Search This Blog

Monday, January 25, 2016

Multitenancy in WebLogic 12c Part -6 Partition Domain Control

Controlling means starting the partition and shutdown the partition that we have created in the earlier post. Here my exploration on the two important WLST functions:

  1. startPartitionWait
  2. forceShutdownPartitionWait

Starts the given partition and waits until the partition reaches the requested state that is RUNNING state. To run this command the partition must already exist. Therefore startPartitionWait should not be used in the edit session.

The forceShutdownPartitionWait command will Shutdown the given partition and waits until the partition state reaches the SHUTDOWN state. Same rule works for this command as well, the partition must be exists to control it.

Prerequisites:

  1. Configure Security Realm
  2. Create Users & Groups for Partition domain
  3. Configure Virtual Target
  4. Creating Partition Domain
  5. Configure IDD for Partition
  6. Partition Control (start/stop using WLST)

Here I've prepared the customized script for stop, start and restart all the partitions in the domain.
# This script will start the partition

def startPartition(partitionName):
        print "Staring the partition :"+ partitionName
        partitionBean=cmo.lookupPartition(partitionName)
        startPartitionWait(partitionBean)

def startAllPartitions():
        print "Starting all partitions ..."
        startPartition('Corporate_partition')
        startPartition('Online_partition')

def stopPartition(partitionName):
        print "Stoping the partition :"+ partitionName
        partitionBean=cmo.lookupPartition(partitionName)
        forceShutdownPartitionWait(partitionBean)

def stopAllPartitions():
        print "Starting all partitions ..."
        stopPartition('Corporate_partition')
        stopPartition('Online_partition')


def main():
        connect("weblogic","welcome1","t3://192.168.33.100:6100")

        print "Partition Control Menu..."
        print "==========================="
        print "1. Start all partitions"
        print "2. Shutdown all partitions"
        print "3. Restart all partitions"
        control=input("Enter your control choice: ")

        if control==1:
                startAllPartitions()
        elif control==2:
                stopAllPartitions()
        elif control==3:
                stopAllPartitions()
                startAllPartitions()
        else:
                print "invalid option..."
        disconnect()


main()

The execution goes as shown below...
Starting Partition using WLST

Partition state RUNNING
Stop the Partition with menu option 2

Stop Partition using WLST
Double check the same on the WebLogic Admin console:

Shutdown Partitions on WebLogic Admin Console

Multitenancy in WebLogic 12c Part -5: Identity Domain (IDD) for Partition

Welcome back to the series of Multitenancy experiments on partitioned domain.


Resource groups in WebLogic Multitenancy Domain partition
Prerequsites
  1. Configure Security Realm
  2. Create Users & Groups for Partition domain
  3. Configure Virtual Target
  4. Creating Partition Domain
  5. Configure IDD for Partition
  6. Partition Control (start/stop using WLST)


def add_IDD4_Partition(realmName, partitionName, primary_IDD ): 
 """
 This function is developed for generic  use to adding Identity domain 
 to a partition domain.
 """
 sec = cmo.getSecurityConfiguration()
 sec.setAdministrativeIdentityDomain("AdminIDD")
 
 realm = cmo.getSecurityConfiguration().lookupRealm(realmName)
 
 # Authentication 
 defAtnP = realm.lookupAuthenticationProvider('ATNPartition')
 defAtnP.setIdentityDomain(primary_IDD)
 defAtnA = realm.lookupAuthenticationProvider('ATNAdmin')
 defAtnA.setIdentityDomain("AdminIDD")
 
 # Search for the Partition and set it as primary IDD
 p= cmo.lookupPartition(partitionName)
 p.setPrimaryIdentityDomain(primary_IDD)
 
 # For Default realm setting the IDD
 realm = sec.getDefaultRealm()
 defAtn = realm.lookupAuthenticationProvider('DefaultAuthenticator')
 defAtn.setIdentityDomain("AdminIDD")
 
 
def main():
 connect("weblogic","welcome1","t3://192.168.33.100:6100")
 edit()
 startEdit()
 
 add_IDD4_Partition('Corporate_Realm', "Corporate_partition", "Corporate_IDD" )
 add_IDD4_Partition('Online_Realm', "Online_partition", "Online_IDD" )
 
 save()
 activate()
 disconnect()
 
main()



Lets run the script that will add the Identity Domain for each partition.

WebLogic Multitenancy Partition domain with Security Realm
Select the Corporate Realm in the Security


Now select one of the security realm which you have created for the partition.




Sunday, January 17, 2016

Multitenancy in WebLogic 12c Part -4: Creating Partiton domain

Welcome back to the series of Multitenancy experiments on partitioned domain.

  1. Configure Security Realm
  2. Create Users & Groups for Partition domain
  3. Configure Virtual Target
  4. Creating Partition Domain
WebLogic domain partitions are an administrative and runtime slice of a WebLogic domain that is dedicated to running application instances and related resources for different tenant.
def create_Partition(vtName, partitionName, rgName, realmName):
        """
        This function programmed for creating partition in WebLogic domain
        it takes four arguments virtual target, Partition Name, Resource Group
        and Security Realm Name.

        """
        vt = cmo.lookupVirtualTarget(vtName)
        p = cmo.createPartition(partitionName)
        p.addAvailableTarget(vt)
        p.addDefaultTarget(vt)
        rg=p.createResourceGroup(rgName)
        rg.addTarget(vt)
        realm = cmo.getSecurityConfiguration().lookupRealm(realmName)
        p.setRealm(realm)

def main():
        connect("weblogic","welcome1","t3://192.168.33.100:6100")
        edit()
        startEdit()
        create_Partition("Online_vt","Online_partition","Online_rg",'Online_Realm')
        create_Partition("Corporate_vt","Corporate_partition","Corporate_rg",'Corporate_Realm')
        save()
        activate()
        disconnect()

main()

creating partition requires partition name, there should be resource group which can be created with default or you can have your own template for resource group. The resources could be JMS, JDBC Data source, JCA, JTA

WLST Script for create partition on WebLogic domain


admin console output

Partition successful execution of WLST 
Note: After you configure the new partitions in the domain you must restart the environment.

Multitenancy in WebLogic 12c Part -3: Create Virtual target for the Partition Domain

Create Virtual target for the Partition Domain

Welcome back to the series of Multitenancy experiments with WLST.

  1. Configure Security Realm
  2. Create Users & Groups for Partition domain
  3. Configure Virtual Target

In this sample virtual target is targeted to the admin server, you can also target to cluster. The uri prefix is /corporate This is the url prefix used for making JMX connections to  MBeanServer.

In this example you could find the re-usability of the functions easy to call them!




def create_VirtualTarget(vt_name, uriPrefix, serverName):
        """
        This method is developed for create Virtual Targets
        based on three arguments Virtual Target Name, URI prefix and actual physical target
        """
        vt = cmo.createVirtualTarget(vt_name)
        vt.setHostNames(array(["192.168.33.100"],java.lang.String))
        vt.setUriPrefix(uriPrefix)
        as = cmo.lookupServer(serverName)
        vt.addTarget(as)

def main():
        connect("weblogic","welcome1","t3://192.168.33.100:6100")
        edit()
        startEdit()
        create_VirtualTarget("Corporate_vt", "/corporate","tr_admin")
        create_VirtualTarget("Online_vt", "/online","tr_admin")
        save()
        activate()
        disconnect()

main()

Execute it with the following way!
 wlst createVirtualTargets.py


Execution of WLST Script for create Virtual Targets for partition domain 

On the WebLogic Admin Console you could select the domain structure expand "Environment" branch. You can select Virtual Target on the tree.

domain Structure with Virtual Target
On the work area you could see following screen :

WebLogic 12.2.1 Virtual Target configuration WLST
Virtual Target configuration using WLST




Multitenancy in WebLogic 12c Part -2: Create User and Group per Domain Partition

def create_userGroup(realmName, userName, groupName):
 cd('/')
 print 'add user: r
ealmName ' + realmName
 if realmName == 'DEFAULT_REALM':
   realm = cmo.getSecurityConfiguration().getDefaultRealm()
 else:
   realm = cmo.getSecurityConfiguration().lookupRealm(realmName)
 print "Creating user " + userName + " in realm: " + realm.getName()
 atn = realm.lookupAuthenticationProvider('ATNPartition')
 if atn.userExists(userName):
   print "User already exists."
 else:
   atn.createUser(userName, '${password}', realmName + ' Realm User')
 print "Done creating user. ${password}"
 print "Creating group " + groupName + " in realm: " + realm.getName()
 if atn.groupExists(groupName):
   print "Group already exists."
 else:
   atn.createGroup(groupName, realmName + ' Realm Group')
 if atn.isMember(groupName,userName,true) == 0:
   atn.addMemberToGroup(groupName, userName)
 else:
   print "User is already member of the group."
def main():
 connect("weblogic","welcome1","t3://192.168.33.100:6100")

 create_userGroup('Online_Realm', 'mt_adm1','Administrator')
 create_userGroup('Corporate_Realm', 'mt_adm2','Administrator')

 disconnect()

main()


Note: Remember this important point when you modify a security related configurations we should not use edit() or startEdit(). We are good to go lets execute the script...


wlst createUserGroups.py
create User and Group per Domain partition using WLST

WebLogic Admin Console sreen User configuration for Partitioned Domain

Tuesday, January 12, 2016

Multitenancy in WebLogic 12c Part -1: Security Realm for Partition Domain

In the new ear of  Multi-tenancy environment with WebLogic the application server software it self changed a lot internally to support the Partition based domains which supporting existing features as well. When we create a new SecurityRealm for a Partition, we need to create the following MBeans :

Let me begin with sample Training project where it runs with Online and Corporate training partitions. Here in this post we can configure security realm for each partition.
  • Authenticator
  • Role
  • Identity Asserter
  • Role Mapper
  • Authorizer
  • Adjucator
  • Auditor
  • Credential Mapper
  • Certificate Path Provider
  • Password Validator
WebLogic Multi-tenancy - SecurityRealm configuration


Lets make re-usable module so that everyone can use the function as it is. The changes could be in the main module only. Further simplification you could also move the values into a separate properties file.


def create_securityRealm4partition(realmName):
 
 security = cmo.getSecurityConfiguration()
 print 'realm name is ' + realmName
 realm = security.createRealm(realmName)
 
 # ATN
 atnp = realm.createAuthenticationProvider('ATNPartition','weblogic.security.providers.authentication.DefaultAuthenticator')
 atna = realm.createAuthenticationProvider('ATNAdmin','weblogic.security.providers.authentication.DefaultAuthenticator')
 
 # IA
 ia = realm.createAuthenticationProvider('IA','weblogic.security.providers.authentication.DefaultIdentityAsserter')
 ia.setActiveTypes(['AuthenticatedUser'])
 
 # ATZ/Role
 realm.createRoleMapper('Role','weblogic.security.providers.xacml.authorization.XACMLRoleMapper')
 realm.createAuthorizer('ATZ','weblogic.security.providers.xacml.authorization.XACMLAuthorizer')
 
 # Adjudicator
 realm.createAdjudicator('ADJ','weblogic.security.providers.authorization.DefaultAdjudicator')
 
 # Auditor
 realm.createAuditor('AUD','weblogic.security.providers.audit.DefaultAuditor')

 # Credential Mapper
 realm.createCredentialMapper('CM','weblogic.security.providers.credentials.DefaultCredentialMapper')
 
 # Cert Path
 realm.setCertPathBuilder(realm.createCertPathProvider('CP','weblogic.security.providers.pk.WebLogicCertPathProvider'))
 
 # Password Validator
 pv = realm.createPasswordValidator('PV', 'com.bea.security.providers.authentication.passwordvalidator.SystemPasswordValidator')
 pv.setMinPasswordLength(8)
 pv.setMinNumericOrSpecialCharacters(1)

def main():
 connect("weblogic","welcome1","t3://192.168.33.100:6100")
 edit()
 startEdit()

 create_securityRealm4partition('Online_Realm')
 create_securityRealm4partition('Corporate_Realm')

 save()
 activate()
 disconnect()
main()



 wlst createSecurityRealm.py


SecurityRealm using WLST
Configure Security realm for partitions using WLST Script createSecurityRealm.py 

On the other hand you can see the WebLogic Admin console output as well:
Security Realm on Domain Partition

This article is a series of blog posts you will be more excited to see the next posts see below:

  1. Configure Security Realm for MT
  2. Create Users & Groups for Partition domain
  3. Configure Virtual Target
  4. Creating Partition Domain
  5. Configure IDD for Partition
  6. Partition Control (start/stop using WLST)
  7. Deploy and Undeploy Application on Partition 

Popular Posts