Shanky ... Shankar Archive

Encrypting password in JBoss EAP

To encrypt password in Jboss using CLI, you can follow the steps below. This is particularly useful if you want to encrypt password for datasource.

 

1) export JBOSS_HOME=/pallavi/

2) export CLASSPATH=/pallavi/jboss-eap-6.2/modules/system/layers/base/org/picketbox/main/picketbox-4.0.19.SP2-redhat-1.jar:/pallavi/modules/system/layers/base/org/jboss/logging/main/jboss-logging-3.1.2.GA-redhat-1.jar:$CLASSPATH

3) java org.picketbox.datasource.security.SecureIdentityLoginModule sa

4) Make changes in your configuration file(eg: standalone.xml) under the security tag as below (search for security:1.2 tag):-

<security-domain name="encrypted-h2ds" cache-type="default">
<authentication>
<login-module code="org.picketbox.datasource.security.SecureIdentityLoginModule" flag="required">
<module-option name="username" value="sa"/>
<module-option name="password" value="9fdd42c2a7390d3"/>
<module-option name="managedConnectionFactoryName" value="jboss.jca:service=LocalTxCM,name=MySqlDS_Pool"/>
</login-module>
</authentication>
</security-domain>

5) Now, remove the user name and password from datasource subsystem and add the below tag:-

<security-domain>h2ds</security-domain>

6) Now, restart the jboss instance as below and test the connectivity as below:-

[root@localhost ~]# /pallavai/bin/jboss-cli.sh
[disconnected /] connect 10.21.12.235:9999
[standalone@10.21.12.235:9999 /] /subsystem=datasources/data-source=ExampleDS:test-connection-in-pool()
{
"outcome" => "success",
"result" => [true]
}

Reset WebSphere admin console password

As a WebSphere admin one of the commonly seen issue is how to reset the WebSphere admin console password.

Well below are the steps to reset our WebSphere Admin Console Password

1) Using Admin Console:

To reset the password using the admin console

a) Go to DMGR profile config cells directory.

b) Edit the file(After taking backup) — security.xml and change the enabled value to false(refer to the below attachments)

1

 

c) Now, log in to the admin console, go to Security tab>Global Security>select Enable Administrative Security>Click on Security   Configuration Wizard>

2
Then click on Next. And Select the user repository as Federated repositories.
After entering the user name and password logout from admin console. Since, the changes are related to configuration restart the dmgr server instance to reflect the changes

2. Using wsadmin utility:

To reset the password using wsadmin tool:-

a) Go to WAS-Home>bin>./wsadmin.sh –lang jython –username wasadm –password wasadm123

b) Execute the below commands.

3

c) Reset the password using steps described above in section:1.c)

 

This will reset your wasadmin password.

Please feel free to get in touch with us if you have any queries.

Cheers,

Wonders Team

Working on Weblogic Server 8.1 License related issues

In weblogic 8.1 by default we have the following different types of license:

1) Development: Used in a development environment where a developer is preparing an application to run on top of WebLogic Platform. Enables us to run Weblogic Platform on a single machine, including machines running multiple instances of WebLogic Server. Permits client connections from a maximum of five IP addresses. IP addresses are tracked from the time the server is started. When we restart the server, the count is reset. Installed with Weblogic Platform in the BEA Home directory as license.bea. Is not tied to the IP address of a machine.

2) Scale Limited: Used in limited-scale production environments. Enables all WebLogic Platform component products. Enables us to run a single WebLogic Server instance with a server capacity limited to approximately 3 percent of the full capacity of a production server with a production license. Restricts server capacity by limiting concurrent socket connections to a maximum of three connections. Requests for a fourth socket connection are blocked until a socket becomes free. Permits client connections from an unlimited number of IP addresses. Installed, with WebLogic Platform 8.1 SP3 and higher, in the BEA Home directory as license_scale_limited.bea. It’s not tied to the IP address of a machine.

3) Production: Used in full-scale production environments. May restrict functionality to the software components that we have purchased. Enables us to run WebLogic Platform on a single machine, including machines running multiple instances of WebLogic Server. Permits client connections from an unlimited number of IP addresses. Must be purchased separately. It’s tied to the IP address of the machine. A production license can be used only on a machine with the same IP address that is specified in the license file

4) Workgroup: Restricts software functionality to that provided in WebLogic Server Workgroup Edition. Permits client connections from an unlimited number of IP addresses, but is limited to 20 concurrent users. Enforces user limitation by restricting the number of concurrent HTTP sessions with associated data to 20 sessions. Must be purchased separately. Is tied to the IP address of the machine.

By default the license.bea file is available in BEA_HOME directory

Steps for updating license file: We can update the license file using UpdateLicense.sh If we are transferring from an evaluation license to production license please refer to the following.:-
1. Locate the current (evaluation) license.bea (located in BEA home directory) and take a backup of this file
2. Rename the new (production) license file to license.bea and move this file to the exact location of the old license file (evaluation) in the BEA home directory and run ./UpdateLicense.sh license.bea(new file)

Troubleshooting License Issues

Issue:1) License not found/Missing error — Unable to start WebLogic Serve: Missing license file for WebLogic Platform

Cause:
1) License file not found in the BEA home directory
2) Incorrect version of the license is used.
3) BEA Home directory is copied from one drive in the hard disk to another drive in the hard disk.

Solution:
1) Ensure license file is located in the BEA home directory
2) Check the version of Weblogic in the license file.
3) Ensure that –Dbea.home command line parameter exists in the Weblogic startup script. Edit the startWeblogic.cmd (startWebLogic.sh in Unix systems) and include the –Dbea.home argument.

Issue:2) Incorrect IP address error: Unable to start WebLogic Server!!
WebLogic: license error, Invalid host IP

Cause: If our machine has multiple IP addresses, we need that WebLogic internally is only looking at the primary IP address.

To Troubleshoot please following the following steps:
1.Run setEnv script to set your environment. This can be done in your domain directory.
2. Please check the output of the BEA utility named utils.myip on your host machine. What IP address is returned?

Syntax : $ java utils.myip
This utility returns the IP address that WebLogic is internally looking for in the license.bea file. Compare the IP address returned from this utility to the license file IP address. If the output is different from the IP address mentioned in the license file, then the exception shown above will be shown

If the IP address returned by the myip utility is different from the WebLogic license’ IP
1. Contact system administrator to make the necessary changes in the IP of the system. To change the IP address you can use the hostname command, or if our system uses an /etc/hosts file, place the IP number matching the license file at the top of the file.
2. Transfer the IP address in your license file to the IP address returned by utils.myip
3. Customer may be using Virtual IP Addresses. The IP Address of the License may be mapped to a Virtual IP Address of the physical hardware. The License check requires the license to be bound to the physical address of the machine and not the virtual address. The customer needs to ensure that the license is bound only to the Physical IP address of the machine and not the virtual address. Weblogic Server will however be able to listen to the Virtual IP address by specifying that in the listenAddress of the Server section through the console. We may leave the listenAddress as blank and the server will be able to listen to the all the IP addresses it is configured on.

Issue-3) Unable to start WebLogic Server!!
Invalid software license file: \opt\weblogic\license.bea

Cause: License file found in the BEA home directory might be incorrectly formatted

Solution:
1) Ask the customer to replace the existing license with the original license file that is received from the License team or Sales team.
2) You will need to obtain a new license file from BEA License Management

WebSphere Application Server Interview Q’s(FAQ)

Hi All,

Below are the few interview Question in WebSphere:

1. How to choose websphere over other application servers?

2. What is the difference between web server and application server?

3. How to check a particular port is working or not in unix?

4. What are the issues commonly seen while installling the WebSphere Application Server

5. What is generic server cluster and how do you allow to configure standalone servers??

6. What is the difference between Dmgr and AppServer profile

7. Compared to custom and AppServer profile which is the best profile and why??

8. How to change a port no. using wsadmin?

9. What do you mean by Gloabl Security and how to enable it??

10. What are the different types of log files?

11. How do you take back ups in WAS

12. What is meant by SSL certificate and how do we renew them?? What is the defualt key store location for WAS

13. What are the different kinds of sync operations and How do you disable auto sync

14. Explain JNDI in WAS

15. How do you make WAS run as a service and why

16. How do you disable security for Deployment manager without logging into the console

17. What are the steps you will follow while installing a fix pack? How do you trouble shoot fixpack installation falied?

18. How do you recover the admin console password is lost?

19. what is class loader? how many types of class loaders are there?

20. when you are logged into dmgr admin console, if you click any option, it is showing 500 internal error, what could be the problem and how do you trouble shoot ?

21. What are the two basic steps that admin have to do after deploying the application & before running the application?

22. If the app server crashes in the middle of application deployment, wht could be the reason and wht steps we have to follow?

23. Compare the WAS process server & WAS portal server and WAS application server?

24. What Development Environment(s) are available to develop applications for WebSphere?

25. With Java2Security enabled on WebSphere Application Server, and you are performing an Enterprise Application deployment, what security file is open during deployment?

Creation of Profiles and Federation

We can create profile in websphere by using the following ways:

1) GUI Tool: This is by default supported ONLY on windows based OS as GUI would be enabled by default ONLY on windows based OS. To create go to: WAS-Home>bin>ProfileManagement and run either pmt.bat or java -jar startup.jar

2) Command Line: This is by default used only for UNIX based OS. To create profile use the below syntax:

Syntax: ./manageprofiles.sh –create –profileName –profilePath –templatePath –cellName -hostname –nodeName –enableAdminSecurity

manageProfiles

Depending up on the type of profile template we are choosing accordingly the corresponding profile gets created. In the above since default template is chosen so application server profile is created. Below are the other templates:

1) dmgr — To create Dmgr profile

2) cell — To create cell profile

3) managed — to create custom profile

Similarly we created the Custom01, Dmgr01 profile.

Profile_ListFederate these profiles with Dmgr–

1) Federate AppSrv01 profile with Dmgr01 as below:

a) Start Dmgr profile instance (dmgr) and AppSrv01 profile instance (shiva1)

startServers   b) Get the Host name and SOAP port number of AppSrv01, Dmgr01 profile from AboutThisprofile.txt in profiles-home>logs path

AbouThisProfilec) Log in to Dmgr admin console (http://hostname_Dmgr:DmgrAdminConsolePort/ibm/console) and go to System Administration>Nodes Click AddNode and provide the SOAP Port, hostname of AppSrv01. Provide user name and password for AppSrv01 and Dmgr01 (if admin security is enabled)

Federate_AppndDmgr

Federate_AppndDmgrLog

2) Federate Custom01 profile with Dmgr01 as below:

Federate_CustomDmgr

 

 

 

 

 

 

Installation of WebSphere AS7.0 Network Deployment using silent Mode

Using the responsefile.nd.txt we can install WebSphere AS, create profiles and do multiple configurations. But, this article is restricted to understand how to do the installation of WAS7.0in silent mode using responsefile.nd.txt

1) Go to the path where the Websphere Application Server(WAS) software is available using cd.

2) Inside that we have the WAS folder where we will have the installer(setup.jar or install.sh), responsefile.nd.txt.

3)  Take the back up of responsefile.nd.txt and rewrite responsefile.nd.txt with the following options:

4) Save the responsefile.nd.txt and run the below command:

4) The installation would take roughly 20-30mins to complete.

5) After installation completed to confirm the status of installation goto WAS-Home>logs>install folder and check for the keywork INSTCONFSUCCESS

Status

 

Cheers,

Wonders Team