by Jacco H. Landlust
Node Manager
all you need to know about
for
zaterdag 8 december 12
Jacco H. Landlust
• 35 years old
• Deventer, the Netherlands
2
zaterdag 8 december 12
Jacco H. Landlust / iDBA
• Independent Red Stack Administrator
• Oracle since 2000
• Oracle ACE since 2006
• iDBA since 2010
• Architecture, Clustering, High Availability, Performance & Management
3
zaterdag 8 december 12
Agenda• Introduction of Node Manager
• How Node Manager Works
• Configuration of Node Manager
• Using Node Manager
• Q & A
4
zaterdag 8 december 12
Why Would You Need One?
5
zaterdag 8 december 12
Node Manager is a WebLogic Server utility that
enables you to start, shut down, and restart Administration Server and Managed Server instances from a remote location.
6
Node Manager Administrator's Guide for Oracle WebLogic Server (E13740-03)
zaterdag 8 december 12
What You can do with Node Manager
7
Node Manager is a WebLogic Server utility that
enables you to start, shut down, and restart Administration Server and Managed Server instances from a remote location.
zaterdag 8 december 12
Start, Shut down & Restart• Start with pre-defined startup properties
• Shut down upon request
• Restart upon failure
8
Node Manager is a WebLogic Server utility that
enables you to start, shut down, and restart Administration Server and Managed Server instances from a remote
location.
zaterdag 8 december 12
Accessing Node Manager• Administration Server
• WebLogic Scripting Tool (WLST)
9
Node Manager is a WebLogic Server utility that
enables you to start, shut down, and restart Administration Server and Managed Server instances
from a remote location.
zaterdag 8 december 12
Agenda• Introduction of Node Manager
• How Node Manager Works
• Configuration of Node Manager
• Using Node Manager
• Q & A
10
zaterdag 8 december 12
Versions
11
Java-Based
Script-Based
zaterdag 8 december 12
Configuration Files• nodemanager.properties
• nodemanager.domains
• nm_data.properties / SerializedSystemIni.dat
• nm_password.properties
12
Expected in Node Manager
Home
One set of files per
Node Manager
Expected in Domain Home
zaterdag 8 december 12
nodemanager.properties• central configurationfile
• located in NodeManagerHome
• commandline overrides property file
13
zaterdag 8 december 12
nodemanager.domains• Specifies the domains that a Node Manager instance controls
• syntax: domain-name=domain-directory
14
zaterdag 8 december 12
nm_data.properties &nm_password.properties
• nm_data.properties / SerializedSystemIni.dat stores the encryption data the Node Manager uses as a symmetric encryption key.
• nm_password.properties stores the encrypted Node Manager username and password
15
zaterdag 8 december 12
Expected in Server Home
Server Specific Configuration Files• boot.properties
• startup.properties
• server_name.addr
16
• server_name.lck
• server_name.pid
• server_name.state
startup.properties
Each Managed Server instance has its own startup.properties file with properties that control how Node Manager starts up and controls the server. Node Manager automatically creates this file by using properties passed to Node Manager when the Administration Server was last used to start the server. This allows a Node Manager client or startup scripts to restart a Managed Server using the same properties last used by the Administration Server.
For more information on startup.properties, see Step 6: Setting Server Startup Properties. These properties correspond to the server startup attributes contained in ServerStartMBean and the health monitoring attributes in ServerStartMBean.
This file is located in DOMAIN_HOME/servers/server_name/data/nodemanager.
server_name.addr
server_name.addr stores the IP address added when a server starts or is migrated. This file is generated after the server IP address is successfully brought online during migration.server_name.addr is deleted when the IP address is brought offline. The server IP address is used to validate remove requests to prevent addresses being erroneously removed while shutting down the server.
This file is located in DOMAIN_HOME/servers/server_name/data/nodemanager.
server_name.lck
server_name.lck is generated by each server and contains an internally used lock ID.
This file is located in DOMAIN_HOME/servers/server_name/data/nodemanager.
server_name.pid
server_name.pid is generated by each server and contains the process ID of the server. Node Manager checks the process ID generated by the server during crash recovery.
This file is located in DOMAIN_HOME/servers/
One Set of Files per Server nmGenBoot
StartupProps
zaterdag 8 december 12
Logfiles• Node Manager Log File
• Server Instance Log Files
• WebLogic Server Log Files
17
Information at multiple levels
Depending upon issue
check different logfile
zaterdag 8 december 12
Agenda• Introduction of Node Manager
• How Node Manager Works
• Configuration of Node Manager
• Using Node Manager
• Q & A
18
zaterdag 8 december 12
Node Manager Config Files• If they don’t exist, the config files are generated upon first
startup
• Do not store config files at default location
19
Software Tree should be
read-only
zaterdag 8 december 12
Set Basic Properties• DomainsFile
• NodeManagerHome
• javaHome
• JavaHome
20
• LogFile
• ListenPort
• PropertiesVersion
zaterdag 8 december 12
Specify Username & Password• nm_password.properties
• nmEnroll()
• Only change after
• you create domain from config.sh GUI
• you unpacked the domain on new location
21
zaterdag 8 december 12
Specify Username & Password
22
zaterdag 8 december 12
MOS ID 1146793.1
How to check/verify/modify Node Manager username & password?
23
Specify Username & Password
zaterdag 8 december 12
• The user-configuration file contains an encrypted username and password.
• The key file contains a secret key that is used to encrypt and decrypt the username and password.
• Only the key file that originally encrypted the username and password can decrypt the values.
• If you lose the key file, you must create a new user-configuration and key file pair.
24
Store Credentials
zaterdag 8 december 12
Caution:
You must ensure that only authorized users
can access the key file.
25
Store Credentials
Protect files with OS security
Files can be stored on
external device (USB stick)
zaterdag 8 december 12
• java weblogic.Admin -username username [ -password password] [ -userconfigfile config-file ] [ -userkeyfile keyfile ] STOREUSERCONFIG
• storeUserConfig([userConfigFile], [userKeyFile], [nm])
• Protect these Files!
26
Store Credentials
zaterdag 8 december 12
Plain versus SSL• Default SSL with demo certificates
• SecureListener in nodemanager.properties
• One Way SSL only
• Do not run production on demo certificates
27
zaterdag 8 december 12
SSL: configurationKeyStores=CustomIdentityAndCustomTrustCustomIdentityAlias=*host*CustomIdentityKeyStoreFileName=<config>/ssl/*host*_identity.jksCustomIdentityKeyStorePassPhrase=*****CustomIdentityKeyStoreType=JKSCustomIdentityPrivateKeyPassPhrase=*****CustomTrustKeyStoreFileName=<config>/ssl/truststore.jks
28
in nodemanager.properties
zaterdag 8 december 12
SSL: Identity Store• Uniquely and securely identify yourself
• If custom CA’s are not in cacerts File, include in Indentity Store
29
cacerts can be found at
$JAVA_HOME/jre/lib/security
zaterdag 8 december 12
SSL: Trust Store• Knowledge of whom to trust
• Default CA’s
• When self signed, store identity in TrustStore
• Keytool and non-default TrustStore
30
zaterdag 8 december 12
SSL
-Dweblogic.security.SSL.trustedCAKeyStore
when using non default CA store.
31
for internal applications
zaterdag 8 december 12
CrashRecoveryEnabled• Allows restart of a server after a system crash
• Start managed servers with Node Manager (not from shell)
• Based upon contents of server_name.lck, server_name.pid & server_name.state
32
Do not use together with other inittab or other
process protector
zaterdag 8 december 12
DomainsDirRemoteSharingEnabled• NMHostName property in servers startup.properties
• While starting the server, Node Manager sets the NMHostName property
• While recovering the server, Node Manager compares the NMHostName property with the HostName on which it is currently running. Upon match Node Manager will recover the server.
33
Useful in setups with shared filesystems
zaterdag 8 december 12
Agenda• Introduction of Node Manager
• How Node Manager works
• Configuration of Node Manager
• Using Node Manager
• Q & A
34
zaterdag 8 december 12
Start Node Manager• Classic startup script in MW_HOME
• From WLST: startNodeManager([verbose], [nmProperties])
• set CLASSPATH && java [java_option=value ...] -D[nodemanager_property=value] -D[server_property=value] weblogic.NodeManager
35
java -Xms32m -Xmx200m -Djava.security.policy=${WL_HOME}/server/lib/weblogic.policy -DPropertiesFile=/u01/app/oracle/admin/nodemanager/${DOMAIN}/nodemanager.properties
-DNodeManagerHome=/u01/app/oracle/admin/nodemanager/${DOMAIN} -DQuitEnabled=true weblogic.NodeManager -v &
zaterdag 8 december 12
wlst, rlwrap & Node Manager• rlwrap runs the specified command, intercepting user input in
order to provide readline’s line editing, persistent history and completion.
• Do not start Node Manager while using wlst with rlwrap
36
Node Manager will be “child” of rlwrap and die
upon exit on rlwrap
zaterdag 8 december 12
Stop Node Manager• From WLST: stopNodeManager()
• Kill the process from the OS
37
Not so elegant, but frequently found at
customer sites
zaterdag 8 december 12
Run Node Manager as a Service• installNodeMgrSvc.cmd
• rc.d service
• opmn / Grid Infrastructure
38
zaterdag 8 december 12
Connect to Node Manager• nmConnect([username, password], [host], [port],
[domainName], [domainDir], [nmType])
• nmConnect([userConfigFile, userKeyFile], [host], [port], [domainName], [domainDir], [nmType])
39
zaterdag 8 december 12
Check Status
40
zaterdag 8 december 12
Check Status• Reachable
• weblogic.nodemanager.NMConnectException
• javax.net.ssl.SSLHandshakeException
41
zaterdag 8 december 12
Starting Administration Server
42
zaterdag 8 december 12
Starting Managed Server
43
zaterdag 8 december 12
Starting a Server, some Reminders
44
• through WLST: nmStart
• Startup arguments are retrieved from Administration Server
• If startup.properties exists, that superseeds whatever is configured in WebLogic
• CrashRecoveryEnabled and DomainsDirRemoteSharingEnabled influence boot sequence
zaterdag 8 december 12
Check Server Status• nmServerStatus
• Node Manager checks:
• server_name.lck
• server_name.pid
• server_name.state
45
zaterdag 8 december 12
Shut down Server
46
zaterdag 8 december 12
Shutdown Server, some Reminders• nmKill
• No such thing as a graceful shutdown from Node Manager
47
zaterdag 8 december 12
This is all you need to know about WebLogic’s Node Manager
48
zaterdag 8 december 12
Sources of Information• Node Manager Administrator's Guide for Oracle WebLogic
Server (E13740-03 / E21050-02)
• http://oraclemva.wordpress.com/2011/02/16/new-parameter-in-nodemanager-properties/
• http://www.veriton.co.uk/roller/fmw/entry/ssl_for_weblogic_server_11g
• http://www.countzero.fi/blog.html?id=16
49
zaterdag 8 december 12
Questions?
50
zaterdag 8 december 12