There are multiple ways of getting weblogic version and patch details .
Weblogic version will be displayed in WLS Admin home page
Once we login to console and go to any server Monitoring page . It will display many other details .From New version onwards all the applied patches also visible .We haven't applied any patches hence No patches installed message .
List all the patches using command
$ opatch lsinventory -jre /apps/java11_64
How to get the list of Domain's created under a Weblogic product ??
We can get the Domain list from domain-registry.xml
We can also get the version information from registry.xml .
All the installed components in-detail information can be found in below comps.xml
In the previous blog we have seen how to Install and create Admin server . Now we will see how to create managed server ,start and stop .
run setWLSEnv.sh to load Weblogic Environment variables .
cd /apps/bea14/wlserver/server/bin
[wlsuser@localhost bin]$ ./setWLSEnv.sh
CLASSPATH=/apps/java11_64/lib/tools.jar:/apps/bea14/wlserver/modules/features/wlst.wls.classpath.jar:
PATH=/apps/bea14/wlserver/server/bin:/apps/bea14/wlserver/../oracle_common/modules/thirdparty/org.apache.ant/1.10.5.0.0/apache-ant-1.10.5/bin:/apps/java11_64/bin:/apps/java11_64/bin:/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin:/bin:/sbin:/home/wlsuser/.local/bin:/home/wlsuser/bin:/apps/bea14/wlserver/../oracle_common/modules/thirdparty/apache-maven_bundle/3.6.1.0.0/apache-maven-3.6.1/bin
Your environment has been set.
[wlsuser@localhost bin]$
Now run wlst.sh then run below commands to create managed server
[wlsuser@localhost wlserver]$ cd common/bin/
[wlsuser@localhost bin]$ ./wlst.sh
WARNING: This is a deprecated script. Please invoke the wlst.sh script under oracle_common/common/bin.
Initializing WebLogic Scripting Tool (WLST) ...
Welcome to WebLogic Server Administration Scripting Shell
Type help() for help on available commands
wls:/offline>
<<<<<<<Here run below commands to create AppSrv01>>>>>
readTemplate('/apps/bea14/wlserver/common/templates/wls/wls.jar')
connect('weblogic','welcome1', 't3://localhost:7001')
edit()
startEdit()
cd('/')
cmo.createServer('AppSrv01')
cd('/Servers/' + 'AppSrv01')
set('ListenAddress','127.0.0.1')
set('ListenPort', 7003)
save()
activate()
disconnect()
exit()
To Start the managed server for the first time we need to create boot.properties file which holds admin id and password details . either we can create new file or copy from Admin security .
[wlsuser@localhost TESTDomain]$ cd servers/
[wlsuser@localhost servers]$ ls -lrt
total 0
drwxr-xr-x. 7 wlsuser wlsuser 70 Dec 24 23:35 AdminServer
drwxr-x---. 3 wlsuser wlsuser 25 Dec 25 10:58 domain_bak
[wlsuser@localhost servers]$ mkdir AppSrv01
[wlsuser@localhost servers]$ cd AppSrv01/
[wlsuser@localhost AppSrv01]$ cp ../AdminServer/security/ .
cp: omitting directory ‘../AdminServer/security/’
[wlsuser@localhost AppSrv01]$ cp -R ../AdminServer/security/ .
[wlsuser@localhost AppSrv01]$ cd security/
[wlsuser@localhost security]$ ls -lrt
total 4
-rwxr-xr-x. 1 wlsuser wlsuser 192 Dec 25 11:07 boot.properties
[wlsuser@localhost security]$
[wlsuser@localhost TESTDomain]$ cd bin
[wlsuser@localhost bin]$ nohup ./startManagedWebLogic.sh AppSrv01 t3://127.0.0.1:7001 &
[4] 4997
nohup: ignoring input and appending output to ‘nohup.out’
[wlsuser@localhost bin]$
<Dec 25, 2020, 11:13:10,543 AM Singapore Standard Time> <Notice> <Server> <BEA-002613> <Channel "Default" is now listening on 127.0.0.1:7003 for protocols iiop, t3, ldap, snmp, http.>
<Dec 25, 2020, 11:13:10,576 AM Singapore Standard Time> <Notice> <Server> <BEA-002613> <Channel "Default" is now listening on 127.0.0.1:7003 for protocols iiop, t3, ldap, snmp, http.>
<Dec 25, 2020, 11:13:10,666 AM Singapore Standard Time> <Notice> <JMX> <BEA-149535> <JMX Resiliency Activity Server=AppSrv01 :
Received a CONNECT EVENT
>
<Dec 25, 2020, 11:13:10,668 AM Singapore Standard Time> <Notice> <JMX> <BEA-149535> <JMX Resiliency Activity Server=AppSrv01 : Starting JMX connection. forceReconnect value: false>
<Dec 25, 2020, 11:13:10,693 AM Singapore Standard Time> <Notice> <WebLogicServer> <BEA-000360> <The server started in RUNNING mode.>
<Dec 25, 2020, 11:13:10,715 AM Singapore Standard Time> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to RUNNING.>
[wlsuser@localhost bin]$ ./stopManagedWebLogic.sh AppSrv01 t3://127.0.0.1:7001
Stopping Weblogic Server...
Initializing WebLogic Scripting Tool (WLST) ...
Welcome to WebLogic Server Administration Scripting Shell
Type help() for help on available commands
Connecting to t3://127.0.0.1:7001 with userid weblogic ...
Successfully connected to Admin Server "AdminServer" that belongs to domain "TESTDomain".
Warning: An insecure protocol was used to connect to the server.
To ensure on-the-wire security, the SSL port or Admin port should be used instead.
Shutting down the server AppSrv01 with force=false while connected to AdminServer ...
.
Exiting WebLogic Scripting Tool.
Done
Stopping Derby Server...
Derby server stopped.
[4] Done nohup ./startManagedWebLogic.sh AppSrv01 t3://127.0.0.1:7001
[wlsuser@localhost bin]$
With SSL port enabled log looks like below .
<Dec 25, 2020, 11:21:17,495 AM Singapore Standard Time> <Notice> <WebLogicServer> <BEA-000332> <Started the WebLogic Server Managed Server "AppSrv01" for domain "TESTDomain" running in development mode.>
<Dec 25, 2020, 11:21:17,496 AM Singapore Standard Time> <Notice> <Server> <BEA-002613> <Channel "DefaultSecure" is now listening on 127.0.0.1:7004 for protocols iiops, t3s, ldaps, https.>
<Dec 25, 2020, 11:21:17,496 AM Singapore Standard Time> <Notice> <Server> <BEA-002613> <Channel "Default" is now listening on 127.0.0.1:7003 for protocols iiop, t3, ldap, snmp, http.>
<Dec 25, 2020, 11:21:17,497 AM Singapore Standard Time> <Notice> <Server> <BEA-002613> <Channel "DefaultSecure" is now listening on 127.0.0.1:7004 for protocols iiops, t3s, ldaps, https.>
so far default SSL cert was used comes with Weblogic Demo Identity and Demo Trust keystore .To use Custom Keystore We need to configure under SSL and Keystore on each server in weblogic .
We have configured AD Authenticator in Weblogic and we enabled TLSv1.2 only on Weblogic . When we restart Admin server it fails to connect with AD with the below error . In the logs we can see ClientHello with TLSv1.2 but the AD responds back with TLSv1.1 and that is where the connectivity fails . If we enable TLSv1.1 then the connection goes fine .
AD side All the protocols are enabled and with openssl we are able to connect to AD over TLSv1.2 (openssl s_client -connect IP:636 -tls1_2 )
openssl can use to test connectivity to server only (inbound not for outbound )
openssl s_client -connect <hostname:port> -tls1
openssl s_client -connect <hostname:port> -tls1_1
openssl s_client -connect <hostname:port> -tls1_2
Error logs
<Feb 6, 2019, 1:50:07,170 PM SGT> <Warning> <Security> <BEA-099117> <The LDAP authentication provider named "TEST Active Directory Authenticator" failed to make a connection to LDAP server at ldaps://activedirectory.com:636, the error cause is: Server chose TLSv1.1, but that protocol version is not enabled or not supported by the client..>
<Feb 6, 2019, 1:50:07,171 PM SGT> <Debug> <SecurityAtn> <BEA-000000> <Connecting to host=activedirectory.com, ssl port=636>
<Feb 13, 2020, 10:25:45,92 AM SGT> <Notice> <Stdout> <BEA-000000> <*** ClientHello, TLSv1.2>
if we enable ssl debug we can see below
<Feb 13, 2019, 10:25:45,92 AM SGT> <Notice> <Stdout> <BEA-000000> <*** ClientHello, TLSv1.2>
....
<Feb 13, 2019, 10:25:45,107 AM SGT> <Notice> <Stdout> <BEA-000000> <*** ServerHello, TLSv1.1>
....
<Feb 13, 2019, 10:25:45,107 AM SGT> <Notice> <Stdout> <BEA-000000> <*** ServerHello, TLSv1.1>
-Dweblogic.security.SSL.protocolVersion=TLSv1.2 --> this is for inbound call's
-Dweblogic.security.SSL.minimumProtocolVersion=TLSv1.2 --> this is for inbound call's
Below parameters are for outbound call's
-Djdk.tls.client.protocols=TLSv1.2
If your application is using the HttpsClient or HttpsURLConnection classes, you need to use the https.protocols system property:
-Dhttps.protocols=TLSv1.2
Configuring JBOSS to MQ is pretty easy . Just follow below steps 1.Download wmq.jmsra.rar from IBM site or copy from from MQ server . 2.Install wmq.jmsra.rar on JBOSS as an application and the runtime name wmq.jmsra.rar will be configured in resource-adapter tag. 3.Resource adapter config looks like the below for connection to MQ QMGR .it should be configured in domain.xml for Domain mode setup and in standalone.xml for standalone setup. 4.Application internally uses JNDI names that configured under resource-adapter for communication with the QUEUE's or TOPIC's . If we have multiple queues then we will get multiple queue and relevent jndi names to be update in the xml file .
With No resource-adapter xml content looks like below
Similar to all the other Application server's JBOSS also has a user-role based authentication .
Follow below steps To Map Users to Roles :
jbadmin ==> Administrator jbdeploy ==> Deployer
Step 1: To Configure jbdeploy to give it to the Developer : This system is currently configured to use simple access controls, which will not utilise changes made in this section for roles. In order to utilise role mappings that you configure in this section, you will need to enable role based access controls from the Command Line Interface (CLI) using the following command:
Step 2: From the console go to administration and add user and map role as per requirement . Step 3 :After mapping users to roles below is the tag updated in Domain.xml
When working with MQ we should make sure that we have Queue Monitoring in place . Also we have to plan the Queue maxdepth attribute based on the Load of message generation and consumption rate . MQ health is good if All channels are RUNNING and Curdepth is 0 always .Means Application are processing all the messages that comes in to the queue .We will see how to check the maxdepth ,curdepth ,What happens if the queue is full .How to check the MQ reason code if we get any MQ error .
[mqm@ip-172-31-14-154 tmp]$ echo " dis ql(TESTQ) curdepth maxdepth " |runmqsc IBMMQ.QM1
5724-H72 (C) Copyright IBM Corp. 1994, 2020.
Starting MQSC for queue manager IBMMQ.QM1.
1 : dis ql(TESTQ) curdepth maxdepth
AMQ8409I: Display Queue details.
QUEUE(TESTQ) TYPE(QLOCAL)
CURDEPTH(0) MAXDEPTH(5000)
One MQSC command read.
No commands have a syntax error.
All valid MQSC commands were processed.
[mqm@ip-172-31-14-154 tmp]$
In the above output we have a local queue with Max capacity 5000 and there are no message at the moment . We will push 5000 message using the sample program . Use below script to pump 5000 message to the TESTQ.
mqm@ip-172-31-14-154 tmp]$ cat put.sh
#!/bin/bash
for i in `seq 5000` ; do
echo "Sending $i message"
echo "Test MSG $i" |/opt/mqm/samp/bin/amqsput TESTQ IBMMQ.QM1 >/dev/null 2>&1
done
[mqm@ip-172-31-14-154 tmp]$
After sending 5000 message then check curdepth
[mqm@ip-172-31-14-154 tmp]$ echo " dis ql(TESTQ) curdepth maxdepth " |runmqsc IBMMQ.QM1
5724-H72 (C) Copyright IBM Corp. 1994, 2020.
Starting MQSC for queue manager IBMMQ.QM1.
1 : dis ql(TESTQ) curdepth maxdepth
AMQ8409I: Display Queue details.
QUEUE(TESTQ) TYPE(QLOCAL)
CURDEPTH(5000) MAXDEPTH(5000)
One MQSC command read.
No commands have a syntax error.
All valid MQSC commands were processed.
[mqm@ip-172-31-14-154 tmp]$
Now both max and curdepth are same . Means Queue is full .it cannot take any more message . Let us see what happen by sending 1 message
[mqm@ip-172-31-14-154 tmp]$ /opt/mqm/samp/bin/amqsput TESTQ IBMMQ.QM1
Sample AMQSPUT0 start
target queue is TESTQ
5001 Message i am tryign to send
MQPUT ended with reason code 2053
Sample AMQSPUT0 end
[mqm@ip-172-31-14-154 tmp]$
We got the error and the reason code is 2053 . Run mqrc 2053 on the termial for code description .
MQRC_Q_FULL states the queue is full . Since the application is directly trying to put the message to QUEUE and due to full application cannot put anymore message .But if the queue is full during point to point setup or Cluster setup where channels involved then the message will go to DEAD LETTER QUEUE .
Ex : Remote Local Queue is full or Xmitq is full at source QMGR .
We can increate the maxdepth of the queue to take some more messages
mqm@ip-172-31-14-154 errors]$ echo " alter ql(TESTQ) MAXDEPTH(10000)" |runmqsc IBMMQ.QM1
5724-H72 (C) Copyright IBM Corp. 1994, 2020.
Starting MQSC for queue manager IBMMQ.QM1.
1 : alter ql(TESTQ) MAXDEPTH(10000)
AMQ8008I: IBM MQ queue changed.
:
One MQSC command read.
No commands have a syntax error.
All valid MQSC commands were processed.
[mqm@ip-172-31-14-154 errors]$
Now maxdepth increased to 10000 . Try to put message and see if we still get error .
[mqm@ip-172-31-14-154 errors]$ /opt/mqm/samp/bin/amqsput TESTQ IBMMQ.QM1
Sample AMQSPUT0 start
target queue is TESTQ
5001
5002
Sample AMQSPUT0 end
[mqm@ip-172-31-14-154 errors]$
If Application want to clear the queue then we can clear it by running below command .
[mqm@ip-172-31-14-154 errors]$ runmqsc IBMMQ.QM1
5724-H72 (C) Copyright IBM Corp. 1994, 2020.
Starting MQSC for queue manager IBMMQ.QM1.
CLEAR QLOCAL(TESTQ)
1 : CLEAR QLOCAL(TESTQ)
AMQ8022I: IBM MQ queue cleared.
DISPLAY QLOCAL(TESTQ) CURDEPTH
2 : DISPLAY QLOCAL(TESTQ) CURDEPTH
AMQ8409I: Display Queue details.
QUEUE(TESTQ) TYPE(QLOCAL)
CURDEPTH(0)
end
3 : end
2 MQSC commands read.
No commands have a syntax error.
All valid MQSC commands were processed.
[mqm@ip-172-31-14-154 errors]$
If we Get error that the queue is in use then we cannot clear using CLEAR command . During this situation we can run amqsget . make sure there is not application posting message during this time . Otherwise amqsget will consume inflight message also .
We have seen how to check maxdepth ,curdepth , increase maxdepth ,when error happens how to check the error code description and then how to handle the situation .
