Since yesterday, Tuesday 20th December 2016, the Oracle Database 12.1.0.2.0 and later are officially supported on Docker :-)
The corresponding My Oracle Support Note 2216342.1 can be found here: https://support.oracle.com/epmos/faces/DocContentDisplay?id=2216342.1
In the GitHub Repository of Oracle the related README is also updated to reflect the support for Oracle Database 12.1.0.2.0 and later on Docker.
All required files to build such a supported Oracle Database Instance on Docker can be found here: https://github.com/oracle/docker-images/tree/master/OracleDatabase
This Blog is discontinued, its only read-only
Pages - Menu
▼
Pages
▼
Wednesday, December 21, 2016
Friday, December 16, 2016
Accessing WebLogic Server Logfiles via RESTFul Management Services
The RESTFul Management Services within Oracle WebLogic 12c is one of the greatest features and my personal favorite.
You can achieve a lot of things with the RESTFul Management Services, like creating DataSources, perform deployments, startup and shutdown Managed Servers and so on.
But you also can access the different WebLogic Server Logfiles :-)
Let's say your developers needs access to the Logfiles of your Oracle WebLogic Server, but you don't want to give them access to your Server which is hosting your Oracle WebLogic Server.
Just create a new User in your WebLogic Admin Console and give this new User the Group "Monitor". With the Monitor Group you can access the WebLogic RESTFul Management Services.
Now your developers can retrieve the Logfiles with a simple cURL command from their desktops:
http://<servername>:<adminport>/management/wls/latest/servers/id/<ServerName>/logs/<LogType>
For the LogType you have following options:
A possible cURL request to retrieve the DomainLog of your WebLogic Domain could be as follows:
or like this:
The corresponding Logfile retrieval in JSON format will look as follows:
DomainLog:
Managed Server ServerLog:
You can achieve a lot of things with the RESTFul Management Services, like creating DataSources, perform deployments, startup and shutdown Managed Servers and so on.
But you also can access the different WebLogic Server Logfiles :-)
Let's say your developers needs access to the Logfiles of your Oracle WebLogic Server, but you don't want to give them access to your Server which is hosting your Oracle WebLogic Server.
Just create a new User in your WebLogic Admin Console and give this new User the Group "Monitor". With the Monitor Group you can access the WebLogic RESTFul Management Services.
Now your developers can retrieve the Logfiles with a simple cURL command from their desktops:
http://<servername>:<adminport>/management/wls/latest/servers/id/<ServerName>/logs/<LogType>
For the LogType you have following options:
- DataSourceLog
- DomainLog (only for AdminServer)
- HTTPAccessLog
- ServerLog
# Replace the Server Name and Port with your values # Replace the AdminServer Name "PRODAdminServer" with your AdminServer Name # curl -s --user RESTAdmin:welcome1 \ -H X-Requested-By:MyClient \ -H Accept:application/json \ -X GET http://wls122:7101/management/wls/latest/servers/id/PRODAdminServer/logs/id/DomainLog > domain.log
or like this:
# Replace the Server Name and Port with your values # Replace the Managed Server Name "Prod_ManagedServer1" with your Managed Server Name # curl -s --user RESTAdmin:welcome1 \ -H X-Requested-By:MyClient \ -H Accept:application/json \ -X GET http://wls122:7101/management/wls/latest/servers/id/Prod_ManagedServer1/logs/id/ServerLog > Prod_ManagedServer1_ServerLog.log
The corresponding Logfile retrieval in JSON format will look as follows:
DomainLog:
Managed Server ServerLog:
Permanent Re-Login for WebLogic Consoles for multiple WebLogic Domains on one Server
In case you have multiple Oracle WebLogic Server Domains on one Server running, you might realise the following problem:
Opening 2 or more WebLogic Consoles in one Browser and switching the Browser tabs between the different WebLogic Consoles, you have to re-login all the times for your different WebLogic Consoles. This is really annoying ...
The problem behind is really simple, its the WebLogic Admin Console Cookie, as for all Oracle WebLogic Admin Consoles the default Cookie Name is identical, its named "ADMINCONSOLESESSION".
In order to avoid this permanent re-login to your multiple WebLogic Admin Consoles, you simply have to configure for each Oracle WebLogic Server Domain running on the same server unique Cookie Names.
I prefer the following naming convention: Cookie Name = Domain Name.
Open your WebLogic Admin Console and navigate to the Domain Configuration.
Activate the Lock & Edit Mode under the Change Center:
Expand the Advanced Configuration Options in the Domain Configuration / General Section:
Within the Advanced Configuration Options you will find the Configuration Item "Console Cookie Name" with the default Cookie Name "ADMINCONSOLESESSION":
Change the Console Cookie Name to a unique Cookie Name, e.g. your WebLogic Domain Name and press the Save button:
Finally activate your changes under the Change Center:
After the activation of your changes, you will get a notification message, that you have to restart 1 item. To check which item you have to restart, click under the Change Center the Text Line "View changes and restarts"
Within "Changes and Restarts" under the tab "Restart Checklist" you will see that your AdminServer needs to be restarted in order to take your prior changes.
Restart your Admin Server and from now on your WebLogic Admin Console will use a unique cookie name. Perform the above steps for all WebLogic Server Domains running on your server and you will not have anymore the problem with the permanent re-login to your WebLogic Admin Console for multiple WebLogic Domains on one server.
Opening 2 or more WebLogic Consoles in one Browser and switching the Browser tabs between the different WebLogic Consoles, you have to re-login all the times for your different WebLogic Consoles. This is really annoying ...
The problem behind is really simple, its the WebLogic Admin Console Cookie, as for all Oracle WebLogic Admin Consoles the default Cookie Name is identical, its named "ADMINCONSOLESESSION".
In order to avoid this permanent re-login to your multiple WebLogic Admin Consoles, you simply have to configure for each Oracle WebLogic Server Domain running on the same server unique Cookie Names.
I prefer the following naming convention: Cookie Name = Domain Name.
Open your WebLogic Admin Console and navigate to the Domain Configuration.
Activate the Lock & Edit Mode under the Change Center:
Expand the Advanced Configuration Options in the Domain Configuration / General Section:
Within the Advanced Configuration Options you will find the Configuration Item "Console Cookie Name" with the default Cookie Name "ADMINCONSOLESESSION":
Change the Console Cookie Name to a unique Cookie Name, e.g. your WebLogic Domain Name and press the Save button:
Finally activate your changes under the Change Center:
After the activation of your changes, you will get a notification message, that you have to restart 1 item. To check which item you have to restart, click under the Change Center the Text Line "View changes and restarts"
Within "Changes and Restarts" under the tab "Restart Checklist" you will see that your AdminServer needs to be restarted in order to take your prior changes.
Restart your Admin Server and from now on your WebLogic Admin Console will use a unique cookie name. Perform the above steps for all WebLogic Server Domains running on your server and you will not have anymore the problem with the permanent re-login to your WebLogic Admin Console for multiple WebLogic Domains on one server.
Thursday, December 15, 2016
WLST Error "General SSLEngine problem" after Nodemanager SSL Configuration
In case you configured your WebLogic Nodemanager with SSL, you might run into the following error while using nmConnect via WLST.
My current nodemanager configuration is as follows:
The solution to be able to connect via WLST to your Nodemanager is pretty simple, just modify the $ORACLE_HOME/oracle_common/common/bin/wlst.sh as follows:
After the above modifications you can use WLST to connect to the Nodemanager with the nmConnect command.
cd $ORACLE_HOME/oracle_common/common/bin ./wlst.sh Initializing WebLogic Scripting Tool (WLST) ... Welcome to WebLogic Server Administration Scripting Shell Type help() for help on available commands wls:/offline> nmConnect('nodemanager', 'welcome1', 'soaserver1', '5556', 'demo_domain' , '/u00/app/oracle/user_projects/domains/demo_domain' , 'ssl') Connecting to Node Manager ... <Dec 15, 2016 2:22:30 PM CET> <Info> <Security> <BEA-090905> <Disabling the CryptoJ JCE Provider self-integrity check for better startup performance. To enable this check, specify -Dweblogic.security.allowCryptoJDefaultJCEVerification=true.> <Dec 15, 2016 2:22:30 PM CET> <Info> <Security> <BEA-090906> <Changing the default Random Number Generator in RSA CryptoJ from ECDRBG128 to HMACDRBG. To disable this change, specify -Dweblogic.security.allowCryptoJDefaultPRNG=true.> <Dec 15, 2016 2:22:30 PM CET> <Info> <Security> <BEA-090909> <Using the configured custom SSL Hostname Verifier implementation: weblogic.security.utils.SSLWLSHostnameVerifier$NullHostnameVerifier.> Traceback (innermost last): File "<console>", line 1, in ? File "<iostream>", line 111, in nmConnect File "<iostream>", line 553, in raiseWLSTException WLSTException: Error occurred while performing nmConnect : Cannot connect to Node Manager. : General SSLEngine problem Use dumpStack() to view the full stacktrace :
My current nodemanager configuration is as follows:
#Node manager properties #Fri Dec 09 12:04:54 CET 2016 DomainsFile=/u00/app/oracle/user_projects/domains/demo_domain/nodemanager/nodemanager.domains LogLimit=0 PropertiesVersion=12.2.1.2.0 AuthenticationEnabled=true NodeManagerHome=/u00/app/oracle/user_projects/domains/demo_domain/nodemanager JavaHome=/u00/app/oracle/product/jdk1.8.0_101 LogLevel=INFO DomainsFileEnabled=true ListenAddress=soaserver1 NativeVersionEnabled=true ListenPort=5556 LogToStderr=true weblogic.StartScriptName=startWebLogic.sh SecureListener=true LogCount=1 QuitEnabled=false LogAppend=true weblogic.StopScriptEnabled=false StateCheckInterval=500 CrashRecoveryEnabled=false weblogic.StartScriptEnabled=true LogFile=/u00/app/oracle/user_projects/domains/demo_domain/nodemanager/nodemanager.log LogFormatter=weblogic.nodemanager.server.LogFormatter ListenBacklog=50 KeyStores=CustomIdentityAndCustomTrust CustomIdentityKeystoreType=jks CustomIdentityKeyStoreFileName=/home/soa/keystore/identity.jks CustomIdentityKeyStorePassPhrase={AES}rQXxLXU2h6IBTrreiBVce3kGEfK8d4uUzsb+WKQqCu8= CustomIdentityPrivateKeyPassPhrase={AES}M0Wl5V0kcCy27txsYyFzngS2jUoShI92PNlKUWb+JQo= CustomIdentityAlias=selfsigned CustomTrustKeystoreType=jks CustomTrustKeyStoreFileName=/home/soa/keystore/trust.jks CustomTrustKeyStorePassPhrase=
The solution to be able to connect via WLST to your Nodemanager is pretty simple, just modify the $ORACLE_HOME/oracle_common/common/bin/wlst.sh as follows:
# # Search for the line # JVM_ARGS="${WLST_PROPERTIES} ${JVM_D64} ${UTILS_MEM_ARGS} ${CONFIG_JVM_ARGS}" # Add before the JVM_ARGS line following lines with the shown JAVA_OPTIONS # and replace the line # eval '"${JAVA_HOME}/bin/java"' ${JVM_ARGS} weblogic.WLST '"$@"' # as shown below with # eval '"${JAVA_HOME}/bin/java"' ${JVM_ARGS} ${JAVA_OPTIONS} weblogic.WLST '"$@"' # JAVA_OPTIONS="-Dweblogic.ssl.JSSEEnabled=true ${JAVA_OPTIONS}" JAVA_OPTIONS="-Dweblogic.security.SSL.enableJSSE="true" ${JAVA_OPTIONS}" JAVA_OPTIONS="-Dweblogic.security.SSL.ignoreHostnameVerification=true ${JAVA_OPTIONS}" JAVA_OPTIONS="-Dweblogic.security.TrustKeyStore=CustomTrust ${JAVA_OPTIONS}" JAVA_OPTIONS="-Dweblogic.security.CustomTrustKeyStoreFileName=/home/soa/keystore/trust.jks ${JAVA_OPTIONS}" JAVA_OPTIONS="-Dweblogic.security.CustomTrustKeyStorePassPhrase=welcome1 ${JAVA_OPTIONS}" JAVA_OPTIONS="-Dweblogic.security.CustomTrustKeyStoreType=JKS ${JAVA_OPTIONS}" export JAVA_OPTIONS JVM_ARGS="${WLST_PROPERTIES} ${JVM_D64} ${UTILS_MEM_ARGS} ${CONFIG_JVM_ARGS}" if [ -d "${JAVA_HOME}" ]; then # eval '"${JAVA_HOME}/bin/java"' ${JVM_ARGS} weblogic.WLST '"$@"' eval '"${JAVA_HOME}/bin/java"' ${JVM_ARGS} ${JAVA_OPTIONS} weblogic.WLST '"$@"' else exit 1 fi
After the above modifications you can use WLST to connect to the Nodemanager with the nmConnect command.
cd $ORACLE_HOME/oracle_common/common/bin ./wlst.sh Initializing WebLogic Scripting Tool (WLST) ... Welcome to WebLogic Server Administration Scripting Shell Type help() for help on available commands wls:/offline> nmConnect('nodemanager', 'welcome1', 'soaserver1', '5556', 'demo_domain' , '/u00/app/oracle/user_projects/domains/demo_domain' , 'ssl') Connecting to Node Manager ... <Dec 15, 2016 2:38:15 PM CET> <Info> <Security> <BEA-090905> <Disabling the CryptoJ JCE Provider self-integrity check for better startup performance. To enable this check, specify -Dweblogic.security.allowCryptoJDefaultJCEVerification=true.> <Dec 15, 2016 2:38:15 PM CET> <Info> <Security> <BEA-090906> <Changing the default Random Number Generator in RSA CryptoJ from ECDRBG128 to HMACDRBG. To disable this change, specify -Dweblogic.security.allowCryptoJDefaultPRNG=true.> <Dec 15, 2016 2:38:16 PM CET> <Info> <Security> <BEA-090909> <Using the configured custom SSL Hostname Verifier implementation: weblogic.security.utils.SSLWLSHostnameVerifier$NullHostnameVerifier./gt; Successfully Connected to Node Manager.
Friday, December 9, 2016
Install and Configure Oracle SOA Suite 12c with 2 different Linux Users
I am currently involved in a project were one requirement is, that the Oracle Software (WebLogic Server and Oracle SOA Suite) is installed by one Linux User and the on top to be used Oracle SOA Domain should be created and started as another Linux User.
In general that's according to the Oracle Documentation for Oracle SOA Suite 12.2.1.2.0 possible
But there is a small and important note: Certain domain files do not have the group permissions. For example, cwallet.sso.
Oracle is just providing one file (cwallet.sso) out of certain files which are lacking from the correct group permission.
Before you run in the same try-and-error procedure to find out the complete list of files which needs to be aligned, here are my list of files, which I aligned and afterwards I could create my SOA Domain under a second Linux User.
Let's assume following scenario:
Connect as Oracle Software Owner oracle and perform following chmod commands
After the above alignments you can start to create your SOA Domain with $ORACLE_HOME/oracle_common/common/bin/config.sh as Linux User soa.
In general that's according to the Oracle Documentation for Oracle SOA Suite 12.2.1.2.0 possible
But there is a small and important note: Certain domain files do not have the group permissions. For example, cwallet.sso.
Oracle is just providing one file (cwallet.sso) out of certain files which are lacking from the correct group permission.
Before you run in the same try-and-error procedure to find out the complete list of files which needs to be aligned, here are my list of files, which I aligned and afterwards I could create my SOA Domain under a second Linux User.
Let's assume following scenario:
- Oracle Software Owner is: oracle
- Primary Group of User oracle is: oinstall
- SOA Domain Owner is: soa
- Primary Group of User soa is: oinstall
Connect as Oracle Software Owner oracle and perform following chmod commands
chmod 660 $ORACLE_HOME/oracle_common/modules/oracle.jps/domain_config/wls/system-jazn-data.xml chmod 660 $ORACLE_HOME/oracle_common/modules/oracle.jps/domain_config/cwallet.sso chmod 660 $ORACLE_HOME/oracle_common/modules/oracle.jps/domain_config/audit-store.xml
After the above alignments you can start to create your SOA Domain with $ORACLE_HOME/oracle_common/common/bin/config.sh as Linux User soa.