Linux下WebLogic10.3的安裝與配置

時間 2019-11-17

標籤 linux weblogic10.3 weblogic 安裝配置欄目 Linux 简体版

原文原文鏈接

Enter name for a new Cluster OR [Exit][Previous][Next]> nextlinux

§2.3.10 暫不添加受管的主機
<-------------------- Oracle WebLogic Configuration Wizard ------------------->web

Configure Machines:shell

-------------------

Add or delete machines. A machine hosts one or more WebLogic Server
instances. The Admin Server and Node Manager use this machine definition to
start remote servers.安全

| Name* | Node manager listen address | Node manager listen port |
_|_______|_____________________________|__________________________|服務器

Enter name for a new Machine OR [Exit][Previous][Next]> next
<-------------------- Oracle WebLogic Configuration Wizard ------------------->less

Configure Unix Machines:
------------------------dom

Add or delete machines. A machine hosts one or more WebLogic Server
instances. The Admin Server and Node Manager use this machine definition to
start remote servers.ide

| Name |
_|______|工具

Enter name for a new Unix Machine OR [Exit][Previous][Next]> next測試

§2.3.11 指定域名
<-------------------- Oracle WebLogic Configuration Wizard ------------------->

Select the target domain directory for this domain:
---------------------------------------------------

"Target Location" = [Enter new value or use default
"/bea/user_projects/domains"]

Enter new Target Location OR [Exit][Previous][Next]> next
<-------------------- Oracle WebLogic Configuration Wizard ------------------->

Edit Domain Information:
------------------------

| Name | Value |
_|________|_____________|
1| *Name: | base_domain |

Enter value for "Name" OR [Exit][Previous][Next]> weblogic
<-------------------- Oracle WebLogic Configuration Wizard ------------------->

Edit Domain Information:
------------------------

| Name | Value |
_|________|__________|
1| *Name: | weblogic |

Use above value or select another option:
1 - Modify "Name"
2 - Discard Changes

Enter option number to select OR [Exit][Previous][Next]> next

§2.3.12 建立域
<-------------------- Oracle WebLogic Configuration Wizard ------------------->

Creating Domain...

0% 25% 50% 75% 100%
[------------|------------|------------|------------]
[***************************************************]

**** Domain Created Successfully! ****

§2.4 建立受管服務器的域
參考《WebLogic 10.3 for Win32》－《建立受管服務器的Domain和Server》。
§2.5 配置和啓動節點管理器
§2.5.1 直接運行
$ cd /bea/wlserver_10.3/server/bin
$ ./startNodeManager.sh
§2.5.2 配置節點管理器做爲Daemon
在/etc/rc.d/rc3.d添加一個啓動節點管理器的文件。該文件核心內容是啓動節點管理器，即：
su - weblogic -c "nohup /bea/wlserver_10.3/server/bin/startNodeManager &"
這樣，Linux啓動後時自動啓動節點管理器。
Runlevel
The term runlevel refers to a mode of operation in one of the computer operating systems that implement Unix System V-style initialization. Conventionally, seven runlevels exist, numbered from zero to six; though up to ten, from zero to nine, may be used. S is sometimes used as a synonym for one of the levels.
In standard practice, when a computer enters runlevel zero, it halts, and when it enters runlevel six, it reboots. The intermediate runlevels (1-5) differ in terms of which drives are mounted, and which network services are started. Lower run levels are useful for maintenance or emergency repairs, since they usually don't offer any network services at all. The particular details of runlevel configuration differ widely among operating systems, and slightly among system administrators.
The runlevel system replaced the traditional /etc/rc script used in Version 7 Unix.

? Standard runlevels
Standard runlevels
ID Name Description
0 Halt Shuts down the system.
S Single-User Mode Does not configure network interfaces or start daemons.[1]

6 Reboot Reboots the system.
1 = Almost all systems use runlevel 1 for this purpose. This mode is intended to provide a safe environment to perform system maintenance. Originally this runlevel provided a single terminal (console) interface running a root login shell. The increasing trend towards physical access to the computer during the boot process has led to changes in this area.

? Linux
The Linux operating system can make use of runlevels through the programs of the sysvinit project. After the Linux kernel has booted, the init program reads the /etc/inittab file to determine the behavior for each runlevel. Unless the user specifies another value as a kernel boot parameter, the system will attempt to enter (start) the default runlevel.
Typical Linux runlevels
Most Linux distributions, in addition to the standard runlevels, define the following additional runlevels:
Typical Linux runlevels
ID Name Description
1 Single-User Mode Does not: configure network interfaces, start daemons, or allow non-root logins.[2]

2 Multi-User Mode Does not: configure network interfaces or start daemons.[3]

3 Multi-User Mode with Networking Starts the system normally.[4]

4 Unused/User defined for special purposes
5 X11 As runlevel 3 + display manager.

^ = The additional behavior of this runlevel varies greatly. All distributions provide at least one virtual terminal. Some distributions start a login shell as the superuser; some require correctly entering the superuser's password first; others provide a login prompt, allowing any user access.
^ = In some cases, runlevels 2 and 3 function identically; offering a Multi-User Mode with Networking.

? Debian Linux
Debian, as well as most of the distributions based on it, like early Ubuntu, does not make any distinction between runlevels 2 to 5.
Debian Linux runlevels
ID Description
0 Halt
1 Single user mode
2-5 Full multi-user with console logins and display manager if installed
6 Reboot

? sidux
sidux, a Debian Sid based distribution (current 20081110). This is the list for sidux operating system runlevels, please note that it does differ from debian stable runlevels.
sidux Linux runlevels
ID Description
0 init 0 powers off the PC, halt
1 init 1 single user mode
2 init 2 Multi-User mode without network, and/or to stop or not enter X,
3 init 3 Multi-User mode with network not running the X Window System, and/or to stop or not enter X
4 init 4 to stop or not enter X
5 init 5 Multi-User mode with network running the X Window System, and/or to start X
6 init 6 Reboot

? Ubuntu
Ubuntu 6.10 (Edgy Eft) and later contain Upstart as a replacement for the traditional init-process, but they still use the traditional init scripts and Upstart's SysV-rc compatibility tools to start most services and emulate runlevels.

? Red Hat Linux and Fedora
Red Hat as well as most of its derivatives (such as CentOS) uses runlevels like this:
Red Hat Linux/Fedora runlevels
ID Description
0 Halt
1 Single user
2 Full multi-user with network enabled but most network services disabled
3 Full multi-user, console logins only
4 Not used/User definable
5 Full multi-user, with display manager as well as console logins
6 Reboot
Which services are started in which runlevels can be managed with the chkconfig tool, which keeps its configuration settings under /etc/rc.d/. /sbin/chkconfig --list lists all the services controlled by chkconfig and whether they are on/off for each runlevel. Setting a service A controlled by chkconfig, for levels X, Y and Z is as simple as /sbin/chkconfig --level XYZ A

? SUSE Linux
SUSE uses a similar setup to Red Hat:
SUSE Linux runlevels
ID Description
0 Halt
1 Single-user
2 Full multi-user with no networking
3 Full multi-user without display manager
4 Not used/User definable
5 Full multi-user with display manager
6 Reboot
The services that run under a specific runlevel can be modified with YaST | System Services (runlevel) or with chkconfig command like the Red Hat based distributions.

? Slackware Linux
Slackware Linux uses runlevel 1 for maintenance, as on other Linux distributions; runlevels 2, 3 and 5 identically configured for a console (with all services active); and runlevel 4 adds the X Window System.
Slackware Linux runlevels
ID Description
0 Halt
1 Single-user
2 Full multi-user NO display manager
3 Full multi-user NO display manager
4 Full multi-user with display manager
5 Not used/User definable
6 Reboot

? Gentoo Linux
Gentoo Linux runlevels

ID Description
0 Halt
1 Single-user
2 Multi-user, no network
3 Full multi-user with display manager
4 Aliased for runlevel 3 (Full multi-user with display manager)
6 Reboot

? System V Releases 3 and 4
System V runlevels

ID Description
0 Shut down system, power-off if hardware supports it (only available from the console)
1 Single-user mode, all filesystems unmounted but root, all processes except console processes killed
2 Multi-user mode
3 Multi-user mode with RFS (and NFS in release 4) filesystems exported

4 Multi-user, user-defined
5 Halt the operating system, go to firmware
6 Halt the system, reboot to default runlevel
s, S Identical to 1 (Single-user mode, all filesystems unmounted but root, all processes except console processes killed) except current terminal acts as the system console

? Solaris
Solaris runlevels

ID Description
0 Operating system halted; (SPARC only) drop to OpenBoot prompt

S Single-user with only root filesystem mounted (as read-only)
1 Single-user mode with all local filesystems mounted (read-write)
2 Multi-user with most daemons started.
3 multi-user, identical to 2 (runlevel 3 runs both /sbin/rc2 and /sbin/rc3), with filesystems exported, plus some other network services started.
4 Alternative multi-user, user-defined
5 Shut down, power-off if hardware supports it
6 Reboot

? HP-UX
HP-UX runlevels

ID Description
0 System halted
S Single-user, booted to system console only, with only root filesystem mounted (as read-only)
s Single user, identical to S except the current terminal acts as the system console
1 Single-user with local filesystems mounted (read-write)
2 Multi-user with most daemons started and Common Desktop Environment launched

3 Multi-user, nearly identical to runlevel 2 with NFS exported
4 Multi-user with VUE started instead of CDE

5, 6 user-defined

? AIX
AIX does not follow the System V R4 (SVR4) run level specification, with run levels from 0 to 9 available, as well as from a to c. 0 and 1 are reserved, 2 is the default normal multi-user mode and run levels from 3 to 9 are free to be defined by the administrator. Run levels from a to c allow the execution of processes in that run level without killing processes started in another.
AIX runlevels
ID Name Description
0 reserved
1 reserved
2 Normal multiuser mode default mode

第三章配置和管理
§3.1 配置單向SSL認證
WebLogic啓用SSL鏈接需部署服務器證書、CA證書鏈、信任證書鏈。WebLogic安裝完成後，在\wlserver_10.3\server\lib目錄下會自動建立DemoIdentity.jks（密碼DemoIdentityKeyStorePassPhrase）、DemoTrust.jks（密碼DemoTrustKeyStorePassPhrase）、cacerts三個文件，分別存放服務器證書、信任證書和CA證書鏈。前兩個文件是非安全的，只能用於測試，不能用於生產；後一個文件是Java的默認cacerts文件。對生產系統，必須部署獨有的服務器證書、信任證書和CA證書鏈。本節描述部署生產系統Server證書的操做過程。
§3.1.1 建立Server存儲庫
§3.1.1.1 建立Server私鑰
使用JDK自帶的keytool工具建立Server私鑰。命令以下：
keytool -genkey -alias AdminServer -keyalg RSA -keysize 1024 -keystore AdminServer.jks
該命令會詢問存儲庫的密碼和證書信息以及私鑰保護密碼。大體內容以下：
輸入keystore密碼：
再次輸入新密碼:
您的名字與姓氏是什麼？
[Unknown]： AdminServer
您的組織單位名稱是什麼？
[Unknown]： Enterprise
您的組織名稱是什麼？
[Unknown]： WJZhiFu
您所在的城市或區域名稱是什麼？
[Unknown]： BeiJing
您所在的州或省份名稱是什麼？
[Unknown]： BJ
該單位的兩字母國家代碼是什麼
[Unknown]： CN
CN=AdminServer, OU=Enterprice, O=WJZhiFu, L=BeiJing, ST=BJ, C=CN 正確嗎？
[否]： y
輸入的主密碼
（若是和 keystore 密碼相同，按回車）：
再次輸入新密碼:
填寫時應注意：
? CN域應和Server域名一致，不該使用Server的ip地址；
? OU域應按頒發的證書類型劃分爲多個單元；如：Server、Enterprise、Person，可使用編碼；
? O域應爲公司的英文名稱；
? L域應爲城市的英文名稱；
? ST域應爲省的英文名稱；
? C域應爲國家代碼CN；
? 存儲庫的密碼和私鑰密碼應不一樣。
§3.1.1.2 生成Server的證書申請文件
keytool -certreq -alias AdminServer -sigalg "MD5withRSA" -file AdminServer.csr -keystore AdminServer.jks
§3.1.1.3 認證證書申請
提交上步生成的AdminServer.csr證書申請文件提交給證書頒發機構進行認證。本例中使用openssl認證該證書申請，命令以下：
openssl ca -in AdminServer.csr -out AdminServer.crt -config openssl.cfg
§3.1.1.4 導入證書文件
從CA獲取到認證的證書文件後，使用keytool將該證書文件導入到存儲庫。Keytool導入證書時，會自動檢查證書的合法性，確認該證書是信任的CA簽署的。默認狀況下，咱們的CA證書沒有包含在Java信任的CA清單中，所以先須要將咱們的CA添加到Java的信任CA清單中。命令以下：
keytool -import -file ca.crt -keystore D:\bea\jdk160_05\jre\lib\security\cacerts
注意：請確認您使用的keytool的JDK位置，Java信任CA清單存儲庫即爲該JDK的jre/lib/security/cacerts文件。
添加CA證書完成後，將該文件複製到WebLogic的server/lib目錄，覆蓋當前的cacerts文件，而後執行以下命令導入Server的證書文件。
keytool -import -trustcacerts -alias AdminServer -file AdminServer.crt -keystore AdminServer.jks
導入完成後，複製AdminServer.jks存儲庫到WebLogic的server/lib。至此，Server證書存儲庫準備就緒。
§3.1.2 建立CA證書存儲庫
從CA處下載CA證書文件。CA證書文件通常有兩種形式，一是單獨的CA證書文件，二是.p7b證書鏈文件。
§3.1.2.1 導入獨立的CA證書文件
keytool能夠導入DER格式（二進制）和PEM格式（BASE64編碼格式，-----BEGIN CERTIFICATE-----打頭，-----END CERTIFICATE-----結束）。命令以下：
keytool -importcert -file ca.crt -trustcacerts -alias "WJZHIFU CA" -
keystore WJZhiFuCA.jks
導入完成後，複製CA證書存儲庫到WebLogic的server/lib。
§3.1.2.2 導入p7b的CA證書文件
P7b文件不能直接導入到存儲庫，應使用openssl工具將p7b文件轉換爲每證書一個der文件，而後參考上節導入各個文件。
轉換p7b文件的命令以下：
openssl pkcs7 -in ca.p7b -out ca.txt -outform PEM -inform DEA -print_certs
編輯ca.txt文件，將每一個-----BEGIN CERTIFICATE-----打頭，-----END CERTIFICATE-----結束的證書內容分別複製到一個文件中，而後順序導入各個文件。導入完成後，導入完成後，複製CA證書存儲庫到WebLogic的server/lib。
§3.1.3 部署證書文件
（1）啓動WebLogic服務器，使用管理員登陸到控制檯；
（2）編輯Environment?Server的配置。本例編輯AdminServer；
（3）編輯Server的Keystore屬性；

? Keystore選擇爲：Custom Identity and Custom Trust；
? Custom Identity Keystore: 添加Server證書存儲庫全路徑名；
? Custom Identity Keystore Type: JKS
? 填寫該Server存儲庫的密碼；
? Custom Trust Keystore: 填寫CA證書存儲庫的全路徑名；
? Custom Trust Keystore Type: JKS
? 填寫該CA存儲庫的密碼；
? Save
（4）編輯Server的SSL配置；

? Identity and Trust Locations: KeyStores
? PrivateKey Alias: 填寫爲Server存儲庫私鑰的別名，即AdminServer；
? 填寫Server存儲庫私鑰的密碼；
? Save。
至此，單向認證（客戶端認證服務器）的SSL配置完成。
§3.2 配置雙向SSL認證
比照WebLogic服務器單向SSL認證的配置，完成服務器端的SSL配置，而後編輯Server?SSL?Advance配置。

? TwoWayClientCert：ClientCerts Requested and Enforced；
? Inbound Certificate Validation: Builtin SSL Validation And Cert Path Validators；
? Outbound Certificate Validation: Builtin SSL Validation And Cert Path Validators；
? Save
啓用Server雙向認證後，若是客戶端沒有相應的證書，則沒法鏈接服務器。
§3.3 WebLogic集羣配置

本集羣由三臺計算機組成，AdminServer、Server一、Server2。AdminServer負責集羣管理與部署，Server1和Server2組成集羣提供對外服務。
§3.3.1 準備證書文件
爲AdminServer、Server一、Server二、Server1 NodeManager、Server2 NodeManager各準備一張Server證書，並參考「WebLogic Server雙向SSL認證的配置」節，將這些證書和CA證書製做成以下文件：
文件名證書組成說明
ServerAdmin.jks AdminServer私鑰
AdminServer證書 CN=AdminServer
Server1.jks Server1私鑰
Server1證書 CN=server1.wjzhifu.com
Machine1.jks Machine1節點管理器私鑰
Machine1節點管理器證書 CN=machine1
Server2.jks Server2私鑰
Server2證書
Server2節點私鑰
Server2節點證書 CN=server2.wjzhifu.com
Machine2.jks Machine2節點管理器私鑰
Machine2節點管理器證書 CN=machine2
ServerCA.jks CA證書 CN=CA
注意：各證書的私鑰密碼應各不相同以提升安全性。
建立上述文件完成後，將ServerAdmin +ServerCA複製到管理服務器的wlserver_10.3\server\lib目錄，Server1 + Machine1 + ServerCA複製到Server1的wlserver_10.3\server\lib目錄，Server2 + Machine2 + ServerCA複製到Server2的wlserver_10.3\server\lib目錄。
§3.3.2 建立管理服務器和受管服務器的域
參考「建立管理服務器的域」和「建立受管服務器的域」章節，分別爲管理服務器和每一個Server建立域，併爲AdminServer配置雙向的SSL。建立域時應注意各機器域名、管理帳號、密碼均應相同。
建立各服務器的域完成後，啓動管理服務器，並按下列步驟添加機器、Server、配置集羣。
§3.3.2.1 啓動管理服務器