WebLogic 10.3 安装、配置与管理手册
第一章 WebLogic 10.3 for Win32
§1.1 安装准备
下载WebLogic10.3 for x86 Win32安装文件;
安装Windows XP Sp2或Windows 2003 Server;
检查操作系统的磁盘空间,确保空闲空间在2G以上。
§1.2 安装过程
§1.2.1 启动安装
运行WebLogic10.3_win32.exe,启动WebLogic 10.3的安装过程。
§1.2.2 welcome
§1.2.3 选择Weblogic安装目录
建议安装在非系统盘C:,且目录名不要包含汉字与空格。
§1.2.4 选择Custom类型
§1.2.5 选择要安装的组件类型
安装除Workshop组件和例子程序外的组件。
§1.2.6 选择要安装的JDK
两者均安装。
§1.2.7 选择产品安装目录
建议安装在非系统盘C:,且目录名不要包含汉字与空格。
§1.2.8 安装节点管理服务
要安装节点管理服务,并修改默认的端口5556为7878。
§1.2.9 选择快捷菜单模式
§1.2.10 安装总结
§1.2.11 安装过程
§1.2.12 安装结束
取消执行Run Quickstart。
§1.3 创建管理服务器的域
AdminServer Name: AdminServer
Listen Address: 192.168.100.1
Listen Port: 8080
SSL Listen Port: 8081
SSL enabled: true
Domain Name: weblogic
§1.3.1 运行Configuration Wizard
§1.3.2 选择创建新域
§1.3.3 选择域源
§1.3.4 配置管理员及密码
§1.3.5 选产品模式+JRockitJDK
§1.3.6 选择要定制环境与服务设置
§1.3.7 暂不配置安全存储
§1.3.8 配置管理服务器的端口
§1.3.9 暂不添加受管的服务器
§1.3.10 暂不添加受管的主机
§1.3.11 Review配置
§1.3.12 指定域名
§1.3.13 创建域
§1.4 创建受管服务器的域
创建受管服务器的Domain有两种方法:
一、 如管理服务器和受管服务器的操作系统相同,则可以将管理服务器创建的Domain复制到受管服务器。
二、 如管理服务器和受管服务器的操作系统不同,则创建受管服务器的Domain和Server可以比照管理服务器的Domain和Server进行创建,但应确保受管服务器的域名、管理员及密码和管理服务器完全相同,但Server名称和管理服务器的Server不同,且在该域中是唯一的。
§1.5 配置和启动节点管理器
§1.5.1 直接运行
直接运行startNodeManager.cmd。
§1.5.2 配置节点管理器作为Service
除直接运行节点管理器外,还可以将节点管理器配置为Windows Service,执行C:\bea\wlserver_10.3\server\bin\installNodeMgrSvc.cmd将受管服务器主机的NodeManager配置为Windows的Service。在Unix机器,则配置为Daemon进程。(必要时,可以编辑该脚本,配置set NODEMGR_HOST=以限定节点管理器监听的地址,默认监听0.0.0.0)。
更详细的配置,参考WebLogic管理员手册。
§1.5.3 启动受管服务器的节点管理器
第二章 WebLogic 10.3 for SUSE linux
§2.1 安装准备
下载WebLogic10.3 for x86 linux安装文件;
安装Suse Linux enterprise Server 11.0;
检查Suse环境,确保/root空闲空间在2G以上。如果/root空间不足,则应扩展root空间,或创建一个新的文件系统,并确保该文件系统空间在2G以上。本手册假定该文件系统的mount点是/soft;如root的空间足够,则在root创建目录/soft作为安装源目录;
创建WebLogic使用的文件系统,该文件系统的mount点建议为/bea,空间应在2G以上,后续将安装WebLogic软件到该文件系统中。
§2.2 安装过程
§2.2.1 创建bea组和weblogic用户
使用root登录操作系统,执行下列命令创建bea组和weblogic用户。bea组号为600,weblogic用户号为600,属于bea组,home目录为/bea。
# groupadd -g 600 bea
# useradd -d /bea -u 600 -g 600 weblogic
# passwd weblogic -- 激活weblogic用户
执行下列命令将/bea分配给weblogic用户。
# cd /
# chown weblogic:bea /bea
# chmod 755 /bea
§2.2.2 上传安装文件并执行
使用weblogic登录,使用bin模式,上传WebLogic安装文件server103_linux.bin到soft目录,执行下列命令执行安装文件。
$ cd /soft
$ chmod a+x server103_linux.bin
$ ./server103_linux.bin -mode=console
系统自动解压缩安装文件,并启动文本的安装界面。
§2.2.3 欢迎界面
<--------------- Oracle Installer - WebLogic Platform 10.3.0.0 --------------->
Welcome:
--------
This installer will guide you through the installation of WebLogic Platform
10.3.0.0. Type "Next" or enter to proceed to the next prompt. If you want to
change data entered previously, type "Previous". You may quit the installer at any time by typing "Exit".
Enter [Exit][Next]> next
§2.2.4 指定WebLogic主目录为/bea
<--------------- Oracle Installer - WebLogic Platform 10.3.0.0 --------------->
Choose BEA Home Directory:
--------------------------
"BEA Home" = [Enter new value or use default "/root/bea"]
Enter new BEA Home OR [Exit][Previous][Next]> /bea
<--------------- Oracle Installer - WebLogic Platform 10.3.0.0 --------------->
Choose BEA Home Directory:
--------------------------
"BEA Home" = [/bea]
Use above value or select another option:
1 - Enter new BEA Home
2 - Change to default [/root/bea]
Enter option number to select OR [Exit][Previous][Next]> next
§2.2.5 选择安装类型为Custom
<--------------- Oracle Installer - WebLogic Platform 10.3.0.0 --------------->
Choose Install Type:
--------------------
Select the type of installation you wish to perform.
->1|Complete
| Install the following software products and examples:
| - WebLogic Server
| - Workshop
2|Custom
| Choose software products and components to install and perform optional
|configuration.
Enter index number to select OR [Exit][Previous][Next]> 2
§2.2.6 选择要安装的产品组件
需取消安装Workshop和Server Examples
<--------------- Oracle Installer - WebLogic Platform 10.3.0.0 --------------->
Choose Products and Components:
-------------------------------
Release 10.3.0.0
|_____WebLogic Server [1] x
| |_____Core Application Server [1.1] x
| |_____Administration Console [1.2] x
| |_____Configuration Wizard and Upgrade Framework [1.3] x
| |_____Web 2.0 HTTP Pub-Sub Server [1.4] x
| |_____WebLogic JDBC Drivers [1.5] x
| |_____Third Party JDBC Drivers [1.6] x
| |_____WebLogic Server Clients [1.7] x
| |_____WebLogic Web Server Plugins [1.8] x
| |_____UDDI and Xquery Support [1.9] x
| |_____Server Examples [1.10] x
|_____Workshop [2] x
|_____Workshop for WebLogic [2.1] x
|_____Workshop Runtime Framework [2.2] x
*Estimated size of installation: 788.3 MB
Enter number exactly as it appears in brackets to toggle selection OR [Exit][Previous][Next]> 2
<--------------- Oracle Installer - WebLogic Platform 10.3.0.0 --------------->
Choose Products and Components:
-------------------------------
Release 10.3.0.0
|_____WebLogic Server [1] x
| |_____Core Application Server [1.1] x
| |_____Administration Console [1.2] x
| |_____Configuration Wizard and Upgrade Framework [1.3] x
| |_____Web 2.0 HTTP Pub-Sub Server [1.4] x
| |_____WebLogic JDBC Drivers [1.5] x
| |_____Third Party JDBC Drivers [1.6] x
| |_____WebLogic Server Clients [1.7] x
| |_____WebLogic Web Server Plugins [1.8] x
| |_____UDDI and Xquery Support [1.9] x
| |_____Server Examples [1.10] x
|_____Workshop [2]
|_____Workshop for WebLogic [2.1]
|_____Workshop Runtime Framework [2.2]
*Estimated size of installation: 406.3 MB
Enter number exactly as it appears in brackets to toggle selection OR [Exit][Previous][Next]> 1.10
<--------------- Oracle Installer - WebLogic Platform 10.3.0.0 --------------->
Choose Products and Components:
-------------------------------
Release 10.3.0.0
|_____WebLogic Server [1] x
| |_____Core Application Server [1.1] x
| |_____Administration Console [1.2] x
| |_____Configuration Wizard and Upgrade Framework [1.3] x
| |_____Web 2.0 HTTP Pub-Sub Server [1.4] x
| |_____WebLogic JDBC Drivers [1.5] x
| |_____Third Party JDBC Drivers [1.6] x
| |_____WebLogic Server Clients [1.7] x
| |_____WebLogic Web Server Plugins [1.8] x
| |_____UDDI and Xquery Support [1.9] x
| |_____Server Examples [1.10]
|_____Workshop [2]
|_____Workshop for WebLogic [2.1]
|_____Workshop Runtime Framework [2.2]
*Estimated size of installation: 360.4 MB
Enter number exactly as it appears in brackets to toggle selection OR [Exit][Previous][Next]> next
§2.2.7 选择要安装的JDK
<--------------- Oracle Installer - WebLogic Platform 10.3.0.0 --------------->
JDK Selection (Any * indicates BEA Supplied VM):
------------------------------------------------
JDK(s) chosen for use with this product installation will be installed. Supported defaults if not deselected will be used in script string-substitution.
1|Add Local Jdk
2|/bea/jdk160_05[x]*
3|/bea/jrockit_160_05[x]*
*Estimated size of installation: 713.2 MB
Enter 1 to add or >= 2 to toggle selection OR [Exit][Previous][Next]> next
§2.2.8 安装确认
<--------------- Oracle Installer - WebLogic Platform 10.3.0.0 --------------->
Choose Product Installation Directories:
----------------------------------------
BEA Home Directory: [/bea]
Product Installation Directories:
"WebLogic Server" = [Enter new value or use default "/bea/wlserver_10.3"]
Enter new WebLogic Server OR [Exit][Previous][Next]> next
<--------------- Oracle Installer - WebLogic Platform 10.3.0.0 --------------->
The following Products and JDKs will be installed:
--------------------------------------------------
WebLogic Platform 10.3.0.0
|_____WebLogic Server
| |_____Core Application Server
| |_____Administration Console
| |_____Configuration Wizard and Upgrade Framework
| |_____Web 2.0 HTTP Pub-Sub Server
| |_____WebLogic JDBC Drivers
| |_____Third Party JDBC Drivers
| |_____WebLogic Server Clients
| |_____WebLogic Web Server Plugins
| |_____UDDI and Xquery Support
|_____JDKs
|_____Sun SDK 1.6.0_05
|_____BEA JRockit 1.6.0_05 SDK
*Estimated size of installation: 713.3 MB
Enter [Exit][Previous][Next]> next
§2.2.9 文件复制
<--------------- Oracle Installer - WebLogic Platform 10.3.0.0 --------------->
Installing files..
0% 25% 50% 75% 100%
[------------|------------|------------|------------]
[*****************************
Performing String Substitutions...
Creating Domains...
§2.2.10 安装结束
<--------------- Oracle Installer - WebLogic Platform 10.3.0.0 --------------->
Installation Complete
Congratulations! Installation is complete.
Press [Enter] to continue or type [Exit]> 按回车键
§2.3 创建管理服务器的域
AdminServer Name: AdminServer
Listen Address: 192.168.100.1
Listen Port: 8080
SSL Listen Port: 8081
SSL enabled: true
Domain Name: weblogic
§2.3.1 运行Configuration Wizard
$ cd /bea/wlserver_10.3/common/bin
./config.sh -mode=console
§2.3.2 选择创建新域
<-------------------- Oracle WebLogic Configuration Wizard ------------------->
Welcome:
--------
Choose between creating and extending a domain. Based on your selection,
the Configuration Wizard guides you through the steps to generate a new or
extend an existing domain.
->1|Create a new WebLogic domain
| Create a WebLogic domain in your projects directory.
2|Extend an existing WebLogic domain
| Extend an existing WebLogic domain. Use this option to add
|applications and services, or to override existing database access (JDBC)
|and messaging (JMS) settings. You can also incorporate additional
|functionality in your domain, for example, by including AquaLogic Service
|Bus.
Enter index number to select OR [Exit][Next]> 1
§2.3.3 选择域源
<-------------------- Oracle WebLogic Configuration Wizard ------------------->
Select Domain Source:
---------------------
Select the source from which the domain will be created. You can create the
domain by selecting from the required components or by selecting from a
list of existing domain templates.
->1|Choose Weblogic Platform components
| You can choose the Weblogic component(s) that you want supported in
|your domain.
2|Choose custom template
| Choose this option if you want to use an existing template. This
|could be a custom created template using the Template Builder.
Enter index number to select OR [Exit][Previous][Next]> 1
<-------------------- Oracle WebLogic Configuration Wizard ------------------->
Application Template Selection:
-------------------------------
Available Templates
|_____WebLogic Server (Required)x
Enter number exactly as it appears in brackets to toggle selection OR [Exit][Previous][Next]> next
§2.3.4 配置管理员及密码
<-------------------- Oracle WebLogic Configuration Wizard ------------------->
Configure Administrator Username and Password:
----------------------------------------------
Create a user to be assigned to the Administrator role. This user is the
default administrator used to start development mode servers.
| Name | Value |
_|_________________________|_________________________________________|
1| *User name: | weblogic |
2| *User password: | |
3| *Confirm user password: | |
4| Description: | This user is the default administrator. |
Use above value or select another option:
1 - Modify "User name"
2 - Modify "User password"
3 - Modify "Confirm user password"
4 - Modify "Description"
Enter option number to select OR [Exit][Previous][Next]> 2
<-------------------- Oracle WebLogic Configuration Wizard ------------------->
Configure Administrator Username and Password:
----------------------------------------------
Create a user to be assigned to the Administrator role. This user is the
default administrator used to start development mode servers.
"*User password:" = []
Enter new *User password: OR [Exit][Reset][Accept]>
<-------------------- Oracle WebLogic Configuration Wizard ------------------->
Configure Administrator Username and Password:
----------------------------------------------
Create a user to be assigned to the Administrator role. This user is the
default administrator used to start development mode servers.
| Name | Value |
_|_________________________|_________________________________________|
1| *User name: | weblogic |
2| *User password: | *********** |
3| *Confirm user password: | |
4| Description: | This user is the default administrator. |
Use above value or select another option:
1 - Modify "User name"
2 - Modify "User password"
3 - Modify "Confirm user password"
4 - Modify "Description"
5 - Discard Changes
Enter option number to select OR [Exit][Previous][Next]> 3
<-------------------- Oracle WebLogic Configuration Wizard ------------------->
Configure Administrator Username and Password:
----------------------------------------------
Create a user to be assigned to the Administrator role. This user is the
default administrator used to start development mode servers.
"*Confirm user password:" = []
Enter new *Confirm user password: OR [Exit][Reset][Accept]>
<-------------------- Oracle WebLogic Configuration Wizard ------------------->
Configure Administrator Username and Password:
----------------------------------------------
Create a user to be assigned to the Administrator role. This user is the
default administrator used to start development mode servers.
| Name | Value |
_|_________________________|_________________________________________|
1| *User name: | weblogic |
2| *User password: | *********** |
3| *Confirm user password: | *********** |
4| Description: | This user is the default administrator. |
Use above value or select another option:
1 - Modify "User name"
2 - Modify "User password"
3 - Modify "Confirm user password"
4 - Modify "Description"
5 - Discard Changes
Enter option number to select OR [Exit][Previous][Next]> Next
§2.3.5 选产品模式+JRockitJDK
<-------------------- Oracle WebLogic Configuration Wizard ------------------->
Domain Mode Configuration:
--------------------------
Enable Development or Production Mode for this domain.
->1|Development Mode
2|Production Mode
Enter index number to select OR [Exit][Previous][Next]> 2
<-------------------- Oracle WebLogic Configuration Wizard ------------------->
Java SDK Selection:
-------------------
->1|JRockit SDK 1.6.0_05 @ /bea/jrockit_160_05
2|Sun SDK 1.6.0_05 @ /bea/jdk160_05
3|Other Java SDK
Enter index number to select OR [Exit][Previous][Next]> 1
§2.3.6 选择要定制环境与服务设置
<-------------------- Oracle WebLogic Configuration Wizard ------------------->
Choose Configuration Option:
----------------------------
*Do you want to modify any of the preconfigured settings or defaults in
*your template?
*
*To keep the default or template settings, and proceed directly to name and *create your domain, leave No selected.
1|Yes
->2|No
Enter index number to select OR [Exit][Previous][Next]> 1
§2.3.7 暂不配置安全存储
<-------------------- Oracle WebLogic Configuration Wizard ------------------->
Configure RDBMS Security Store Options:
---------------------------------------
Create the RDBMS tables in your datastore prior to booting your domain. The
scripts for use by your DBA are in WebLogic Server's server/lib directory.
Click Next to keep the template settings or bypass RDBMS options.
->1|I don't want to change anything here.
2|I want to create, change, or remove RDBMS support.
Enter index number to select OR [Exit][Previous][Next]> 1
§2.3.8 配置管理服务器的端口
<-------------------- Oracle WebLogic Configuration Wizard ------------------->
Configure the Administration Server:
------------------------------------
Enter adminstration server configurations. Each WebLogic Server domain must
have one Administration Server. The Administration Server hosts the
Administration Console which is used to perform administrative tasks.
| Name | Value |
_|__________________|_____________________|
1| *Name: | AdminServer |
2| Listen address: | All Local Addresses |
3| Listen port: | 7001 |
4| SSL listen port: | N/A |
5| SSL enabled: | false |
Use above value or select another option:
1 - Modify "Name"
2 - Modify "Listen address"
3 - Modify "Listen port"
4 - Modify "SSL enabled"
Enter option number to select OR [Exit][Previous][Next]> 2
<-------------------- Oracle WebLogic Configuration Wizard ------------------->
Configure the Administration Server:
------------------------------------
Enter adminstration server configurations. Each WebLogic Server domain must
have one Administration Server. The Administration Server hosts the
Administration Console which is used to perform administrative tasks.
| Name | Value |
_|__________________|_____________________|
1| *Name: | AdminServer |
2| Listen address: | All Local Addresses |
3| Listen port: | 7001 |
4| SSL listen port: | N/A |
5| SSL enabled: | false |
Enter value for "Listen address" OR [Exit][Previous][Next]> 192.168.100.30
<-------------------- Oracle WebLogic Configuration Wizard ------------------->
Configure the Administration Server:
------------------------------------
Enter adminstration server configurations. Each WebLogic Server domain must
have one Administration Server. The Administration Server hosts the
Administration Console which is used to perform administrative tasks.
| Name | Value |
_|__________________|________________|
1| *Name: | AdminServer |
2| Listen address: | 192.168.100.30 |
3| Listen port: | 7001 |
4| SSL listen port: | N/A |
5| SSL enabled: | false |
Use above value or select another option:
1 - Modify "Name"
2 - Modify "Listen address"
3 - Modify "Listen port"
4 - Modify "SSL enabled"
5 - Discard Changes
Enter option number to select OR [Exit][Previous][Next]> 3
<-------------------- Oracle WebLogic Configuration Wizard ------------------->
Configure the Administration Server:
------------------------------------
Enter adminstration server configurations. Each WebLogic Server domain must
have one Administration Server. The Administration Server hosts the
Administration Console which is used to perform administrative tasks.
| Name | Value |
_|__________________|_____________________|
1| *Name: | AdminServer |
2| Listen address: | All Local Addresses |
3| Listen port: | 7001 |
4| SSL listen port: | N/A |
5| SSL enabled: | false |
Enter value for "Listen port" OR [Exit][Previous][Next]> 8080
<-------------------- Oracle WebLogic Configuration Wizard ------------------->
Configure the Administration Server:
------------------------------------
Enter adminstration server configurations. Each WebLogic Server domain must
have one Administration Server. The Administration Server hosts the
Administration Console which is used to perform administrative tasks.
| Name | Value |
_|__________________|_____________________|
1| *Name: | AdminServer |
2| Listen address: | All Local Addresses |
3| Listen port: | 8080 |
4| SSL listen port: | N/A |
5| SSL enabled: | false |
Use above value or select another option:
1 - Modify "Name"
2 - Modify "Listen address"
3 - Modify "Listen port"
4 - Modify "SSL enabled"
Enter option number to select OR [Exit][Previous][Next]> 4
<-------------------- Oracle WebLogic Configuration Wizard ------------------->
Configure the Administration Server:
------------------------------------
Enter adminstration server configurations. Each WebLogic Server domain must
have one Administration Server. The Administration Server hosts the
Administration Console which is used to perform administrative tasks.
*Enter index number to modify "Value"
1|true
->2|false
3|Unspecified
Enter index number to select OR [Exit][Reset][Accept]> 1
<-------------------- Oracle WebLogic Configuration Wizard ------------------->
Configure the Administration Server:
------------------------------------
Enter adminstration server configurations. Each WebLogic Server domain must
have one Administration Server. The Administration Server hosts the
Administration Console which is used to perform administrative tasks.
| Name | Value |
_|__________________|_____________________|
1| *Name: | AdminServer |
2| Listen address: | All Local Addresses |
3| Listen port: | 8080 |
4| SSL listen port: | 7002 |
5| SSL enabled: | true |
Use above value or select another option:
1 - Modify "Name"
2 - Modify "Listen address"
3 - Modify "Listen port"
4 - Modify "SSL listen port"
5 - Modify "SSL enabled"
6 - Discard Changes
Enter option number to select OR [Exit][Previous][Next]> 4
<-------------------- Oracle WebLogic Configuration Wizard ------------------->
Configure the Administration Server:
------------------------------------
Enter adminstration server configurations. Each WebLogic Server domain must
have one Administration Server. The Administration Server hosts the
Administration Console which is used to perform administrative tasks.
| Name | Value |
_|__________________|_____________________|
1| *Name: | AdminServer |
2| Listen address: | All Local Addresses |
3| Listen port: | 8080 |
4| SSL listen port: | 7002 |
5| SSL enabled: | true |
Enter value for "SSL listen port" OR [Exit][Previous][Next]> 8081
<-------------------- Oracle WebLogic Configuration Wizard ------------------->
Configure the Administration Server:
------------------------------------
Enter adminstration server configurations. Each WebLogic Server domain must
have one Administration Server. The Administration Server hosts the
Administration Console which is used to perform administrative tasks.
| Name | Value |
_|__________________|_____________________|
1| *Name: | AdminServer |
2| Listen address: | All Local Addresses |
3| Listen port: | 8080 |
4| SSL listen port: | 8081 |
5| SSL enabled: | true |
Use above value or select another option:
1 - Modify "Name"
2 - Modify "Listen address"
3 - Modify "Listen port"
4 - Modify "SSL listen port"
5 - Modify "SSL enabled"
6 - Discard Changes
Enter option number to select OR [Exit][Previous][Next]> next
§2.3.9 暂不添加受管的服务器
<-------------------- Oracle WebLogic Configuration Wizard ------------------->
Configure Managed Servers:
--------------------------
Add or delete configuration information for Managed Servers. A typical
production environment has one or more Managed Servers. Each Managed Server
is an instance of WebLogic Server used to host enterprise applications.
| Name* | Listen address | Listen port | SSL listen port | SSL enabled |
_|_______|________________|_____________|_________________|_____________|
Enter name for a new OR [Exit][Previous][Next]> next
<-------------------- Oracle WebLogic Configuration Wizard ------------------->
Configure Clusters:
-------------------
Add or delete configuration information for clusters. A cluster contains
multiple WebLogic Server instances that run simultaneously and work
together to provide increased scalability and reliability. A cluster
appears to be a single WebLogic Server instance to clients.
| Name* | Multicast address | Multicast port | Cluster address |
_|_______|___________________|________________|_________________|
Enter name for a new Cluster OR [Exit][Previous][Next]> next
§2.3.10 暂不添加受管的主机
<-------------------- Oracle WebLogic Configuration Wizard ------------------->
Configure Machines:
-------------------
Add or delete machines. A machine hosts one or more WebLogic Server
instances. The Admin Server and Node Manager use this machine definition to
start remote servers.
| Name* | Node manager listen address | Node manager listen port |
_|_______|_____________________________|__________________________|
Enter name for a new Machine OR [Exit][Previous][Next]> next
<-------------------- Oracle WebLogic Configuration Wizard ------------------->
Configure Unix Machines:
------------------------
Add or delete machines. A machine hosts one or more WebLogic Server
instances. The Admin Server and Node Manager use this machine definition to
start remote servers.
| Name |
_|______|
Enter name for a new Unix Machine OR [Exit][Previous][Next]> next
§2.3.11 指定域名
<-------------------- Oracle WebLogic Configuration Wizard ------------------->
Select the target domain directory for this domain:
---------------------------------------------------
"Target Location" = [Enter new value or use default
"/bea/user_projects/domains"]
Enter new Target Location OR [Exit][Previous][Next]> next
<-------------------- Oracle WebLogic Configuration Wizard ------------------->
Edit Domain Information:
------------------------
| Name | Value |
_|________|_____________|
1| *Name: | base_domain |
Enter value for "Name" OR [Exit][Previous][Next]> weblogic
<-------------------- Oracle WebLogic Configuration Wizard ------------------->
Edit Domain Information:
------------------------
| Name | Value |
_|________|__________|
1| *Name: | weblogic |
Use above value or select another option:
1 - Modify "Name"
2 - Discard Changes
Enter option number to select OR [Exit][Previous][Next]> next
§2.3.12 创建域
<-------------------- Oracle WebLogic Configuration Wizard ------------------->
Creating Domain...
0% 25% 50% 75% 100%
[------------|------------|------------|------------]
[***************************************************]
**** Domain Created Successfully! ****
§2.4 创建受管服务器的域
参考《WebLogic 10.3 for Win32》-《创建受管服务器的Domain和Server》。
§2.5 配置和启动节点管理器
§2.5.1 直接运行
$ cd /bea/wlserver_10.3/server/bin
$ ./startNodeManager.sh
§2.5.2 配置节点管理器作为Daemon
在/etc/rc.d/rc3.d添加一个启动节点管理器的文件。该文件核心内容是启动节点管理器,即:
su - weblogic -c "nohup /bea/wlserver_10.3/server/bin/startNodeManager &"
这样,Linux启动后时自动启动节点管理器。
Runlevel
The term runlevel refers to a mode of operation in one of the computer operating systems that implement Unix System V-style initialization. Conventionally, seven runlevels exist, numbered from zero to six; though up to ten, from zero to nine, may be used. S is sometimes used as a synonym for one of the levels.
In standard practice, when a computer enters runlevel zero, it halts, and when it enters runlevel six, it reboots. The intermediate runlevels (1-5) differ in terms of which drives are mounted, and which network services are started. Lower run levels are useful for maintenance or emergency repairs, since they usually don't offer any network services at all. The particular details of runlevel configuration differ widely among operating systems, and slightly among system administrators.
The runlevel system replaced the traditional /etc/rc script used in Version 7 Unix.
Standard runlevels
Standard runlevels
ID Name Description
0 Halt Shuts down the system.
S Single-User Mode Does not configure network interfaces or start daemons.[1]
6 Reboot Reboots the system.
1 = Almost all systems use runlevel 1 for this purpose. This mode is intended to provide a safe environment to perform system maintenance. Originally this runlevel provided a single terminal (console) interface running a root login shell. The increasing trend towards physical access to the computer during the boot process has led to changes in this area.
Linux
The Linux operating system can make use of runlevels through the programs of the sysvinit project. After the Linux kernel has booted, the init program reads the /etc/inittab file to determine the behavior for each runlevel. Unless the user specifies another value as a kernel boot parameter, the system will attempt to enter (start) the default runlevel.
Typical Linux runlevels
Most Linux distributions, in addition to the standard runlevels, define the following additional runlevels:
Typical Linux runlevels
ID Name Description
1 Single-User Mode Does not: configure network interfaces, start daemons, or allow non-root logins.[2]
2 Multi-User Mode Does not: configure network interfaces or start daemons.[3]
3 Multi-User Mode with Networking Starts the system normally.[4]
4 Unused/User defined for special purposes
5 X11 As runlevel 3 + display manager.
^ = The additional behavior of this runlevel varies greatly. All distributions provide at least one virtual terminal. Some distributions start a login shell as the superuser; some require correctly entering the superuser's password first; others provide a login prompt, allowing any user access.
^ = In some cases, runlevels 2 and 3 function identically; offering a Multi-User Mode with Networking.
Debian Linux
Debian, as well as most of the distributions based on it, like early Ubuntu, does not make any distinction between runlevels 2 to 5.
Debian Linux runlevels
ID Description
0 Halt
1 Single user mode
2-5 Full multi-user with console logins and display manager if installed
6 Reboot
sidux
sidux, a Debian Sid based distribution (current 20081110). This is the list for sidux operating system runlevels, please note that it does differ from debian stable runlevels.
sidux Linux runlevels
ID Description
0 init 0 powers off the PC, halt
1 init 1 single user mode
2 init 2 Multi-User mode without network, and/or to stop or not enter X,
3 init 3 Multi-User mode with network not running the X Window System, and/or to stop or not enter X
4 init 4 to stop or not enter X
5 init 5 Multi-User mode with network running the X Window System, and/or to start X
6 init 6 Reboot
Ubuntu
Ubuntu 6.10 (Edgy Eft) and later contain Upstart as a replacement for the traditional init-process, but they still use the traditional init scripts and Upstart's SysV-rc compatibility tools to start most services and emulate runlevels.
Red Hat Linux and Fedora
Red Hat as well as most of its derivatives (such as CentOS) uses runlevels like this:
Red Hat Linux/Fedora runlevels
ID Description
0 Halt
1 Single user
2 Full multi-user with network enabled but most network services disabled
3 Full multi-user, console logins only
4 Not used/User definable
5 Full multi-user, with display manager as well as console logins
6 Reboot
Which services are started in which runlevels can be managed with the chkconfig tool, which keeps its configuration settings under /etc/rc.d/. /sbin/chkconfig --list lists all the services controlled by chkconfig and whether they are on/off for each runlevel. Setting a service A controlled by chkconfig, for levels X, Y and Z is as simple as /sbin/chkconfig --level XYZ A
SUSE Linux
SUSE uses a similar setup to Red Hat:
SUSE Linux runlevels
ID Description
0 Halt
1 Single-user
2 Full multi-user with no networking
3 Full multi-user without display manager
4 Not used/User definable
5 Full multi-user with display manager
6 Reboot
The services that run under a specific runlevel can be modified with YaST | System Services (runlevel) or with chkconfig command like the Red Hat based distributions.
Slackware Linux
Slackware Linux uses runlevel 1 for maintenance, as on other Linux distributions; runlevels 2, 3 and 5 identically configured for a console (with all services active); and runlevel 4 adds the X Window System.
Slackware Linux runlevels
ID Description
0 Halt
1 Single-user
2 Full multi-user NO display manager
3 Full multi-user NO display manager
4 Full multi-user with display manager
5 Not used/User definable
6 Reboot
Gentoo Linux
Gentoo Linux runlevels
ID Description
0 Halt
1 Single-user
2 Multi-user, no network
3 Full multi-user with display manager
4 Aliased for runlevel 3 (Full multi-user with display manager)
6 Reboot
System V Releases 3 and 4
System V runlevels
ID Description
0 Shut down system, power-off if hardware supports it (only available from the console)
1 Single-user mode, all filesystems unmounted but root, all processes except console processes killed
2 Multi-user mode
3 Multi-user mode with RFS (and NFS in release 4) filesystems exported
4 Multi-user, user-defined
5 Halt the operating system, go to firmware
6 Halt the system, reboot to default runlevel
s, S Identical to 1 (Single-user mode, all filesystems unmounted but root, all processes except console processes killed) except current terminal acts as the system console
Solaris
Solaris runlevels
ID Description
0 Operating system halted; (SPARC only) drop to OpenBoot prompt
S Single-user with only root filesystem mounted (as read-only)
1 Single-user mode with all local filesystems mounted (read-write)
2 Multi-user with most daemons started.
3 multi-user, identical to 2 (runlevel 3 runs both /sbin/rc2 and /sbin/rc3), with filesystems exported, plus some other network services started.
4 Alternative multi-user, user-defined
5 Shut down, power-off if hardware supports it
6 Reboot
HP-UX
HP-UX runlevels
ID Description
0 System halted
S Single-user, booted to system console only, with only root filesystem mounted (as read-only)
s Single user, identical to S except the current terminal acts as the system console
1 Single-user with local filesystems mounted (read-write)
2 Multi-user with most daemons started and Common Desktop Environment launched
3 Multi-user, nearly identical to runlevel 2 with NFS exported
4 Multi-user with VUE started instead of CDE
5, 6 user-defined
AIX
AIX does not follow the System V R4 (SVR4) run level specification, with run levels from 0 to 9 available, as well as from a to c. 0 and 1 are reserved, 2 is the default normal multi-user mode and run levels from 3 to 9 are free to be defined by the administrator. Run levels from a to c allow the execution of processes in that run level without killing processes started in another.
AIX runlevels
ID Name Description
0 reserved
1 reserved
2 Normal multiuser mode default mode
第三章 配置和管理
§3.1 配置单向SSL认证
WebLogic启用SSL连接需部署服务器证书、CA证书链、信任证书链。WebLogic安装完成后,在\wlserver_10.3\server\lib目录下会自动创建DemoIdentity.jks(密码DemoIdentityKeyStorePassPhrase)、DemoTrust.jks(密码DemoTrustKeyStorePassPhrase)、cacerts三个文件,分别存放服务器证书、信任证书和CA证书链。前两个文件是非安全的,只能用于测试,不能用于生产;后一个文件是Java的默认cacerts文件。对生产系统,必须部署独有的服务器证书、信任证书和CA证书链。本节描述部署生产系统Server证书的操作过程。
§3.1.1 创建Server存储库
§3.1.1.1 创建Server私钥
使用JDK自带的keytool工具创建Server私钥。命令如下:
keytool -genkey -alias AdminServer -keyalg RSA -keysize 1024 -keystore AdminServer.jks
该命令会询问存储库的密码和证书信息以及私钥保护密码。大致内容如下:
输入keystore密码:
再次输入新密码:
您的名字与姓氏是什么?
[Unknown]: AdminServer
您的组织单位名称是什么?
[Unknown]: Enterprise
您的组织名称是什么?
[Unknown]: WJZhiFu
您所在的城市或区域名称是什么?
[Unknown]: BeiJing
您所在的州或省份名称是什么?
[Unknown]: BJ
该单位的两字母国家代码是什么
[Unknown]: CN
CN=AdminServer, OU=Enterprice, O=WJZhiFu, L=BeiJing, ST=BJ, C=CN 正确吗?
[否]: y
输入的主密码
(如果和 keystore 密码相同,按回车):
再次输入新密码:
填写时应注意:
CN域应和Server域名一致,不应使用Server的ip地址;
OU域应按颁发的证书类型划分为多个单元;如:Server、Enterprise、Person,可以使用编码;
O域应为公司的英文名称;
L域应为城市的英文名称;
ST域应为省的英文名称;
C域应为国家代码CN;
存储库的密码和私钥密码应不同。
§3.1.1.2 生成Server的证书申请文件
keytool -certreq -alias AdminServer -sigalg "MD5withRSA" -file AdminServer.csr -keystore AdminServer.jks
§3.1.1.3 认证证书申请
提交上步生成的AdminServer.csr证书申请文件提交给证书颁发机构进行认证。本例中使用openssl认证该证书申请,命令如下:
openssl ca -in AdminServer.csr -out AdminServer.crt -config openssl.cfg
§3.1.1.4 导入证书文件
从CA获取到认证的证书文件后,使用keytool将该证书文件导入到存储库。Keytool导入证书时,会自动检查证书的合法性,确认该证书是信任的CA签署的。默认情况下,我们的CA证书没有包含在Java信任的CA清单中,因此先需要将我们的CA添加到Java的信任CA清单中。命令如下:
keytool -import -file ca.crt -keystore D:\bea\jdk160_05\jre\lib\security\cacerts
注意:请确认您使用的keytool的JDK位置,Java信任CA清单存储库即为该JDK的jre/lib/security/cacerts文件。
添加CA证书完成后,将该文件复制到WebLogic的server/lib目录,覆盖当前的cacerts文件,然后执行如下命令导入Server的证书文件。
keytool -import -trustcacerts -alias AdminServer -file AdminServer.crt -keystore AdminServer.jks
导入完成后,复制AdminServer.jks存储库到WebLogic的server/lib。至此,Server证书存储库准备就绪。
§3.1.2 创建CA证书存储库
从CA处下载CA证书文件。CA证书文件一般有两种形式,一是单独的CA证书文件,二是.p7b证书链文件。
§3.1.2.1 导入独立的CA证书文件
keytool可以导入DER格式(二进制)和PEM格式(BASE64编码格式,-----BEGIN CERTIFICATE-----打头,-----END CERTIFICATE-----结束)。命令如下:
keytool -importcert -file ca.crt -trustcacerts -alias "WJZHIFU CA" -
keystore WJZhiFuCA.jks
导入完成后,复制CA证书存储库到WebLogic的server/lib。
§3.1.2.2 导入p7b的CA证书文件
P7b文件不能直接导入到存储库,应使用openssl工具将p7b文件转换为每证书一个der文件,然后参考上节导入各个文件。
转换p7b文件的命令如下:
openssl pkcs7 -in ca.p7b -out ca.txt -outform PEM -inform DEA -print_certs
编辑ca.txt文件,将每个-----BEGIN CERTIFICATE-----打头,-----END CERTIFICATE-----结束的证书内容分别复制到一个文件中,然后顺序导入各个文件。导入完成后,导入完成后,复制CA证书存储库到WebLogic的server/lib。
§3.1.3 部署证书文件
(1) 启动WebLogic服务器,使用管理员登录到控制台;
(2) 编辑EnvironmentServer的配置。本例编辑AdminServer;
(3) 编辑Server的Keystore属性;
Keystore选择为:Custom Identity and Custom Trust;
Custom Identity Keystore: 添加Server证书存储库全路径名;
Custom Identity Keystore Type: JKS
填写该Server存储库的密码;
Custom Trust Keystore: 填写CA证书存储库的全路径名;
Custom Trust Keystore Type: JKS
填写该CA存储库的密码;
Save
(4) 编辑Server的SSL配置;
Identity and Trust Locations: KeyStores
PrivateKey Alias: 填写为Server存储库私钥的别名,即AdminServer;
填写Server存储库私钥的密码;
Save。
至此,单向认证(客户端认证服务器)的SSL配置完成。
§3.2 配置双向SSL认证
比照WebLogic服务器单向SSL认证的配置,完成服务器端的SSL配置,然后编辑ServerSSLAdvance配置。
TwoWayClientCert:ClientCerts Requested and Enforced;
Inbound Certificate Validation: Builtin SSL Validation And Cert Path Validators;
Outbound Certificate Validation: Builtin SSL Validation And Cert Path Validators;
Save
启用Server双向认证后,如果客户端没有相应的证书,则无法连接服务器。
§3.3 WebLogic集群配置
本集群由三台计算机组成,AdminServer、Server1、Server2。AdminServer负责集群管理与部署,Server1和Server2组成集群提供对外服务。
§3.3.1 准备证书文件
为AdminServer、Server1、Server2、Server1 NodeManager、Server2 NodeManager各准备一张Server证书,并参考“WebLogic Server双向SSL认证的配置”节,将这些证书和CA证书制作成如下文件:
文件名 证书组成 说明
ServerAdmin.jks AdminServer私钥
AdminServer证书 CN=AdminServer
Server1.jks Server1私钥
Server1证书 CN=server1.wjzhifu.com
Machine1.jks Machine1节点管理器私钥
Machine1节点管理器证书 CN=machine1
Server2.jks Server2私钥
Server2证书
Server2节点私钥
Server2节点证书 CN=server2.wjzhifu.com
Machine2.jks Machine2节点管理器私钥
Machine2节点管理器证书 CN=machine2
ServerCA.jks CA证书 CN=CA
注意:各证书的私钥密码应各不相同以提高安全性。
创建上述文件完成后,将ServerAdmin +ServerCA复制到管理服务器的wlserver_10.3\server\lib目录,Server1 + Machine1 + ServerCA复制到Server1的wlserver_10.3\server\lib目录,Server2 + Machine2 + ServerCA复制到Server2的wlserver_10.3\server\lib目录。
§3.3.2 创建管理服务器和受管服务器的域
参考“创建管理服务器的域”和“创建受管服务器的域”章节,分别为管理服务器和每个Server创建域,并为AdminServer配置双向的SSL。创建域时应注意各机器域名、管理账号、密码均应相同。
创建各服务器的域完成后,启动管理服务器,并按下列步骤添加机器、Server、配置集群。
§3.3.2.1 启动管理服务器
§3.3.2.2 启动管理员终端,并登录
§3.3.2.3 添加受管计算机
(1) 创建计算机;
(2) 编辑新建计算机的 NodeManager属性;
(3) 保存并生效;
§3.3.2.4 添加受管服务器
(1) 添加新Server并激活集群模式;
(2) 创建新的集群;
(3) 编辑新Server的属性,指定计算机;
(4) 保存并生效;
(5) 重启管理服务器。
§3.3.2.5 启动受管服务器
使用weblogic用户登录操作系统系统,进入域的bin目录,执行下列命令启动受管服务器。
$ ./startManagedWebLogic.sh Server1 http://192.168.100.1:8080
Server1: 受管服务器的名称;
http://192.168.100.1:8080 管理服务器的访问地址。
待受管服务器启动完成后,登录管理服务器的管理控制台,查询受管服务器的状态,应能看到该服务器处于RUNING状态。否则,应检查受管服务器的名称是否和管理服务器中的配置是否一致。
在Server管理界面,点击ControlShutdown关闭受管服务器,刚才手工启动的受管服务器应能退出。后续我们将配置受管服务器的节点管理器,使得AdminServer可以远程启动与管理受管服务器。
§3.3.3 配置并启动受管服务器的节点管理器
受管服务器的节点管理器和AdminServer间通过SSL安全通道传输控制命令,因此必须配置节点管理器,以便和AdminServer创建SSL通道。
§3.3.3.1 编辑nodemanager.properties文件
Node Manager Property Description Default
LogFile (New) Location of the Node Manager log file. NodeManagerHome/
nodemanager.log
LogLimit (New) Maximum size of the Node Manager Log specified as an integer. When this limit is reached, a new log file is started.
Valid range for LogLimit is 0 to 2147483647 (int maximum). 0
LogCount (New) Maximum number of log files to create when LogLimit is exceeded.
Valid range for LogCount is 0 to 2147483647 (int maximum). 1
LogAppend (New) If set to true, then a new log file is not created when the Node Manager restarts; the existing log is appended instead. true
LogToStderr (New) If set to true, the log output is also sent to the standard error output. false
LogLevel (New) Severity level of logging used for the Node Manager log. Node Manager uses the same logging levels as WebLogic server. INFO
LogFormatter (New) Name of formatter class to use for NM log messages. weblogic.
nodemanager.
server.
LogFormatter
CrashRecoveryEnabled (New) Enables system crash recovery. false
SecureListener (New) If set to true, use the SSL listener, otherwise use the plain socket true
CipherSuite (New) The name of the cipher suite to use with the SSL listener. TLS_RSA_EXPORT_WITH_RC4_40_MD5
StartScriptEnabled (New) If true, use the start script specified by StartScriptName to start a server. For more information, see Configuring Node Manager to Use Start and Stop Scripts.
false
StartScriptName (New) The name of the start script, located in the domain directory startWebLogic.sh (UNIX)
or
startWebLogic.cmd (Windows)
StopScriptEnabled (New) If true, execute the stop script specified by StopScriptName after the server has shutdown. For more information, see Configuring Node Manager to Use Start and Stop Scripts.
false
StopScriptName (New) The name of the script to be executed after server shutdown. none
DomainsFile (New) The name of the nodemanager.domains file NodeManagerHome/
nodemanager.
domains
DomainsFileEnabled (New) If set to true, use the file specified in DomainsFile. If false, assumes the domain of the current directory or of WL_HOME. true
StateCheckInterval Specifies the interval Node Manager waits to perform a check of the server state. 500 milliseconds
CustomIdentityAlias Specifies the alias when loading the private key into the keystore. This property is required when the Keystores property is set as CustomIdentityandCustomTrust or CustomIdentityAndJavaStandardTrust. none
CustomIdentityKey
StoreFileName Specifies the file name of the Identity keystore (meaning the keystore that contains the private key for the Node Manager). This property is required when the Keystores property is set as CustomIdentity and CustomTrust or CustomIdentityAndJavaStandardTrust. none
CustomIdentity
KeyStorePassPhrase Specifies the password defined when creating the Identity keystore. This field is optional or required depending on the type of keystore. All keystores require the passphrase in order to write to the keystore. However, some keystores do not require the passphrase to read from the keystore. WebLogic Server only reads from the keystore, so whether or not you define this property depends on the requirements of the keystore. none
CustomIdentity
KeyStoreType Specifies the type of the Identity keystore. Generally, this is JKS. This property is optional. default keystore type from java.security
CustomIdentity
PrivateKeyPassPhrase Specifies the password used to retrieve the private key for WebLogic Server from the Identity keystore. This property is required when the Keystores property is set as CustomIdentityandCustomTrust or CustomIdentityAndJavaStandardTrust. none
JavaHome The Java home directory that Node Manager uses to start a Managed Servers on this machine, if the Managed Server does not have a Java home configured in its Remote Start tab. If not specified in either place, Node Manager uses the Java home defined for the Node Manager process. none
JavaStandardTrustKey
StorePassPhrase Specifies the password defined when creating the Trust keystore. This field is optional or required depending on the type of keystore. All keystores require the passphrase in order to write to the keystore. However, some keystores do not require the passphrase to read from the keystore. WebLogic Server only reads from the keystore, so whether or not you define this property depends on the requirements of the keystore.This property is required when the Keystores property is set as CustomIdentityandJavaStandard Trust or DemoIdentityAndDemoTrust. none
KeyStores Indicates the keystore configuration the Node Manager uses to find its identity (private key and digital certificate) and trust (trusted CA certificates). Possible values are:
DemoIdentityAndDemoTrust
Use the demonstration Identity and Trust keystores located in the BEA_HOME\server\lib directory that are configured by default. The demonstration Trust keystore trusts all the certificate authorities in the Java Standard Trust keystore (JAVA_HOME\jre\lib
\security\cacerts)
CustomIdentityAndJava
StandardTrust
Uses a keystore you create, and the trusted CAs defined in the cacerts file in the JAVA_HOME\jre\lib\
security\cacerts directory.
CustomIdentityAndCustomTrust
Uses Identity and Trust keystores you create. DemoIdentity
AndDemoTrust
ListenAddress Any address upon which the machine running Node Manager can listen for connection requests. This argument deprecates weblogic.nodemanager.
listenAddress. null
With this setting, Node Manager will listen on any IP address on the machine
ListenPort The TCP port number on which Node Manager listens for connection requests. This argument deprecates weblogic.nodemanager.listenPort. 5556
NativeVersionEnabled A value of true causes native libraries for the operating system to be used.
For UNIX systems other than Solaris, HP-UX, or Linux, set this property to false to run Node Manager in non-native mode. This will cause Node Manager to use the start script specified by the StartScriptEnabled property to start Managed Servers. true
NodeManagerHome Node Manager root directory which contains the following configuration and log files:
nm_data.properties
nodemanager.domains
nodemanager.log
nodemanager.properties
For more information on these files, see Node Manager Configuration and Log Files.
Note: By default, NodeManagerHome is WL_HOME/common/nodemanager. In a production environment, you may want to customize the location of the Node Manager root directory.
NodeManagerHome
WeblogicHome Root directory of the WebLogic Server installation. This is used as the default value of -Dweblogic.RootDirectory for a Managed Server that does not have a root directory configured in its Remote Start tab. If not specified in either place, Node Manager starts the Managed Server in the directory where Node Manager runs. none
keyFile The path to the private key file to use for SSL communication with the Administration Server.
Note: This property is used only in the process of upgrading from WebLogic Server, Version 7.x to Version 9.x.
none
keyPassword The password used to access the encrypted private key in the key file.
Note: This property is used only in the process of upgrading from WebLogic Server, Version 7.x to Version 9.x.
none
certificateFile Specifies the path to the certificate file used for SSL authentication.
Note: This property is used only in the process of upgrading from WebLogic Server, Version 7.x to Version 9.x.
none
编辑common/nodemanager/nodemanager.properties文件,增加下列内容:
CustomIdentityAlias=Machine1
CustomIdentityKeyStoreFileName=/bea/wlserver_10.3/server/lib/Machine1.jks
CustomIdentityKeyStorePassPhrase=密码
CustomIdentityKeyStoreType=JKS
CustomIdentityPrivateKeyPassPhrase=密码
KeyStores=CustomIdentityAndCustomTrust
节点管理器重新启动后,WebLogic会自动加密密码,因此不必担心明文密码的问题。
§3.3.3.2 启动节点管理器
$ cd /bea/wlserver_10.3/server/bin
$ ./startNodeManager.sh
待节点管理器启动完成后,登录AdminServer的管理控制台,检查受管服务器的节点管理器状态,应能看到节点管理器可到达。此时,可以通过节点管理器远程控制受管服务器的启动与关闭。
如果出现“错误,则说明受管服务器的hostname解析有问题,编写AdminServer的hosts文件,使受管服务器的名称和ip地址对应即可。
§3.3.4 启用受管服务器的SSL
使用管理员登录到AdminServer的控制台,参考《配置双向SSL认证》节的描述,启用Server1、Server2的SSL连接。应注意其使用的证书库分别是Server1.jks/ServerCA.jks和Server2.jks/ServerCA.jks。配置完成后,重新启动Server1和Server2,并查阅Server的启动日志,确认SSL监听激活。
§3.3.5 配置Session复制
(待补充)
§3.3.6 配置命令汇总(OpenSSL and KeyTool)
==CA==============================================================
openssl genrsa -des3 -out c:/ca/keys/CA.key 2048
openssl req -new -out CA.csr -key c:/ca/keys/CA.key -config openssl.cfg
openssl ca -in CA.csr -out c:/ca/certs/CA.crt -selfsign -keyfile c:/ca/keys/CA.key -days 7305 -extensions v3_ca -config openssl.cfg
keytool -import -file c:/ca/certs/ca.crt -keystore D:\bea\jdk160_05\jre\lib\security\cacerts
==AdminServer==========================================================
keytool -genkey -alias AdminServer -keyalg RSA -keysize 1024 -keystore ServerAdmin.jks -keypass welcome2008 -storepass welcome2008
keytool -certreq -alias AdminServer -sigalg "MD5withRSA" -file AdminServer.csr -keypass welcome2008 -keystore ServerAdmin.jks -storepass welcome2008
openssl ca -in AdminServer.csr -out c:/ca/certs/AdminServer.crt -config openssl.cfg
keytool -import -trustcacerts -alias AdminServer -file c:/ca/certs/AdminServer.crt -keystore ServerAdmin.jks -storepass welcome2008 -keypass welcome2008
==Machine1==========================================================
keytool -genkey -alias Machine1 -keyalg RSA -keysize 1024 -keystore Machine1.jks -keypass welcome2008 -storepass welcome2008
keytool -certreq -alias Machine1 -sigalg "MD5withRSA" -file Machine1.csr -keypass welcome2008 -keystore Machine1.jks -storepass welcome2008
openssl ca -in Machine1.csr -out c:/ca/certs/Machine1.crt -config openssl.cfg
keytool -import -trustcacerts -alias Machine1 -file c:/ca/certs/Machine1.crt -keystore Machine1.jks -storepass welcome2008 -keypass welcome2008
==Machine2==========================================================
keytool -genkey -alias Machine2 -keyalg RSA -keysize 1024 -keystore Machine2.jks -keypass welcome2008 -storepass welcome2008
keytool -certreq -alias Machine2 -sigalg "MD5withRSA" -file Machine2.csr -keypass welcome2008 -keystore Machine2.jks -storepass welcome2008
openssl ca -in Machine2.csr -out c:/ca/certs/Machine2.crt -config openssl.cfg
keytool -import -trustcacerts -alias Machine2 -file c:/ca/certs/Machine2.crt -keystore Machine2.jks -storepass welcome2008 -keypass welcome2008
==Server1==========================================================
keytool -genkey -alias Server1 -keyalg RSA -keysize 1024 -keystore Server1.jks -keypass welcome2008 -storepass welcome2008
keytool -certreq -alias Server1 -sigalg "MD5withRSA" -file Server1.csr -keypass welcome2008 -keystore Server1.jks -storepass welcome2008
openssl ca -in Server1.csr -out c:/ca/certs/Server1.crt -config openssl.cfg
keytool -import -trustcacerts -alias Server1 -file c:/ca/certs/Server1.crt -keystore Server1.jks -storepass welcome2008 -keypass welcome2008
==Server2==========================================================
keytool -genkey -alias Server2 -keyalg RSA -keysize 1024 -keystore Server2.jks -keypass welcome2008 -storepass welcome2008
keytool -certreq -alias Server2 -sigalg "MD5withRSA" -file Server2.csr -keypass welcome2008 -keystore Server2.jks -storepass welcome2008
openssl ca -in Server2.csr -out c:/ca/certs/Server2.crt -config openssl.cfg
keytool -import -trustcacerts -alias Server2 -file c:/ca/certs/Server2.crt -keystore Server2.jks -storepass welcome2008 -keypass welcome2008
==Person==============================================================
openssl req -newkey rsa:1024 -keyout c:/ca/keys/lny.key -out lny.csr -config openssl.cfg
openssl ca -in lny.csr -out c:/ca/certs/lny.crt -config openssl.cfg
openssl pkcs12 -export -in c:/ca/certs/lny.crt -inkey c:/ca/keys/lny.key -out lny.pfx
注意:openssl生成的cert前面附加了证书的文本输出信息,使用keytool处理这些证书时,需编辑证书文件,删除这些附加的信息,只留下---BEGIN-----至----END….的部分。
§3.4 配置前端Apache负载均衡器
(待补充)
§3.5 配置JMS服务器
本节以配置TongLink/Q消息中间件为例,说明JMS服务器的配置过程。集群内的各个受管服务器应配置指向一个TLQ Server。
启动管理服务器、受管服务器,并登录到管理控制台。
§3.5.1 添加新JMS模块
(1)指定JMS模块名称;
(2)选择部署的服务器;
(3)同时添加资源到本模块;
§3.5.2 添加外部JMS服务器
(1)添加外部 JMS服务器;
(2)设置JMS服务器的名称;
(3)Finish;
(4)编辑JMS Server属性;
点击TLQJmsServer。
(5)
本页需配置下列内容:
JNDI InitialContext Factory: tongtech.jms.jndi.JmsContextFactory
JNDI Connection URL: tlkq://localhost:10241/
Default Targeting Enabled: true
配置完成后Save。
此处端口10241是TLQ配置的基地址+1。
§3.5.3 添加JMS目标队列
(1)编辑JMS Server的Destinations属性;
(2)创建远程发送目标队列;
远程JNDI Name应与TLQ配置的JMS队列名一致。
(2)创建本地接收目标队列;
§3.5.4 添加 JMS连接工厂
(1)编辑JMS Server的ConnectionFactories属性;
(2)创新连接工厂;
远程JNDI Name应与TLQ配置的JMS连接工厂名一致。
§3.5.5 检查JMS的配置
重新启动受管服务器。启动完成后,登录到管理控制台,检查受管服务器的JNDI树;
点击View JNDI Tree,应能看到JMS的三个JNDI配置;
顺次点击各JNDI定义,应能获取到 TLQ的各类名;
如不能获取到 TLQ类名,则应检查:
TongLink/Q的JMS类库安装;
WebLogic的JNDI配置;
TLQ的JNDI配置。
§3.6 配置数据库连接池
启动管理服务器和管理控制台,登录到管理控制台,选择DataSource。
§3.6.1 添加新数据源
本页主要设置下列属性:
数据源的名称:
JNDI名称;
数据库类型;
数据库驱动程序名称。
§3.6.2 提示选择了XA事务数据库驱动程序
§3.6.3 指定连接属性
§3.6.4 测试连接属性
系统出现如下提示,则说明连接配置正确,否则根据错误信息纠正错误。
§3.6.5 选择要部署的目标服务器
点击[Finish]结束配置,并生效配置。