Configure node Manger and SSL for WebLogic Server 8.1

Time: 2003-07-22 Author: Zhou Yi Number of Views: 4214 This article keyword: "Tuxedo services", "Web services"

Article Tools recommend to a friend Print Article

Configure node Manger and SSL for WebLogic Server 8.1

	Note: This article is only valid for WebLogic Server 8.1 because the settings for the WebLogic Server7 and WebLogic Server8 are significantly different. The configuration of WebLogic Server 7 will also be launched in the near future. For most beginners, WebLogic's documents, although detailed, but there are many confusing place, the author through a period of practice, some experience, here with you to share In practical applications, different WebLogic server instances are distributed across different machines and even different geographies. Therefore, how to effectively manage the various managed server instances, has become the focus. In the same domain, the managed server on different machines can be managed using the NodeManager on the corresponding machine (NodeManager itself is also a thread that controls the lifecycle of the server.) ） This article will use 1 admin servers and 2 managed servers as examples, because this is the simplest form of cluster. There is no direct relationship between cluster and this article, just as a foreshadowing of the following examples. However, since admin server and managed server are managed in the same way as cluster, the cluster configuration is added to this article. For detailed reasons, see Appendix B. The overall configuration process is as follows, altogether 6 steps: A. Establish the corresponding domain. Set admin Server. B. Get server root certificate, key. and add them to the KeyStore. C. Configure the KeyStore and SSL settings for WebLogic Server instead of the default demo settings. D. Configure the NodeManager on the Managed server machine. E. After checking that the appropriate settings are correct, start all servers and complete the settings. F. Verify the above settings with a Web application deployment. A Establish the corresponding domain. Set up Admin server and Managed server. 1. First, establish the corresponding domain. Set up the appropriate admin server and managed server. (For detailed steps, see Appendix A at last). (Detailed configuration information) Domain:security Cluster:mycluster Type Admin Managed Managed Server Name Cake Finalfantasy Armageddon Ip 192.168.0.9 192.168.0.1 192.168.0.2 Machine Empty Desktop Laptop User William William William Password Password Password Password Note 1. Appropriate IP settings, please follow the actual changes. The IP here is not related, because in the actual application, the DNS name is used instead. See note 5. Note 2. If each server listens to different port, three servers can be on the same machine. Using the loopback network card is not recommended. Note 3. Regardless of the number of managed servers, whether they are on the same machine or multiple machines, they are set to the same domain. Note 4. Admin Server, there is no need to configure machine. So you don't have to join any one of the machine. Note 5. Server Name, which is also the appropriate DNS, can achieve the same effect by modifying the%windows_home%/system32/drivers/etc/hosts file. See document 1.1. Note 6. Managedserver machine is not configured domain, only need to configure NodeManager on it. File 1.1 # Copyright (c) 1993-1999 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings's IP addresses to host names. each # entry should is kept on a individual line. The IP address should # is placed in the ' the ' followed by the corresponding host name. # The IP address and the host name should is separated by at least one # space. # # Additionally, comments (such as) may is inserted on individual # lines or following the machine name denoted by a ' # ' symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source Server # 38.25.63.10 x.acme.com # x client Host 127.0.0.1 localhost 192.168.0.9 Cake 192.168.0.2 Armageddon 192.168.0.1 Finalfantasy After the modification, remember to try Ping, Ping passed, the next step is good. For different machines, please keep the DNS name consistent. 2. Optionally, modify the admin server's startup script (Security/startweblogic.cmd). Set Production_mode=false Set Wls_user=william Set Wls_pw=password Set mem_args=-xms256m-xmx256m 3. After you have modified the server's startup files, start the admin server once and make sure that it is established correctly. 4. Complete the first big step. B. Gets the server's root certificate, server certificate, and key. and add them to the KeyStore. Next, we need to get the files needed to configure SSL. If you have silver ^_^, you can go to VeriSign to apply for a formal certificate. However, this example generates the corresponding certificate and key with the WebLogic Certgen tool. and join the KeyStore. The corresponding concept and the use of tools, please the reader to check their own information. 1. Add Weblogic.jar to Classpath. 2. Create a temporary directory and copy the Certgenca.der and Certgencakey.der under Bea/weblogic/server/lib to that directory. 3. Run the following command to copy the generated mykeystore.jks to the corresponding 3 domain directories. Keytool-noprompt-import-trustcacerts-alias ca-file certgenca.der-keystore mykeystore.jks-storepass Password Java utils. Certgen password Cakecert cakekey export Cake Java utils. Certgen password Finalfantasycert finalfantasykey export Finalfantasy Java utils. Certgen password Armageddoncert armageddonkey export Armageddon copy/b Cakecert.pem + Certgenca.pem Cakecertchain.pem copy/b Armageddoncert.pem + Certgenca.pem Armageddoncertchain.pem copy/b Finalfantasycert.pem + Certgenca.pem Finalfantasycertchain.pem Keytool-import-alias cakecert-file cakecert.pem-keypass password-keystore mykeystore.jks-storepass Password Keytool-import-alias armageddoncert-file armageddoncert.pem-keypass Password-keystore Mykeystore.jks-storepass Pass Word Keytool-import-alias finalfantasycert-file finalfantasycert.pem-keypass Password-keystore mykeystore.jks-storepass Password Java utils. Importprivatekey mykeystore.jks password cakekey password Cakecertchain.pem Java utils. Importprivatekey mykeystore.jks password armageddonkey password Armageddoncertchain.pem Java utils. Importprivatekey mykeystore.jks password finalfantasykey password Finalfantasycertchain.pem Java utils. Validatecertchain-jks cakekey mykeystore.jks Password Java utils. Validatecertchain-jks finalfantasykey mykeystore.jks Password Java utils. Validatecertchain-jks armageddonkey mykeystore.jks Password The last 3 steps are to test the certificate. The first step of the output should be: CERT[0]: cn=cake,ou=for testing Only,o=myorganization,l=mytown,st=mystate,c=us CERT[1]: cn=certgencab,ou=for testing Only,o=myorganization,l=mytown,st=mystate,c=us Certificate chain appears valid The last sentence is the most important one, which means that the certificate chain is correct. This step, is the most important. Make sure that all statements are running correctly. 4. On the admin machine, copy the KeyStore file to the Bea/user_projects/domain directory. 5. On the managed machine, copy the KeyStore file to the Bea/weblogic/common/nodemanager directory. 6. Complete Step b. C. Configure the KeyStore and SSL settings for WebLogic Server instead of the default demo settings. 1. Start Admin Server and enter console (http://Cake:8001/console/). Expand Servers, click Cake, and in the right configuration bar (Configuration Tab), select Keystores & SSL. 2. Click Change, select Custom Identity and custom trust, click Continue, and fill in the following values. (All in words, catch the picture is just a demonstration) Custom Identity: Custom Identity Key Store File Name:myKeyStore.jks Custom Identity Key Store Type:jks Custom Identity Key Store Pass Phrase:password Confirm Custom Identity Key Store Pass Phrase:password Custom Trust Custom Trust Key Store File Name:myKeyStore.jks Custom Trust Key Store Type:jks Custom Identity Key Store pass Phrase: (empty) Confirm Custom Identity Key Store pass Phrase: (empty) 3. Click Continue to set up the Review SSL Private Key settings. Private Key Alias:cakekey Passphrase:password Confirm Passphrase:password 4. Set up Armageddon Server and Finalfantasy server. On the steps, expand Servers, click the appropriate server, go to Keystores & SSL, and then configure. The following are the values that are used for the configuration. Armageddon Server: Custom Identity: Custom Identity Key Store File Name:myKeyStore.jks Custom Identity Key Store Type:jks Custom Identity Key Store Pass Phrase:password Confirm Custom Identity Key Store Pass Phrase:password Custom Trust Custom Trust Key Store File Name:myKeyStore.jks Custom Trust Key Store Type:jks Custom Identity Key Store pass Phrase: (empty) Confirm Custom Identity Key Store pass Phrase: (empty) Private Key Alias:armageddonkey (changed place) Passphrase:password Confirm Passphrase:password finalfantasy Server: Custom Identity: Custom Identity Key Store File Name:myKeyStore.jks Custom Identity Key Store Type:jks Custom Identity Key Store Pass Phrase:password Confirm Custom Identity Key Store Pass Phrase:password Custom Trust Custom Trust Key Store File Name:myKeyStore.jks Custom Trust Key Store Type:jks Custom Identity Key Store pass Phrase: (empty) Confirm Custom Identity Key Store pass Phrase: (empty) Private Key Alias:finalfantasykey (changed place) Passphrase:password Confirm Passphrase:password 1. Finally, restart Admin Server to complete step c. A. Configure the NodeManager on the Managed server machine. 1. View the directory Beam/weblogic/common/nodemanager. The beam represents the BEA instance of managed server, because the directory inside admin is empty. 2. Edit the file nodemanager.hosts and add cake this address. The content is as follows: (also can add the IP address directly, but here still uses DNS, because SSL verifies the name reason) # Host names from which the connection to the # Node Manager would be accepted. # can edit this file manually. # e.g.-for allowing a machine named Holly to connect, # Uncomment one of the following lines based on whether # reversednsenabled property are turned on or off. #holly. bea.com #172.17.24.145 Cake 3. Edit File Nodemanager.properties. The revised content is as follows: (This is an example of Finalfantasy server, please modify Armageddon Server's file) propertiesversion=8.1 Keystores = Customidentityandcustomtrust Customidentityalias=finalfantasykey (Finalfantasy key alias, Armageddon need to modify) customidentityprivatekeypassphrase={3des}veg7ahqqdwkmtzzmsynwzg/=/= (password, if you enter password, WebLogic will automatically change to this) Customidentitykeystorefilename=mykeystore.jks (set Mykeystore storage point) Customidentitykeystoretype=jks customidentitykeystorepassphrase={3des}veg7ahqqdwkmtzzmsynwzg/=/= (password) Customtrustkeystorefilename=mykeystore.jks (same set of keystore storage points) Reversednsenabled=true 4. Check the above changes, step D is complete. B. After checking that the appropriate settings are correct, start all servers and complete the settings. 1. Run Beam/weblogic/server/bin/startnodemanager.cmd. Format: Startnodemanager finalfantasy 5555 Or Startnodemanager Armageddon 5555 Run different commands depending on the server. 2. Start the admin Server. 3. Come to console, expand Servers, and then: A) Right-click Finalfantasy and select Start/stop this Server. b in the right window, click Start this Server ... c) Click Yes to start managed Server. D in the process of starting, you should be able to see the bottom of the status bar, the State column content is starting,status content is task in PROGRESS. (Figure 3-1) E The start is completed, should be: state:running. Status:task COMPLETED. (Figure 3-2) (Figure 3-1) Figure 3-2) 4. So far, all the settings have been completed. C. Verify the above settings with a Web application deployment. 1. Create a random Web application, the simplest one can be. 2. After the selection, target inside select cake, and Finalfantasy, you can deploy. 3. If you like, you can build another server, so that independent servers inside will be one more out. 4. After deploy, will choose whether to let the program deal with stage, or your own processing file storage. It's best to let WebLogic handle stage. ：） 5. Finally, access to Finalfantasy HTTP, you can see the corresponding Web page. 6. Finally completed all the setup steps. Congratulations. Appendix A. Set WebLogic Server (adminserver) in detail. 1. Start configuration Wizard. 2. Next, select Basic WebLogic Server Domain, and then next. 3. Choose Custom,next. 4. In administration Server configuration, fill in the appropriate content. 5. In muliple Servers, clusters, and machines options, select Yes, click Next. 6. Click Add 2 times to add two managed Server. Fill in the appropriate data. Click Next. 7. Come to clusters's setup bar. After you click Add, fill in the data. Finally click Next, 8. In this window, click the Mycluster in the target on the right, and then press two times the arrow to the right at the top of the center. Finally click Next. 9. If proxy settings appear, direct next. 10. Set machine, here is set for Nodemanger. When you are finished setting, Next. 11. Came to the server to machine configuration, here to pay attention, do not match the wrong, although I did not try to match the results of the error. Cake, is not belong to any machine, because is admin, even if belong to a machine, also have no meaning. 12. Configure JDBC, select Skip, and then next. 13. Configure JMS, select Skip, and then next. 14. Configure security, select Skip, and then next. 15. Enter user name and password. Name:william Password:password 16. Next, is Windows Options. On the left, select whether to establish a startup shortcut, and select whether to start the admin server as a Windows service on the right. Select Yes on the left and select No on the right. Last next. 17. Edit the Start menu, direct next. 18. Came to WebLogic Configuration enviroment, left to choose development Mode, the right to choose the sun JDK, (casual, you like). Remember next. 19. Come to the final one setting, is create WebLogic Configuration. Note that the Configuration Name in the lower right is written on security, which is domain setting. then click Create. 20. Choose Done,exit. Complete the configuration of Admin server. Appendix B. A brief introduction to the management relationship between cluster and admin-managed server, multicast. First of all, thanks to Hilaser's reminder, this is a problem I have not paid attention to. Between admin and managed server, is managed and managed. One domain can contain only one admin server, but multiple managed servers can be supported. They rely on multicast to connect with each other. Multicast is based on UDP, so please configure, first test the UDP communication is unblocked. Cluster is also in the same way to communicate, the same cluster, through a multicast address (such as 237.0.0.1:7001) to communicate, if not properly set up UDP communication, cluster can not be run correctly. Let's say the test method: 1. First, add Weblogic.jar to Classpath. 2. On different machines, execute different statements, Java utils. Multicasttest–n Name–a 237.0.0.1 The name here, is not the same for each machine, as its own logo exists. 237.0.0.1 is a multicast address, or it can be different port. For more information, please inquire about the BEA document. 3. If the running result is all server can see, it means success, otherwise the node communication is blocked.

Author Introduction
	Zhou Yi is (Dev2dev ID: sadly) BEA dev2dev Chinese website--Online technology forum WebLogic EJBS and other columns moderator, development expert

From: http://dev2dev.bea.com.cn/techdoc/200307543.html