Troubleshoot Oracle Cloud Agentless Installs

Use these suggestions to troubleshoot an Oracle Cloud installation.

Troubleshoot Onboarding

Terraform: Ensure you have set up your Terraform environment to use valid Oracle Cloud Infrastructure (OCI) Credentials.

By default, the Terraform snippets provided by Sysdig will configure Terraform to use the DEFAULT OCI profile from your local OCI config (~/.oci/config). Ensure that this configuration is correct, and you have a valid API key. This can be verified using the OCI CLI, inserting your Tenancy OCID e.g.

oci iam tenancy get --tenancy-id TENANCY_OCID

For more details, see the Oracle Documentation

Admit Policies: Ensure the root Compartment of your Tenancy contains an IAM Policy named AdmitSysdigSecureTenantOnboarding-XXXX. This policy should allow access to read Tenancy and Compartment details

Troubleshoot CSPM

Admit Policies: Ensure the root Compartment of your Tenancy contains an IAM Policy with the following names:

AdmitSysdigSecureTenantOnboarding-XXXX
AdmitSysdigSecureTenantConfigPosture-XXXX

Troubleshoot Terraform

Terraform fails to destroy an organization deployment when Host Scanning, Workload Scanning, or CDR is enabled, likely due to dependencies on active security configurations.

Solution

To resolve this, first manually offboard OCI. If the problem still persists, run the following terraform destroy command:

terraform state rm module.config-posture.oci_identity_user_group_membership.cspm_user_to_group
terraform destroy -target module.onboarding.sysdig_secure_organization.oracle_organization

Feedback

Was this page helpful?

Glad to hear it! Please tell us how we can improve.

Sorry to hear that. Please tell us how we can improve.