Weblogic - List running instances

Unix-List all instances of weblogic instances running on a server

At times we need to find the weblogic instances which are up and running on a particular machine mostly in clustered environments. This might be required to figure out weblogic process from a particular domain and kill that process.

You can do a grep as below which gives all the Java processes running on the machine and it may be tough to correlate PID with the running server instances.

$ps -ef | grep java 

Below shell script can be handy to list down the servers running on a particular machine.

clear

echo "PID and  webLogic instances"

echo  "**************************************"

/usr/ucb/ps -awwx | grep "weblogic.Name" | grep -v "grep weblogic.Name" | nawk 'BEGIN {print "PID\tWeblogicServer";

print  "**************************************" } ;

        {

        NUM = match($0, "weblogic.Name=") ;

        START_POS  = RSTART+RLENGTH ;

        START_STR = substr($0, START_POS) ;

        FINISH = match(START_STR, " ") ;

        FINISH_POS = START_POS+RSTART+RLENGTH ;

        FINISH_STR = substr($0, START_POS, FINISH_POS) ;

        NUM = split(FINISH_STR,FINISH_ARRAY) ;

        printf ("%s\t%s\n",$1, FINISH_ARRAY[1]) ;

        }

        END {

        print "**********************************"}'

Below is a sample output.

PID and  webLogic instances

**************************************************

PID     WeblogicServer

**************************************************

12624   AdminServer

13367   wls_soa1

13369   wls_wsm1

**************************************************

To stop a particular server issue the below.

$ kill -9 PID

If it's admin server,to avoid the conflict of existing .lok and .DAT files you can remove the tmp and cache folders or rename them.

Another handy way to find the running process will be using the jps script in the java bin folder. For example navigate to /usr/local/java/bin and run $jps -v which gives the server name in the parameter weblogic.Name  as below.

OID - Active Directory Child Domain synchronization using Oracle Directory Integration Platform

It is required to use Oracle Internet Directory(OID) as LDAP directory for implementing SSO for Oracle products like EBS using Oracle Access Manager.If you are using any other LDAP servers like Microsoft Active directory across the enterprise it will be required to use Oracle Directory Integration Platform for synchronizing the directories.

If all the users from the third party directory are not required into OID we can use filters like AD groups and make use of the filtering in the DIP synchronization profiles to bring in the selected users.If the AD you are connecting to is a global catalog server rather than the child domain with a referral the users from the child domain is expected to get synced to the OID.But if it is a referral child domain ldap search will fail with below error.

$ORACLE_HOME/bin/ldapsearch -h ADhost -p port -D "admin@mydomain.com" -w welcome1 -b "cn=users,dc=child1,dc=mydomain,dc=com" -s sub"objectclass=*"

ldap_search: LDAP Referral Error
ldap_search: additional info: 0000202B: RefErr: DSID-0310063C, data 0, 1 access points 
ref 1: 'child1.mydomain.com' 

If there is no global catalog server the solution for this will be to create a new synchronization profile in DIP pointing to the child domain directly.This can be targeted to the new container in OID or a new one.The ldapsearch query can be run against the child Domain controller to verify if all the user accounts of interest including all attributes and values that will be synchronized are pulled in the query using the filter if any.

$ORACLE_HOME/bin/ldapsearch -h ChildADhost -p port -D "admin@mydomain.com" -w welcome1 -b "cn=users,dc=child1,dc=mydomain,dc=com" -s sub"objectclass=*"


To manually create the AD OID integration profile and setup the synchronization perform the below steps

• Launch the FMW Enterprise Manager console and login with weblogic user.
• Expand your domain and Navigate to Identity and Access
• Select DIP
• From the DIP Server drop down list select Administration , then Synchronization Profiles
• Using the navigation path, create a new DIP Sync profile with a name , you can give your name.For Example take it as AD2OID is the integration profilename , in this window you'll be asked to enter the AD details
• For the attribute Use DIP-OID as Source or Destination , you need to select the option Destination if you are using import (AD to OID) sync or select Sourceoption if you are using Export (OID to AD) sync. Also source type you need to select Active Directory(MS) from the drop down next type.
• After Providing the above mentioned details in the general tab click on Test Connection Tab, If the provided values are correct you'll see the Information dialogue saying that "Test Passed.Connection Successful". If the values provided for AD are wrong in the General tab , when you click on the Test Connection, you will get an Error dialogue saying Authentication Failure,Make sure that you provide the correct values and get connection Successful to move Further
• Then Click on OK to Save the profile.Now select the AD2OID profile from the list of available profiles and click on Edit.
• Now select the Mapping tab and configure mapping like below

Configure Domain Rules Click on Create option, You'll get a Add Mapping Rule Window , in that Select the Source Container DN and OID container DN from the lookup windows provided and click on OK. 

Validate / re-Validate mapping until you have no errors, warnings are OK

Make sure the user account used has read access privileges to the sub tree root.

Configure SSL between SOA composite and external services

We had a requirement of configuring two way SSL between the SOA composite and the external services and below are the steps used to  import the partner's public cert into the trusted keystore used by SOA.

The default trusted keystore for SOA is DemoTrust.jks which is located in $MW_HOME/wlserver_10.3/server/lib directory.

For generating a custom keystore use the below  command from $MW_HOME/wlserver_10.3/server/lib or the default JKS can be used.

keytool -genkey -alias mykey -keyalg "RSA" -sigalg "SHA1withRSA" -dname "CN=soa, C=AE" -keystore customcerts.jks -storepass xxxxx 

Download the security certificate from the below URL and  Save as type “X.509 Certificate(PEM)” and name the file as “xxxxx.crt”

Import the public certificate into your own trusted keystore using the below command.

-bash-4.1$ keytool -import -alias taleo -keystore customcerts.jks -file ../cert/xxxx.crt

Enter keystore password:  ****

Re-enter new password: *****

Owner: CN=*.taleo.net, OU=Comodo PremiumSSL Wildcard, OU=Web, O=Taleo Inc., STREET=4140 Dublin Boulevard, STREET=Suite 400, L=Dublin, ST=CA, OID.2.5.4.17=94568, C=US

Issuer: CN=COMODO High-Assurance Secure Server CA, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB

Serial number: 99faa8037a4eb2faef84eb5e55d5b8c8

Valid from: Wed May 04 04:00:00 GST 2011 until: Tue Jul 05 03:59:59 GST 2016

Certificate fingerprints:

         MD5:  D3:27:02:09:99:85:0B:7C:C2:36:3D:36:21:45:DC:02

         SHA1: 33:67:A1:82:4A:60:13:C0:2A:3E:25:BB:E4:DA:86:33:87:FA:F1:34

         SHA256: 95:CB:44:39:34:BE:DA:97:62:76:88:54:61:91:AB:1D:39:89:A8:35:59:2C:EB:DD:24:34:F9:AD:41:32:4C:E1

         Signature algorithm name: SHA1withRSA

         Version: 3

Extensions:

#1: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false

AuthorityInfoAccess [

  [

   accessMethod: caIssuers

   accessLocation: URIName: http://crt.comodoca.com/COMODOHigh-AssuranceSecureServerCA.crt

,

   accessMethod: ocsp

   accessLocation: URIName: http://ocsp.comodoca.com

]

]

#2: ObjectId: 2.5.29.35 Criticality=false

AuthorityKeyIdentifier [

KeyIdentifier [

0000: 3F D5 B5 D0 D6 44 79 50   4A 17 A3 9B 8C 4A DC B8  ?....DyPJ....J..

0010: B0 22 64 6B                                        ."dk

]

]

#3: ObjectId: 2.5.29.19 Criticality=true

BasicConstraints:[

  CA:false

  PathLen: undefined

]

#4: ObjectId: 2.5.29.31 Criticality=false

CRLDistributionPoints [

  [DistributionPoint:

     [URIName: http://crl.comodoca.com/COMODOHigh-AssuranceSecureServerCA.crl]

]]

#5: ObjectId: 2.5.29.32 Criticality=false

CertificatePolicies [

  [CertificatePolicyId: [1.3.6.1.4.1.6449.1.2.1.3.4]

[PolicyQualifierInfo: [

  qualifierID: 1.3.6.1.5.5.7.2.1

  qualifier: 0000: 16 1D 68 74 74 70 73 3A   2F 2F 73 65 63 75 72 65  ..https://secure

0010: 2E 63 6F 6D 6F 64 6F 2E   63 6F 6D 2F 43 50 53     .comodo.com/CPS

]]  ]

]

#6: ObjectId: 2.5.29.37 Criticality=false

ExtendedKeyUsages [

  serverAuth

  clientAuth

]

#7: ObjectId: 2.5.29.15 Criticality=true

KeyUsage [

  DigitalSignature

  Key_Encipherment

]

#8: ObjectId: 2.5.29.17 Criticality=false

SubjectAlternativeName [

  DNSName: *.taleo.net

  DNSName: taleo.net

]

#9: ObjectId: 2.5.29.14 Criticality=false

SubjectKeyIdentifier [

KeyIdentifier [

0000: A2 76 09 20 A8 40 FD A1   AC C8 E9 35 B9 11 A6 61  .v. .@.....5...a

0010: FF 8C FF A3                                        ....

]

]

Trust this certificate? [no]:  y

Certificate was added to keystore.

If default DemoTrust.jks is not used add the generated keystore file(.jks) and the property named "-DUseSunHttpHandler=true" to "setDomainEnv.sh" as mentioned in the below sample:

  

  set EXTRA_JAVA_PROPERTIES=%EXTRA_JAVA_PROPERTIES% -Dsoa.archives.dir=%SOA_ORACLE_HOME%\soa -Dsoa.oracle.home=%SOA_ORACLE_HOME% -Dsoa.instance.home=%DOMAIN_HOME% -Dtangosol.coherence.clusteraddress=227.7.7.9 -Dtangosol.coherence.clusterport=9778 -Dtangosol.coherence.log=jdk -Djavax.xml.soap.MessageFactory=oracle.j2ee.ws.saaj.soap.MessageFactoryImpl -Dweblogic.transaction.blocking.commit=true -Dweblogic.transaction.blocking.rollback=true -Dweblogic.security.SSL.ignoreHostnameVerification=true -Dweblogic.webservice.client.ssl.strictcertchecking=false -Dweblogic.security.SSL.enforceConstraints=off -Dssl.debug=true -Djavax.net.ssl.trustStore=%WL_HOME%\server\lib\opinionmeter.jks -Djavax.net.ssl.trustStorePassword=opinionmeter -Dweblogic.security.SSL.verbose=true -DUseSunHttpHandler=true

  

  set EXTRA_JAVA_PROPERTIES=%EXTRA_JAVA_PROPERTIES% -Dem.oracle.home=C:\Wls_10.3.6\Middleware\oracle_common -Djava.awt.headless=true -DUseSunHttpHandler=true

  set JAVA_OPTIONS=%JAVA_OPTIONS% %JAVA_PROPERTIES% -Dwlw.iterativeDev=%iterativeDevFlag% -Dwlw.testConsole=%testConsoleFlag% -Dwlw.logErrorsToConsole=%logErrorsToConsoleFlag% -DUseSunHttpHandler=true

Restart the servers.

Below are the commands to delete the existing certificate and import again.

keytool -list -keystore opinionmeter.jks -storepass *****

keytool -delete -alias xxx -keystore v.jks -storepass *****

keytool -import -alias xxx -file xxxx.cer -keystore c.jks -storepass  *****

If the certificate is not imported properly below error will be seen.

Message send failed: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

To route the request through proxy server and use ssl set the below in the service reference in composite.xml

<property name="oracle.webservices.proxyHost" type="xs:string"

                many="false">10.xxx.xx.x</property>

 <property name="oracle.webservices.proxyPort" type="xs:string"

                many="false">80</property>

  <property name="oracle.soa.two.way.ssl.enabled">true</property>

Oracle SOA DB Adapter Fails to return XML Type with MS SQLServer

When you use DB Adapter to access Microsoft  SQL Server Stored Procedures that return output  with XML types, a class type mapping exception can be thrown.

A stack trace similar to the below one can be thrown from the adapter.

Exception occured when binding was invoked. Exception occured during invocation of JCA binding: "JCA Binding execute of Reference operation 'Test' failed due to: Unimplemented string conversion. Conversion of JDBC type to String is not supported. An attempt was made to convert a Java object to String using an unsupported JDBC type: . Use a data type with a supported JDBC type. ". The invoked JCA adapter raised a resource exception. Please examine the above error message carefully to determine a resolution.

To fix this, change the driver from “com.microsoft.sqlserver.jdbc.SQLServerDriver “  to “weblogic.jdbc.sqlserver.SQLServerDriver “ by logging to the console and changing the driver class name or create a new connection by using of Oracle’s MS SQL server driver.

Also make sure to create a strong schema by introspecting the stored procedure using some input values. If weak schema is used, XML results greater than 2,033 characters in length will be returned  in multiple rows of 2,033 characters each.

For example,

CREATE PROCEDURE [dbo].[spSoaTest] @param1 int AS BEGIN SELECT TOP 500 FROM dbo.TableXX tbl ORDER BY  1 DESC  FOR XML PATH('test'),ROOT('test1'),TYPE END

If you omit the "type" after the "for xml" you may get the below exception while introspecting the stored procedure in JDeveloper.

BINDING.JCA-11819

Database type not supported.

Encountered a database type ntext that is either not supported or is not implemented.

Parameter XML_F52E2B61-18A1-11d1-B105-00805F49916B is of type ntext which is either not supported or is not an implemented datatype.

Check to ensure that the type of the parameter is one of the supported datatypes or that there is a collection or user defined type definition representing this type defined in the database.

                at oracle.tip.adapter.db.sp.xsd.sqlserver.DatabaseBrowser.expandParameter(DatabaseBrowser.java:88)

                at oracle.tip.adapter.db.sp.xsd.sqlserver.DatabaseBrowser.expandParameters(DatabaseBrowser.java:65)

Oracle SOA setCompositeInstanceTitle in 12c

After migrating the code from SOA 11g to 12C we found that setCompositeInstanceTitle was not working and we were not able to see the instance names in the enterprise manager console.

For setting the Composite Instance Name in a BPEL Process we used the Java BPEL exec extension.Below is the code which was working fine in 11g and not working in 12C but as per the documentation it is still supported for backward compatibility.

             <extensionActivity>  
              <bpelx:exec name="setTitle" language="java">  
               <![CDATA[String instanceTitle  = (String)getVariableData("title");   
                         setTitle(instanceTitle);      
                         setCompositeInstanceTitle(instanceTitle);]]>  
              </bpelx:exec>  
             </extensionActivity>  

As a work around we have changed this to setFlowInstanceTitle which is working fine and we are able to see the instance names in the EM console. Below is the working code.

             <extensionActivity>  
              <bpelx:exec name="setTitle" language="java">  
               <![CDATA[String instanceTitle  = (String)getVariableData("title");  
                         setFlowInstanceTitle(instanceTitle);]]>  
              </bpelx:exec>  
             </extensionActivity>  

This can be more powerful in tracking a  business flow that  consist of a single SOA composite application or multiple SOA composite applications.

Oracle SOA Suite 12C installation

We had a requirement of installing Oracle SOA suite 12c in a single node and below are the steps we followed to set up the environment.

OS: Linux

We wanted to install Oracle HTTP Server instance in the DMZ to front-end the web Logic Server hosted in the application layer and hence did the standalone installation. The steps can be found here

If you would like to install java here are the steps we followed.

Directory strucutre

Below is the directory structure we had used.

ORACLE_HOME=/u01/oracle/products/soa_oracle_home

ORACLE_COMMON_HOME=/u01/oracle/products/soa_oracle_home/oracle_common

WL_HOME=/u01/oracle/products/soa_oracle_home/wlserver

ORACLE_SOA_HOME=/u01/oracle/products/soa_oracle_home/soa

EM_DIR=/u01/oracle/products/soa_oracle_home/em

JAVA_HOME=/u01/java/jdk1.7.0_65

DOMAIN_HOME=/u01/oracle/config/domains/soa_domain

MSERVER_HOME=/u01/oracle/config/domains/soa_domain

APPLICATION_HOME=/u01/oracle/config/applications/soa_domain

DEPLOY_PLAN_HOME=/u01/oracle/config/dp

OHS_ADMIN_CONF_DIR=/u01/oracle/config/domains/soa_domain/config/fmwconfig/components/OHS/instance_name

SOA_LOGS=/u01/oracle/config/domains/soa_domain/servers/wls_soa/logs

OSB_LOGS=/u01/oracle/config/domains/soa_domain/servers/wls_osb/logs

ESS_LOGS=/u01/oracle/config/domains/soa_domain/servers/wls_ess/logs

BAM_LOGS=/u01/oracle/config/domains/soa_domain/servers/wls_bam/logs

Installing and Configuring the Oracle Fusion Middleware Infrastructure

For installation of  SOA 12c, you need to get WebLogic 12c through the Oracle Fusion Middleware Infrastructure installation, which contains all required components for SOA.The standard Weblogic 12.1.3 Installer fmw_12.1.3.0.0_wls.jar, does not have the required JRF templates. The correct one is fmw_12.1.3.0.0_infrastructure.jar

Below error can be seen if the wrong file is used.

INST-07551: Not all depenedent featuresets for install type "SOA Suite"

                   

This screen verifies that your system meets the minimum necessary requirements.

Use this screen to verify the installation options you selected.

This screen appears when the installation is complete.

Click Finish to dismiss.

Installing the Oracle SOA Suite

Launch the installation program by invoking the java executable

$ java -jar fmw_12.1.3.0.0_soa.jar

Specify the location of your Oracle home directory

Select SOA Suite for creating the Oracle SOA Suite standard topology

When the progress bar reaches 100% complete, you can click Finish to dismiss the installer

Installing the Oracle Service Bus Software

Launch the installation program by invoking the java executable

java -jar fmw_12.1.3.0.0_osb.jar

Specify the location of your Oracle home directory.

Select Service Bus.

 Click Next when the progress bar completes 100%.

Click Finish.

Starting the Repository Creation Utility (RCU)

Navigate to the ORACLE_HOME/oracle_common/bin directory on your system. Ensure that the JAVA_HOME environment variable is set to the location of a certified JDK on your system

$export JAVA_HOME=/u01/java/ jdk1.7.0_55

$./rcu

Provide the database connection details for RCU to connect to your database.

Select Create new prefix and then select SOA Suite schema

 specify and confirm your passwords

Click Close to dismiss RCU.

Configuring the Oracle SOA Suite Domain

To begin domain configuration, navigate to the ORACLE_HOME/oracle_common/common/bin directory and start the WebLogic Server Configuration Wizard.

        ./config.sh

select the following templates

Select the location in which you want to store your applications associated with your domain

Specify the user name and password for the default WebLogic Administrator account for the domain

  Specify the Domain Mode and JDK

Enter the database details to connect to the database and Service Table (STB) schema to automatically retrieve schema information for the schemas needed to configure the domain.Click Get RCU Configuration when you are finished specifying the database connection information

Configure  the Administration Server Listen Address

Select Per Domain Default Location as the Node Manager type, then specify the Node Manager credentials.

Configure Managed Servers

Use the Machines screen to create a new machine in the domain.

Extending the Domain for Oracle Service Bus

Navigate to the ORACLE_HOME/oracle_common/common/bin directory and start the WebLogic Server Configuration Wizard.

Select osb.

Connect to the database and Service Table (STB) schema. The databse details will be pulled automatically from the existing domain files

On the Managed Servers screen, a new Managed Server named wls_osb  is created

Assigning Managed Servers to the machine

Starting the Node Manager & Servers

To start your per-domain Node Manager, go to the DOMAIN_HOME/bin directory and Start the Node Manager as shown below.

nohup sh startNodeManager.sh >nm.out&

Please note the location of the nodemanger script file has got changed and you will get an error as below if you try to start the node manager from the $WL_HOME/server/bin

<INFO> <Loading domains file: /u01/oracle/products/soa_oracle_home/oracle_common/common/nodemanager/nodemanager.domains>

<WARNING> <Domains file not found: /u01/oracle/products/soa_oracle_home/oracle_common/common/nodemanager/nodemanager.domains><Sep 28, 2014 4:13:31 PM GST>

<INFO> <Loading identity key store: FileName=/u01/oracle/products/soa_oracle_home/oracle_common/common/nodemanager/security/DemoIdentity.jks, Type=jks, PassPhraseUsed=true>

<SEVERE> <Fatal error in NodeManager server: Identity key store file not found: /u01/oracle/products/soa_oracle_home/oracle_common/common/nodemanager/security/DemoIdentity.jks>

To start the Administration Server create a Boot Identity File in $DOMAIN_HOME/servers/AdminServer/security with below entries.

cd $DOMAIN_HOME
mkdir -p servers/AdminServer/security
vi boot.properties

username=weblogic

password=password

This contents will be encrypted during the server startup.

Go to the DOMAIN_HOME/bin directory and start the server as follows.

nohup sh startWebLogic.sh &

Login to the console using http://adminserverhost:port/console and start the managed servers.