Monitoring JDBC Datasource Runtime Attributes using WLST

In weblogic server , we can monitor the JDBC resources easly with WLST.

See how can ?

Step 1 :- Set the environment

C:\bea103\user_projects\domains\testdomain\bin>setDomainEnv.bat

Step 2:- Connect to server and browse to the JDBCDataSourceRuntime MBean

C:\bea103\user_projects\domains\testdomain>java weblogic.WLST

Initializing WebLogic Scripting Tool (WLST) …

Welcome to WebLogic Server Administration Scripting Shell

Type help() for help on available commands

wls:/offline> connect()
Please enter your username [weblogic] :
Please enter your password [weblogic] :
Please enter your server URL [t3://localhost:7001] :t3://localhost:7003
Connecting to t3://localhost:7003 with userid weblogic …
Successfully connected to managed Server ‘MS0′ that belongs to domain ‘testdomain′.

Warning: An insecure protocol was used to connect to the
server. To ensure on-the-wire security, the SSL port or
Admin port should be used instead.

wls:/testdomain/serverConfig> serverRuntime()
Location changed to serverRuntime tree. This is a read-only tree with ServerRunt
imeMBean as the root.
For more help, use help(serverRuntime)
wls:/testdomain/serverRuntime> cd(‘JDBCServiceRuntime’)
wls:/testdomain/serverRuntime/JDBCServiceRuntime> cd(‘MS0′)
wls:/testdomain/serverRuntime/JDBCServiceRuntime/MS0> cd(‘JDBCDataSourceRuntimeMBeans’)
wls:/testdomain/serverRuntime/JDBCServiceRuntime/MS0/JDBCDataSourceRuntimeMBeans> cd(‘MyDs’)
gaRules> cmo.getActiveConnectionsCurrentCount()
1

The other JDBC Datasource Runtime attributes that can be monitored are listed below.

wls:/testdomain/serverRuntime/JDBCServiceRuntime/MS0/JDBCDataSourceRuntimeMBeans/PegaRules> ls()
dr– JDBCDriverRuntime
dr– LastTask
dr– WorkManagerRuntimes

-r– ActiveConnectionsAverageCount 1
-r– ActiveConnectionsCurrentCount 0
-r– ActiveConnectionsHighCount 5
-r– ConnectionDelayTime 627
-r– ConnectionsTotalCount 5
-r– CurrCapacity 5
-r– CurrCapacityHighCount 4
-r– DeploymentState 2
-r– Enabled true
-r– FailedReserveRequestCount 0
-r– FailuresToReconnectCount 0
-r– HighestNumAvailable 5
-r– HighestNumUnavailable 0
-r– LastTask null
-r– LeakedConnectionCount 0
-r– ModuleId PegaRules
-r– Name PegaRules
-r– NumAvailable 5
-r– NumUnavailable 0
-r– PrepStmtCacheAccessCount 11852
-r– PrepStmtCacheAddCount 420
-r– PrepStmtCacheCurrentSize 50
-r– PrepStmtCacheDeleteCount 370
-r– PrepStmtCacheHitCount 11432
-r– PrepStmtCacheMissCount 420
-r– Properties {serverName=localhost, SID=prpc612, portNumber=1521, user=SYSTEM}
-r– ReserveRequestCount 11844
-r– State Running
-r– Type JDBCDataSourceRuntime
-r– VersionJDBCDriver oracle.jdbc.OracleDriver
-r– WaitSecondsHighCount 0
-r– WaitingForConnectionCurrentCount 0
-r– WaitingForConnectionFailureTotal 0
-r– WaitingForConnectionHighCount 0
-r– WaitingForConnectionSuccessTotal 4
-r– WaitingForConnectionTotal 0
-r– WorkManagerRuntimes null

-r-x clearStatementCache Void :
-r-x dumpPool Void :
-r-x dumpPoolProfile Void :
-r-x forceShutdown Void :
-r-x forceSuspend Void :
-r-x poolExists Boolean : String(name)
-r-x preDeregister Void :
-r-x reset Void :
-r-x resume Void :
-r-x shrink Void :
-r-x shutdown Void :
-r-x start Void :
-r-x suspend Void :
-r-x testPool String

How to a Create Active Directory Authentication Provider from WLST in Weblogic

Step 1 – Set the environment

C:\Oracle\Middleware\user_projects\domains\TestDomain\bin>setDomainEnv.cmd

Step 2 – Create a new Admin Account

C:\Oracle\Middleware\user_projects\domains\TestDomain>java weblogic.security.utils.AdminAccount weblogic welcome123 .

Note: Don’t forget to add a dot(.) at the end.

Step 3 – Verify the creation of a new DefaultAuthenticatorInit.ldift file.

C:\Oracle\Middleware\user_projects\domains\TestDomain>dirDirectory of C:\Oracle\Middleware\user_projects\domains\TestDomain

11/29/2010  10:27 AM    <DIR>          .
11/29/2010  10:27 AM    <DIR>          ..
10/27/2010  10:56 AM    <DIR>          autodeploy
10/27/2010  10:56 AM    <DIR>          bin
10/27/2010  10:56 AM    <DIR>          config
10/27/2010  10:56 AM    <DIR>          console-ext
11/29/2010  10:27 AM             3,380 DefaultAuthenticatorInit.ldift
10/29/2010  12:25 PM               156 edit.lok
10/27/2010  10:56 AM               472 fileRealm.properties
10/27/2010  10:56 AM    <DIR>          init-info
10/27/2010  10:56 AM    <DIR>          lib
10/29/2010  12:25 PM    <DIR>          pending
10/27/2010  10:56 AM    <DIR>          security
10/29/2010  12:11 PM    <DIR>          servers
10/27/2010  10:56 AM               318 startWebLogic.cmd
10/27/2010  10:56 AM               270 startWebLogic.sh
10/29/2010  12:25 PM    <DIR>          tmp
               5 File(s)          4,596 bytes
              12 Dir(s)  47,722,737,664 bytes free
You will see a DefaultAuthenticatorInit.ldift in the domain directory

Step 5 – Use the new DefaultAuthenticatorInit.ldift

Go to the following location

C:\Oracle\Middleware\user_projects\domains\TestDomain\security

Rename the existing DefaultAuthenticatorInit.ldift and place the DefaultAuthenticatorInit.ldift file in this directory that we just created.

Step 6 – Rename ldap directory

Now go to the following location.

C:\Oracle\Middleware\user_projects\domains\TestDomain\servers\AdminServer\data

Note:- This will delete all your existing users/groups so it is recomended to export the security realm data, or export the users.

Step 7 – Delete boot.properties file

Rename ldap directory to something else.

Delete the boot.properties file from the following location

C:\Oracle\Middleware\user_projects\domains\TestDomain\servers\AdminServer\security

Step 8- Start your Weblogic Server  using startWebLogic.cmd and provide the credentials at the prompt.
Enter username to boot WebLogic server: weblogic
Enter password to boot WebLogic server: welcome123

Step 9 - Log in to Weblogic Console using the new admin user.

How we can provide custom authentication for apache webserver

How we can achive ?

Create authen.txt with the username and password separated by colon

authen.txt
sampleuser : sampleuser

Then use the htpasswd to encrypt the password

Apache2\bin>htpasswd.exe -b authen.txt  sampleuser sampleuser 
Automatically using MD5 format.
Updating password for user testuser

Add the following in the httpd.conf file present in C:\Program Files\Apache Group\Apache2\bin

LoadModule weblogic_module modules/mod_wl128_20.so

<Location />
SetHandler weblogic-handler
WebLogicHost localhost
WebLogicPort 7001
Debug ALL
WLLogFile c:/Saple/wlproxy.log
WLTempDir c:/Saple
AuthUserFile C:/Saple/ authen.txt
AuthName “This is a protected area” 
AuthType Basic 
Require valid-user
</Location>

Also copy WL_HOME\server\plugin\win\32\mod_wl_22.so to C:\Program Files\Apache Group\Apache2\modules

Restart the Apache Server.

Now if we try to access any unprotected resource on Weblogic Server, a BASIC Authentication Window will be popped up for authentication against Apache.

If authentication is successful, the request will go through provided we set the following in the config.xml

<enforce-valid-basic-auth-credentials>false</enforce-valid-basic-auth-credentials>

Otherwise Weblogic Server will try to validate the BASIC authentication Header.

Configuring two way SSL between Client and Weblogic server with Apache proxying the request.

Configure Apache for SSL

Create the certificates using openssl (present in apache_home\bin) using the below steps:

openssl genrsa -des3 -out server.key 1024

openssl req -config ..\conf\openssl.cnf -new -key server.key -out localhost

openssl x509 -req -days 730 -in localhost -signkey server.key -out server.crt

Add the following in the httpd.conf file

<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>

Listen 443
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile “C:\Program Files\Apache Group\Apache2\conf\server.crt”
SSLCertificateKeyFile “C:\Program Files\Apache Group\Apache2\conf\server.key”
SSLCACertificateFile “C:\Documents and Settings\Administrator\Desktop\cert\IntermediateCA.cer”
#SSLLog “C:\Program Files\Apache Group\Apache2\conf\ssl.log”
#SSLLogLevel debug
</VirtualHost>

Configure SSL between Apache and Weblogic Server

Add the following in the Location Directive

SecureProxy ON
TrustedCAFile C:\bea101\wlserver_10.0\server\lib\CertGenCA.pem
RequireSSLHostMatch false

Configure Apache to Request for Client Certificate

Add the following in the Location Directive

SSLVerifyClient optional_no_ca
SSLOptions +ExportCertData

Configure Weblogic Server for 2-way SSL

mydomain> Servers> myserver>Keystores & SSL > Advanced Options
Hostname Verification: None
Two Way Client Cert Behavior: Client Certs Requested but not enforced

Apache_SSL> Domain Wide Security Settings> Realms> myrealm> Authentication Providers> DefaultIdentityAsserter

Trusted Client Principals: provide CN of the Client Certificate
Types: X509

Details:

Use Default User Name Mapper: Checked
Default User Name Mapper Attribute Type: CN
Base64Decoding Required: Checked

Go the security realm and create a user wih the username as CN of the certificate

Add the following in the config.xml
<Server ClientCertProxyEnabled=”true”

Configure the Web Application

The Web Application should require client cert authentication.

Add the following in the web.xml

<context-param>
<param-name>weblogic.httpd.clientCertProxy</param-name>
<param-value>true</param-value>
</context-param>

Add the following in the weblogic.xml

<principal-name> CN of the certificate</principal-name>

Don’t want to get prompted for confirmation in WebLgic Console?

If you are using WebLogic Admin console frequently to configure the services or to manage the life cycle of the servers, you might have seen a confirmation prompt before changes. 

This action prompt would not come up when you are running the domain in development mode. 
If you are running the domain in production mode they will ask confirmation for all the operations. 

There used to be no way to disable this confirmation page prior WebLogic Server 10.3. 

Now in WebLogic Server 10.3 and higher you can set a console user preference that can disable these confirmation pages.

Use the tool bar at the center (top) of the console to go to the "Preferences". 

Under the "User Preferences" tab you will find an option called "Ask for confirmation in operations". 

By default it will be enabled in production domains and you can disable it to avoid that annoying confirmation pages where will have to click either "Yes" or "No". 

While you are there explore the other useful preferences like "Show Inline Help" and "Show Advanced Sections" which can buy some real-estate space in the console and save you some clicks.

Change in WebLogic Server HTTP Session Failover Logic With Proxy Plug-ins

When using HTTP Sessions with WebLogic Cluster, you can ensure high availability for your session by configuring HTTP Session Replication. For the replication strategy, you have many options to select from like In-memory, file, JDBC, Cookie etc. 

When you are using in-memory replication with a web server to front WebLogic Server Cluster, the proxy plug-in must be configured on the web servers.

The proxy plug-ins are intelligent enough to stick the request from a client to the same server where the session is hosted. 

A secondary copy of the session will be sent to a backup server by the primary server. 

This information will be written to a cookie or encoded in the URL depending on the client's configuration to support cookies.



In the past, during failure of the primary server, the proxy plug-in on the web server will redirect the request to the secondary/backup server. This resulted in increased traffic to the secondary/backup server. So somewhere during the Weblogic Server 9.x the plug-ins are updated to do a random routing incase of failures. 

The proxy server will randomly distribute all the requests from the failed server to different servers that are still running in the cluster. When the request from the existing clients (with valid session id) gets redirected to servers that are not secondary server then that server will connect to the secondary server for that client and will pull the session to become primary server. 

This ensures that one server will not get overloaded when a server in a cluster fails.



The same exact strategy was used when you front a WebLogic cluster with a load balancing hardware as not all the load balancing hardware understand the WebLogic cluster configuration.

 Now the same strategy is applied to the WebLogic Cluster front by a proxy plug-in hosted on a web server. This make the failover strategy consistent whether you have hardware or a software based proxy in front a WebLogic Cluster.

WebLogic Server documentation is still not updated to reflect this change under the "Proxy Failover Procedure" section. If you are running WebLogic Cluster with 9.x and you are not seeing this behavior then you can contact Oracle Support to find out whether there is a patch that can you can apply for your current WebLogic implementation.

Easy Syntax with WLST

WLST is a powerful scripting solution for managing and administering WebLogic Server and resources deployed on them. WLST is built on the Java implementation of the scripting language Python called as Jython.

 All the commands in WLST are implemented as Jython functions and they require a set of parentheses for passing any arguments. Even any commands that do not require any arguments are supposed to be suffixed with parentheses. For example the command "ls" is used to list all the child MBeans and/or attributes of the current MBean you are at.

ls() - lists all the child MBeans and attributes
ls('a') - lists all the attribute names and values only
ls('c') - lists all the child MBeans only

So even if you want to invoke "ls" with no arugments you must use "ls()". This might not be an issue when you are building scripts that you might want to run many times. But while connected to a server and working with WLST in interactive mode, it might get a little frustated to type the parentheses everytime you want to run some simple commands with no arguments. To ease this pain there is a hidden option in WLST which can be used to ease the syntax for WLST commands - easeSyntax().



You can supply the "easeSyntax()" command to ease the syntax but this is not recommended for script mode and especially when using loop constructs. You can also use the regular Jython syntax with parentheses even after you enabled the easy syntax. To turn off the easy syntax mode simply issue the command again "easeSyntax".

How To Encrypt Clear Text Passwords With WebLogic Server

WebLogic Server encrypts all the plain text passwords stored in its domain configuration XML file(s). This is to prevent access to sensitive information. When passwords are entered using administration console or scripting tools, it will automatically get encrypted before they are stored in the configuration XML files(s).

Prior to WebLogic Server 9.0

If those passwords need to be reset either the configuration tools (Console or scripting tools) can be used which will automatically re-encrypt the passwords or by directly changing the configuration files using a text editor. When files are directly modified using a text editor the passwords will get encrypted during the subsequent restart.

Starting from WebLogic Server 9.0

Using clear text passwords in the configuration files are supported only for Development domain and it will not re-encrypt the passwords. If the domain is a Production domain then you cannot set the passwords in clear text. You have to either use a dedicated command-line utility or WLST to encrypt the clear text passwords. If the server encounters a clear text password when parsing the configuration file(s) while starting in Production Mode, then you will get an error similar to the following:

<Oct 20, 2008 9:05:35 PM EDT> <Critical> <WebLogicServer> <BEA-000362> <Server failed. Reason: [Management:141266]Parsing Failure in config.xml: java.lang.IllegalArgumentException: In production mode, it's not allowed to set a clear text value to the property: PasswordEncrypted of ServerStartMBean>


Depending on the configuration the MBean name value of the error message may change. In this case the ServerStartMBean has clear text value for a password property. Either the dedicated Java utility to encrypt clear text values can be used or WLST cant be used to re-encrypt. To run the encrypt utility follow the instructions below:

1. Change directory to your domain's bin folder (For Eg. cd c:\bea\user_projects\domains\mydomain\bin)
2. Execute the setDomainEnv script (For Eg. setDomainEnv.cmd)
3. Execute java weblogic.security.Encrypt which will prompt for the password and will print the encrypted value in stdout.

The following are some sample output from running the utility

C:\bea\user_projects\domains\mydomain>java weblogic.security.Encrypt
Password:
{3DES}9HWsf87pJTw=

You should execute this utility from the domain folder as it requires the domain's password salt file (SerializedSystemIni.dat) for encrypting the clear text string. You can also pass the clear text string as an argument

C:\bea\user_projects\domains\mydomain>java weblogic.security.Encrypt testpwd
{3DES}9HWsf87pJTw=


You can also use WLST to encrypt clear text strings as below:

C:\bea\user_projects\domains\mydomain>java weblogic.WLST

Initializing WebLogic Scripting Tool (WLST) ...

Welcome to WebLogic Server Administration Scripting Shell

Type help() for help on available commands

wls:/offline> es = encrypt('testpwd')
wls:/offline> print es
{3DES}9HWsf87pJTw=
wls:/offline>

When running WLST from a location different than the domain folder you can pass in an argument to specify the domain directory. Once you have the encrypted value, the configuration files can be modified to include this encrypte value instead of clear text passwords. These features will make your domain to operate when resetting the encrypted passwords on a Production domain's configuration XML files. These methods not only can be used to encrypt configuration XML (config.xml) but also the JDBC or JMS descriptor XML files.

Difference between Development Mode and Production Mode in Weblogic server

During domain creation you can specify the start up mode for your domain either as development mode of production mode. 

Most of you who work with WebLogic Server for the past few releases should know that there are few differences between a development domain and production domain.
(http://e-docs.bea.com/common/docs103/confgwiz/newdom.html#wp1097267) 

Development Mode
The default JDK for development domain is Sun Hotspot
You can use the demo certificates for SSL
Auto deployment is enabled
Server instances rotate their log files on startup
Admin Server uses an automatically created boot.properties during startup
The default maximum capacity for JDBC Datasource is 15
The debugFlag which is used to start the WebLogic Workshop Debugger is enabled

Production Mode
The default JDK for production domain is JRockit
If you use the demo certificates for SSL a warning is displayed
Auto deployment is disabled
Server instances rotate their log files when it reaches 5MB
Admin Server prompts for username and password during startup
The default maximum capacity for JDBC Datasource is 25
The debugFlag which is used to start the WebLogic Workshop Debugger is disabled

In addition to the above WebLogic Server 10gR3 adds a few more default configurations depending on whether the domain is started in development or production mode.

• The domain configuration locking feature is only enabled for production domains 
• - http://e-docs.bea.com/wls/docs103/notes/new.html#wp1088380
• 
  
• Confirmation prompts for operations are enabled only for production domains
•  - http://e-docs.bea.com/wls/docs103/notes/new.html#wp1088380
• 
  
• Fast Track deployments are not recommended for production domains 
• - http://e-docs.bea.com/wls/docs103/quickstart/quick_start.html

Common Issues and solutions to errors during Apache HTTP Server startup

1. Apache HTTP Server startup issue.

2. Unable to accept incoming connections in a server machine.

 1. Apache HTTP Server startup issue.

 This is a very standard issue which is noticed while starting the ApacheHTTPServer?

service on windows. The possible reasons could be the following services. These services, if they are running, will occupy the port 80 in your machine and as a result you will not be able to start the ApacheHTTPServer  service.

a. IIS – Just stop this service before trying to start Apache on port 80 in your machine.

b. Skype – This seems to occupy the port 80 in your machine by default. If you have to use Skype in your machine, please make sure you have reconfigured your Skype to not occupy port 80.

c. OracleHTTPServer? – This service also should be stopped before starting the Apache on your machine

2. Unable to accept incoming connections in a server machine

a. Windows XP has some builtin firewall settings where all the incoming connections can be blocked. Disable this firewall setting or add the relevant port numbers as exceptions in the firewall setting.

If this is not disabled, you cannot access the application installed on the server machine.

 3. On Unix is related issue in running Apache as user root:

1. When we start Apache as “root”, Apache goes by the “User” directive in the Apache config file httpd.conf to spawn the httpd processes.

To check as what user httpd is running simply type ps -elf | grep httpd and you will see the owner of httpd (the apache process). Or you can look at owner of the httpd log files inside Apache/logs directory.

2. By default, this user will be set to username “nobody”, which will be present in most machines, but will not have enough permissions most of the time.

3. Typically “nobody” user should have access permissions to the Apache directories, if not you will get this “Forbidden error” on the page.

unpack Command Throws a NullPointerException | Weblogic

In some servers, a NullPointerException is thrown while running the unpack command.

The pack command used to populate the jar file did not complete successfully while executing .

Let's have a example, if the pack command were run while the admin and/or managed servers of the domain were still running, the pack command would not be able to complete, and the jar file it builds would not be complete either. 

Then if the same incomplete jar file is used for the unpack command, it will lack some of what it needs, and the error will occur.

Make sure that the pack command has completed before taking the jar file and using it for unpack.

In the example, make sure that the admin and managed servers of a domain have been shut down before running the pack command so that it can complete. After it has completed, the jar file will be usable and then it can be used to unpack.

crashing jrockit while starting WebLogic server instance

Just today I spent some time working on a JVM (jrockit) while starting WebLogic with the default startWebLogic.sh script. The enviroment is rather straight forward:

• Jrockit (jrockit-jdk1.6.0_22-R28.1.1-4.0.1)
• WebLogic 10.3.4
• SOA Suite PS3 (11.1.1.4)

Now whenever I started WebLogic I ran into a rather lengthy core dump, which you can view: here (just rename to .txt). The interesting part of this core dump is this:


Loaded modules:
(* denotes the module where the exception occured)
0000000000400000-0000000000412703 /u01/app/oracle/product/1.6.0/jrockit-jdk1.6.0_22-R28.1.1-4.0.1/bin/java
0000003353200000-0000003353201f93 /lib64/libdl.so.2
0000003353600000-0000003353615a6f /lib64/libpthread.so.0
0000003352a00000-0000003352b4d067 */lib64/libc.so.6
0000003351a00000-0000003351a1bb7f /lib64/ld-linux-x86-64.so.2
00002ba4453b2000-00002ba4456b734b /u01/app/oracle/product/1.6.0/jrockit-jdk1.6.0_22-R28.1.1-4.0.1/jre/lib/amd64/jrockit/libjvm.so
00002ba445991000-00002ba4459af9eb /u01/app/oracle/product/1.6.0/jrockit-jdk1.6.0_22-R28.1.1-4.0.1/jre/lib/amd64/libosal.so
00002ba445bb2000-00002ba445bbe4fb /u01/app/oracle/product/1.6.0/jrockit-jdk1.6.0_22-R28.1.1-4.0.1/jre/lib/amd64/libutil.so
0000003352e00000-0000003352e8122f /lib64/libm.so.6
0000003354600000-0000003354606f5b /lib64/librt.so.1
00002aaaaabb4000-00002aaaaabe9c17 /u01/app/oracle/product/1.6.0/jrockit-jdk1.6.0_22-R28.1.1-4.0.1/jre/lib/amd64/libjdwp.so
00002aaaaacf3000-00002aaaaacf5307 /u01/app/oracle/product/1.6.0/jrockit-jdk1.6.0_22-R28.1.1-4.0.1/jre/lib/amd64/libnpt.so
00002aaaae3d0000-00002aaaae3dbd03 /u01/app/oracle/product/1.6.0/jrockit-jdk1.6.0_22-R28.1.1-4.0.1/jre/lib/amd64/libjfr.so
00002aaaf1a92000-00002aaaf1a9e337 /u01/app/oracle/product/1.6.0/jrockit-jdk1.6.0_22-R28.1.1-4.0.1/jre/lib/amd64/libverify.so
00002aaaf1ba1000-00002aaaf1bc8c73 /u01/app/oracle/product/1.6.0/jrockit-jdk1.6.0_22-R28.1.1-4.0.1/jre/lib/amd64/libjava.so
0000003355200000-00000033552140c7 /lib64/libnsl.so.1
00002aaaf1d10000-00002aaaf1d165bf /u01/app/oracle/product/1.6.0/jrockit-jdk1.6.0_22-R28.1.1-4.0.1/jre/lib/amd64/native_threads/libhpi.so
00002aaaf22dc000-00002aaaf22e98cb /u01/app/oracle/product/1.6.0/jrockit-jdk1.6.0_22-R28.1.1-4.0.1/jre/lib/amd64/libzip.so
00002aaaf2530000-00002aaaf2532e73 /u01/app/oracle/product/1.6.0/jrockit-jdk1.6.0_22-R28.1.1-4.0.1/jre/lib/amd64/libdt_socket.so
00002aaaf2643000-00002aaaf264c64b /lib64/libnss_files.so.2
00002aaaf2a4e000-00002aaaf2a6098f /u01/app/oracle/product/1.6.0/jrockit-jdk1.6.0_22-R28.1.1-4.0.1/jre/lib/amd64/libnet.so
00002aaaf3b26000-00002aaaf3b2bf43 /u01/app/oracle/product/1.6.0/jrockit-jdk1.6.0_22-R28.1.1-4.0.1/jre/lib/amd64/liborii.so
00002aaaf3ded000-00002aaaf3df38ab /u01/app/oracle/product/1.6.0/jrockit-jdk1.6.0_22-R28.1.1-4.0.1/jre/lib/amd64/libnio.so
00002aaaf8e80000-00002aaaf8e818dd /u01/app/oracle/product/11.1.1.4/wlserver_10.3/server/native/linux/x86_64/libweblogicunix1.so
Now this gave me a hook to start querying google and metalink, ending up with only one advice: downgrade jrockit. Obviously I tried this, but this and it gave me the root cause:

<Apr 12, 2011 2:47:54 PM CEST> <Critical> <WebLogicServer> <BEA-000252> <Cannot switch to group "dba". java.lang.IllegalArgumentException: Cannot setegid("dba"), system error: ''
java.lang.IllegalArgumentException: Cannot setegid("dba"), system error: ''
at weblogic.platform.Unix.setEGroup0(Native Method)
at weblogic.platform.Unix.setEffectiveGroup(Unix.java:73)
at weblogic.t3.srvr.SetUIDRendezvous.setEGroup(SetUIDRendezvous.java:156)
at weblogic.t3.srvr.SetUIDRendezvous.makeUnPrivileged(SetUIDRendezvous.java:174)
at weblogic.t3.srvr.SetUIDRendezvous.initialize(SetUIDRendezvous.java:88)
at weblogic.t3.srvr.BootService.start(BootService.java:48)
at weblogic.t3.srvr.ServerServicesManager.startService(ServerServicesManager.java:461)
at weblogic.t3.srvr.ServerServicesManager.startInStandbyState(ServerServicesManager.java:166)
at weblogic.t3.srvr.T3Srvr.initializeStandby(T3Srvr.java:879)
at weblogic.t3.srvr.T3Srvr.startup(T3Srvr.java:566)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:467)
at weblogic.Server.main(Server.java:71)
>
Now this did help me. Suddenly I realized that I had been playing with machine configuration (uid and gid setting to be more specific)

<machine xsi:type="unix-machineType">
<name>testbox</name>
<node-manager>
<name>testbox</name>
<listen-address>localhost</listen-address>
</node-manager>
<post-bind-uid-enabled>true</post-bind-uid-enabled>
<post-bind-uid>testuser</post-bind-uid>
<post-bind-gid-enabled>true</post-bind-gid-enabled>
<post-bind-gid>dba</post-bind-gid>
</machine>
Now testuser doesn’t have dba as primary group:

$ id testuser
uid=10641(testuser) gid=100(users) groups=4006(dba),100(users)
So because of this jrockit crashes… (wrong group for the machine). The error is kind of unfriendly, downgrading seems to be a way of improving error messages.

Hope this helps.

Configuring Fusion Middleware JDBC Data Sources Correctly

The out of the box settings for a data source in a random Fusion Middleware product (SOA, WebCenter, OIM, etc. they are all alike) JDBC properties contains guesses about your environment and usage.

Same goes for the settings required by RCU when installing a repository.

For a customer I recently wrote a document explaining which settings to set on the database and in WebLogic when configuring data sources for a Fusion Middleware product for production usage while connected to a RAC database.

The document assumes you are running a 11.2 RAC and WebLogic 10.3.4 or newer. Here’s the document:

Configure JDBC data sources for RAC

Hope this helps.

BTW: if you already downloaded the document, please download it again. Seems I made an error in the distributed lock area.

Different Memory Argument values for SOA Servers and BAM Servers In Weblogic 11g.

This post is about providing specific memory arguments values to SOA server and BAM servers in Weblogic 11g.

There are two scenarios:

1. Admin Server is Started using the startWeblogic.cmd or startWeblogic.sh file and all other servers are started using startManagedWeblogic.cmd or startManagedWeblogic.sh 

2. Admin Server is Started using the startWeblogic.cmd or startWeblogic.sh file and all other servers are started using the Admin Server Console.

Case1 :  

Admin Server is Started using the startWeblogic.cmd or startWeblogic.sh file and all other servers are started using startManagedWeblogic.cmd or startManagedWeblogic.sh 

First of all we have to analyse the startWeblogic.sh file that is used to start the Admin Server and the startManagedWeblogic.sh file that is used to start all other managed servers such as SOA server and BAM server.

Both the above mentioned file uses setDomainEnv.sh file to set the Domain related environment.

And setDomainEnv.sh file uses setSOADomainEnv.sh file for setting SOA specific environments.

So the memory related arguments like Xmx and Xms are picked up from the file :setSoaDomainEnv.sh file present in the $DomainHome/bin directory.

So, in order to provide different Xmx and Xms values for Admin Server , SOA server and BAM server we have to modify the setSOADomainEnv.sh file as shown below :

Imp : Please make sure to take backup of all the original files before modifying them .

In setSOADomainEnv.sh file comment the below lines :

# DEFAULT_MEM_ARGS="-Xms2048m -Xmx2048m"
# PORT_MEM_ARGS="-Xms2048m -Xmx2048m"

Insert the below lines replace the above commented code :

# line to specify different Xmx and Xms values to soa_server and bam_server.

if [ "${SERVER_NAME}" = "soa_server1" ] || [ "${SERVER_NAME}" = "soa_server2" ]; then
DEFAULT_MEM_ARGS="-Xms2048m -Xmx2048m"
PORT_MEM_ARGS="-Xms2048m -Xmx2048m"
elif [ "${SERVER_NAME}" = "bam_server1" ] || [ "${SERVER_NAME}" = "bam_server2" ]; then
DEFAULT_MEM_ARGS="-Xms2048m -Xmx2048m"
PORT_MEM_ARGS="-Xms2048m -Xmx2048m"
elif [ "${SERVER_NAME}" = "" ] || [ "${SERVER_NAME}" = "AdminServer" ]; then
DEFAULT_MEM_ARGS="-Xms2048m -Xmx2048m"
PORT_MEM_ARGS="-Xms2048m -Xmx2048m"
else
DEFAULT_MEM_ARGS="-Xms2048m -Xmx2048m"
PORT_MEM_ARGS="-Xms2048m -Xmx2048m"
fi

# end of code

Case 2 :  

Admin Server is Started using the startWeblogic.cmd or startWeblogic.sh file and all other servers are started using the Admin Server Console.

In this case, the Memory Arguments can be provided to from the Admin Server Console using the below steps :

•  Login into the Weblogic Administration Console using URL :http://admin_server_hostname:port/console
• Expand Environment Tree available on the left hand panel of the Admin Console.
• Click on Servers .
• For each Server say ( soa_server1 , and bam_server ) click on the server name .
• Then click on the Configuration tab.
• Then go to the Server Start tab available on the top of the page.
• Add the memory values in the Arguments field as shown below. There is no need to use newline. You can provide as many memory options as you want in this area and all the options will be separated by one white space character only.

-Xmx2048m -Xms2048m

• Click Save