Can someone help me to write script to perform below steps in weblogic.
1.Stop Managed Servers
2.Stop Node Manager
3.Stop Admin Server
4.Delete the tmp,cache folders.
The steps you mentioned can be done with WLST and Node Manager. However, you need to make the following adjustments:
Configure Node Manager/WebLogic Domain to stop using the demo SSL certificate when accessing/starting Node Manager.
Configure Node Manager
Edit nodemanager.properties and set the following:
SecureListener to false
QuitEnabled to true
Restart Node Manager
Configure WebLogic Domain
Login to WebLogic Domain
Under Environment, Machines: click the Machine name configured
Under Configuration, Node Manager: set Type to Plain and save
Restart WebLogic Domain (Admin Server + Managed Servers)
Configure WebLogic Domain's Node Manager Credentials. The default is usually the username/password you entered when creating the WebLogic Domain. However, it is also a good idea to set different credentials for the Node Manager. This is totally optional, especially when working in a development environment.
Login to WebLogic Domain
Under Domain Structure, click the Weblogic Domain name
Under Security, General: click Advanced
Set the NodeManager Username and NodeManager Password/Confirm NodeManager Password and click Save
For this answer, I will use nodemanager/nodemanager_pwd as sample values.
Assuming you have one Admin Server and one Managed Server, both on the same machine, write the following commands in a Python script:
# Connect to the Node Manager running on localhost with port 5556.
# Change the DOMAIN_NAME and the DOMAIN_HOME as appropriate
nmConnect('nodemanager','nodemanager_pwd','localhost','5556','DOMAIN_NAME','DOMAIN_HOME','PLAIN')
# Start the Admin Server.
# The following command assumes that the
# name of the Admin Server is AdminServer
nmServerStart('AdminServer')
# Start the Managed Server. Again, change the Managed Server name as appropriate
nmServerStart('Managed_Server_01')
To stop the Managed Server and Admin Server, it's the opposite direction with the sequence, and now you need to use the nmKill command. The stopNodeManager() is possible if the QuitEnabled property was set to true in the nodemanager.properties file.
nmConnect('nodemanager','nodemanager_pwd','localhost','5556','DOMAIN_NAME','DOMAIN_HOME','PLAIN')
nmKill('Managed_Server_01')
nmKill('AdminServer')
stopNodeManager()
When invoking the Python script that contains the commands above, execute the following command:
$MW_HOME/oracle_common/common/bin/wlst.sh startup.py
$MW_HOME/oracle_common/common/bin/wlst.sh shutdown.py
As for the clearing of the tmp/cache folders, these can all be done via shell script (assuming you're running on Linux)
Related
In Weblogic, I have more than one Machines created using Node Manager. We have been told to setup SSL implementation for our Application which is deployed across created machines in a single Weblogic Admin Console.
So for the Application we had configured certificate using .jks file and configured SSL listen port by enabling it.
However we have been told to secure Node Manager machines in which application are deployed across as well. While enabling Node Manager type to SSL instead of Plain I am getting SSLException. By the fact we no need to secure Machines which were created using Node Manager, only securing Application is sufficient. Is am I right. Else is it required to Secure Machines -> Node Manager as well.
When I am turning SSL in Machines -> Node Manager, what are the things I have to consider to avoid SSLException. Is the Weblogic restart required If configure this or so. For now I do not have UNIX access, hence I couldn't do that at this moment.
Please advise on this situation. Without securing Machines -> Node Manager I am able run the application. But not able to access it using https. Only http for the Application is working.
Please advise on the situation.
SSL for node manager is optional as there's no application related sensitive data that flows in this layer.
You mention even after configuring jks you can't get the server and hence the application listening on https. Could you elaborate what steps did you follow. Note this has nothing to do with node manager
I'm trying create a simple web server inside Azure using SQLite as a database and PHP with Apache as a backend. I was able to create a VM in the new portal, access it with SSH, git clone the software inside it, and add an Inbound security rule to port 80. Still my application is not accessible on my browser. Is there any other configuration I am missing?
Here are the steps I did on azure portal:
Virtual Machines -> Add -> Chose ubuntu server 14.04, and deployment model "Resource Manager", clicked on Create.
Filled in a name, username to connect to the vm, password authentication, created a new resource group, and the location closer to me (Brazil South).
Selected "A0 Basic" size
On settings I clicked on "network security group", and added a new rule for port 80, with priority 1010.
Finally on summary I clicked OK and waited for about 4-5 min to the console show me an OK message.
After that I log into the VM with ssh, ran sudo apt-get update followed by sudo apt-get install apache2.
When I type the public IP of the VM in the browser, it just keeps loading forever but doesn't show anything. Neither and error, nor the apache default page.
We are running WebSphere Application Server v8.5 on AIX 7, which we configured to use ldap security. Everything is working fine, but project went halt for some time and our WAS was down. Now we see that ldap cerficates were expired, hence we are unable to connect to dmgr & admin console. Can somebody help to resolve it?
We know how to configure ldap on WAS, but dont no how to change expired ldap cerficate with new cerficates. (We received new non-expiry certificates from ldap team but dont no how to configure it on WAS).
You need to disable security, restart dmgr, replace certificates and reenable security.
To disable security:
stop/kill the dmgr
run the following from the dmgr\bin folder:
wsadmin -conntype NONE
At the wsadmin prompt, type securityoff and then type exit.
Restart your dmgr.
UPDATE
Do you have Federated or Standalone Ldap configured? You should have in LDAP configuration link to SSL configuration. There you will need to add your new certificate to the Signers store (this is very simplified description as I'm not sure which repository you are using).
I need a way to use Glassfish 3.1.2.2 admin service (REST call to deploy and configre) from a remote machine and from local machine (command line and applications).
It is clear that for remote access it is necessary to enable secure admin. If we enable secure admin it will break all local access from applications. These application can not be changed to using https to access the admin service. Only thing I can change is that we can use a different port.
I see two possible ways for me:
Using a hack. So I can administrate with secure administrate disable. So I can use plan http. For use a possible solution, because this machine used internally in a test environment.
Configure Glassfish that we can use admin service remote via secure access https and from a local environment with http.
We prefer solution 1, because it fit better in our environment and we have lesser effort. At the moment I see no way or exist a solution (not for production)?
I tried something for solution 2, simular to http-listener-1 http-listener-2. So use two ports 4848 for local unsecure access and as example 4949 for remote secure access.But I always fail with configuration. So I start with a step by step configuration. First enable admin interface oon two ports and as second step I want to add the secure access to the new port admin-listener. But I got only one of the ports working.Please can anyone help me with target configuration? Any domain.xml will be welcome.
Thanks florian
You can try to use SSH and run asadmin utilities from remote machine.
I have a java application running on Weblogic on a Linux box. The application/weblogic are run as root. I see this as a security risk. I want to create a dedicated user to run the application.
To do this I have:
Created a new dedicated DNRS/Weblogic user called 'wluser'.
Granted access to my application to only the dedicated user wluser.
The application is hosted on Apache. To run the application, I first start apache, then weblogic.
When I tried to run apache, it complained 'Permission denied: make_sock: could not bind to port 446'.
It seems apache needs to be started as root. But if I changed the owner of apache to root, I'll be able to run the application as root. Exactly what I don't want..
Anyone any ideas?
I'm fairly sure that an application has to be given permission to use a port below 1024.
Check out this question on ServerFault: Regular User socket permissions