search

oracle / weblogic-deploy-tooling

WebLogic Deploy Tooling
https://oracle.github.io/weblogic-deploy-tooling/
Universal Permissive License v1.0
151 stars 89 forks source link

Update "RmiJDBCSecurity" to "Secure" value is not working in WLS 12.2.1.4 #1190

Closed Michalski-Piotr closed 2 years ago

Michalski-Piotr commented 2 years ago

Hello, I have another issue with WDT 2.3.2. There is new security warning in case RmiJDBCSecurity is set to default "Compatibility" setting. There is are recommendation to update this Mbean property to "Secure". I'm trying to achieve that with WDT and below model file:

topology:
    Server:
        AdminServer:
            DataSource:
                RmiJDBCSecurity: "Secure"

But despite fact WDT updateDomain.sh is completing without any error, the RmiJDBCSecurity is still set to "Compatibility", when I'm checking with WLST:

wls:/o2c-domain/serverConfig/Servers/AdminServer/DataSource> cd ('AdminServer')
wls:/o2c-domain/serverConfig/Servers/AdminServer/DataSource/AdminServer> ls ()
...
-r--   Name                                         AdminServer
-r--   Notes                                        null
-r--   RmiJDBCSecurity                              Compatibility
...

I extracted oracle/weblogic/deploy/aliases/category_modules/Server.json and I see below:

"RmiJDBCSecurity":   [ {"version": "[10,12.1.2)", "wlst_mode": "both",    "wlst_name": "Rmi${Jdbc:JDBC}Security", "wlst_path": "WP001", "default_value": "Compatibility",  "wlst_type": "string",          "get_method": "LSA", "restart_required": "true" },

Does it mean the change is only possible in WLS version 10 and 12.1.2, please?

I appreciate for help.

Regards, Piotr Michalski Oracle ACS

robertpatrick commented 2 years ago

@enduro99kb No, you extracted only a portion of the alias for RmiJDBCSecurity. The full alias is shown below and simply says that the first entry is used if the WLS version is less than 12.1.2 and the second entry is used if the version is greater than or equal to 12.1.2...

"RmiJDBCSecurity":   [ {"version": "[10,12.1.2)", "wlst_mode": "both",    "wlst_name": "Rmi${Jdbc:JDBC}Security", "wlst_path": "WP001", "default_value": "Compatibility",  "wlst_type": "string",          "get_method": "LSA", "restart_required": "true" },
                       {"version": "[12.1.2,)",   "wlst_mode": "both",    "wlst_name": "RmiJDBCSecurity",   "wlst_path": "WP001", "default_value": "Compatibility",        "wlst_type": "string",          "restart_required": "true" } ],

One thing to note is that a restart is required for the change to be effective. Did you restart the server after making this change?

robertpatrick commented 2 years ago

User confirmed that restarting the server solved the issue, though there might be an issue where the tool is not correctly reporting that a restart is required.

Michalski-Piotr commented 2 years ago

Hello, there is no bug here.

Yesterday I was doing multiple model files tests, today I run one more time the test and everything is working fine, exit code is correct one.

Before the change:

wls:/o2c-domain/serverConfig/Servers/AdminServer/DataSource> cd ('AdminServer')
wls:/o2c-domain/serverConfig/Servers/AdminServer/DataSource/AdminServer> ls ()
...
-r--   Name                                         AdminServer
-r--   Notes                                        null
-r--   RmiJDBCSecurity                              Secure
...

WDT model file:

[oracle@o2c-domain-as bin]$ cat ~/domains/shared/pm/RmiJDBCSecurity_compatibility.yaml
topology:
    Server:
        AdminServer:
            DataSource:
                RmiJDBCSecurity: "Compatibility"

And output is confirming the correct exit code and required restart:


[oracle@o2c-domain-as bin]$ /u01/oracle/scripts/weblogic-deploy/bin/updateDomain.sh -oracle_home $FMW_HOME  -domain_home "$DOMAIN_ROOT/$DOMAIN_NAME" -admin_url t3://10.100.4.189:7101 -model_file ~/domains/shared/pm/RmiJDBCSecurity_compatibility.yaml
JDK version is 1.8.0_341-b25
JAVA_HOME = /usr/java/latest
WLST_EXT_CLASSPATH = /u01/oracle/scripts/weblogic-deploy/lib/weblogic-deploy-core.jar
CLASSPATH = /u01/oracle/scripts/weblogic-deploy/lib/weblogic-deploy-core.jar
WLST_PROPERTIES = -Dcom.oracle.cie.script.throwException=true -Djava.util.logging.config.class=oracle.weblogic.deploy.logging.WLSDeployLoggingConfig
/u01/oracle/fmw/oracle_common/common/bin/wlst.sh /u01/oracle/scripts/weblogic-deploy/lib/python/update.py -oracle_home /u01/oracle/fmw -domain_home /u01/oracle/domains/o2c-domain -admin_url t3://10.100.4.189:7101 -model_file /u01/oracle/domains/shared/pm/RmiJDBCSecurity_compatibility.yaml

Initializing WebLogic Scripting Tool (WLST) ...

Welcome to WebLogic Server Administration Scripting Shell

Type help() for help on available commands

####<Aug 26, 2022 8:50:19 AM> <INFO> <WebLogicDeployToolingVersion> <logVersionInfo> <WLSDPLY-01750> <The WebLogic Deploy Tooling updateDomain version is 2.3.2:.229089c:Jul 20, 2022 15:29 UTC>
Please enter the WebLogic administrator username: weblogic
Please enter the WebLogic administrator password:
####<Aug 26, 2022 8:50:26 AM> <INFO> <ModelContext> <__copy_from_args> <WLSDPLY-01050> <WebLogic version for aliases is 12.2.1.4.0.220602>
####<Aug 26, 2022 8:50:26 AM> <INFO> <filter_helper> <apply_filters> <WLSDPLY-20017> <No filter configuration file /u01/oracle/scripts/weblogic-deploy/lib/model_filters.json>
####<Aug 26, 2022 8:50:26 AM> <INFO> <filter_helper> <apply_filters> <WLSDPLY-20016> <No filters of type update found in filter configuration file /u01/oracle/scripts/weblogic-deploy/lib/model_filters.json>
####<Aug 26, 2022 8:50:27 AM> <INFO> <update> <__update_online> <WLSDPLY-09005> <Connecting to domain at t3://10.100.4.189:7101 with timeout value of 120000 ...>

####<Aug 26, 2022 8:50:31 AM> <INFO> <update> <__update_online> <WLSDPLY-09007> <Connected to domain at t3://10.100.4.189:7101>
####<Aug 26, 2022 8:50:32 AM> <INFO> <TopologyUpdater> <_add_named_elements> <WLSDPLY-09608> <Updating Server AdminServer>
####<Aug 26, 2022 8:50:32 AM> <INFO> <TopologyUpdater> <_add_model_elements> <WLSDPLY-09604> <Updating DataSource for Server AdminServer>
####<Aug 26, 2022 8:50:32 AM> <INFO> <TopologyUpdater> <_add_named_elements> <WLSDPLY-09608> <Updating Server AdminServer>
####<Aug 26, 2022 8:50:32 AM> <INFO> <TopologyUpdater> <_add_model_elements> <WLSDPLY-09604> <Updating DataSource for Server AdminServer>
####<Aug 26, 2022 8:50:32 AM> <INFO> <LibraryHelper> <install_domain_libraries> <WLSDPLY-12213> <The model did not specify any domain libraries to install>
####<Aug 26, 2022 8:50:32 AM> <INFO> <LibraryHelper> <extract_classpath_libraries> <WLSDPLY-12216> <The archive file was not provided so there are no classpath libraries to extract>
####<Aug 26, 2022 8:50:32 AM> <INFO> <LibraryHelper> <extract_custom_files> <WLSDPLY-12565> <The archive file was not provided so there are no custom files to extract>
####<Aug 26, 2022 8:50:32 AM> <INFO> <LibraryHelper> <install_domain_scripts> <WLSDPLY-12241> <The model did not specify any domain scripts to install>
####<Aug 26, 2022 8:50:39 AM> <WARNING> <deployer_utils> <get_list_of_restarts> <WLSDPLY-09206> <Server AdminServer (standalone) requires a restart>

Issue Log for updateDomain version 2.3.2 running WebLogic version 12.2.1.4.0.220602 online mode:

WARNING Messages:

        1. WLSDPLY-09206: Server AdminServer (standalone) requires a restart

Total:       WARNING :     1    SEVERE :     0

updateDomain.sh completed successfully but the domain requires a restart for the changes to take effect (exit code = 103)
[oracle@o2c-domain-as bin]$

Thank you very much for your help in checking as suggesting the restart yesterday. Please close this issue. Regards, Piotr Michalski