Did you forgot your Node Manager Username and Password?

Posted by Dirk Nachbar on Tuesday, October 18, 2016 with No comments
Long time ago I've been publishing a blog post "Did you forgot your WebLogic Admin User Password?", now it's time to have a look on the topic, did you forgot your Node Manager Username and Password?

The following steps are working with Oracle WebLogic Server 12.x

Login to the server which is hosting your Oracle WebLogic Server environment and start the wlst utility and connect as weblogic user to your WebLogic Domain:

$ORACLE_HOME/oracle_common/common/bin/wlst.sh
Initializing WebLogic Scripting Tool (WLST) ...

Welcome to WebLogic Server Administration Scripting Shell

Type help() for help on available commands

#
# At first we connect with the weblogic user to our WebLogic Domain
#
wls:/offline> connect('weblogic','Welcome01','wls122:7001')
Connecting to t3://wls122:7001 with userid weblogic ...
Successfully connected to Admin Server "DemoAdminServer" that belongs to domain "demo_domain".

Warning: An insecure protocol was used to connect to the server. 
To ensure on-the-wire security, the SSL port or Admin port should be used instead.
#
# Switch to the edit mode
#
wls:/demo_domain/serverConfig/> edit()
Location changed to edit tree.   
This is a writable tree with DomainMBean as the root.   
To make changes you will need to start an edit session via startEdit(). 
For more help, use help('edit').
#
# Perform startEdit
#
wls:/demo_domain/edit/> startEdit()
Starting an edit session ...
Started edit session, be sure to save and activate your changes once you are done.
#
# Change to the SecurityConfiguration Tree of your Domain,
# replace the Domain Name with your Domain Name
#
wls:/demo_domain/edit/ !> cd('SecurityConfiguration/demo_domain')
#
# List all configuration beans, attribute names and values of the current tree
# You can see the Node Manager Username under the attribute name NodeManagerUsername
# The Password of the Node Manager Username is not visible under the attribute NodeManagerPassword
# The attribute ClearTextCredentialAccessEnabled is set to false
#
wls:/demo_domain/edit/SecurityConfiguration/demo_domain !> ls()
dr--   CertRevoc
dr--   DefaultRealm
dr--   JASPIC
dr--   Realms
dr--   SecureMode

-rw-   AdministrativeIdentityDomain                 null
-rw-   AnonymousAdminLookupEnabled                  false
-rw-   ClearTextCredentialAccessEnabled             false
-rw-   CompatibilityConnectionFiltersEnabled        false
-rw-   ConnectionFilter                             null
-rw-   ConnectionFilterRules                        null
-rw-   ConnectionLoggerEnabled                      false
-rw-   ConsoleFullDelegationEnabled                 false
-rw-   Credential                                   ******
-rw-   CredentialEncrypted                          ******
-rw-   CrossDomainSecurityEnabled                   false
-rw-   DowngradeUntrustedPrincipals                 false
-r--   DynamicallyCreated                           false
-rw-   EnforceStrictURLPattern                      true
-rw-   EnforceValidBasicAuthCredentials             true
-rw-   ExcludedDomainNames                          null
-r--   Id                                           0
-rw-   IdentityDomainAwareProvidersRequired         false
-rw-   Name                                         demo_domain
-rw-   NodeManagerPassword                          ******
-rw-   NodeManagerPasswordEncrypted                 ******
-rw-   NodeManagerUsername                          nodemanager
-rw-   NonceTimeoutSeconds                          120
-rw-   Notes                                        null
-rw-   PrincipalEqualsCaseInsensitive               false
-rw-   PrincipalEqualsCompareDnAndGuid              false
-rw-   Tags                                         null
-r--   Type                                         SecurityConfiguration
-rw-   UseKSSForDemo                                false
-rw-   WebAppFilesCaseInsensitive                   false

-r-x   addTag                                       Boolean : String(tag)
-r-x   findDefaultRealm                             WebLogicMBean : 
-r-x   findRealm                                    WebLogicMBean : String(realmDisplayName)
-r-x   findRealms                                   WebLogicMBean[] : 
-r-x   freezeCurrentValue                           Void : String(attributeName)
-r-x   generateCredential                           [B : 
-r-x   getInheritedProperties                       String[] : String[](propertyNames)
-r-x   isInherited                                  Boolean : String(propertyName)
-r-x   isSet                                        Boolean : String(propertyName)
-r-x   removeTag                                    Boolean : String(tag)
-r-x   restoreDefaultValue                          Void : String(attributeName)
-r-x   unSet                                        Void : String(propertyName)

#
# Now lets switch the attribute setClearTextCredentialAccessEnabled to true
# and perform the listing again, I will only show the modified attribute
#
wls:/demo_domain/edit/SecurityConfiguration/demo_domain !> cmo.setClearTextCredentialAccessEnabled(true)
wls:/demo_domain/edit/SecurityConfiguration/demo_domain !> ls()
. . .
. . .
-rw-   ClearTextCredentialAccessEnabled             true
. . .
. . .
#
# Now validate, save and activate the changes
#
wls:/demo_domain/edit/SecurityConfiguration/demo_domain !> validate()
Validating changes ...
Validated the changes successfully
wls:/demo_domain/edit/SecurityConfiguration/demo_domain !> save()
Saving all your changes ...
Saved all your changes successfully.
wls:/demo_domain/edit/SecurityConfiguration/demo_domain !> activate()
Activating all your changes, this may take a while ... 
The edit lock associated with this edit session is released once the activation is completed.
Activation completed
#
# Now we can retrieve the password of the Node Manager User
#
wls:/demo_domain/edit/SecurityConfiguration/demo_domain> get('/SecurityConfiguration/demo_domain/NodeManagerPassword')
'Oracle12c'
wls:/demo_domain/edit/SecurityConfiguration/demo_domain> exit()

In order to test the correctness of the above retrieved values for the Node Manager Username and Password just perform a short connection test.
$ORACLE_HOME/oracle_common/common/bin/wlst.sh
Initializing WebLogic Scripting Tool (WLST) ...

Welcome to WebLogic Server Administration Scripting Shell

Type help() for help on available commands
#
# Perform a nmConnect with the above retrieved data
# for the Node Manager Username and Password
#
wls:/offline> nmConnect(domainName='demo_domain', username='nodemanager', password='Oracle12c')
Connecting to Node Manager ...
Successfully Connected to Node Manager.
wls:/nm/demo_domain> nmDisconnect()
Successfully disconnected from Node Manager.
wls:/offline> exit()

After you have successfully verified the retrieved data, you should switch back the ClearTextCredentialAccessEnabled to false

$ORACLE_HOME/oracle_common/common/bin/wlst.sh
Initializing WebLogic Scripting Tool (WLST) ...

Welcome to WebLogic Server Administration Scripting Shell

Type help() for help on available commands

#
# At first we connect with the weblogic user to our WebLogic Domain
#
wls:/offline> connect('weblogic','Welcome01','wls122:7001')
Connecting to t3://wls122:7001 with userid weblogic ...
Successfully connected to Admin Server "DemoAdminServer" that belongs to domain "demo_domain".

Warning: An insecure protocol was used to connect to the server. 
To ensure on-the-wire security, the SSL port or Admin port should be used instead.
#
# Switch to the edit mode
#
wls:/demo_domain/serverConfig/> edit()
Location changed to edit tree.   
This is a writable tree with DomainMBean as the root.   
To make changes you will need to start an edit session via startEdit(). 
For more help, use help('edit').
#
# Perform startEdit
#
wls:/demo_domain/edit/> startEdit()
Starting an edit session ...
Started edit session, be sure to save and activate your changes once you are done.
#
# Change to the SecurityConfiguration Tree of your Domain,
# replace the Domain Name with your Domain Name
#
wls:/demo_domain/edit/ !> cd('SecurityConfiguration/demo_domain')
#
# Switch back the value for ClearTextCredentialAccessEnabled to false
# and validate, save and activate your changes
#
wls:/demo_domain/edit/ !> cmo.setClearTextCredentialAccessEnabled(false)
wls:/demo_domain/edit/SecurityConfiguration/demo_domain !> validate()
Validating changes ...
Validated the changes successfully
wls:/demo_domain/edit/SecurityConfiguration/demo_domain !> save()
Saving all your changes ...
Saved all your changes successfully.
wls:/demo_domain/edit/SecurityConfiguration/demo_domain !> activate()
Activating all your changes, this may take a while ... 
The edit lock associated with this edit session is released once the activation is completed.
Activation completed
wls:/demo_domain/edit/SecurityConfiguration/demo_domain> exit()

With just some simple commands within wlst you can retrieve the Username and Password of your Node Manager User.




Reaktionen: