tag:blogger.com,1999:blog-80058261185972315022024-02-01T23:51:47.442-08:00Another technical blog about MiddlewareTips for Middleware and Exalogic systemsAnonymoushttp://www.blogger.com/profile/10578247333336451445noreply@blogger.comBlogger9125tag:blogger.com,1999:blog-8005826118597231502.post-35336639207948976072017-09-15T04:54:00.000-07:002017-09-15T04:54:21.643-07:00Use java jarsigner to self sign your java archive<h2 style="font-size: 12pt;">
Use jar signer to sign your java archive</h2>
<div style="font-size: 12pt;">
Some applications or browsers security require that any jar you try to use must be signed. </div>
<div style="font-size: 12pt;">
You can use java tool jarsigner to self sign your own jar files. </div>
<div style="font-size: 12pt;">
<br /></div>
<div style="font-size: 12pt;">
First, you need to create your certificate or use your existing certificate. </div>
<h3 style="font-size: 12pt;">
Create your own certificate</h3>
<div class="Text">
<span style="font-family: "times new roman" , serif; font-size: 11pt; text-indent: 0cm;">-<span style="font-family: "times new roman"; font-size: 7pt; font-stretch: normal; line-height: normal;"> </span></span><span style="font-size: 16px;">To create you own certificate, run the following command :</span><br />
<span style="font-size: 16px;"><br /></span></div>
<div style="border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-element: para-border-div; padding: 1.0pt 1.0pt 1.0pt 1.0pt;">
<div class="MsoCaption" style="border: none; mso-border-alt: solid windowtext .5pt; mso-padding-alt: 1.0pt 1.0pt 1.0pt 1.0pt; padding: 0cm;">
<i style="font-size: 12pt; text-align: justify;"><b>C:\Java\jdk1.8.0_92\bin\keytool.exe
-genkeypair -alias ddy -keyalg rsa -keysize 2048 -keypass ddy1234
-validity 3650 -keystore C:\temp\mykeystore.jks -storepass
ddy1234 -storetype jks -dname "CN=DDY,OU=OC,O=DDY,L=Paris,ST=IDF,C=FR" -v</b></i></div>
<div>
<div style="text-align: justify;">
<i style="font-size: 12pt; text-align: justify;">Generating 2 048 bit RSA key pair and self-signed certificate (SHA256withRSA) wi</i></div>
<div style="text-align: justify;">
<i style="font-size: 12pt; text-align: justify;">th a validity of 3 650 days</i></div>
<div style="text-align: justify;">
<i style="font-size: 12pt; text-align: justify;"> for: CN=DDY, OU=OC, O=DDY, L=Paris, ST=IDF, C=FR</i></div>
<div style="text-align: justify;">
<i style="font-size: 12pt; text-align: justify;">[Storing C:\temp\.keystore]</i></div>
<div>
<br /></div>
</div>
</div>
<div>
<br />
<h3>
Use jarsigner </h3>
- Use your certificate with jarsigner to sign your java archive :
<br />
<br />
<div style="border: 1pt solid; padding: 1pt;">
<div class="MsoCaption" style="border: none; mso-border-alt: solid windowtext .5pt; mso-padding-alt: 1.0pt 1.0pt 1.0pt 1.0pt; padding: 0cm;">
<i style="font-size: 12pt; text-align: justify;"><b>C:\Java\jdk1.8.0_92\bin\jarsigner -keystore C:\Temp\mykeystore.jks pdev.jar ddy </b></i><br />
<i style="font-size: 12pt; text-align: justify;">Enter Passphrase for keystore: </i><br />
<i style="font-size: 12pt; text-align: justify;">jar signed.</i></div>
<div>
<div>
<br /></div>
</div>
</div>
<div>
<br /></div>
<br /></div>
Anonymoushttp://www.blogger.com/profile/10578247333336451445noreply@blogger.com0tag:blogger.com,1999:blog-8005826118597231502.post-5129923666379308532017-09-14T13:53:00.001-07:002017-09-14T13:53:29.507-07:00SSL Configuration on Weblogic<div style="border-bottom: solid black 1.0pt; border: none; mso-border-bottom-alt: solid black .5pt; mso-element: para-border-div; padding: 0cm 0cm 0cm 0cm;">
<h1 style="margin-left: 0cm; mso-list: l0 level1 lfo1; text-indent: 0cm;">
<a href="https://www.blogger.com/null" name="_Toc463960138">SSL Configuration on Weblogic</a></h1>
</div>
<h2>
<o:p></o:p></h2>
<div class="Texte">
<span style="font-size: 11.0pt; mso-bidi-font-size: 12.0pt;">This article decribes all steps to configure SSL on Weblogic Server. <o:p></o:p></span></div>
<div class="Texte">
<span style="font-size: 11pt;">For a Weblogic Cluster, these steps must be configured for each cluster member.</span></div>
<h2>
<a href="https://www.blogger.com/null" name="_Toc463960140"></a><a href="https://www.blogger.com/null" name="_Toc434561190"><!--[if !supportLists]-->1.</a><a href="https://www.blogger.com/null" name="_Toc434561190"><span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; font-weight: normal; line-height: normal;"> </span>Configure java stores</a></h2>
<h2>
<o:p></o:p></h2>
<div class="MsoCaption">
<span style="font-size: 11pt;">To configure java stores (keystore for storing certificate, truststore for Certification Authorities), follow these steps : <o:p></o:p></span></div>
<div class="MsoCaption">
<span style="font-size: 11pt;">Connect to Weblogic Admin Console (click Lock & Edit in production mode) : <o:p></o:p></span></div>
<div class="MsoCaption" style="margin-left: 0cm; mso-list: l1 level1 lfo2; tab-stops: list 0cm; text-indent: 0cm;">
<!--[if !supportLists]--><span style="font-family: "Times New Roman", serif; font-size: 11pt;">-<span style="font-family: "Times New Roman"; font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;">
</span></span><!--[endif]--><span style="font-size: 11pt;">Go to “Environment / Servers / <ServerName> »<o:p></o:p></span></div>
<div class="MsoCaption" style="margin-left: 0cm; mso-list: l1 level1 lfo2; tab-stops: list 0cm; text-indent: 0cm;">
<!--[if !supportLists]--><span style="font-family: "Times New Roman", serif; font-size: 11pt;">-<span style="font-family: "Times New Roman"; font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;">
</span></span><!--[endif]--><span style="font-size: 11pt;">Go to “Configuration / Keystore” tab.<o:p></o:p></span></div>
<div class="MsoCaption" style="margin-left: 0cm; mso-list: l1 level1 lfo2; tab-stops: list 0cm; text-indent: 0cm;">
<!--[if !supportLists]--><span style="font-family: "Times New Roman", serif; font-size: 11pt;">-<span style="font-family: "Times New Roman"; font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;">
</span></span><!--[endif]--><span style="font-size: 11pt;">click on “Change” button. <o:p></o:p></span></div>
<div class="MsoCaption">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhg2k6jCBxYhwqLXvz3cku94nJ2eEsnVM7YN_MzRYailA6sZfrunTUkb4GQsUaswqV6px-NWzx8XQjWBGzUYi3N1OMNZtdZyhSE5UhSrhYGBohi2hcK-ft1jrPHrPItn0Z8gs21y3vpVKA/s1600/keystoreConfig.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="717" data-original-width="986" height="232" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhg2k6jCBxYhwqLXvz3cku94nJ2eEsnVM7YN_MzRYailA6sZfrunTUkb4GQsUaswqV6px-NWzx8XQjWBGzUYi3N1OMNZtdZyhSE5UhSrhYGBohi2hcK-ft1jrPHrPItn0Z8gs21y3vpVKA/s320/keystoreConfig.PNG" width="320" /></a></div>
<br />
<div class="MsoCaption">
<br /></div>
<div class="MsoCaption">
<br /></div>
<div class="MsoCaption" style="margin-left: 0cm; mso-list: l1 level1 lfo2; tab-stops: list 0cm; text-indent: 0cm;">
<!--[if !supportLists]--><span style="font-family: "Times New Roman", serif; font-size: 11pt;">-<span style="font-family: "Times New Roman"; font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;">
</span></span><!--[endif]--><span style="font-size: 11pt;">Select “Custom Identity and Custom Trust” in "keystore" list, then click on “Save” <o:p></o:p></span></div>
<div class="MsoCaption">
<u><span style="font-size: 11pt;">Note :</span></u><span style="font-size: 11pt;"> If certificates are provided by a well-known CA, use</span><span style="font-size: 11.0pt; mso-ansi-language: FR; mso-bidi-font-size: 12.0pt;"> « Custom Identity and Java Standard Trust ».</span><span style="font-size: 11pt;"> <o:p></o:p></span></div>
<div class="MsoCaption">
<br /></div>
<div class="MsoCaption">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh43C0MjBWn97XIkI_KTVjN_084iukFce6wo55pMTCPi1ykNnoNODE_T2gFK51trtD81Smf2BpPK-Yd-IMpN-pP5a_ZEMfqWcdu5Xy0Rkk61IsiBWRZK91zc7mLU8-gTfZWgP-ggUofYfY/s1600/CustomIdentity.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="291" data-original-width="727" height="128" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh43C0MjBWn97XIkI_KTVjN_084iukFce6wo55pMTCPi1ykNnoNODE_T2gFK51trtD81Smf2BpPK-Yd-IMpN-pP5a_ZEMfqWcdu5Xy0Rkk61IsiBWRZK91zc7mLU8-gTfZWgP-ggUofYfY/s320/CustomIdentity.PNG" width="320" /></a></div>
<br />
<div class="MsoCaption" style="margin-left: 0cm; mso-list: l1 level1 lfo2; tab-stops: list 0cm; text-indent: 0cm;">
<!--[if !supportLists]--><span style="font-family: "Times New Roman", serif; font-size: 11pt;">-<span style="font-family: "Times New Roman"; font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;">
</span></span><!--[endif]--><span style="font-size: 11pt;">Make the following changes : <o:p></o:p></span></div>
<div class="MsoCaption" style="margin-left: 0cm; mso-list: l1 level2 lfo2; tab-stops: list 0cm; text-indent: 0cm;">
<!--[if !supportLists]--><span lang="EN-US" style="font-family: "Courier New"; font-size: 11pt;">o<span style="font-family: "Times New Roman"; font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;">
</span></span><!--[endif]--><span style="font-size: 11pt;">Custom
Identity Store : « /u01/app/security/mykeystore.jks” (store previously created)</span></div>
<div class="MsoCaption" style="margin-left: 0cm; mso-list: l1 level2 lfo2; tab-stops: list 0cm; text-indent: 0cm;">
<!--[if !supportLists]--><span lang="EN-US" style="font-family: "Courier New"; font-size: 11pt;">o<span style="font-family: "Times New Roman"; font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;">
</span></span><!--[endif]--><span lang="EN-US" style="font-size: 11pt;">Custom
Identity Keystore Type : « JKS »<o:p></o:p></span></div>
<div class="MsoCaption" style="margin-left: 0cm; mso-list: l1 level2 lfo2; tab-stops: list 0cm; text-indent: 0cm;">
<!--[if !supportLists]--><span style="font-family: "Courier New"; font-size: 11pt;">o<span style="font-family: "Times New Roman"; font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;">
</span></span><!--[endif]--><span style="font-size: 11pt;">Custom
Identity Keystore Passphrase : <password for the keystore> (password used during java keystore creation)<o:p></o:p></span></div>
<div class="MsoCaption" style="margin-left: 0cm; mso-list: l1 level2 lfo2; tab-stops: list 0cm; text-indent: 0cm;">
<!--[if !supportLists]--><span style="font-family: "Courier New"; font-size: 11pt;">o<span style="font-family: "Times New Roman"; font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;">
</span></span><!--[endif]--><span style="font-size: 11pt;">Confirm
Custom Identity Keystore Passphrase : <password for the keystore><o:p></o:p></span></div>
<div class="MsoCaption" style="margin-left: 0cm; mso-list: l1 level2 lfo2; tab-stops: list 0cm; text-indent: 0cm;">
<!--[if !supportLists]--><span style="font-family: "Courier New"; font-size: 11pt;">o<span style="font-family: "Times New Roman"; font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;">
</span></span><!--[endif]--><span style="font-size: 11pt;">Custom Trust Keystore Passphrase : <o:p></o:p></span><span style="font-size: 14.6667px;"><password for the truststore> (password used during java truststore creation)</span></div>
<div class="MsoCaption" style="margin-left: 0cm; mso-list: l1 level1 lfo2; tab-stops: list 0cm; text-indent: 0cm;">
<!--[if !supportLists]--><span style="font-family: "Times New Roman", serif; font-size: 11pt;">-<span style="font-family: "Times New Roman"; font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;">
</span></span><!--[endif]--><span lang="EN-US" style="font-size: 11pt;">Confirm
Java Standard Trust Keystore Passphrase : </span><span style="font-size: 14.6667px;"><password for the truststore></span></div>
<div class="MsoCaption" style="margin-left: 0cm; mso-list: l1 level1 lfo2; tab-stops: list 0cm; text-indent: 0cm;">
<!--[if !supportLists]--><span style="font-family: "Times New Roman", serif; font-size: 11pt;">-<span style="font-family: "Times New Roman"; font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;">
</span></span><!--[endif]--><span style="font-size: 11pt;">Click on “Save”<o:p></o:p></span></div>
<div class="MsoCaption">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjM7QdoYAS6uq2zv8o0ny1GdYfpPZJyQg-RaRIkO18UkaIKdhOeePWmTo-fu0HuAhzcWMrOw59KYN6oe6O-SgMKf9wYh6TD1Ze1KVsmOcaOsN-CxQ0X-FSjMnCuXIAFvnFcoHA3EUjL6cE/s1600/keystore.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="637" data-original-width="728" height="280" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjM7QdoYAS6uq2zv8o0ny1GdYfpPZJyQg-RaRIkO18UkaIKdhOeePWmTo-fu0HuAhzcWMrOw59KYN6oe6O-SgMKf9wYh6TD1Ze1KVsmOcaOsN-CxQ0X-FSjMnCuXIAFvnFcoHA3EUjL6cE/s320/keystore.PNG" width="320" /></a></div>
<div class="MsoCaption">
<br /></div>
<div align="left" class="MsoCaption" style="margin-left: 0cm; text-indent: 0cm;">
<!--[if !supportLists]--><span style="font-family: "Times New Roman", serif; font-size: 11pt;">-<span style="font-family: "Times New Roman"; font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;">
</span></span><!--[endif]--><span style="font-size: 11pt;">Click on « Activate changes ». <o:p></o:p></span></div>
<div class="MsoCaption">
<br /></div>
<h2>
<a href="https://www.blogger.com/null" name="_Toc463960141"></a><a href="https://www.blogger.com/null" name="_Toc434561191"><span style="font-stretch: normal; font-variant-numeric: normal; line-height: normal;">2.</span><span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; font-weight: normal; line-height: normal;"> </span> SSL </a><o:p></o:p><a href="https://www.blogger.com/null" name="_Toc434561191">Configuration</a></h2>
<div class="Text">
<span style="font-size: 11.0pt; mso-bidi-font-size: 12.0pt;">To configure SSL using keysotres previously installed : <o:p></o:p></span></div>
<div class="Text">
<br /></div>
<div class="MsoCaption" style="margin-left: 0cm; mso-list: l1 level1 lfo2; tab-stops: list 0cm; text-indent: 0cm;">
<!--[if !supportLists]--><span style="font-family: "Times New Roman", serif; font-size: 11pt;">-<span style="font-family: "Times New Roman"; font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;">
</span></span><!--[endif]--><span style="font-size: 11pt;">Go to « Environment / Servers / <ServerName> »<o:p></o:p></span></div>
<div class="MsoCaption" style="margin-left: 0cm; mso-list: l1 level1 lfo2; tab-stops: list 0cm; text-indent: 0cm;">
<!--[if !supportLists]--><span style="font-family: "Times New Roman", serif; font-size: 11pt;">-<span style="font-family: "Times New Roman"; font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;">
</span></span><!--[endif]--><span style="font-size: 11pt;">Click on « Configuration / SSL » tab<o:p></o:p></span></div>
<div class="MsoCaption" style="margin-left: 0cm; mso-list: l1 level1 lfo2; tab-stops: list 0cm; text-indent: 0cm;">
<!--[if !supportLists]--><span style="font-family: "Times New Roman", serif; font-size: 11pt;">-<span style="font-family: "Times New Roman"; font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;">
</span></span><!--[endif]--><span style="font-size: 11pt;">Apply the following modifications : <o:p></o:p></span></div>
<div class="MsoCaption" style="margin-left: 0cm; mso-list: l1 level2 lfo2; tab-stops: list 0cm; text-indent: 0cm;">
<!--[if !supportLists]--><span style="font-family: "Courier New"; font-size: 11pt;">o<span style="font-family: "Times New Roman"; font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;">
</span></span><!--[endif]--><span style="font-size: 11pt;">Identity
and Trust Location : Keystores (default)<o:p></o:p></span></div>
<div class="MsoCaption" style="margin-left: 0cm; mso-list: l1 level2 lfo2; tab-stops: list 0cm; text-indent: 0cm;">
<!--[if !supportLists]--><span style="font-family: "Courier New"; font-size: 11pt;">o<span style="font-family: "Times New Roman"; font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;">
</span></span><!--[endif]--><span style="font-size: 11pt;">Private
Key Location : from Custom Identity Keystore (default).<o:p></o:p></span></div>
<div class="MsoCaption" style="margin-left: 0cm; mso-list: l1 level2 lfo2; tab-stops: list 0cm; text-indent: 0cm;">
<!--[if !supportLists]--><span style="font-family: "Courier New"; font-size: 11pt;">o<span style="font-family: "Times New Roman"; font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;">
</span></span><!--[endif]--><span style="font-size: 11pt;">Private
Key Alias : « alias used for the key ». (use the value when adding certificate to keystore).<o:p></o:p></span></div>
<div class="MsoCaption" style="margin-left: 0cm; mso-list: l1 level2 lfo2; tab-stops: list 0cm; text-indent: 0cm;">
<!--[if !supportLists]--><span style="font-family: "Courier New"; font-size: 11pt;">o<span style="font-family: "Times New Roman"; font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;">
</span></span><!--[endif]--><span style="font-size: 11pt;">Private
Key Passphrase : « password used when creating the key alias ». <o:p></o:p></span></div>
<div class="MsoCaption" style="margin-left: 0cm; mso-list: l1 level2 lfo2; tab-stops: list 0cm; text-indent: 0cm;">
<!--[if !supportLists]--><span style="font-family: "Courier New"; font-size: 11pt;">o<span style="font-family: "Times New Roman"; font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;">
</span></span><!--[endif]--><span style="font-size: 11pt;">Confirm
Private Key Passphrase : « </span><span style="font-size: 14.6667px;">password used when creating the key alias </span><span style="font-size: 11pt;">»<o:p></o:p></span></div>
<div class="MsoCaption" style="margin-left: 0cm; mso-list: l1 level1 lfo2; tab-stops: list 0cm; text-indent: 0cm;">
<!--[if !supportLists]--><span style="font-family: "Times New Roman", serif; font-size: 11pt;">-<span style="font-family: "Times New Roman"; font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;">
</span></span><!--[endif]--><span style="font-size: 11pt;">Click on “Save”.<o:p></o:p></span></div>
<div class="MsoCaption">
<u><span style="font-size: 11pt;">Note </span></u><span style="font-size: 11pt;">: Passphrase cannot be empty, if not added during creation, use keytool to add a passphrase.<o:p></o:p></span></div>
<div class="Text">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjSSDT-0rA9icbFv7P1ZCrUC-1vXjZKWKgZVxO2qmVtjC2eZfX4eOa_TKvM-v-d9zq-9GtF-PUxYTRpjiH3KkfwexeQ7r0JDhZIxzTuHcAtOvUsWf-Tf6CKREdDi0W6odZonMNujUwul3g/s1600/AdvancedConfig.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="161" data-original-width="784" height="65" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjSSDT-0rA9icbFv7P1ZCrUC-1vXjZKWKgZVxO2qmVtjC2eZfX4eOa_TKvM-v-d9zq-9GtF-PUxYTRpjiH3KkfwexeQ7r0JDhZIxzTuHcAtOvUsWf-Tf6CKREdDi0W6odZonMNujUwul3g/s320/AdvancedConfig.PNG" width="320" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgGKWkSFzgpTsh9EaSQWFlxHbszwCfLEMoAOGkmJq6A-FA0VMHB8sueKHNHTN1Oq6PW5rHc0Zi16VpdANnQuu63Mx2ats6yk1jgcsTmQY3PHeZUmEXM0720NPCBP8GdERGlwE_zE78u_JQ/s1600/SSLConfig.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="504" data-original-width="723" height="223" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgGKWkSFzgpTsh9EaSQWFlxHbszwCfLEMoAOGkmJq6A-FA0VMHB8sueKHNHTN1Oq6PW5rHc0Zi16VpdANnQuu63Mx2ats6yk1jgcsTmQY3PHeZUmEXM0720NPCBP8GdERGlwE_zE78u_JQ/s320/SSLConfig.PNG" width="320" /></a></div>
<br />
<br /><div align="left" class="MsoCaption" style="margin-left: 0cm; text-indent: 0cm;">
<!--[if !supportLists]--><span style="font-family: "Times New Roman", serif; font-size: 10pt;">-<span style="font-family: "Times New Roman"; font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;"> </span></span><span style="font-size: 14.6667px;">Click on « Activate changes ».</span></div>
<div class="Text">
<br /></div>
<div class="Text">
<br /></div>
<h2>
<a href="https://www.blogger.com/null" name="_Toc463960142"><span style="font-stretch: normal; font-variant-numeric: normal; line-height: normal;">3.</span><span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; font-weight: normal; line-height: normal;"> </span><!--[endif]-->Hostname Verification</a><o:p></o:p></h2>
<div class="MsoCaption">
<br /></div>
<div align="left" class="MsoCaption">
<span style="font-size: 11pt;">It can be usefull to disable hostname verification (only for testing purpose, not recommanded for production). <o:p></o:p></span></div>
<div class="MsoCaption">
<br /></div>
<div class="MsoCaption">
<span style="font-size: 11pt;">Weblogic doesn't allow certificate not matching hostname by default. </span></div>
<div class="MsoCaption">
<span style="font-size: 11pt;">To disable hostname verification. <o:p></o:p></span></div>
<div class="MsoCaption" style="margin-left: 0cm; mso-list: l1 level1 lfo2; tab-stops: list 0cm; text-indent: 0cm;">
<!--[if !supportLists]--><span style="font-family: "Times New Roman", serif; font-size: 11pt;">-<span style="font-family: "Times New Roman"; font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;">
</span></span><!--[endif]--><span style="font-size: 11pt;">Go to “ Environment / Servers / <ServerName> »<o:p></o:p></span></div>
<div class="MsoCaption" style="margin-left: 0cm; mso-list: l1 level1 lfo2; tab-stops: list 0cm; text-indent: 0cm;">
<!--[if !supportLists]--><span style="font-family: "Times New Roman", serif; font-size: 11pt;">-<span style="font-family: "Times New Roman"; font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;">
</span></span><!--[endif]--><span style="font-size: 11pt;">Click on « Configuration / SSL» tab<o:p></o:p></span></div>
<div class="MsoCaption" style="margin-left: 0cm; mso-list: l1 level1 lfo2; tab-stops: list 0cm; text-indent: 0cm;">
<!--[if !supportLists]--><span style="font-family: "Times New Roman", serif; font-size: 11pt;">-<span style="font-family: "Times New Roman"; font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;">
</span></span><!--[endif]--><span style="font-size: 11pt;">Click on “Advanced” section and make the following changes : <o:p></o:p></span></div>
<div class="MsoCaption" style="margin-left: 0cm; mso-list: l1 level2 lfo2; tab-stops: list 0cm; text-indent: 0cm;">
<!--[if !supportLists]--><span style="font-family: "Courier New"; font-size: 11pt;">o<span style="font-family: "Times New Roman"; font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;">
</span></span><!--[endif]--><span style="font-size: 11pt;">Hostname
Verification : « NONE »<o:p></o:p></span></div>
<div align="left" class="MsoCaption" style="margin-left: 0cm; text-indent: 0cm;">
<!--[if !supportLists]--><span style="font-family: "Courier New"; font-size: 11pt;">o<span style="font-family: "Times New Roman"; font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;">
</span></span><!--[endif]--><span style="font-size: 11pt;">Custom
Hostname Verifier : Leave empty<o:p></o:p></span></div>
<div align="left" class="MsoCaption" style="margin-left: 0cm; text-indent: 0cm;">
<!--[if !supportLists]--><span style="font-family: "Times New Roman", serif; font-size: 11pt;">-<span style="font-family: "Times New Roman"; font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;">
</span></span><!--[endif]--><span style="font-size: 11pt;">Click on “Save” <o:p></o:p></span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg4qv68WQxCely7cyN3npgrLMpuCfe9ns3H5o5hyjTIG8TpgEwMNk3lYN_AjABRl12CbkMzQZwTxOw0deRG3_-7kluXMZL2m72176-ohobt9SUjrP4rP14j-uLUiw0ddOHk4477XF6RxWg/s1600/AdvancedConfig.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="161" data-original-width="784" height="65" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg4qv68WQxCely7cyN3npgrLMpuCfe9ns3H5o5hyjTIG8TpgEwMNk3lYN_AjABRl12CbkMzQZwTxOw0deRG3_-7kluXMZL2m72176-ohobt9SUjrP4rP14j-uLUiw0ddOHk4477XF6RxWg/s320/AdvancedConfig.PNG" width="320" /></a></div>
<div align="left" class="MsoCaption" style="margin-left: 0cm; text-indent: 0cm;">
<span style="font-size: 11pt;"><br /></span></div>
<div align="left" class="MsoCaption" style="margin-left: 0cm; text-indent: 0cm;">
<!--[if !supportLists]--><span style="font-family: "Times New Roman", serif; font-size: 11pt;">-<span style="font-family: "Times New Roman"; font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;">
</span></span><!--[endif]--><span style="font-size: 11pt;">Click on « Activate Changes. »<o:p></o:p></span></div>
<div align="left" class="MsoCaption">
<br /></div>
<div class="MsoCaption">
<u><span style="font-size: 11.0pt; mso-ansi-language: FR; mso-bidi-font-size: 12.0pt;">Note : To use certifcates using Wildcards, you can use a Custom Verifier :</span></u></div>
<div style="border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-element: para-border-div; padding: 1.0pt 4.0pt 1.0pt 4.0pt;">
<div class="MsoCaption" style="border: none; mso-border-alt: solid windowtext .5pt; mso-padding-alt: 1.0pt 4.0pt 1.0pt 4.0pt; padding: 0cm;">
<span style="font-size: 11.0pt; mso-ansi-language: FR; mso-bidi-font-size: 12.0pt;">Example : *.ddy.com</span></div>
<div class="MsoCaption" style="border: none; margin-left: 0cm; mso-border-alt: solid windowtext .5pt; mso-list: l1 level1 lfo2; mso-padding-alt: 1.0pt 4.0pt 1.0pt 4.0pt; padding: 0cm; tab-stops: list 0cm; text-indent: 0cm;">
<!--[if !supportLists]--><span style="font-family: "Times New Roman", serif; font-size: 11pt;">-<span style="font-family: "Times New Roman"; font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;">
</span></span><!--[endif]--><span style="font-size: 11.0pt; mso-ansi-language: FR; mso-bidi-font-size: 12.0pt;">Go to “ Environment / Servers /
<ServerName> »<o:p></o:p></span></div>
<div class="MsoCaption" style="border: none; margin-left: 0cm; mso-border-alt: solid windowtext .5pt; mso-list: l1 level1 lfo2; mso-padding-alt: 1.0pt 4.0pt 1.0pt 4.0pt; padding: 0cm; tab-stops: list 0cm; text-indent: 0cm;">
<!--[if !supportLists]--><span style="font-family: "Times New Roman", serif; font-size: 11pt;">-<span style="font-family: "Times New Roman"; font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;">
</span></span><!--[endif]--><span style="font-size: 11.0pt; mso-ansi-language: FR; mso-bidi-font-size: 12.0pt;">Click on « Configuration / SSL » tab<o:p></o:p></span></div>
<div class="MsoCaption" style="border: none; margin-left: 0cm; mso-border-alt: solid windowtext .5pt; mso-list: l1 level1 lfo2; mso-padding-alt: 1.0pt 4.0pt 1.0pt 4.0pt; padding: 0cm; tab-stops: list 0cm; text-indent: 0cm;">
<!--[if !supportLists]--><span style="font-family: "Times New Roman", serif; font-size: 11pt;">-<span style="font-family: "Times New Roman"; font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;">
</span></span><!--[endif]--><span style="font-size: 11.0pt; mso-ansi-language: FR; mso-bidi-font-size: 12.0pt;">Click on “Advanced” section and set the following values : <o:p></o:p></span></div>
<div class="MsoCaption" style="border: none; margin-left: 0cm; mso-border-alt: solid windowtext .5pt; mso-list: l1 level2 lfo2; mso-padding-alt: 1.0pt 4.0pt 1.0pt 4.0pt; padding: 0cm; tab-stops: list 0cm; text-indent: 0cm;">
<!--[if !supportLists]--><span style="font-family: "Courier New"; font-size: 11pt;">o<span style="font-family: "Times New Roman"; font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;">
</span></span><!--[endif]--><span style="font-size: 11.0pt; mso-ansi-language: FR; mso-bidi-font-size: 12.0pt;">Hostname Verification : Custom Hostname Verifier<o:p></o:p></span></div>
<div align="left" class="MsoCaption" style="border: none; margin-left: 0cm; padding: 0cm; text-indent: 0cm;">
<!--[if !supportLists]--><span style="font-family: "Courier New"; font-size: 11pt;">o<span style="font-family: "Times New Roman"; font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;">
</span></span><!--[endif]--><span style="font-size: 11.0pt; mso-ansi-language: FR; mso-bidi-font-size: 12.0pt;">Custom Hostname Verifier :
weblogic.security.utils.SSLWLSWildcardHostnameVerifier<o:p></o:p></span></div>
<div align="left" class="MsoCaption" style="border: none; margin-left: 0cm; padding: 0cm; text-indent: 0cm;">
<!--[if !supportLists]--><span style="font-family: "Times New Roman", serif; font-size: 11pt;">-<span style="font-family: "Times New Roman"; font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;">
</span></span><!--[endif]--><span style="font-size: 11.0pt; mso-ansi-language: FR; mso-bidi-font-size: 12.0pt;">Click on “Save” <o:p></o:p></span></div>
<div align="left" class="MsoCaption" style="border: none; padding: 0cm;">
<br /></div>
<div align="left" class="MsoCaption" style="border: none; margin-left: 0cm; padding: 0cm; text-indent: 0cm;">
<!--[if !supportLists]--><span style="font-family: "Times New Roman", serif; font-size: 11pt;">-<span style="font-family: "Times New Roman"; font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;">
</span></span><!--[endif]--><span style="font-size: 11.0pt; mso-ansi-language: FR; mso-bidi-font-size: 12.0pt;">Click on « Activate Changes. »<o:p></o:p></span></div>
</div>
Anonymoushttp://www.blogger.com/profile/10578247333336451445noreply@blogger.com0tag:blogger.com,1999:blog-8005826118597231502.post-10529618476992825442017-09-14T13:25:00.000-07:002017-09-14T13:25:28.081-07:00Generate SSL certificate using keytool<h2>
<a href="https://www.blogger.com/null" name="_Toc463960134">This article describe steps to create a SSL certificate using java keytool. </a></h2>
<h2>
<a href="https://www.blogger.com/null" name="_Toc463960134"><!--[if !supportLists]-->1.1<span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; font-weight: normal; line-height: normal;">
</span><!--[endif]-->Generate keypair</a><o:p></o:p></h2>
<div class="MsoCaption" style="margin-left: 0cm; mso-list: l1 level1 lfo2; tab-stops: list 0cm; text-indent: 0cm;">
<span style="font-family: Times New Roman, serif;"><span style="font-size: 14.6667px;">Keytool binary is a java tool provided by JDK/ JRE ($JAVA_HOME/bin)</span></span></div>
<div class="MsoCaption" style="margin-left: 0cm; mso-list: l1 level1 lfo2; tab-stops: list 0cm; text-indent: 0cm;">
<!--[if !supportLists]--><span style="font-family: "Times New Roman", serif; font-size: 11pt;">-<span style="font-family: "Times New Roman"; font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;">
</span></span><!--[endif]--><span style="font-size: 11pt;">To create a keypair using java keytool (only if using well-known CA) : <o:p></o:p></span></div>
<div style="border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-element: para-border-div; padding: 1.0pt 4.0pt 1.0pt 4.0pt;">
<div class="MsoCaption" style="border: none; mso-border-alt: solid windowtext .5pt; mso-padding-alt: 1.0pt 4.0pt 1.0pt 4.0pt; padding: 0cm;">
<b><span style="font-size: 9pt;"># </span></b><b><span lang="EN-US" style="font-size: 9pt;">${JAVA_HOME}/bin/</span></b><b><span style="font-size: 9pt;">keytool -genkeypair -alias wls.ddy.com -keyalg
RSA -keysize 2048 -validity 3650 -keypass password_1 -keystore
/u01/app/security/Identity.jks -storepass password_1</span></b></div>
<div class="MsoCaption" style="border: none; mso-border-alt: solid windowtext .5pt; mso-padding-alt: 1.0pt 4.0pt 1.0pt 4.0pt; padding: 0cm;">
<span style="font-size: 9.0pt; mso-ansi-language: FR;">What is your first and last name?<o:p></o:p></span></div>
<div class="MsoCaption" style="border: none; mso-border-alt: solid windowtext .5pt; mso-padding-alt: 1.0pt 4.0pt 1.0pt 4.0pt; padding: 0cm;">
<span style="font-size: 9.0pt; mso-ansi-language: FR;">
[Unknown]: wls.ddy.com<o:p></o:p></span></div>
<div class="MsoCaption" style="border: none; mso-border-alt: solid windowtext .5pt; mso-padding-alt: 1.0pt 4.0pt 1.0pt 4.0pt; padding: 0cm;">
<span style="font-size: 9.0pt; mso-ansi-language: FR;">What is the name of your organizational unit?<o:p></o:p></span></div>
<div class="MsoCaption" style="border: none; mso-border-alt: solid windowtext .5pt; mso-padding-alt: 1.0pt 4.0pt 1.0pt 4.0pt; padding: 0cm;">
<span style="font-size: 9.0pt; mso-ansi-language: FR;">
[Unknown]: IT<o:p></o:p></span></div>
<div class="MsoCaption" style="border: none; mso-border-alt: solid windowtext .5pt; mso-padding-alt: 1.0pt 4.0pt 1.0pt 4.0pt; padding: 0cm;">
<span style="font-size: 9.0pt; mso-ansi-language: FR;">What is the name of your organization?<o:p></o:p></span></div>
<div class="MsoCaption" style="border: none; mso-border-alt: solid windowtext .5pt; mso-padding-alt: 1.0pt 4.0pt 1.0pt 4.0pt; padding: 0cm;">
<span style="font-size: 9.0pt; mso-ansi-language: FR;"> [Unknown]: DDY<o:p></o:p></span></div>
<div class="MsoCaption" style="border: none; mso-border-alt: solid windowtext .5pt; mso-padding-alt: 1.0pt 4.0pt 1.0pt 4.0pt; padding: 0cm;">
<span style="font-size: 9.0pt; mso-ansi-language: FR;">What is the name of your City or Locality?<o:p></o:p></span></div>
<div class="MsoCaption" style="border: none; mso-border-alt: solid windowtext .5pt; mso-padding-alt: 1.0pt 4.0pt 1.0pt 4.0pt; padding: 0cm;">
<span style="font-size: 9.0pt; mso-ansi-language: FR;">
[Unknown]: Paris<o:p></o:p></span></div>
<div class="MsoCaption" style="border: none; mso-border-alt: solid windowtext .5pt; mso-padding-alt: 1.0pt 4.0pt 1.0pt 4.0pt; padding: 0cm;">
<span style="font-size: 9.0pt; mso-ansi-language: FR;">What is the name of your State or Province?<o:p></o:p></span></div>
<div class="MsoCaption" style="border: none; mso-border-alt: solid windowtext .5pt; mso-padding-alt: 1.0pt 4.0pt 1.0pt 4.0pt; padding: 0cm;">
<span style="font-size: 9.0pt; mso-ansi-language: FR;">
[Unknown]: IDF<o:p></o:p></span></div>
<div class="MsoCaption" style="border: none; mso-border-alt: solid windowtext .5pt; mso-padding-alt: 1.0pt 4.0pt 1.0pt 4.0pt; padding: 0cm;">
<span style="font-size: 9.0pt; mso-ansi-language: FR;">What is the two-letter country code for this unit?<o:p></o:p></span></div>
<div class="MsoCaption" style="border: none; mso-border-alt: solid windowtext .5pt; mso-padding-alt: 1.0pt 4.0pt 1.0pt 4.0pt; padding: 0cm;">
<span style="font-size: 9.0pt; mso-ansi-language: FR;">
[Unknown]: FR<o:p></o:p></span></div>
<div class="MsoCaption" style="border: none; mso-border-alt: solid windowtext .5pt; mso-padding-alt: 1.0pt 4.0pt 1.0pt 4.0pt; padding: 0cm;">
<span lang="EN-US" style="font-size: 9.0pt;">Is CN=wls.ddy.com, OU=IT, O=DSI, L=Paris, ST=IDF, C=FR
correct?<o:p></o:p></span></div>
<div class="MsoCaption" style="border: none; mso-border-alt: solid windowtext .5pt; mso-padding-alt: 1.0pt 4.0pt 1.0pt 4.0pt; padding: 0cm;">
<span lang="EN-US" style="font-size: 9.0pt;"> </span><span style="font-size: 9.0pt; mso-ansi-language: FR;">[no]: yes<o:p></o:p></span></div>
</div>
<div class="MsoCaption">
<br /></div>
<div class="MsoCaption" style="margin-left: 0cm; mso-list: l1 level1 lfo2; tab-stops: list 0cm; text-indent: 0cm;">
<!--[if !supportLists]--><span style="font-family: "Times New Roman", serif; font-size: 11pt;">-<span style="font-family: "Times New Roman"; font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;">
</span></span><span style="font-size: 11pt;">To create CSR to send it to PKI (internal or CA) : <o:p></o:p></span></div>
<div style="border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-element: para-border-div; padding: 1.0pt 4.0pt 1.0pt 4.0pt;">
<div class="MsoCaption" style="border: none; mso-border-alt: solid windowtext .5pt; mso-padding-alt: 1.0pt 4.0pt 1.0pt 4.0pt; padding: 0cm;">
<b><span style="font-size: 9pt;"># </span></b><b><span lang="EN-US" style="font-size: 9pt;">${JAVA_HOME}/bin/</span></b><b><span style="font-size: 9pt;">keytool -certreq -alias wls.ddy.com -file
wls-csr.pem -keystore /u01/app/security/Identity.jks</span></b></div>
<div class="MsoCaption" style="border: none; mso-border-alt: solid windowtext .5pt; mso-padding-alt: 1.0pt 4.0pt 1.0pt 4.0pt; padding: 0cm;">
<span style="font-size: 9.0pt; mso-ansi-language: FR;">Enter keystore password:<o:p></o:p></span></div>
</div>
<div class="MsoCaption">
<br /></div>
<div class="MsoCaption" style="margin-left: 0cm; mso-list: l1 level1 lfo2; tab-stops: list 0cm; text-indent: 0cm;">
<!--[if !supportLists]--><span style="font-family: "Times New Roman", serif; font-size: 9pt;">-<span style="font-family: "Times New Roman"; font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;">
</span></span><!--[endif]--><span style="font-size: 11pt;">Send .pem file to your CA to ask your certificate.</span><span style="font-size: 9pt;"> <o:p></o:p></span></div>
<div class="MsoCaption">
<br /></div>
<h2>
<a href="https://www.blogger.com/null" name="_Toc463960135"><!--[if !supportLists]-->1.2<span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; font-weight: normal; line-height: normal;"> </span><!--[endif]-->To create a self-signed certificate</a><o:p></o:p></h2>
<div class="Texte">
<span style="font-size: 11.0pt; mso-bidi-font-size: 12.0pt;">To create a self-singed certificate, use the following command : <o:p></o:p></span></div>
<div style="border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-element: para-border-div; padding: 1.0pt 4.0pt 1.0pt 4.0pt;">
<div class="MsoCaption" style="border: none; mso-border-alt: solid windowtext .5pt; mso-padding-alt: 1.0pt 4.0pt 1.0pt 4.0pt; padding: 0cm;">
<b><span lang="EN-US" style="font-size: 9pt;">${JAVA_HOME}/</span></b><b><span style="font-size: 9.0pt; mso-ansi-language: FR;">bin/keytool
-genkey -noprompt -trustcacerts -alias wlssvr -dname
"CN=wls.ddy.com,OU=IT,O=DDY,L=Paris,ST=IDF,C=FR" -keypass ovsroot
-keystore /u01/app/security/mykeystore.jks -storepass ovsroot -keyalg RSA</span></b></div>
</div>
<h2>
<a href="https://www.blogger.com/null" name="_Toc463960136"><!--[if !supportLists]-->1.3<span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; font-weight: normal; line-height: normal;">
</span><!--[endif]-->Export certificate</a><o:p></o:p></h2>
<div class="Texte">
<span style="font-size: 11.0pt; mso-bidi-font-size: 12.0pt;">To be able to import your CA in truststore, you need to export it first :<o:p></o:p></span></div>
<div style="border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-element: para-border-div; padding: 1.0pt 4.0pt 1.0pt 4.0pt;">
<div align="left" class="MsoCaption" style="border: none; padding: 0cm;">
<b><span lang="EN-US" style="font-size: 9.0pt;">${JAVA_HOME}/bin/keytool
-export -alias wlssvr -keypass ovsroot -keystore
/u01/app/security/mykeystore.jks -storepass ovsroot –file mycert.cer<o:p></o:p></span></b></div>
</div>
<div class="Texte">
<br /></div>
<h2>
<a href="https://www.blogger.com/null" name="_Toc463960137"><!--[if !supportLists]-->1.4<span style="font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; font-weight: normal; line-height: normal;">
</span><!--[endif]-->Add your CA to custom java TrustStore</a><o:p></o:p></h2>
<div class="Text">
<span style="font-size: 11.0pt; mso-bidi-font-size: 12.0pt;">Add your CA to a custom or existing truststore is a mandatory step to authorize Weblogic Server to use this certificate and to avoid Handshake errors<o:p></o:p></span></div>
<div class="Text">
<span style="font-family: "Times New Roman", serif; font-size: 11pt; text-indent: 0cm;">-<span style="font-family: "Times New Roman"; font-size: 7pt; font-stretch: normal; font-variant-numeric: normal; line-height: normal;"> </span></span><span style="font-size: 11pt; text-indent: 0cm;">To add certificate CA to a truststore :</span></div>
<div style="border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; mso-element: para-border-div; padding: 1.0pt 1.0pt 1.0pt 1.0pt;">
<div class="MsoCaption" style="border: none; mso-border-alt: solid windowtext .5pt; mso-padding-alt: 1.0pt 1.0pt 1.0pt 1.0pt; padding: 0cm;">
<b><span style="font-size: 9pt;"># </span></b><b><span lang="EN-US" style="font-size: 9pt;">${JAVA_HOME}/bin/</span></b><b><span style="font-size: 9pt;">keytool -import -v -trustcacerts -alias
mywlsserver -file mywlsserver.cer -keystore /u01/app/security/myTrust.jks
-keypass changeme -storepass changeit</span></b></div>
<div class="MsoCaption" style="border: none; mso-border-alt: solid windowtext .5pt; mso-padding-alt: 1.0pt 1.0pt 1.0pt 1.0pt; padding: 0cm;">
<span style="font-size: 9.0pt; mso-ansi-language: FR;">Certificate was added to keystore<o:p></o:p></span></div>
<div class="MsoCaption" style="border: none; mso-border-alt: solid windowtext .5pt; mso-padding-alt: 1.0pt 1.0pt 1.0pt 1.0pt; padding: 0cm;">
<span style="font-size: 9.0pt; mso-ansi-language: FR;">[Storing SoaTrust.jks]<o:p></o:p></span></div>
<div class="MsoCaption" style="border: none; mso-border-alt: solid windowtext .5pt; mso-padding-alt: 1.0pt 1.0pt 1.0pt 1.0pt; padding: 0cm;">
<br /></div>
<div class="MsoCaption" style="border: none; mso-border-alt: solid windowtext .5pt; mso-padding-alt: 1.0pt 1.0pt 1.0pt 1.0pt; padding: 0cm;">
<b><span style="font-size: 9pt;"># </span></b><b><span lang="EN-US" style="font-size: 9pt;">${JAVA_HOME}/bin/</span></b><b><span style="font-size: 9pt;">keytool -import -v -trustcacerts -alias mywlsca
-file mywlsca.cer -keystore /u01/app/security/myTrust.jks -keypass changeme
-storepass changeit</span></b></div>
<div class="MsoCaption" style="border: none; mso-border-alt: solid windowtext .5pt; mso-padding-alt: 1.0pt 1.0pt 1.0pt 1.0pt; padding: 0cm;">
<span style="font-size: 9.0pt; mso-ansi-language: FR;">Certificate was added to keystore<o:p></o:p></span></div>
<div class="MsoCaption" style="border: none; mso-border-alt: solid windowtext .5pt; mso-padding-alt: 1.0pt 1.0pt 1.0pt 1.0pt; padding: 0cm;">
<span style="font-size: 9.0pt; mso-ansi-language: FR;">[Storing SoaTrust.jks]<o:p></o:p></span></div>
<div class="MsoCaption" style="border: none; mso-border-alt: solid windowtext .5pt; mso-padding-alt: 1.0pt 1.0pt 1.0pt 1.0pt; padding: 0cm;">
<br /></div>
<div class="MsoCaption" style="border: none; mso-border-alt: solid windowtext .5pt; mso-padding-alt: 1.0pt 1.0pt 1.0pt 1.0pt; padding: 0cm;">
<b><span style="font-size: 9pt;"># </span></b><b><span lang="EN-US" style="font-size: 9pt;">${JAVA_HOME}/bin/</span></b><b><span style="font-size: 9pt;">keytool -import -v -trustcacerts -alias myca
-file myca.cer -keystore /u01/app/security/myTrust.jks -keypass changeme
-storepass changeit</span></b></div>
<div class="MsoCaption" style="border: none; mso-border-alt: solid windowtext .5pt; mso-padding-alt: 1.0pt 1.0pt 1.0pt 1.0pt; padding: 0cm;">
<span style="font-size: 9.0pt; mso-ansi-language: FR;">Certificate was added to keystore<o:p></o:p></span></div>
<div class="MsoCaption" style="border: none; mso-border-alt: solid windowtext .5pt; mso-padding-alt: 1.0pt 1.0pt 1.0pt 1.0pt; padding: 0cm;">
<span style="font-size: 9.0pt; mso-ansi-language: FR;">[Storing SoaTrust.jks]<o:p></o:p></span></div>
</div>
<div class="MsoCaption">
<br /></div>
<div class="MsoCaption">
<span style="font-size: 11pt;">When adding a CA to a trustsotre, it is mandatory to add ROOT CA and any intermediate CA. </span><span style="font-size: 11pt;">.</span></div>
<br />
<div class="MsoCaption">
<span style="font-size: 11pt;">The provided exemple shows how to add a certificate isssued by mywlsca depending of root CA myCA. </span></div>
<div class="MsoCaption">
<br /></div>
Anonymoushttp://www.blogger.com/profile/10578247333336451445noreply@blogger.com0tag:blogger.com,1999:blog-8005826118597231502.post-42922864977221128322015-06-25T00:47:00.000-07:002015-06-25T00:51:27.513-07:00<h1 class="western" lang="fr-FR">
Create a Yum repository on Exalogic 2.0.6.2.x</h1>
<div align="JUSTIFY" lang="en-US" style="margin-bottom: 0cm; margin-right: 1cm; orphans: 2; page-break-inside: avoid; widows: 2;">
<span style="color: black;"><span style="font-family: Verdana, sans-serif;"><span style="font-size: x-small;">This
document describes how to create a yum repository on ZFS Storage
inside an Exalogic machine.</span></span></span></div>
<h1 class="western" lang="fr-FR">
Prepare your environment</h1>
<h2 class="western" lang="en-US">
Create a zfs share</h2>
<div align="JUSTIFY" lang="en-US" style="margin-bottom: 0cm; margin-right: 1cm; orphans: 2; page-break-inside: avoid; widows: 2;">
<span style="color: black;"><span style="font-family: Verdana, sans-serif;"><span style="font-size: x-small;">Connect
to one of the storage server to create a share. </span></span></span>
</div>
<div align="JUSTIFY" lang="en-US" style="margin-bottom: 0cm; margin-right: 1cm; orphans: 2; page-break-inside: avoid; widows: 2;">
<span style="color: black;"><span style="font-family: Verdana, sans-serif;"><span style="font-size: x-small;">This
share hosts the Exalogic yum repository. </span></span></span>
</div>
<ul>
<li><div align="JUSTIFY" lang="en-US" style="margin-bottom: 0cm; margin-right: 1cm; orphans: 2; page-break-inside: avoid; widows: 2;">
<span style="color: black;"><span style="font-family: Verdana, sans-serif;"><span style="font-size: x-small;">Connect
to storage server</span></span></span></div>
</li>
</ul>
<h3 class="western" lang="en-US">
Add Share to project</h3>
<ul>
<li><div align="JUSTIFY" lang="fr-FR" style="margin-bottom: 0cm; margin-right: 1cm; orphans: 2; page-break-inside: avoid; widows: 2;">
<span style="color: black;"><span style="font-family: Verdana, sans-serif;"><span style="font-size: x-small;"><span lang="en-US">Create
a share named </span><span lang="en-US"><i>‘yum-repo’ </i></span><span lang="en-US">
on </span><span lang="en-US"><b>common</b></span><span lang="en-US">
project</span></span></span></span></div>
</li>
</ul>
<h3 class="western" lang="en-US">
Add permissions on share</h3>
<ul>
<li><div align="JUSTIFY" lang="en-US" style="margin-bottom: 0cm; margin-right: 1cm; orphans: 2; page-break-inside: avoid; widows: 2;">
<span style="color: black;"><span style="font-family: Verdana, sans-serif;"><span style="font-size: x-small;">Add
Nfs Exception to access the share from IPoIB-vserver-shared-storage
network.</span></span></span></div>
</li>
<li><div align="JUSTIFY" lang="en-US" style="margin-bottom: 0cm; margin-right: 1cm; orphans: 2; page-break-inside: avoid; widows: 2;">
<span style="color: black;"><span style="font-family: Verdana, sans-serif;"><span style="font-size: x-small;">Add
read/Write and root access. </span></span></span>
</div>
</li>
</ul>
<div align="JUSTIFY" lang="fr-FR" style="margin-bottom: 0cm; margin-right: 1cm; orphans: 2; page-break-inside: avoid; widows: 2;">
<span style="color: black;"> </span>
</div>
<h2 class="western" lang="en-US">
Prepare repository</h2>
<h3 class="western" lang="fr-FR">
<span lang="en-US">Mount </span><span lang="en-US"><i>‘yum-repo’</i></span><span lang="en-US">
share on a vServer</span></h3>
<div align="JUSTIFY" lang="en-US" style="margin-bottom: 0cm; margin-right: 1cm; orphans: 2; page-break-inside: avoid; widows: 2;">
<span style="color: black;"><span style="font-family: Verdana, sans-serif;"><span style="font-size: x-small;">-
Edit /etc/fstab and add a entry : </span></span></span>
</div>
<div align="JUSTIFY" lang="fr-FR" style="border: 1px solid #000000; margin-bottom: 0cm; margin-right: 1cm; orphans: 2; padding: 0.04cm 0.14cm; page-break-inside: avoid; widows: 2;">
<span style="color: black;"><span style="font-family: Verdana, sans-serif;"><span style="font-size: x-small;"><span lang="en-US"><i>172.17.0.5</i></span><span lang="en-US">:/export/common/yum-repo
/export/common/yum-repo nfsv4
rw,bg,hard,nointr,rsize=131072,wsize=131072 0 0 </span></span></span></span></div>
<div align="JUSTIFY" lang="fr-FR" style="margin-bottom: 0cm; margin-right: 1cm; orphans: 2; page-break-inside: avoid; widows: 2;">
<span style="color: black;"><span style="font-family: Verdana, sans-serif;"><span style="font-size: x-small;"><span lang="en-US"> </span><span lang="en-US"><i>With</i></span><span lang="en-US">
</span><span lang="en-US"><i>172.17.0.5 is the IPoIB address of the
storage server on IPoIB-vserver-shared-storage</i></span></span></span></span></div>
<div align="JUSTIFY" lang="en-US" style="margin-bottom: 0cm; margin-right: 1cm; orphans: 2; page-break-inside: avoid; widows: 2;">
<br /></div>
<ul>
<li><div align="JUSTIFY" lang="en-US" style="margin-bottom: 0cm; margin-right: 1cm; orphans: 2; page-break-inside: avoid; widows: 2;">
<span style="color: black;"><span style="font-family: Verdana, sans-serif;"><span style="font-size: x-small;">Create
directory /export/common/yum-repo</span></span></span></div>
</li>
</ul>
<div align="JUSTIFY" lang="fr-FR" style="border: 1px solid #000000; margin-bottom: 0cm; margin-right: 1cm; orphans: 2; padding: 0.04cm 0.14cm; page-break-inside: avoid; widows: 2;">
<span style="color: black;"><span style="font-family: Verdana, sans-serif;"><span style="font-size: x-small;"><span lang="en-US">#
</span><span lang="en-US"><b>mkdir –p /export/common/yum-repo</b></span></span></span></span></div>
<div align="JUSTIFY" lang="en-US" style="margin-bottom: 0cm; margin-right: 1cm; orphans: 2; page-break-inside: avoid; widows: 2;">
<br /></div>
<ul>
<li><div align="JUSTIFY" lang="en-US" style="margin-bottom: 0cm; margin-right: 1cm; orphans: 2; page-break-inside: avoid; widows: 2;">
<span style="color: black;"><span style="font-family: Verdana, sans-serif;"><span style="font-size: x-small;">Mount
directory on vServer : </span></span></span>
</div>
</li>
</ul>
<div align="JUSTIFY" lang="en-US" style="border: 1px solid #000000; margin-bottom: 0cm; margin-right: 1cm; orphans: 2; padding: 0.04cm 0.14cm; page-break-inside: avoid; widows: 2;">
<span style="color: black;"><span style="font-family: Verdana, sans-serif;"><span style="font-size: x-small;"><b>#
mount /export/common/yum-repo</b></span></span></span></div>
<div align="JUSTIFY" lang="en-US" style="margin-bottom: 0cm; margin-right: 1cm; orphans: 2; page-break-inside: avoid; widows: 2;">
<br /></div>
<h3 class="western" lang="en-US">
Prepare files</h3>
<ul>
<li><div align="JUSTIFY" lang="fr-FR" style="margin-bottom: 0cm; margin-right: 1cm; orphans: 2; page-break-inside: avoid; widows: 2;">
<span style="color: black;"><span style="font-family: Verdana, sans-serif;"><span style="font-size: x-small;"><span lang="en-US">Download
Oracle enterprise Linux iso file on </span><span style="color: navy;"><span lang="zxx"><u><a class="western" href="https://edelivery.oracle.com/"><span lang="en-US">https://edelivery.oracle.com</span></a></u></span></span><span lang="en-US">
</span></span></span></span>
</div>
</li>
</ul>
<div align="JUSTIFY" lang="en-US" style="margin-bottom: 0cm; margin-right: 1cm; orphans: 2; page-break-inside: avoid; widows: 2;">
<br /></div>
<ul>
<li><div align="JUSTIFY" lang="en-US" style="margin-bottom: 0cm; margin-right: 1cm; orphans: 2; page-break-inside: avoid; widows: 2;">
<span style="color: black;"><span style="font-family: Verdana, sans-serif;"><span style="font-size: x-small;">upload
Oracle Enterprise Linux iso file in the share : </span></span></span>
</div>
</li>
</ul>
<div align="JUSTIFY" lang="fr-FR" style="margin-bottom: 0cm; margin-right: 1cm; orphans: 2; page-break-inside: avoid; widows: 2;">
<span style="color: black;"><span style="font-family: Verdana, sans-serif;"><span style="font-size: x-small;"><span lang="en-US">With
your favorite scp client, copy Oracle Enterprise Linux iso file to
</span><span lang="en-US"><b>/export/common/yum-repo</b></span><span lang="en-US">.</span></span></span></span></div>
<div align="JUSTIFY" lang="en-US" style="margin-bottom: 0cm; margin-right: 1cm; orphans: 2; page-break-inside: avoid; widows: 2;">
<br /></div>
<ul>
<li><div align="JUSTIFY" lang="en-US" style="margin-bottom: 0cm; margin-right: 1cm; orphans: 2; page-break-inside: avoid; widows: 2;">
<span style="color: black;"><span style="font-family: Verdana, sans-serif;"><span style="font-size: x-small;">Create
temporary directory and repository version directory : </span></span></span>
</div>
</li>
</ul>
<div align="JUSTIFY" lang="fr-FR" style="border: 1px solid #000000; margin-bottom: 0cm; margin-right: 1cm; orphans: 2; padding: 0.04cm 0.14cm; page-break-inside: avoid; widows: 2;">
<span style="color: black;"><span style="font-family: Verdana, sans-serif;"><span style="font-size: x-small;"><span lang="en-US">#
</span><span lang="en-US"><b>mkdir –p /export/common/yum-repo/tmp
/export/common/yum-repo/OEL_6.5</b></span></span></span></span></div>
<div align="JUSTIFY" lang="en-US" style="margin-bottom: 0cm; margin-right: 1cm; orphans: 2; page-break-inside: avoid; widows: 2;">
<br /></div>
<ul>
<li><div align="LEFT" lang="en-US" style="margin-bottom: 0cm; margin-right: 1cm; orphans: 2; page-break-inside: avoid; widows: 2;">
<span style="color: black;"><span style="font-family: Verdana, sans-serif;"><span style="font-size: x-small;">mount
iso file on the temporary directory : </span></span></span>
</div>
</li>
</ul>
<div align="LEFT" lang="en-US" style="border: 1px solid #000000; margin-bottom: 0cm; margin-right: 1cm; orphans: 2; padding: 0.04cm 0.14cm; page-break-inside: avoid; widows: 2;">
<span style="color: black;"><span style="font-family: Verdana, sans-serif;"><span style="font-size: x-small;"><b>#
mount -o loop /export/common/yum-repo/OEL_6.5.iso
/export/common/yum-repo/tmp</b></span></span></span></div>
<div align="JUSTIFY" lang="en-US" style="margin-bottom: 0cm; margin-right: 1cm; orphans: 2; page-break-inside: avoid; widows: 2;">
<br /></div>
<ul>
<li><div align="JUSTIFY" lang="en-US" style="margin-bottom: 0cm; margin-right: 1cm; orphans: 2; page-break-inside: avoid; widows: 2;">
<span style="color: black;"><span style="font-family: Verdana, sans-serif;"><span style="font-size: x-small;">Copy
iso content in repository directory : </span></span></span>
</div>
</li>
</ul>
<div align="JUSTIFY" lang="en-US" style="border: 1px solid #000000; margin-bottom: 0cm; margin-right: 1cm; orphans: 2; padding: 0.04cm 0.14cm; page-break-inside: avoid; widows: 2;">
<span style="color: black;"><span style="font-family: Verdana, sans-serif;"><span style="font-size: x-small;"><b>#
cp -r /export/common/yum-repo/tmp/* /export/common/yum-repo/OEL_6.5</b></span></span></span></div>
<div align="JUSTIFY" lang="en-US" style="margin-bottom: 0cm; margin-right: 1cm; orphans: 2; page-break-inside: avoid; widows: 2;">
<br /></div>
<h3 class="western" lang="fr-FR">
Create your repository
</h3>
<ul>
<li><div align="JUSTIFY" lang="en-US" style="margin-bottom: 0cm; margin-right: 1cm; orphans: 2; page-break-inside: avoid; widows: 2;">
<span style="color: black;"><span style="font-family: Verdana, sans-serif;"><span style="font-size: x-small;">To
create repository, you must install createrepo package.</span></span></span></div>
</li>
</ul>
<div align="JUSTIFY" lang="en-US" style="margin-bottom: 0cm; margin-right: 1cm; orphans: 2; page-break-inside: avoid; widows: 2;">
<span style="color: black;"><span style="font-family: Verdana, sans-serif;"><span style="font-size: x-small;">This
package can be found on temporary directory previously created </span></span></span>
</div>
<div align="JUSTIFY" lang="en-US" style="margin-bottom: 0cm; margin-right: 1cm; orphans: 2; page-break-inside: avoid; widows: 2;">
<br /></div>
<div align="JUSTIFY" lang="en-US" style="margin-bottom: 0cm; margin-right: 1cm; orphans: 2; page-break-inside: avoid; widows: 2;">
<span style="color: black;"><span style="font-family: Verdana, sans-serif;"><span style="font-size: x-small;">Control
if already installed : </span></span></span>
</div>
<div align="JUSTIFY" lang="en-US" style="border: 1px solid #000000; margin-bottom: 0cm; margin-right: 1cm; orphans: 2; padding: 0.04cm 0.14cm; page-break-inside: avoid; widows: 2;">
<span style="color: black;"><span style="font-family: Verdana, sans-serif;"><span style="font-size: x-small;"><b>#
rpm –qa |grep createrepo</b></span></span></span><br />
<i style="font-family: Verdana, sans-serif;"><span style="font-size: x-small;">createrepo-0.4.11-3.el5</span></i></div>
<div align="JUSTIFY" lang="en-US" style="margin-bottom: 0cm; margin-right: 1cm; orphans: 2; page-break-inside: avoid; widows: 2;">
<br /></div>
<ul>
<li><div align="JUSTIFY" lang="en-US" style="margin-bottom: 0cm; margin-right: 1cm; orphans: 2; page-break-inside: avoid; widows: 2;">
<span style="color: black;"><span style="font-family: Verdana, sans-serif;"><span style="font-size: x-small;">Install
package : </span></span></span>
</div>
</li>
</ul>
<div align="JUSTIFY" lang="en-US" style="border: 1px solid #000000; margin-bottom: 0cm; margin-right: 1cm; orphans: 2; padding: 0.04cm 0.14cm; page-break-inside: avoid; widows: 2;">
<span style="color: black;"><span style="font-family: Verdana, sans-serif;"><span style="font-size: x-small;"><b>#
rpm –Uvh
/export/common/yum-repo/tmp/createrepo-0.4.11-3.el5.x86_64.rpm
/export/common/yum-repo/tmp/deltarpm-*
/export/common/yum-repo/tmp/python-deltarpm-*</b></span></span></span></div>
<div align="JUSTIFY" lang="en-US" style="margin-bottom: 0cm; margin-right: 1cm; orphans: 2; page-break-inside: avoid; widows: 2;">
<br /></div>
<ul>
<li><div align="JUSTIFY" lang="en-US" style="margin-bottom: 0cm; margin-right: 1cm; orphans: 2; page-break-inside: avoid; widows: 2;">
<span style="color: black;"><span style="font-family: Verdana, sans-serif;"><span style="font-size: x-small;">At
this step, remove any link to Packages directory in subdirectories
to avoid loop in repository : </span></span></span>
</div>
</li>
</ul>
<div align="JUSTIFY" lang="en-US" style="border: 1px solid #000000; margin-bottom: 0cm; margin-right: 1cm; orphans: 2; padding: 0.04cm 0.14cm; page-break-inside: avoid; widows: 2;">
<span style="color: black;"><span style="font-family: Verdana, sans-serif;"><span style="font-size: x-small;"><b>#
find . -name Packages -type l -exec rm -f {} \;</b></span></span></span></div>
<div align="JUSTIFY" lang="en-US" style="margin-bottom: 0cm; margin-right: 1cm; orphans: 2; page-break-inside: avoid; widows: 2;">
<br /></div>
<ul>
<li><div align="JUSTIFY" lang="en-US" style="margin-bottom: 0cm; margin-right: 1cm; orphans: 2; page-break-inside: avoid; widows: 2;">
<span style="color: black;"><span style="font-family: Verdana, sans-serif;"><span style="font-size: x-small;">Create
repository : </span></span></span>
</div>
</li>
</ul>
<div align="JUSTIFY" lang="en-US" style="border: 1px solid #000000; margin-bottom: 0cm; margin-right: 1cm; orphans: 2; padding: 0.04cm 0.14cm; page-break-inside: avoid; widows: 2;">
<span style="color: black;"><span style="font-family: Verdana, sans-serif;"><span style="font-size: x-small;"><b>#
cd /export/common/yum-repo/OEL_6.5/</b></span></span></span><br />
<b style="font-family: Verdana, sans-serif;"><span style="font-size: x-small;">#
createrepo .</span></b><br />
<i style="font-family: Verdana, sans-serif;"><span style="font-size: x-small;">3380/3380
- Cluster/ipvsadm-1.24-13.el5.x86_64.rpm
pmpmx86_64.rpm</span></i><br />
<i style="font-family: Verdana, sans-serif;"><span style="font-size: x-small;">Saving
Primary metadata</span></i><br />
<i style="font-family: Verdana, sans-serif;"><span style="font-size: x-small;">Saving
file lists metadata</span></i><br />
<i style="font-family: Verdana, sans-serif;"><span style="font-size: x-small;">Saving
other metadata</span></i></div>
<div align="JUSTIFY" lang="fr-FR" style="margin-bottom: 0cm; margin-right: 1cm; orphans: 2; page-break-inside: avoid; widows: 2;">
<br /></div>
<h3 class="western" lang="fr-FR">
<a href="https://www.blogger.com/blogger.g?blogID=8005826118597231502" name="__RefHeading__1264_502779136"></a><a href="https://www.blogger.com/blogger.g?blogID=8005826118597231502" name="__RefHeading___Toc393171201"></a>
Cleanup environment
</h3>
<ul>
<li><div align="JUSTIFY" lang="fr-FR" style="margin-bottom: 0cm; margin-right: 1cm; orphans: 2; page-break-inside: avoid; widows: 2;">
<span style="color: black;"><span style="font-family: Verdana, sans-serif;"><span style="font-size: x-small;">Unmount
iso file : </span></span></span>
</div>
</li>
</ul>
<div align="JUSTIFY" lang="en-US" style="border: 1px solid #000000; margin-bottom: 0cm; margin-right: 1cm; orphans: 2; padding: 0.04cm 0.14cm; page-break-inside: avoid; widows: 2;">
<span style="color: black;"><span style="font-family: Verdana, sans-serif;"><span style="font-size: x-small;"><b>#
cd /export/common/yum-repo/</b></span></span></span><br />
<b style="font-family: Verdana, sans-serif;"><span style="font-size: x-small;">#
umount –f /export/common/yum-repo/tmp/</span></b></div>
<div align="JUSTIFY" lang="en-US" style="margin-bottom: 0cm; margin-right: 1cm; orphans: 2; page-break-inside: avoid; widows: 2;">
<br /></div>
<ul>
<li><div align="JUSTIFY" lang="en-US" style="margin-bottom: 0cm; margin-right: 1cm; orphans: 2; page-break-inside: avoid; widows: 2;">
<span style="color: black;"><span style="font-family: Verdana, sans-serif;"><span style="font-size: x-small;">Delete
iso file : </span></span></span>
</div>
</li>
</ul>
<div align="JUSTIFY" lang="en-US" style="border: 1px solid #000000; margin-bottom: 0cm; margin-right: 1cm; orphans: 2; padding: 0.04cm 0.14cm; page-break-inside: avoid; widows: 2;">
<span style="color: black;"><span style="font-family: Verdana, sans-serif;"><span style="font-size: x-small;"><b>#
rm -f /export/common/yum-repo/OEL_5.8.iso</b></span></span></span></div>
<h1 class="western" lang="fr-FR">
Configure yum client</h1>
<h3 class="western" lang="fr-FR">
Update configuration files
</h3>
<ul>
<li><div align="JUSTIFY" lang="fr-FR" style="margin-bottom: 0cm; margin-right: 1cm; orphans: 2; page-break-inside: avoid; widows: 2;">
<span style="color: black;"><span style="font-family: Verdana, sans-serif;"><span style="font-size: x-small;">Update
<b>/etc/yum.conf</b> file :</span></span></span></div>
</li>
</ul>
<div align="JUSTIFY" lang="en-US" style="margin-bottom: 0cm; margin-right: 1cm; orphans: 2; page-break-inside: avoid; widows: 2;">
<span style="color: black;"><span style="font-family: Verdana, sans-serif;"><span style="font-size: x-small;">Add
exclusion to Exalogic specific package which cannot be updated: </span></span></span>
</div>
<div align="JUSTIFY" lang="en-US" style="border: 1px solid #000000; margin-bottom: 0cm; margin-right: 1cm; orphans: 2; padding: 0.04cm 0.14cm; page-break-inside: avoid; widows: 2;">
<span style="color: black;"><span style="font-family: Verdana, sans-serif;"><span style="font-size: x-small;"><b>exclude=kernel*
compat-dapl* dapl* ib-bonding* ibacm* ibutils* ibsim*
infiniband-diags* kmod-ovmapi-uek* libibcm* libibmad* libibumad*
libibverbs* libmlx4* libovmapi* librdmacm* libsdp* mpi-selector*
mpitests_openmpi_gcc* mstflint* ofed* openmpi_gcc* opensm*
ovm-template-config* ovmd* perftest* qperf* rds-tools* sdpnetstat*
srptools* xenstoreprovider* initscripts* nfs-utils*</b></span></span></span></div>
<div align="JUSTIFY" lang="en-US" style="margin-bottom: 0cm; margin-right: 1cm; orphans: 2; page-break-inside: avoid; widows: 2;">
<br /></div>
<ul>
<li><div align="JUSTIFY" lang="fr-FR" style="margin-bottom: 0cm; margin-right: 1cm; orphans: 2; page-break-inside: avoid; widows: 2;">
<span style="color: black;"><span style="font-family: Verdana, sans-serif;"><span style="font-size: x-small;"><span lang="en-US">Create
</span><span lang="en-US"><b>/etc/yum.repos.d/local_yum.repo</b></span><span lang="en-US">
file with the following content: </span></span></span></span>
</div>
</li>
</ul>
<div align="JUSTIFY" lang="en-US" style="border: 1px solid #000000; margin-bottom: 0cm; margin-right: 1cm; orphans: 2; padding: 0.04cm 0.14cm; page-break-inside: avoid; widows: 2;">
<span style="color: black;"><span style="font-family: Verdana, sans-serif;"><span style="font-size: x-small;"><b>[local_yum]</b></span></span></span><br />
<span style="color: black;"><span style="font-family: Verdana, sans-serif;"><span style="font-size: x-small;"><b>name=Exalogic
Yum Rack</b></span></span></span><br />
<span style="color: black;"><span style="font-family: Verdana, sans-serif;"><span style="font-size: x-small;"><span lang="en-US"><b>baseurl=</b></span><span lang="en-US"><i><b>http://172.17.0.5/shares/export/common/yum-repo/OEL_6.5.iso</b></i></span></span></span></span><br />
<span style="color: black;"><span style="font-family: Verdana, sans-serif;"><span style="font-size: x-small;"><b>gpgcheck=0</b></span></span></span><br />
<b style="font-family: Verdana, sans-serif;">enabled=1</b></div>
<div align="JUSTIFY" lang="fr-FR" style="margin-bottom: 0cm; margin-right: 1cm; orphans: 2; page-break-inside: avoid; widows: 2;">
<br /></div>
<h3 class="western" lang="fr-FR">
Refresh yum database</h3>
<div align="JUSTIFY" lang="en-US" style="margin-bottom: 0cm; margin-right: 1cm; orphans: 2; page-break-inside: avoid; widows: 2;">
<span style="color: black;"><span style="font-family: Verdana, sans-serif;"><span style="font-size: x-small;">Refresh
yum client on each machine now configured with the local repository.</span></span></span></div>
<ul>
<li><div align="JUSTIFY" lang="en-US" style="margin-bottom: 0cm; margin-right: 1cm; orphans: 2; page-break-inside: avoid; widows: 2;">
<span style="color: black;"><span style="font-family: Verdana, sans-serif;"><span style="font-size: x-small;">First,
clean yum cache : </span></span></span>
</div>
</li>
</ul>
<div align="JUSTIFY" lang="fr-FR" style="border: 1px solid #000000; margin-bottom: 0cm; margin-right: 1cm; orphans: 2; padding: 0.04cm 0.14cm; page-break-inside: avoid; widows: 2;">
<span style="color: black;"><span style="font-family: Verdana, sans-serif;"><span style="font-size: x-small;"><span lang="en-US">#
</span><span lang="en-US"><b>yum clean al</b></span><span lang="en-US">l</span></span></span></span><br />
<i style="font-family: Verdana, sans-serif;"><span style="font-size: x-small;">Loaded
plugins: rhnplugin, security</span></i><br />
<i style="font-family: Verdana, sans-serif;"><span style="font-size: x-small;">Cleaning
up Everything</span></i></div>
<div align="JUSTIFY" lang="en-US" style="margin-bottom: 0cm; margin-right: 1cm; orphans: 2; page-break-inside: avoid; widows: 2;">
<br /></div>
<ul>
<li><div align="JUSTIFY" lang="en-US" style="margin-bottom: 0cm; margin-right: 1cm; orphans: 2; page-break-inside: avoid; widows: 2;">
<span style="color: black;"><span style="font-family: Verdana, sans-serif;"><span style="font-size: x-small;">Recreate
yum cache and headers :</span></span></span></div>
</li>
</ul>
<div align="JUSTIFY" lang="fr-FR" style="border: 1px solid #000000; margin-bottom: 0cm; margin-right: 1cm; orphans: 2; padding: 0.04cm 0.14cm; page-break-inside: avoid; widows: 2;">
<span style="color: black;"><span style="font-family: Verdana, sans-serif;"><span style="font-size: x-small;"><span lang="en-US">#
</span><span lang="en-US"><b>yum</b></span><span lang="en-US">
</span><span lang="en-US"><b>repolist</b></span></span></span></span><br />
<i style="font-family: Verdana, sans-serif;"><span style="font-size: x-small;">Loaded
plugins: rhnplugin, security</span></i><br />
<i style="font-family: Verdana, sans-serif;"><span style="font-size: x-small;">This
system is not registered with ULN.</span></i><br />
<i style="font-family: Verdana, sans-serif;"><span style="font-size: x-small;">ULN
support will be disabled.</span></i><br />
<i style="font-family: Verdana, sans-serif;"><span style="font-size: x-small;">local_yum
| 951 B
00:00</span></i><br />
<i style="font-family: Verdana, sans-serif;"><span style="font-size: x-small;">local_yum/primary
| 1.4 MB 00:00</span></i><br />
<i style="font-family: Verdana, sans-serif;"><span style="font-size: x-small;">local_yum
3380/3380</span></i><br />
<i style="font-family: Verdana, sans-serif;"><span style="font-size: x-small;">Excluding
Packages from Exalogic TVP yum rack</span></i><br />
<i style="font-family: Verdana, sans-serif;"><span style="font-size: x-small;">Finished</span></i><br />
<i style="font-family: Verdana, sans-serif;"><span style="font-size: x-small;">repo
id repo
name
status</span></i><br />
<i style="font-family: Verdana, sans-serif;"><span style="font-size: x-small;">local_yum
Exalogic
TVP yum rack
3,288+92</span></i><br />
<i style="font-family: Verdana, sans-serif;"><span style="font-size: x-small;">repolist:
3,288</span></i></div>
<div align="JUSTIFY" lang="fr-FR" style="margin-bottom: 0cm; margin-right: 1cm; orphans: 2; page-break-inside: avoid; widows: 2;">
<span style="font-size: x-small;"><a href="https://www.blogger.com/blogger.g?blogID=8005826118597231502" name="__RefHeading__796_794864896"></a>
</span></div>
<br />
<div align="JUSTIFY" lang="en-US" style="margin-bottom: 0cm; margin-right: 1cm; orphans: 2; page-break-inside: avoid; widows: 2;">
<span style="color: black;"><span style="font-family: Verdana, sans-serif;"><span style="font-size: x-small;">Now,
you can install packages with yum install command.</span></span></span></div>
Anonymoushttp://www.blogger.com/profile/10578247333336451445noreply@blogger.com0tag:blogger.com,1999:blog-8005826118597231502.post-19865171819357847012015-06-03T05:05:00.001-07:002015-06-03T05:05:18.494-07:00How to configure a internal dns for Exalogic system :<br />
<br />
<u><b>Prerequisites</b></u><br />
<u>Packages</u><br />
Following package are necessary for dns Server :<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>bind<br />
Following package are necessary for testing dns client :<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>bind-utils<br />
<br />
<u><b>Installation </b></u><br />
<u>On DNS server : </u><br />
On domain Name server, installation can be made with yum repository.<br />
- To install named, execute the following command :<br />
# yum install bind –skip-broken<br />
<br />
Note : '--skip-broken' option is added to do not upgrade packages dependencies.<br />
<br />
- To configure named as a service :<br />
# chkconfig named on<br />
<br />
- To start named service :<br />
# service named start<br />
<br />
<u>On clients :</u><br />
<u>On every clients :</u><br />
bind-utils package installation can be made with yum repository.<br />
To install named, execute the following command :<br />
# yum install bind-utils<br />
<br />
<u><b>Configure named</b></u><br />
These actions must be made only on vServer host named service<br />
/etc/named.conf<br />
- Create a file /etc/named.conf with the following content :<br />
<br />
<i>options {</i><br />
<i> directory "/var/named";</i><br />
<i><br /></i>
<i> # hide version string for security</i><br />
<i> version "not currently available";</i><br />
<i><br /></i>
<i> # Listen to the loopback device and internal networks only</i><br />
<i> listen-on { 127.0.0.1; 172.16.0.100; 172.17.0.100; 192.168.0.100; 10.10.0.100; };</i><br />
<i> #listen-on-v6 { ::1; };</i><br />
<i><br /></i>
<i> # Do not query from the specified source port range</i><br />
<i> avoid-v4-udp-ports { range 1 32767; };</i><br />
<i> avoid-v6-udp-ports { range 1 32767; };</i><br />
<i><br /></i>
<i> # forward all DNS queries to enterprise DNS</i><br />
<i> forwarders { 172.30.121.25; 172.30.182.11; };</i><br />
<i> forward only;</i><br />
<i><br /></i>
<i> # expire negative answers ASAP.</i><br />
<i> # do not cache dns query failure</i><br />
<i> max-ncache-ttl 1; # 1 seconds</i><br />
<i><br /></i>
<i> # disable non-relevant operations</i><br />
<i> allow-transfer { none; };</i><br />
<i> allow-update-forwarding { none; };</i><br />
<i> allow-notify { none; };</i><br />
<i>};</i><br />
<i>zone "exa-admin.el01.com" in{</i><br />
<i> type master;</i><br />
<i> file "exa-admin.el01.com";</i><br />
<i> allow-update{192.168.0.0/21; 10.10.0.0/24; 10.10.1.0/26; 10.10.1.64/26; 10.10.1.128/26; };</i><br />
<i> notify yes;</i><br />
<i>};</i><br />
<i><br /></i>
<i>zone "exa-internal.el01.com" in{</i><br />
<i> type master;</i><br />
<i> file "exa-internal.el01.com";</i><br />
<i> allow-update{192.168.0.0/21; 10.10.0.0/24; 10.10.1.0/26; 10.10.0.64/26; 10.10.0.128/26; };</i><br />
<i> notify yes;</i><br />
<i>};</i><br />
<i><br /></i>
<i>zone "168.192.in-addr.arpa" {</i><br />
<i> type master;</i><br />
<i> file "192.168";</i><br />
<i> allow-update{192.168.0.0/21; };</i><br />
<i> notify yes;</i><br />
<i>};</i><br />
<i><br /></i>
<i>zone "0.17.172.in-addr.arpa" {</i><br />
<i> type master;</i><br />
<i> file "172.17.0";</i><br />
<i> allow-update{172.17.0.0/16; 192.168.0.0/21; };</i><br />
<i> notify yes;</i><br />
<i>};</i><br />
<i><br /></i>
<i>zone "0.10.10.in-addr.arpa" {</i><br />
<i> type master;</i><br />
<i> file "10.176.40";</i><br />
<i> allow-update{172.16.0.0/16; 192.168.0.0/21; };</i><br />
<i> notify yes;</i><br />
<i>};</i><br />
<i><br /></i>
<i>zone "1.10.10.in-addr.arpa" {</i><br />
<i> type master;</i><br />
<i> file "10.176.41";</i><br />
<i> allow-update{172.16.0.0/16; 192.168.0.0/21; };</i><br />
<i> notify yes;</i><br />
<i>};</i><br />
<br />
This file creates an internal zone (exa-internal.el01.com) for IpoIB addressing and a zone (exa-admin.el01.com) for EoIB addressing.<br />
The first one is exclusive in exalogic rack.<br />
The second one is a sub-zone of global name service for company.<br />
<br />
Internal IpoIB zone manages IpoIB-default network and IpoIB-vserver-shared-storage network.<br />
<br />
For each zone, the reverse zone is managed too.<br />
<br />
<u><b>Zones files </b></u><br />
- Create file /var/named/exa-admin.el01.com :<br />
<i>$ORIGIN .</i><br />
<i>$TTL 172800<span class="Apple-tab-span" style="white-space: pre;"> </span>; 2 days</i><br />
<i>exa-admin.el01.com<span class="Apple-tab-span" style="white-space: pre;"> </span>IN SOA<span class="Apple-tab-span" style="white-space: pre;"> </span>ns1.exa-admin.el01.com. root.exa-admin.el01.com. (</i><br />
<i><span class="Apple-tab-span" style="white-space: pre;"> </span>2003080803 ; serial</i><br />
<i><span class="Apple-tab-span" style="white-space: pre;"> </span>43200 ; refresh (12 hours)</i><br />
<i><span class="Apple-tab-span" style="white-space: pre;"> </span>900 ; retry (15 minutes)</i><br />
<i><span class="Apple-tab-span" style="white-space: pre;"> </span>1814400 ; expire (3 weeks)</i><br />
<i><span class="Apple-tab-span" style="white-space: pre;"> </span>10800 ; minimum (3 hours)</i><br />
<i><span class="Apple-tab-span" style="white-space: pre;"> </span>)</i><br />
<i><span class="Apple-tab-span" style="white-space: pre;"> </span>NS<span class="Apple-tab-span" style="white-space: pre;"> </span>ns1.exa-admin.el01.com.</i><br />
<i><span class="Apple-tab-span" style="white-space: pre;"> </span>MX<span class="Apple-tab-span" style="white-space: pre;"> </span>10 ns1.exa-admin.el01.com.</i><br />
<i>$ORIGIN exa-admin.el01.com.</i><br />
<i>$TTL 172800<span class="Apple-tab-span" style="white-space: pre;"> </span>; 2 days</i><br />
<i>ns1<span class="Apple-tab-span" style="white-space: pre;"> </span>A<span class="Apple-tab-span" style="white-space: pre;"> </span>192.168.0.100</i><br />
<br />
- Create file /var/named/exa-internal.el01.com :<br />
<i>$ORIGIN .</i><br />
<i>$TTL 172800<span class="Apple-tab-span" style="white-space: pre;"> </span>; 2 days</i><br />
<i>exa-internal.el01.com<span class="Apple-tab-span" style="white-space: pre;"> </span>IN SOA<span class="Apple-tab-span" style="white-space: pre;"> </span>ns1.exa-internal.el01.com. root.exa-internal.el01.com. (</i><br />
<i><span class="Apple-tab-span" style="white-space: pre;"> </span>2003080803 ; serial</i><br />
<i><span class="Apple-tab-span" style="white-space: pre;"> </span>43200 ; refresh (12 hours)</i><br />
<i><span class="Apple-tab-span" style="white-space: pre;"> </span>900 ; retry (15 minutes)</i><br />
<i><span class="Apple-tab-span" style="white-space: pre;"> </span>1814400 ; expire (3 weeks)</i><br />
<i><span class="Apple-tab-span" style="white-space: pre;"> </span>10800 ; minimum (3 hours)</i><br />
<i><span class="Apple-tab-span" style="white-space: pre;"> </span>)</i><br />
<i><span class="Apple-tab-span" style="white-space: pre;"> </span>NS<span class="Apple-tab-span" style="white-space: pre;"> </span>ns1.exa-internal.el01.com.</i><br />
<i><span class="Apple-tab-span" style="white-space: pre;"> </span>MX<span class="Apple-tab-span" style="white-space: pre;"> </span>10 ns1.exa-internal.el01.com.</i><br />
<i>$ORIGIN exa-internal.el01.com.</i><br />
<i>el01sn-priv<span class="Apple-tab-span" style="white-space: pre;"> </span>A<span class="Apple-tab-span" style="white-space: pre;"> </span>172.17.0.5</i><br />
<i>$TTL 172800<span class="Apple-tab-span" style="white-space: pre;"> </span>; 2 days</i><br />
<i>ldap<span class="Apple-tab-span" style="white-space: pre;"> </span>CNAME<span class="Apple-tab-span" style="white-space: pre;"> </span>ldap-master</i><br />
<i>ldap-master<span class="Apple-tab-span" style="white-space: pre;"> </span>A<span class="Apple-tab-span" style="white-space: pre;"> </span>192.168.0.100</i><br />
<i>ldap-slave<span class="Apple-tab-span" style="white-space: pre;"> </span>A<span class="Apple-tab-span" style="white-space: pre;"> </span>192.168.0.200</i><br />
<i>ns1<span class="Apple-tab-span" style="white-space: pre;"> </span>A<span class="Apple-tab-span" style="white-space: pre;"> </span>192.168.0.100</i><br />
<br />
<br />
Reverse zones files<br />
- Create a file for each reverse dns, there is a sample file for one zone :<br />
<i>$ORIGIN .</i><br />
<i>$TTL 604800<span class="Apple-tab-span" style="white-space: pre;"> </span>; 1 week</i><br />
<i>0.10.10.in-addr.arpa<span class="Apple-tab-span" style="white-space: pre;"> </span>IN SOA<span class="Apple-tab-span" style="white-space: pre;"> </span>ns1.exa-admin.el01.com. root.exa-admin.el01.com. (</i><br />
<i><span class="Apple-tab-span" style="white-space: pre;"> </span>3 ; serial</i><br />
<i><span class="Apple-tab-span" style="white-space: pre;"> </span>10800 ; refresh (3 hours)</i><br />
<i><span class="Apple-tab-span" style="white-space: pre;"> </span>3600 ; retry (1 hour)</i><br />
<i><span class="Apple-tab-span" style="white-space: pre;"> </span>604800 ; expire (1 week)</i><br />
<i><span class="Apple-tab-span" style="white-space: pre;"> </span>3600 ; minimum (1 hour)</i><br />
<i><span class="Apple-tab-span" style="white-space: pre;"> </span>)</i><br />
<i><span class="Apple-tab-span" style="white-space: pre;"> </span>NS<span class="Apple-tab-span" style="white-space: pre;"> </span>ns1.exa-admin.el01.com.</i><br />
<i>$ORIGIN 0.10.10.in-addr.arpa.</i><br />
<i>$TTL 86400<span class="Apple-tab-span" style="white-space: pre;"> </span>; 1 day</i><br />
<br />
<u><b>Clients</b></u><br />
<u>Configure name server </u><br />
<u>On every clients :</u><br />
- Configure /etc/resolv.conf<br />
domain exa-internal.el01.com<br />
search exa-internal.el01.com exa-admin.el01.com mydomain.com<br />
nameserver 192.168.0.100<br />
<br />
- Configure /etc/nsswitch.conf<br />
Be sure, that for host, you have configured :<br />
<i>hosts<span class="Apple-tab-span" style="white-space: pre;"> </span>files dns</i><br />
<br />
<u>Nsupdate</u><br />
Nsupdate is used to push or update informations about vServer.<br />
There is a sample or script to execute to provide some informations.<br />
<br />
# cat /tmp/nsreg.info<br />
<i>server 192.168.0.100</i><br />
<i>zone exa-internal.el01.com.</i><br />
<i>update delete myvserver-1.exa-internal.el01.com. A</i><br />
<i>update add myvserver-1.exa-internal.el01.com. 86400 A 192.168.0.10</i><br />
<i>send</i><br />
<i>server 192.168.0.100</i><br />
<i>zone 0.10.10.in-addr.arpa</i><br />
<i>update add 10.0.10.10.in-addr.arpa. 86400 IN PTR myvserver-1.exa-admin.el01.com.</i><br />
<i>send</i><br />
<i>zone 0.168.192.in-addr.arpa</i><br />
<i>update add 10.0.168.192.in-addr.arpa. 86400 IN PTR myvserver-1.exa-internal.el01.com.</i><br />
<i>send</i><br />
<br />
To execute the script :<br />
# nsupdate -d -v /tmp/nsreg.info<br />
<br />
<br />
<u>Note :</u> A script in /etc/rc.d/init.d/nsupdate can be used to update dns each time a vServer is rebooted.<br />
This script can be added to OEL template.<br />
<br />Anonymoushttp://www.blogger.com/profile/10578247333336451445noreply@blogger.com0tag:blogger.com,1999:blog-8005826118597231502.post-13124729421859350492014-11-13T13:23:00.002-08:002014-11-13T14:00:23.367-08:00Understand "Weblogic Plugin Enabled" attribute<u><b>Why using "Weblogic Plugin Enabled" :</b></u><br />
Weblogic Server usually receives requests through a web server or a load-balancer which works as a proxy.<br />
When using this kind of configuration, it is important to inform Weblogic Server of the presence of a proxy to handle the client request correctly.<br />
<br />
Set the "weblogic plugin Enabled" attribute to true indicates to WLS to call getRemoteAddr and return the original request from the browser client instead of front WebServer address.<br />
<br />
<u><b>Example : </b></u><br />
One of the most representative example is when using Apache Server as a SSL termination in front of Weblogic.<br />
In a simple case which consists to access to Weblogic console, we can observe weblogic behavior with and without "WL Plugin Enabled" attribute.<br />
<u><br /></u>
<u>WL Plugin Enabled to false : </u><br />
When "Weblogic Plugin Enabled" is set to false, the redirect send to browser is rewriten in http on initial https port.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgrxfyiBNVxWaVlIFuS8BkjJVC6RdRVXUDsL4YqmWwtq3BEgTUSItkdAD6EZrVBk7-M55CJCP78Re_WlKOR43L55a2PdOE0I3mVWA8S56PGYv6n2t4jkVYAuHRkbs6GrT3rn1OYFt6he7c/s1600/wl_pi_off.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="119" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgrxfyiBNVxWaVlIFuS8BkjJVC6RdRVXUDsL4YqmWwtq3BEgTUSItkdAD6EZrVBk7-M55CJCP78Re_WlKOR43L55a2PdOE0I3mVWA8S56PGYv6n2t4jkVYAuHRkbs6GrT3rn1OYFt6he7c/s320/wl_pi_off.png" width="320" /></a></div>
<br />
<u>WL Plugin Enabled to true : </u><br />
When "Weblogic Plugin Enabled" is set to true, the redirect send to browser is rewriten correctly on https on the original port.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhrUxkhXJzXj5UpkggYjMEaf6L-YOp8lrQw_v3qxLVkOf9MW-tuRmyGaVtrv7dOwAaEORkTFq7lSHjZk6A3UKR43TusRnKnooZ7jpywidxrYvhfl7pIrEvtRdDTe4OSaXRzaWplaToFg_0/s1600/wl_pi_on.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="136" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhrUxkhXJzXj5UpkggYjMEaf6L-YOp8lrQw_v3qxLVkOf9MW-tuRmyGaVtrv7dOwAaEORkTFq7lSHjZk6A3UKR43TusRnKnooZ7jpywidxrYvhfl7pIrEvtRdDTe4OSaXRzaWplaToFg_0/s320/wl_pi_on.png" width="320" /></a></div>
<br />
<u><b><br /></b></u>
<u><b>How to activate : </b></u><br />
"Weblogic Plugin Enabled" attribute can be set to three level.<br />
- Domain Level (apply to all clusters and servers that do not overwrite explicitly the attribute with different value)<br />
- Cluster Level (apply to all members of the cluster that do not overwrite explicitly the attribute with different value)<br />
- Server Level<br />
<br />
<u>Domain Level : </u><br />
- Select Domain name :<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjrhonbX0u8XCyz7lm3b2R3O95g7TnuVM-IIdzrErLHBKEOn_9dRDHnNeFN9iflDbS2acvU9QsCuNfd7P5Oa86n7fXTgT9FiTQFqap3D5WqsR6czBhyXoMOUcr_CVaU8ypqS71q9pYvCdQ/s1600/Domain_Structure.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjrhonbX0u8XCyz7lm3b2R3O95g7TnuVM-IIdzrErLHBKEOn_9dRDHnNeFN9iflDbS2acvU9QsCuNfd7P5Oa86n7fXTgT9FiTQFqap3D5WqsR6czBhyXoMOUcr_CVaU8ypqS71q9pYvCdQ/s1600/Domain_Structure.png" /></a></div>
<br />
- Select "Configuration" Tab, then "Web Applications" :<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEivqwh4gO3rwsK5aRUER-Fg1_l8J7TidJOxuiro0kd-oyzjQxHMcGerg3s5e2wTozPnXVtPKJ_INtvgw82luool94FsbrxxHsPJbiroMP4jfwgPL9RrYNqQ48cK0TEABQrcKilJ49vMXtU/s1600/Domain_Top.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="126" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEivqwh4gO3rwsK5aRUER-Fg1_l8J7TidJOxuiro0kd-oyzjQxHMcGerg3s5e2wTozPnXVtPKJ_INtvgw82luool94FsbrxxHsPJbiroMP4jfwgPL9RrYNqQ48cK0TEABQrcKilJ49vMXtU/s320/Domain_Top.png" width="320" /></a></div>
<br />
- Select "Weblogic Plugin Enabled" checkbox :<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj9PdUNaZBQIshyphenhyphenIxMnb59DLmcePcx_cozSjes1rqpbzanZtOVuOnAP0NXaI9YpLp6QPHLjRGDsTOrpsOmaLW-SRzfIwzrmiEliaXNS38Zk6OLVuqwuZm0ion_XPCX6Ieqz6VLpin5YZWo/s1600/Server_advanced.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="90" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj9PdUNaZBQIshyphenhyphenIxMnb59DLmcePcx_cozSjes1rqpbzanZtOVuOnAP0NXaI9YpLp6QPHLjRGDsTOrpsOmaLW-SRzfIwzrmiEliaXNS38Zk6OLVuqwuZm0ion_XPCX6Ieqz6VLpin5YZWo/s320/Server_advanced.png" width="320" /></a></div>
<br />
<u>Cluster Level : </u><br />
- Expand "Environment" and select "Clusters", then click on your cluster :<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgwgwZj5qpTLhME7KuxM62RtYx-htmhYe0MZswkQ-SQR7ldtyP_W0ymkUIYx-f07zlY3rEtdfy2QiRtRIATjEnF-Rc_9QFg2Fi8B0gAPBnQ7DtsstzZTyPFsuzsp-pdimOsZ3eSYhLZ5P4/s1600/Cluster_List.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="141" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgwgwZj5qpTLhME7KuxM62RtYx-htmhYe0MZswkQ-SQR7ldtyP_W0ymkUIYx-f07zlY3rEtdfy2QiRtRIATjEnF-Rc_9QFg2Fi8B0gAPBnQ7DtsstzZTyPFsuzsp-pdimOsZ3eSYhLZ5P4/s320/Cluster_List.png" width="320" /></a></div>
<br />
<br />
- On "Configuration / General" Tabs, go to "Advanced" section, then select the value for "WL Plugin Enabled" attribute.<br />
"Default" means that domain value apply.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgk07sTjvw0b-aP6i-98yzcR-bDBCjqAEm969z9JkpRAJIoSUL9WyonXyZKZsnRykxxG9Nok_zJz6zDUbO32EFShTzSwk5HIXaFYNILUEkgTRimfrvKXnQOi4oUHxeEeIahztB16_cLMKE/s1600/Cluster_advanced.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgk07sTjvw0b-aP6i-98yzcR-bDBCjqAEm969z9JkpRAJIoSUL9WyonXyZKZsnRykxxG9Nok_zJz6zDUbO32EFShTzSwk5HIXaFYNILUEkgTRimfrvKXnQOi4oUHxeEeIahztB16_cLMKE/s320/Cluster_advanced.png" width="270" /></a></div>
<br />
<u>Server Level : </u><br />
- Expand "Environment" in "Domain Structure" and select "Servers". Select the desired server :<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiswduA4VyLXmsv0aJmFGOYQfUrQ0sAwOPJGzs5TjTZIihhmWSzzXUzlwgq4R9615Q7nJTy1Jd8Px7WQgXvZ4lLyOyzW9aLWyWNkQfY1Z6r6XpnEsjmV7gqtHgJ65iCZ8VF5GFPAHJtzsw/s1600/Server_list.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="219" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiswduA4VyLXmsv0aJmFGOYQfUrQ0sAwOPJGzs5TjTZIihhmWSzzXUzlwgq4R9615Q7nJTy1Jd8Px7WQgXvZ4lLyOyzW9aLWyWNkQfY1Z6r6XpnEsjmV7gqtHgJ65iCZ8VF5GFPAHJtzsw/s320/Server_list.png" width="320" /></a></div>
<br />
<br />
- Select "Configuration / General" Tab :<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiD0sntnBEP9KiD8ukOmq0ZftOMkjIznojyR740N-QOzYdUnvwdu3DZNI09C0dmalotAK4zdwSHKQdE66y5wRhgS4r8Ers3wKDTCTEB34e58H-3iJHLR7BjSXCG__OKBtwUlsOiV7BdA98/s1600/Server_Top.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="78" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiD0sntnBEP9KiD8ukOmq0ZftOMkjIznojyR740N-QOzYdUnvwdu3DZNI09C0dmalotAK4zdwSHKQdE66y5wRhgS4r8Ers3wKDTCTEB34e58H-3iJHLR7BjSXCG__OKBtwUlsOiV7BdA98/s320/Server_Top.png" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<br />
- Expand "Advanced" section, then select a value for "Weblogic Plugin Enabled" attribute :<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj9PdUNaZBQIshyphenhyphenIxMnb59DLmcePcx_cozSjes1rqpbzanZtOVuOnAP0NXaI9YpLp6QPHLjRGDsTOrpsOmaLW-SRzfIwzrmiEliaXNS38Zk6OLVuqwuZm0ion_XPCX6Ieqz6VLpin5YZWo/s1600/Server_advanced.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="90" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj9PdUNaZBQIshyphenhyphenIxMnb59DLmcePcx_cozSjes1rqpbzanZtOVuOnAP0NXaI9YpLp6QPHLjRGDsTOrpsOmaLW-SRzfIwzrmiEliaXNS38Zk6OLVuqwuZm0ion_XPCX6Ieqz6VLpin5YZWo/s320/Server_advanced.png" width="320" /></a></div>
<br />
<u><br /></u>Anonymoushttp://www.blogger.com/profile/10578247333336451445noreply@blogger.com0tag:blogger.com,1999:blog-8005826118597231502.post-49002620996253802502014-11-12T00:22:00.001-08:002014-11-12T00:22:17.372-08:00how to resize root '/' filesystem and swap on a Exalogic vServer. <br />
<b>Prerequisites</b><br />
- Access to OpsCenter with owner of vServer.<br />
- Access to vServer with root user.<br />
- Access to a computeNode with root user.<br />
<br />
<b>Resize FileSystem</b><br />
<u>On vServer or OpsCenter :</u><br />
Shutdown the vServer to extend main volume.<br />
- Connect to OpsCenter<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>- Go to “Vdc Management / mycloud / Accounts / myAccount”<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>- Select the vServer<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>- Click “Shutdown the server” or click on the red square.<br />
<u>Alternative :</u><br />
- Connect to vServer with root user and execute the following command :<br />
<i># shutdown -h now</i><br />
<br />
<u>On a compute Node :</u><br />
Go to to OVM Repository and access directly to the vServers vDisks.<br />
<br />
<u>On the repository : </u><br />
<i># cd /OVS/Repositories/000.........22/</i><br />
<i># ls</i><br />
<i>Assemblies ISOs Templates VirtualDisks VirtualMachines</i><br />
<br />
- Identify the vServer : <br />
<i># grep 'simple_name' VirtualMachines/*/*.cfg</i><br />
<i>VirtualMachines/000..........75/vm.cfg:OVM_simple_name = 'myvserver-1'</i><br />
<i>VirtualMachines/000..........48/vm.cfg:OVM_simple_name = 'myvserver-2'</i><br />
<i>VirtualMachines/000..........bb/vm.cfg:OVM_simple_name = 'myvserver-3'</i><br />
<i>VirtualMachines/000..........3f/vm.cfg:OVM_simple_name = 'ExalogicControlOpsCenterPC2'</i><br />
<i>VirtualMachines/000..........b7/vm.cfg:OVM_simple_name = 'mytemplatevserver'</i><br />
<i>VirtualMachines/000..........30/vm.cfg:OVM_simple_name = 'ExalogicControl'</i><br />
<i>VirtualMachines/000..........4b/vm.cfg:OVM_simple_name = 'ldapvserver'</i><br />
<i>VirtualMachines/000..........90/vm.cfg:OVM_simple_name = 'ExalogicControlOpsCenterPC1'</i><br />
<br />
- Identify the vDisk : <br />
<i># grep -i disk VirtualMachines/000..........b7/vm.cfg</i><br />
<i>disk = ['file:/OVS/Repositories/000.........22/VirtualDisks/000..........b7.img,hda,w']</i><br />
<i>[root@elp01cn01 000.........22]# cd /OVS/Repositories/000.........22/VirtualDisks/</i><br />
<br />
- Make a vDisk backup : <br />
<i># ls -l 000..........b7.img</i><br />
<i>-rw-r--r--+ 1 root root 6292504576 Jul 15 14:16 000..........b7.img</i><br />
<i># cp 000..........b7.img 000..........b7.img.orig</i><br />
<br />
- Create a new disk with the desired size : <br />
<i># dd if=/dev/zero of=System12G.img bs=5M count=2400</i><br />
<i>2400+0 records in</i><br />
<i>2400+0 records out</i><br />
<i>12582912000 bytes (13 GB) copied, 21.5651 seconds, 583 MB/s</i><br />
<br />
- Copy vServer vDisk content into file newly created : <br />
<i># dd if=000..........b7.img of=System12G.img conv=notrunc,noerror</i><br />
<i>12290048+0 records in</i><br />
<i>12290048+0 records out</i><br />
<i>6292504576 bytes (6.3 GB) copied, 65.0138 seconds, 96.8 MB/s</i><br />
<br />
- Replace vDisk with newly file : <br />
<i># mv System12G.img 000..........b7.img</i><br />
<i>mv: overwrite `000..........b7.img'? y</i><br />
<br />
<b>Restart the vServer and resize VolumeGroups</b><br />
<u>On OpsCenter Console :</u><br />
- Connect to OpsCenter<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>- Go to “Vdc Management / mycloud / Accounts / myAccount”<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>- Select the vServer<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>- Click “start the server”.<br />
<br />
<u>On vServer</u><br />
- Connect on vServer with root user and list the current disks shows in vServer :<br />
<i># fdisk -l</i><br />
<i><br /></i>
<i>Disk /dev/xvda: 12.5 GB, 12582912000 bytes</i><br />
<i>255 heads, 63 sectors/track, 1529 cylinders</i><br />
<i>Units = cylinders of 16065 * 512 = 8225280 bytes</i><br />
<i><br /></i>
<i> Device Boot Start End Blocks Id System</i><br />
<i>/dev/xvda1 * 1 13 104391 83 Linux</i><br />
<i>/dev/xvda2 14 765 6040440 8e Linux LVM</i><br />
<i><br /></i>
<i>Disk /dev/dm-0: 5637 MB, 5637144576 bytes</i><br />
<i>255 heads, 63 sectors/track, 685 cylinders</i><br />
<i>Units = cylinders of 16065 * 512 = 8225280 bytes</i><br />
<i><br /></i>
<i>Disk /dev/dm-0 doesn't contain a valid partition table</i><br />
<i><br /></i>
<i>Disk /dev/dm-1: 536 MB, 536870912 bytes</i><br />
<i>255 heads, 63 sectors/track, 65 cylinders</i><br />
<i>Units = cylinders of 16065 * 512 = 8225280 bytes</i><br />
<i><br /></i>
<i>Disk /dev/dm-1 doesn't contain a valid partition table</i><br />
<br />
<br />
- Delete current partition and recreate new using the entire disk :<br />
<i># fdisk /dev/xvda</i><br />
<i><br /></i>
<i>The number of cylinders for this disk is set to 1529.</i><br />
<i>There is nothing wrong with that, but this is larger than 1024,</i><br />
<i>and could in certain setups cause problems with:</i><br />
<i>1) software that runs at boot time (e.g., old versions of LILO)</i><br />
<i>2) booting and partitioning software from other OSs</i><br />
<i> (e.g., DOS FDISK, OS/2 FDISK)</i><br />
<i><br /></i>
<i>Command (m for help): d</i><br />
<i>Partition number (1-4): 2</i><br />
<i><br /></i>
<i>Command (m for help): n</i><br />
<i>Command action</i><br />
<i> e extended</i><br />
<i> p primary partition (1-4)</i><br />
<i>p</i><br />
<i>Partition number (1-4): 2</i><br />
<i>First cylinder (14-1529, default 14):</i><br />
<i>Using default value 14</i><br />
<i>Last cylinder or +size or +sizeM or +sizeK (14-1529, default 1529):</i><br />
<i>Using default value 1529</i><br />
<br />
- Reboot to use the new partition :<br />
<i># reboot -n</i><br />
<i><br /></i>
<i>Broadcast message from root (pts/0) (Tue Jul 15 14:38:48 2014):</i><br />
<i><br /></i>
<i>The system is going down for reboot NOW!</i><br />
<br />
- Control the physical volume :<br />
<i># pvdisplay</i><br />
<i> --- Physical volume ---</i><br />
<i> PV Name /dev/xvda2</i><br />
<i> VG Name VolGroup00</i><br />
<i> PV Size 5.76 GB / not usable 10.87 MB</i><br />
<i> Allocatable yes (but full)</i><br />
<i> PE Size (KByte) 32768</i><br />
<i> Total PE 184</i><br />
<i> Free PE 0</i><br />
<i> Allocated PE 184</i><br />
<i> PV UUID SaMlQo-Ct55-8IhX-ZEaf-rT4X-gISK-XEwdvc</i><br />
<br />
- Resize the physical volume to use entire disk :<br />
<i># pvresize /dev/xvda2</i><br />
<i> Physical volume "/dev/xvda2" changed</i><br />
<i> 1 physical volume(s) resized / 0 physical volume(s) not resized</i><br />
<br />
- Scan the volume group :<br />
<i># vgs</i><br />
<i> VG #PV #LV #SN Attr VSize VFree</i><br />
<i> VolGroup00 1 2 0 wz--n- 11.59G 5.84G</i><br />
<br />
- Scan the logical Volumes in VolumeGroup :<br />
<i># lvscan</i><br />
<i> ACTIVE '/dev/VolGroup00/LogVol00' [5.25 GB] inherit</i><br />
<i> ACTIVE '/dev/VolGroup00/LogVol01' [512.00 MB] inherit</i><br />
<br />
- Extend the volume used for swap first :<br />
<i># lvextend -L +1536M /dev/VolGroup00/LogVol01</i><br />
<i> Extending logical volume LogVol01 to 2.00 GB</i><br />
<i> Logical volume LogVol01 successfully resized</i><br />
<br />
- Extend root filesystem with all the space free in volumeGroup :<br />
<i># lvextend -l +100%FREE /dev/VolGroup00/LogVol00</i><br />
<i> Extending logical volume LogVol00 to 9.59 GB</i><br />
<i> Logical volume LogVol00 successfully resized</i><br />
<br />
- Disable the swap :<br />
<i># swapoff /dev/mapper/VolGroup00-LogVol01</i><br />
<br />
- Recreate the swap with the new logical volume :<br />
<i># mkswap /dev/mapper/VolGroup00-LogVol01</i><br />
<i>Setting up swapspace version 1, size = 2147479 kB</i><br />
<br />
- Enable the swap with the new logical volume :<br />
<i># swapon /dev/mapper/VolGroup00-LogVol01</i><br />
<br />
- Control new filesystem size :<br />
<i># df -m</i><br />
<i>Filesystem 1M-blocks Used Available Use% Mounted on</i><br />
<i>/dev/mapper/VolGroup00-LogVol00</i><br />
<i> 9516 3449 5576 39% /</i><br />
<i>/dev/xvda1 99 23 71 25% /boot</i><br />
<i>tmpfs 3998 0 3998 0% /dev/shm</i><br />
<br />
<u>Note : Another approach can be made by adding a disk to system VG instead of resizing. </u><br />
<br />Anonymoushttp://www.blogger.com/profile/10578247333336451445noreply@blogger.com0tag:blogger.com,1999:blog-8005826118597231502.post-57460447570784979652014-11-11T11:44:00.002-08:002015-01-21T13:25:28.972-08:00How to configure replication on openldap 2.4.23<span style="color: #3d85c6;"><b>Configure ldap Replication</b></span><br />
<br />
<b>Populate master node with a replication account :</b><br />
<u>On master Node : </u><br />
create a ldif file contains account informations :<br />
<i># cat /tmp/addreplicator.ldif</i><br />
<i>dn: cn=replication,dc=el01,dc=com</i><br />
<i>objectClass: top</i><br />
<i>objectClass: person</i><br />
<i>objectClass: organizationalPerson</i><br />
<i>cn: replication</i><br />
<i>sn: replication</i><br />
<i>userPassword:: e3NzaGF9V0xuYVpQaWRibENDU1hKYkpiVXVTSGhWb3hVRHFLZ09jT2RJSmc9P</i><br />
<span class="Apple-tab-span" style="white-space: pre;"> </span><br />
<b>Add replication account by using ldapadd command : </b><br />
<i># ldapadd -x -D "cn=Manager,dc=el01,dc=com" -w welcome1 -f addreplicator.ldif -h localhost -p 389</i><br />
<i>adding new entry "cn=Replication,dc=el01,dc=com"</i><br />
<b><br /></b>
<b>Add access to replication user</b><br />
<u>On master node : </u><br />
Edit /etc/openldap/slapd.d/cn=config/olcDatabase={2}bdb.ldif to grant read permissions to replication user on all attributes :<br />
<i># vi /etc/openldap/slapd.d/cn=config/olcDatabase={2}bdb.ldif </i><br />
<i>…</i><br />
<i>olcAccess: {0}to attrs=userPassword</i><br />
<i> by self =xw</i><br />
<i> by dn.exact="uid=pwreset,dc=el01,dc=com" =xw</i><br />
<i> by dn.exact="uid=replication,dc=el01,dc=com" read</i><br />
<i> by anonymous auth</i><br />
<i> by * none</i><br />
<i>olcAccess: {1}to *</i><br />
<i> by anonymous auth</i><br />
<i> by self write</i><br />
<i> by dn.exact="uid=replication,dc=el01,dc=com" read</i><br />
<i> by users read</i><br />
<i> by * none</i><br />
<br />
<b>Enable syncProv module</b><br />
<u>On master node : </u><br />
Create a new file /etc/openldap/slapd.d/cn=config/cn=module{0}.ldif with the following content :<br />
<i># vi /etc/openldap/slapd.d/cn=config/cn=module{0}.ldif </i><br />
<i>dn: cn=module{0}</i><br />
<i>objectClass: olcModuleList</i><br />
<i>cn: module{0}</i><br />
<i>olcModulePath: /usr/lib64/openldap</i><br />
<i>olcModuleLoad: {0}back_bdb</i><br />
<i>olcModuleLoad: {1}syncprov</i><br />
<br />
<b>Configure syncProv module</b><br />
- Turn on SyncProv module for each directory to synchronize :<br />
<i># mkdir /etc/openldap/slapd.d/cn=config/olcDatabase={0}config</i><br />
<i><br /></i>
<i># mkdir /etc/openldap/slapd.d/cn=config/olcDatabase={2}bdb</i><br />
<i><br /></i>
<i># touch /etc/openldap/slapd.d/cn=config/olcDatabase\=\{0\}config/olcOverlay={0}syncprov.ldif</i><br />
<i><br /></i>
<i># touch /etc/openldap/slapd.d/cn=config/olcDatabase\=\{2\}bdb/olcOverlay={0}syncprov.ldif </i><br />
<br />
- Add the following content to each synchprov ldif file :<br />
<i>dn: olcOverlay={0}syncprov</i><br />
<i>objectClass: olcOverlayConfig</i><br />
<i>objectClass: olcSyncProvConfig</i><br />
<i># </i><br />
<i># Sync Setup for the main LDAP Database</i><br />
<i>#</i><br />
<i>olcOverlay: {0}syncprov</i><br />
<i># Sync Checkpoints every 20 changes or 1 hour</i><br />
<i>olcSpCheckpoint: 20 60</i><br />
<i># Keep a fair number of operations in the log</i><br />
<i>olcSpSessionlog: 1000</i><br />
<br />
<b>Restart ldap service</b><br />
<u>On master Node : </u><br />
start ldap service and control there is no errors : <br />
<br />
<i># service ldap start</i><br />
<i>Starting slapd: [ OK ]</i><br />
<br />
<b><u>Configure slave(s)</u></b><br />
On slave Node, install and configure openldap as indicate in <a href="http://ddewailly.blogspot.fr/2014/11/how-to-install-and-configure-openldap-2.html">my previous article</a>, except step for populate directory.<br />
<br />
<b>Configure ldap slave</b><br />
<b>On slave Node : </b><br />
edit /etc/openldap/slapd.d/cn=config/olcDatabase={2}bdb.ldif :<br />
<i># vi /etc/openldap/slapd.d/cn=config/olcDatabase={2}bdb.ldif</i><br />
<i>olcSyncrepl: rid=100</i><br />
<i> provider="ldaps://ldap-master.example.org:389/"</i><br />
<i> type=refreshAndPersist</i><br />
<i> retry="60 30 300 +"</i><br />
<i> searchbase="dc=el01,dc=com"</i><br />
<i> bindmethod=simple</i><br />
<i> binddn="uid=replication,dc=el01,dc=com"</i><br />
<i> credentials=replicationPASSWORD</i><br />
<br />
<u>Note : RID must be unique per slave and needs to be a 3 digits number.</u><br />
<br />
<u>Note : ldap Directory must be empty before starting slapd. </u><br />
<br />
<b>Start slapd</b><br />
Start ldap service :<br />
<i># service ldap start</i><br />
<i>Starting slapd: [ OK ]</i><br />
<br />
<b>Replication control</b><br />
Control replication by using ldapsearch on the second node :<br />
<i># ldapsearch -x -b "cn=wls,ou=Group,dc=el01,dc=com" -D "cn=Manager,dc=el01,dc=com" -w welcome1 -h <slaveNodeAddress></i><br />
<i># extended LDIF</i><br />
<i>#</i><br />
<i># LDAPv3</i><br />
<i># base <cn=wls,ou=Group,dc=el01,dc=com> with scope subtree</i><br />
<i># filter: (objectclass=*)</i><br />
<i># requesting: ALL</i><br />
<i>#</i><br />
<i><br /></i>
<i># wls, Group, el01.com</i><br />
<i>dn: cn=wls,ou=Group,dc=el01,dc=com</i><br />
<i>objectClass: posixGroup</i><br />
<i>objectClass: top</i><br />
<i>cn: wls</i><br />
<i>gidNumber: 600</i><br />
<i><br /></i>
<i># search result</i><br />
<i>search: 2</i><br />
<i>result: 0 Success</i><br />
<i><br /></i>
<i># numResponses: 2</i><br />
<i># numEntries: 1</i><br />
<br />
If the result is one or more entries, the replication is working.<br />
<br />
<u>Note : It is possible to control replication with replica log file on master node</u>Anonymoushttp://www.blogger.com/profile/10578247333336451445noreply@blogger.com0tag:blogger.com,1999:blog-8005826118597231502.post-45318667607213949982014-11-04T08:26:00.000-08:002015-06-03T04:56:27.593-07:00Install & configure openldap 2.4.23<b><span style="color: #3d85c6;">How to install and configure openldap 2.4.23 on OEL6.5 :</span></b><br />
<b><br /></b>
<b><u>Prerequisites</u></b><br />
<b>- Ntp Server : </b><br />
On each server, ntp must be configured.<br />
Update /etc/ntp.conf with customer ntp, if enterprise ntp server can be joined.<br />
If not, it is possible to use Ops Center virtual server as ntp server.<br />
After modification, restart ntp service :<br />
<i># service ntpd stop</i><br />
<i>Shutting down ntpd: [ OK ]</i><br />
<i># service ntpd start</i><br />
<i>Starting ntpd: [ OK ]</i><br />
<br />
<b>- Name service :</b><br />
<br />
To complete configuration, it is recommended to add ldap servers in Enterprise Name Service directory.<br />
If not possible, add each entry in /etc/hosts file, and each ldap servers node, and in each ldap clients node.<br />
<br />
<b><u>Installation</u></b><br />
Rpm packages :<br />
If no yum repository is configured, you can install rpm openldap with dependencies rpm.<br />
<u>On each ldap client machine : </u><br />
Openldap-clients<br />
nss-pam-ldapd<br />
nss-util<br />
authconfig-gtk<br />
pam_ldap<br />
<br />
<u>On each ldap server : </u><br />
Openldap-servers<br />
Nss-ldap<br />
Libtool-ltld<br />
cyrus-sasl-devel<br />
<div>
<br /></div>
<div>
<div>
<u><b>Configure</b></u></div>
<div>
<b>Configuration file : </b></div>
<div>
<u>/etc/openldap/slapd.d/cn=config.ldif</u></div>
<div>
Make a backup of this file before any modification.</div>
<div>
<br /></div>
<div>
Edit the cn=config.ldif file to provide security informations : </div>
<div>
Delete ldapv2 connections, allow only ldapv3, by deleting this line : </div>
<div>
olcAllows: bind_v2</div>
<div>
<br /></div>
<div>
Add Idle Connection Timeout to avoid maintaining Idle connections, add or modify the following line :</div>
<div>
olcIdleTimeout 60</div>
<div>
<br /></div>
<div>
<b>Database files</b></div>
<div>
<u>Create a Rootpassword : </u></div>
<div>
Create an encoded root password for ldap directory with slappasswd command : </div>
<div>
<i># slappasswd</i></div>
<div>
<i>New password:</i></div>
<div>
<i>Re-enter new password:</i></div>
<div>
<i>{SSHA}F8SO2XunEKdP2qK4ZTFWicmaF/DrkW1Q</i></div>
<div>
<br /></div>
<div>
<u>Edit Database file : olcDatabase={2}bdb.ldif</u></div>
<div>
Make a backup of this file before any modification.</div>
<div>
<br /></div>
<div>
Edit /etc/openldap/slapd.d/cn=config/olcDatabase={2}bdb.ldif :</div>
<div>
Modify olcSuffix to desired ldap configuration : </div>
<div>
<i> olcSuffix: dc=el01,dc=com</i></div>
<div>
<br /></div>
<div>
Modify ldap administrator olcRootDN : </div>
<div>
<i> olcRootDN: cn=manager,dc=el01,dc=com</i></div>
<div>
<br /></div>
<div>
Add Root password (with password generated in 4.2.1) : </div>
<div>
<i>olcRootPW: {SSHA}F8SO2XunEKdP2qK4ZTFWicmaF/DrkW1Q</i></div>
<div>
<br /></div>
<div>
<b><u>Start ldap service</u></b></div>
<div>
Start the ldap service to check configuration files and to populate database online.</div>
<div>
<br /></div>
<div>
<i># chkconfig sldapd on</i></div>
<div>
<i># service slapd start</i></div>
<div>
<i>Starting slapd: [OK]</i></div>
<div>
<br /></div>
<div>
<u><b>Populate database (online)</b></u></div>
<div>
Populate the database with ldif file for creating users and groups branchs : </div>
<div>
Create ldif file for create ldap tree (following contents is an example) : </div>
<div>
<i># vi /tmp/ldapentries.ldif</i></div>
<div>
<i>dn: dc=el01,dc=com</i></div>
<div>
<i>objectclass: dcObject</i></div>
<div>
<i>objectclass: organization</i></div>
<div>
<i>o: el01 com</i></div>
<div>
<i>dc: el01</i></div>
<div>
<i><br /></i></div>
<div>
<i>dn: ou=People,dc=el01,dc=com</i></div>
<div>
<i>objectClass: organizationalUnit</i></div>
<div>
<i>objectClass: top</i></div>
<div>
<i>ou: People</i></div>
<div>
<i><br /></i></div>
<div>
<i>dn: ou=Group,dc=el01,dc=com</i></div>
<div>
<i>objectClass: organizationalUnit</i></div>
<div>
<i>objectClass: top</i></div>
<div>
<i>ou: Group</i></div>
<div>
<i><br /></i></div>
<div>
<i>dn: cn=admin,dc=el01,dc=com</i></div>
<div>
<i>objectclass: organizationalRole</i></div>
<div>
<i>cn: admin</i></div>
<div>
<i><br /></i></div>
<div>
<i># Add a user to test ldap</i></div>
<div>
<i>dn: uid=ddewailly,ou=People,dc=el01,dc=com</i></div>
<div>
<i>objectclass: top</i></div>
<div>
<i>objectclass: person</i></div>
<div>
<i>objectclass: inetOrgPerson</i></div>
<div>
<i>objectclass: organizationalPerson</i></div>
<div>
<i>uid: ddewailly</i></div>
<div>
<i>cn: David Dewailly</i></div>
<div>
<i>sn: Dewailly</i></div>
<div>
<i>givenName: David</i></div>
<div>
<br />
<u><b>Use clear text mode : </b></u><br />
If you don't want to use ldaps, modify /etc/sysconfig/authconfig file and replace FORCELEGACY=no by FORCELEGACY=yes<br />
<br /></div>
<div>
<u><b>Populate with ldapadd command : </b></u></div>
<div>
<i># ldapadd -f /tmp/ldapentries.ldif -x -D cn=Manager,dc=el01,dc=com -W -c</i></div>
<div>
<br /></div>
<div>
<u>Note : No space must be placed at the end of each line, use only new line characters.</u></div>
<div>
<br /></div>
<div>
Make a search to control entries previously added : </div>
<div>
<i># ldapsearch -x -D cn=Manager,dc=el01,dc=com -W -b 'dc=el01,dc=com' '(objectclass=*)'</i></div>
</div>
Anonymoushttp://www.blogger.com/profile/10578247333336451445noreply@blogger.com0