|
|
Short definition :
In computing, a denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a machine or network resource unavailable to its intended users.
Odli?an link.
How to detect them
# netstat -ntu | awk ‘{print $5}’ |awk -F: ‘{print $(NF-1)}’| sort | uniq -c | sort -n|grep -v r
1 10.10.10.38
2 10.10.10.140
2 127.0.0.1
Using this command you can see a number of ESTABLISHED connections to your server, per IP address. Please note that this is not (strictly) oriented towards web servers, more towards mail servers.
How to stop them
Suspicious address put in iptables and DROP them
Use fail2ban for all relevan services on server
Set certain kernel parameters using /etc/sysctl.conf file, to lessen the possibility of (D)DoS and SYN attacks.
After changes to sysctl.conf, changed parameters read to system by : #sysctl -p .
Which kernel parameters can be set, and what they mean
The first two parameters are the ones that (more or less) all the forum messages agree are to be set. TThose I will use, the rest, no touching  (for now).
Enable IP spoofing protection, turn on Source Address Verification.
Checks our routing table against the source address of incoming packets to make sure that they’re coming from the interface our routing table says that address is on. Note that this needs to be easily disabled; if some form of advanced routing or policy routing intends traffic from a host to come in one interface and traffic to that host to leave out a different interface, then legitimate packets will be dropped.
net.ipv4.conf.all.rp_filter = 1
Enable TCP SYN Cookie Protection.
When the connection queue is filled, we drop back to this; we lose TCP extensions as a trade-off for any connections made as Syncookies, but we would otherwise not be making said connections at all so this is a net gain.
net.ipv4.tcp_syncookies = 1
Some other parameters :
net.ipv4.conf.default.rp_filter = 1
kernel.pid_max = 65536
net.ipv4.ip_local_port_range = 9000 65000
Implements RFC 1337 fix F1 to counteract hazards H1, H2, and H3. This accounts for all hazards discussed in RFC 1337.
net.ipv4.tcp_rfc1337 = 1
Implements TCP Syncookies. When the connection queue is filled, we drop back to this; we lose TCP extensions as a trade-off for any connections made as Syncookies, but we would otherwise not be making said connections at all so this is a net gain.
net.ipv4.tcp_syncookies = 1
Ignores broadcast pings, reducing the damage of SMURF attacks.
net.ipv4.icmp_echo_ignore_broadcasts = 1
Some routers ignore RFC 1122 and send junk error responses that get logged. It may be possible to trigger this logging by spoofing; this would lead to filling up the hard disk with junk logs, causing a denial of service.
icmp_ignore_bogus_error_responses = 1
Default value is 100; we relax this to limit it to 5 per second.
net.ipv4.icmp_ratelimit = 20
Default value is 6168; we set a few ICMP masks to be rate limited:
net.ipv4.icmp_ratemask = 88089
0: ICMP Echo Reply
3: ICMP Destination Unreachable (default)
4: ICMP Source Quench (default)
11: ICMP Time Exceeded (default)
12: ICMP Parameter Problem (default)
14: ICMP Timestamp Reply
16: ICMP Information Reply
After changing /etc/sysctl.conf make changes active by : #sysctl -p
GNU Privacy Guard (GnuPG or GPG) is a GPL Licensed alternative to the PGP suite of cryptographic software. GnuPG is compliant with RFC 4880, which is the current IETF standards track specification of OpenPGP. Current versions of PGP (and Veridis’ Filecrypt) are interoperable with GnuPG and other OpenPGP-compliant systems.
Solution 1 – Encrypt with a simmetric key
This is the easiest way to encrypt a file, you use a “password” to encrypt the file and when you want to decrypt the cyphertext you have to give the same password.
The key, in practice, represent a shared secret between two or more parties that can be used to maintain a private information, in general this solution is as good as the password you choose, can be a good solution to send a document via email and communicate the password with another media (telephone, instant message, chat).
In this example I’ll use a simple file, mysecretdocument.txt that contains secret 1234
mint-desktop tmp # cat mysecretdocument.txt
secret 1234
|
Now we can use the gpg option -c (or --symmetric) to encrypt with a symmetric cipher using a passphrase. The default symmetric cipher used is CAST5, but may be chosen with the --cipher-algo option:
mint-desktop tmp # gpg -c mysecretdocument.txt
gpg: directory `/root/.gnupg' created
gpg: new configuration file `/root/.gnupg/gpg.conf' created
gpg: WARNING: options in `/root/.gnupg/gpg.conf' are not yet active during this run
gpg: keyring `/root/.gnupg/pubring.gpg' created
|
This was my first use of gpg on this computer and so it has created the directory /root/.gnupg and some files, this is normal if you have never used gpg, also it asked me twice for a passphradse, once that i typed it 2 times it create the new file, now I’ve on that directory the new encrypted file:
mint-desktop tmp # ls -alrt
-rw-r--r-- 1 root root 12 Jan 10 23:13 mysecretdocument.txt
-rw-r--r-- 1 root root 67 Jan 10 23:14 mysecretdocument.txt.gpg
|
And we can do a cat of the the new file, to verify that it has been encrypted, the default behaviour is to keep the same file name of the original and add at the end the suffix .gpg, :
mint-desktop tmp # cat mysecretdocument.txt.gpg
|
This will show a bunch of unprintable characters, this is fine.
Now we can keep our secret file and delete the one in plain text, or send it via email and once we need to see our secret again, we can use the command:
mint-desktop tmp # gpg -d mysecretdocument.txt.gpg
gpg: keyring `/root/.gnupg/secring.gpg' created
gpg: CAST5 encrypted data
gpg: gpg-agent is not available in this session
gpg: encrypted with 1 passphrase
secret 1234
gpg: WARNING: message was not integrity protected
|
gpg with the -d option print the output directly on standard output, to write it to a file you can use the gpg option -o outputfile.txt:
mint-desktop tmp # gpg -o mynewfile.txt -d mysecretdocument.txt.gpg
mint-desktop tmp # ls -l my*
-rw-r--r-- 1 root root 12 Jan 10 23:37 mynewfile.txt
-rw-r--r-- 1 root root 12 Jan 10 23:13 mysecretdocument.txt
-rw-r--r-- 1 root root 67 Jan 10 23:14 mysecretdocument.txt.gpg
|
Solution 2 – Encrypt with a public key
There is also another approach to encryption, GPG allows you to use public-private key encryption to encrypt and decrypt files on Windows and Linux. The benefit of public-private key encryption is that you can keep your public key out in the open, and use it from anywhere to encrypt files. Once encrypted with the public key, those files can only be decrypted with the private key.
So in the example we will adopt a system that will use a certificate that consists of two distinct keys, one private and one public.
The private key should remain exclusively in the hands of the owner of the certificate.
The owner will use it to decrypt files that are sent to him, that can now be sent also with insecure protocols (email, ftp, http upload)
The public key can be distributed to the whole world, without incurring in any risk of danger. It will be used to encrypt files addressed to the owner of the certificate, only the owner of the related private key can decrypt that file.
The public key can be distributed to anyone without any control. The fact that it falls into foreign hands will not constitute any danger. The greatest attention should be given exclusively to the private key, which must remain strictly in the hands of the legitimate owners.
As first thing, you must generate a public/private keypair. This keypair is generated with the --gen-key option of gpg:
$ gpg --gen-key
gpg (GnuPG) 1.4.11; Copyright (C) 2010 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Please select what kind of key you want:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
Your selection? 1
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 4096
Requested keysize is 4096 bits
Please specify how long the key should be valid.
0 = key does not expire
= key expires in n days
w = key expires in n weeks
m = key expires in n months
y = key expires in n years
Key is valid for? (0) 0
Key does not expire at all
Is this correct? (y/N) y
You need a user ID to identify your key; the software constructs the user ID
from the Real Name, Comment and Email Address in this form:
"Heinrich Heine (Der Dichter) "
Real name: Linuxaria admin
Email address: admin@linuxaria.com
Comment:
You selected this USER-ID:
"Linuxaria admin "
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
You need a Passphrase to protect your secret key.
gpg: gpg-agent is not available in this session
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
Not enough random bytes available. Please do some other work to give
the OS a chance to collect more entropy! (Need 26 more bytes)
...........+++++
........+++++
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: key A7B8B4DD marked as ultimately trusted
public and secret key created and signed.
gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
pub 4096R/A7B8B4DD 2013-01-11
Key fingerprint = AF7B 310A 57FF 0524 91A6 E483 83F7 FE98 A7B8 B4DD
uid Linuxaria admin
sub 4096R/E427331B 2013-01-11
|
In this example I’ve created a RSA key 4096 bits long and set as user ID for the key which consists of the real name, e-mail address and optionally a comment “Linuxaria admin “, i can verify the new keys with the options --list-keys and --list-secret-keys
mint-desktop ~ # gpg --list-keys;
/root/.gnupg/pubring.gpg
------------------------
pub 4096R/A7B8B4DD 2013-01-11
uid Linuxaria admin
sub 4096R/E427331B 2013-01-11
mint-desktop ~ # gpg --list-secret-keys
/root/.gnupg/secring.gpg
------------------------
sec 4096R/A7B8B4DD 2013-01-11
uid Linuxaria admin
ssb 4096R/E427331B 2013-01-11
Monitoring dashboard is the new feature of latest weblogic server to view diagnostic data without doing additional setup.
This is the extension of the WLDF framework. The Monitoring Dashboard provides views and tools for graphically presenting diagnostic data about servers and applications running on them. The underlying functionality for generating, retrieving, and persisting diagnostic data is provided by the WebLogic Diagnostics Framework. The Monitoring Dashboard provides additional tools for presenting that data in charts and graphs.
The Monitoring dashboard can be launched from the home page of the Web logic administration console or pointing to the direct URL.
Direct URL to access the Monitoring Dashboard – http://<Server Host>:<Server Port>/console/dashboard
The different resources like JMS, JVM, JDBC and Thread Pools can be monitored here.
The different resources like JMS, JVM, JDBC and Thread Pools can be monitored here.
The diagnostic data can be captured for a particular resource in a particular time by using the start and stop functionality.
The console application can be find at the below location
$WEBLOGIC_HOME\server\lib\consoleapp
Change the directory location to $WEBLOGIC_HOME/server/lib/consoleapp/webapp/WEB-INF and open the weblogic.xml in a text editor.
Look for a session param tag with the name as “invalidation-interval-secs” and “timeout-secs”
Default Values
<session-descriptor>
<timeout-secs>3600</timeout-secs>
<invalidation-interval-secs>60</invalidation-interval-secs>
<cookie-name>ADMINCONSOLESESSION</cookie-name>
<cookie-max-age-secs>-1</cookie-max-age-secs>
<url-rewriting-enabled>false</url-rewriting-enabled>
</session-descriptor>
Change the value for “invalidation-interval-secs” and “timeout-secs” as per your requirement and restart the Weblogic Admin Server.
Login to weblogic admin console and verify the same.
If the EM console is deployed to weblogic server(EM console will be part of domain if any of the middleware component is installed) then the session timeout can be increased as follows.
Login to EM console and open the MBean Browser(Right click soa-infra–>Administartion–>System MBean Browser)
Enter the following value into the Mbean Browser filter and click on ok.
  Change the session timeout value accordingly and click on Apply.
We faced the issue while starting the weblogic managed server the status of the server struck in STARTING.
W could not able to find a valid error messages in the log files
Managed Server Log File:
<30-Oct-2013 11:13:29 o’clock GMT> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to STARTING>
No logs are getting printed after this.
Node Manager Log File:
<30-Oct-2013 11:09:44> <INFO> <SOACoreDomain> <MS1> <Server failed during startup so will not be restarted>
<30-Oct-2013 11:09:44> <WARNING> <Exception while starting server ‘MS1’>
java.io.IOException: Server failed to start up. See server output log for more details.
at weblogic.nodemanager.server.AbstractServerManager.start(AbstractServerManager.java:200)
at weblogic.nodemanager.server.ServerManager.start(ServerManager.java:23)
at weblogic.nodemanager.server.Handler.handleStart(Handler.java:604)
at weblogic.nodemanager.server.Handler.handleCommand(Handler.java:121)
at weblogic.nodemanager.server.Handler.run(Handler.java:71)
at java.lang.Thread.run(Thread.java:662)
The root cause of this issue is somehow the ldap directory of the server got corrupted.
To resolve this issue:
- Kill the managed server
- Remove the ldap folder from the following location <<DOMAIN_HOME>>/servers/<<Managed Server>>, this file will be auto generated while restarting the server.
- Restart the server
Before WLS release 10.3.5, weblogic servers’s hostname verification code did not supports the wildcard certificate by default we have to create a custom hostname verification code to handle this scenario but from WLS release 10.3.5, weblogic servers hostname verification code by default supports the wildcard certificates.
Wildcard SSL Certificates work the same way as a regular SSL Certificate, allowing you to secure the connection between the client and server(www.abc.com) but a single Wildcard SSL Certificate covers any and all of the sub-domains of the main domain(*.abc.com)
Configuring Wildcard SSL HostnameVerifier:
- Launch WLS console
- Click on Environment -> Servers and click on the server
- Then go to SSL tab
- Lock & Edit
- Scroll down and expand advanced section
- Change Hostname verification entry to Custom Hostname Verifier
- Enter Below in Custom Hostname verifier “weblogic.security.utils.SSLWLSWildcardHostnameVerifier”
 
- Make sure the option Use JSSE SSL is selected.
- Restart the weblogic server.
The script will help us to update the Graceful Shutdown parameter for the servers in the weblogic domain.
UpdateGracefulShutdownParameters.py
def conn():
try:
adminURL=’t3://’+domainProps.get(‘domain1.AdminIP’)+’:’+domainProps.get(‘domain1.AdminPort’)
adminUserName=’weblogic’
adminPassword=domainProps.get(“domain1.AdminPasswd”)
connect(adminUserName, adminPassword, adminURL)
except ConnectionException,e:
print ‘Unable to find admin server…’
exit()
def updateGraceFulShutdownTimings():
edit()
startEdit()
print
print ‘##############’
print ‘# Update Graceful Shutdown to 300 Seconds and ignore session true#’
print ‘##############’
print
for name in serverNames:
try:
print ‘Updating Server==>’+ name.getName()
cd(“/Servers/” + name.getName())
cmo.setGracefulShutdownTimeout(300)
cmo.setIgnoreSessionsDuringShutdown(true)
except WLSTException,e:
# this typically means the server is not active, just ignore
print ‘Exception While Update the attribute’
print ‘=========================================’
save()
activate()
def quit():
disconnect()
exit()
if __name__== “main”:
conn()
serverNames = cmo.getServers()
updateGraceFulShutdownTimings()
quit()
Execute the script:
cd %WLS_HOME%\common\bin
wlst.sh UpdateGracefulShutdownParameters.py
The below script will help us to set the shared location to the tlogs for the weblogic servers in a domain.
import sys
print “@@@ Starting the script …”
from java.util import *
from javax.management import *
from java.io import FileInputStream
print “@@@ Starting the script …”
global props
#The directory of the domain configuration
#/app/oracle/products/11g/admin/domains
wlsDomain=os.environ[“WLSDOMAIN”]
print “WLSDOMAIN=”+wlsDomain
adminURL=’t3://’+domainProps.get(‘domain1.AdminIP’)+’:’+domainProps.get(‘domain1.AdminPort’)
adminUserName=’weblogic’
adminPassword=domainProps.get(“domain1.AdminPasswd”)
connect(adminUserName, adminPassword, adminURL)
edit()
startEdit()
adminserverDir = File(wlsDomain+’/SOACoreDomain/soa_cluster/tlogs’)
bool = adminserverDir.mkdirs()
cd(‘/Servers/SOA1/DefaultFileStore/SOA1′)
cmo.setDirectory(wlsDomain+’/SOACoreDomain/soa_cluster/tlogs’)
cd(‘/Servers/SOA2/DefaultFileStore/SOA2′)
cmo.setDirectory(wlsDomain+’/SOACoreDomain/soa_cluster/tlogs’)
cd(‘/Servers/SOA3/DefaultFileStore/SOA3′)
cmo.setDirectory(wlsDomain+’/SOACoreDomain/soa_cluster/tlogs’)
save()
activate()
Execute the script:
cd %WLS_HOME%\common\bin
wlst.sh DomainLogConfigurtionChange.py
Oracle Real Application Clusters (RAC) is a software component you can add to a high-availability solution that enables users on multiple machines to access a single database with increased performance. RAC comprises two or more Oracle database instances running on two or more clustered machines and accessing a shared storage device via cluster technology.
If your application requires load balancing across RAC nodes, WebLogic Server supports this capability through use of Using Connect-Time Load Balancing/Failover with Oracle RAC(JDBC URL based Load Balancing/Failover), JDBC Multi Data sources with Oracle RAC nodes and Gridlink Data Source.
Multi Data Source:
Refer the below URL’s for details on Multi Data Source.
JDBC Multi Data Sources in weblogic server
A multi data source is an abstraction around a group of data sources that provides load balancing or failover processing between the data sources associated with the multi data source. Multi data sources are bound to the JNDI tree or local application context just like data sources are bound to the JNDI tree. The Multi Data Source can be used in the same way as we use a Data Source.
When an application requests a connection, the Multi Data Source determines which data source will provide a connection based on the selected algorithm.
Create two or more data sources, and then create a Multi Data Source and assign data sources to the Multi Data Source.
Configurations for the Multi Data Source.
Algorithm Type
Load-Balancing
Connection requests to a load-balancing multi data source are served from any data source in the list. The multi data source selects data sources to use to satisfy connection requests using a round-robin scheme. When the multi data source provides a connection, it selects a connection from the data source listed just after the last data source that was used to provide a connection. Multi data sources that use the Load Balancing algorithm also fail over to the next data source in the list if a database connection test fails and the connection cannot be replaced, or if the data source is suspended.
Failover
The Failover algorithm provides an ordered list of data sources to use to satisfy connection requests. Normally, every connection request to this kind of multi data source is served by the first data source in the list. If a database connection test fails and the connection cannot be replaced, or if the data source is suspended, a connection is sought sequentially from the next data source on the list.
FailoverRequestIfBusy
With the Failover algorithm, this attribute enables failover when all connections in a data source are in use.
TestFrequencySeconds
This attribute controls the frequency at which Weblogic Server checks the health of data sources previously marked as unhealthy to see if connections can be recreated and if the data source can be re-enabled.
Creating JDBC Multi Data Source through WLST
The below WLST script will help us to create the Multi Data Source in weblogic server.CreateMultiDataSource.py
adminURL=’t3://<<Admin Server Host>>:<<Port>>’
adminUserName=’weblogic’
adminPassword='<<Password>>’
connect(adminUserName, adminPassword, adminURL)
edit()
startEdit()
jdbcSystemResource = create(“MS1″,”JDBCSystemResource”)
jdbcResource = jdbcSystemResource.getJDBCResource()
jdbcResource.setName(“MS1”)
dsParams = jdbcResource.getJDBCDataSourceParams()
jndiName=’jdbc/MS1′
dsParams.setJNDINames([jndiName])
dsParams.setAlgorithmType(‘Failover’)
dsParams.setDataSourceList(‘DS1,DS2’)
dsParams.setFailoverRequestIfBusy(true)
jdbcSystemResource.addTarget(getMBean(‘Servers/AdminServer’))
print(‘MDS1 created successfully…’)
save()
activate()
disconnect()
Before executing this script the member data sources(DS1,DS2) should be created.
Connect-Time Load Balancing/Failover with Oracle RAC(JDBC URL based Load Balancing/Failover):
The JDBC connection string can be configure with single data source to support the load balancing and failover with RAC data source nodes.
Create a Generic Data source in weblogic server and provide the JDBC URL as below.Enable and disable the load balancing and failover accordingly.
jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS_LIST=(LOAD_BALANCE=on)(FAILOVER=on)(ADDRESS=(PROTOCOL=tcp)(HOST=RAC node1)(PORT=1521))(ADDRESS=(PROTOCOL=tcp)(HOST=RAC node2)(PORT=1521)))(CONNECT_DATA=(SERVICE_NAME=servicename)))
There are some limitation using this approach like the Global XA transactions are not supported.
Gridlink Data Source:
In Oracle WebLogic Server 10.3.4, a single data source implementation has been introduced to support an Oracle RAC cluster. It responds to FAN events to provide Fast Connection Failover (FCF), Runtime Connection Load-Balancing (RCLB), and RAC instance graceful shutdown. XA affinity is supported at the global transaction Id level. The new feature is called WebLogic Active GridLink for RAC; which is implemented as the GridLink data source within WebLogic Server.
FastConnection Failover:
A GridLink data source uses Fast Connection Failover to:
- Provide rapid failure detection
- Abort and remove invalid connections from the connection pool
- Perform graceful shutdown for planned and unplanned Oracle RAC node outages
- Adapt to changes in topology, such as addingor removing a node
- Distribute runtime work requests to all active Oracle RAC instances, including those rejoining a cluster
Runtime Connection Load Balancing:
GridLink data sources use runtime connection load balancing to distribute connections to Oracle RAC instances based on Oracle FAN events issued by the database.
Runtime Connection Load Balancing allows WebLogic Server to:
- Adjust the distribution of work based on back end node capacities such as CPU, availability, and response time
- React to changes in Oracle RAC topology
- Manage pooled connections for high performance and scalability
XA affinity:
XA affinity is a performance feature that ensures that all database operations performed on a RAC cluster within the context of a global transaction are directed to the same RAC instance. Affinity will be established based on the global transaction id, instead of by individual data source, to ensure that connections obtained from different data sources that are configured for the same RAC cluster are all associated with the same RAC instance
Refer the following URL to create the Gridlink datasource through WLST script
Creating the Gridlink data source through WLST script
The below WLST script will help as to create a GridLink datasource in weblogic server.
GridLinkDataSource.properties
dbURL=jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS_LIST=(ADDRESS=(PROTOCOL=TCP)HOST=dbhost1)(PORT=1521))(ADDRESS=(PROTOCOL=TCP)(HOST=dbhost2)(PORT=1521)))(CONNECT_DATA=(SERVICE_NAME=SERVICENAME)))
connectionpool.test.query=SQL SELECT * FROM DUAL
connectionpool.driver.class=oracle.jdbc.OracleDriver
connectionpool.username=SOA_EAIOWNER
connectionpool.password=orasoa11g
connectionpool.initCapacity=10
connectionpool.maxCapacity=60
datasource.name=EAISOAMetadataSource
datasource.jndi.name=eai/ds/EAISOAMetadataSource
datasource.target=Servers/AdminServer
domain.AdminIP=localhost
domain.AdminPort=8000
domain.AdminPasswd=welcome1
GridLinkDatasourceCreation.py
from java.io import FileInputStream
def createGridLinkJDBCResources(configProps):
edit()
startEdit()
server=’AdminServer’
cd(“Servers/”+server)
target=cmo
cd(“../..”)
print ‘=========================================’
print ‘Creating GridLink DataSource….’
print ‘=========================================’
dsTestQuery=configProps.get(“connectionpool.test.query”)
dsDriverName=configProps.get(“connectionpool.driver.class”)
cd(‘/’)
dsURL= configProps.get(“dsURL”)
dsUserName = configProps.get(“connectionpool.username”)
dsPassword = configProps.get(“connectionpool.password”)
initCapacity = configProps.get(“connectionpool.initCapacity”)
maxCapacity = configProps.get(“connectionpool.maxCapacity”)
dsName = configProps.get(“datasource.name”)
jndiname = configProps.get(“datasource.jndi.name”)
datasourceTargets = configProps.get(“datasource.target”).split(“,”)
print ‘dsUserName’,dsUserName
print ‘dsPassword’,dsPassword
print ‘initCapacity’,initCapacity
print ‘maxCapacity’,maxCapacity
print ‘dsName’,dsName
print ‘jndiname’,jndiname
print ‘datasourceTargets’,datasourceTargets
print ‘Creating DataSource: ‘,dsName,’ ….’
myResourceName = dsName
jdbcSystemResource = create(myResourceName,”JDBCSystemResource”)
myFile = jdbcSystemResource.getDescriptorFileName()
jdbcResource = jdbcSystemResource.getJDBCResource()
jdbcResource.setName(myResourceName)
# Create the DataSource Params
dpBean = jdbcResource.getJDBCDataSourceParams()
myName=jndiname
dpBean.setJNDINames([myName])
dpBean.setGlobalTransactionsProtocol(‘TwoPhaseCommit’)
# Create the Driver Params
drBean = jdbcResource.getJDBCDriverParams()
drBean.setPassword(dsPassword)
drBean.setUrl(dsURL)
drBean.setDriverName(dsDriverName)
#Create the Oracle params
orapr=jdbcResource.getJDBCOracleParams()
orapr.setFanEnabled(true)
orapr.setOnsNodeList(‘node1:6200,node2:6200’)
propBean = drBean.getProperties()
driverProps = Properties()
driverProps.setProperty(“user”,dsUserName)
e = driverProps.propertyNames()
while e.hasMoreElements() :
propName = e.nextElement()
myBean = propBean.createProperty(propName)
myBean.setValue(driverProps.getProperty(propName))
# Create the ConnectionPool Params
ppBean = jdbcResource.getJDBCConnectionPoolParams()
ppBean.setInitialCapacity(int(initCapacity))
ppBean.setMaxCapacity(int(maxCapacity))
ppBean.setTestConnectionsOnReserve(true)
ppBean.setTestTableName(‘SQL SELECT 1 FROM DUAL’)
xaParams = jdbcResource.getJDBCXAParams()
xaParams.setKeepXaConnTillTxComplete(1)
# Add Target
for datasourceTarget in datasourceTargets:
print ‘DataSourceTargets’,datasourceTargets
print ‘DataSourceTarget’,datasourceTarget
if datasourceTarget==”:
print ”
else:
jdbcSystemResource.addTarget(getMBean(datasourceTarget))
print ‘DataSource: ‘,dsName,’, has been created Successfully !!!’
print ‘=========================================’
save()
activate()
def main():
propInputStream1 = FileInputStream(“GridLinkDataSource.properties”)
configProps = util.Properties()
configProps.load(propInputStream1)
adminURL=’t3://’+configProps.get(‘domain.AdminIP’)+’:’+configProps.get(‘domain.AdminPort’)
adminUserName=’weblogic’
adminPassword=configProps.get(“domain.AdminPasswd”)
connect(adminUserName, adminPassword, adminURL)
createGridLinkJDBCResources(configProps);
print ‘Successfully created JDBC resources for SOACoreDomain’
disconnect()
main()
Change the values accordingly in the property file and execute the $WLSHOME/common/bin/wlst.sh GridLinkDatasourceCreation.py  After the successful execution of the script login to console and verify the Gridlink datasource created.
We were getting the error “A timeout occurred while interacting with Server. Limited information is available” while accessing the Server Page from the admin console in clustered weblogic environment and the health of the server is shown as empty but the state is shown as running.
Login to the admin console and accessing the Server page also was taking more time
But the individual servers and the node managers are running fine in all the nodes.
The issue seems to be because of the delay in the communication between the node manager and the managed servers.
To Resolve the issue:
- Stop all the managed servers from all the nodes.
- Kill the node managers from all the nodes.
- Stop the Admin server.
- Start the node manager in all the nodes.
- Start the Admin server.
- Start all the managed server.
Login to admin console and verify the servers, now the state and the health of the server will be displayed properly
|
|
Recent Comments