls to the Cloud provider’s costing API.

DNS INTEGRATION

Records for instances provisioned in this cloud will be added to selected DNS integration.

SERVICE REGISTRY

Services for instances provisioned in this cloud will be added to selected Service Registry integration.

CONFIG MANAGEMENT

Select a Chef, Ansible or Puppet integration to be used with this Cloud.

CMDB

Select CMDB Integration to automatically update selected CMDB.

CMDB DISCOVERY

When checked, any automatically discovered (unmanaged) servers onboarded into Morpheus from this Cloud will also have CMDB records created for them.

CHANGE MANAGEMENT

Select an existing Change Management Integration to set on the Cloud. ex: Cherwell

AGENT INSTALL MODE
  • SSH / WINRM / Guest Execution: Morpheus will attempt to use SSH, WINRM or Guest Execution for Agent install.

  • Cloud Init / Unattend (when available): (DEFAULT) Morpheus will utilize Cloud-Init or Cloudbase-Init for agent install when provisioning images with Cloud-Init/Cloudbase-Init installed. Morpheus will fall back on SSH or WINRM if cloud-init is not installed on the provisioned image. Morpheus will also add Agent installation to Windows unattend.xml data when performing Guest Customizations or utilizing syspreped images.

VDI GATEWAY

Set a VDI Gateway for outbound communication from the Morpheus Appliance to the vdi endpoints. VDI Gateways can be added in /tools/vdi/gateways

CUSTOM LOGOS

When integrating a Cloud, it will appear by default throughout the UI with its standard logo (VMware logo for VMware Clouds, etc.). If desired, you may upload a custom logo that should appear instead. This might be useful for MSPs which might not want to reveal the Cloud type underlying its services. A dark mode version of the logo may also be uploaded if the standard logo doesn’t look right against the Morpheus dark mode theme. Checking USE DEFAULT CLOUD LOGOS allows the user to return to the standard logo for the Cloud type without deleting the custom uploaded logo.

INVENTORY OPTIONS

Inventory options allow you to set a default active or inactive state for certain discovered resources. The list of available resources to configure will vary based on the Cloud type and its supported resources. By default, all possible resources for the Cloud type will be discovered in an active state. Uncheck the box for some or all resources to discover them in an inactive state. The list of potential resources that may appear include:

  • Service Plans

  • Resource Pools

  • Networks

  • Security Groups

  • Datastores

  • Folders

Provisioning Command

PROXY

Set a proxy for inbound communication from Instances to the Morpheus Appliance. Proxies can be added in the Infrastructure > Networks > Proxies tab.

Bypass Proxy for Appliance URL

Enable to bypass proxy settings (if added) for Morpheus Agent communication to the Appliance URL.

NO PROXY

Include a list of IP addresses or name servers to exclude from proxy traversal

USER DATA (LINUX)

Add cloud-init user data. Morpheus 4.1.0 and earlier assumes bash syntax. Morpheus 4.1.1 and later supports all User Data formats. Refer to https://cloudinit.readthedocs.io/en/latest/topics/format.html for more information.

Enable Live Costing for Oracle Public Cloud

Morpheus version 4.2.1 and higher support live costing data from the Oracle Cloud metering API. In order to authenticate with this API, edit your existing Oracle Cloud account integration or begin the process of newly integrating an account that wasn’t previously consumable in Morpheus (Infrastructure > Clouds > +ADD).

In the advanced options section of the add/edit cloud modal for Oracle Public Cloud, the COSTING KEY and COSTING SECRET fields must be completed to work with metering API data in Morpheus. Unlike the OCI API authentication used to initially integrate Oracle Cloud, the metering API uses token-based authentication. We must access a Client ID and Client Secret value from the Oracle Public Cloud console to complete these fields.

../../../_images/1editcloud.png

Navigate to Oracle cloud sign in page, the URL for which is similar to the following example:

https://idcs-00a0xxxxxxxxxxxxx.identity.oraclecloud.com/ui/v1/signin

If you’re not redirected to the admin console similar to the one pictured below, log out and replace ‘signin’ at the end of the URL with ‘adminconsole’ as in the following example:

https:// idcs-00a0xxxxxxxxxxxxx.identity.oraclecloud.com/ui/v1/adminconsole

You’ll immediately be redirected back to the same signin page but in doing that you should be taken to the admin console after authenticating your session once again.

../../../_images/2adminconsole.png

Create a new application and select the type “Confidential Application”.

../../../_images/3confapp.png

On the Details tab, enter a “Name” value and click “Next”.

../../../_images/4appdetails.png

On the Client tab, choose to “Configure this application as a client now” to reveal additional fields. Then, in the Authorization section, mark the boxes for “Client Credentials” and “JWT Assertion”.

../../../_images/5appauth.png

In the Token Issuance Policy section, click the “+Add Scope” button. Click the right-facing arrow button in the row for “CloudPortalResourceApp”. Mark the box to give read access for metering and click “Add”.

../../../_images/6meteringread.png

Click “Next” until the “Finish” button is shown, then click “Finish”

The Client ID and Client Secret value will be shown at this point. If these values need to be referenced in the future, simply edit the application and go to the Configuration tab. The Client ID and Client Secret are shown in the General Information section.

../../../_images/7secretvalues.png

Back in Morpheus, enter these values in the COSTING KEY and COSTING SECRET fields of the add/edit cloud modal for your Oracle Public Cloud integration. You also need to fill in the IDENTITY SERVICE value. This value can be found in the URL for your Oracle admin console as shown in the image below. It will be in a format idcs-xxxxxx.

../../../_images/8identityservice.png

Save changes to the Cloud.