VCS OCIIP resource shows MONITOR TIMEDOUT if OCI auth running on port 443 unreachable from RHEL Virtual machine in OCI

book

Article ID: 100075631

calendar_today

Updated On:

Description

Error Message

There are no error messages. The Monitor process will show in stuck state in the process table

# ps -ef | grep -i ociip
xxx xxxx x x:x x.x.x.x OverlayIP 1 ReservedPublicIP 1 NICDevice 1 eth0 RouteTableId 1 tempCompartmentID 1 ocid1.compartment.oc1 .xxxxx tempInstanceID 1 ocid1.instance.oc1.xxxx tempPrivateIPID 1 AEPTimeout 1 60 OpenStatus 1 0

Cause

This issue can occur if the appropriate policies are not configured and the auth service is not reachable.

Resolution

1) Ensure the following policies are configured:

■ Allow dynamic-group to manage private-ips in compartment
■ Allow dynamic-group to use subnets in compartment
■ Allow dynamic-group to inspect vnic-attachments in compartment
■ Allow dynamic-group to manage vcns in compartment
■ Allow dynamic-group to manage vnics in compartment
■ Allow dynamic-group to read instances in compartment
■ Allow dynamic-group to manage route-tables in compartment

2) Ensure port 443 is open to the auth service of the region.

Example: auth.me-jeddah-1.oraclecloud.com should be reachable at port 443 from the VM instance.

Here, me-jeddah-1 should be replaced with the region in which the VM is actually running.

Issue/Introduction

The OCIIP resource type shows MONITOR TIMEDOUT

<ociIp resource name>        State                    <servername> OFFLINE|MONITOR TIMEDOUT

<ociIp resource name>        State                    <servername> OFFLINE|MONITOR TIMEDOUT

Was this article helpful?

thumb_up Yes

thumb_down No

Welcome to "KB Articles"