Introduction
Node Manager is a WebLogic Server utility that enables you to start, shut down, and restart Administration Server and Managed Server instances from a remote location. Although Node Manager is optional, it is recommended if your WebLogic Server environment hosts applications with high availability requirements. A Node Manager process is not associated with a specific WebLogic domain but with a machine. You can use the same Node Manager process to control server instances in any WebLogic Server domain, as long as the server instances reside on the same machine as the Node Manager process.
This tutorial strives to provide optimal instructions on how to configure Node Manager.
Configuration
By default, Node Manager comes configured (sort of) within each WebLogic domain. However, if you plan to run multiple domains on the same server (useful for upgrades, high-availability and testing), it's more clever to create a special domain, just for the Node Manager so it can control all the other domains.
Config Wizard
Let's create a new domain specifically for the Node Manager. You can do it, I have faith in you!
On your AdminServer machine, run the config wizard...
$ORACLE_HOME/oracle_common/common/bin/config.sh
Give it a cool name, like "NodeManager".
Choose "Basic WebLogic Server Domain".
Create a username & password. (We won't need them.)
Click next, next, next... Until you're done. Congratulations, you're done!
Modify Properties
Now let's make a few configuration changes. Edit the file:
Change these properties...
ListenAddress=0.0.0.0
SecureListener=false
CrashRecoveryEnabled=true
This allows the Node Manager to listen on any interface without the need for creating a security certificate.
Don't worry, once we get Node Manager working, we will secure it. (See below.)
Modify Domains
Add additional domains by editing the file: $ORACLE_HOME/user_projects/domains/NodeManager/nodemanager.domains
NodeManager=/opt/oracle/occas/8.1/user_projects/domains/NodeManager
replicated=/opt/oracle/occas/8.1/user_projects/domains/replicated
SystemD Startup Script
To start nodemanager via 'systemctl', create this file: /etc/systemd/system/nodemanager.service
# file: /etc/systemd/system/nodemanager.service
[Unit]
Description=WebLogic nodemanager service
[Service]
Type=simple
# Note that the following three parameters should be changed to the correct paths
# on your own system
Environment="JAVA_OPTIONS=-Dweblogic.security.SSL.hostnameVerifier=weblogic.security.utils.SSLWLSWildcardHostnameVerifier"
WorkingDirectory=/opt/oracle/occas/8.1/user_projects/domains/NodeManager
ExecStart=/opt/oracle/occas/8.1/user_projects/domains/NodeManager/bin/startNodeManager.sh
ExecStop=/opt/oracle/occas/8.1/user_projects/domains/NodeManager/bin/stopNodeManager.sh
User=oracle
Group=oinstall
KillMode=process
LimitNOFILE=65535
[Install]
WantedBy=multi-user.target
Then run these commands:
systemctl daemon-reload
systemctl enable nodemanager
systemctl start nodemanager
Securing Node Manager
Configuring Security Certificates
For full details, see: Enabling Host Name Verification Certificates for Node Manager.
Instead of specifying hostnames (as they may increase over time) in the security certificate, it is easier to use wildcard hostname verification.
Modify the file: /etc/systemd/system/nodemanager.service to add this line:
[Service]
Environment="EXTRA_JAVA_PROPERTIES=-Dweblogic.security.SSL.hostnameVerifier=weblogic.security.utils.SSLWLSWildcardHostnameVerifier"
Concept... Replace the default security certificate with a new one with a wild-card. Any new node will be accepted. Simple! Does not require modifying each node. Hackers won't have access to the security certificate. Or will they?
Create a new certificate at ./wlserver/server/lib/identity.jks using these instructions (editing passwords, etc.):
cd ./wlserver/server/lib
export ALIAS="myAlias"
export STOREPASS="myStorepass"
export KEYPASS="myKeypass"
export DNAME="CN=*.vorpal.net"
export KEYSTORE="identity.jks"
keytool -genkey -keyalg RSA -keysize 1024 -alias $ALIAS -dname $DNAME -keystore $KEYSTORE -storepass $STOREPASS -keypass $KEYPASS
keytool -selfcert -v -alias $ALIAS -keystore $KEYSTORE -storepass $STOREPASS -storetype jks -keypass $KEYPASS
6) Add the following in nodemanager.properties file
1 2 3 4 5 6 | KeyStores=CustomIdentityAndCustomTrust CustomIdentityAlias=myAlias CustomIdentityKeyStoreFileName=identity.jks CustomIdentityKeyStorePassPhrase=myStorepass CustomIdentityKeyStoreType=JKS CustomIdentityPrivateKeyPassPhrase=myKeypass |