Weblogic-Creating domains using WLST scripts

WLST or weblogic scripting tool enables you to create a new domain or update an existing domain even if the weblogic server is not up and running there fore it is also called as offline work as you are not connected to a running instance.

We create a template using wlst scripts and then create a domain from that template.
The template is baiscally a jar file which contains all the configuratino details for a domain.

To start WLST script either use the following command

java weblogic.WLST after setting the class path and other variables,Better described in following threads

http://forums.oracle.com/forums/thread.jspa?threadID=880514&tstart=0&messageID=3637391

http://forums.oracle.com/forums/thread.jspa?messageID=3018767

or use the easy way.

go to following directory

C:\bea\wlserver_10.3\common\bin

and double click on WLST.cmd

It will open up a window like this



so if you will try to read the domain using the following command you might face issues like

Error: readDomain() failed. Do dumpStack() to see details.

Do the dumpStack() and get the details of the error.

In my case it says



Well i got the reason.We have to use the backward slash instead of forward slash while reading the domain.

so now i changed the forward slash to backward slash and it worked.



Now we will try to read the template

so before reading the template we need to disconnect from the existing domain.So we will be using the following command.

CloseDomain()

and then use the command readTemplate and point to our existing template.



We have some default wlst scripts provided in the following directory

C:\bea\wlserver_10.3\common\templates\scripts\wlst

Please find the extension as .py which means it is a python script.

YOu can just review basicWLSDomain.py to get an idea how do we create a simple domain.

Well you need to have good knowledge in python and knowledge of different component of server to write the script.

I will be simply using
checking writeTemplate and use createDomain command to give an idea how to create a domain.

YOu need to close your domain once you read it by closeDomain() and your template by using closeTemplate() command.



so now we will finally use createDomain Command to create a domain

Its template is like

createDomain(domainTemplate, domainDir, user, password)

so i will run the following command to create a new domain.

createDomain('C:/bea/user_templates/Cluster.jar','C:/bea/user_projects/domains/Cluster','weblogic','weblogic')

Please keep in mind that you have a directory called Cluster located in the following location

C:/bea/user_projects/domains

and is empty

So as soon as you will run this command it will create a domain.



So initially your domain directory was empty now you can find the configuration files corresponding to the domain including the startup script security details and server details etc.

may be we wil have a look in the same sometimes later.

Weblogic-Create a domain using Domain Template builder

Domain Template builder uses domain and extension templates that contain the main attributes and files required for building or extending a domain. It is a java application which allows you t o create custome domain and template.


To start domain templater builder we can do either of the followin approach

Go to

Start Menu->All programs->weblogic10gR3->Tools->Domain Template Builder

Or go to the following direcory in command prompt

c:\bea\wlserver_10.3\common\bin

and enter following command

config_builder.cmd



so once you will do these steps you will get the following gui screen




so As you can see in the screen you have two option

1.Domain template

A domain template is used to create a new domain.It can be created from existing template or from a domain.It defines full sources of domains within a domain.

2.Extension template

Extension template is used to extend an existing template.

So in our case we will choose to create a domain template.

Now choose a domain



Then describe the template.



If you want to add some more file choose the option otherwise left default page and say next.



If you want to use database with this domain provide script for each database otherwise left it to default.



Say next and provide the ip address in the listen address.Verify the port number also.




Enter your password again.



Let the next window be set to default(do not specify any entries to start menu) and say next

Review the setting and make changes if you want to do.






Check for the template jar name and the locations and say create.



So completion window will occur then say done and review the jar file created.



Now you have the jar file you can again configure a new domain using the pack unpack command as discussed earlier.

Creating extension template is almost the same only you are not asked toconfigure the Administration Server its authorities as these domain settings are already defined in the domain to be extended.

Weblogic-Create a new domain using configuration wizard

It is again a simple way to create a domain from configuration wizard.

Go to

Start menu->ALL programs->OracleWeblogic->weblogicServer10gR3->Tools->configuration Wizard

It will open up a window like this




Say Next and choose the defualt options



Provide the Administrator user and password and say next



Now in the


next window from the available jdk's choose one.I am using sun's jdk for example.

Select it and say next


If you want to customize the domain as per the option given say yes other wise let the default option be there and say next




Now provide a suitable name to your domain.




Then say create.

Once it is completed 100% select start Admin server and say done.




Once you are done.A command prompt will come up and will start the domain admin server.YOu can find the status as running.Now you can open up the admin server in browser also.By default the port will be 7001.

Weblogic-Create a new domain using pack and unpack command

The weblogic provides several tools for creating domains and template and one of them is pack and unpack command.It is easy to use these commands but it does not allow you to customize the contents of your domain or template as other tools do


The pack command creates a template archive (.jar) file that contains a subset of a domain ,which(domain) is already created by the user.

Lets suppose i have a domain cluster in my following directory

C:\bea\user_projects\domains

I will use pack command to use all the feature of this domain to create a new dummy domain.

The pack command will be

pack -domain=C:\bea\user_projects\domains\Cluster -template=C:\bea\user_templates\mydomain.jar -template_name="My WebLogic Domain"


Here C:\bea\user_projects\domains\Cluster is my existing domain

C:\bea\user_templates\mydomain.jar is the template location i am providing and i have given a random name to the jar file mydomain.jar

-template_name="My WebLogic Domain" again is a random name i have specified you can specify your own name over here.


YOu need to run this script in the following directory

C:\bea\wlserver_10.3\common\bin

Once you will run this script you will create a template mydomain.jar in the following location C:\bea\user_templates




So now we will try to create a new domain using the unpack command.

Unpack Creates a full domain or a subset of a domain.

so i will be using the following command

unpack -template=C:\bea\user_templates\mydomain.jar -domain=C:\bea\user_projects\domains\my_new_domain

We are using the template we have created in the first step i.e mydomain.jar

and we are creating a new domain called my_new_domain in the following directory

C:\bea\user_projects\domains



If you will check the domain newly created you will get the startWeblogic.cmd which can be used to start the domain.

How to set up BPEL(BPEL on weblogic) with active directory

One can follow the metalink note



to set up a bpel with active directory however the same note can not be used for setting up bpel with active directory when your bpel is running on top of weblogic server.some steps are applicable however one need to apply some extra steps in order to configure your bpel with active directory when bpel is in top of weblogic server.

SO we will start.

the first few steps as provided in the metalink note are to be followed.

Active directory is noting but an authentication tool.

so that your request will now be routed via active directory authentication.

We define certain user and groups and assign them priviledges and the uses who have the right priviledge can only access.

The concept of configuring bpel with active directory is to create the users and groups (or to seed users and groups)which are used to access bpel in to your active directory.Then we will configure our weblogic with active directory so that all the request will be routed via active directory.

So since all the users and groups will be in active directory the authentication will occur from Active directory.I hope you might have got a little idea about it.If not lets go through the screens shots and explanation and may be then you will get some idea.

So the very first step in this is to have a windows AD machine and a bpel on weblogic server.

You need to open the following file in notepad

$SOA_HOME/bpel/system/services/config/ldap/system-winServer2003-ActDir.sbs

if you will open this file you will get the details about various users and groups as bpeladmin,workflowadmin etc.

We want all these users and groups to be seeded in to active directory.

so for that purpose you need to supply the DN for the users and groups.

These DN should correspond to the users and groups in ACtive directory.

Lets suppose the users in your active directory is in following DN

cn=Users,dc=us,dc=oracle,dc=com

Then just replace all the occurence of

%s_UserContainerDN% with that particular DN

Similarly for groups also if suppose it is in following DN

cn=Users,dc=us,dc=oracle,dc=com

Then replace all the occurence of %s_GroupContainerDN% with the DN of the group.

Ideally the users and groups have same DN name.

so after these changes your configuration should look like this

dn: cn=bpeladmin,cn=Users,dc=ad,dc=vm,dc=oracle,dc=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: bpeladmin
sn: bpeladmin
userPassword: CHANGE_ME
displayName: bpeladmin
description: BPEL System Administrator
name: bpeladmin
sAMAccountName: bpeladmin
distinguishedName: cn=bpeladmin,cn=Users,dc=ad,dc=vm,dc=oracle,dc=com

here cn=Users,dc=ad,dc=vm,dc=oracle,dc=com is my DN name for user and groups.

The same entry will be there for all the users and groups.

then after completing this we sholud do one more change in this file

Remove all the occurence of

userAccountControl: 512 in the system-winServer2003-ActDir.sbs file

Well why we remove this i am not sure of but you can have a idea about this flag through this link

http://support.microsoft.com/default.aspx?scid=kb;en-us;305144

so now all the changes are compelted inside the file.

Now we need to save the file as .ldif

i.e now the system-winServer2003-ActDir.sbs should be saved as system-winServer2003-ActDir.ldif file.


Just have a look in this link and you will get an idea what is ldif and why is it used

http://whatis.techtarget.com/definition/0,,sid9_gci549219,00.html

so we will save the file as

system-winServer2003-ActDir.ldif

Now the next step is to copy this file in the machine where you have your active directory.

and then open a command window and run the following command

ldifde.exe -i -k -f system-winServer2003-ActDir.ldif

This command will seed all the user and groups for BPEL.

YOu might get following issue while running the following command



I am sorry if the screen shot is not clear but probalby you will get an error message

YOu can not nest global groups in a mixed domain if the group is security enabled.

There is a very simple steps to ged rid of this issue. i.e follow the link

http://technet.microsoft.com/en-us/library/cc776703(WS.10).aspx

i.e just raise the domain functional level to Windows 2000 native, click Windows 2000 native, and then click Raise an now try to run the same script and yup it will complete successfully.

Again sorry as i dont have screen shot for the same.

So one the command will run successfull you will get all the users and groups in the active directory Users list as



Well there are some extra users and groups that i have created so you might not get the exact users and groups as there in the screen shot.

So now half of the work is done that is all the users and groups are created in active directory.Now the main task that is to authenticate the weblogic server with active directory.

For this i will suggest you the following document

http://edocs.bea.com/wls/docs81/ConsoleHelp/security_activedirectoryauthenticator_config_active-directory.html

This document guide you on how to authenticate your weblogic with active directory.
It might be a tedious job to do R & D and set up so i will just let you know all which we need to do in order to authenticate.

Log in to your weblogic console



Choose the Security realms




By default weblogic has a realm "myrealm"

Go to realms and providers and create a new provider.Let it be AD

Select ActiveDirectoryAuthenticator as type.

Now provide the following information for the new provider as per your environment example

Group Based DN = CN=Users,DC=ad,DC=vm,DC=oracle,DC=com

Hostname = hostname.something.com

Port = 389

User Based DN = CN=Users,DC=ad,DC=vm,DC=oracle,DC=com

Principal = CN=Administrator,CN=Users,DC=ad,DC=vm,DC=oracle,DC=com

Credentials = Provide the credentials for the Principal.It is the login id and password for the machine in which active directory resides.


Save it.

When you configure multiple Authentication providers, use the JAAS Control Flag attribute on the Authenticator-->General tab to control how the Authentication Providers are used in the login sequence.

somce we have created a new provider we will change the JAAS Control Flag for the DefaultAuthenticator which is set to 'REQUIRED' by default.

we can also reorder the providers to place the provider created for ActiveDirectory in first place.

So, set the JAAS Control Flag for the DefaultAuthenticator to 'OPTIONAL'.

This is because if it is set to 'REQUIRED', the Authentication provider is always called, and the user must always pass its authentication test.

So, since AD authentication has to be used, we change it to 'OPTIONAL' and the user is allowed to pass or fail the authentication test of this Authentication Provider. And the next Authentication Provider is called and it authenticates successfully with AD.

The JAAS Control Flag Attribute for the "AD" will be 'OPTIONAL' by default. Do not change it.


Now go to active directory and create a new group called SOAGroup.

Assign all the bpel roles to this group.This is the default group created when we integrate soa with weblogic.

Now restart your weblogic managed server and weblogic server and try to login to the bpel console.

Now create a new user in active directory.make this user a member of group SOAgroup and try to login you will be able to login in to the console .If you will remove the user from SOAGroup members you will not be able to log in.HOpe this will help