Oracle Fusion Middleware & Application Server

Wednesday, December 21, 2016

Oracle Database 12.1.0.2.0 are officially supported on Docker

Since yesterday, Tuesday 20th December 2016, the Oracle Database 12.1.0.2.0 and later are officially supported on Docker :-)

The corresponding My Oracle Support Note 2216342.1 can be found here: https://support.oracle.com/epmos/faces/DocContentDisplay?id=2216342.1


In the GitHub Repository of Oracle the related README is also updated to reflect the support for Oracle Database 12.1.0.2.0 and later on Docker.
All required files to build such a supported Oracle Database Instance on Docker can be found here: https://github.com/oracle/docker-images/tree/master/OracleDatabase


Friday, December 16, 2016

Accessing WebLogic Server Logfiles via RESTFul Management Services

The RESTFul Management Services within Oracle WebLogic 12c is one of the greatest features and my personal favorite.

You can achieve a lot of things with the RESTFul Management Services, like creating DataSources, perform deployments, startup and shutdown Managed Servers and so on.

But you also can access the different WebLogic Server Logfiles :-)

Let's say your developers needs access to the Logfiles of your Oracle WebLogic Server, but you don't want to give them access to your Server which is hosting your Oracle WebLogic Server.
Just create a new User in your WebLogic Admin Console and give this new User the Group "Monitor". With the Monitor Group you can access the WebLogic RESTFul Management Services.

Now your developers can retrieve the Logfiles with a simple cURL command from their desktops:

http://<servername>:<adminport>/management/wls/latest/servers/id/<ServerName>/logs/<LogType>

For the LogType you have following options:
  • DataSourceLog
  • DomainLog (only for AdminServer)
  • HTTPAccessLog
  • ServerLog


A possible cURL request to retrieve the DomainLog of your WebLogic Domain could be as follows:

# Replace the Server Name and Port with your values
# Replace the AdminServer Name "PRODAdminServer" with your AdminServer Name
#
curl -s --user RESTAdmin:welcome1 \
        -H X-Requested-By:MyClient \
        -H Accept:application/json \
        -X GET http://wls122:7101/management/wls/latest/servers/id/PRODAdminServer/logs/id/DomainLog > domain.log

or like this:

# Replace the Server Name and Port with your values
# Replace the Managed Server Name "Prod_ManagedServer1" with your Managed Server Name
#
curl -s --user RESTAdmin:welcome1 \
        -H X-Requested-By:MyClient \
        -H Accept:application/json \
        -X GET http://wls122:7101/management/wls/latest/servers/id/Prod_ManagedServer1/logs/id/ServerLog > Prod_ManagedServer1_ServerLog.log

The corresponding Logfile retrieval in JSON format will look as follows:

DomainLog:


Managed Server ServerLog:



Permanent Re-Login for WebLogic Consoles for multiple WebLogic Domains on one Server

In case you have multiple Oracle WebLogic Server Domains on one Server running, you might realise the following problem:

Opening 2 or more WebLogic Consoles in one Browser and switching the Browser tabs between the different WebLogic Consoles, you have to re-login all the times for your different WebLogic Consoles. This is really annoying ...

The problem behind is really simple, its the WebLogic Admin Console Cookie, as for all Oracle WebLogic Admin Consoles the default Cookie Name is identical, its named "ADMINCONSOLESESSION".

In order to avoid this permanent re-login to your multiple WebLogic Admin Consoles, you simply have to configure for each Oracle WebLogic Server Domain running on the same server unique Cookie Names.
I prefer the following naming convention: Cookie Name = Domain Name.

Open your WebLogic Admin Console and navigate to the Domain Configuration.


Activate the Lock & Edit Mode under the Change Center:


Expand the Advanced Configuration Options in the Domain Configuration / General Section:


Within the Advanced Configuration Options you will find the Configuration Item "Console Cookie Name" with the default Cookie Name "ADMINCONSOLESESSION":


Change the Console Cookie Name to a unique Cookie Name, e.g. your WebLogic Domain Name and press the Save button:


Finally activate your changes under the Change Center:


After the activation of your changes, you will get a notification message, that you have to restart 1 item. To check which item you have to restart, click under the Change Center the Text Line "View changes and restarts"


Within "Changes and Restarts" under the tab "Restart Checklist" you will see that your AdminServer needs to be restarted in order to take your prior changes.


Restart your Admin Server and from now on your WebLogic Admin Console will use a unique cookie name. Perform the above steps for all WebLogic Server Domains running on your server and you will not have anymore the problem with the permanent re-login to your WebLogic Admin Console for multiple WebLogic Domains on one server.

Thursday, December 15, 2016

WLST Error "General SSLEngine problem" after Nodemanager SSL Configuration

In case you configured your WebLogic Nodemanager with SSL, you might run into the following error while using nmConnect via WLST.


cd $ORACLE_HOME/oracle_common/common/bin
./wlst.sh

Initializing WebLogic Scripting Tool (WLST) ...

Welcome to WebLogic Server Administration Scripting Shell

Type help() for help on available commands

wls:/offline> nmConnect('nodemanager', 'welcome1', 'soaserver1', '5556', 'demo_domain' , '/u00/app/oracle/user_projects/domains/demo_domain' , 'ssl')
Connecting to Node Manager ...
<Dec 15, 2016 2:22:30 PM CET> <Info> <Security> <BEA-090905> <Disabling the CryptoJ JCE Provider self-integrity check for better startup performance. To enable this check, specify -Dweblogic.security.allowCryptoJDefaultJCEVerification=true.> 
<Dec 15, 2016 2:22:30 PM CET> <Info> <Security> <BEA-090906> <Changing the default Random Number Generator in RSA CryptoJ from ECDRBG128 to HMACDRBG. To disable this change, specify -Dweblogic.security.allowCryptoJDefaultPRNG=true.> 
<Dec 15, 2016 2:22:30 PM CET> <Info> <Security> <BEA-090909> <Using the configured custom SSL Hostname Verifier implementation: weblogic.security.utils.SSLWLSHostnameVerifier$NullHostnameVerifier.> 
Traceback (innermost last):
  File "<console>", line 1, in ?
  File "<iostream>", line 111, in nmConnect
  File "<iostream>", line 553, in raiseWLSTException
WLSTException: Error occurred while performing nmConnect : Cannot connect to Node Manager. : General SSLEngine problem 
Use dumpStack() to view the full stacktrace :


My current nodemanager configuration is as follows:

#Node manager properties
#Fri Dec 09 12:04:54 CET 2016
DomainsFile=/u00/app/oracle/user_projects/domains/demo_domain/nodemanager/nodemanager.domains
LogLimit=0
PropertiesVersion=12.2.1.2.0
AuthenticationEnabled=true
NodeManagerHome=/u00/app/oracle/user_projects/domains/demo_domain/nodemanager
JavaHome=/u00/app/oracle/product/jdk1.8.0_101
LogLevel=INFO
DomainsFileEnabled=true
ListenAddress=soaserver1
NativeVersionEnabled=true
ListenPort=5556
LogToStderr=true
weblogic.StartScriptName=startWebLogic.sh
SecureListener=true
LogCount=1
QuitEnabled=false
LogAppend=true
weblogic.StopScriptEnabled=false
StateCheckInterval=500
CrashRecoveryEnabled=false
weblogic.StartScriptEnabled=true
LogFile=/u00/app/oracle/user_projects/domains/demo_domain/nodemanager/nodemanager.log
LogFormatter=weblogic.nodemanager.server.LogFormatter
ListenBacklog=50
KeyStores=CustomIdentityAndCustomTrust
CustomIdentityKeystoreType=jks
CustomIdentityKeyStoreFileName=/home/soa/keystore/identity.jks
CustomIdentityKeyStorePassPhrase={AES}rQXxLXU2h6IBTrreiBVce3kGEfK8d4uUzsb+WKQqCu8=
CustomIdentityPrivateKeyPassPhrase={AES}M0Wl5V0kcCy27txsYyFzngS2jUoShI92PNlKUWb+JQo=
CustomIdentityAlias=selfsigned
CustomTrustKeystoreType=jks
CustomTrustKeyStoreFileName=/home/soa/keystore/trust.jks
CustomTrustKeyStorePassPhrase=


The solution to be able to connect via WLST to your Nodemanager is pretty simple, just modify the $ORACLE_HOME/oracle_common/common/bin/wlst.sh as follows:

#
# Search for the line 
#    JVM_ARGS="${WLST_PROPERTIES} ${JVM_D64} ${UTILS_MEM_ARGS} ${CONFIG_JVM_ARGS}"
# Add before the JVM_ARGS line following lines with the shown JAVA_OPTIONS
# and replace the line 
#    eval '"${JAVA_HOME}/bin/java"' ${JVM_ARGS} weblogic.WLST '"$@"'
# as shown below with
#    eval '"${JAVA_HOME}/bin/java"' ${JVM_ARGS} ${JAVA_OPTIONS} weblogic.WLST '"$@"'
#
JAVA_OPTIONS="-Dweblogic.ssl.JSSEEnabled=true ${JAVA_OPTIONS}"
JAVA_OPTIONS="-Dweblogic.security.SSL.enableJSSE="true" ${JAVA_OPTIONS}"
JAVA_OPTIONS="-Dweblogic.security.SSL.ignoreHostnameVerification=true ${JAVA_OPTIONS}"
JAVA_OPTIONS="-Dweblogic.security.TrustKeyStore=CustomTrust ${JAVA_OPTIONS}"
JAVA_OPTIONS="-Dweblogic.security.CustomTrustKeyStoreFileName=/home/soa/keystore/trust.jks ${JAVA_OPTIONS}"
JAVA_OPTIONS="-Dweblogic.security.CustomTrustKeyStorePassPhrase=welcome1 ${JAVA_OPTIONS}"
JAVA_OPTIONS="-Dweblogic.security.CustomTrustKeyStoreType=JKS ${JAVA_OPTIONS}"
export JAVA_OPTIONS

JVM_ARGS="${WLST_PROPERTIES} ${JVM_D64} ${UTILS_MEM_ARGS} ${CONFIG_JVM_ARGS}"
if [ -d "${JAVA_HOME}" ]; then
 # eval '"${JAVA_HOME}/bin/java"' ${JVM_ARGS} weblogic.WLST '"$@"'
 eval '"${JAVA_HOME}/bin/java"' ${JVM_ARGS} ${JAVA_OPTIONS} weblogic.WLST '"$@"'
else
 exit 1
fi


After the above modifications you can use WLST to connect to the Nodemanager with the nmConnect command.

cd $ORACLE_HOME/oracle_common/common/bin
./wlst.sh

Initializing WebLogic Scripting Tool (WLST) ...

Welcome to WebLogic Server Administration Scripting Shell

Type help() for help on available commands

wls:/offline> nmConnect('nodemanager', 'welcome1', 'soaserver1', '5556', 'demo_domain' , '/u00/app/oracle/user_projects/domains/demo_domain' , 'ssl')
Connecting to Node Manager ...
<Dec 15, 2016 2:38:15 PM CET> <Info> <Security> <BEA-090905> <Disabling the CryptoJ JCE Provider self-integrity check for better startup performance. To enable this check, specify -Dweblogic.security.allowCryptoJDefaultJCEVerification=true.> 

<Dec 15, 2016 2:38:15 PM CET> <Info> <Security> <BEA-090906> <Changing the default Random Number Generator in RSA CryptoJ from ECDRBG128 to HMACDRBG. To disable this change, specify -Dweblogic.security.allowCryptoJDefaultPRNG=true.> 

<Dec 15, 2016 2:38:16 PM CET> <Info> <Security> <BEA-090909> <Using the configured custom SSL Hostname Verifier implementation: weblogic.security.utils.SSLWLSHostnameVerifier$NullHostnameVerifier./gt; 

Successfully Connected to Node Manager.


Friday, December 9, 2016

Install and Configure Oracle SOA Suite 12c with 2 different Linux Users

I am currently involved in a project were one requirement is, that the Oracle Software (WebLogic Server and Oracle SOA Suite) is installed by one Linux User and the on top to be used Oracle SOA Domain should be created and started as another Linux User.

In general that's according to the Oracle Documentation for Oracle SOA Suite 12.2.1.2.0 possible


But there is a small and important note: Certain domain files do not have the group permissions. For example, cwallet.sso.

Oracle is just providing one file (cwallet.sso) out of certain files which are lacking from the correct group permission.

Before you run in the same try-and-error procedure to find out the complete list of files which needs to be aligned, here are my list of files, which I aligned and afterwards I could create my SOA Domain under a second Linux User.

Let's assume following scenario:

  • Oracle Software Owner is: oracle
  • Primary Group of User oracle is: oinstall
  • SOA Domain Owner is: soa
  • Primary Group of User soa is: oinstall

Connect as Oracle Software Owner oracle and perform following chmod commands

chmod 660 $ORACLE_HOME/oracle_common/modules/oracle.jps/domain_config/wls/system-jazn-data.xml
chmod 660 $ORACLE_HOME/oracle_common/modules/oracle.jps/domain_config/cwallet.sso
chmod 660 $ORACLE_HOME/oracle_common/modules/oracle.jps/domain_config/audit-store.xml

After the above alignments you can start to create your SOA Domain with $ORACLE_HOME/oracle_common/common/bin/config.sh as Linux User soa.