When you enable or configure moniter or managerment features on compute instance in Oracle Cloud Infrastructure (OCI), you have to enable the relavant Oracle Cloud Agent plugin.
For example, if you want to use Bastion to connect to your compute instance residing in private subnet, you have to enable Bastion plugin on the instance. When enabling the plugin, you may see following error messsages,
Plugin Bastion not present for instance <ocid of the instance>
It happens because Oracle Cloud Agent running on the instance cannot access OCI services. The OCI services are out of the network where the instance resides. Instance's network is private subnet and does not have access to outside. Therefore a Service Gateway or NAT Gateway and proper route table rules are needed in the private subnet.
The issue can be fixed as following,
1. Create a Service Gateway for "All Services in Oracle Services Network" if it does not exist in the VCN in which the subnet resides.
* In the Console, confirm you're viewing the instance on which you want to enable the plugin.
* In the "Instance information" tab, click the name link beside "Virtual cloud network" under section "Instance details"
* On the left side of the page, click Service Gateways.
* Click Create Service Gateway.
* Enter the following values:
Name: A descriptive name for the service gateway.
Create in compartment: Select same compartment where the VCN is created.
Services: Select "All Services in Oracle Services Network". Currently, only two options for selection. The other "OCI Object Storage" is not applicable.
Click "Create Service Gateway".
2. Update routing for the subnet
* Back to the instance home and in "nstance information" tab, click the name link beside "Subnet" under section "Primary VNIC"
* In "Subnet Information" tab, click the name link beside "Route Table"
* Under "Route Rules", click "Add Route Rules" and enter the following values:
Target Type: Service Gateway.
Destination Service: Select "All Services in Oracle Services Network"
Target Service Gateway: Select the gateway which is created earlier. If it does not show in the list, click "Change Comparment" to choose the compartment where the Service Gateway is created.
Click "Save".
Wait for a few minutes, the issue should be gone and the plugin status shows "Running".
1 comment:
Does not seem to work anymore .
The end of step 2
results in the following error
'Rules in the route table must use a dynamic routing gateway (DRG) or private IP as a target. Or the route table can be empty (no rules).'
Post a Comment