Oracle Cloud Infrastructure Documentation

Understanding Groups

Groups provide a way to manage and monitor a collection of instances in OS Management Hub. You can use groups to apply errata, update software, and schedule jobs for common content management tasks.

Creating a group involves selecting the OS (and software sources for Oracle Linux) and then adding instances to the group. The group's instances must have the same OS vendor, OS version, architecture, and location. The location can either be either OCI or on-premises and third-party cloud.

For groups, you can schedule jobs for common content management tasks, such as scheduling recurring update jobs to apply security vulnerability patches and bug fixes. After scheduling jobs, you can then monitor the status of pending and completed jobs. Job results help you determine which, if any, group members failed to execute a group job. Any jobs specific to an individual group member will not display in the list of group jobs.

For additional visibility and reporting status, the service provides reports for groups where you can view information about the members of a group within a compartment, including which members require patching and those that aren't in communication with the service.

What happens when an instance joins the group?

The service:

  • Includes the instance in any scheduled jobs for the group.
  • Applies all future group-level actions to the instance (such as update jobs, manifest changes).
  • (Oracle Linux only) Replaces the instance's software sources with the software sources listed in the group manifest
  • (Oracle Linux only) Installs the latest available versions of the packages in the group manifest from the software sources in the group.
  • (Oracle Linux only) Installs the modules and profiles in the group manifest from the software sources in the group.

The service does not:

What happens when an instance leaves the group?

No changes are made to the OS content on the instance. The software on the instance remains as it was when the instance left the group. The instance is no longer managed as part of the group and won't be included in any recurring group jobs. Consider creating recurring update jobs for the instance to ensure it receives regular security and other updates.

Can an instance be modified independently from the group?

You can install packages, remove packages, or update packages on an individual instance of the group. When you make changes to an individual group member, that instance might differ from the group manifest. See Why does the group manifest differ from what's on the instance?

However, software sources must be attached at the group level.

Group Manifest (Oracle Linux only)

You control the content available to a group of Oracle Linux instances using the group manifest. The group manifest lists the software sources available to every group member. You can also use the manifest to define a set of packages and modules to install instances when they join the group.

Any changes you make to the group manifest are reflected on the current members of the group. For example, if you add a software source to the manifest, that software source is attached to all instances in the group. Similarly, adding a package to the group manifest installs that package on all instances in the group.

Group members can't change their attached software sources from what the group manifest specifies. The group defines the set of software sources available to its members. However, group members can install and remove individual packages and modules independently from the manifest.
Note

Schedule recurring update jobs to keep group members updated to the latest packages available for the group.
Why does the group manifest differ from what's on the instance?

The group manifest doesn't list a complete package and module inventory for group members, nor does it enforce complete content alignment across the group. It specifies the set of packages and modules to install on an instance when in joins the group.

An individual instance will contain packages not listed on the group manifest. These include:

  • Packages installed before the instance joined the group.
  • Packages installed on the individual instance (Installing Packages on an Instance).
  • Packages installed outside of the service (for example, by using dnf install)

There might be packages on the group manifest that aren't on the instance if:

  • Packages were removed from the individual instance (Removing Packages from an Instance).
  • Packages were removed outside of the service (for example, by using dnf remove).
What happens when the group manifest changes?

When the group manifest changes, the service applies those changes to all current members of the group. For example, removing a package from the manifest removes the package from all instances in the group.