|
|
The following sections describe Node Manager functionality, architecture, and configuration procedures.
Server instances in a WebLogic Server production environment are often distributed across multiple domains, machines, and geographic locations. Node Manager is a WebLogic Server utility that enables you to start, shut down, and restart Administration Server and Managed Server instances from a remote location. Although Node Manager is optional, it is recommended if your WebLogic Server environment hosts applications with high availability requirements.
A Node Manager process is not associated with a specific WebLogic domain but with a machine. You can use the same Node Manager process to control server instances in any WebLogic Server domain, as long as the server instances reside on the same machine as the Node Manager process. Node Manager must run on each computer that hosts WebLogic Server instances -- whether Administration Server or Managed Server -- that you want to control with Node Manager.
WebLogic Server provides two versions of Node Manager, Java-based and script-based, with similar functionality. However, each version has different configuration and security considerations.
Java-based Node Manager runs within a Java Virtual Machine (JVM) process. It is recommended that you run it as a Windows service on Windows platforms and as an operating service on UNIX platforms, allowing it to restart automatically when the system is rebooted.
BEA provides native Node Manager libraries for Windows, Solaris, HP UX, Linux on Intel, Linux on Z-Series, and AIX operating systems.
| Note: | Node Manager is not supported on Open VMS, OS/390, AS400, UnixWare, or Tru64 UNIX. |
This version of Node Manager determines its configuration from the nodemanager.properties file. See Configuring Java-based Node Manager.
Java-based Node Manager provides more security than the script-based version. See Configuring Java-based Node Manager Security.
For UNIX and Linux systems, WebLogic Server provides a script-based version of Node Manager. This script is based on UNIX shell scripts, but uses SSH for increased security. SSH uses user-id based security.
For information on configuring the script version of Node Manager, see Configuring Script-based Node Manager. For information on using this version of Node Manager, see Running Script-based Node Manager.
This version does not provide as much security as the Java-based version. However, the advantage of the script-based Node Manager is that it can remotely manage servers over a network that has been configured to use SSH. No additional server installation is required. The scripts merely have to be copied to the remote machine.
| Note: | It is recommended that you run script-based Node Manager as an operating system service, which allows it to restart automatically when the system is rebooted. |
Which version of Node Manager to use depends on the requirements of your WebLogic Server environment. The following considerations can help you decide which version is ideal for your environment:
inetd on supported UNIX systems. inetd allows Node Manager to be automatically restarted on upon receiving a request on the configured port.A Node Manager client can be local or remote to the Node Managers with which it communicates. You access either version of Node Manager—the Java version or the script-based (SSH) version—from the following clients. (In addition, an SSH client in the form of a shell command template is provided for use with the script-based Node Manager.)
The following sections describe basic Node Manager functionality.
Using the WebLogic Scripting Tool (or SSH client for Script-based Node Manager only), you connect to the Node Manager process on the machine that hosts the Administration Server and issue commands to start, shut down, or restart an Administrative Server. The relationship of an Administration Server to Node Manager varies for different scenarios.
From the WebLogic Server Scripting Tool (WLST) command line or scripts, you can issue commands to Node Manager to start, shut down, suspend, and restart Managed Server instances and clusters.
Node Manager can restart a Managed Server after failure even when the Administration Server is unavailable if Managed Server Independence (MSI) mode is enabled for that Managed Server instance. This is enabled by default.
| Note: | Node Manager cannot start a Managed Server for the first time in MSI mode, because at the Administration Server for the domain must be available so the Managed Server can obtain its configuration settings. |
| Note: | Node Manager uses the same command arguments that you supply when starting a Managed Server with a script or at the command line. For information about startup arguments, see “weblogic.Server Command-Line Reference” in WebLogic Server Command Reference. |
If a server instance that was started using Node Manager fails, Node Manager automatically restarts it.
| Note: | Node Manager can only restart a server that was started via Node Manager. |
The restart feature is configurable. Node Manager’s default behavior is to:
If Node Manager fails or is explicitly shut down, upon restart, it determines the server instances that were under its control when it exited. Node Manager can restart any failed server instances as necessary.
| Note: | It is advisable to run Node Manager as an operating system service, so that it restarts automatically if its host machine is restarted. |
Node Manager creates a log file for the Node Manager process and a log file of server output for each server instance it controls. You can view these log files, as well as log files for a server instance using the Administration Console or WLST commands.
The following sections provide a “big picture” diagram of Node Manager’s role in the WebLogic Server environment, as well as illustrations and descriptions of the processes Node Manager uses to communicate with servers:
Figure 3-1 illustrates the relationship between Node Manager, its clients, and the server instances it controls.
Figure 3-2 illustrates the process of starting an Administration Server with Node Manager.
This section assumes that you have installed the Administration Server and created its domain directory using the Configuration Wizard.
Node Manager is running on Machine A, which hosts the Administration Server. The stand-alone Node Manager client is remote.
The start command identifies the domain and server instance to start, and in the case of the Java Node Manager, provides the Node Manager username and password.
| Note: | If the user has previously connected to the Node Manager, a boot.properties file exists, and the user does not have to supply username and password. |
nodemanager.domains, and authenticates the user credentials using a local file that contains the encrypted username and password. config directory.Figure 3-3 illustrates the process of starting a Managed Server with Node Manager.
Node Manager is running on Machine B, which hosts Managed Server 1. The Administration Server for the domain is running on Machine A.
| Note: | A stand-alone client can also issue a start command for a Managed Server. |
Node Manager starts the Managed Server using the same root directory where the Node Manager process is running. To run the Managed Server in a different directory, set the Root Directory attribute in the Server—>Configuration—>Server Start console page.
Figure 3-4 illustrates the process of restarting an Administration Server with Node Manager.
Node Manager is running on the machine that hosts the Administration Server. The Administration Server, which was initially started with Node Manager, has exited. The Administration Server’s AutoRestart attribute is set to true.
| Notes: | If a server instance’s AutoRestart attribute is set to false, Node Manager will not restart it. |
| Note: | Node Manager does not allow you to restart an Administration Server if that server failed to reach the RUNNING state during the previous restart attempt. After resolving the startup issue, the server may need to be terminated and restarted manually. |
boot.properties file, and the server startup properties from the <server_name>/data/nodemanager/startup.properties file.Figure 3-5 illustrates process of restarting a Managed Server with Node Manager.
Node Manager is running on Machine B, which hosts Managed Server 1. Managed Server 1, which was initially started with Node Manager, has exited. Managed Server 1’s AutoRestart attribute is set to true.
| Note: | If a server instance’s AutoRestart attribute is set to false, Node Manager will not restart it. |
boot.properties file, and the server startup properties from the startup.properties file. These server-specific files are located in the server directory for Managed Server 1.| Note: | Node Manager waits RestartDelaySeconds after a server instances fails before attempting to restart it. |
config directory.| Note: | Managed Server Independence mode is enabled by default. |
Figure 3-6 illustrates the communications involved in shutting down a Managed Server that is under Node Manager control. Depending on the state and availability of the Managed Server, Node Manager might need to try alternative strategies to successfully initiate the shutdown.
Node Manager is running on Machine B, which hosts Managed Server 1.
To ensure that Node Manager properly restarts servers after a system crash, you must perform the following:
The CrashRecoveryEnabled configuration property allows Node Manager to restart servers after a system crash. The property is not enabled by default.
After the system is restarted, Node Manager checks each managed domain specified in the nodemanager.domains file to determine if there are any server instances that were not cleanly shutdown. This is determined by the presence of any lock files which are created by Node Manager when a WebLogic Server process is created. This lock file contains the process identifier for WebLogic Server startup script. If the lock file exists, but the process ID is not running, Node Manager will attempt to automatically restart the server.
If the process is running, Node Manager performs an additional check to access the management servlet running in the process to verify that the process corresponding to the process ID is a WebLogic Server instance.
| Note: | When Node Manager performs a check to access the management servlet, an alert may appear in the server log regarding improper credentials. |
In managing multiple servers, Node Manager uses multiple configuration files and outputs log files to multiple directories, as shown in the following figure. For a description of these files, see Node Manager Configuration and Log Files.
The following sections describe Node Manager configuration and log files:
Except where noted, configuration files apply to both Java-based and script-based Node Manager.
This is the configuration file used by the Java-based version of Node Manager.See Reviewing nodemanager.properties.
This file is located in WL_HOME/common/nodemanager.
This file contains mappings between the names of domains managed by Node Manager and their corresponding directories. See Configuring nodemanager.domains File.
This file is located in WL_HOME/common/nodemanager.
This file stores the encryption data the Node Manager uses a symmetric encryption key. The data is stored in encrypted form.
This file is located in WL_HOME/common/nodemanager.
This file stores the Node Manager user name and password. See Specifying Node Manager Username and Password.
This file is located in DOMAIN_HOME/config/nodemanager.
Node Manager uses this file to specify a boot identity when starting a server. See General Node Manager Configuration.
This file is located in domain-name/servers/server_name/data/nodemanager.
Each Managed Server instance has its own startup.properties file with properties that control how Node Manager starts up and controls the server. Node Manager automatically creates this file by using properties passed to Node Manager when the Administrative Server was last used to start the server. This allows a Node Manager client or startup scripts to restart a Managed Server using the same properties last used by the Administrative Server.
For more information on startup.properties, see Setting Server Startup Properties. These properties correspond to the server startup attributes contained in ServerStartMBean and the health monitoring attributes in ServerStartMBean.
This file is located in domain-name/servers/server_name/data/nodemanager.
server_name.addr stores the IP address added when a server starts or is migrated. This file is generated after the server IP address is successfully brought online during migration. server_name.addr is deleted when the IP address is brought offline. The server IP address is used to validate remove requests to prevent addresses being erroneously removed while shutting down the server.
This file is located in domain-name/servers/server_name/data/nodemanager.
server_name.lck is generated by each server and contains an internally used lock ID.
This file is located in domain-name/servers/server_name/data/nodemanager
server_name.pid is generated by each server and contains the process ID of the server. Node Manager checks the process ID generated by the server during crash recovery.
This file is located in domain-name/servers/server_name/data/nodemanager
server_name.state is generated by the server and contains the server’s current state. Node Manager monitors the contents of this file to determine the current state of the server.
| Note: | Do not delete or alter this file. Without this file Node Manager cannot determine the current state of the server. |
This file is located in domain-name/servers/server_name/data/nodemanager.
Use the Node Manager and WebLogic Server log files to help troubleshoot problems in starting or stopping individual Managed Servers.f
Node Manager creates a log file located in NodeManagerHome/nodemanager.log. This log file stores data about all of the domains administered by Node Manager.
This log file is generated by Node Manager and contains data for all domains that are controlled by Node Manager on a given physical machine. See nodemanager.log.
This file is located in WL_HOME/common/nodemanager.
Log output is appended to the current nodemanager.log. Log rotation is disabled by default, but can be enabled by setting LogCount in nodemanager.properties.
You can view the Node Manager log file by:
For each server instance that it controls, Node Manager maintains a log file that contains stdout and stderr messages generated by the server instance. If the remote start debug property is enabled as a remote start property for the server instance, or if the NodeManager debug property is enabled, Node Manager will include additional debut information in the server output log information.
| Note: | You cannot limit the size of the log files Node Manager creates. Logging to stdout is disabled by default. |
This file is located in domain_name/servers/<server_name>/logs
Node Manager creates the server output log for a server instance in the server instance’s logs directory, with the name:
where server-name is the name of the server instance.
You can view the Node Manager log file for a particular server instance by:
There is no limit to the number of server output logs that Node Manager can create.
A server instance under Node Manager control has its own log file, in addition to the log file created by Node Manager.
You can view the regular log file for a server instance by selecting Diagnostics->Log Files, selecting the server log file, and clicking View.
This section describes general Node Manager configuration that applies to the Java and script version of Node Manager. You should ensure than you have performed all of the items outlined in the following sections.
After you have you have performed general Node Manager configuration, you should perform the configuration procedures outlined in Configuring Java-based Node Manager or Configuring Script-based Node Manager depending on which version of Node Manager you are using.
Node Manager must run on each computer that hosts WebLogic Server instances that you want to control with Node Manager. Configure each computer as a Machine in WebLogic Server, and assign each server instance that you will control with Node Manager to the machine upon which it runs.
Ideally, Node Manager should run as an operating system service or daemon, so that it is automatically restarted in the event of system failure or reboot. For more information, see “ Installing the Node Manager as a Windows Service” in the Installation Guide.
Node Manager is ready-to-run after WebLogic Server installation if you run Node Manager and the Administration Server on the same machine, and use the demonstration SSL configuration. By default, the following behaviors are configured:
The WebLogic Scripting Tool (WLST) is a command-line scripting interface that system administrators and operators use to monitor and manage WebLogic Server instances and domains. You can start, stop, and restart server instances remotely or locally, using WLST as a Node Manager client. In addition, WLST can obtain server status and retrieve the contents of the server output log.
By default, the nmConnect() command cannot be used in a production environment. You must perform the following procedures to use nmConnect in a production environment.
nmEnroll() using the following as an example:
nmEnroll('C:/bea/wls900/user_projects/domains/prod_domain',
'C:/bea/wls900/weblogic90/common/nodemanager')
Running nmEnroll() ensures that the correct NodeManager user and password token are supplied to each managed server. Once these are available for each managed server, you can use nmConnect() in a production environment.
| Note: | You must run nmEnroll() on each machine that is running a managed server. Additionally, you should run nmEnroll() for each domain directory on each machine. |
The nm_password.properties file contains the Node Manager username and password. These are used to authenticate connection between a client (for example, the Administration server) and Node Manager.
| Note: | This username and password are only used to authenticate connections between Node Manager and clients. They are independent from the server admin ID and password. |
This file is created when you use nmEnroll() to copy the necessary configurations files from one machine to another when creating a domain. After nm_password.properties is created, you can change the values for the Node Manager password and properties using the Administration Console. Changes are propagated to the nm_password.properties file and are picked up by Node Manager.
| Note: | If you edit nm_password.properties manually, you must restart Node Manager in order for the changes to take effect. |
The nm_password.properties file must exist on each physical machine that runs Node Manager. However, the Node Manager username and password do not have to be identical on every machine within your domain.
A WebLogic Server Machine resource associates a particular machine with the server instances it hosts, and specifies the connection attributes for the Node Manager process on that system.
Configure a machine definition for each machine that runs a Node Manager process using the Environment—>Machines—><machine_name>—>Node Manager page in the Administration Console. Enter the DNS name or IP address upon which Node Manager listens in the Listen Address box.
The nodemanager.domains file specifies the domains that a Node Manager instance controls. Thus stand-alone clients do not need to specify the domain directory explicitly.
This file must contain an entry specifying the domain directory for each domain the Node Manager instance controls, in this form:
<domain-name>=<domain-directory>
When a user issues a command for a domain, Node Manager looks up the domain directory from nodemanager.domains.
This file provides additional security by restricting Node Manager client access to the domains listed in this file. The client can only execute commands for the domains listed in nodemanager.domains.
If you created your domain with the Configuration Wizard, the nodemanager.domains file was created automatically. If necessary, you can manually edit nodemanager.domains to add a domain.
| Note: | If you use the backslash character (\) in nodemanager.domains, you must escape it as (\\). |
In the Server—>Configuration—>Server Start page for the Managed Server, specify the startup arguments that Node Manager will use to start a Managed Server. If you do not specify startup arguments for a Managed Server, Node Manager uses its own properties as defaults to start the Managed Server. For more information, see Table 3-4, Node Manager Properties, on page 3-27. Although these defaults are sufficient to boot a Managed Server, to ensure a consistent and reliable boot process, configure startup arguments for each Managed Server instance.
If you will run Node Manager as a Windows Service, as described in “ Installing the Node Manager as a Windows Service” in the Installation Guide, you must configure the following JVM property for each Managed Server that will be under Node Manager control:
If you do not set this option, Node Manager will not be able to restart a Managed Server after a system reboot, due to this sequence of events:
Starting a Managed Server with the -Xrs or -Xnohup option avoids this sequence of events by preventing the immediate shutdown of the Managed Server during machine shutdown.
You can use Node Manager to set the startup properties for a server. These properties can be defined in startup.properties or passed as an object using administrative utilities such as WLST. The methods of setting startup properties and their valid values are outlined in the sections below.
Node Manager uses the startup.properties file to determine the startup and configuration when starting a server. This file is defined for each server instance and is located in:
domain_home/servers/server_name/data/nodemanager/startup.properties
The contents of startup.properties are derived from the Server Mbean, or the Cluster Mbean if the server is part of a cluster. For more information, see the Mbean reference.
When using the WLST nmStart() command, the server configuration can not be determined directly. Therefore, you must pass the server start properties as a WLST properties object to the nmStart() command.
The following server startup properties can be passed to a server when started via Node Manager.
|
|||
Make sure that a Listen Address is defined for each Administration Server that will connect to the Node Manager process. If the Listen Address for an Administration Server is not defined, when Node Manager starts a Managed Server it will direct the Managed Server to contact localhost for its configuration information.
Set the Listen Address using the Servers—>Configuration—>General page in the Administration Console.
Node Manager requires you to set several environment variables before you start it.
You can set these variables manually on the command line or you can create a start script that sets them automatically. The sample start scripts provided with WebLogic Server —startNodeManager.cmd and startNodeManager.sh — set the required variables.
It is recommended that you configure Node Manager to run as an operating system service or a Windows service on Windows systems. By default, the operating system service starts up Node Manager to listen on localhost:5556.
When you configure Node Manager to accept commands from remote systems, you must uninstall the default Node Manager service, then reinstall it to listen on a non-localhost Listen Address.
Depending on your platform, follow the instructions in Reconfigure Startup Service for Windows Installations or Configuring Java-based Node Manager Security.
The following sections provide configuration information specific to Java-based Node Manager:
The directory WL_HOME\server\bin (where WL_HOME is the top-level directory for the WebLogic Server installation) contains uninstallNodeMgrSvc.cmd, a script for uninstalling the Node Manager service, and installNodeMgrSvc.cmd, a script for installing Node Manager as a service.
uninstallNodeMgrSvc.cmd.installNodeMgrSvc.cmd to specify Node Manager’s Listen Address and Listen Port.
Make the same edits to uninstallNodeMgrSvc.cmd as you make to installNodeMgrSvc.cmd, so that you can successfully uninstall the service in the future, as desired.
installNodeMgrSvc.cmd to re-install Node Manager as a service, listening on the updated address and port.Node Manager security relies on a one-way SSL connection between the client and server.
If you are establishing a command line connection to the Java Node Manager using the WebLogic Server Scripting Tool (WLST) nmConnect command, you provide the Node Manager user name and password. Node Manager verifies the username and password against the domain's nm_password.properties file. For more information on nm_password.properties, see Specifying Node Manager Username and Password.
Node Manager credentials are located on the Security>General>Advanced Options Console page.
Administration Console users do not need to explicitly provide credentials to connect to Node Manager—the Node Manager user name and password are available in the domain configuration and are provided automatically.
A remote start user name and password is required to start a server instance with Node Manager. These credentials are provided differently for Administration Servers and Managed Servers.
boot.properties file. The Configuration Wizard initializes the boot.properties file and the startup.properties file for an Administration Server when you create the domain.
Any server instance started by Node Manager encrypts and saves the credentials with which it started in a server-specific boot.properties file, for use in automatic restarts.
Node Manager properties define a variety of configuration settings for a Java-based Node Manager process. You can specify Node Manager properties on the command line or define them in the nodemanager.properties file, which is created in the directory where you start Node Manager the first time it starts up after installation of WebLogic Server. Values supplied on the command line override the values in nodemanager.properties.
nodemanager.properties is created in the directory specified in NodeManagerHome. If NodeManagerHome is not defined, nodemanager.properties is created in the current directory.
Each time you start Node Manager, it looks for nodemanager.properties in the current directory, and creates the file if it does not exist in that directory. You cannot access the file until Node Manager has started up once.
Table 3-4 describes Node Manager properties.
In many environments, the SSL-related properties in nodemanager.properties may be the only Node Manager properties that you must explicitly define. However, nodemanager.properties also contains non-SSL properties in that you might need to specify, depending on your environment and preferences. For example:
StartScriptEnabled and NativeVersionEnabled properties. ListenAddress and ListenPort.
If true, use the start script specified by
StartScriptName to start a server. For more information, see Configuring Node Manager to Use Start and Stop Scripts.
|
||||
If
true, execute the stop script specified by StopScriptName after the server has shutdown. For more information, see Configuring Node Manager to Use Start and Stop Scripts.
|
||||
Specifies the password defined when creating the Identity keystore. This field is optional or required depending on the type of keystore. All keystores require the passphrase in order to write to the keystore. However, some keystores do not require the passphrase to read from the keystore. WebLogic Server only reads from the keystore, so whether or not you define this property depends on the requirements of the keystore.
|
||||
Specifies the password defined when creating the Trust keystore. This field is optional or required depending on the type of keystore. All keystores require the passphrase in order to write to the keystore. However, some keystores do not require the passphrase to read from the keystore. WebLogic Server only reads from the keystore, so whether or not you define this property depends on the requirements of the keystore.This property is required when the
Keystores property is set as CustomIdentityandJavaStandard Trust or DemoIdentityAndDemoTrust.
|
||||
Indicates the keystore configuration the Node Manager uses to find its identity (private key and digital certificate) and trust (trusted CA certificates). Possible values are:
Use the demonstration Identity and Trust keystores located in the
Uses a keystore you create, and the trusted CAs defined in the cacerts file in the |
||||
|
For more information on these files, see Node Manager Configuration and Log Files.
|
||||
Root directory of the WebLogic Server installation. This is used as the default value of
-Dweblogic.RootDirectory for a Managed Server that does not have a root directory configured in its Remote Start tab. If not specified in either place, Node Manager starts the Managed Server in the directory where Node Manager runs.
|
||||
|
||||
|
||||
|
This section lists the Node Manager properties that are deprecated in WebLogic Server 9.x.
You can configure Node Manager to use a script to start a managed server or to execute a script after server shutdown has completed. These scripts can be used to perform tasks that need to be peformed before a server is started or after it is shutdown. Mounting and unmounting remote disks is one example of a task that can be performed using scripts.
| Note: | Node Manager uses startup scripts to perform any required configration, then start the server. In contrast, stop scripts are executed after the server has shutdown. |
You can use a start script allows you to specify required startup properties and perform any other work you need performed at start up. To define a start script:
nodemanager.properties file, set the StartScriptEnabled property to true. (The default is false.) If your start script is named startWebLogic.sh or startWebLogic.cmd, Node Manager uses one of those scripts as the default. StartScriptName property to the name of your script in the nodemanager.properties fileYou can use a stop script to perform any tasks that are required after the server has shutdown. To define a stop script:
The following example shows a stop script that can be used to unmout a disk on UNIX systems:
#!/bin/sh
FS=/cluster/d2
if grep $FS /etc/mnttab > /dev/null 2>&1 ; then
sync
PIDS=`/usr/local/bin/lsof $FS | awk
'{if ($2 ~/[0-9]+/) { print $2} }' | sort -u`
kill -9 $PIDS
sleep 1
sync
/usr/sbin/umount -f $FS
fi
Administration Servers and Managed Servers communicate with Java-based Node Manager using one-way SSL.
The default WebLogic Server installation includes demonstration Identity and Trust keystores that allow you to use SSL out of the box. The keystores—DemoIdentity.jks and DemoTrust.jks—are installed in WL_HOME/server/lib. For testing and development purposes, the keystore configuration is complete.
Configuring SSL for a production environment involves obtaining identity and trust for the Node Manager and each Administration and Managed Server with which the Node Manager will be communicating and then configuring the Node Manager, the Administration Server, and any Managed Servers with the proper identity and trust. In addition, the use of host name verification and the Administration port must be taken into consideration. To configure production SSL components, see “Configuring the SSL Protocol” in Managing WebLogic Security.
If you have a domain that has managed servers on multiple physical machines, you must ensure that Node Manager is installed and configured on each machine. You can use the WLST command nmEnroll to copy all of the required domain and configuration information from one machine to another. For more information, see Controlling and Configuring Node Manager Using WLST and “nmEnroll() ” in WebLogic Scripting Tool.
When configuring Node Manager to run as an inetd or xinetd service, the following considerations apply:
The following example shows how Node Manager can be configured within xinetd:
# default: off
# description:nodemanager as a service
service nodemgrsvc
{
type = UNLISTED
disable = no
socket_type = stream
protocol = tcp
wait = yes
user = <username>
port = 5556
flags = NOLIBWRAP
log_on_success += DURATION HOST USERID
server = <path-to-jave>/java
env = CLASSPATH=<cp> LD_LIBRARY_PATH=<ldpath>
server_args = -client -DNodeManagerHome=<NMHome> <java options>
<nodemanager options> weblogic.NodeManager -v
}
The SSH Node Manager is a shell script, wlscontrol.sh, located in {WL_HOME}/common/bin/. wlscontrol.sh must exist on each machine that hosts server instances that you want to control with Node Manager. This script can be customized to meet site-specific requirements.
You must have an SSH client executable on each machine where Node Manager or a Node Manager client runs. This script must also be in the path of the user id running it. Typically, an SSH client is a standard part of a Unix or Linux installation.
The following sections describe how to configure script-based Node Manager:
Before running Node Manager, you should create a dedicated UNIX user account for performing Node Manager functions. This user should be added to all machines that will host the SSH Node Manager and to all machines that will host a Node Manager client, including the Administration Server.
The default SSH port used by Node Manager is 22. You can override that setting in the following ways:
Port= parameter in the ~/.ssh/config file to set the default port for an individual user.Port= parameter in the /etc/ssh_config file to set the default port across the entire system.-Dweblogic.nodemanager.ShellCommand="ssh -o PasswordAuthentication=no -p %P %H wlscontrol.sh -d %D -r %R -s %S %C"
After starting the server, you can edit the SSH port in the Administration Server’s configuration file.
The Node Manager SSH shell script relies on SSH user-based security to provide a secure trust relationship between users on different machines. Authentication is not required. You create a UNIX user account—typically one per domain—for running Node Manager commands and scripts. A user logged in as this user can issue Node Manager commands without providing a username and password.
| Note: | You must also ensure that the Node Manager and WebLogic Server commands are available in the path of the UNIX user ID used to run them. |
To perform Server migration and other tasks, the user ID executing scripts such as wlscontrol.sh must have enough sufficient security permissions. This includes being able to bring an IP address online or take an IP address offline via a network interface.
Server migration is performed by the cluster master when it detects that a server has failed. It then uses SSH to launch a script on the target machine to begin the migration. The script on the target machine runs as the same user ID running the server on the cluster master.
The commands required to perform server migration are ifconfig and arping. Since these scripts require elevated OS privileges, it is important to note that this can prevent a potential security hole.
Using sudo, you can configure your SSH to only allow ifconfig and arping to be run using elevated privileges.
A remote start user name and password is required to start a server instance with Node Manager. These credentials are provided differently for Administration Servers and Managed Servers.
boot.properties file. The Configuration Wizard initializes the boot.properties file and the startup.properties file for an Administration Server when you create the domain.
Any server instance started by Node Manager encrypts and saves the credentials with which it started in a server-specific boot.properties file, for use in automatic restarts.
The script-based Node Manager uses two types of key value pairs. This section contains instructions for distributing key value pairs to the machines that will host a Node Manager client or server.
This option distributes the same key value pair to all machines that will host a Node Manager client or server.
The simplest way to accomplish this is to set up your LAN to mount the Node Manager user home directory on each of the machines. This makes the key value pair available to the machines. Otherwise
ssh-keygen command provided with your SSH installation.
The default location for the private and public keys are ~/.ssh/id_rsa and ~/.ssh/id_rsa.pub respectively.
If these keys are stored in a different location, modify the ShellCommand template, adding an option to the ssh command to specify the location of the keys.
~/.ssh/authorized_keys file on the Node Manager machine. For example:
command="/home/bea/<server_version>/common/nodemanager/nodemanager.sh" 1024 33 23...2323
in which the you substitute the public key that you generated, as stored in id_rsa.pub, for the string shown in the example as
| Note: | The prefix command=<command> ensures that a user that establishes a session with the machine using the public key can only run the command specified—nodemanager.sh. This ensures that the user can only perform Node Manager functions, and prevents unauthorized access to data, system utilities, or other resources on the machine. |
/home/bea$ ssh montgomery VERSION
This response indicates that the client accessed Node Manager successfully:
On each machine that will host a Node Manager client:
The following sections provide information on how to start and run Java-based and script-based Node Manager. It also provides information on the recommended procedures for starting servers using Node Manager.
It is recommended that you install Node Manager to run as a startup service. This allows Node Manager to start up automatically each time the system is restarted.
By default, Node Manager listens only from the local host. If you want Node Manager to accept commands from remote systems, you must uninstall the default Node Manager service, then reinstall it to listen on a non-localhost Listen Address.
Although running Node Manager as an operating system service is recommended, you can also start Node Manager manually at the command prompt or with a script. The environment variables Node Manager requires are described in Setting Node Manager Environment Variables.
Sample start scripts for Node Manager are installed in the WL_HOME\server\bin directory, where WL_HOME is the top-level installation directory for WebLogic Server. Use startNodeManager.cmd on Windows systems and startNodeManager.sh on UNIX systems.
The scripts set the required environment variables and start Node Manager in WL_HOME/common/nodemanager. Node Manager uses this directory as a working directory for output and log files. To specify a different working directory, edit the start script with a text editor and set the value of the NODEMGR_HOME variable to the desired directory.
Edit the sample start script to make sure that the command qualifiers set the correct listen address and port number for your Node Manager process.
The syntax for starting Java-based Node Manager is:
java [java_option=value...] -D[nodemanager_property=value]-D[server_property=value] weblogic.NodeManager
java_option is a direct argument to the java executable, such as -ms or -mx. | Note: | If you did not set the CLASSPATH environment variable, use the -classpath option to identify required Node Manager classes. |
nodemanager_property is a Node Manager property. Instead of supplying Node Manager property values on the command line, you can edit the nodemanager.properties file, which is installed in the directory where you start Node Manager. For more information, see
Table 3-4, Node Manager Properties, on page 3-27.
Node Manager property values you supply on the command line override the values in nodemanager.properties.
server_property is a server-level property that Node Manager accepts on the command line, including:| Notes: | For UNIX systems: |
| Note: | If you run Node Manager on a UNIX operating system other than Solaris or HP UX, you cannot have any white space characters in any of the parameters that will be passed to the java command line when starting Node Manager. For example, this command fails due to the space character in the name “big iron”. |
| Note: | For UNIX systems other than Solaris, HP-UX, and Linux operating systems, you must disable the weblogic.nodemanager.nativeVersionEnabled option at the command line when starting Node Manager (or set the property in nodemanager.properties) to use the pure Java version. For more information, see
Reviewing nodemanager.properties. |
To use the SSH Node Manager Command Shell, start the Administration Server using the following command line option:
-Dweblogic.nodemanager.ShellCommand=’ssh -o PasswordAuthentication=no %H wlscontrol.sh -d %D -r %R -s %S %C'
The weblogic.nodemanager.ShellCommand attribute specifies the command template to use to communicate with a remote SSH Node Manager and execute Node Manager functions for server instances under its control.
The template assumes that wlscontrol.sh is in the default path on the remote machine hosting Node Manager.
ssh -o PasswordAuthentication=no %H wlscontrol.sh -d %D -r %R -s %S %C'
The possible command line options are listed in Table . The possible parameter values are listed in Table .
For example, if you type this command,
ssh -o PasswordAuthentication=no wlscontrol.sh myserver start
The listen address and port of the SSH server default to the listen address and port used by Node Manager on the remote machine. The domain name and domain directory are assumed to be the root directory specified for the target server instance, myserver.
ssh -o PasswordAuthentication=no 172.11.111.11 wlscontrol.sh -d ProductionDomain -r ProductionDomain -s ServerA'
issues a START command to the server instance named ServerA, in the domain called ProductionDomain, located in the domains/ProductionDomain directory.
The ssh command must include the string:
-o PasswordAuthentication=no
This string passes the ssh PasswordAuthentication option. A value of yes causes the client to hang when it tries to read from the console.
To stop Node Manager, close the command shell in which it is running.
|