This Blog is discontinued, its only read-only

Wednesday, December 21, 2016

Oracle Database 12.1.0.2.0 are officially supported on Docker

Since yesterday, Tuesday 20th December 2016, the Oracle Database 12.1.0.2.0 and later are officially supported on Docker :-)

The corresponding My Oracle Support Note 2216342.1 can be found here: https://support.oracle.com/epmos/faces/DocContentDisplay?id=2216342.1


In the GitHub Repository of Oracle the related README is also updated to reflect the support for Oracle Database 12.1.0.2.0 and later on Docker.
All required files to build such a supported Oracle Database Instance on Docker can be found here: https://github.com/oracle/docker-images/tree/master/OracleDatabase


Friday, December 16, 2016

Accessing WebLogic Server Logfiles via RESTFul Management Services

The RESTFul Management Services within Oracle WebLogic 12c is one of the greatest features and my personal favorite.

You can achieve a lot of things with the RESTFul Management Services, like creating DataSources, perform deployments, startup and shutdown Managed Servers and so on.

But you also can access the different WebLogic Server Logfiles :-)

Let's say your developers needs access to the Logfiles of your Oracle WebLogic Server, but you don't want to give them access to your Server which is hosting your Oracle WebLogic Server.
Just create a new User in your WebLogic Admin Console and give this new User the Group "Monitor". With the Monitor Group you can access the WebLogic RESTFul Management Services.

Now your developers can retrieve the Logfiles with a simple cURL command from their desktops:

http://<servername>:<adminport>/management/wls/latest/servers/id/<ServerName>/logs/<LogType>

For the LogType you have following options:
  • DataSourceLog
  • DomainLog (only for AdminServer)
  • HTTPAccessLog
  • ServerLog


A possible cURL request to retrieve the DomainLog of your WebLogic Domain could be as follows:

# Replace the Server Name and Port with your values
# Replace the AdminServer Name "PRODAdminServer" with your AdminServer Name
#
curl -s --user RESTAdmin:welcome1 \
        -H X-Requested-By:MyClient \
        -H Accept:application/json \
        -X GET http://wls122:7101/management/wls/latest/servers/id/PRODAdminServer/logs/id/DomainLog > domain.log

or like this:

# Replace the Server Name and Port with your values
# Replace the Managed Server Name "Prod_ManagedServer1" with your Managed Server Name
#
curl -s --user RESTAdmin:welcome1 \
        -H X-Requested-By:MyClient \
        -H Accept:application/json \
        -X GET http://wls122:7101/management/wls/latest/servers/id/Prod_ManagedServer1/logs/id/ServerLog > Prod_ManagedServer1_ServerLog.log

The corresponding Logfile retrieval in JSON format will look as follows:

DomainLog:


Managed Server ServerLog:



Permanent Re-Login for WebLogic Consoles for multiple WebLogic Domains on one Server

In case you have multiple Oracle WebLogic Server Domains on one Server running, you might realise the following problem:

Opening 2 or more WebLogic Consoles in one Browser and switching the Browser tabs between the different WebLogic Consoles, you have to re-login all the times for your different WebLogic Consoles. This is really annoying ...

The problem behind is really simple, its the WebLogic Admin Console Cookie, as for all Oracle WebLogic Admin Consoles the default Cookie Name is identical, its named "ADMINCONSOLESESSION".

In order to avoid this permanent re-login to your multiple WebLogic Admin Consoles, you simply have to configure for each Oracle WebLogic Server Domain running on the same server unique Cookie Names.
I prefer the following naming convention: Cookie Name = Domain Name.

Open your WebLogic Admin Console and navigate to the Domain Configuration.


Activate the Lock & Edit Mode under the Change Center:


Expand the Advanced Configuration Options in the Domain Configuration / General Section:


Within the Advanced Configuration Options you will find the Configuration Item "Console Cookie Name" with the default Cookie Name "ADMINCONSOLESESSION":


Change the Console Cookie Name to a unique Cookie Name, e.g. your WebLogic Domain Name and press the Save button:


Finally activate your changes under the Change Center:


After the activation of your changes, you will get a notification message, that you have to restart 1 item. To check which item you have to restart, click under the Change Center the Text Line "View changes and restarts"


Within "Changes and Restarts" under the tab "Restart Checklist" you will see that your AdminServer needs to be restarted in order to take your prior changes.


Restart your Admin Server and from now on your WebLogic Admin Console will use a unique cookie name. Perform the above steps for all WebLogic Server Domains running on your server and you will not have anymore the problem with the permanent re-login to your WebLogic Admin Console for multiple WebLogic Domains on one server.

Thursday, December 15, 2016

WLST Error "General SSLEngine problem" after Nodemanager SSL Configuration

In case you configured your WebLogic Nodemanager with SSL, you might run into the following error while using nmConnect via WLST.


cd $ORACLE_HOME/oracle_common/common/bin
./wlst.sh

Initializing WebLogic Scripting Tool (WLST) ...

Welcome to WebLogic Server Administration Scripting Shell

Type help() for help on available commands

wls:/offline> nmConnect('nodemanager', 'welcome1', 'soaserver1', '5556', 'demo_domain' , '/u00/app/oracle/user_projects/domains/demo_domain' , 'ssl')
Connecting to Node Manager ...
<Dec 15, 2016 2:22:30 PM CET> <Info> <Security> <BEA-090905> <Disabling the CryptoJ JCE Provider self-integrity check for better startup performance. To enable this check, specify -Dweblogic.security.allowCryptoJDefaultJCEVerification=true.> 
<Dec 15, 2016 2:22:30 PM CET> <Info> <Security> <BEA-090906> <Changing the default Random Number Generator in RSA CryptoJ from ECDRBG128 to HMACDRBG. To disable this change, specify -Dweblogic.security.allowCryptoJDefaultPRNG=true.> 
<Dec 15, 2016 2:22:30 PM CET> <Info> <Security> <BEA-090909> <Using the configured custom SSL Hostname Verifier implementation: weblogic.security.utils.SSLWLSHostnameVerifier$NullHostnameVerifier.> 
Traceback (innermost last):
  File "<console>", line 1, in ?
  File "<iostream>", line 111, in nmConnect
  File "<iostream>", line 553, in raiseWLSTException
WLSTException: Error occurred while performing nmConnect : Cannot connect to Node Manager. : General SSLEngine problem 
Use dumpStack() to view the full stacktrace :


My current nodemanager configuration is as follows:

#Node manager properties
#Fri Dec 09 12:04:54 CET 2016
DomainsFile=/u00/app/oracle/user_projects/domains/demo_domain/nodemanager/nodemanager.domains
LogLimit=0
PropertiesVersion=12.2.1.2.0
AuthenticationEnabled=true
NodeManagerHome=/u00/app/oracle/user_projects/domains/demo_domain/nodemanager
JavaHome=/u00/app/oracle/product/jdk1.8.0_101
LogLevel=INFO
DomainsFileEnabled=true
ListenAddress=soaserver1
NativeVersionEnabled=true
ListenPort=5556
LogToStderr=true
weblogic.StartScriptName=startWebLogic.sh
SecureListener=true
LogCount=1
QuitEnabled=false
LogAppend=true
weblogic.StopScriptEnabled=false
StateCheckInterval=500
CrashRecoveryEnabled=false
weblogic.StartScriptEnabled=true
LogFile=/u00/app/oracle/user_projects/domains/demo_domain/nodemanager/nodemanager.log
LogFormatter=weblogic.nodemanager.server.LogFormatter
ListenBacklog=50
KeyStores=CustomIdentityAndCustomTrust
CustomIdentityKeystoreType=jks
CustomIdentityKeyStoreFileName=/home/soa/keystore/identity.jks
CustomIdentityKeyStorePassPhrase={AES}rQXxLXU2h6IBTrreiBVce3kGEfK8d4uUzsb+WKQqCu8=
CustomIdentityPrivateKeyPassPhrase={AES}M0Wl5V0kcCy27txsYyFzngS2jUoShI92PNlKUWb+JQo=
CustomIdentityAlias=selfsigned
CustomTrustKeystoreType=jks
CustomTrustKeyStoreFileName=/home/soa/keystore/trust.jks
CustomTrustKeyStorePassPhrase=


The solution to be able to connect via WLST to your Nodemanager is pretty simple, just modify the $ORACLE_HOME/oracle_common/common/bin/wlst.sh as follows:

#
# Search for the line 
#    JVM_ARGS="${WLST_PROPERTIES} ${JVM_D64} ${UTILS_MEM_ARGS} ${CONFIG_JVM_ARGS}"
# Add before the JVM_ARGS line following lines with the shown JAVA_OPTIONS
# and replace the line 
#    eval '"${JAVA_HOME}/bin/java"' ${JVM_ARGS} weblogic.WLST '"$@"'
# as shown below with
#    eval '"${JAVA_HOME}/bin/java"' ${JVM_ARGS} ${JAVA_OPTIONS} weblogic.WLST '"$@"'
#
JAVA_OPTIONS="-Dweblogic.ssl.JSSEEnabled=true ${JAVA_OPTIONS}"
JAVA_OPTIONS="-Dweblogic.security.SSL.enableJSSE="true" ${JAVA_OPTIONS}"
JAVA_OPTIONS="-Dweblogic.security.SSL.ignoreHostnameVerification=true ${JAVA_OPTIONS}"
JAVA_OPTIONS="-Dweblogic.security.TrustKeyStore=CustomTrust ${JAVA_OPTIONS}"
JAVA_OPTIONS="-Dweblogic.security.CustomTrustKeyStoreFileName=/home/soa/keystore/trust.jks ${JAVA_OPTIONS}"
JAVA_OPTIONS="-Dweblogic.security.CustomTrustKeyStorePassPhrase=welcome1 ${JAVA_OPTIONS}"
JAVA_OPTIONS="-Dweblogic.security.CustomTrustKeyStoreType=JKS ${JAVA_OPTIONS}"
export JAVA_OPTIONS

JVM_ARGS="${WLST_PROPERTIES} ${JVM_D64} ${UTILS_MEM_ARGS} ${CONFIG_JVM_ARGS}"
if [ -d "${JAVA_HOME}" ]; then
 # eval '"${JAVA_HOME}/bin/java"' ${JVM_ARGS} weblogic.WLST '"$@"'
 eval '"${JAVA_HOME}/bin/java"' ${JVM_ARGS} ${JAVA_OPTIONS} weblogic.WLST '"$@"'
else
 exit 1
fi


After the above modifications you can use WLST to connect to the Nodemanager with the nmConnect command.

cd $ORACLE_HOME/oracle_common/common/bin
./wlst.sh

Initializing WebLogic Scripting Tool (WLST) ...

Welcome to WebLogic Server Administration Scripting Shell

Type help() for help on available commands

wls:/offline> nmConnect('nodemanager', 'welcome1', 'soaserver1', '5556', 'demo_domain' , '/u00/app/oracle/user_projects/domains/demo_domain' , 'ssl')
Connecting to Node Manager ...
<Dec 15, 2016 2:38:15 PM CET> <Info> <Security> <BEA-090905> <Disabling the CryptoJ JCE Provider self-integrity check for better startup performance. To enable this check, specify -Dweblogic.security.allowCryptoJDefaultJCEVerification=true.> 

<Dec 15, 2016 2:38:15 PM CET> <Info> <Security> <BEA-090906> <Changing the default Random Number Generator in RSA CryptoJ from ECDRBG128 to HMACDRBG. To disable this change, specify -Dweblogic.security.allowCryptoJDefaultPRNG=true.> 

<Dec 15, 2016 2:38:16 PM CET> <Info> <Security> <BEA-090909> <Using the configured custom SSL Hostname Verifier implementation: weblogic.security.utils.SSLWLSHostnameVerifier$NullHostnameVerifier./gt; 

Successfully Connected to Node Manager.


Friday, December 9, 2016

Install and Configure Oracle SOA Suite 12c with 2 different Linux Users

I am currently involved in a project were one requirement is, that the Oracle Software (WebLogic Server and Oracle SOA Suite) is installed by one Linux User and the on top to be used Oracle SOA Domain should be created and started as another Linux User.

In general that's according to the Oracle Documentation for Oracle SOA Suite 12.2.1.2.0 possible


But there is a small and important note: Certain domain files do not have the group permissions. For example, cwallet.sso.

Oracle is just providing one file (cwallet.sso) out of certain files which are lacking from the correct group permission.

Before you run in the same try-and-error procedure to find out the complete list of files which needs to be aligned, here are my list of files, which I aligned and afterwards I could create my SOA Domain under a second Linux User.

Let's assume following scenario:

  • Oracle Software Owner is: oracle
  • Primary Group of User oracle is: oinstall
  • SOA Domain Owner is: soa
  • Primary Group of User soa is: oinstall

Connect as Oracle Software Owner oracle and perform following chmod commands

chmod 660 $ORACLE_HOME/oracle_common/modules/oracle.jps/domain_config/wls/system-jazn-data.xml
chmod 660 $ORACLE_HOME/oracle_common/modules/oracle.jps/domain_config/cwallet.sso
chmod 660 $ORACLE_HOME/oracle_common/modules/oracle.jps/domain_config/audit-store.xml

After the above alignments you can start to create your SOA Domain with $ORACLE_HOME/oracle_common/common/bin/config.sh as Linux User soa.


Monday, November 14, 2016

Controlling Oracle WebLogic Server via RESTFul Management Service

RESTFul Management Services are really powerful in terms of monitoring your Oracle WebLogic Server Domain, but you can also use RESTFul Management Services to control your Oracle WebLogic Server Domain.

RESTFul Management Services are enabling you to startup, suspend, resume and shutdown for example your Managed Servers.

All what you need is cURL, the Admin User and Password of your Oracle WebLogic Server, Hostname of your Oracle WebLogic Domain and the Port of your AdminServer.

# cURL syntax to start up the Managed Server called DemoManagedServer1
#
curl -s --user weblogic:welcome1 \
> -H X-Requested-By:MyClient \
> -H Accept:application/json \
> -X POST http://localhost:7001/management/wls/latest/servers/id/DemoManagedServer1/start
{
    "item": {
        "beginTime": 1479137278206,
        "endTime": 1479137293451,
        "status": "completed",
        "description": "Starting DemoManagedServer1 server ...",
        "serverName": "DemoManagedServer1",
        "operation": "start",
        "name": "_0_start",
        "id": "DemoManagedServer1:_0_start",
        "type": "server"
    },
    "messages": [{
        "message": "Started the server 'DemoManagedServer1'.",
        "severity": "SUCCESS"
    }],
    "links": [{
        "rel": "job",
        "uri": "http:\/\/localhost:7001\/management\/wls\/latest\/jobs\/server\/id\/DemoManagedServer1:_0_start"
    }]

# cURL syntax to suspend the Managed Server called DemoManagedServer1
#
curl -s --user weblogic:welcome1 \
> -H X-Requested-By:MyClient \
> -H Accept:application/json \
> -X POST http://localhost:7001/management/wls/latest/servers/id/DemoManagedServer1/suspend
{
    "item": {
        "beginTime": 1479137373341,
        "endTime": 1479137378061,
        "status": "completed",
        "description": "suspending DemoManagedServer1 server ...",
        "serverName": "DemoManagedServer1",
        "operation": "suspending",
        "name": "_1_suspendWithTimeout",
        "id": "DemoManagedServer1:_1_suspendWithTimeout",
        "type": "server"
    },
    "messages": [{
        "message": "Suspended the server 'DemoManagedServer1'.",
        "severity": "SUCCESS"
    }],
    "links": [{
        "rel": "job",
        "uri": "http:\/\/localhost:7001\/management\/wls\/latest\/jobs\/server\/id\/DemoManagedServer1:_1_suspendWithTimeout"
    }]

# cURL syntax to resume the Managed Server called DemoManagedServer1
#
curl -s --user weblogic:welcome1 \
> -H X-Requested-By:MyClient \
> -H Accept:application/json \
> -X POST http://localhost:7001/management/wls/latest/servers/id/DemoManagedServer1/resume
{
    "item": {
        "beginTime": 1479137414870,
        "endTime": 1479137420100,
        "status": "completed",
        "description": "Resuming DemoManagedServer1 server ...",
        "serverName": "DemoManagedServer1",
        "operation": "resume",
        "name": "_2_resume",
        "id": "DemoManagedServer1:_2_resume",
        "type": "server"
    },
    "messages": [{
        "message": "Resumed the server 'DemoManagedServer1'.",
        "severity": "SUCCESS"
    }],
    "links": [{
        "rel": "job",
        "uri": "http:\/\/localhost:7001\/management\/wls\/latest\/jobs\/server\/id\/DemoManagedServer1:_2_resume"
    }]

# cURL syntax to shutdown the Managed Server called DemoManagedServer1
#
curl -s --user weblogic:welcome1 \
> -H X-Requested-By:MyClient \
> -H Accept:application/json \
> -X POST http://localhost:7001/management/wls/latest/servers/id/DemoManagedServer1/shutdown
{
    "item": {
        "beginTime": 1479137450438,
        "endTime": 1479137457385,
        "status": "completed",
        "description": "Shutting down DemoManagedServer1 server ...",
        "serverName": "DemoManagedServer1",
        "operation": "shutdown",
        "name": "_3_shutdown",
        "id": "DemoManagedServer1:_3_shutdown",
        "type": "server"
    },
    "messages": [{
        "message": "Shutdown the server 'DemoManagedServer1'.",
        "severity": "SUCCESS"
    }],
    "links": [{
        "rel": "job",
        "uri": "http:\/\/localhost:7001\/management\/wls\/latest\/jobs\/server\/id\/DemoManagedServer1:_3_shutdown"
    }]



And with a bit of scripting you can create a UNIX Wrapper Shell script to cover all above described startup, suspend, resume and shutdown operations.

Tuesday, November 8, 2016

Running Oracle HTTP Server 12c with Privileged Port

In some cases you need to configure a privileged port (less than 1024, typically port 80) within your Oracle HTTP Server 12c Instance.

At first create your Oracle HTTP Server Instance with the wlst tool:

cd $ORACLE_HOME/oracle_common/common/bin
./wlst.sh
Initializing WebLogic Scripting Tool (WLST) ...

Welcome to WebLogic Server Administration Scripting Shell

Type help() for help on available commands
#
# Connect to the WebLogic Domain with your weblogic user,
# password and correct host and port
#
wls:/offline>connect('weblogic','welcome01', 'localhost:7001')
Connecting to t3://localhost:7001 with userid weblogic ...
Successfully connected to Admin Server "FRAdminServer" that belongs to domain "fr_domain".

Warning: An insecure protocol was used to connect to the server. 
To ensure on-the-wire security, the SSL port or Admin port should be used instead.

#
# Provide a unique name for the instanceName and
# provide the Machine Name of your WebLogic Server Domain
# The Machine Name be found within the WebLogic Server Console
# under "Environment / Machine"
#
wls:/fr_domain/serverConfig/> ohs_createInstance(instanceName='ohs2', machine='AdminServerMachine')
Location changed to edit custom tree. This is a writable tree with No root.
For more help, use help('editCustom')

Starting an edit session ...
Started edit session, be sure to save and activate your changes once you are done.
Saving all your changes ...
Saved all your changes successfully.
Activating all your changes, this may take a while ... 
The edit lock associated with this edit session is released once the activation is completed.
Activation completed
OHS instance "ohs2" was successfully created.
wls:/fr_domain/serverConfig/> exit()

As next navigate to your $DOMAIN_HOME/config/fmwconfig/components/OHS/instances/<Your_OHS_InstanceName>/ directory and modify the httpd.conf file as follows:

# Search for the Listen Directive and align to port 80
Listen 80

The next step will be to change the permissions of the $ORACLE_HOME/ohs/bin/launch executable, login as root user to your Server and perform following steps

# Do a backup copy of the current launch executable
cd $ORACLE_HOME/ohs/bin
cp -p launch launch.org
# Change ownership to root
chown root launch
# Change permissions to 4750
chmod 4750 launch
ls -la launch
-rwsr-x---. 1 root oinstall 34073 Oct  5  2015 launch

Now we can start the Oracle HTTP Server Instance, connect as oracle user to your server and perform following steps:

cd $DOMAIN_HOME/bin
# Start the above created Oracle HTTP Server Instance
# First time startup use the option "storeUserConfig"
# and provide the Node Manager password
# Afterwards you will not be prompted again,
# when you startup your Oracle HTTP Server Instance
#
./startComponent.sh ohs2 storeUserConfig
Starting system Component ohs2 ...

Initializing WebLogic Scripting Tool (WLST) ...

Welcome to WebLogic Server Administration Scripting Shell

Type help() for help on available commands

Reading domain from /u00/app/oracle/user_projects/domains/fr_domain
. . .
. . .
Successfully Connected to Node Manager.
Starting server ohs2 ...
Successfully started server ohs2 ...
Successfully disconnected from Node Manager.

Exiting WebLogic Scripting Tool.

Done

Now your Oracle HTTP Server Instance is using a privileged port under UNIX.

Important Notice : If you are running multiple Oracle HTTP Server Instances from one ORACLE_HOME, lets say ohs1 Instance is running on a non privileged port 7777 and ohs2 is running on a privileged port 80, both Oracle HTTP Server Instances are running under root !!! As there is only one launch executable which is now under ownership root.

Thursday, November 3, 2016

Modify Fusion Middleware Enterprise Manager Inactivity Timeout

Are you tired of the 45 minutes default inactivity timeout setting of the Oracle Fusion Middleware Enterprise Manager?



You can simply set the inactivity timeout by modifying the emoms.properties file of the Oracle Fusion Middleware Enterprise Manager.

Connect to your server with the oracle installation user and navigate to your $DOMAIN_HOME/config/fmwconfig/servers/<AdminServerName>/applications/em/META-INF directory and open the emoms.properties file.
Check if the parameter oracle.sysman.eml.maxInactiveTime is set, if yes modify the provided values to your desired time in minutes. In case the parameter is not set in your emoms.properties file, simply add it, set your desired Inactivity Timeout value in minutes.

Below an example for an Inactivity Timeout for 3 hours

oracle.sysman.eml.maxInactiveTime=180

After restart your WebLogic AdminServer and that's all.

This method will work for Oracle Fusion Middleware 11g and 12c.

Wednesday, October 19, 2016

Oracle Forms & Reports 12.2.1.2.0 available

Since a few hours the latest Release of the Oracle Forms & Reports 12.2.1.2.0 is available for download in Oracle Technology Network under http://www.oracle.com/technetwork/developer-tools/forms/downloads/index.html



The related documentation can be found under https://docs.oracle.com/middleware/12212/formsandreports/index.html



For all the lovers of Oracle Reports, here is the bad news: It's time to prepare for bye-bye !

The next planned Oracle Reports 12.2.1.3 will be the terminal release for Oracle Reports !

Note can be found here http://tinyurl.com/ReportsDeprecation





Weblogic 12.2.1.2.0 available

Since a few hours the latest Release of the Oracle WebLogic Server 12.2.1.2.0 is available with Oracle Technology Network for download.

The Installation sources can be found under: http://www.oracle.com/technetwork/middleware/weblogic/downloads/index.html



The documentation for the latest Oracle WebLogic Server 12.2.1.2.0 can be found under http://docs.oracle.com/middleware/12212/wls/index.html


Tuesday, October 18, 2016

Did you forgot your Node Manager Username and Password?

Long time ago I've been publishing a blog post "Did you forgot your WebLogic Admin User Password?", now it's time to have a look on the topic, did you forgot your Node Manager Username and Password?

The following steps are working with Oracle WebLogic Server 12.x

Login to the server which is hosting your Oracle WebLogic Server environment and start the wlst utility and connect as weblogic user to your WebLogic Domain:

$ORACLE_HOME/oracle_common/common/bin/wlst.sh
Initializing WebLogic Scripting Tool (WLST) ...

Welcome to WebLogic Server Administration Scripting Shell

Type help() for help on available commands

#
# At first we connect with the weblogic user to our WebLogic Domain
#
wls:/offline> connect('weblogic','Welcome01','wls122:7001')
Connecting to t3://wls122:7001 with userid weblogic ...
Successfully connected to Admin Server "DemoAdminServer" that belongs to domain "demo_domain".

Warning: An insecure protocol was used to connect to the server. 
To ensure on-the-wire security, the SSL port or Admin port should be used instead.
#
# Switch to the edit mode
#
wls:/demo_domain/serverConfig/> edit()
Location changed to edit tree.   
This is a writable tree with DomainMBean as the root.   
To make changes you will need to start an edit session via startEdit(). 
For more help, use help('edit').
#
# Perform startEdit
#
wls:/demo_domain/edit/> startEdit()
Starting an edit session ...
Started edit session, be sure to save and activate your changes once you are done.
#
# Change to the SecurityConfiguration Tree of your Domain,
# replace the Domain Name with your Domain Name
#
wls:/demo_domain/edit/ !> cd('SecurityConfiguration/demo_domain')
#
# List all configuration beans, attribute names and values of the current tree
# You can see the Node Manager Username under the attribute name NodeManagerUsername
# The Password of the Node Manager Username is not visible under the attribute NodeManagerPassword
# The attribute ClearTextCredentialAccessEnabled is set to false
#
wls:/demo_domain/edit/SecurityConfiguration/demo_domain !> ls()
dr--   CertRevoc
dr--   DefaultRealm
dr--   JASPIC
dr--   Realms
dr--   SecureMode

-rw-   AdministrativeIdentityDomain                 null
-rw-   AnonymousAdminLookupEnabled                  false
-rw-   ClearTextCredentialAccessEnabled             false
-rw-   CompatibilityConnectionFiltersEnabled        false
-rw-   ConnectionFilter                             null
-rw-   ConnectionFilterRules                        null
-rw-   ConnectionLoggerEnabled                      false
-rw-   ConsoleFullDelegationEnabled                 false
-rw-   Credential                                   ******
-rw-   CredentialEncrypted                          ******
-rw-   CrossDomainSecurityEnabled                   false
-rw-   DowngradeUntrustedPrincipals                 false
-r--   DynamicallyCreated                           false
-rw-   EnforceStrictURLPattern                      true
-rw-   EnforceValidBasicAuthCredentials             true
-rw-   ExcludedDomainNames                          null
-r--   Id                                           0
-rw-   IdentityDomainAwareProvidersRequired         false
-rw-   Name                                         demo_domain
-rw-   NodeManagerPassword                          ******
-rw-   NodeManagerPasswordEncrypted                 ******
-rw-   NodeManagerUsername                          nodemanager
-rw-   NonceTimeoutSeconds                          120
-rw-   Notes                                        null
-rw-   PrincipalEqualsCaseInsensitive               false
-rw-   PrincipalEqualsCompareDnAndGuid              false
-rw-   Tags                                         null
-r--   Type                                         SecurityConfiguration
-rw-   UseKSSForDemo                                false
-rw-   WebAppFilesCaseInsensitive                   false

-r-x   addTag                                       Boolean : String(tag)
-r-x   findDefaultRealm                             WebLogicMBean : 
-r-x   findRealm                                    WebLogicMBean : String(realmDisplayName)
-r-x   findRealms                                   WebLogicMBean[] : 
-r-x   freezeCurrentValue                           Void : String(attributeName)
-r-x   generateCredential                           [B : 
-r-x   getInheritedProperties                       String[] : String[](propertyNames)
-r-x   isInherited                                  Boolean : String(propertyName)
-r-x   isSet                                        Boolean : String(propertyName)
-r-x   removeTag                                    Boolean : String(tag)
-r-x   restoreDefaultValue                          Void : String(attributeName)
-r-x   unSet                                        Void : String(propertyName)

#
# Now lets switch the attribute setClearTextCredentialAccessEnabled to true
# and perform the listing again, I will only show the modified attribute
#
wls:/demo_domain/edit/SecurityConfiguration/demo_domain !> cmo.setClearTextCredentialAccessEnabled(true)
wls:/demo_domain/edit/SecurityConfiguration/demo_domain !> ls()
. . .
. . .
-rw-   ClearTextCredentialAccessEnabled             true
. . .
. . .
#
# Now validate, save and activate the changes
#
wls:/demo_domain/edit/SecurityConfiguration/demo_domain !> validate()
Validating changes ...
Validated the changes successfully
wls:/demo_domain/edit/SecurityConfiguration/demo_domain !> save()
Saving all your changes ...
Saved all your changes successfully.
wls:/demo_domain/edit/SecurityConfiguration/demo_domain !> activate()
Activating all your changes, this may take a while ... 
The edit lock associated with this edit session is released once the activation is completed.
Activation completed
#
# Now we can retrieve the password of the Node Manager User
#
wls:/demo_domain/edit/SecurityConfiguration/demo_domain> get('/SecurityConfiguration/demo_domain/NodeManagerPassword')
'Oracle12c'
wls:/demo_domain/edit/SecurityConfiguration/demo_domain> exit()

In order to test the correctness of the above retrieved values for the Node Manager Username and Password just perform a short connection test.
$ORACLE_HOME/oracle_common/common/bin/wlst.sh
Initializing WebLogic Scripting Tool (WLST) ...

Welcome to WebLogic Server Administration Scripting Shell

Type help() for help on available commands
#
# Perform a nmConnect with the above retrieved data
# for the Node Manager Username and Password
#
wls:/offline> nmConnect(domainName='demo_domain', username='nodemanager', password='Oracle12c')
Connecting to Node Manager ...
Successfully Connected to Node Manager.
wls:/nm/demo_domain> nmDisconnect()
Successfully disconnected from Node Manager.
wls:/offline> exit()

After you have successfully verified the retrieved data, you should switch back the ClearTextCredentialAccessEnabled to false

$ORACLE_HOME/oracle_common/common/bin/wlst.sh
Initializing WebLogic Scripting Tool (WLST) ...

Welcome to WebLogic Server Administration Scripting Shell

Type help() for help on available commands

#
# At first we connect with the weblogic user to our WebLogic Domain
#
wls:/offline> connect('weblogic','Welcome01','wls122:7001')
Connecting to t3://wls122:7001 with userid weblogic ...
Successfully connected to Admin Server "DemoAdminServer" that belongs to domain "demo_domain".

Warning: An insecure protocol was used to connect to the server. 
To ensure on-the-wire security, the SSL port or Admin port should be used instead.
#
# Switch to the edit mode
#
wls:/demo_domain/serverConfig/> edit()
Location changed to edit tree.   
This is a writable tree with DomainMBean as the root.   
To make changes you will need to start an edit session via startEdit(). 
For more help, use help('edit').
#
# Perform startEdit
#
wls:/demo_domain/edit/> startEdit()
Starting an edit session ...
Started edit session, be sure to save and activate your changes once you are done.
#
# Change to the SecurityConfiguration Tree of your Domain,
# replace the Domain Name with your Domain Name
#
wls:/demo_domain/edit/ !> cd('SecurityConfiguration/demo_domain')
#
# Switch back the value for ClearTextCredentialAccessEnabled to false
# and validate, save and activate your changes
#
wls:/demo_domain/edit/ !> cmo.setClearTextCredentialAccessEnabled(false)
wls:/demo_domain/edit/SecurityConfiguration/demo_domain !> validate()
Validating changes ...
Validated the changes successfully
wls:/demo_domain/edit/SecurityConfiguration/demo_domain !> save()
Saving all your changes ...
Saved all your changes successfully.
wls:/demo_domain/edit/SecurityConfiguration/demo_domain !> activate()
Activating all your changes, this may take a while ... 
The edit lock associated with this edit session is released once the activation is completed.
Activation completed
wls:/demo_domain/edit/SecurityConfiguration/demo_domain> exit()

With just some simple commands within wlst you can retrieve the Username and Password of your Node Manager User.




Monday, October 17, 2016

Oracle Forms 12c - Setting up Forms Diagnostics Agent

With the Oracle Forms 12c Diagnostics Agent you can populate the DMS (Dynamic Monitoring Service) metrics for Oracle Forms 12c simply into Oracle Database Tables, which allows you to have a historical view on the Oracle Forms related Performance Data out of DMS.

The installation comes in 2 major parts, first setup a Oracle Database User and the underlying objects and second part deploy the Forms Diagnostics Agent into your Oracle WebLogic Server.

Database Setup Part

A first create the required user and create the required objects in your Oracle Database which is hosting the Metadata Repository for your Oracle Forms & Reports 12c installation. In the Software Home directory of your Oracle Forms & Reports 12c installation, you can find under the directory $ORACLE_HOME/forms two scripts, first one forms_create_diagnostics_user.sql and second forms_create_diagnostics_schema.sql
Connect with sqlplus as sysdba to your Oracle Database and perform following steps:
First you have to create the User for the Forms Diagnostics Agent, the SQL Script forms_create_diagnostics_user.sql will prompt you for the Username and the Pasword, here in my example its the Username = forms_diag and the Password = MySecretPwd12c

connect / as sysdba
@forms_create_diagnostics_user.sql
User id : forms_diag
Password : MySecretPwd12c
old   1: DROP USER &&userid
new   1: DROP USER forms_diag
DROP USER forms_diag
          *
ERROR at line 1:
ORA-01918: user 'FORMS_DIAG' does not exist

Commit complete.

old   1: CREATE USER &&userid
new   1: CREATE USER forms_diag
old   2: IDENTIFIED BY &&password
new   2: IDENTIFIED BY MySecretPwd12c

User created.

old   1: GRANT CONNECT, RESOURCE TO &&userid
new   1: GRANT CONNECT, RESOURCE TO forms_diag

Grant succeeded.

Commit complete.

Disconnected from Oracle Database 12c Enterprise Edition Release 12.1.0.2.0 - 64bit Production
With the Partitioning, OLAP, Advanced Analytics and Real Application Testing options

Important Notice: the above executed SQL Script provided by Oracle is not complete, as the created User doesn't have any privileges on the default tablespace USERS. In order to correct this, execute following command:

connect / as sysdba
alter user FORMS_DIAG quota unlimited on USERS;

As next we have to create the necessary objects within the above created User for the Forms Diagnostics Agent, connect to the Database as your newly created Forms Diagnostics Agent User and execute the second script forms_create_diagnostics_schema.sql

connect forms_diag/MySecretPwd12c
@forms_create_diagnostics_schema.sql
. . .
Table created.

Commit complete.

Disconnected from Oracle Database 12c Enterprise Edition Release 12.1.0.2.0 - 64bit Production
With the Partitioning, OLAP, Advanced Analytics and Real Application Testing options

WebLogic Server Setup Part

Now you have to create a new Data Source within the Oracle WebLogic Server which is used for your Oracle Forms & Reports 12c environment.

Connect with a browser to your WebLogic Server Console via http://servername:adminport/console and login as weblogic user.
Navigate in the Domain Structure to "Domain / Services / Data Sources" and create a new Data Source by clicking the button "New".


Choose as new Data Source "Generic Data Source"


Provide a Name for the new Data Source of your choice and set the JNDI Name to "oracle/forms/agentDS"


Leave the new screen untouched and proceed with the button "Next"


Leave the new screen untouched and proceed with the button "Next"


Provide the Database Name which is hosting your Forms Diagnostics Agent User, the Hostname of the Database Server, Oracle Listener Port, Database Username and two times the password


As next you have to test the Data Source by clicking the button "Test Configuration"


If the test is successful, you should see following message:


As Target, select your Admin Server for your Oracle WebLogic Server.


The next step is to deploy the Forms Diagnostics Agent war file. Navigate in the Domain Structure to "Domain / Deployments", activate in the Change Center the Lock & Edit Mode and click under Configuration of the Deployments the button "Install"


Set the Path to your $ORACLE_HOME/forms/j2ee/formsagentapp.war and proceed with the button "Next"


Verify that "Install this deployment as an application" is marked and proceed with the button "Next"


Choose as deployment target the Admin Server of your Oracle WebLogic Server and proceed with the button "Next"


Leave the next screen untouched and proceed with the button "Finish"


Finally activate your deployment with the button "Activate Changes" under the Control Center.


Under your deployments you can find now your newly deploy Forms Diagnostics Agent named "formsagentapp". The deployment is currently in the State "Prepared". Simply click the "formsagentapp"


Under the Control tab of the "formsagentapp", mark the checkbox in front of the formsagentapp and click the button "Start / Servicing all requests"


Confirm the Application Start with the button "Yes"


Finally you should see the formsagentapp in the State "Active"


Now we can login to the Forms Diagnostics Agent Console via http://servername:adminport/formsagent/AgentConsole.jsp, provide at first the weblogic username and his password and proceed with "Submit"


Within the Forms Diagnostics Agent Console we can start and stop the Agent and define the frequency of the data collection.


After you activated the Agent, you should see following within the Forms Diagnostics Agent Console.



That's the complete configuration and activating of the Forms Diagnostics Agent, now we can start some Oracle Forms, perform some activities in the Oracle Forms and check what we can see under the tables of the Forms Diagnostics Agent User in the Oracle Database.

There 10 tables under the Forms Diagnostics Agent User:

  • ADMIN_SERVER
    • Contains information about the Oracle WebLogic Server Admin Server
  • AGENT
    • Holds informations about all executed data collections, like Collection Timestamp, Frequence in minutes and so on
  • FRM_DB
    • Holds information about the database connects used in the Oracle Forms Applications
  • FRM_DB_LOGIN
    • unfortunatelly not populated, seems there is an unexpected feature :-)
  • FRM_RUNTIME
    • Holds information about the used formsweb.cfg configuration section used for the Forms Application, Connect and Disconnect Time, Starting Form Name, Current Forms Status (Running, Exited), CPU Time on Exit and so on.
  • FRM_TRACE
    • Holds information about the Forms Trace File if enabled
  • FRM_TRACE_USE
    • Holds detailed information about Forms Trace if enabled
  • FRM_USER
    • Holds information about user, IP address and if used SSO Login Name
  • HISTORY
    • Holds historical data of all captured Forms Application Executions, like Number of Bytes send and received, Network Round Trips, CPU Time and so on
  • WLS_APP
    • Holds information about the underlying Oracle WebLogic Managed Server hosting the Forms Servlet

With the Forms Diagnostics Agent it's really simple to collect all necessary DMS metric data within a couple of tables and enables you easily to have a look some specific Performance Data.




Tuesday, October 11, 2016

OTN Appreciation Day: WebLogic

Based on the suggestion by Tim Hall's Blogpost here is my contribution to the OTN Appreciation Day:

I've got 2 features and as usual these features are related to Oracle WebLogic Server:

1st Oracle WebLogic Server & Docker

The official support and certification for Oracle WebLogic Server on Docker started nearly one year ago. Since the first support and certification of Oracle WebLogic Server on Docker there were a lot of things happening, support and certification has been continuously extended to the latest release of Oracle WebLogic Server 12.2.1.1, Oracle (specially Bruno Borges) is driving a great GitHub Repository which provides you nearly everything around Oracle WebLogic Server and Docker.

The combination of Oracle WebLogic Server and Docker is really a game changer for how people like me are working now with Oracle WebLogic Server, it forces you to rethink your old techniques on how to design, install, maintain and specially monitor your WebLogic Infrastructure.
But on the other hand it also gives you new opportunities on how to work closer with the Developers (DevOps).

If you want to learn more about Oracle WebLogic Server on Docker, I strongly recommend to have a look on following stuff:



2nd Oracle WebLogic Server & RESTFul Management Services

REST is normally more a classical Developer topic, but since Oracle introduced the RESTFul Management Services in Oracle WebLogic Server 12.1.2 it has become also a topic for Administrators. The RESTFul Management Services are providing you the option to monitor your entire Oracle WebLogic Server including all deployed applications, integrated resources like JDBC, JMS and so on, moreover you can administer your entire WebLogic Server, like creating new Managed Servers, deleting resources, deploying applications and so on, just with a http request performed for example by a simple cURL command.
The response performance of cURL based RESTFul Management Service request to retrieve some performance metrics of your WebLogic Server compared to the classical scripting via Python and executed by wlst is simply incredible.
Specially the RESTFul Management Services are getting more and more interesting, as many environment are moved to the Cloud and with the lack of direct access to the Operating System, your main way of administer your WebLogic Server environment is now via RESTFul Management Services.

For more informations on WebLogic Server RESTFul Management you may have a look on following stuff:



Happy OTN Appreciation Day to all of you :-)

Friday, October 7, 2016

Oracle Forms 12c - Multiple Managed Servers

You might remember the previous method to create multiple Managed Servers for Oracle Forms 11g, which can be found under the My Oracle Support Note 989118.1. This procedure were quite a bit critical, as you had to provide manually several arguments and classpath entries for the cloned Managed Server.

With Oracle Forms 12c the procedure to create (not cloning) additional WebLogic Managed Servers hosting your formsapp is really straight forward as you perform this with the config.sh (config.cmd for Windows) tool.

Let's say you will need an additional WebLogic Managed Server for your HR Forms Application which should reside in an independent Managed Server.
Connect to your Server on which your Oracle Forms & Reports are running and perform following steps:

cd $ORACLE_HOME/oracle_common/common/bin
./config.sh

On the first screen, choose the Option "Update an existing domain" and set your Domain Location to the correct directory and proceed with "Next"


Leave the next screen as it is and proceed with "Next"


All values should be automatically pre-filled and just test with the button "Get RCU Configuration" that you have a connection to your Repository Database for Oracle Forms 12c and finally proceed with "Next"


Leave the pre-filled values as they are and proceed with "Next"


Leave everything like it is and proceed with "Next"


In the screen "Advanced Configuration" tick the checkbox for "Managed Servers, Clusters and Coherence" as we will here add our new additonal WebLogic Managed Server for hosting the formsapp


In the screen "Managed Servers" add a new Managed Server by clicking the button "Add" and provide all required values:

  • Name of your Managed Server, in this example WLS_FORMS_HR
  • Listen Address
  • Listen Port, in this example I choose 9011
  • Optionally enable SSL and provide if you enable SSL the SSL Listen Port
  • Server Group, this is the important part, select the Server Group "FORMS-MAN-SRV"

In the screen "Clusters" change nothing and proceed with "Next"


Under the screen "Assign Servers to Clusters" mark in the column "Servers" your newly created Managed Server (in this example WLS_FORMS_HR") and move the Managed Server by clicking the arrow button to the "cluster_forms" section under the column "Clusters"


After moving the WLS_FORMS_HR Managed Server you should see following screen and proceed with "Next"


In the screen "Coherence Clusters" just proceed with "Next"


In the screen "Machines" just proceed with "Next"


In the screen "Assign Servers to Machines" mark your newly created Managed Server "WLS_FORMS_HR" and move it by clicking the arrow button under your Machine


After moving the WLS_FORMS_HR Managed Server you should see following screen and proceed with "Next"


In the screen "Configuration Summary" click the button "Update" to perform the creating of your new Managed Server hosting the formsapp


Wait until the Configuration Progress is complete and proceed with "Next"


Close the screen "End of Configuration" with "Finish"


After that you need to restart your Admin Server, connect to your server on which your Oracle Forms & Reports are installed and restart your Admin Server

cd $DOMAIN_HOME/bin
./stopWebLogic.sh
cd ..
nohup ./startWebLogic.sh >/dev/null 2>&1 &

The connect to your Oracle WebLogic Server Console http://servername:7001/console and you will find your newly created Managed Server under the "Domain Structure / Environment / Servers"


Go to the "Control" Tab and startup your new Managed Server (in this example WLS_FORMS_HR). Click the checkbox in front of your Managed Server and click the button "Start"


Confirm the Startup with the button "Yes"


After some time you should see in the Configuration tab that your new Managed Server is up and running


If you connect finally to your Fusion Middleware Control 12c http://servername:7001/em and navigate to the "Forms / forms1" section


You will find your new Managed Server (in this example WLS_FORMS_HR) already integrated with all necessary configuration options like

  • Web Configuration
  • Environment Configuration
  • Font and Icon Mapping
  • Servlet Log


and as usual under the directory $DOMAIN_HOME/config/fmwconfig/servers/<new_Managed_Server>/application/formsapp_12.2.1/config you will find all your necessary configuration files:

cd $DOMAIN_HOME/config/fmwconfig/servers/WLS_FORMS_HR/applications/formsapp_12.2.1/config/
ls -la
drwxr-x---. 3 oracle oinstall  4096 Oct  7 10:13 .
drwxr-x---. 3 oracle oinstall    19 Oct  7 10:10 ..
-rw-r-----. 1 oracle oinstall  4422 Oct  7 10:13 default.env
-rw-r-----. 1 oracle oinstall  4128 Oct  7 10:10 default.env.jmxori
-rw-r-----. 1 oracle oinstall 10629 Oct  7 10:10 formsweb.cfg
-rw-r-----. 1 oracle oinstall 10629 Oct  7 10:10 formsweb.cfg.jmxori
-rw-r-----. 1 oracle oinstall   562 Oct  7 10:10 IdentityStoreConfig.xml
-rw-r-----. 1 oracle oinstall   562 Oct  7 10:10 IdentityStoreConfig.xml.jmxori
-rw-r-----. 1 oracle oinstall   350 Oct  7 10:10 logmetadata.xml
-rw-r-----. 1 oracle oinstall   350 Oct  7 10:10 logmetadata.xml.jmxori
drwxr-x---. 3 oracle oinstall    18 Oct  7 10:10 oracle

Finally you can access the new formsapp with http://<servername>:<port_of_new_Managed_Server>/forms/frmservlet

With the above shown method its really simple to create multiple Managed Servers hosting the formsapp in order to separate different Oracle Forms Application by placing them on individual Managed Servers.