Tuesday 4 October 2016

Saturday 1 October 2016

WebLogic 12c 12.1.3 HTTPS TLSv1.2 Only Enablement

Pre-requisite

HTTPS and TLSv1.2 Only Enablement
  • HTTPS Enablement
    • Login to the Admin Console of Weblogic Admin Server 
    • Select from left tree "base_domain -> Enviornment -> Servers"
    • Select the Server which you want to enable for HTTPS, for example "Server-1"
    • Select Tabe "Configuration -> General" and select "SSL Port Enabled" and provide a HTTPS port, for example 8082
    • Select Tabe "Configuration -> Keystores" and provide following values:
      • Keystores: Select "Customer Identity and Custom Trust"
      • Custom Identity Keystore: the path to identity jks in the machine
      • Custom Identity Keystore Type: JKS
      • Custom Identity Keystore Passphrase: the password of identity keystore
      • Confirm Custom Identity Keystore Passphrase: the password of identity keystore
      • Custom Trust Keystore: the path to trust jks in the machine
      • Custom Trust Keystore Type: JKS
      • Custom Trust Keystore Passphrase: the password of trust store keystore
      • Confirm Custom Trust Keystore Passphrase: the password of trust store keystore
    • Select Tabe "Configuration -> SSL" and provide following values:
      • Identity and Trust Locations: Keystores
      • Private Key Alias: the alias name of the identity certificate
      • Private Key Passphrase: the private key of the identity certificate
      • Confirm Private Key Passphrase: the private key of the identity certificate
    • You may do the same changes for Admin Server as well if want to do HTTPS enablement for Admin Server port.
    • Restart the Servers to take HTTPS enablement into effect, and hit the server URL with HTTPS port to verify.
  • TLSv1.2 Only Restriction
    • Select Tabe "Configuration -> Server Start" and provide following values:
      • Arguments: -Dweblogic.security.SSL.enableJSSE=true -Dweblogic.security.SSL.minimumProtocolVersion=TLSv1.2 -Dweblogic.security.SSL.allowUnencryptedNullCipher=false -Dweblogic.security.disableNullCipher=true
    • Restart the Servers
  • To restrict ciphers
    • Stop NodeManager, AdminServer and all other Servers
    • Modify config.xml
      • $cd /app/Oracle/Middleware/Oracle_Home/user_projects/domains/base_domain/config
      • $vi config.xml
      • Add following ciphers under respective Server section, for example
        • <server>
        • <name>Server-1</name>
        • <ssl>
        • <enabled>true</enabled>
        • <ciphersuite>TLS_RSA_WITH_AES_128_CBC_SHA</ciphersuite>
        • <ciphersuite>TLS_ECDH_RSA_WITH_AES_128_CBC_SHA</ciphersuite>
        • <ciphersuite>TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA</ciphersuite>
        • <ciphersuite>TLS_DHE_RSA_WITH_AES_128_CBC_SHA</ciphersuite>
        • .....
        • .....
      • Save the modification in config.xml
    • Restart NodeManager, AdminServer and respective Servers.
Thank You!

WebLogic 12c 12.1.3 JMS Distributed Queues and Topics Configuration


Pre-requisite



Distributed JMS Queues and Topics Creation

  • Create Server: JMSManagedServer-1 
    • Select from left tree "base_domain-> Enviornment -> Servers" and click "New"
    • Provide Server name as "JMSManagedServer-1", Listen address as "<HOST-NAME-1ST-NODE", Port as "8001", select "No, this is a stand-alone server.", and Click "Finish"
    • Navigate to the JMSManagedServer-1 management page by clicking the JMSManagedServer-1 name entry in the Summary of Servers table.
    • In the general tab, select "<HOST-NAME-1ST-NODE>" in the Machine drop-down box, disable "SSL Listen Port Enabled" and Click Save.
    • In the Server Start tab, ether the following information and click save
    • Java Home as "/usr/java/jdk1.8.0_102/"
    • Java Vendor as "Oracle "
    • Arguments as 
    • -Djava.library.path=/app/Oracle/Middleware/Oracle_Home/wlserver/server/native/linux/x86_64/
  • Create Server: JMSManagedServer-2
    • Select from left tree "base_domain-> Enviornment -> Servers" and click "New"
    • Provide Server name as "JMSManagedServer-2", Listen address as "<HOST-NAME-1ST-NODE", Port as "8001", select "No, this is a stand-alone server.", and Click "Finish"
    • Navigate to the JMSManagedServer-2 management page by clicking the JMSManagedServer-2 name entry in the Summary of Servers table.
    • In the general tab, select "<HOST-NAME-2ND-NODE>" in the Machine drop-down box, disable "SSL Listen Port Enabled" and Click Save.
    • In the Server Start tab, ether the following information and click save
    • Java Home as "/usr/java/jdk1.8.0_102/"
    • Java Vendor as "Oracle "
    • Arguments as 
    • -Djava.library.path=/app/Oracle/Middleware/Oracle_Home/wlserver/server/native/linux/x86_64/
  • Create JMS Clusters 
    • Select from left tree "base_domain-> Enviornment -> Clusters" and click "New"
    • Provide name as "JMSCluster" and click "Finish"
    • Navigate to the JMSCluster management page by clicking theJMSCluster name entry in the Summary of Clusters table
    • In the "Servers" tab, add Servers "JMSManagedServer-1" and "JMSManagedServer-2" into the cluster
  • Create the JMS Servers 
    • Login to WebLogic Admin Console
    • Open web browser and hit the URL "http://<HOST-NAME>:7001/console/login/LoginForm.jsp" and enter credentials as "weblogic/Weblogic123"
    • On the left menu/navigation area, select the appropriate server domain and click to expand the Services - Messaging – JMS Servers node.
    • Click the Lock & Edit button, located near the top of the left menu.
    • On the following page, click the New button.
    • This will take you to a page where you can select a name for the JMS server. In the text box, name the server JMSServer-1.
    • Click Next.
    • Under the Select targets heading, use the drop-down box to select the name of the server where you wish to deploy the JMS server. ManagedJMSServer-1 should be the target for JMSServer-1. Click Finish.
    • To commit the change and create the JMS server, you must then click the Activate Changes button. This should create a new JMS server.
    • Complete steps above to create JMSServer-2, which should target ManagedJMSServer-2.
  • Create the JMS Module 
    • On the left menu/navigation area, select the appropriate server domain and click to expand the Services – Messaging – JMS Modules node.
    • Click the Lock & Edit button, located near the top of the left menu.
    • On the following page, click the New button.
    • This will take you to a page where you can select a name for the JMS module. In the Name text box, give the module an appropriate name.
    • Click Next.
    • Under the Targets heading, select ManagedJMSServer-1 and ManagedJMSServer-2. Click Next.
    • Click Finish.
    • Select SystemModule-1 from the JMS Modules table and select the Subdeployments tab and click the New button
    • Enter Default for the Subdeployment Name. Click Next.
    • On the Targets page, select JMSServer-1 and JMSServer-2. Click Finish
  • Create Queues and Topics
    • On the Create a New JMS System Module Resource page, Queue or Topic resource as appropriate and click Next.
    • Accept the default “round-robin” handling of the distributed JMS resources. You will enter the JMS Destination Properties on the following page. Give the distributed queue or topic an appropriate Name and JNDI Name. Following is an example: 
    • ticketRequest, ticketRequest, DistributedQueue
    • ticketResponse, ticketResponse, DistributedTopic
    • Click Next.
    • Accept the default targeting suggested by the admin console and click Finish.
    • Click the green “Activate Changes” button to ensure that the JMS resource definition is accepted and deployed by the Web Logic Server.
    • Test
    • You can verify that the JMS resources were successfully deployed by trying to connect to them with a JMS client such as Hermes JMS.


Thank You!

WebLogic 12c 12.1.3 Cluster Node Setup in Linux

Pre-requisite

2nd Node Setup
  • Create 2nd or Remote Weblogic Node
  • Login to the Admin Console of Weblogic Admin Server (running in Node1)
  • Select from left tree "base_domain -> Enviornment -> Machines" and click "New"
  • Provide name as "<HOST-NAME-OF-2ND-NODE>" and Os as "Unix", and click "Next"
  • Select Type as "Plain", Address as "<HOST-NAME-OF-2ND-NODE>", Port as "5556" and click "Finish"
  • Install Weblogic Server (Do not have to create Domain here) following the same steps followed for 1st Node:
    • Connect via SSH CLI to 2nd Node
    • Create weblogic user and group
      • $groupadd -g 1000 weblogic
      • $useradd -u 1100 -g weblogic weblogic
      • $passwd weblogic (give password as weblogic)
    • Create weblogic installation directory
      • $mkdir /app
      • $chown -R weblogic:weblogic /opt/oracle
      • $chmod -R 775 /app
    • Download Weblogic 12c (12.1.3) installable
      • Download Weblogic Server 12.1.3 from Oracle Support Site: fmw_12.1.3.0.0_wls.jar
    • Install Weblogic 12.1.3
      • Verify Java 8 is installed
        • $which java
        • $java -version
    • Perform installation of Weblogic 12.1.3
      • Add the following entries into /home/weblogic/.bash_profile file:
        • export MW_HOME=/app/Oracle/Middleware/Oracle_Home/
        • export WLS_HOME="${MW_HOME}/wlserver"
        • export WL_HOME="${WLS_HOME}"
        • # Set to appropriate JAVA_HOME.
        • export JAVA_HOME=/usr/java/jdk1.8.0_91
        • export JAVA_OPTIONS="-Djava.security.egd=file:/dev/./urandom"
        • PATH=$PATH:$HOME/bin:$JAVA_HOME/bin
        • export PATH
      • Connect o Machine via VNC Client (make sure VNCServer is running in the box)
      • From VNC Client go to Shell prompt
      • Switch to weblogic user
        • $su - weblogic
      • Run the Installer from the directory where weblogic installer jar is copied
        • $java -jar fmw_12.1.3.0.0_wls.jar
      • You will get pre-requisite check warnings, make sure all checks are passed (except for 256 color warning in which case you can proceed with 'y')
      • Let all defaults values (like inventory location, installation location, installation type) to be selected except installation path which you can specify as under /app
      • You may Uncheck the check box where it is asked to get information on security updates
      • After installation it would prompt for domain creation, say No
  • Note: we did not create domain in the 2nd Node
  • From the 1st Primary Node create a teamplate.jar 
    • SSL CLI to 1st Node and switch to webloigc user
    • $cd /app/Oracle/Middleware/Oracle_Home/oracle_common/common/bin
    • $./pack.sh -managed=true -domain="/app/Oracle/Middleware/Oracle_Home/user_projects/domains/base_domain" -template=midtiertemplate.jar -template_name="midtiertemplate"
    • This will create a midtiertemplate.jar in the path /app/Oracle/Middleware/Oracle_Home/oracle_common/common/bin
  • Use template created from 1st Node to install it in 2nd Node 
  • SSH to 2nd Node and switch to weblogic User
  • copy template from 1st Node to 2nd Node 
    • $cd /app/Oracle/Middleware/Oracle_Home/oracle_common/common/bin
    • $scp root@<HOST-NAME-OF-1ST-NODE>:/app/Oracle/Middleware/Oracle_Home/oracle_common/common/bin/midtiertemplate.jar .
  • $./unpack.sh -domain="/app/Oracle/Middleware/Oracle_Home/user_projects/domains/base_domain" -template="/app/Oracle/Middleware/Oracle_Home/oracle_common/common/bin/midtiertemplate.jar"
  • Check for successful message in the command prompt
  • Register this 2nd Machine NodeManager with 1st Machine 
    • SSH to 2nd Machine and switch to weblogic user
    • $su - weblogic
    • $cd /app/Oracle/Middleware/Oracle_Home/oracle_common/user_projects/domains/base_domain/bin/
    • $. setDomainEnv.sh
    • java weblogic.WLST 
    • A new prompt will come:
    • >>connect('weblogic','Weblogic123','t3://<HOST-NAME-OF-1ST-NODE>:7001')
    • >>nmEnroll('/app/Oracle/Middleware/Oracle_Home/user_projects/domains/base_domain/','/app/Oracle/Middleware/Oracle_Home/user_projects/domains/base_domain/nodemanager/')
    • >>exit()
  • Start the NodeManager in 2nd Machine 
    • $cd /app/Oracle/Middleware/Oracle_Home/user_projects/domains/base_domain
    • $nohup ./bin/startNodeManager.sh &
  • check the nohup log for successful startup 
  • If any issues, please check the nodemanager.properties file and correct the hostname.
  • Verify it from 1st Node 
    • Login to Admin Console UI of 1st Machine
    • Go to Machines -> 2nd Machine
    • Go to Tab Monitoring and check "Reachable" state for confirmation.
Thank You!

WebLogic 12c 12.1.3 Installation and Configuration in Linux

Pre-requisite
  • Java 8 installed 
  • VNC Server installed (to be able to run WebLogic installer GUI)

Installation & Configuration Steps
  • Create weblogic user and group
    • $groupadd -g 1000 weblogic
    • $useradd -u 1100 -g weblogic weblogic
    • $passwd weblogic (give password as weblogic)
  • Create weblogic installation directory
    • $mkdir /app
    • $chown -R weblogic:weblogic /opt/oracle
    • $chmod -R 775 /app
  • Download Weblogic 12c (12.1.3) installable
    • Download Weblogic Server 12.1.3 from Oracle Support Site: fmw_12.1.3.0.0_wls.jar
  • Install Weblogic 12.1.3
    • Verify Java 8 is installed
      • $which java
      • $java -version
  • Perform installation of Weblogic 12.1.3
    • Add the following entries into /home/weblogic/.bash_profile file:
      • export MW_HOME=/app/Oracle/Middleware/Oracle_Home/
      • export WLS_HOME="${MW_HOME}/wlserver"
      • export WL_HOME="${WLS_HOME}"
      • # Set to appropriate JAVA_HOME.
      • export JAVA_HOME=/usr/java/jdk1.8.0_91
      • export JAVA_OPTIONS="-Djava.security.egd=file:/dev/./urandom"
      • PATH=$PATH:$HOME/bin:$JAVA_HOME/bin
      • export PATH
    • Connect o Machine via VNC Client (make sure VNCServer is running in the box)
    • From VNC Client go to Shell prompt
    • Switch to weblogic user
      • $su - weblogic
    • Run the Installer from the directory where weblogic installer jar is copied
      • $java -jar fmw_12.1.3.0.0_wls.jar
    • You will get pre-requisite check warnings, make sure all checks are passed (except for 256 color warning in which case you can proceed with 'y')
    • Let all defaults values (like inventory location, installation location, installation type) to be selected except installation path which you can specify as under /app
    • You may Uncheck the check box where it is asked to get information on security updates
    • After installation it would prompt for domain creation, say Yes 
    • Give the Domain path as /app/Oracle/Middleware/Oracle_Home/user_projects/domains/base_domain/ 
    • and select all default options except selecting the "Production Mode" when asked for installation mode to have run Weblogic in production licensed mode
    • Provide Username password as "weblogic:Weblogic123"
    • Finish Domain Creation Wizard and come out of (exit) VNC Client
    • Start NodeManager and Admin Server
    • Login to Machine via SSH Client
    • Switch to weblogic user
      • $su - weblogic
    • Start NodeManager
      • $cd /app/Oracle/Middleware/Oracle_Home/user_projects/domains/base_domain
      • $nohup ./bin/startNodeManager.sh &
    • Verify at nohup.out log for successful start of NodeManager.
    • In case any issues you face with startup please check if hostname and ports and secureLister=false are correctly configured in nodemanager.properties file
    • /app/Oracle/Middleware/Oracle_Home/user_projects/domains/base_domain/nodemanager/nodemanager.properties
    • ****Note that we have installed Weblogic with Production Mode which requires username and password to be entered while starting the servers to by pass username and password ask and start server in backrgound***
    • Manully create boot.properties for Admin Server
      • $cd /app/Oracle/Middleware/Oracle_Home/user_projects/domains/base_domain/servers/AdminServer
      • $mkdir scecurity
      • $cd security
      • $vi boot.properties with following values
        • username=weblogic
        • password=Webloigc123
    • Start Weblogic Server
      • $cd /app/Oracle/Middleware/Oracle_Home/user_projects/domains/base_domain/bin
      • $nohup ./startWebLogic.sh &
    • Open web browser and hit the URL "http://<HOST-NAME>:7001/console/login/LoginForm.jsp" and enter credentials as "weblogic/Weblogic123"
    • If you are able to see the login page and login, it confirms installation is successful
    • Configuration of Weblogic
    • Create Machines 
    • Select from left tree "base_domain -> Enviornment -> Machines" and click "New"
    • Provide name as "<HOST-NAME>" and Os as "Unix", and click "Next"
    • Select Type as "Plain", Address as "<HOST-NAME>", Port as "5556" and click "Finish"
    • Create Servers 
    • Select from left tree "base_domain -> Enviornment -> Servers" and click "New"
    • Provide Server name as "Server-1", Listen address as "<HOST-NAME>", Port as "8080", select "No, this is a stand-alone server.", and Click "Finish"
    • Navigate to the Server-1 management page by clicking the Server-1 name entry in the Summary of Servers table.
    • In the general tab, select "<HOST-NAME>" in the Machine drop-down box, disable "SSL Listen Port Enabled" and Click Save.
    • In the Server Start tab, ether the following information and click save
      • Java Home as "/usr/java/jdk1.8.0_91/"
      • Java Vendor as "Oracle"
      • Arguments as 
      • -Xms1024m -Xmx3076m -Djava.library.path=/app/Oracle/Middleware/Oracle_Home/wlserver/server/native/linux/x86_64/
    • Start Server-1
    • Select from left tree "base_domain -> Enviornment -> Servers" and then select Server-1 and start
Thank You!