§3.3.2.5 启动受管服务器
使用weblogic用户登录操作系统系统,进入域的bin目录,执行下列命令启动受管服务器。
$ ./startManagedWebLogic.sh Server1 http://192.168.100.1:8080
Server1: 受管服务器的名称;
http://192.168.100.1:8080 管理服务器的访问地址。
待受管服务器启动完成后,登录管理服务器的管理控制台,查询受管服务器的状态,应能看到该服务器处于RUNING状态。否则,应检查受管服务器的名称是否和管理服务器中的配置是否一致。
在Server管理界面,点击ControlShutdown关闭受管服务器,刚才手工启动的受管服务器应能退出。后续我们将配置受管服务器的节点管理器,使得AdminServer可以远程启动与管理受管服务器。
§3.3.3 配置并启动受管服务器的节点管理器
受管服务器的节点管理器和AdminServer间通过SSL安全通道传输控制命令,因此必须配置节点管理器,以便和AdminServer创建SSL通道。
§3.3.3.1 编辑nodemanager.properties文件
Node Manager Property Description Default
LogFile (New) Location of the Node Manager log file. NodeManagerHome/
nodemanager.log
LogLimit (New) Maximum size of the Node Manager Log specified as an integer. When this limit is reached, a new log file is started.
Valid range for LogLimit is 0 to 2147483647 (int maximum). 0
LogCount (New) Maximum number of log files to create when LogLimit is exceeded.
Valid range for LogCount is 0 to 2147483647 (int maximum). 1
LogAppend (New) If set to true, then a new log file is not created when the Node Manager restarts; the existing log is appended instead. true
LogToStderr (New) If set to true, the log output is also sent to the standard error output. false
LogLevel (New) Severity level of logging used for the Node Manager log. Node Manager uses the same logging levels as WebLogic server. INFO
LogFormatter (New) Name of formatter class to use for NM log messages. weblogic.
nodemanager.
server.
LogFormatter
CrashRecoveryEnabled (New) Enables system crash recovery. false
SecureListener (New) If set to true, use the SSL listener, otherwise use the plain socket true
CipherSuite (New) The name of the cipher suite to use with the SSL listener. TLS_RSA_EXPORT_WITH_RC4_40_MD5
StartScriptEnabled (New) If true, use the start script specified by StartScriptName to start a server. For more information, see Configuring Node Manager to Use Start and Stop Scripts.
false
StartScriptName (New) The name of the start script, located in the domain directory startWebLogic.sh (UNIX)
or
startWebLogic.cmd (Windows)
StopScriptEnabled (New) If true, execute the stop script specified by StopScriptName after the server has shutdown. For more information, see Configuring Node Manager to Use Start and Stop Scripts.
false
StopScriptName (New) The name of the script to be executed after server shutdown. none
DomainsFile (New) The name of the nodemanager.domains file NodeManagerHome/
nodemanager.
domains
DomainsFileEnabled (New) If set to true, use the file specified in DomainsFile. If false, assumes the domain of the current directory or of WL_HOME. true
StateCheckInterval Specifies the interval Node Manager waits to perform a check of the server state. 500 milliseconds
CustomIdentityAlias Specifies the alias when loading the private key into the keystore. This property is required when the Keystores property is set as CustomIdentityandCustomT
CustomIdentityKey
StoreFileName Specifies the file name of the Identity keystore (meaning the keystore that contains the private key for the Node Manager). This property is required when the Keystores property is set as CustomIdentity and CustomTrust or CustomIdentityAndJavaSta
CustomIdentity
KeyStorePassPhrase Specifies the password defined when creating the Identity keystore. This field is optional or required depending on the type of keystore. All keystores require the passphrase in order to write to the keystore. However, some keystores do not require the passphrase to read from the keystore. WebLogic Server only reads from the keystore, so whether or not you define this property depends on the requirements of the keystore. none
CustomIdentity
KeyStoreType Specifies the type of the Identity keystore. Generally, this is JKS. This property is optional. default keystore type from java.security
CustomIdentity
PrivateKeyPassPhrase Specifies the password used to retrieve the private key for WebLogic Server from the Identity keystore. This property is required when the Keystores property is set as CustomIdentityandCustomT
JavaHome The Java home directory that Node Manager uses to start a Managed Servers on this machine, if the Managed Server does not have a Java home configured in its Remote Start tab. If not specified in either place, Node Manager uses the Java home defined for the Node Manager process. none
JavaStandardTrustKey
StorePassPhrase Specifies the password defined when creating the Trust keystore. This field is optional or required depending on the type of keystore. All keystores require the passphrase in order to write to the keystore. However, some keystores do not require the passphrase to read from the keystore. WebLogic Server only reads from the keystore, so whether or not you define this property depends on the requirements of the keystore.This property is required when the Keystores property is set as CustomIdentityandJavaSta
KeyStores Indicates the keystore configuration the Node Manager uses to find its identity (private key and digital certificate) and trust (trusted CA certificates). Possible values are:
DemoIdentityAndDemoTrust
Use the demonstration Identity and Trust keystores located in the BEA_HOME\server\lib directory that are configured by default. The demonstration Trust keystore trusts all the certificate authorities in the Java Standard Trust keystore (JAVA_HOME\jre\lib
\security\cacerts)
CustomIdentityAndJava
StandardTrust
Uses a keystore you create, and the trusted CAs defined in the cacerts file in the JAVA_HOME\jre\lib\
security\cacerts directory.
CustomIdentityAndCustomT
Uses Identity and Trust keystores you create. DemoIdentity
AndDemoTrust
ListenAddress Any address upon which the machine running Node Manager can listen for connection requests. This argument deprecates weblogic.nodemanager.
listenAddress. null
With this setting, Node Manager will listen on any IP address on the machine
ListenPort The TCP port number on which Node Manager listens for connection requests. This argument deprecates weblogic.nodemanager.listenPort. 5556
NativeVersionEnabled A value of true causes native libraries for the operating system to be used.
For UNIX systems other than Solaris, HP-UX, or Linux, set this property to false to run Node Manager in non-native mode. This will cause Node Manager to use the start script specified by the StartScriptEnabled property to start Managed Servers. true
NodeManagerHome Node Manager root directory which contains the following configuration and log files:
nm_data.properties
nodemanager.domains
nodemanager.log
nodemanager.properties
For more information on these files, see Node Manager Configuration and Log Files.
Note: By default, NodeManagerHome is WL_HOME/common/nodemanager. In a production environment, you may want to customize the location of the Node Manager root directory.
NodeManagerHome
WeblogicHome Root directory of the WebLogic Server installation. This is used as the default value of -Dweblogic.RootDirectory for a Managed Server that does not have a root directory configured in its Remote Start tab. If not specified in either place, Node Manager starts the Managed Server in the directory where Node Manager runs. none
keyFile The path to the private key file to use for SSL communication with the Administration Server.
Note: This property is used only in the process of upgrading from WebLogic Server, Version 7.x to Version 9.x.
none
keyPassword The password used to access the encrypted private key in the key file.
Note: This property is used only in the process of upgrading from WebLogic Server, Version 7.x to Version 9.x.
none
certificateFile Specifies the path to the certificate file used for SSL authentication.
Note: This property is used only in the process of upgrading from WebLogic Server, Version 7.x to Version 9.x.
none
编辑common/nodemanager/nodemanager.properties文件,增加下列内容:
CustomIdentityAlias=Machine1
CustomIdentityKeyStoreFi
CustomIdentityKeyStorePa
CustomIdentityKeyStoreTy
CustomIdentityPrivateKey
KeyStores=CustomIdentityAndCustomT
节点管理器重新启动后,WebLogic会自动加密密码,因此不必担心明文密码的问题。
§3.3.3.2 启动节点管理器
$ cd /bea/wlserver_10.3/server/bin
$ ./startNodeManager.sh
待节点管理器启动完成后,登录AdminServer的管理控制台,检查受管服务器的节点管理器状态,应能看到节点管理器可到达。此时,可以通过节点管理器远程控制受管服务器的启动与关闭。
如果出现“错误,则说明受管服务器的hostname解析有问题,编写AdminServer的hosts文件,使受管服务器的名称和ip地址对应即可。
§3.3.4 启用受管服务器的SSL
使用管理员登录到AdminServer的控制台,参考《配置双向SSL认证》节的描述,启用Server1、Server2的SSL连接。应注意其使用的证书库分别是Server1.jks/ServerCA.jks和Server2.jks/ServerCA.jks。配置完成后,重新启动 Server1和Server2,并查阅Server的启动日志,确认SSL监听激活。
§3.3.5 配置Session复制
(待补充)
§3.3.6 配置命令汇总(OpenSSL and KeyTool)
==CA==============================================================
openssl genrsa -des3 -out c:/ca/keys/CA.key 2048
openssl req -new -out CA.csr -key c:/ca/keys/CA.key -config openssl.cfg
openssl ca -in CA.csr -out c:/ca/certs/CA.crt -selfsign -keyfile c:/ca/keys/CA.key -days 7305 -extensions v3_ca -config openssl.cfg
keytool -import -file c:/ca/certs/ca.crt -keystore D:\bea\jdk160_05\jre\lib\security\cacerts
==AdminServer==========================================================
keytool -genkey -alias AdminServer -keyalg RSA -keysize 1024 -keystore ServerAdmin.jks -keypass welcome2008 -storepass welcome2008
keytool -certreq -alias AdminServer -sigalg "MD5withRSA" -file AdminServer.csr -keypass welcome2008 -keystore ServerAdmin.jks -storepass welcome2008
openssl ca -in AdminServer.csr -out c:/ca/certs/AdminServer.crt -config openssl.cfg
keytool -import -trustcacerts -alias AdminServer -file c:/ca/certs/AdminServer.crt -keystore ServerAdmin.jks -storepass welcome2008 -keypass welcome2008
==Machine1==========================================================
keytool -genkey -alias Machine1 -keyalg RSA -keysize 1024 -keystore Machine1.jks -keypass welcome2008 -storepass welcome2008
keytool -certreq -alias Machine1 -sigalg "MD5withRSA" -file Machine1.csr -keypass welcome2008 -keystore Machine1.jks -storepass welcome2008
openssl ca -in Machine1.csr -out c:/ca/certs/Machine1.crt -config openssl.cfg
keytool -import -trustcacerts -alias Machine1 -file c:/ca/certs/Machine1.crt -keystore Machine1.jks -storepass welcome2008 -keypass welcome2008
==Machine2==========================================================
keytool -genkey -alias Machine2 -keyalg RSA -keysize 1024 -keystore Machine2.jks -keypass welcome2008 -storepass welcome2008
keytool -certreq -alias Machine2 -sigalg "MD5withRSA" -file Machine2.csr -keypass welcome2008 -keystore Machine2.jks -storepass welcome2008
openssl ca -in Machine2.csr -out c:/ca/certs/Machine2.crt -config openssl.cfg
keytool -import -trustcacerts -alias Machine2 -file c:/ca/certs/Machine2.crt -keystore Machine2.jks -storepass welcome2008 -keypass welcome2008
==Server1==========================================================
keytool -genkey -alias Server1 -keyalg RSA -keysize 1024 -keystore Server1.jks -keypass welcome2008 -storepass welcome2008
keytool -certreq -alias Server1 -sigalg "MD5withRSA" -file Server1.csr -keypass welcome2008 -keystore Server1.jks -storepass welcome2008
openssl ca -in Server1.csr -out c:/ca/certs/Server1.crt -config openssl.cfg
keytool -import -trustcacerts -alias Server1 -file c:/ca/certs/Server1.crt -keystore Server1.jks -storepass welcome2008 -keypass welcome2008
==Server2==========================================================
keytool -genkey -alias Server2 -keyalg RSA -keysize 1024 -keystore Server2.jks -keypass welcome2008 -storepass welcome2008
keytool -certreq -alias Server2 -sigalg "MD5withRSA" -file Server2.csr -keypass welcome2008 -keystore Server2.jks -storepass welcome2008
openssl ca -in Server2.csr -out c:/ca/certs/Server2.crt -config openssl.cfg
keytool -import -trustcacerts -alias Server2 -file c:/ca/certs/Server2.crt -keystore Server2.jks -storepass welcome2008 -keypass welcome2008
==Person==============================================================
openssl req -newkey rsa:1024 -keyout c:/ca/keys/lny.key -out lny.csr -config openssl.cfg
openssl ca -in lny.csr -out c:/ca/certs/lny.crt -config openssl.cfg
openssl pkcs12 -export -in c:/ca/certs/lny.crt -inkey c:/ca/keys/lny.key -out lny.pfx
注意:openssl生成的cert前面附加了证书的文本输出信息,使用keytool处理这些证书时,需编辑证书文件,删除这些附加的信息,只留下 ---BEGIN-----至----END….的部分。
§3.4 配置前端Apache负载均衡器
(待补充)
§3.5 配置JMS服务器
本节以配置TongLink/Q消息中间件为例,说明JMS服务器的配置过程。集群内的各个受管服务器应配置指向一个TLQ Server。
启动管理服务器、受管服务器,并登录到管理控制台。
§3.5.1 添加新JMS模块
(1)指定JMS模块名称;
(2)选择部署的服务器;
(3)同时添加资源到本模块;
§3.5.2 添加外部JMS服务器
(1)添加外部 JMS服务器;
(2)设置JMS服务器的名称;
(3)Finish;
(4)编辑JMS Server属性;
点击TLQJmsServer。
(5)
本页需配置下列内容:
JNDI InitialContext Factory: tongtech.jms.jndi.JmsContextFactory
JNDI Connection URL: tlkq://localhost:10241/
Default Targeting Enabled: true
配置完成后Save。
此处端口10241是TLQ配置的基地址+1。
§3.5.3 添加JMS目标队列
(1)编辑JMS Server的Destinations属性;
(2)创建远程发送目标队列;
远程JNDI Name应与TLQ配置的JMS队列名一致。
(2)创建本地接收目标队列;
§3.5.4 添加 JMS连接工厂
(1)编辑JMS Server的ConnectionFactories属性;
(2)创新连接工厂;
远程JNDI Name应与TLQ配置的JMS连接工厂名一致。
§3.5.5 检查JMS的配置
重新启动受管服务器。启动完成后,登录到管理控制台,检查受管服务器的JNDI树;
点击View JNDI Tree,应能看到JMS的三个JNDI配置;
顺次点击各JNDI定义,应能获取到 TLQ的各类名;
如不能获取到 TLQ类名,则应检查:
TongLink/Q的JMS类库安装;
WebLogic的JNDI配置;
TLQ的JNDI配置。
§3.6 配置数据库连接池
启动管理服务器和管理控制台,登录到管理控制台,选择DataSource。
§3.6.1 添加新数据源
本页主要设置下列属性:
数据源的名称:
JNDI名称;
数据库类型;
数据库驱动程序名称。
§3.6.2 提示选择了XA事务数据库驱动程序
§3.6.3 指定连接属性
§3.6.4 测试连接属性
系统出现如下提示,则说明连接配置正确,否则根据错误信息纠正错误。
§3.6.5 选择要部署的目标服务器
点击[Finish]结束配置,并生效配置。
