Apache Installation & Configuaration

Below steps explains the steps required on how to install Apache Webserver Installation and configure weblogic plug-in:

Step1: Download the any stable version of httpd for your operating environemnt (Now I am intersted in Solaris) suitable binaries given as tar/zip file (Ex: httpd-2.2.11.tar) and Extract it
tar -xvf httpd-2.2.11.tar
Step2: Go to httpd-2.2.11 directory and execute the confiure command to configure the apache in one folder (Ex: apache2)
cd httpd-2.2.11 and run ./configure --prefix=$Home/apache2Step3: We need to execute the below commands to build I mean compile the binaries
make install
Step4: take the backup of httpd.conf file
cp httpd.conf httpd.conf_original
Step5: Edit the httpd.conf configuration file
vi httpd.conf
ServerRoot "$Home/apache2"
(ServerRoot is the path to the server's configuration, error and log files.It is possible to change this path, provided all the necessary files are copiedto the new location accordingly)
Listen IPAddress:Port (Ex: Listen 4.193.53.24:7012)
LoadModule weblogic_module modules/mod_wl_22.so
User wlusername
#main content of wl application details to update in httpd.conf file
Open tag of IfModule
#keep the info in open tag of IfModule ---mod_weblogic.c
WebLogicCluster hostname:7012,hostname2:7012
MatchExpression *.jsp
close tag of IfModule
Open tag of Location
#keep /application root folder name in Lacation 
SetHandler weblogic-handler
DynamicServerList ON
HungServerRecoverSecs 600
ConnectTimeoutSecs 40
WLCookieName JSESSIONID
DebugConfigInfo OFF
Debug ON
WLLogFile /$Home/apache/logs/web1.log
ConnectRetrySecs 2
Idempotent ON
FileCaching ON
WLProxySSL OFF
SecureProxy OFF
Debug OFF
Close tag of Location
ServerAdmin
ServerName mywebapps.com (we can use dns name , if we don't have it then we can use the ip)
Step6:copy the mod_wl_22.so module file from $Home/weblogic10.3/server/plugin/linux to $Home/apache/modules
cp $Home/weblogic10.3/server/plugin/linux/mod_wl_22.so $Home/apache/modules/
Step7:check the status of apche configuaration is ok
cd $Home/apache2/bin
apachectl -t
Step8: Now the starting your newly installed Apache webserver
apchectl -k start or httpd -k start
Step9: Access the application with the apache port
http://hostname:port/index.html
Step10: Stop the Apache

make

cd apache2/conf

apchectl -k stop or httpd -k stop

Weblogic DemoTrust & DemoIdentity default passwords

Trust store location:      %ORACLE_HOME%/weblogic/wlserver_10.3/ server/lib/DemoTrust.jks
Trust store password:     DemoTrustKeyStorePassPhrase

Key store location:      %ORACLE_HOME%/weblogic/wlserver_10.3/ server/lib/DemoIdentity.jks
Key store password:     DemoIdentityKeyStorePassPhrase
Private key password:     DemoIdentityPassPhrase

Cacerts location: %ORACLE_HOME%/weblogic/wlserver_10.3/ server/lib
Cacerts Password: changeit

How to take TCP Dump to analyse by Whireshark in Linux

Follow below steps to take tcpdumps. Make sure you have root permissions to run tcpdump.

1. Run netstat -anp|grep httpd  or any other required search string and get the destination ip address.

In below example it is "10.182.19.186"

netstat -anp|grep httpd
tcp        1      0 10.180.19.187:58543         10.182.19.186:7018         ESTABLISHED  20069/httpd.worker

2. Run ifconfig -a to get the interface type to which the destination IP is tied to(you need root or relavent permissions to run this command). From below example the destination IP is tied to "bond0" interface. There are lot of interfaces, I just copied only two Interface types for the shake of explanation.

Example:
[root@mywebapps ~]# ifconfig -a
bond0     Link encap:Ethernet  HWaddr AC:16:2D:83:F8:04
          inet addr:10.182.19.186 Bcast:10.186.19.255  Mask:255.255.254.0
          inet6 addr: fe80::ae16:2dff:fe83:f804/64 Scope:Link
          UP BROADCAST RUNNING MASTER MULTICAST  MTU:1500  Metric:1
          RX packets:482694532 errors:0 dropped:112 overruns:0 frame:4
          TX packets:567039615 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:164226662863 (152.9 GiB)  TX bytes:315480311689 (293.8 GiB)

eth0      Link encap:Ethernet  HWaddr AC:16:2D:83:F8:04
          UP BROADCAST RUNNING SLAVE MULTICAST  MTU:1500  Metric:1
          RX packets:475966852 errors:0 dropped:112 overruns:0 frame:4
          TX packets:567039615 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:163565393724 (152.3 GiB)  TX bytes:315480311689 (293.8 GiB)
          Interrupt:179 Memory:f6bf0000-f6c00000

3. Run tcpdump using below command
      Syntax:  tcpdump -vvv -i <interface> port <port id> - w /tmp/tcpdump.ccap
      Example: tcpdump -i bond0 port 7018 -w /tmp/tcpdump.ccap
tcpdump -vvv -i bond0 port 7018 -w /tmp/tcpdump.ccap  --- captures detailed verbose.
4. To read tcpdump file , you can use tcpdump -r <filename>
5. Wireshark requires tcpdump file in ccap extension to read it.

SAR,TOP & AWK

SAR COMMAND DETAILS : http://www.thegeekstuff.com/2011/03/sar-examples/
TOP COMMAND DETAILS : http://www.thegeekstuff.com/2010/01/15-practical-unix-linux-top-command-examples/
AWK COMMAND DETAILS : http://www.thegeekstuff.com/2010/01/awk-introduction-tutorial-7-awk-print-examples/

NAS mount point slowness due to Network Issue

If server is using NAS shared file system , Then at a times if the mount point is very slow the communication between Server & NAS mount point will fail and eventually will impact the application / outage of the environment.

Check below listed to verify if there is an issue with NAS mount point:

1. Run df -k to get mount point that you wanted to check
example : df -k 
10.200.114.32:/apps_ct   1056325248 146003040 910322208  14% /apps

3. tracerounte  <ip/hostname of the directory on NAS>
     example: traceroute 10.200.114.32
  
 4. If the trace route is taking too much time then it is the problem between server and NAS mount point

5. SAR 5 5  can also reveals the network issue between server and mount point.


Note for more Netstat Commands for Linux Network Management Refer to below:
http://www.tecmint.com/20-netstat-commands-for-linux-network-management/

How to create Self Signed Cert and configure in Apache:

How to create Self Signed Cert and configure in Apache:

1. Run the following command, to create server.key and server.crt files
    $ openssl req -new -x509 -nodes -out server.crt -keyout server.key
2. Enable httpd-ssl.conf in httpd.conf (Include conf/extra/httpd-ssl.conf) and turn on SSLEngine on in ssl.conf
3. Update httpd-ssl.conf with below details:

• Include listen port
• Include server cert and private key in the directives associated for them
• Copy SSLCertificateKeyFile "/localapps/app/Apache_SPD/conf/server.key"
• Copy SSLCertificateFile "/localapps/app/Apache_SPD/conf/server.crt"
• Enable SSLEngine on

How to find number of files opened or open file descriptors allocated for a user.

1. How to find number of files opened up by a user.
    For example to find files opened by oracle: /usr/sbin/lsof | grep oracle | wc -l

2. How to find open file descriptors allocated for a user, example oracle user :
a. Search for the process and then do pick the process id.
b. Then cat /proc/<pid>/limits

Check allocated memory to JVM's running on a server.

How to check memory allocated to JVM's running on a server using awk:

echo $(ps -eaf | grep Xms | awk -F'Xms' '{print $2}' | awk '{print $1}' | tr -d '[:alpha:]' | tr -d '[:punct:]') | sed 's/\ /+/g' | bc -l

Different ways of running RDA on weblogic server

How to run RDA on weblogic servers ?

Process 1:
1.Download rda.zip for linux
2.unzip the directory (unzip p19637463_1036_Generic.zip -d p19637463_1036_Generic)
3.run ./rda.sh
4.Accept or enter the required details
5.End of the process it will generate rda.zip folder with prefix like RDA.IDM_nj12mhf0048.zip which you give at the beginning.
6.Send it to oracle

Process 2:
1. RDA is also under /apps/soa/fmw11.1.1.7/oracle_common/rda
2. Setup the environment before running .rda
3. . ./setDomain.sh for domain on which you want to run RDA and then run ./rda.sh
4. It will ask for lot of info, Enter the required details as per your environment and at the end it will create a zip filder under /rda/output folder.

SOA Composite deployment failed with "javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: " error

Weblogic server is configured to use Java Key Store and Set up to use Internal PKI certs (Not authorized by CA). Deployment of SOA composite failed with  "javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: " error.

[deployComposite] Creating HTTPS connection to host:<hostname>,:<port>
[deployComposite] javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
[deployComposite]       at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
[deployComposite]       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1623)
[deployComposite]       at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:198)
[deployComposite]       at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:192)
[deployComposite]       at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1074)
[deployComposite]       at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:128)
[deployComposite]       at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:529)
[deployComposite]       at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:465)
[deployComposite]       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:884)
[deployComposite]       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1120)
[deployComposite]       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:623)
[deployComposite]       at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)
[deployComposite]       at java.io.ByteArrayOutputStream.writeTo(ByteArrayOutputStream.java:109)
[deployComposite]       at HTTPClient.HTTPConnection.sendRequest(HTTPConnection.java:3366)
[deployComposite]       at HTTPClient.HttpOutputStream.closeImpl(HttpOutputStream.java:461)
[deployComposite]       at HTTPClient.HttpOutputStream.access$000(HttpOutputStream.java:99)
[deployComposite]       at HTTPClient.HttpOutputStream$1.run(HttpOutputStream.java:417)
[deployComposite]       at HTTPClient.HttpClientConfiguration.doAction(HttpClientConfiguration.java:666)
[deployComposite]       at HTTPClient.HttpOutputStream.close(HttpOutputStream.java:415)
[deployComposite]       at java.util.zip.DeflaterOutputStream.close(DeflaterOutputStream.java:149)
[deployComposite]       at java.util.zip.ZipOutputStream.close(ZipOutputStream.java:321)
[deployComposite]       at oracle.integration.platform.blocks.deploy.servlet.client.DeployerHttpClient.sendCompositeArchives(DeployerHttpClient.java:385)


Root and Resolution:
The above error means that the URL that you are trying to access does not have a Valid Certificate or the Certificate used by the URL provider is not issued by a Trusted Certificate Authority. In order to fix the above error verify the below listed two scenarios and accordingly import intermediate certs.

1: If  Client which is trying to access the URL is a Java Standalone Client then import the root certificate of the URL into the "cacerts" file present in the JAVA/jdk/jre/lib/security/ directory.


2: If the Client is the WLS server trying to access the URL, then we need to determine what is the Trust Store used by the Weblogic Server and then import the root certificates into "Demotrust" file present in "/apps/mywebapps/wlserver_10.3/server/lib/DemoTrust.jks"

Note: You can also verify if the client is using cacerts/DemoTrust by verifying in setDomain.sh/startManaged.sh scripts.

How to check weblogic bridge configurations

Use below syntax to check the weblogicbridgeconfig details. Make sure below parameters are set to on in Apache httpd.conf.

DebugConfigInfo is set to 'ON' and 'Debug is set to ALL


https://<hostname>:<port>/myapplication?__WebLogicBridgeConfig

How to enable debug ON on OHS and redirect the trace to logfile.

Add below lines in httpd.conf file to enable debug.

 Debug ON
 WLLogFile /tmp/weblogic.log
 DebugConfigInfo ON
 Debug ALL

Example:

<Location /myapplication>
 setHandler weblogic-handler
 WebLogicCluster hostname:portid
 Debug ON
 WLLogFile /tmp/weblogic.log
 DebugConfigInfo ON
 Debug ALL
</Location>

Restart SSL when weblogic keystore is updated

From WebLogic Server 10.3.6, all server SSL attributes are dynamic. When modified via the Console, they cause the corresponding SSL server or channel SSL server to restart and use the new settings for new connections. Old connections will continue to run with the old configuration. To ensure that all the SSL connections exist according to the specified configuration, you must reboot WebLogic Server.

Use the Restart SSL button to restart the SSL server when changes are made to the keystore files and need to be applied for subsequent connections without rebooting WebLogic Server.

1. To restart the SSL server:
2.If you have not already done so, in the Change Center of the Administration Console, click Lock & 3.Edit (see Use the Change Center).
4.In the left pane of the Console, expand Environment and select Servers .
5.Click the name of the server for which you want to restart SSL.
6.Select Control > Start/Stop.
7.In the Server Status table, select the check box next to the name of the server for which to restart SSL channels.
8.Select Restart SSL.
9. Restarts the SSL listen sockets so that keystore changes take effect.
To activate these changes, in the Change Center of the Administration Console, click Activate Changes.
Not all changes take effect immediately—some require a restart (see Use the Change Center).