Troubleshoot Oracle Cloud Agentless Installs

Use these suggestions to troubleshoot an Oracle Cloud installation.

Troubleshoot Onboarding

Terraform: Ensure you have set up your Terraform environment to use valid Oracle Cloud Infrastructure (OCI) Credentials.

By default, the Terraform snippets provided by Sysdig will configure Terraform to use the DEFAULT OCI profile from your local OCI config (~/.oci/config). Ensure that this configuration is correct, and you have a valid API key. This can be verified using the OCI CLI, inserting your Tenancy OCID e.g.

oci iam tenancy get --tenancy-id TENANCY_OCID

For more details, see the Oracle Documentation

Admit Policies: Ensure the root Compartment of your Tenancy contains an IAM Policy named AdmitSysdigSecureTenantOnboarding-XXXX. This policy should allow access to read Tenancy and Compartment details

Troubleshoot CSPM

Admit Policies: Ensure the root Compartment of your Tenancy contains an IAM Policy with the following names:

  • AdmitSysdigSecureTenantOnboarding-XXXX
  • AdmitSysdigSecureTenantConfigPosture-XXXX

Troubleshoot Terraform

When Terraform fails to destroy an organization deployment when CSPM enabled, it’s likely due to dependencies on active security configurations.

Solution

To resolve this, first manually offboard OCI. If the problem still persists, run the following terraform destroy command:

terraform state rm module.config-posture.oci_identity_user_group_membership.cspm_user_to_group
terraform destroy -target module.onboarding.sysdig_secure_organization.oracle_organization

Check Terraform Provider and Module Version

Ensure that you are using Terraform provider version ~>3.3 and the latest available module versions. If it has been some time since your initial onboarding, regenerate the Terraform main.tf file from the Sysdig UI under Integrations > OCI. For example:

terraform {
  required_providers {
    sysdig = {
      source  = "sysdiglabs/sysdig"
      version = "~>3.3"
    }
  }
}

...

module "onboarding" {
  source  = "sysdiglabs/secure/oracle//modules/onboarding"
  version = "~>2.0"
}

...

module "config-posture" {
  source                   = "sysdiglabs/secure/oracle//modules/config-posture"
  version                  = "~>2.0"
  sysdig_secure_account_id = module.onboarding.sysdig_secure_account_id
}