On April 23, 2025, OS Management reaches end of life (EOL). Effective now, the service is no longer available to you in regions where you are not already using OS Management, or to new users with new tenancies. Before the EOL date, we recommend that you migrate your managed instances to the OS Management Hub service. If you are an Oracle Autonomous Linux user, see Important Maintenance Event. For more information, see the Service Change Announcement.

Oracle Cloud Infrastructure Documentation

Getting Started with Autonomous Linux

Set up policies and create an Autonomous Linux instance.

The following sections describe how to get started with the Autonomous Linux service.

Prerequisites

  • Supported Image: Use the August 2021 Oracle Autonomous Linux platform image or later.
  • IAM policies: Set the IAM policies required for the Autonomous Linux service. For more information about the required IAM policies, see Setting Up Required IAM Policies for Autonomous Linux.
  • Oracle Cloud Agent: Ensure that the Oracle Cloud Agent software is installed and running on the instance. By default, the Oracle Cloud Agent is installed and running on the Oracle Autonomous Linux platform image. For more information about the Oracle Cloud Agent, see Managing Plugins with Oracle Cloud Agent.
  • OS Management Service Agent and Oracle Autonomous Linux plugins: Ensure that the OS Management Service Agent and Oracle Autonomous Linux plugins are enabled and running on the instance. These plugins are enabled and running by default on the Oracle Autonomous Linux platform image. For more information about the Oracle Autonomous Linux plugin, see Autonomous Linux Components and Features.
Important

  • Autonomous Linux instances based on custom images are not supported.

Setting Up Required IAM Policies for Autonomous Linux

Note

You must have the required privileges to create the policy. If you do not have required privileges, you should work with the administrator for your tenancy to either obtain the privileges to create the policies or to have the policies created for you.

Required Dynamic Group

Before you create the required IAM policies for Autonomous Linux, you need to create a dynamic group. A dynamic group can include instances based on instance OCID or include instances that reside in a compartment based on compartment OCID. For more information about dynamic groups, see Managing Dynamic Groups.

Required User Group

Before you create the required IAM policies for Autonomous Linux, you need to create a user group for non-admin users. This user group is used in a policy to allow users to view and manage events. For more information about user groups, see Managing Groups.

Required IAM Policies

For an Autonomous Linux instance to register with the OS Management service and manage autonomous updates and events, you must create the required IAM policies for Autonomous Linux.

Before you create the IAM policies, you first need to create a dynamic group and a user group.

Required IAM Policies for a Tenancy

To apply the policies for Autonomous Linux to the tenancy, use the following policy statements. The first two policy statements are required for OS Management and might already be specified for your dynamic group (if you are adding to existing policies).

For a dynamic group:

Allow dynamic-group <dynamic_group_name> to read instance-family in tenancy
Allow dynamic-group <dynamic_group_name> to use osms-managed-instances in tenancy
Allow dynamic-group <dynamic_group_name> to use ons-topics in tenancy
Allow dynamic-group <dynamic_group_name> to manage osms-events in tenancy

The third and fourth lines are required for Autonomous Linux instances to publish notifications and events, respectively.

For non-admin users:


Allow group <group_name> to manage osms-events in tenancy
Allow group <group_name> to manage ons-topics in tenancy

These policies permit the user group to manage OSMS events and notification topics, respectively.

Required IAM Policies for a Compartment

To apply the policies for Autonomous Linux only to a compartment inside the tenancy, use the following policy statements. The first two policy statements are required for OS Management and might already be specified for your dynamic group (if you are adding to existing policies).

Important

The policy statement Allow service osms to read instances in tenancy must be set in tenancy. The other policy statements can be applied to a compartment inside the tenancy.

For a dynamic group:

Allow dynamic-group <dynamic_group_name> to read instance-family in compartment <compartment_name>
Allow dynamic-group <dynamic_group_name> to use osms-managed-instances in compartment <compartment_name>
Allow dynamic-group <dynamic_group_name> to use ons-topics in compartment <compartment_name>
Allow dynamic-group <dynamic_group_name> to manage osms-events in compartment <compartment_name>

The third and fourth lines are required for Autonomous Linux instances to publish notifications and events, respectively.

For non-admin users:

Allow group <group_name> to manage osms-events in compartment <compartment_name>
Allow group <group_name> to manage ons-topics in tenancy

These policies permit the user group to manage OSMS events and notification topics, respectively.

Required IAM Policy for Metrics

To allow the OS Management service to emit metrics, use the following policy.

Important

This policy must be specified at the tenancy level.
Allow service osms to read instances in tenancy

After setting the policies, you must restart the Oracle Cloud Agent.

To restart the Oracle Cloud Agent on Autonomous Linux instances:

  1. Log in to your instance. See Connecting to an Instance.
  2. Restart the Oracle Cloud Agent service. 
    sudo systemctl restart oracle-cloud-agent.service

Creating an Autonomous Linux Instance

Verifying the Status of the Required Oracle Cloud Agent Plugins

The Autonomous Linux service requires that both the Oracle Autonomous Linux and OS Management Service Agent plugins are enabled and running.

Important

On the Oracle Cloud Agent tab, when the Oracle Autonomous Linux plugin is enabled, the status for the plugin might not be shown properly as Running. To verify the actual status of the plugin, follow these steps.
  1. Log in to your instance. See Connecting to an Instance.
  2. Validate whether your instance can reach the OS Management ingestion service. 
    
curl https://ingestion.osms.<region>.oci.oraclecloud.com/

    For <region>, specify the region identifier (for example, us-phoenix-1). See Regions and Availability Domains for more information about region identifiers.

    For example, the following sample output indicates that the instance can successfully reach the OS Management ingestion service.

    Note

    The 403 Forbidden status code message is expected in the output.
    <html>
<head><title>403 Forbidden</title></head>
<body bgcolor="white">
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx/1.14.2</center>
</body>
</html>
  3. Verify the yum configuration. 
    ls /etc/yum.repos.d
    1. Check that the existing yum repository configuration is disabled.
    2. Ensure that the *.repo files in the /etc/yum.repos.d directory are backed up to *.repo.osms-backup in the same directory.

    For example:

    $ ls /etc/yum.repos.d
ksplice-ol7.repo.osms-backup       oracle-epel-ol7.repo.osms-backup   oracle-softwarecollection-ol7.repo.osms-backup  uek-ol7.repo.osms-backup
oci-included-ol7.repo.osms-backup  oracle-linux-ol7.repo.osms-backup  oraclelinux-developer-ol7.repo.osms-backup      virt-ol7.repo.osms-backup
  4. Verify that the OS Management Service Agent plugin is running on the instance. 
    ps -elf | grep osms-agent | grep -v grep

    For example:

    $ ps -elf | grep osms-agent | grep -v grep
4 S root      2484  2166  0  80   0 - 62854 -      Aug04 ?        00:00:00 /usr/bin/sudo -n /usr/libexec/oracle-cloud-agent/plugins/osms/osms-agent
4 S root      2508  2484  0  80   0 -  2688 -      Aug04 ?        00:00:00 /usr/libexec/oracle-cloud-agent/plugins/osms/osms-agent
4 S root      2513  2508  0  80   0 - 371851 -     Aug04 ?        00:02:10 /usr/libexec/oracle-cloud-agent/plugins/osms/osms-agent
    Note

    If the OS Management Service Agent plugin is not installed or has been stopped, no output is displayed for this command.

  5. Verify that the Oracle Autonomous Linux plugin is running on the instance. 
    ps -elf | grep oci-alx | grep -v grep

    For example:

    $ ps -elf | grep oci-alx | grep -v grep
0 S oracle-+ 12519  2166  0  80   0 - 273788 -     Aug04 ?        00:00:26 /usr/libexec/oracle-cloud-agent/plugins/oci-alx/oci-alx
    Note

    If the Oracle Autonomous Linux plugin is not installed or has been stopped, no output is displayed for this command.

    Tip

    Review the /var/log/oracle-cloud-agent/agent.log and /var/log/oracle-cloud-agent/plugins/oci-alx/oci-alx.log files for more information.

After verifying that the Oracle Autonomous Linux and OS Management Service Agent plugins are running, you have completed the getting started tasks for setting up the Oracle Autonomous Linux instances. You can now use the Autonomous Linux service to manage the instance. Proceed to What to Do Next.

What to Do Next

After setting up an Oracle Autonomous Linux instance, proceed to Managing Autonomous Linux Settings where you can perform the following tasks:

  • Update the schedule for daily autonomous updates
  • Set the topic for event notifications
  • Change the event collection setting