Monday, May 23, 2016

Stuck Thread Alert in UNIX - Weblogic

Following is the script which can be used to get email alerts in case of stuck threads in weblogic (installed on UNIX machines)

ScriptName: stuckCheckMS1.sh
#!/bin/ksh
 

Somefile=/export/home/oracle/stuckLogs/ms1_stuckCheck.log
 

count="$(/usr/ucb/ps auxwww | grep ms1 | grep Dweblogic | cut -c 10-15 | tr -d ' ' | xargs /opt/oracle/products/wls10.3.6/jdk1.6.0_45/bin/sparcv9/jstack -F | tee /export/home/oracle/stuckLogs/ms1_stuck.log_`/usr/bin/date +\%m-\%d-\%y-\%H-\%M` | grep STUCK | wc -l)"

if [ $count != 0 ]
then
                        echo "\n Server MS1 has stuck threads on" `/usr/bin/date +\%m-\%d-\%y-\%H-\%M` | mail -s 'STUCK thread on MS1' Some1@gmail.com
> $Sfile
else
                        echo "\n stuck threads status=okay" > $Somefile
fi
 

exit

Admin Password Change - Weblogic

1) Stop the weblogic Managed servers

2) Export the realm

  • Login to Admin Console --> Security Realms —> myrealm(Your realm Name)—> Migration(Tab)—> Export (Tab)

3) Stop the Admin Server

4) Rename the data folder   

  • mv {DOMAIN-HOME}/servers/AdminServer/data {DOMAIN-HOME}/servers/AdminServer/data-old

5) Take Back-up of DefaultAuthenticatorInit.ldift   

  • cd {DOMAIN-HOME}\security
  • mv DefaultAuthenticatorInit.ldift DefaultAuthenticatorInit_old.ldift

6)    Set the environment variables (don’t forget "." at the beginning)

  • cd {DOMAIN-HOME}/bin
  • . /setDomainEnv.sh

7) Reset the password (don’t forget "." at the end) to generate a new DefaultAuthenticatorInit.ldift   

  • cd {DOMAIN-HOME}/security
  • java weblogic.security.utils.AdminAccount .

8) Update the boot.properties file   

  • {DOMAIN-HOME}/servers/AdminServer/security/boot.properties
        username={new-username}
        password={new-password}

9) Start the Admin Server --> startWeblogic.sh

10)    Import realm   

  • Login to Admin Console
  • Security Realms —> myrealm(Your realm Name) —> Migration(Tab) —> Import (Tab)

11)    Restart Admin Again   

  • stopWeblogic.sh
  • startWeblogic.sh

12)    Start the Managed Servers    

  • Login to Admin console with new password and Start the managed servers

Password Complexity or Password Validation - Weblogic

Step-by-Step approach to implement password complexity/password validation method for weblogic domain:

1) Login to admin console
2) Stop all the managed servers
3) Click Lock & Edit
4) Go to Security Realms and select the name of the realm you are configuring
5) Select Providers > Password Validation
6) The Password Validation Providers table lists the Password Validation providers configured in this security realm
7) Click option “New"
8) Enter any desired name (which will be suitable for your domain/requirement)
9) From the Type drop-down list, select the type of the Password Validation provider and click OK
10) Now the next step is to configure the parameters. As an example, If I select below:
1 number
1 special Character
1 lowercase
1 uppercase
 And total of 8 character password

11) Save and activate changes, followed by admin server restart
12) Create a new user to see whether it meets the requirement or change password for existing user
13) Now Start managed Servers

Friday, January 22, 2016

Upgrade JDK for Weblogic Server

Following is the process to upgrade JDK for Weblogic Servers. I took the example of JDK 1.6 to 1.7:

1) Download and Install 1.7 on the desired machine(s) where your domain is running
2) Shutdown all Servers - Admin, Managed Servers in the domain
3) Shudown Nodemanagers running on the machine
4) Verify that none of the other process are running with exiting JDK 1.6

5) Search for the files in your MW Home directory which are pointing to JDK 1.6 as below:
    find . -type f -name "*.sh" -exec grep -il jdk1.6 {} \;
   
6) The result of search will show the files such as below:

/Middleware/wlserver_10.3/common/bin/commEnv.sh
/Middleware/utils/uninstall/uninstall.sh
/Middleware/utils/quickstart/quickstart.sh
/Middleware/utils/bsu/bsu.sh
/Middleware/domains/my_domain/bin/setDomainEnv.sh

7) Take a backup of all these files

8) Now we need to edit all these files by replacing the location of JDK 1.6 to 1.7

Open each file in vi and use the following to replace all instances at a time:
%s/jdk1.6/jdk1.7/

9) Now start Admin Server and check whether the process is pointing to the new JDK:
/usr/ucb/ps auxwww | grep AdminServer

10) Once Server started, you can verify it through Admin Console as well:
Admin console --> Servers --> Admin Server --> Monitoring --> General --> Java Version

Now start Nodemanager and Managed servers.

11) If there are multiple machines in your domain, make sure you complete the above steps on all the machines before starting servers.

Thursday, January 21, 2016

Upgrade Apache Webserver

Following is the process to upgrade Apache

1) Download and Extract the new Apache binaries into /tmp/apache-new folder

2) Stop the running Apache --> /etc/init.d/httpd stop

3) Take a backup of existing config files -->

mv /usr/local/apache/conf /usr/local/apache/conf.old
cp /usr/local/apache/conf/vhosts /tmp/vhosts.old

4) Take a backup of complete Apache folder -->
mv /usr/local/apache /usr/local/apache.old

5) Create a new folder of Apache directory
mkdir -p /usr/local/apache

6) Now move to /tmp/apache-new/httpd-2.xx/ and run the following

Make sure you have noted down the required modules. If not, check the existing config logs (config.log).

./configure --enable-mods-shared="all ssl cache proxy authn_alias mem_cache file_cache charset_lite dav_lock disk_cache" --prefix=/usr/local/apache
make
make install

7) Copy the config and vhost files: /usr/local/apache/conf.old, /tmp/vhosts.old

8) Check and if required modify the script /ect/init.d/httpd to point to new httpd file

9) Now start the httpd --> /etc/init.d/httpd start
10) Check the version --> httpd –v

Configure SSL for Apache Webserver

Following is the process to enable SSL on Apache webserver with Self Signed Certificates

1)    Add the below entry in HTTPD config file (/usr/local/apache2/conf/httpd.conf) on desired machine:

# BEGIN CUSTOMIZATIONS
NameVirtualHost *:80
NameVirtualHost *:443


Include conf/vhosts/*.conf

2) Generate key:
openssl genrsa -out ca.key 2048

3)    Generate CSR:
OpenSSL> req -new -key ca.key -out ca.csr

Country Name (2 letter code) [XX]:
State or Province Name (full name) []:
Locality Name (eg, city) [Default City]:
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:
Email Address []:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:*****
An optional company name []:

4)     Generate Self Signed Key
openssl x509 -req -days 3650 -in ca.csr -signkey ca.key -out ca.crt

5)    Copy the files to the correct locations
cp ca.crt /etc/pki/tls/certs
cp ca.key /etc/pki/tls/private/ca.key
cp ca.csr /etc/pki/tls/private/ca.csr

6)    Create ssl.conf with the key entries:

/usr/local/apache2/conf/ssl.conf
SSLCertificateFile /etc/pki/tls/certs/ca.crt
SSLCertificateKeyFile /etc/pki/tls/private/ca.key


7)    Create a new virtual host file with SSL entries as below (/usr/local/apache2/conf/vhosts vhost_crk_ssl.conf)
 

< VirtualHost *:443 >
  ServerName crk.test.com

  SSLEngine on
  SSLCertificateFile /etc/pki/tls/certsca.crt
  SSLCertificateKeyFile /etc/pki/tls/private/ca.key

****************************
****************************

< VirtualHost >


8)    Restart Apache

Friday, October 16, 2015

Server & NodeManager Listing

 Following script will display the details on machine Server Name, Process owner, Process ID and NodeManager:

#!/bin/ksh

echo "################################################################################"
echo "# WebLogic Servers"
echo "#  [owner]  [server]  [pid]   "
echo "################################################################################"
ps -ef | grep "[D]weblogic.Name="|while read tmp
do
  owner=`echo $tmp | awk '{ print $1 }'`
  webLogicServer=`echo $tmp | grep -oP "(?<=Dweblogic.Name=)[^ ]+"`
  pid=`echo $tmp | awk '{ print $2 }'`
    echo "$owner $webLogicServer $pid $port"
done|sort|column -t

echo
echo "################################################################################"
echo "# Node Managers"
echo "#       "
echo "################################################################################"
ps -ef | grep "[w]eblogic.NodeManager"|while read tmp
do
  owner=`echo $tmp | awk '{ print $1 }'`
  pid=`echo $tmp | awk '{ print $2 }'`
  port=`echo $tmp | netstat -tlpn 2>/dev/null | grep $pid | awk '{ print $4 }' | tr '\n' ',' | tr ' ' ',' | grep -o ":....," | sort -u | tr -d '\n' | tr -d ':' | sed 's
/,$//'`
  if [ -z "$port" ]; then
    port="null"
  fi
  mw_home=`echo $tmp | grep -oP "(?<=bea.home=)[^ ]+"`
    echo "$owner $mw_home $pid $port"
done|sort|column -t

exit 0

Output will be like this:

./wlsList.sh
################################################################################
# WebLogic Servers
# [owner]  [server]  [pid]
################################################################################
oracle  AdminServer  29385
oracle  MY_server1   1758
oracle  My_server2   2721
oracle  My_server3   4668

################################################################################
# Node Managers
#      
################################################################################
oracle  /opt/admin/fmw  61224  5556

Wednesday, August 19, 2015

Getting State of all Servers in a domain

First you may create secure key files to avoid using plain text uname and password for weblogic.

Step1:

Run WLST --> /opt/admin/fmw/oracle_common/common/bin/wlst.sh

Initializing WebLogic Scripting Tool (WLST) ...

Welcome to WebLogic Server Administration Scripting Shell

Type help() for help on available commands

wls:/offline>connect('weblogic','welcome1',url='t3://localhost:7001')
wls:/myDomain/serverConfig> storeUserConfig('/tmp/myUserConfigFile','/tmp/myUserKeyFile')
wls:/myDomain/serverConfig> exit()

Step2:

File name: getAllServerStatus.py

import sys
import os

connect(userConfigFile='myUserConfigFile', userKeyFile='myUserKeyFile', url='t3://localhost:7001')
domainRuntime()
cd('ServerRuntimes')

sServers=domainRuntimeService.getServerRuntimes()
for sServer in sServers:
     serverName=sServer.getName();
     print '###' , serverName,'State is:', sServer.getState()

disconnect()
exit()

Step3:

FileName: getAllServerState_wls.sh

#!/bin/ksh

echo "Getting All Servers State......"

/opt/admin/fmw/oracle_common/common/bin/wlst.sh getAllServerStatus.py > /tmp/allServerStatus.log

cat /tmp/allServerStatus.log | grep -i state

exit 0

Example Run:

./getAllServerState_wls.sh

Getting All Servers State......
### AdminServer State is: RUNNING
### my_server1 State is: RUNNING
### my_server2 State is: RUNNING

Tuesday, August 18, 2015

Get Server Status in Weblogic using WLST

First you may create secure key files to avoid using plain text uname and password for weblogic.

Step1:

Run WLST --> /opt/admin/fmw/oracle_common/common/bin/wlst.sh

Initializing WebLogic Scripting Tool (WLST) ...

Welcome to WebLogic Server Administration Scripting Shell

Type help() for help on available commands

wls:/offline>connect('weblogic','welcome1',url='t3://localhost:7001')
wls:/myDomain/serverConfig> storeUserConfig('/tmp/myUserConfigFile','/tmp/myUserKeyFile')
wls:/myDomain/serverConfig> exit()

Step2:

File name: getServerStatus.py

import sys
import os

sServer=sys.argv[1]

connect(userConfigFile='myUserConfigFile', userKeyFile='myUserKeyFile', url='t3://localhost:7001')
state(sServer)

disconnect()

exit()

Step3:

FileName: getServerState_wls.sh

#!/bin/ksh

usage()
{
 echo "\n!!!!!Usage!!!!!!!"
 echo
 echo "   getServerState_wls.sh "
 echo "\n getServerState_wls.sh myserver1"
 echo
}

if [ $# -ne 1 ]
then
 usage
 exit 2
fi

SERVER=$1

echo "Server= ${SERVER}"
echo

/opt/admin/fmw/oracle_common/common/bin/wlst.sh getServerStatus.py ${SERVER} > /tmp/serverstatus.log
state=`cat /tmp/serverstatus.log | grep -i state`
echo $state


exit 0

Example Run:

 ./getServerState_wls_adp.sh MY_server2
Server= MY_server2


Current state of 'MY_server2' : RUNNING

Wednesday, August 12, 2015

Managed Server Operations without NM

wls_ms_operations.sh

Usage: ./wls_ms_operations.sh {start|stop|restart} {SERVER-NAME}

#!/bin/bash
server_name=$2
export DOMAIN_LOG=/opt/admin/fmw/

stop() {
        echo "Stopping Managed Server(s)..." $server_name
        echo $SUDO_USER "gave stop command for $server_name at" `/bin/date` > $DOMAIN_LOG/shutdown_$server_name.log
        nohup /opt/admin/fmw/domains/myDomain/bin/stopManagedWebLogic.sh $server_name > $DOMAIN_LOG/shutdown_$server_name.log 2> /dev/null &
        echo "Follow the log @ /opt/admin/fmw/domains/myDomain/servers/${server_name}/logs/"

}

start() {

        echo "Starting Managed Server..." $server_name
        echo $SUDO_USER "gave start command for $server_name at" `/bin/date` > $DOMAIN_LOG/startup_$server_name.log
        nohup /opt/admin/fmw/domains/myDomain/bin/startManagedWebLogic.sh $server_name t3://localhost:7001 2> /dev/null &
        echo "Follow the log @ /opt/admin/fmw/domains/myDomain/servers/${server_name}/logs/"

        exit 1
}

restart() {
        echo "Stopping Managed Server(s)..." $server_name
        echo $SUDO_USER "gave stop command for $server_name at" `/bin/date` > $DOMAIN_LOG/shutdown_$server_name.log
        nohup /opt/admin/fmw/domains/myDomain/bin/stopManagedWebLogic.sh $server_name > $DOMAIN_LOG/shutdown_$server_name.log 2> /dev/null &
        echo "Follow the log @ /opt/admin/fmw/domains/myDomain/servers/${server_name}/logs/"
sleep 10
pid=$(ps auxwww | grep ${server_name}| grep Dweblogic | cut -c 10-15 | tr -d ' ')
if [[ ! -z "$pid" ]]
                then
                        `kill -9 ${pid}`
echo "Killed the process..."
fi
        
echo "Now Starting Managed Server..." $server_name
        echo $SUDO_USER "gave start command for $server_name at" `/bin/date` > $DOMAIN_LOG/startup_$server_name.log
        nohup /opt/admin/fmw/domains/myDomain/bin/startManagedWebLogic.sh $server_name t3://localhost:7001 2> /dev/null &
        echo "Follow the log @ /opt/admin/fmw/domains/myDomain/servers/${server_name}/logs/"
        exit 1

}

case "$1" in

        "start")
                start
                ;;
        "stop")
                stop
                ;;
       "restart")
                restart
                ;;
        *)
                echo $"Usage: $0 {start|stop|restart} {SERVER-NAME}"
                exit 1
                ;;

esac
exit

Tuesday, August 11, 2015

Admin Server Operations

wls_admin_operations.sh

#!/bin/bash

export SERVER_LOG=/opt/admin/fmw/

start() {
        echo "Starting WebLogic Server(s)..."

echo $SUDO_USER "gave start command for Admin Server at" `/bin/date` > $SERVER_LOG/startup.log

nohup /opt/admin/fmw/domains/myDomain/bin/startWebLogic.sh > $SERVER_LOG/startup.log 2>&1

}

stop() {
        echo "Stopping WebLogic Server(s)..."
echo $SUDO_USER "gave stop command for Admin Server at" `/bin/date` > $SERVER_LOG/shutdown.log
nohup /opt/admin/fmw/domains/myDomain/bin/stopWebLogic.sh > $SERVER_LOG/shutdown.log 2>&1

}

restart() {
        echo "Stopping WebLogic Server(s)..."
        echo $SUDO_USER "gave stop command for Admin Server at" `/bin/date` > $SERVER_LOG/shutdown.log
        nohup /opt/admin/fmw/domains/myDomain/bin/stopWebLogic.sh > $SERVER_LOG/shutdown.log 2>&1
        sleep 40
        echo "Starting WebLogic Server(s)..."
        echo $SUDO_USER "gave start command for Admin Server at" `/bin/date` > $SERVER_LOG/startup.log
        nohup /opt/admin/fmw/domains/myDomain/bin/startWebLogic.sh > $SERVER_LOG/startup.log 2>&1
}

case "$1" in
        "start")
                start
                ;;
        "stop")
                stop
                ;;
        "restart")
                restart
                ;;
        *)
                echo $"Usage: $0 {start|stop|restart}"
                exit 1
                ;;
esac

Sunday, February 8, 2015

Clean up Weblogic Server Cache

In many situations we would need to clean up weblogic server cache and we need to be careful while doing this. It's better to have a script which can do our job can help in reducing manual effort/human errors.

Following script can be run using 2 parameters (domain name & server name). This is required because there may be multiple domains in one machine and server name needs to mentioned as we can clean-up any server depending on the need basis.

clearWLCache.sh 


#!/bin/ksh

usage()
{
 echo "\n!!!!!Usage!!!!!!!"
 echo
 echo " clearWLCache.sh "
 echo "\ne.g. clearWLCache.sh myDomain myServer"
 echo
}

if [ $# -ne 2 ]
then
 usage
 exit 2
fi

domain=$1
server=$2
WLS_HOME=/opt/fmw

state=`cut -f1 -d ":" $WLS_HOME/domains/${domain}/servers/${server}/data/nodemanager/${server}.state`
echo "Server state is $state"

if [ $state = RUNNING -o $state = STARTING ]
then
    echo "Server is in $state mode, please shutdown and then use this script "
    exit
else

 if [ -d $WLS_HOME/domains/${domain}/servers/${server} ]
 then
   path=$WLS_HOME/domains/${domain}/servers/${server}
   rm -Rf $path/cache/*
   rm -Rf $path/tmp/*
   echo "Cache clean-up completed successfully"
   exit
 else
   echo ${domain} "or" ${server} "doesn't exists, please check"
   exit
 fi

fi

echo "There was some error, script not executed, please check the command/server name/admin name"
exit

Useful Scripts

Following script is used to clean up the logs by executing the script with 2 parameters (domain name & server name)

cleanLogs.sh

#!/bin/ksh

usage()
{
 echo "\n!!!!!Usage!!!!!!!"
 echo
 echo " cleanLogs.sh "
 echo "\ne.g. cleanLogs.sh mydomain myServer"
 echo
}
if [ $# -ne 2 ]
then
 usage
 exit 2
fi

domain=$1
server=$2
FMW_HOME=/opt/fmw/

#Remove the logs older than 30 days
find $FMW_HOME/user_projects/domains/${domain}/servers/${server}/logs/*_log.* -mtime +30 | xargs rm

#Compress the logs older than 15 days
find $FMW_HOME/user_projects/domains/${domain}/servers/${server}/logs/*access_log.* -mtime +15 | xargs compress

exit


Saturday, August 6, 2011

Weblogic Faq's - 2


Q. What is one way SSL?
Ans:  The server is required to present a certificate to the client but the client is not required to present a certificate to the server. To successfully negotiate an SSL connection, the client must authenticate the server, but the server will accept a connection from any client. One-way SSL is common on the Internet where customers want to create secure connections before they share personal data. Often, clients will also use SSL to log on in order for the server can authenticate them.

Q. What is two way SSL?
Ans:  With two-way SSL, the server presents a certificate to the client and the client presents a certificate to the server. Weblogic Server can be configured to require clients to submit valid and trusted certificates before completing the SSL connection.
Setting Up SSL: Main Steps
To set up SSL:
  1. Obtain an identity (private key and digital certificates) and trust (certificates of trusted certificate authorities) for Weblogic Server. Use the digital certificates, private keys, and trusted CA certificates provided by the Weblogic Server kit, the CertGen utility, Sun Microsystem's keytool utility, or a reputable vendor such as Entrust or Verisign to perform this step.
  1. Store the identity and trust. Private keys and trusted CA certificates which specify identity and trust are stored in a keystore.
  1. Configure the identity and trust keystores for Weblogic Server in the Weblogic Server Administration Console.
  1. Set SSL configuration options for the private key alias and password in the Weblogic Server Administration Console. Optionally, set configuration options that require the presentation of client certificates (for two-way SSL).
Q. What are the differences among versions of Weblogic 8, 9, 10?
Ans: Few major Differences are listed below:

-          Directory Structure has totally changed compared to 8.1 in 10.3 Refer: http://download.oracle.com/docs/cd/E12840_01/wls/docs103/upgrade/dirstruct.html
-          In WLS 8 configuration information is stored at one place, later versions you’ll find separate XML files
-          In WLS 8 connection pools and data sources are there, WLS 9 & 10 we find connection pools inside data sources
-          In terms of deployment, no need to select the type of application in WLS10 i.e. EJB/Web
-          In WLS 8 execute queues are there, however in WLS 9, 10 work managers are introduced
-          In WLS 9, 10 we have LOCK & EDIT which is not available in earlier versions
-     JMS modules and Sub Deployments are introduced in WLS 9, 10
 
Q. What are the different environments of Weblogic you’ve in your project?
Ans: Please define the exact environment details such as: dev, integration, staging, production

Q. What is the configuration file location of JDBC and config.xml in WLS10.3?
Ans: config.xml file is located in domain_name/config and
JDBC config file: domain_name/config/jdbc

Q. What are default number of threads in 8 and 9 versions of Weblogic.
Ans:  Thread Count 
Development - 15 threads 
Production - 25 threads

Q. How to obtain SSL .pem file.
Ans: SSL .pem (privacy-enhanced mail) files are often required for certificate installations.
First get the der file using keytool command, following the sequence:
keytool -genkey -v -alias test -keyalg RSA -keypass mykeypass -keystore identity.jks -storepass storepass
keytool -selfcert -v -alias test -keypass mykeypass -keystore identity.jks -storetype JKS
keytool -export -v -alias test -file exportedcert.der -keystore identity.jks -storepass storepass
Then convert the der file to pem file.

Q. How to 'Plug-in' for Weblogic on Apache.
Ans: Apache HTTP Server plug-in to Weblogic server allows requests to be proxied. Few high level simple steps are involved as below:
1)      Install Apache HTTP Server Plug-In
2)      Configure the plug-in by editing httpd.conf file which will be located at APACHE_HOME\conf\httpd.conf
3)      Add Weblogic server modules in conf file.
4)      Add an IfModule block with the Weblogic details such as cluster, port details etc…

Sunday, February 6, 2011

UNIX Command Reference

cd d              Change to directory d
mkdir d           Create new directory d
rmdir d           Remove directory d
mv f1 [f2...] d   Move file f to directory d
mv d1 d2          Rename directory D1 as D2
passwd            Change password
alias name1 name2 Create command alias
unalias name1     Remove command alias name1
rlogin nd         Login to remote node
logout            End terminal session
                                                  
                                                  
ls [d] [f...]     List files in directory
ls 1 [f...]      List files in detail
alias [name]      Display command aliases
printenv [name]   Print environment values
quota             Display disk quota
date              Print date & time
who               List logged in users
whoami            Display current user
finger [username] Output user information
chfn              Change finger information
pwd               Print working directory
history           Display recent commands
! n               Submit recent command n
                                                  
                                                  
Ctrl/c *          Interrupt processes
Ctrl/s *          Stop screen scrolling
Ctrl/q *          Resume screen output
sleep n           Sleep for n seconds
jobs              Print list of jobs
kill [%n]         Kill job n
ps                Print process status stats
kill 9 n         Remove process n
Ctrl/z *          Suspend current process
stop %n           Suspend background job n
command&          Run command in background
bg [%n]           Resume background job n
fg [%n]           Resume foreground job n
exit              Exit from shell