Added changes for enabling osmh.

terraform/locals.tf

@@ -190,6 +190,14 @@ locals {
   is_rms_private_endpoint_required  = var.is_rms_private_endpoint_required && var.wls_existing_vcn_id != "" && var.wls_subnet_id != "" && !local.assign_weblogic_public_ip ? true : false
   add_new_rms_private_endpoint      = local.is_rms_private_endpoint_required && var.add_rms_private_endpoint == "Create New Resource Manager Endpoint" ? true : false
   add_existing_rms_private_endpoint = local.is_rms_private_endpoint_required && var.add_rms_private_endpoint == "Use Existing Resource Manager Endpoint" ? true : false
+
+  # OS Management Hub
+  enable_osmh                     = var.enable_osmh
+  select_existing_profile         = var.select_existing_profile
+  create_profile                  = (local.enable_osmh && !local.select_existing_profile) ? true : false
+  profile_ocid                    = local.select_existing_profile ? var.profile_ocid : ""
+  profile_compartment_id          = var.profile_compartment_id
+  profile_name                    = var.profile_name
 
   # Secured Production Mode
   preserve_boot_properties          = var.configure_secure_mode ? var.preserve_boot_properties : true

terraform/main.tf

@@ -238,6 +238,7 @@ module "policies" {
   use_apm_service                  = local.use_apm_service
   apm_domain_compartment_id        = local.apm_domain_compartment_id
   use_autoscaling                  = var.use_autoscaling
+  enable_osmh                      = var.enable_osmh
   ocir_auth_token_id               = var.ocir_auth_token_id
   add_fss                          = var.add_fss
   add_load_balancer                = local.add_load_balancer
@@ -588,6 +589,13 @@ module "observability-autoscaling" {
   }
 }
 
+module "observability-osmh"{
+  source              = "./modules/observability/osmh"
+  count               = local.create_profile ? 1 : 0
+  tenancy_id          = var.tenancy_ocid
+  display_name        = var.profile_name
+  compartment_id      = local.profile_compartment_id
+}
 
 module "compute" {
   source                 = "./modules/compute/wls_compute"
@@ -606,8 +614,7 @@ module "compute" {
   wls_subnet_id          = var.wls_subnet_id
   region                 = var.region
   ssh_public_key         = var.ssh_public_key
-  compute_nsg_ids        = local.compute_nsg_ids
-
+  compute_nsg_ids        = local.compute_nsg_ids  
   tenancy_id                = var.tenancy_ocid
   tf_script_version         = var.tf_script_version
   use_regional_subnet       = local.use_regional_subnet
@@ -632,6 +639,7 @@ module "compute" {
   wls_server_startup_args   = var.wls_server_startup_args
   wls_existing_vcn_id       = var.wls_existing_vcn_id
   create_policies           = var.create_policies
+  enable_osmh               = var.enable_osmh
   place_all_compute_in_same_ad = var.place_all_compute_in_same_ad
 
   # Secured Production Mode
@@ -704,6 +712,8 @@ module "compute" {
   log_group_id    = element(concat(module.observability-common[*].log_group_id, [""]), 0)
   use_oci_logging = var.use_oci_logging
 
+  profile_ocid = var.profile_ocid == "" ? (element(concat(module.observability-osmh[*].profile_ocid, [""]), 0)) : var.profile_ocid
+
   use_apm_service           = local.use_apm_service
   apm_domain_compartment_id = local.apm_domain_compartment_id
   apm_domain_id             = var.apm_domain_id

terraform/modules/compute/instance/instance.tf

@@ -59,6 +59,6 @@ resource "oci_core_instance" "these" {
   }
 
   lifecycle {
-    ignore_changes = [metadata, shape, shape_config, source_details, defined_tags, freeform_tags]
+    ignore_changes = [metadata, shape, shape_config, source_details, defined_tags, freeform_tags, agent_config]
   }
 }

terraform/modules/compute/wls_compute/observability_variables.tf

@@ -88,3 +88,11 @@ variable "scaleout_notification_topic_id" {
   type        = string
   description = "The OCID of the notification topic for scale out operation"
 }
+variable "profile_ocid"{
+  type        = string
+  description = "The OCID of the created profile"
+}
+variable "enable_osmh"{
+  type        = bool
+  description = "Indicating that OSMH is enabled"
+}

terraform/modules/compute/wls_compute/variables.tf

@@ -351,4 +351,5 @@ variable "certificate_id" {
   type        = string
   description = "The OCID of the SSL certificate to configure a secure WebLogic domain"
   default     = ""
-}
+}
+

terraform/modules/compute/wls_compute/wls_compute.tf

@@ -176,6 +176,9 @@ module "wls-instances" {
 
       log_group_id    = var.log_group_id
       use_oci_logging = var.use_oci_logging
+
+      enable_osmh      = var.enable_osmh
+      profile_ocid     = var.profile_ocid
 
       mount_ip    = var.mount_ip
       mount_path  = var.mount_path
@@ -213,4 +216,3 @@ module "wls-instances" {
     }
   }
 }
-

terraform/modules/observability/osmh/create_profile.tf

@@ -0,0 +1,23 @@
+resource "oci_os_management_hub_software_source_change_availability_management" "software_source_change_availability_management" {
+   for_each = toset(local.filtered_sources)  
+
+  software_source_availabilities {
+    software_source_id  = each.value  
+    availability_at_oci = var.software_availabilty
+  }
+}
+
+resource "oci_os_management_hub_profile" "create_profile" {
+    compartment_id      = var.compartment_id
+    display_name        = var.display_name
+    profile_type        = var.profile_type
+    software_source_ids = local.filtered_sources
+    arch_type           = var.arch_type
+    is_default_profile  = var.is_default_profile
+    os_family           = var.os_family
+    registration_type   = var.registration_type
+    vendor_name         = var.vendor_name
+    depends_on = [
+    oci_os_management_hub_software_source_change_availability_management.software_source_change_availability_management
+  ]
+}

terraform/modules/observability/osmh/datasources.tf

@@ -0,0 +1,6 @@
+data "oci_identity_tenancy" "tenancy_info" {
+    tenancy_id = var.tenancy_id
+}
+data "oci_os_management_hub_software_sources" "all_tenancy_osmh_software_sources" {
+  compartment_id = data.oci_identity_tenancy.tenancy_info.id
+}

terraform/modules/observability/osmh/locals.tf

@@ -0,0 +1,18 @@
+locals {
+  all_tenancy_osmh_software_sources = data.oci_os_management_hub_software_sources.all_tenancy_osmh_software_sources.software_source_collection[0].items
+  software_source_names = [
+    "ol8_addons-x86_64",
+    "ol8_appstream-x86_64",
+    "ol8_baseos_latest-x86_64",
+    "ol8_ksplice-x86_64",
+    "ol8_mysql80_connectors_community-x86_64",
+    "ol8_mysql80_tools_community-x86_64",
+    "ol8_uekr7-x86_64",
+    "ol8_mysql80_community-x86_64"
+  ]
+
+  filtered_sources = [
+    for src in local.all_tenancy_osmh_software_sources : src.id
+    if contains(local.software_source_names, src.display_name)
+  ]
+}

terraform/modules/observability/osmh/outputs.tf

@@ -0,0 +1,4 @@
+output "profile_ocid" {
+  value = oci_os_management_hub_profile.create_profile.id
+}
+

terraform/modules/observability/osmh/variables.tf

@@ -0,0 +1,67 @@
+variable "display_name" {
+  description = "The display name for the profile"
+  type        = string
+}
+
+variable "profile_type" {
+  description = "The type of the profile (e.g., SOFTWARESOURCE)"
+  type        = string
+  default     = "SOFTWARESOURCE"
+}
+
+variable "arch_type" {
+  description = "The architecture type of the profile"
+  type        = string
+  default     = "X86_64"
+}
+
+variable "description" {
+  description = "A description for the profile"
+  type        = string
+  default     = ""
+}
+
+variable "os_family" {
+  description = "The operating system family for the profile (e.g., LINUX, WINDOWS)"
+  type        = string
+  default     = "ORACLE_LINUX_8"
+
+}
+
+variable "registration_type" {
+  description = "The registration type for the profile"
+  type        = string
+  default     = "OCI_LINUX"
+}
+
+variable "software_source_ids" {
+  description = "List of software source IDs associated with the profile"
+  type        = list(string)
+  default     = []
+}
+
+variable "vendor_name" {
+  description = "The vendor name for the profile"
+  type        = string
+  default     = "ORACLE"
+}
+
+variable "compartment_id" {
+  description = "The OCID of the compartment where the profile will be created"
+  type        = string
+}
+
+variable "is_default_profile" {
+  description = "Indicates whether this profile is the default profile"
+  type        = bool
+  default     = false
+}
+variable "tenancy_id" {
+  description = "The OCID of the tenancy"
+  type        = string
+}
+variable "software_availabilty" {
+  description = "Availability at OCI for the software sources"
+  type        = string
+  default     = "SELECTED"
+}

terraform/modules/policies/locals.tf

@@ -52,6 +52,11 @@ locals {
   plugin_policy_statement2 = "Allow dynamic-group ${oci_identity_dynamic_group.wlsc_instance_principal_group.name} to use wlms-managed-instance-plugins in tenancy"
   plugin_policy_statement = compact([local.plugin_policy_statement1, local.plugin_policy_statement2])
 
+  # Policies required for enabling the OSMH plugin
+  osmh_policy_statement1 = var.enable_osmh? "Allow dynamic-group ${oci_identity_dynamic_group.wlsc_instance_principal_group.name} to manage osmh-family in tenancy" : ""
+  osmh_policy_statement2 = var.enable_osmh? "Allow dynamic-group ${oci_identity_dynamic_group.wlsc_instance_principal_group.name} to {OSMH_MANAGED_INSTANCE_ACCESS} in tenancy where request.principal.id = target.managed-instance.id" : ""
+  osmh_policy_statement  = compact([local.osmh_policy_statement1, local.osmh_policy_statement2])
+
   #Policies for WLS instance principal dynamic group
   autoscaling_statement1 = var.use_autoscaling ? "Allow dynamic-group ${oci_identity_dynamic_group.wlsc_instance_principal_group.name} to use repos in tenancy" : ""
   autoscaling_statement2 = var.use_autoscaling ? "Allow dynamic-group ${oci_identity_dynamic_group.wlsc_instance_principal_group.name} to manage functions-family in compartment id ${var.compartment_id}" : ""
@@ -127,7 +132,7 @@ locals {
   secure_mode_statement  = compact([local.secure_mode_statement1, local.secure_mode_statement2, local.secure_mode_statement3, local.secure_mode_statement4, local.secure_mode_statement5, local.secure_mode_secrets_policy_statement1, local.secure_mode_secrets_policy_statement2])
 
   #TODO: When other categories with more statements are added here, concat them with service_statements
-  policy_statements = concat(local.service_statements, local.cloning_policy_statement, local.plugin_policy_statement, local.secure_mode_statement)
+  policy_statements = concat(local.service_statements, local.cloning_policy_statement, local.plugin_policy_statement, local.secure_mode_statement, local.osmh_policy_statement)
 
   reserved_ips_info = var.compartment_id == "" ? [{ id = var.resource_name_prefix }] : []
 

terraform/modules/policies/variables.tf

@@ -223,3 +223,8 @@ variable "wls_secondary_admin_password_id" {
   type        = string
   description = "The OCID of the vault secret with the password for secondary WebLogic administration user"
 }
+variable "enable_osmh" {
+  type = bool
+  description = "Indicating that OSMH is enabled"
+}
+

terraform/schema.yaml

@@ -16,6 +16,7 @@ groupings:
       - ${is_bastion_instance_required}
       - ${add_load_balancer}
       - ${is_idcs_selected}
+      - ${enable_osmh}
       - ${use_oci_logging}
       - ${use_apm_service}
       - ${use_autoscaling}
@@ -102,6 +103,13 @@ groupings:
       - ${existing_admin_server_nsg_id}
       - ${existing_managed_server_nsg_id}
 
+  - title: "OS Management Hub Profile"
+    variables:
+      - ${profile_compartment_id}
+      - ${profile_name}
+      - ${select_existing_profile}
+      - ${profile_ocid}
+
   - title: "Resource Manager Private Endpoint"
     variables:
       - ${add_rms_private_endpoint}
@@ -202,6 +210,7 @@ groupings:
       - ${lb_subnet_1_name}
       - ${lb_subnet_2_name}
       - ${user_id}
+      - ${create_profile}
       - ${fingerprint}
       - ${private_key_path}
       - ${wls_edition}
@@ -495,6 +504,57 @@ variables:
     default: 8
     required: true
 
+  select_existing_profile:
+    visible:
+      and:
+        - ${orm_create_mode}
+        - ${enable_osmh}
+    type: boolean
+    required: true
+    default: false
+    title: "Select Existing Profile"
+    description: "Select if you want to use an existing profile for OSMH"
+
+  profile_compartment_id:
+    visible:
+      and:
+        - ${orm_create_mode}
+        - ${enable_osmh}
+        - not:
+            - ${select_existing_profile}
+    type: oci:identity:compartment:id
+    required: false
+    default: ${compartment_ocid}
+    title: "Profile Compartment"
+    description: "The compartment where you want to create the profile for OMH plugin integration."
+
+  profile_name:
+    visible:
+      and:
+        - ${orm_create_mode}
+        - ${enable_osmh}
+        - not:
+            - ${select_existing_profile}
+    type: string
+    minLength: 1
+    maxLength: 256
+    pattern: "^[a-zA-Z][a-zA-Z0-9]{0,15}$"
+    required: true
+    default : ""
+    title: "Profile Name"
+    description: "The display name of the profile that will be created. Name can't start with a number or dash, contain spaces or special characters, or be empty."
+
+  profile_ocid:
+    visible:
+      and: 
+        - ${orm_create_mode}
+        - ${enable_osmh}
+        - ${select_existing_profile}
+    type: string
+    required: true
+    title: "Profile OCID"
+    pattern: ^ocid1.osmhprofile.*$
+
   wls_admin_user:
     visible:
       and:
@@ -1663,6 +1723,13 @@ variables:
     required: false
     default: true
 
+  enable_osmh:
+    type: boolean
+    title: "Enable OS Management Hub"
+    description: "Enable OSMH plugin for Management"
+    required: true
+    default: true
+
   add_JRF:
     visible:
       and: