Operating Systems

Oracle Linux 7 User Guide

| Product: Oracle Linux 7

Overview

This guide covers the deployment and configuration of Oracle Enterprise Linux 7 on AWS using cloudimg AMIs from the AWS Marketplace. Oracle Linux is an enterprise grade Linux distribution built from Red Hat Enterprise Linux source code, providing binary compatibility with RHEL while offering Oracle's own Unbreakable Enterprise Kernel (UEK) for enhanced performance and reliability.

What's included in this AMI:

  • Oracle Enterprise Linux 7 with latest security patches
  • AWS CLI 2.7.7 for AWS service management
  • AWS CloudWatch Agent 1.247352.0b251908 for monitoring and log collection
  • AWS Systems Manager Agent 3.1.1476.0 for remote management
  • Cloud Init 19.4 for instance initialization
  • OS package update script for keeping the system current
  • 24/7 cloudimg support with guaranteed 24 hour response SLA

Prerequisites

Before launching this AMI, ensure you have:

  1. An active AWS account
  2. An active subscription to the Oracle Linux 7 listing on AWS Marketplace
  3. An EC2 key pair for SSH access
  4. Familiarity with EC2 instance management and SSH

Recommended Instance Type: t3.small (2 vCPU, 2 GB RAM) or larger. The minimum requirements are 1 vCPU, 2 GB RAM, and 20 GB disk space.

Step 1: Launch the AMI

  1. Navigate to the AWS Marketplace and search for "Oracle Linux 7 cloudimg"
  2. Click Continue to Subscribe, accept the terms, then Continue to Configuration
  3. Select your preferred Region and Software Version
  4. Click Continue to Launch
  5. Choose Launch through EC2 for full control over instance configuration
  6. Select your instance type (t3.small recommended)
  7. Configure storage: 20 GB gp3 minimum
  8. Configure your Security Group with the following inbound rules:
Port Protocol Source Purpose
22 TCP Your IP SSH access
  1. Select your EC2 key pair and launch the instance

Step 2: Connect via SSH

Once your instance is running and has passed both status checks (2/2), connect using SSH:

ssh -i your-key.pem ec2-user@<public-ip-address>

To switch to the root user:

sudo su -

Important: Wait for the EC2 instance to reach 2/2 successful status checks before connecting. Early connection attempts may produce permission denied errors.

Step 3: Verify the System

Check the OS version:

cat /etc/oracle-release

Check available disk space:

df -h

Check memory:

free -m

Using AWS CLI

The AWS CLI is preinstalled and ready to use. Verify with:

aws --help

Check the version:

aws --version

To use AWS CLI commands, ensure your instance has an IAM role attached with appropriate permissions, or configure credentials:

aws configure

Configuring CloudWatch Agent

The AWS CloudWatch Agent is preinstalled for collecting system metrics and logs.

Run the configuration wizard as the root user:

/opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-config-wizard

The wizard will guide you through selecting metrics (CPU, memory, disk) and log files to monitor.

Start the CloudWatch Agent after configuration:

/opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-ctl -a fetch-config -m ec2 -s -c file:/opt/aws/amazon-cloudwatch-agent/bin/config.json

Check the CloudWatch Agent status:

/opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-ctl -m ec2 -a status

Expected output:

{
  "status": "running",
  "starttime": "2022-06-05T12:10:13+0000",
  "configstatus": "configured",
  "cwoc_status": "stopped",
  "cwoc_starttime": "",
  "cwoc_configstatus": "not configured",
  "version": "1.247350.0b251814"
}

Using Systems Manager

The AWS Systems Manager Agent (SSM) is preinstalled for remote management without SSH.

Check SSM Agent status:

systemctl status amazon-ssm-agent

Ensure your instance has an IAM role with the AmazonSSMManagedInstanceCore policy attached to use Systems Manager features.

Configuring Cloud Init

Cloud Init handles instance initialization on first boot. The configuration file is located at:

vi /etc/cloud/cloud.cfg

Refer to the Cloud Init documentation for customizing instance behavior on launch.

Server Components

Component Version Install Path
AWS CLI 2.7.7 /usr/local/aws-cli
AWS CloudWatch Agent 1.247352.0b251908 /opt/aws/amazon-cloudwatch-agent
AWS Systems Manager Agent 3.1.1476.0 /usr/bin/amazon-ssm-agent
Cloud Init 19.4 /etc/cloud

Filesystem Layout

Mount Point Size Description
/ 38 GB Root filesystem
/boot 2 GB Operating system kernel files

Scripts and Log Files

Script/Log Path Description
initial_boot_update.sh /stage/scripts Updates the OS with the latest packages on first boot
initial_boot_update.log /stage/scripts Output log for the boot update script

On Startup

An OS package update script runs on first boot to ensure the image is fully up to date. You can disable this by removing the script and its crontab entry:

rm -f /stage/scripts/initial_boot_update.sh

crontab -e
# Delete the following line, save and exit:
@reboot /stage/scripts/initial_boot_update.sh

Common Administration Tasks

Update all packages:

yum update -y

Install a package:

yum install -y package-name

Check running services:

systemctl list-units --type=service --state=running

View system logs:

journalctl -f

Check kernel version:

uname -r

Troubleshooting

Cannot connect via SSH

  1. Verify the instance has passed 2/2 status checks
  2. Check your security group allows port 22 from your IP
  3. Ensure you are using the correct key pair and username (ec2-user)

yum update fails

  1. Verify the instance has internet access (public subnet or NAT gateway)
  2. Check DNS resolution: nslookup yum.oracle.com
  3. Check disk space: df -h

CloudWatch Agent not sending metrics

  1. Verify the agent is running: /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-ctl -m ec2 -a status
  2. Ensure the instance has an IAM role with CloudWatchAgentServerPolicy
  3. Check agent logs: tail -f /opt/aws/amazon-cloudwatch-agent/logs/amazon-cloudwatch-agent.log

SSM Agent not connecting

  1. Verify the agent is running: systemctl status amazon-ssm-agent
  2. Ensure the instance has an IAM role with AmazonSSMManagedInstanceCore
  3. Check the instance has network access to the SSM service endpoint

Security Recommendations

  • Restrict SSH access: Only allow port 22 from trusted IP addresses
  • Use IAM roles for AWS API access instead of access keys
  • Keep the system updated: Run yum update regularly for security patches
  • Enable SELinux: Verify SELinux is enforcing: getenforce
  • Configure firewall rules: Use firewalld for additional host level security
  • Monitor with CloudWatch: Set up alerts for CPU, memory, and disk usage
  • Use SSM Session Manager as an alternative to SSH for secure, auditable access
  • Review system logs regularly for suspicious activity

Support

If you encounter any issues with this product, contact cloudimg support:

  • Email: support@cloudimg.co.uk
  • Website: www.cloudimg.co.uk
  • Support hours: 24/7 with guaranteed 24 hour response SLA