Friday, July 10, 2015

SOA12c nodemanager and WLST

Nodemanager and WLST

 

In my other post we discussed the essentials & basics of nodemanager and also looked at some differences between the NM in SOA 10.1.3 and pre 12.1.3 releases.

 

I’ll have another post wherein we pay due honor to WLST as at topic in itself; while in this one, we’ll the cover the particulars of WLST in context of tasks listed below.

v  Connect to the running nodemanager

o   Using nodemanager credentials in plain text

o   Generating authentication keys to connect to the nodemanager

v  Starting the nodemanager

v  Starting & checking the status the Admin & Manager servers with nodemanager

v  Stopping the servers

v  Precautions

 

 

 

Ø  Connect to the running nodemanager instance

To connect to the running instance of nodemanager, the command at your service is nmConnect(). The basic syntax to use this command is:

nmConnect ( [username, password], [host], [port], [domainName], [domainDir], [nmType], [verbose])

nmConnect ( [userConfigFile, userKeyFile], [host], [port], [domainName], [domainDir], [nmType], [verbose])

 

Except for the argument nmType, for which valid options can be plain/ssl/ssh/etc., all other arguments have intuitive names.

Reference: http://docs.oracle.com/cd/E24329_01/web.1211/e24490/reference.htm#WLSTC476

 

Connecting to NM using credentials:

wls :/offline> nmConnect('weblogic', 'pass123', '10.67.19.232', '5556','mypoc_domain','/opt/app/oracle/middleware/user_projects/domains/mypoc_domain','plain')

Connecting to Node Manager ...

Successfully Connected to Node Manager.

wls :/nm/mypoc_domain>

 

Generating authentication keys for password less connection with nodemanager:

Use the command storeUserConfig(), after connecting to the nodemanger

Connecting to Node Manager ...

Successfully Connected to Node Manager.

wls :/nm/mypoc_domain> storeUserConfig('/home/oracle/.scripts/.wlstscriptkey/nmconfigfile.securee', '/home/oracle/.scripts/.wlstscriptkey/nmkeyfile.secure')

Currently connected to Node Manager to monitor the domain mypoc_domain.

You will need to be connected to a running WLS or Node Manager to execute this command

 

The above snippet shows an error arisen because the storeConifg () command currently consider that we are trying to store the config details for weblogic connection and NOT for NM.I correct my mistake by providing more argument to the command as below, and got the authentication files generated.

 

Word of caution: If we hadn’t provided the option nm=true, and had also been in online mode (by being already connected to the weblogic domain using connect command), we would have got the keys created that may have not worked for subsequent connection to NM.

 

wls :/nm/mypoc_domain> storeUserConfig('/home/oracle/.scripts/.wlstscriptkey/nmconfigfile.secure', '/home/oracle/.scripts/.wlstscriptkey/nmkeyfile.secure',nm='true')

 

Currently connected to Node Manager to monitor the domain mypoc_domain.

Creating the key file can reduce the security of your system if it is not kept in a secured location after it is created. Do you want to create the key file? y or n:y

y

 

The username and password that were used for this WebLogic NodeManager connection are stored in /home/oracle/.scripts/.wlstscriptkey/nmconfigfile.secure and /home/oracle/.scripts/.wlstscriptkey/nmkeyfile.secure.

 

Connecting to nodemanager without credentials, using authentication keys:

wls :/offline>nmConnect(userConfigFile='/home/oracle/.scripts/.wlstscriptkey/nmconfigfile.secure',

userKeyFile ='/home/oracle/.scripts/.wlstscriptkey/nmkeyfile.secure',host='10.67.19.232', port='5556', domainName='mypoc_domain', domainDir='/opt/app/oracle/middleware/user_projects/domains/mypoc_domain',nmType='plain')

 

Connecting to Node Manager ...

Successfully Connected to Node Manager.

 

Stupid Advise: If you already have the authentication keys generated for connecting to WLST for managing weblogic (using connect command), and if the NM credentials are same as that of weblogic credentials, then you use directly use those keys. Otherwise you can use the below storeConfig() to generate the keys separately for connecting to NM using nmConnect().

 

 

 

Ø  Starting the nodemanager

It is strongly recommended by oracle to startup nodemanger using wlst command startNodeManager ()”. Rather it’s recommended to use the scripts based approach to start and stop nodemanager.

 

startNodeManager.sh

stopNodeManager.sh*

 

* Script available in 12cweblogic

 

Reference: https://docs.oracle.com/middleware/1213/wls/WLSTC/reference.htm#WLSTC516

 

 

 

Ø  Starting the Admin & Manager servers with nodemanager

Well, it appears very straight forward. After connecting to the nodemanger in wlst, you can run nmStart() to start any servers in the domain as below.

 

nmStart ('AdminServer')

nmStart ('soa_server1')

nmStart ('odi_server1')

 

Sample run for starting the server and checking the status of the server started with wlst NM commands.

Wls :/ nm/mypoc_domain> nmStart(‘AdminServer’)

Starting server AdminServer

Successfully started server AdminServer

wls :/nm/mypoc_domain> nmStart(‘soa_server1’)

Starting server soa_server1 …

Successfully started server soa_server1 …

wls :/nm/mypoc_domain> nmServerStatus(‘AdminServer’)

 

RUNNING

 

wls :/nm/mypoc_domain> nmServerStatus(‘soa_server1’)

 

RUNNING

 

wls :/nm/mypoc_domain>

 

 

 

Ø  Stopping the servers

Unfortunately, there is no nmStop() command from nodemanager for gracefully shutting down the servers, but only a blunt nmKill().-

 

nmKill (‘AdmingServer’)

nmKill (‘soa_server1’)

 

 

 

Ø  Precautions:

1.       Ensure that boot.properties file exists in “$DOMAIN_HOME/servers/<<ServerName>>/data/nodemanager/” to be able to start the server using nmStart(). If this is not done, attempt to start the server will result in error and the error will show the server to be in “FAILED_NOT_RESTARTABLE” state.

 

Hence, when starting the Admin/managed server for first time we either-

o   Need to run “un the nmGenBootStartupProps command to generateboot.properties and startup.properties files for the server” to create the boot.properties file manually or using

o   OR, create boot.property manually

o   OR, you can use the nmStartprops argument to provide user credentials (after connecting to Node Manager):

nm> prps = makePropertiesObject("AdminURL=http://listen_address:listen_port; Username=username; Password=password")

nm> nmStart ("AdminServer",props=prps)

 

2.       You can check the status of servers using nmServerStatus if and only if they were started using nmStart(). Otherwise the command will not give accurate result.

 

 

More weblogic posts coming up soon. Till then, continue to seeITwithSanjay.

 

Thursday, July 9, 2015

Weblogic 12c Nodemanager - some Basics, some Differences

As I write this blog, many companies have already moved to the 12c version of SOA. With the latest SOA version comes new features like internet of things with event based processing, the support for mobile and cloud. But for a certain section of people, FMW admins like me, day to day technical operations matter most.

 

I'll be taking some important aspects of managing nodemanager(NM from here on) of the 12c weblogic, and also highlight some subtle changes in 12c node manager, which a person responsible for managing the weblogic should be aware of.

 

 

1.     11g to 12c changes

Pre 12.1.2

Post 12.1.2/12.1.3

Option of per machine & per domain NM, with per machine being default one.

Per domain is the default, and per machine NM needs a bit of configuration.

Refer# https://tinyurl.com/q8g6mr8

Default logs are found at :

$WL_HOME/common/nodemanager/logs

Default logs are found at : $DOMAIN_HOME/nodemanager/logs

In 11g, we required 1 NM for Admin server domain path & 1 NM for managed server domain path, as the nodemanager.domains file has only 1 path per domain

e.g. for 11g: domain-name=domain-directory

1 domain level NM is sufficient when Admin server is on SAN, out of DOMAIN_DIR https://tinyurl.com/nu2zlkv

e.g. for 12c: domainName=primaryDomainPath; alternateDomainPath1; alternateDomainPath2

No script to stop the NM, one needs to kill NM process

stopNodeManager.sh script is available

 

 

 

2.     Starting the NM

The regular way to start the domain specific NM, is to start using following command:

nohup $DOMAIN_HOME/bin/startNodeManager.sh &

Though this should work for most of the cases, this isn’t an ideal nail to go in your production kit.

For production env, always configure the NM as init.d or xinetd service, so that the node manager comes up automatically every time your server reboots. Follow the below steps given in oracle documentation to achieve this.

http://docs.oracle.com/middleware/1213/wls/NODEM/java_nodemgr.htm#NODEM247

·         A word about oracle documentation for setting up nodemanager init.d service

The script given in oracle document tends to start the NM as root, which will definitely cause issues. So you must make the below changes in oracle script, in the link shared above, to start NM as non-root user-

 

Make the following changes:

 

$PROGRAM_START >> $OUT_FILE 2>&1  &

To

su -c $“<<USE_NM_USER>>” $PROGRAM_START >> $OUT_FILE 2>&1  &

 

 

 

 

3.     Change the password for managing nodemanager

Not many would know that you we can password for starting/stopping weblogic servers need not to same as that for managing NM. This also makes a strong case security point too.

You can update the NM password by accessing Admin console. NO restart is required for change to get reflected.

The steps for doing so are readily available from oracle documentation so I will simply share the link instead of typing it here again

Refer: http://docs.oracle.com/cloud/latest/fmw121300/NODEM/java_nodemgr.htm#NODEM161

 

 

 

·         A word of caution while changing nodemanager credentials

 

You may change the password for the accessing NM services, and you can technically speaking change even the username from “weblogic” to something else. BUT after doing so, you’ll not be able to use the credential key file (which you can create with wlst storeUserConfig(), for password less authentication), for connecting to WLST.

 

More about working with WLST and nodemanager in another post.

Continue to SeeITwithSanjay!