How to include modules and Java Options in WLST Shell?

In recent developments in the Python impacting WLST Shell as well. We might want to use Python module into our WLST scripts as well. Sometimes you need a Python module that is available for Python Community same we may use in your WLST, and sometimes you might need some JAVA_OPTIONS must be included before the WLST shell is launched.

Here I will walk you through some scenarios where you need to customize.

1. When there is customization in WebLogic domains such as Oracle Utilities products uses the SSL enable communication for their AdminServer - Managed servers
2. WLST shell using a connection to AdminServer with t3s protocol
3. WebLogic domain for Oracle Data Integrator uses WLST when a managed server used to stop with 'stopManagedWebLogic.sh' or even AdminServer using 'stopWebLogic.sh' script calls WLST scripts to stop and when there is SSL enabled for the security purpose then WLST shell interaction requires SSL configuration details

How to include the Python module in WLST?

This could be a common requirement when automation scripts needs multiple Python modules into their WLST Shell.

Better you can add to your profile script. I've added the following lines to the .bashrc profile script.

alias wlst="$WL_HOME/../oracle_common/common/bin/wlst.sh"
export CONFIG_JVM_ARGS="-Djava.security.egd=file:/dev/./urandom \
-Dweblogic.security.SSL.enableJSSE=true \
-Dweblogic.security.SSL.ignoreHostnameVerification=true \
-Dweblogic.security.TrustKeyStore=DemoTrust \
-Dweblogic.security.CustomTrustKeyStoreType=JKS"

Note here if you are using Demo certificates then you can use the above. But if you have custom certificates then you need to provide Custom Certificates location. 

How you can tune or optimize your WLST Shell launching time?

In your .bashrc or bash_profile you can include the following environment variable which will boost-up or speed up your JVM launching time.

export CONFIG_JVM_ARGS=-Djava.security.egd=file:/dev/./urandom

Configuring FMW domains we expected more with CONFIG_JVM_ARG

export CONFIG_JVM_ARGS=-Dcom.oracle.cie.config.showProfile=true

This will enable the option in the configuration type screen to create a new compact SOA/OSB domain or any FMW 12+ domain. Without -Dcom.oracle.cie.config.showProfile=true FMW Domain creation will not show the Embedded Database option for Database configuration type in the Wizard.

Configuration of GEOCODE Datasource for Oracle MapViewer

Couple of years back in the same blog I've posted how we can configure a generic datasource in WebLogic domain using WLST. Working in today's trend continuous deployment(CD) automation development I've worked on similar task that is GEOCODE datasource configuration. GEOCODE datasource is the basic configuration requirement for running Oracle MapViewer.

In Oracle Utilities Mobile Workforce Management runs on WebLogic server.

Pre-requisites
Oracle native WebLogic domain configured and the Admin Server must be up and running because our automation will be going to work online WLST.

How does it works?

In the Oracle Utilities products have a file ENVIRON.INI, that will having all connection related parameters available such as: ADMIN HOST, ADMIN PORT, UserStoreConfig files userConfigFile
userKeyFile path. By reading this file as properties we can get connected to the  running WebLogic Admin Server.

We will need the GEOCODE data source parameters, this can be passed as properties file ConfigGEOCODE.properties. To create a data source we need the following :

1. Name of the datasoruce as GEOCODE
2. JNDI Name as NAVTEQ_UTIL
3. Select the database as Oracle

Connection pool configuration in the JDBC System Resource

1. Enter your database hostname
2. Database port
3. Database name
4. Database user credentials
5. Test Connection Pool

###################****##############****################################################
# Generic Datasource configuration script applicable on any Operating Environments (Unix, Windows)
# ScriptName    : ConfigGEOCODE.py
# Properties    : ConfigGEOCODE.properties
# Updated by    : Pavan Devarakonda
# Date creation : 9th Aug 2018
###############     Connecting to Start     ################################################
def connectAdmin() :
 try:
  import os
  splebase=os.environ['SPLEBASE']
  loadProperties(splebase+"/etc/ENVIRON.INI")
  userconfig = splebase+"/etc/.wlsuserconfig"
  userkey = splebase+"/etc/.wlsuserkey"
  adminurl="t3s://"+WEB_ADMIN_SERVER+":"+WLS_ADMIN_PORT
  printline('Connectiong to adminurl: '+adminurl)
  connect(userConfigFile=userconfig,userKeyFile=userkey, url=adminurl)
  printline('Successfully connected')
 except:
  printline('Unable to find admin server...')
  exit()

#================== Printing line =====================================
def printline(msg):
        print 45*'#'
        print msg
        print 45*'#'

################### Configuring Connection Pool #############################
def connPool(DSnam) :
 DRVPARM='/JDBCSystemResources/'+DSnam+'/JDBCResource/'+DSnam+'/JDBCDriverParams/'+DSnam
 cd(DRVPARM)
 set('Url',DBURL)
 set('DriverName',DBDRV)
 cmo.setPassword('XXXXXX')

 cd(DRVPARM+'/Properties/'+DSnam)
 cmo.createProperty('user')
 cd(DRVPARM+'/Properties/'+DSnam+'/Properties/user')
 set('Value',DBUSR)

############         Creating Data source    ###############################
def createDS() :
 DSnam = DSName
 printline('Creating datasource :'+DSnam)
 cmo.createJDBCSystemResource(DSnam)
 RESOURCE='/JDBCSystemResources/'+DSnam+'/JDBCResource/'+DSnam
 cd(RESOURCE)
 set('Name',DSnam)
 #Setting JNDI name
 cd(RESOURCE+'/JDBCDataSourceParams/'+DSnam)
 print RESOURCE+'/JDBCDataSourceParams/'+DSnam
 set('JNDINames',jarray.array([String(JNDIname)], String))

 connPool(DSnam)

 #Set Connection Pool specific parameters
 cd(RESOURCE+'/JDBCConnectionPoolParams/'+DSnam)
 cmo.setTestConnectionsOnReserve(true)
 cmo.setTestTableName('SQL SELECT 1 FROM DUAL\r\n\r\n')
 #cmo.setTestTableName('SQL ISVALID')
 cmo.setConnectionReserveTimeoutSeconds(25)
 cmo.setMaxCapacity(15)
 cmo.setConnectionReserveTimeoutSeconds(10)
 cmo.setTestFrequencySeconds(120)

 cd(RESOURCE+'/JDBCDataSourceParams/'+DSnam)
 cmo.setGlobalTransactionsProtocol('TwoPhaseCommit')

 # targets the GEOCODE DataSource to utilities_cluster1
 cd('/SystemResources/'+DSnam)
 set('Targets',jarray.array([ObjectName('com.bea:Name='+clstrNam+',Type=Cluster')], ObjectName))

###########################  Main Module   #####################################
if __name__== "main":
 connectAdmin()
 edit()
 startEdit()
 # Create a new JDBC resource)
 try:
  cd('/')
  createDS()

 except BeanAlreadyExistsException:
  printline('Error: GEOCODE Datasource already exist')
  cancelEdit('y'); exit()
 save()
 activate()
 printline('Successfully created GEOCODE datasource')
 disconnect()

The properties file look like this:

#=========================================
DBURL=jdbc:oracle:thin:@mydb.server.com:1521:M1DBMAPS
DBDRV=oracle.jdbc.xa.client.OracleXADataSource
DBPASS=XXXXXXX
DBUSR=NAVTEQ_UTIL
DSName=GEOCODE
JNDIname=NAVTEQ_UTIL
clstrNam=utilities_cluster1

The script execution goes as follows:

Now prepare for execution of WLST script, setup the environment and also define proper SSL related options to include in JAVA_OPTIONS which will be considered when wlst.sh execution time.

wlst -loadProperties ConfigGEOCODE.properties ConfigGEOCODE.py

This script execution was tested successful and ready to use. You need to enter properties file corresponding to your database values.

Setting Keystore and SSL for a WebLogic Server using WLST

Configuring Custom SSL for WebLogic server                     

Working on the Oracle Utilities project, where our Environment requirement is that Mobile runtimes will communicates with secure servers. So we need to make the WebLogic server SSL Enabled with  Custom SSL certificates configuration.

WLST keystore SSL for Admin Server, Managed Server

Assumptions:

• WebLogic 12.2.1.3 domain configured
• Each WebLogic server SSL enabled already
• AdminServer up and running

Here in this example I am using CA provided certificates but to publish in this post giving dummy paths and file names. The prerequisites you must have the Custom Identity and Custom Trust store

#!/usr/bin/python
# Author    : Pavan Devarakonda
# Save Script as  : set_keystoreSSL.py
# Initial drafted : 12/07/2018
#==========================================

import re

# Get location of the properties file.
execfile('/opt/MWM/scripts/set_keystore.properties')
def connectAdmin():
        # Connect to the AdminServer.
        try:
                connect(admin_username, admin_password, admin_url)
        except:
                print 'Unable to connect to AdminServer'
                exit()

def setKSnSSL4server(serverName, ksIdentityPath,ksIdentityPassword,ksTrustPath,ksTrustPassword,privateKeyAlias,keyPhrase):
        # Set keystore information.
        print "==============================="
        print "set keystore to "+serverName
        print "==============================="
        cd('/Servers/' + serverName)
        cmo.setKeyStores('CustomIdentityAndCustomTrust')

        cmo.setCustomIdentityKeyStoreFileName(ksIdentityPath)
        cmo.setCustomIdentityKeyStoreType('JKS')
        set('CustomIdentityKeyStorePassPhrase', ksIdentityPassword)
        cmo.setCustomTrustKeyStoreFileName(ksTrustPath)
        cmo.setCustomTrustKeyStoreType('JKS')
        set('CustomTrustKeyStorePassPhrase', ksTrustPassword)
        print "set SSL to "+serverName
        print "==============================="
        cd('/Servers/' + serverName + '/SSL/' + serverName)
        cmo.setServerPrivateKeyAlias(privateKeyAlias)
        set('ServerPrivateKeyPassPhrase', keyPhrase)

def main():
        connectAdmin()
        print servers
        edit()
        startEdit()
        print "========================================================================="
        print "AdminServer, utilities_server1 server set keystore, SSL custom keystore"
        print "========================================================================="
  setKSnSSL4server(adm['name'], adm['identity.path'], adm['identity.password'],adm['trust.path'],adm['trust.password'],adm['privateKeyAlias'],adm['keyPhrase'])
  setKSnSSL4server(ms1['name'], ms1['identity.path'], ms1['identity.password'],ms1['trust.path'],ms1['trust.password'],ms1['privateKeyAlias'],ms1['keyPhrase'])
        save()
        activate()
        disconnect()
        exit()

main()

This time the properties file is also python script to use the dictionary capabilities of Python to refer to the Weblogic server and its corresponding server'S keystore, SSL details to store together.

# AdminServer connection details.
admin_username='system'
admin_password='welcome1'
admin_url='t3://test.server.com:7001'

#Dictionaries for AdminServer, utilities_server1 keystore, SSL values

adm = { 'name':'AdminServer','identity.path':'/opt/myalias_cert/myIdentity.jks', 'identity.password':'welcome1', \
'trust.path':'/opt/myalias_cert/myTrustStore.jks', 'trust.password':'welcome1', \
'keyPhrase':'welcome1', 'privateKeyAlias':'myalias'}

ms1 = { 'name':'utilities_server1','identity.path':'/opt/myalias_cert/myIdentity.jks', 'identity.password':'welcome1', \
'trust.path':'/opt/myalias_cert/myTrustStore.jks', 'trust.password':'welcome1', \
'keyPhrase':'welcome1', 'privateKeyAlias':'myalias'}

 The execution or the above script output looks as below: You can execute.