jeudi 13 novembre 2014

Understand "Weblogic Plugin Enabled" attribute

Why using "Weblogic Plugin Enabled" :
Weblogic Server usually receives requests through a web server or a load-balancer which works as a proxy.
When using this kind of configuration, it is important to inform Weblogic Server of the presence of a proxy to handle the client request correctly.

Set the "weblogic plugin Enabled" attribute to true indicates to WLS to call getRemoteAddr and return the original request from the browser client instead of front WebServer address.

Example : 
One of the most representative example is when using Apache Server as a SSL termination in front of Weblogic.
In a simple case which consists to access to Weblogic console, we can observe weblogic behavior with and without "WL Plugin Enabled" attribute.

WL Plugin Enabled to false : 
When "Weblogic Plugin Enabled" is set to false, the redirect send to browser is rewriten in http on initial https port.


WL Plugin Enabled to true : 
When "Weblogic Plugin Enabled" is set to true, the redirect send to browser is rewriten correctly on https on the original port.



How to activate : 
"Weblogic Plugin Enabled" attribute can be set to three level.
- Domain Level (apply to all clusters and servers that do not overwrite explicitly the attribute with different value)
- Cluster Level (apply to all members of the cluster that do not overwrite explicitly the attribute with different value)
- Server Level

Domain Level : 
- Select Domain name :


- Select "Configuration" Tab, then "Web Applications" :


- Select "Weblogic Plugin Enabled" checkbox :


Cluster Level : 
- Expand "Environment" and select "Clusters", then click on your cluster :



- On "Configuration / General" Tabs, go to "Advanced" section, then select the value for "WL Plugin Enabled" attribute.
"Default" means that domain value apply.


Server Level : 
- Expand "Environment" in "Domain Structure" and select "Servers". Select the desired server :



- Select "Configuration / General" Tab :



- Expand "Advanced" section, then select a value for "Weblogic Plugin Enabled" attribute :



mercredi 12 novembre 2014

how to resize root '/' filesystem and swap on a Exalogic vServer.


Prerequisites
- Access to OpsCenter with owner of vServer.
- Access to vServer with root user.
- Access to a computeNode with root user.

Resize FileSystem
On vServer or OpsCenter :
Shutdown the vServer to extend main volume.
- Connect to OpsCenter
- Go to “Vdc Management / mycloud / Accounts / myAccount”
- Select the vServer
- Click “Shutdown the server” or click on the red square.
Alternative :
- Connect to vServer with root user and execute the following command :
# shutdown -h now

On a compute Node :
Go to to OVM Repository and access directly to the vServers vDisks.

On the repository :   
# cd /OVS/Repositories/000.........22/
# ls
Assemblies  ISOs  Templates  VirtualDisks  VirtualMachines

- Identify the vServer :  
# grep 'simple_name' VirtualMachines/*/*.cfg
VirtualMachines/000..........75/vm.cfg:OVM_simple_name = 'myvserver-1'
VirtualMachines/000..........48/vm.cfg:OVM_simple_name = 'myvserver-2'
VirtualMachines/000..........bb/vm.cfg:OVM_simple_name = 'myvserver-3'
VirtualMachines/000..........3f/vm.cfg:OVM_simple_name = 'ExalogicControlOpsCenterPC2'
VirtualMachines/000..........b7/vm.cfg:OVM_simple_name = 'mytemplatevserver'
VirtualMachines/000..........30/vm.cfg:OVM_simple_name = 'ExalogicControl'
VirtualMachines/000..........4b/vm.cfg:OVM_simple_name = 'ldapvserver'
VirtualMachines/000..........90/vm.cfg:OVM_simple_name = 'ExalogicControlOpsCenterPC1'

- Identify the vDisk :  
# grep -i disk VirtualMachines/000..........b7/vm.cfg
disk = ['file:/OVS/Repositories/000.........22/VirtualDisks/000..........b7.img,hda,w']
[root@elp01cn01 000.........22]# cd /OVS/Repositories/000.........22/VirtualDisks/

- Make a vDisk backup :  
# ls -l 000..........b7.img
-rw-r--r--+ 1 root root 6292504576 Jul 15 14:16 000..........b7.img
# cp 000..........b7.img 000..........b7.img.orig

- Create a new disk with the desired size :  
# dd if=/dev/zero of=System12G.img bs=5M count=2400
2400+0 records in
2400+0 records out
12582912000 bytes (13 GB) copied, 21.5651 seconds, 583 MB/s

- Copy vServer vDisk content into file newly created :  
# dd if=000..........b7.img of=System12G.img conv=notrunc,noerror
12290048+0 records in
12290048+0 records out
6292504576 bytes (6.3 GB) copied, 65.0138 seconds, 96.8 MB/s

- Replace vDisk with newly file :  
# mv System12G.img 000..........b7.img
mv: overwrite `000..........b7.img'? y

Restart the vServer and resize VolumeGroups
On OpsCenter Console :
- Connect to OpsCenter
- Go to “Vdc Management / mycloud / Accounts / myAccount”
- Select the vServer
- Click “start the server”.

On vServer
- Connect on vServer with root user and list the current disks shows in vServer :
# fdisk -l

Disk /dev/xvda: 12.5 GB, 12582912000 bytes
255 heads, 63 sectors/track, 1529 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes

    Device Boot      Start         End      Blocks   Id  System
/dev/xvda1   *           1          13      104391   83  Linux
/dev/xvda2              14         765     6040440   8e  Linux LVM

Disk /dev/dm-0: 5637 MB, 5637144576 bytes
255 heads, 63 sectors/track, 685 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes

Disk /dev/dm-0 doesn't contain a valid partition table

Disk /dev/dm-1: 536 MB, 536870912 bytes
255 heads, 63 sectors/track, 65 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes

Disk /dev/dm-1 doesn't contain a valid partition table


- Delete current partition and recreate new using the entire disk :
# fdisk /dev/xvda

The number of cylinders for this disk is set to 1529.
There is nothing wrong with that, but this is larger than 1024,
and could in certain setups cause problems with:
1) software that runs at boot time (e.g., old versions of LILO)
2) booting and partitioning software from other OSs
   (e.g., DOS FDISK, OS/2 FDISK)

Command (m for help): d
Partition number (1-4): 2

Command (m for help): n
Command action
   e   extended
   p   primary partition (1-4)
p
Partition number (1-4): 2
First cylinder (14-1529, default 14):
Using default value 14
Last cylinder or +size or +sizeM or +sizeK (14-1529, default 1529):
Using default value 1529

- Reboot to use the new partition :
# reboot -n

Broadcast message from root (pts/0) (Tue Jul 15 14:38:48 2014):

The system is going down for reboot NOW!

- Control the physical volume :
# pvdisplay
  --- Physical volume ---
  PV Name               /dev/xvda2
  VG Name               VolGroup00
  PV Size               5.76 GB / not usable 10.87 MB
  Allocatable           yes (but full)
  PE Size (KByte)       32768
  Total PE              184
  Free PE               0
  Allocated PE          184
  PV UUID               SaMlQo-Ct55-8IhX-ZEaf-rT4X-gISK-XEwdvc

- Resize the physical volume to use entire disk :
# pvresize /dev/xvda2
  Physical volume "/dev/xvda2" changed
  1 physical volume(s) resized / 0 physical volume(s) not resized

- Scan the volume group :
# vgs
  VG         #PV #LV #SN Attr   VSize  VFree
  VolGroup00   1   2   0 wz--n- 11.59G 5.84G

- Scan the logical Volumes in VolumeGroup :
# lvscan
  ACTIVE            '/dev/VolGroup00/LogVol00' [5.25 GB] inherit
  ACTIVE            '/dev/VolGroup00/LogVol01' [512.00 MB] inherit

- Extend the volume used for swap first :
# lvextend -L +1536M /dev/VolGroup00/LogVol01
  Extending logical volume LogVol01 to 2.00 GB
  Logical volume LogVol01 successfully resized

- Extend root filesystem with all the space free in volumeGroup :
# lvextend -l +100%FREE /dev/VolGroup00/LogVol00
  Extending logical volume LogVol00 to 9.59 GB
  Logical volume LogVol00 successfully resized

- Disable the swap :
# swapoff /dev/mapper/VolGroup00-LogVol01

- Recreate the swap with the new logical volume :
#  mkswap /dev/mapper/VolGroup00-LogVol01
Setting up swapspace version 1, size = 2147479 kB

- Enable the swap with the new logical volume :
# swapon /dev/mapper/VolGroup00-LogVol01

- Control new filesystem size :
# df -m
Filesystem           1M-blocks      Used Available Use% Mounted on
/dev/mapper/VolGroup00-LogVol00
                          9516      3449      5576  39% /
/dev/xvda1                  99        23        71  25% /boot
tmpfs                     3998         0      3998   0% /dev/shm

Note : Another approach can be made by adding a disk to system VG instead of resizing. 

mardi 11 novembre 2014

How to configure replication on openldap 2.4.23

Configure ldap Replication

Populate master node with a replication account :
On master Node : 
create a ldif file contains account informations :
# cat /tmp/addreplicator.ldif
dn: cn=replication,dc=el01,dc=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
cn: replication
sn: replication
userPassword:: e3NzaGF9V0xuYVpQaWRibENDU1hKYkpiVXVTSGhWb3hVRHFLZ09jT2RJSmc9P

Add replication account by using ldapadd command : 
#  ldapadd -x -D "cn=Manager,dc=el01,dc=com" -w welcome1 -f addreplicator.ldif -h localhost -p 389
adding new entry "cn=Replication,dc=el01,dc=com"

Add access to replication user
On master node : 
Edit /etc/openldap/slapd.d/cn=config/olcDatabase={2}bdb.ldif to grant read permissions to replication user on all attributes :
# vi /etc/openldap/slapd.d/cn=config/olcDatabase={2}bdb.ldif 

olcAccess: {0}to attrs=userPassword
  by self =xw
  by dn.exact="uid=pwreset,dc=el01,dc=com" =xw
  by dn.exact="uid=replication,dc=el01,dc=com" read
  by anonymous auth
  by * none
olcAccess: {1}to *
  by anonymous auth
  by self write
  by dn.exact="uid=replication,dc=el01,dc=com" read
  by users read
  by * none

Enable syncProv module
On master node : 
Create a new file /etc/openldap/slapd.d/cn=config/cn=module{0}.ldif with the following content :
# vi /etc/openldap/slapd.d/cn=config/cn=module{0}.ldif 
dn: cn=module{0}
objectClass: olcModuleList
cn: module{0}
olcModulePath: /usr/lib64/openldap
olcModuleLoad: {0}back_bdb
olcModuleLoad: {1}syncprov

Configure syncProv module
- Turn on SyncProv module for each directory to synchronize :
# mkdir /etc/openldap/slapd.d/cn=config/olcDatabase={0}config

# mkdir /etc/openldap/slapd.d/cn=config/olcDatabase={2}bdb

# touch /etc/openldap/slapd.d/cn=config/olcDatabase\=\{0\}config/olcOverlay={0}syncprov.ldif

# touch /etc/openldap/slapd.d/cn=config/olcDatabase\=\{2\}bdb/olcOverlay={0}syncprov.ldif 

- Add the following content to each synchprov ldif file :
dn: olcOverlay={0}syncprov
objectClass: olcOverlayConfig
objectClass: olcSyncProvConfig

# Sync Setup for the main LDAP Database
#
olcOverlay: {0}syncprov
# Sync Checkpoints every 20 changes or 1 hour
olcSpCheckpoint: 20 60
# Keep a fair number of operations in the log
olcSpSessionlog: 1000

Restart ldap service
On master Node : 
start ldap service and control there is no errors :

# service ldap start
Starting slapd:                                            [  OK  ]

Configure slave(s)
On slave Node, install and configure openldap as indicate in my previous article, except step for populate directory.

Configure ldap slave
On slave Node : 
edit /etc/openldap/slapd.d/cn=config/olcDatabase={2}bdb.ldif :
# vi /etc/openldap/slapd.d/cn=config/olcDatabase={2}bdb.ldif
olcSyncrepl: rid=100
  provider="ldaps://ldap-master.example.org:389/"
  type=refreshAndPersist
  retry="60 30 300 +"
  searchbase="dc=el01,dc=com"
  bindmethod=simple
  binddn="uid=replication,dc=el01,dc=com"
  credentials=replicationPASSWORD

Note : RID must be unique per slave and needs to be a 3 digits number.

Note : ldap Directory must be empty before starting slapd. 

Start slapd
Start ldap service :
# service ldap start
Starting slapd:                                            [  OK  ]

Replication control
Control replication by using ldapsearch on the second node :
# ldapsearch -x -b "cn=wls,ou=Group,dc=el01,dc=com" -D "cn=Manager,dc=el01,dc=com" -w welcome1 -h <slaveNodeAddress>
# extended LDIF
#
# LDAPv3
# base <cn=wls,ou=Group,dc=el01,dc=com> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# wls, Group, el01.com
dn: cn=wls,ou=Group,dc=el01,dc=com
objectClass: posixGroup
objectClass: top
cn: wls
gidNumber: 600

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

If the result is one or more entries, the replication is working.

Note : It is possible to control replication with replica log file on master node

mardi 4 novembre 2014

Install & configure openldap 2.4.23

How to install and configure openldap 2.4.23 on OEL6.5 :

Prerequisites
- Ntp Server : 
On each server, ntp must be configured.
Update /etc/ntp.conf with customer ntp, if enterprise ntp server can be joined.
If not, it is possible to use Ops Center virtual server as ntp server.
After modification, restart ntp service :
# service ntpd stop
Shutting down ntpd:                                        [  OK  ]
# service ntpd start
Starting ntpd:                                             [  OK  ]

- Name service :

To complete configuration, it is recommended to add ldap servers in Enterprise Name Service directory.
If not possible, add each entry in /etc/hosts file, and each ldap servers node, and in each ldap clients node.

Installation
Rpm packages :
If no yum repository is configured, you can install rpm openldap with dependencies rpm.
On each ldap client machine : 
Openldap-clients
nss-pam-ldapd
nss-util
authconfig-gtk
pam_ldap

On each ldap server : 
Openldap-servers
Nss-ldap
Libtool-ltld
cyrus-sasl-devel

Configure
Configuration file : 
/etc/openldap/slapd.d/cn=config.ldif
Make a backup of this file before any modification.

Edit the cn=config.ldif file to provide security informations : 
Delete ldapv2 connections, allow only ldapv3, by deleting this line : 
olcAllows: bind_v2

Add Idle Connection Timeout to avoid maintaining Idle connections, add or modify the following line :
olcIdleTimeout 60

Database files
Create a Rootpassword : 
Create an encoded root password for ldap directory with slappasswd command : 
# slappasswd
New password:
Re-enter new password:
{SSHA}F8SO2XunEKdP2qK4ZTFWicmaF/DrkW1Q

Edit Database file : olcDatabase={2}bdb.ldif
Make a backup of this file before any modification.

Edit /etc/openldap/slapd.d/cn=config/olcDatabase={2}bdb.ldif :
Modify olcSuffix to desired ldap configuration : 
 olcSuffix: dc=el01,dc=com

Modify ldap administrator olcRootDN : 
 olcRootDN: cn=manager,dc=el01,dc=com

Add Root password (with password generated in 4.2.1) : 
olcRootPW: {SSHA}F8SO2XunEKdP2qK4ZTFWicmaF/DrkW1Q

Start ldap service
Start the ldap service to check configuration files and to populate database online.

# chkconfig sldapd on
# service slapd start
Starting slapd: [OK]

Populate database (online)
Populate the database with ldif file for creating users and groups branchs : 
Create ldif file for create ldap tree (following contents is an example) : 
# vi /tmp/ldapentries.ldif
dn: dc=el01,dc=com
objectclass: dcObject
objectclass: organization
o: el01 com
dc: el01

dn: ou=People,dc=el01,dc=com
objectClass: organizationalUnit
objectClass: top
ou: People

dn: ou=Group,dc=el01,dc=com
objectClass: organizationalUnit
objectClass: top
ou: Group

dn: cn=admin,dc=el01,dc=com
objectclass: organizationalRole
cn: admin

# Add a user to test ldap
dn: uid=ddewailly,ou=People,dc=el01,dc=com
objectclass: top
objectclass: person
objectclass: inetOrgPerson
objectclass: organizationalPerson
uid: ddewailly
cn: David Dewailly
sn: Dewailly
givenName: David

Use clear text mode : 
If you don't want to use ldaps, modify /etc/sysconfig/authconfig file and replace FORCELEGACY=no by FORCELEGACY=yes

Populate with ldapadd command : 
# ldapadd -f /tmp/ldapentries.ldif -x -D cn=Manager,dc=el01,dc=com -W -c

Note : No space must be placed at the end of each line, use only new line characters.

Make a search to control entries previously added : 
# ldapsearch -x -D cn=Manager,dc=el01,dc=com -W -b 'dc=el01,dc=com' '(objectclass=*)'