t3s in wls_setting_instances is not working

Hi,

When I use t3s as shown in https://github.com/biemond/biemond-orawls-vagrant-12.2.1/blob/master/puppet/hieradata/admin.example.com.yaml

wls_setting_instances:
  'default':
    user:                         *wls_os_user
    weblogic_home_dir:            *wls_weblogic_home_dir
    # connect_url:                  "t3://%{hiera('domain_adminserver_address')}:7001"
connect_url:                  "t3s://%{hiera('domain_adminserver_address')}:7002"

It will not work. I get

Debug: 

Debug: wls:/offline> wls:/offline> wls:/offline> wls:/offline> wls:/offline> wls:/offline> Connecting to t3s://192.168.234.95:7002 with userid weblogic ...

Debug: <Jun 20, 2016 1:39:14 PM CEST> <Info> <Security> <BEA-090905> <Disabling CryptoJ JCE Provider self-integrity check for better startup performance. To enable this check, specify -Dweblogic.security.allowCryptoJDefaultJCEVerification=true> 

Debug: <Jun 20, 2016 1:39:14 PM CEST> <Info> <Security> <BEA-090906> <Changing the default Random Number Generator in RSA CryptoJ from ECDRBG to FIPS186PRNG. To disable this change, specify -Dweblogic.security.allowCryptoJDefaultPRNG=true> 

Debug: <Jun 20, 2016 1:39:14 PM CEST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=ltutar,C=NL,ST=gelderland,L=putten,O=triplexxx". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>

When I export CONFIG_JVM_ARGS as shown in https://github.com/biemond/biemond-orawls-vagrant/blob/master/certs.txt , I see that the truststore etc. are OK. nmConnect is working.

<Jun 20, 2016 1:20:02 PM CEST> <Info> <Security> <BEA-090906> <Changing the default Random Number Generator in RSA CryptoJ from ECDRBG to FIPS186PRNG. To disable this change, specify -Dweblogic.security.allowCryptoJDefaultPRNG=true> 
Successfully Connected to Node Manager.
wls:/nm/wls_domain> exit()

When I do not export CONFIG_JVM_ARGS, I get an error when trying to use nmConnect.

<Jun 20, 2016 1:21:14 PM CEST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=GeoTrust Primary Certification Authority - G3,OU=(c) 2008 GeoTrust Inc. - For authorized use only,O=GeoTrust Inc.,C=US". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.> 
<Jun 20, 2016 1:21:14 PM CEST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=GeoTrust Primary Certification Authority - G2,OU=(c) 2007 GeoTrust Inc. - For authorized use only,O=GeoTrust Inc.,C=US". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.10045.4.3.3.> 
<Jun 20, 2016 1:21:14 PM CEST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=AffirmTrust Premium,O=AffirmTrust,C=US". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.12.> 
<Jun 20, 2016 1:21:14 PM CEST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.> 
Traceback (innermost last):
  File "<console>", line 1, in ?
  File "<iostream>", line 123, in nmConnect
  File "<iostream>", line 653, in raiseWLSTException
WLSTException: Error occured while performing nmConnect : Cannot connect to Node Manager. : FATAL Alert:BAD_CERTIFICATE - A corrupt or unuseable certificate was received. 
Use dumpStack() to view the full stacktrace
wls:/offline>

Is it possible that the puppet code is not exporting some variables accidentally when trying to use t3s?

I see that for ms1 jsse is enabled.

[root@wlsagent1 weblogic]# ps -ef | grep -i java
oracle   10579 10542  0 15:59 ?        00:00:07 /usr/java/latest/bin/java -client -Xms32m -Xmx200m -XX:MaxPermSize=128m -Dcoherence.home=/opt/wls/middleware11g/coherence_3.7 -Dbea.home=/opt/wls/middleware11g -Dweblogic.ssl.JSSEEnabled=true -Dweblogic.security.SSL.enableJSSE=true -Dweblogic.security.TrustKeyStore=CustomTrust -Dweblogic.security.CustomTrustKeyStoreFileName=/vagrant/salt/states/puppetmaster/files/base/jks/truststore.jks -Dweblogic.security.CustomTrustKeystorePassPhrase=welcome -Xverify:none -Djava.security.policy=/opt/wls/middleware11g/wlserver_10.3/server/lib/weblogic.policy -Dweblogic.nodemanager.javaHome=/usr/java/latest weblogic.NodeManager -v
oracle   13057 13010  1 16:55 ?        00:00:21 /usr/java/jdk1.7.0_80/bin/java -client -Xms256m -Xmx512m -XX:CompileThreshold=8000 -XX:PermSize=128m -XX:MaxPermSize=256m -Dweblogic.Name=wlsServer1 -Djava.security.policy=/opt/wls/middleware11g/wlserver_10.3/server/lib/weblogic.policy -Dweblogic.system.BootIdentityFile=/opt/wls/wlsdomains/domains/wls_domain/servers/wlsServer1/data/nodemanager/boot.properties -Dweblogic.nodemanager.ServiceEnabled=true -Dweblogic.security.SSL.ignoreHostnameVerification=true -Dweblogic.ReverseDNSAllowed=false -Dweblogic.Stdout=/var/log/weblogic/wlsServer1.out -Dweblogic.Stderr=/var/log/weblogic/wlsServer1_err.out -Xverify:none -da -Dplatform.home=/opt/wls/middleware11g/wlserver_10.3 -Dwls.home=/opt/wls/middleware11g/wlserver_10.3/server -Dweblogic.home=/opt/wls/middleware11g/wlserver_10.3/server -Dweblogic.management.discover=false -Dweblogic.management.server=http://192.168.234.95:7001 -Dwlw.iterativeDev= -Dwlw.testConsole= -Dwlw.logErrorsToConsole= -Dweblogic.ext.dirs=/opt/wls/middleware11g/patch_wls1036/profiles/default/sysext_manifest_classpath:/opt/wls/middleware11g/patch_ocp371/profiles/default/sysext_manifest_classpath weblogic.Server
root     13533  9357  0 17:19 pts/0    00:00:00 grep -i java
[root@wlsagent1 weblogic]# cat /opt/wls/wlsdomains/domains/wls_domain/servers/wlsServer1/data/nodemanager/boot.properties
#Mon Jun 20 16:55:05 CEST 2016
CustomTrustKeyStoreFileName=/vagrant/salt/states/puppetmaster/files/base/jks/truststore.jks
TrustKeyStore=CustomTrust
password={AES}+iXyENLRl+l5yMKcnLRtRKOoHR0Fl1g0Jxc1R26RoOY\=
CustomTrustKeyStorePassPhrase={AES}7imQGO7ZM15adp0Xj9CclNQnYwnNSVxrjc3CsWSoS7g\=
username={AES}/RtrZYq3WJbMp5XcuYf6vvn/h5BKYpy3kDs1htwafsE\=
[root@wlsagent1 weblogic]# 
[root@wlsagent1 weblogic]# cat /opt/wls/wlsdomains/domains/wls_domain/servers/wlsServer1/data/nodemanager/startup.properties 
#Server startup properties
#Mon Jun 20 16:55:05 CEST 2016
Arguments=-Dweblogic.Stdout\=/var/log/weblogic/wlsServer1.out -Dweblogic.Stderr\=/var/log/weblogic/wlsServer1_err.out
SSLArguments=-Dweblogic.security.SSL.ignoreHostnameVerification\=true -Dweblogic.ReverseDNSAllowed\=false
RestartMax=2
RestartDelaySeconds=0
RestartInterval=3600
AdminURL=http\://192.168.234.95\:7001
AutoRestart=true
AutoKillIfFailed=false
[root@wlsagent1 weblogic]#

but not for adminserver

root     18046  9106  0 17:20 pts/0    00:00:00 grep -i java
[root@wlsagent install]# ps -ef | grep -i java
oracle   10516 10479  0 15:28 ?        00:00:11 /usr/java/latest/bin/java -client -Xms32m -Xmx200m -XX:MaxPermSize=128m -Dcoherence.home=/opt/wls/middleware11g/coherence_3.7 -Dbea.home=/opt/wls/middleware11g -Dweblogic.ssl.JSSEEnabled=true -Dweblogic.security.SSL.enableJSSE=true -Dweblogic.security.TrustKeyStore=CustomTrust -Dweblogic.security.CustomTrustKeyStoreFileName=/vagrant/salt/states/puppetmaster/files/base/jks/truststore.jks -Dweblogic.security.CustomTrustKeystorePassPhrase=welcome -Xverify:none -Djava.security.policy=/opt/wls/middleware11g/wlserver_10.3/server/lib/weblogic.policy -Dweblogic.nodemanager.javaHome=/usr/java/latest weblogic.NodeManager -v
oracle   11438 11392  1 15:29 ?        00:01:25 /usr/java/latest/bin/java -server -Xms256m -Xmx512m -XX:MaxPermSize=256m -Dweblogic.Name=AdminServer -Djava.security.policy=/opt/wls/middleware11g/wlserver_10.3/server/lib/weblogic.policy -Dweblogic.ProductionModeEnabled=true -Dweblogic.system.BootIdentityFile=/opt/wls/wlsdomains/domains/wls_domain/servers/AdminServer/security/boot.properties -Dweblogic.nodemanager.ServiceEnabled=true -XX:PermSize=256m -XX:MaxPermSize=512m -Xms1024m -Xmx1024m -Dweblogic.Stdout=/var/log/weblogic/AdminServer.out -Dweblogic.Stderr=/var/log/weblogic/AdminServer_err.out -da -Dplatform.home=/opt/wls/middleware11g/wlserver_10.3 -Dwls.home=/opt/wls/middleware11g/wlserver_10.3/server -Dweblogic.home=/opt/wls/middleware11g/wlserver_10.3/server -Dweblogic.management.discover=true -Dwlw.iterativeDev=false -Dwlw.testConsole=false -Dwlw.logErrorsToConsole=false -Dweblogic.ext.dirs=/opt/wls/middleware11g/patch_wls1036/profiles/default/sysext_manifest_classpath:/opt/wls/middleware11g/patch_ocp371/profiles/default/sysext_manifest_classpath weblogic.Server
root     18048  9106  0 17:23 pts/0    00:00:00 grep -i java
[root@wlsagent install]# cat /opt/wls/wlsdomains/domains/wls_domain/servers/AdminServer/data/nodemanager/boot.properties 
cat: /opt/wls/wlsdomains/domains/wls_domain/servers/AdminServer/data/nodemanager/boot.properties: No such file or directory
[root@wlsagent install]# cat /opt/wls/wlsdomains/domains/wls_domain/servers/AdminServer/data/nodemanager/startup.properties 
Arguments=-XX\:PermSize\=256m -XX\:MaxPermSize\=512m -Xms1024m -Xmx1024m -Dweblogic.Stdout\=/var/log/weblogic/AdminServer.out -Dweblogic.Stderr\=/var/log/weblogic/AdminServer_err.out
[root@wlsagent install]#

This is the corresponding yaml:

server_instances:
  'AdminServer':
    ensure:                                'present'
    log_file_min_size:                     '10000'
    log_filecount:                         '10'
    log_number_of_files_limited:           '1'
    log_rotate_logon_startup:              '1'
    log_rotationtype:                      'bySize'
    timeout:                               60
    listenportenabled:                     '1'
    machine:                               'LocalMachine'
    sslenabled:                            '1'
    ssllistenport:                         "%{hiera('admin_ssl_listen_port')}"
    sslhostnameverificationignored:        '1'
    two_way_ssl:                           '0'
    client_certificate_enforced:           '0'
    jsseenabled:                           '1'
    custom_identity:                       '1'
    custom_identity_keystore_filename:     "%{hiera('custom_identity_keystore_directory')}/%{hiera('adminserver_fqdn')}/identity_%{hiera('adminserver_fqdn')}.jks"
    custom_identity_keystore_passphrase:   "%{hiera('custom_identity_keystore_passphrase')}"
    custom_identity_alias:                 "%{hiera('adminserver_fqdn')}"  
    custom_identity_privatekey_passphrase: "%{hiera('custom_identity_privatekey_passphrase')}"
    trust_keystore_file:                   "%{hiera('wls_trust_keystore_file')}"
    trust_keystore_passphrase:             "%{hiera('wls_trust_keystore_passphrase')}"
    require:
      - Wls_machine[LocalMachine]
  "%{hiera('wls_name_on_node1')}":
    ensure:                                'present'
    arguments:
           - "-Dweblogic.Stdout=/var/log/weblogic/%{hiera('wls_name_on_node1')}.out"
           - "-Dweblogic.Stderr=/var/log/weblogic/%{hiera('wls_name_on_node1')}_err.out"
    listenaddress:                         "%{hiera('node1_address')}"
    listenport:                            "%{hiera('node_listen_port')}"
    listenportenabled:                     '1'
    logfilename:                           "/var/log/weblogic/%{hiera('wls_name_on_node1')}.log"
    log_file_min_size:                     '10000'
    log_filecount:                         '10'
    log_number_of_files_limited:           '1'
    log_rotate_logon_startup:              '1'
    log_rotationtype:                      'bySize'
    listenportenabled:                     '1'
    machine:                               "%{hiera('wls_name_on_node1')}Machine"
    timeout:                               60
    sslenabled:                            '1'
    ssllistenport:                         "%{hiera('node_ssl_listen_port')}" 
    sslhostnameverificationignored:        '1'
    two_way_ssl:                           '0'
    client_certificate_enforced:           '0'
    jsseenabled:                           '1'
    custom_identity:                       '1'
    custom_identity_keystore_filename:     "%{hiera('custom_identity_keystore_directory')}/%{hiera('node1_fqdn')}/identity_%{hiera('node1_fqdn')}.jks"
    custom_identity_keystore_passphrase:   "%{hiera('custom_identity_keystore_passphrase')}"
    custom_identity_alias:                 "%{hiera('node1_fqdn')}"  
    custom_identity_privatekey_passphrase: "%{hiera('custom_identity_privatekey_passphrase')}"
    trust_keystore_file:                   "%{hiera('wls_trust_keystore_file')}"
    trust_keystore_passphrase:             "%{hiera('wls_trust_keystore_passphrase')}"
    server_parameters:                     "%{hiera('wls_cluster_name')}"
    require:                               Wls_machine[%{hiera('wls_name_on_node1')}Machine]

Hi,

maybe it can be this.

the wls_settings kicks in after the domain is created and before the adminserver change, that means the adminserver should already support t3s, this way I have to do this first on the domain creation ( enable ssl ,jse, set port, trust etc )

also for the startup of the adminserver

# create a standard domain with custom identity for the adminserver
domain_instances:
  'Wls1221':
    domain_template:                       "standard"
    development_mode:                      false
    adminserver_listen_on_all_interfaces:  true
    adminserver_ssl_port:                  7002
    log_output:                            *logoutput
    custom_identity:                       true
    custom_identity_keystore_filename:     '/vagrant/identity_admin.jks'
    custom_identity_keystore_passphrase:   'welcome'
    custom_identity_alias:                 'admin'
    custom_identity_privatekey_passphrase: 'welcome'

wls_jsse_enabled:         true
# used by nodemanager, control and domain creation
wls_custom_trust:                  &wls_custom_trust              true
wls_trust_keystore_file:           &wls_trust_keystore_file       '/vagrant/truststore.jks'
wls_trust_keystore_passphrase:     &wls_trust_keystore_passphrase 'welcome'

Hope this helps

Hi Edwin,

I already had:

# create a standard domain
domain_instances:
  "%{hiera('wls_domain_name')}":
    domain_template:                       "%{hiera('domain_template')}"
    development_mode:                      false
    nodemanager_address:                   "%{hiera('adminserver_address')}"
    nodemanager_port:                      "%{hiera('node_manager_port')}"
    log_output:                            *logoutput
    nodemanager_secure_listener:           true
    adminserver_ssl_port:                  "%{hiera('admin_ssl_listen_port')}"
    custom_identity:                       true
    custom_identity_keystore_filename:     "%{hiera('custom_identity_keystore_directory')}/%{hiera('adminserver_fqdn')}/identity_%{hiera('adminserver_fqdn')}.jks"
    custom_identity_keystore_passphrase:   "%{hiera('custom_identity_keystore_passphrase')}"
    custom_identity_alias:                 "%{hiera('adminserver_fqdn')}"
    custom_identity_privatekey_passphrase: "%{hiera('custom_identity_privatekey_passphrase')}"

Also tried with

    adminserver_listen_on_all_interfaces:  true

but no luck.

ok, did you also set these.

wls_jsse_enabled:         true
# used by nodemanager, control and domain creation
wls_custom_trust:                  &wls_custom_trust              true
wls_trust_keystore_file:           &wls_trust_keystore_file       '/vagrant/truststore.jks'
wls_trust_keystore_passphrase:     &wls_trust_keystore_passphrase 'welcome'

and this on the nodemanager

# create and startup the nodemanager

nodemanager_instances:
  'nodemanager':
    log_output:                            *logoutput
    log_file:                              'nodemanager_wls1221.log'
    custom_identity:                       true
    custom_identity_keystore_filename:     '/vagrant/identity_admin.jks'
    custom_identity_keystore_passphrase:   'welcome'
    custom_identity_alias:                 'admin'
    custom_identity_privatekey_passphrase: 'welcome'

yes. in wls.yaml, I have:

# used by nodemanager, control and domain creation
wls_jsse_enabled:                  true
wls_custom_trust:                  true
wls_trust_keystore_file:           '/vagrant/salt/states/puppetmaster/files/base/jks/truststore.jks'
wls_trust_keystore_passphrase:     'welcome'
# used by servers etc. for ssl
custom_identity_keystore_directory:    '/vagrant/salt/states/puppetmaster/files/base/jks'
custom_identity_keystore_passphrase:   'welcome'
custom_identity_privatekey_passphrase: 'welcome'

and in wlsagent.home.yaml, I have:

nodemanager_instances:
  'nodemanager':
    nodemanager_address:                   "%{hiera('adminserver_address')}"
    nodemanager_port:                      "%{hiera('node_manager_port')}"
    domain_name:                           "%{hiera('wls_domain_name')}"
    nodemanager_secure_listener:           true
    custom_identity:                       true
    custom_identity_keystore_filename:     "%{hiera('custom_identity_keystore_directory')}/%{hiera('adminserver_fqdn')}/identity_%{hiera('adminserver_fqdn')}.jks"
    custom_identity_keystore_passphrase:   "%{hiera('custom_identity_keystore_passphrase')}"
    custom_identity_alias:                 "%{hiera('adminserver_fqdn')}"
    custom_identity_privatekey_passphrase: "%{hiera('custom_identity_privatekey_passphrase')}"
    log_output:                            true

Ok then it can only be a data error or the keystores are not correct.

So only create of the domain, nodemanager and start it up plus use fixed values instead of hiera lookup calls and check all keystores.

All right. I will check them with fixed values.

Still no luck. The yaml

[root@puppetmaster nodes]# cat wlsagent.home.yaml 
---
logoutput: &logoutput true
orautils::node_mgr_address:        "%{hiera('adminserver_address')}"

# fmw_cluster_instances is alleen voor osb nodig
fmw_cluster_instances:
  'soaCluster':
    domain_name:                    "osb_domain"
    osb_cluster_name:               "OsbCluster"
    osb_enabled:                     true
    nodemanager_secure_listener:     false
    log_output:                      *logoutput

# create a standard domain
domain_instances:
  "wls_domain":
    domain_template:                       "standard"
    development_mode:                      false
    nodemanager_address:                   "192.168.234.95"
    adminserver_listen_on_all_interfaces:  true
    nodemanager_port:                      "node_manager_port"
    log_output:                            *logoutput
    nodemanager_secure_listener:           true 
    adminserver_ssl_port:                  "7002"
    custom_identity:                       true
    custom_identity_keystore_filename:     "/vagrant/salt/states/puppetmaster/files/base/jks/wlsagent.home/identity_wlsagent.home.jks"
    custom_identity_keystore_passphrase:   "welcome" 
    custom_identity_alias:                 "wlsagent.home" 
    custom_identity_privatekey_passphrase: "welcome" 

wls_setting_instances:
  'default':
    user:                         'oracle'
    weblogic_home_dir:            "/opt/wls/middleware11g/wlserver_10.3"
    connect_url:                  "t3s://192.168.234.95:7002"
    custom_trust:                 true
    trust_keystore_file:          "/vagrant/salt/states/puppetmaster/files/base/jks/truststore.jks"
    trust_keystore_passphrase:    "welcome"
    weblogic_user:                "weblogic"
    weblogic_password:            "weblogic1"
    debug_module:                 true 
    require:                      Orawls::Domain[%{hiera('wls_domain_name')}]

nodemanager_instances:
  'nodemanager':
    nodemanager_address:                   "192.168.234.95" 
    nodemanager_port:                      "5556"
    domain_name:                           "wls_domain"
    nodemanager_secure_listener:           true 
    custom_identity:                       true
    custom_identity_keystore_filename:     "/vagrant/salt/states/puppetmaster/files/base/jks/wlsagent.home/identity_wlsagent.home.jks"
    custom_identity_keystore_passphrase:   "welcome"
    custom_identity_alias:                 "wlsagent.home" 
    custom_identity_privatekey_passphrase: "welcome"
    log_output:                            true

# Levent: Cannot connect to Node Manager. We will first configure the node manager.
# startup adminserver for extra configuration
control_instances:
  'startWLSAdminServer':
    domain_name:                 "wls_domain"
    server_type:                 'admin'
    target:                      'Server'
    server:                      'AdminServer'
    nodemanager_secure_listener: true 
    custom_trust:                true 
    nodemanager_port:            "5556"
    action:                      'start'
    log_output:                  *logoutput

Puppet agent -t --debug output:

Debug: <Jun 20, 2016 8:15:51 PM CEST> <Info> <Security> <BEA-090905> <Disabling CryptoJ JCE Provider self-integrity check for better startup performance. To enable this check, specify -Dweblogic.security.allowCryptoJDefaultJCEVerification=true> 

Debug: <Jun 20, 2016 8:15:51 PM CEST> <Info> <Security> <BEA-090906> <Changing the default Random Number Generator in RSA CryptoJ from ECDRBG to FIPS186PRNG. To disable this change, specify -Dweblogic.security.allowCryptoJDefaultPRNG=true> 

Debug: <Jun 20, 2016 8:15:51 PM CEST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=ltutar,C=NL,ST=gelderland,L=putten,O=triplexxx". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>

java processes

[root@wlsagent /]# ps -ef | grep -i java
oracle   10661 10624  0 19:52 ?        00:00:03 /usr/java/latest/bin/java -client -Xms32m -Xmx200m -XX:MaxPermSize=128m -Dcoherence.home=/opt/wls/middleware11g/coherence_3.7 -Dbea.home=/opt/wls/middleware11g -Dweblogic.ssl.JSSEEnabled=true -Dweblogic.security.SSL.enableJSSE=true -Dweblogic.security.TrustKeyStore=CustomTrust -Dweblogic.security.CustomTrustKeyStoreFileName=/vagrant/salt/states/puppetmaster/files/base/jks/truststore.jks -Dweblogic.security.CustomTrustKeystorePassPhrase=welcome -Xverify:none -Djava.security.policy=/opt/wls/middleware11g/wlserver_10.3/server/lib/weblogic.policy -Dweblogic.nodemanager.javaHome=/usr/java/latest weblogic.NodeManager -v
oracle   10807 10761  1 19:52 ?        00:00:19 /usr/java/latest/bin/java -server -Xms256m -Xmx512m -XX:MaxPermSize=256m -Dweblogic.Name=AdminServer -Djava.security.policy=/opt/wls/middleware11g/wlserver_10.3/server/lib/weblogic.policy -Dweblogic.ProductionModeEnabled=true -Dweblogic.system.BootIdentityFile=/opt/wls/wlsdomains/domains/wls_domain/servers/AdminServer/security/boot.properties -Dweblogic.nodemanager.ServiceEnabled=true -XX:PermSize=256m -XX:MaxPermSize=512m -Xms1024m -Xmx1024m -Dweblogic.Stdout=/var/log/weblogic/AdminServer.out -Dweblogic.Stderr=/var/log/weblogic/AdminServer_err.out -da -Dplatform.home=/opt/wls/middleware11g/wlserver_10.3 -Dwls.home=/opt/wls/middleware11g/wlserver_10.3/server -Dweblogic.home=/opt/wls/middleware11g/wlserver_10.3/server -Dweblogic.management.discover=true -Dwlw.iterativeDev=false -Dwlw.testConsole=false -Dwlw.logErrorsToConsole=false -Dweblogic.ext.dirs=/opt/wls/middleware11g/patch_wls1036/profiles/default/sysext_manifest_classpath:/opt/wls/middleware11g/patch_ocp371/profiles/default/sysext_manifest_classpath weblogic.Server
root     12065  9175  0 20:18 pts/0    00:00:00 grep -i java
[root@wlsagent /]#

I'll recreate the truststore.jks and see if it helps.

So the nodemanager and adminserver are running, I will use nmconnect to startup the adminserver. and only wls_settings cannot connect when you use a wls_xxx type

I got this for wls_setting

wls_setting_instances:
  'default':
    user:                         *wls_os_user
    weblogic_home_dir:            *wls_weblogic_home_dir
    connect_url:                  "t3s://%{hiera('domain_adminserver_address')}:7002"
    weblogic_user:                *wls_weblogic_user
    weblogic_password:            *domain_wls_password
    custom_trust:                 *wls_custom_trust
    trust_keystore_file:          *wls_trust_keystore_file
    trust_keystore_passphrase:    *wls_trust_keystore_passphrase

Else it can be the JDK, jce policy ( certs encryption too high) or JSSE https://github.com/biemond/biemond-jdk7/blob/master/manifests/install7.pp#L129

Hi Ediwn,

You are right about too high encryption since I am using WLS 10.3 Solution 2 on https://rmohan.com/?p=5153 solved my problem.

You can enable the JSSE SSL provider instead of Certicom to support the SHA256 algorithm. To enable JSSE, modify the startNodeManager script and add this java option to the JAVA_OPTIONS variable:
-Dweblogic.security.SSL.enableJSSE=true

I did not have to implement the rest of the solution. When I added -Dweblogic.security.SSL.enableJSSE=true as part of trust_parameter in https://github.com/biemond/biemond-orawls/blob/master/lib/utils/wls_daemon.rb#L51

It works. Would you like me to submit a PR? I did not test this with other versions of WebLogic.

Info: index wls_user 
Info: Executing: wlstScript with action index
Info: domain found default
Info: Starting the wls daemon for domain default
Info: Executing wls-script /tmp/wlstCommonScript.py20160621-17005-8da2wf
Info: Executing wls-script /tmp/wlstScript20160621-17005-oyu296.py with timeout = 120
Info: Connecting to wls on url t3s://192.168.234.95:7002
Info: index wls_group 
Info: Executing: wlstScript with action index
Info: domain found default
Info: Executing wls-script /tmp/wlstScript20160621-17005-1trrq2g.py with timeout = 120
Info: Connecting to wls on url t3s://192.168.234.95:7002
Info: index wls_domain
Info: Executing: wlstScript with action index
Info: domain found default
Info: Executing wls-script /tmp/wlstScript20160621-17005-1prjdc3.py with timeout = 120
Info: Connecting to wls on url t3s://192.168.234.95:7002
Info: index wls_machine 
Info: Executing: wlstScript with action index
Info: domain found default
Info: Executing wls-script /tmp/wlstScript20160621-17005-1guh8y2.py with timeout = 120
Info: Connecting to wls on url t3s://192.168.234.95:7002
Info: index wls_server 
Info: Executing: wlstScript with action index
Info: domain found default
Info: Executing wls-script /tmp/wlstScript20160621-17005-9o8727.py with timeout = 120
Info: Connecting to wls on url t3s://192.168.234.95:7002
Info: index wls_cluster
Info: Executing: wlstScript with action index
Info: domain found default
Info: Executing wls-script /tmp/wlstScript20160621-17005-l20po6.py with timeout = 120
Info: Connecting to wls on url t3s://192.168.234.95:7002
Notice: Applied catalog in 49.30 seconds

interesting, I need to test it with my 11g vagrant box where I also use keystores probably I didn't test this box with t3s only t3. I think with 12c jsse is the default

Thanks , I got the same problem.

Please send me a pull request so you get the credits

biemond / biemond-orawls-vagrant-12.2.1

t3s in wls_setting_instances is not working #4