Node Manager Configuration:
Java Based Node Manager:
It is recommended that you configure Node Manager to run as an operating system service or a Windows service on Windows systems.
By default, the operating system service starts up Node Manager to listen on localhost:5556.
When you configure Node Manager to accept commands from remote systems,you must uninstall the default Node Manager Service, then reinstall it to listen on a non-localhost listen address.
Depending on your platform,follow the instructions in Reconfigure Startup Service for Windows Installations or Configuring Java-based Node Manager Security.
Reconfigure Startup Service for Windows Installations
The directory WL_HOME\server\bin contains uninstallNodeMgrSvc.cmd, a script for uninstalling the Node Manager service, and installNodeMgrSvc.cmd, a script for installing Node Manager as a service.
1. Delete the service using uninstallNodeMgrSvc.cmd
2. Edit installNodeMgrSvc.cmd to specify Node Manager's Listen Address and Listen Port.
Make the same edits to uninstallNodeMgrSvc.cmd as you make to installNodeMgrSvc.cmd, so that you can successfully uninstall the service in the future, as desired.
3. Run installNodeMgrSvc.cmd to re-install Node Manager as a service, listening on the updated address and port.
Configuring Java-based Node Manager Security:
Node Manager security relies on a one-way SSL connection between the client and server.
If you are establishing a command line connection to the Java Node Manager using the WebLogic Server Scripting Tool (WLST) nmConnect command, you provide the Node Manager user name and password. Node Manager verifies the username and password against the domain's nm_password.properties file.
Node Manager credentials are located on the Security>General>Advanced Options Console page.
Administration Console users do not need to explicitly provide credentials to connect to Node Manager—the Node Manager user name and password are available in the domain configuration and are provided automatically.
Configuring Node Manager to Use Start and Stop Scripts
You can configure Node Manager to use a script to start a managed server or to execute a script after server shutdown has completed. These scripts can be used to perform tasks that need to be peformed before a server is started or after it is shutdown. Mounting and unmounting remote disks is one example of a task that can be performed using scripts.
Note:
Node Manager uses startup scripts to perform any required configration, then start the server. In contrast, stop scripts are executed after the server has shutdown.
Using Start Scripts
You can use a start script allows you to specify required startup properties and perform any other work you need performed at start up. To define a start script:
1. In the nodemanager.properties file, set the StartScriptEnabled property to true. (The default is false.) If your start script is named startWebLogic.sh or startWebLogic.cmd, Node Manager uses one of those scripts as the default.
2. If you want to specify a custom start script, set the StartScriptName property to the name of your script in the nodemanager.properties file
Using Stop Scripts
You can use a stop script to perform any tasks that are required after the server has shutdown. To define a stop script:
1. In the nodemanager.properties file, set the StopScriptEnabled property to true.
2. Set the StopScriptName property to the name of your script in the nodemanager.properties file.
The following example shows a stop script that can be used to unmout a disk on UNIX systems:
#!/bin/sh
FS=/cluster/d2
if grep $FS /etc/mnttab > /dev/null 2>&1 ; then
sync
PIDS=`/usr/local/bin/lsof $FS | awk
'{if ($2 ~/[0-9]+/) { print $2} }' | sort -u`
kill -9 $PIDS
sleep 1
sync
/usr/sbin/umount -f $FS
fi
Configuring Script-based Node Manager :
The SSH Node Manager is a shell script, wlscontrol.sh, located in {WL_HOME}/common/bin/. wlscontrol.sh must exist on each machine that hosts server instances that you want to control with Node Manager. This script can be customized to meet site-specific requirements.
You must have an SSH client executable on each machine where Node Manager or a Node Manager client runs. This script must also be in the path of the user id running it. Typically, an SSH client is a standard part of a Unix or Linux installation.
Overriding the Default SSH Port
The default SSH port used by Node Manager is 22. You can override that setting in the following ways:
. Set the Port= parameter in the ~/.ssh/config file to set the default port for an individual user.
. Set the Port= parameter in the /etc/ssh_config file to set the default port across the entire system.
. Start the Administration Server using the following system property:
-Dweblogic.nodemanager.ShellCommand="ssh -o PasswordAuthentication=no -p %P %H wlscontrol.sh -d %D -r %R -s %S %C"
After starting the server, you can edit the SSH port in the Administration Server’s configuration file.
Configuring Script-based Node Manager Security
The Node Manager SSH shell script relies on SSH user-based security to provide a secure trust relationship between users on different machines. Authentication is not required. You create a UNIX user account—typically one per domain—for running Node Manager commands and scripts. A user logged in as this user can issue Node Manager commands without providing a username and password.
Note:
You must also ensure that the Node Manager and WebLogic Server commands are available in the path of the UNIX user ID used to run them.
Remote Server Start Security for Script-based Node Manager
A remote start user name and password is required to start a server instance with Node Manager. These credentials are provided differently for Administration Servers and Managed Servers.
. Credentials for Managed Servers—When you invoke Node Manager to start a Managed Server it obtains its remote start name and password from the Administration Server.
. Credentials for Administration Servers—When you invoke Node Manager to start an Administration Server, the remote start user name can be provided on the command line, or obtained from the Administration Server’s boot.properties file. The Configuration Wizard initializes the boot.properties file and the startup.properties file for an Administration Server when you create the domain.
Any server instance started by Node Manager encrypts and saves the credentials with which it started in a server-specific boot.properties file, for use in automatic restarts.
Generating and Distributing Key Value Pairs :
The script-based Node Manager uses two types of key value pairs. This section contains instructions for distributing key value pairs to the machines that will host a Node Manager client or server.
Shared Key Value Pair
This option distributes the same key value pair to all machines that will host a Node Manager client or server.
The simplest way to accomplish this is to set up your LAN to mount the Node Manager user home directory on each of the machines. This makes the key value pair available to the machines. Otherwise
1. Generate an RSA key value pair for the user with the ssh-keygen command provided with your SSH installation.
The default location for the private and public keys are ~/.ssh/id_rsa and ~/.ssh/id_rsa.pub respectively.
If these keys are stored in a different location, modify the ShellCommand template, adding an option to the ssh command to specify the location of the keys.
2. Append the public key to the ~/.ssh/authorized_keys file on the Node Manager machine. For example:
command="/home/bea/server90/common/nodemanager/nodemanager.sh" 1024 33 23...2323
in which the you substitute the public key that you generated, as stored in id_rsa.pub, for the string shown in the example as
1024 33 23...2323
Note:
The prefix command=<command> ensures that a user that establishes a session with the machine using the public key can only run the command specified—nodemanager.sh. This ensures that the user can only perform Node Manager functions, and prevents unauthorized access to data, system utilities, or other resources on the machine.
3. Manually distribute the key value pair to each machine that will host a Node Manager server instance or client.
4. Execute the following command on the client machine to check that the Node Manager client can access the Node Manager:
/home/bea$ ssh montgomery VERSION
This response indicates that the client accessed Node Manager successfully:
+OK NodeManager v9.1.0
Individual Key Value Pairs
On each machine that will host a Node Manager client:
1. Generate a separate RSA key value pair for the Node Manager user as described in step one in the previous section.
2. Append the public key to the machine's ~/.ssh/authorized_keys file user as described in step two in the previous section.
Java Based Node Manager:
It is recommended that you configure Node Manager to run as an operating system service or a Windows service on Windows systems.
By default, the operating system service starts up Node Manager to listen on localhost:5556.
When you configure Node Manager to accept commands from remote systems,you must uninstall the default Node Manager Service, then reinstall it to listen on a non-localhost listen address.
Depending on your platform,follow the instructions in Reconfigure Startup Service for Windows Installations or Configuring Java-based Node Manager Security.
Reconfigure Startup Service for Windows Installations
The directory WL_HOME\server\bin contains uninstallNodeMgrSvc.cmd, a script for uninstalling the Node Manager service, and installNodeMgrSvc.cmd, a script for installing Node Manager as a service.
1. Delete the service using uninstallNodeMgrSvc.cmd
2. Edit installNodeMgrSvc.cmd to specify Node Manager's Listen Address and Listen Port.
Make the same edits to uninstallNodeMgrSvc.cmd as you make to installNodeMgrSvc.cmd, so that you can successfully uninstall the service in the future, as desired.
3. Run installNodeMgrSvc.cmd to re-install Node Manager as a service, listening on the updated address and port.
Configuring Java-based Node Manager Security:
Node Manager security relies on a one-way SSL connection between the client and server.
If you are establishing a command line connection to the Java Node Manager using the WebLogic Server Scripting Tool (WLST) nmConnect command, you provide the Node Manager user name and password. Node Manager verifies the username and password against the domain's nm_password.properties file.
Node Manager credentials are located on the Security>General>Advanced Options Console page.
Administration Console users do not need to explicitly provide credentials to connect to Node Manager—the Node Manager user name and password are available in the domain configuration and are provided automatically.
Configuring Node Manager to Use Start and Stop Scripts
You can configure Node Manager to use a script to start a managed server or to execute a script after server shutdown has completed. These scripts can be used to perform tasks that need to be peformed before a server is started or after it is shutdown. Mounting and unmounting remote disks is one example of a task that can be performed using scripts.
Note:
Node Manager uses startup scripts to perform any required configration, then start the server. In contrast, stop scripts are executed after the server has shutdown.
Using Start Scripts
You can use a start script allows you to specify required startup properties and perform any other work you need performed at start up. To define a start script:
1. In the nodemanager.properties file, set the StartScriptEnabled property to true. (The default is false.) If your start script is named startWebLogic.sh or startWebLogic.cmd, Node Manager uses one of those scripts as the default.
2. If you want to specify a custom start script, set the StartScriptName property to the name of your script in the nodemanager.properties file
Using Stop Scripts
You can use a stop script to perform any tasks that are required after the server has shutdown. To define a stop script:
1. In the nodemanager.properties file, set the StopScriptEnabled property to true.
2. Set the StopScriptName property to the name of your script in the nodemanager.properties file.
The following example shows a stop script that can be used to unmout a disk on UNIX systems:
#!/bin/sh
FS=/cluster/d2
if grep $FS /etc/mnttab > /dev/null 2>&1 ; then
sync
PIDS=`/usr/local/bin/lsof $FS | awk
'{if ($2 ~/[0-9]+/) { print $2} }' | sort -u`
kill -9 $PIDS
sleep 1
sync
/usr/sbin/umount -f $FS
fi
Configuring Script-based Node Manager :
The SSH Node Manager is a shell script, wlscontrol.sh, located in {WL_HOME}/common/bin/. wlscontrol.sh must exist on each machine that hosts server instances that you want to control with Node Manager. This script can be customized to meet site-specific requirements.
You must have an SSH client executable on each machine where Node Manager or a Node Manager client runs. This script must also be in the path of the user id running it. Typically, an SSH client is a standard part of a Unix or Linux installation.
Overriding the Default SSH Port
The default SSH port used by Node Manager is 22. You can override that setting in the following ways:
. Set the Port= parameter in the ~/.ssh/config file to set the default port for an individual user.
. Set the Port= parameter in the /etc/ssh_config file to set the default port across the entire system.
. Start the Administration Server using the following system property:
-Dweblogic.nodemanager.ShellCommand="ssh -o PasswordAuthentication=no -p %P %H wlscontrol.sh -d %D -r %R -s %S %C"
After starting the server, you can edit the SSH port in the Administration Server’s configuration file.
Configuring Script-based Node Manager Security
The Node Manager SSH shell script relies on SSH user-based security to provide a secure trust relationship between users on different machines. Authentication is not required. You create a UNIX user account—typically one per domain—for running Node Manager commands and scripts. A user logged in as this user can issue Node Manager commands without providing a username and password.
Note:
You must also ensure that the Node Manager and WebLogic Server commands are available in the path of the UNIX user ID used to run them.
Remote Server Start Security for Script-based Node Manager
A remote start user name and password is required to start a server instance with Node Manager. These credentials are provided differently for Administration Servers and Managed Servers.
. Credentials for Managed Servers—When you invoke Node Manager to start a Managed Server it obtains its remote start name and password from the Administration Server.
. Credentials for Administration Servers—When you invoke Node Manager to start an Administration Server, the remote start user name can be provided on the command line, or obtained from the Administration Server’s boot.properties file. The Configuration Wizard initializes the boot.properties file and the startup.properties file for an Administration Server when you create the domain.
Any server instance started by Node Manager encrypts and saves the credentials with which it started in a server-specific boot.properties file, for use in automatic restarts.
Generating and Distributing Key Value Pairs :
The script-based Node Manager uses two types of key value pairs. This section contains instructions for distributing key value pairs to the machines that will host a Node Manager client or server.
Shared Key Value Pair
This option distributes the same key value pair to all machines that will host a Node Manager client or server.
The simplest way to accomplish this is to set up your LAN to mount the Node Manager user home directory on each of the machines. This makes the key value pair available to the machines. Otherwise
1. Generate an RSA key value pair for the user with the ssh-keygen command provided with your SSH installation.
The default location for the private and public keys are ~/.ssh/id_rsa and ~/.ssh/id_rsa.pub respectively.
If these keys are stored in a different location, modify the ShellCommand template, adding an option to the ssh command to specify the location of the keys.
2. Append the public key to the ~/.ssh/authorized_keys file on the Node Manager machine. For example:
command="/home/bea/server90/common/nodemanager/nodemanager.sh" 1024 33 23...2323
in which the you substitute the public key that you generated, as stored in id_rsa.pub, for the string shown in the example as
1024 33 23...2323
Note:
The prefix command=<command> ensures that a user that establishes a session with the machine using the public key can only run the command specified—nodemanager.sh. This ensures that the user can only perform Node Manager functions, and prevents unauthorized access to data, system utilities, or other resources on the machine.
3. Manually distribute the key value pair to each machine that will host a Node Manager server instance or client.
4. Execute the following command on the client machine to check that the Node Manager client can access the Node Manager:
/home/bea$ ssh montgomery VERSION
This response indicates that the client accessed Node Manager successfully:
+OK NodeManager v9.1.0
Individual Key Value Pairs
On each machine that will host a Node Manager client:
1. Generate a separate RSA key value pair for the Node Manager user as described in step one in the previous section.
2. Append the public key to the machine's ~/.ssh/authorized_keys file user as described in step two in the previous section.
No comments:
Post a Comment