From 87734658aa5e4cb10e4db7f1001a28343f17353c Mon Sep 17 00:00:00 2001
From: Joze RIHTARSIC <joze.RIHTARSIC@ext.ec.europa.eu>
Date: Tue, 7 Jun 2022 10:27:58 +0200
Subject: [PATCH] setup weblogic 12.2c cluster environment
---
smp-docker/compose/weblogic-oracle/README.md | 16 +++
.../weblogic-oracle/docker-compose.yml | 6 +-
.../weblogic-init/datasource.properties | 3 +-
.../compose/weblogic-oracle/runCompose.sh | 13 +-
smp-docker/images/build-docker-images.sh | 28 +++-
.../images/weblogic-12.2-smp/Dockerfile | 13 +-
smp-docker/images/weblogic-12.2-smp/README.md | 134 +++++++++++++++---
.../init-scripts/create-wls-domain.py | 2 -
.../init-scripts/createWLSDomain.sh | 33 +++--
.../init-scripts/deploySMPToDomain.sh | 2 +-
.../init-scripts/enable-server-https.py | 57 ++++++++
.../init-scripts/functions/keystore.functions | 30 ++--
.../container-scripts/startAdminServer.sh | 48 ++-----
.../container-scripts/startManagedServer.sh | 23 +--
.../properties/init/datasource.properties | 3 +-
smp-docker/pom.xml | 32 ++++-
16 files changed, 324 insertions(+), 119 deletions(-)
create mode 100644 smp-docker/compose/weblogic-oracle/README.md
create mode 100644 smp-docker/images/weblogic-12.2-smp/container-scripts/init-scripts/enable-server-https.py
diff --git a/smp-docker/compose/weblogic-oracle/README.md b/smp-docker/compose/weblogic-oracle/README.md
new file mode 100644
index 000000000..e4e3fb07a
--- /dev/null
+++ b/smp-docker/compose/weblogic-oracle/README.md
@@ -0,0 +1,16 @@
+# WebLogic oracle docker plan
+WebLogic Oracle database plan starts up clustered WebLogic 12.2c environment with the Oracle 11xe or oracle 19c database.
+The cluster is consisted from two nodes and the admin served. DB Connection pool and the SMP application is deployed to all
+servers.
+
+# start environment
+execute bash script
+
+ ./compose/weblogic-oracle/runCompose.sh
+
+**Note**: if the Nodes are not starting (Caused By: com.rsa.jsafe.JSAFE_PaddingException: Invalid padding.). Please make sure
+the notes are using the same ./smp-docker/compose/weblogic-oracle/data/smp-cluster-4.2-RC2-SNAPSHOT.jar generated from the admin server!
+
+
+Restart clean node-01
+docker-compose -f ./compose/weblogic-oracle/docker-compose.yml -p smp-wls-orcl up --force-recreate --no-deps smp-node-01
\ No newline at end of file
diff --git a/smp-docker/compose/weblogic-oracle/docker-compose.yml b/smp-docker/compose/weblogic-oracle/docker-compose.yml
index 3d2f7144e..7f98556df 100644
--- a/smp-docker/compose/weblogic-oracle/docker-compose.yml
+++ b/smp-docker/compose/weblogic-oracle/docker-compose.yml
@@ -22,7 +22,7 @@ services:
environment:
- JAVA_OPTIONS="-Dweblogic.webservice.i18n.charset=utf-8"
# ports:
-# - 7902:7001
+# - 7901:7001
volumes:
- ./properties/weblogic-init:/u01/init/
- ./data:/data
@@ -70,9 +70,7 @@ services:
- NODE_HOSTNAMES=smp-node-01,smp-node-02
- NODE_PORT_NUMBERS=8001,8001
ports:
- - "7901:80"
+ - "7980:80"
restart: always
-volumes:
- shared-status-folder:
diff --git a/smp-docker/compose/weblogic-oracle/properties/weblogic-init/datasource.properties b/smp-docker/compose/weblogic-oracle/properties/weblogic-init/datasource.properties
index 1f77d6d79..2bdd46c3d 100644
--- a/smp-docker/compose/weblogic-oracle/properties/weblogic-init/datasource.properties
+++ b/smp-docker/compose/weblogic-oracle/properties/weblogic-init/datasource.properties
@@ -1,9 +1,8 @@
dsname=eDeliverySmpDs
-dsdbname=default;create=true
+dsdbname=eDeliverySmpDs
dsjndiname=jdbc/eDeliverySmpDs
dsdriver=oracle.jdbc.OracleDriver
dsurl=jdbc:oracle:thin:@//smp-oracle-db:1521/xe
dsusername=smp
dspassword=test
dstestquery=SQL SELECT 1 FROM DUAL
-dsmaxcapacity=1
diff --git a/smp-docker/compose/weblogic-oracle/runCompose.sh b/smp-docker/compose/weblogic-oracle/runCompose.sh
index 9f14f2ff3..8184741ce 100755
--- a/smp-docker/compose/weblogic-oracle/runCompose.sh
+++ b/smp-docker/compose/weblogic-oracle/runCompose.sh
@@ -1,6 +1,8 @@
#!/bin/bash
-WORKING_DIR="$(dirname $0)"
+#WORKING_DIR="$(dirname $0)"
+WORKING_DIR="$(cd -P "$( dirname "${BASH_SOURCE[0]}" )" && pwd)"
+
SMP_INIT_DATABASE="../../../smp-webapp/src/main/smp-setup/database-scripts/oracle10g.ddl"
#SMP_INIT_DATABASE_DATA="../../../smp-webapp/src/main/smp-setup/database-scripts/oracle10g-data.sql"
SMP_INIT_DATABASE_DATA="../../../smp-soapui-tests/groovy/oracle-4.1_integration_test_data.sql"
@@ -73,7 +75,12 @@ function createDatabaseSchemaForUser() {
function clearOldContainers {
echo "Clear containers and volumes"
docker-compose -p "${PREFIX}" rm -s -f -v
- docker volume rm "${PREFIX}_shared-status-folder"
+ echo "Clear container data ${WORKING_DIR}/data/"
+ rm -rf ${WORKING_DIR}/data/smp/config/*.*
+ rm -rf ${WORKING_DIR}/data/smp/security/*.*
+ rm -rf ${WORKING_DIR}/data/weblogic/keystores/*.*
+ rm -rf ${WORKING_DIR}/data/weblogic/security.properties
+ rm -rf ${WORKING_DIR}/data/*.jar
}
createDatabaseSchemaForUser $SMP_DB_USERNAME $SMP_DB_PASSWORD "${SMP_DB_SCRIPTS}/01_create_user.sql"
@@ -109,5 +116,5 @@ docker-compose -p ${PREFIX} up -d --force-recreate
# wait until service is up
-for i in `seq 200`; do timeout 10 bash -c ' curl --silent --fail http://localhost:7901/smp/'; if [ $? -eq 0 ] ; then break;fi; echo "$i. Wait for weblogic to start!"; sleep 10; done;
+for i in `seq 200`; do timeout 10 bash -c ' curl --silent --fail http://localhost:7980/smp/'; if [ $? -eq 0 ] ; then break;fi; echo "$i. Wait for weblogic to start!"; sleep 10; done;
diff --git a/smp-docker/images/build-docker-images.sh b/smp-docker/images/build-docker-images.sh
index 6f0a43b2e..9bf47f9a9 100755
--- a/smp-docker/images/build-docker-images.sh
+++ b/smp-docker/images/build-docker-images.sh
@@ -53,7 +53,6 @@ while getopts v:o:s:c:p: option; do
esac
done
-
if [[ -z "${SMP_VERSION}" ]]; then
# get version from setup file
echo "Get version from the pom: $(pwd)"
@@ -94,12 +93,10 @@ validateAndPrepareArtefacts() {
;;
esac
-
export ORA_VERSION
export ORA_EDITION
export ORA_SERVICE
-
# check oracle database
if [[ ! -f "${ORACLE_ARTEFACTS}/Oracle/OracleDatabase/${ORA_VERSION}/${ORACLE_DB_FILE}" ]]; then
echo "Oracle database artefacts '${ORACLE_ARTEFACTS}/Oracle/OracleDatabase/${ORA_VERSION}/${ORACLE_DB_FILE}' not found."
@@ -127,8 +124,6 @@ validateAndPrepareArtefacts() {
cp "${ORACLE_ARTEFACTS}/${WEBLOGIC_122_QUICK_FILE}" ./oracle/weblogic-12.2.1.4/
fi
-
-
if [[ ! -d "./tomcat-mysql-smp-sml/artefacts/" ]]; then
mkdir -p "./tomcat-mysql-smp-sml/artefacts"
fi
@@ -178,20 +173,39 @@ buildImages() {
# -----------------------------------------------------------------------------
# oracle 1.2.0.2-xe (https://github.com/oracle/docker-images/tree/master/OracleDatabase/SingleInstance/dockerfiles/11.2.0.2)
docker build -f ./oracle/oracle-db-${ORA_VERSION}/${ORACLE_DOCKERFILE} -t "smp-oradb-${ORA_VERSION}-${ORA_EDITION}:${SMP_VERSION}" --build-arg DB_EDITION=${ORA_EDITION} ./oracle/oracle-db-${ORA_VERSION}/
-
+ if [ $? -ne 0 ]; then
+ echo "Error occurred while building image [smp-oradb-${ORA_VERSION}-${ORA_EDITION}:${SMP_VERSION}]!"
+ exit 10
+ fi
# -----------------------------------------------------------------------------
# build docker image for oracle database
# -----------------------------------------------------------------------------
# create docker OS image with java (https://github.com/oracle/docker-images/tree/master/OracleJava/java-8)
docker build -t oracle/serverjre:8 ./oracle/OracleJava/java-8/
+ if [ $? -ne 0 ]; then
+ echo "Error occurred while building image for oracle server-java!"
+ exit 10
+ fi
- # create weblogic basic (https://github.com/oracle/docker-images/tree/master/OracleWebLogic/dockerfiles/12.2.1.3)
+ # create weblogic basic (https://github.com/oracle/docker-images/tree/master/OracleWebLogic/dockerfiles/12.2.1.4)
docker build -f ./oracle/weblogic-12.2.1.4/Dockerfile.developer -t oracle/weblogic:12.2.1.4-developer ./oracle/weblogic-12.2.1.4/
+ if [ $? -ne 0 ]; then
+ echo "Error occurred while building image for oracle weblogic:12.2.1.4 server!"
+ exit 10
+ fi
# build SMP deployment.
docker build -t "smp-weblogic-122:${SMP_VERSION}" ./weblogic-12.2-smp/ --build-arg SMP_VERSION="$SMP_VERSION"
+ if [ $? -ne 0 ]; then
+ echo "Error occurred while building image [smp-weblogic-122:${SMP_VERSION}]!"
+ exit 10
+ fi
# build tomcat mysql image deployment.
docker build -t "smp-sml-tomcat-mysql:${SMP_VERSION}" ./tomcat-mysql-smp-sml/ --build-arg SMP_VERSION=${SMP_VERSION}
+ if [ $? -ne 0 ]; then
+ echo "Error occurred while building image [smp-sml-tomcat-mysql:${SMP_VERSION}]!"
+ exit 10
+ fi
}
function pushImageToDockerhub() {
diff --git a/smp-docker/images/weblogic-12.2-smp/Dockerfile b/smp-docker/images/weblogic-12.2-smp/Dockerfile
index 563aafa31..a40612256 100644
--- a/smp-docker/images/weblogic-12.2-smp/Dockerfile
+++ b/smp-docker/images/weblogic-12.2-smp/Dockerfile
@@ -37,9 +37,10 @@ ARG WL_ADMIN_PORT="${WL_ADMIN_PORT:-7001}"
ARG WL_ADMIN_PORT_HTTPS="${WL_ADMIN_PORT_HTTPS:-7002}"
ARG WL_MANAGED_SERVER_PORT="${WL_MANAGED_SERVER_PORT:-8001}"
ARG SMP_CONFIG_DIR=/data/smp
+ARG WL_DATA_WEBLOGIC=/data/weblogic
# set following build arguments also the environment arguments
-ENV APP_VERSION=$SMP_VERSION \
+ENV SMP_VERSION=$SMP_VERSION \
LC_ALL=$LC_ALL \
LANG=$LANG \
LANGUAGE=$LANGUAGE \
@@ -56,10 +57,12 @@ ENV APP_VERSION=$SMP_VERSION \
WL_MANAGED_SERVER_PORT="${WL_MANAGED_SERVER_PORT}" \
WL_ADMIN_NAME="${WL_ADMIN_NAME}" \
WL_CLUSTER_NAME="${WL_CLUSTER_NAME}" \
- SMP_CONFIG_DIR=${SMP_CONFIG_DIR} \
- CLASSPATH=${SMP_CONFIG_DIR}/config \
- WL_SECURITY_FILE=/data/weblogic/security.properties \
- PATH=$PATH:/u01/oracle/oracle_common/common/bin:/u01/oracle/wlserver/common/bin:${WL_DOMAIN_HOME}:${WL_DOMAIN_HOME}/bin:${ORACLE_HOME} \
+ SMP_CONFIG_DIR=${SMP_CONFIG_DIR:-/data/smp} \
+ SMP_SECURITY_DIR="${SMP_CONFIG_DIR}/security" \
+ CLASSPATH="${SMP_CONFIG_DIR}/config" \
+ WL_DATA_WEBLOGIC="${WL_DATA_WEBLOGIC:-/data/weblogic}" \
+ WL_SECURITY_FILE="${WL_DATA_WEBLOGIC}/security.properties" \
+ PATH="$PATH:/u01/oracle/oracle_common/common/bin:/u01/oracle/wlserver/common/bin:${WL_DOMAIN_HOME}:${WL_DOMAIN_HOME}/bin:${ORACLE_HOME}" \
# configurable argumentst at containe start
WL_ADMIN_HOST="${WL_ADMIN_HOST:-localhost}" \
WL_SERVER_TLS_KEYSTORE_PASS="${WL_SERVER_TLS_KEYSTORE_PASS:-test123}" \
diff --git a/smp-docker/images/weblogic-12.2-smp/README.md b/smp-docker/images/weblogic-12.2-smp/README.md
index 63dee3288..f7cd60eb0 100644
--- a/smp-docker/images/weblogic-12.2-smp/README.md
+++ b/smp-docker/images/weblogic-12.2-smp/README.md
@@ -1,36 +1,49 @@
-Example of Image with WLS Domain
+SMP docker image
================================
-This Dockerfile extends the Oracle WebLogic image built under 12213-domain-home-in-image and deploy the sample application to the cluster.
+This Dockerfile extends the Oracle WebLogic image built from Oracle WebLogic Server 12cR2 (12.2.1.4). The image deploy the SMP application to admin
+server and to the cluster.
+The image does not initialize the domain nor deploy the SMP to the WebLogic domain. Instead, it sets all prerequisites to
+create the WebLogic domain and deploy SMP at the first startup of the image. Initializing the domain at first startup allows
+users more flexibility in the domain configuration and SMP deployment. When the domain initialization is completed,
+the domain package is stored in the file: "${DOCKER_DATA}/${WL_CLUSTER_NAME}.jar"
+(when using the default values, the file is: /data/smp-cluster.jar). The file must be mounted to the same location in the starting
+nodes to be started as a cluster node for the same domain. The easiest way is to mount folder: ./data:/data to the
+admin server and cluster nodes.
-This sample deploys a simple, one-page web application contained in a ZIP archive. This archive needs to be built (one time only) before building the Docker image.
- $ ./build-archive.sh
+# How to build the image
-# How to build and run
-To deploy an application to a domain where the domain home is inside the image you extend the image `12213-domain-home-in-image` and using WLST offline you deploy the sample application. First make sure you have built sample WebLogic domain image inside **12213-domain-home-in-image**. Now to build this sample, run:
+The following preconditions must be met to build the image:
+ - image [oracle/weblogic:12.2.1.4-developer](../oracle/weblogic-12.2.1.4) must be build or must be accessible via "docker pull registry"
+ - smp artefacts *smp.war* and *smp-setup.zip* must be added to subfolder *./artefacts*.
+
+
+To build image executed the command (set the smp version accordingly)
+
+ $ docker build -t "smp-weblogic-122:4.2-SNAPSHOT" . --build-arg SMP_VERSION=4.2-SNAPSHOT
- $ docker build --build-arg APPLICATION_NAME=sample --build-arg APPLICATION_PKG=archive.zip -t 12213-domain-with-app .
# How to run the domain
-Follow the instructions in the sample `OracleWebLogic/samples/12213-domain-home-in-image` to define your domain properties in the domain.properties and domain-security.properties files.
To start the containerized Administration Server, run:
- $ docker run -d --name wlsadmin --hostname wlsadmin -p 7001:7001 \
- -v <HOST DIRECTORY TO PROPERTIES FILE>/properties/docker-run:/u01/oracle/properties \
- 12213-domain-with-app
+ $ docker run -d --name wlsadmin --hostname smp-wls-admin -p 7001:7001 \
+ -v <HOST DIRECTORY TO SHARED DATA>/dasta:/data \
+ smp-weblogic-122:4.2-SNAPSHOT
-To start a containerized Managed Server (MS1) to self-register with the Administration Server above, run:
+To start a containerized Managed Server (smp-node-1) to self-register with the Administration Server above, run:
- $ docker run -d --name MS1 --link wlsadmin:wlsadmin -p 8001:8001 \
- -v <HOST DIRECTORY TO PROPERTIES FILE>/properties/docker-run:/u01/oracle/properties \
- -e MANAGED_SERV_NAME=managed-server1 12213-domain-with-app startManagedServer.sh
+ $ docker run -d --name smp-node-1 -p 8001:8001 \
+ -v <HOST DIRECTORY TO SHARED DATA>/dasta:/data \
+ -e WL_ADMIN_HOST=smp-wls-admin \
+ -e WL_MANAGED_SERV_NAME=smp-node-1 smp-weblogic-122:4.2-SNAPSHOT startManagedServer.sh
-To start a second Managed Server (MS2), run:
+To start a second Managed Server (smp-node-2), run:
- $ docker run -d --name MS2 --link wlsadmin:wlsadmin -p 8002:8001 \
- -v <HOST DIRECTORY TO PROPERTIES FILE>/properties/docker-run:/u01/oracle/properties \
- -e MANAGED_SERV_NAME=managed-server2 12213-domain-with-app startManagedServer.sh
+ $ docker run -d --name smp-node-2 -p 8001:8001 \
+ -v <HOST DIRECTORY TO SHARED DATA>/dasta:/data \
+ -e WL_ADMIN_HOST=smp-wls-admin \
+ -e WL_MANAGED_SERV_NAME=smp-node-2 smp-weblogic-122:4.2-SNAPSHOT startManagedServer.sh
Run the WLS Administration Console:
@@ -39,7 +52,82 @@ In your browser, enter `https://localhost:7001/console`.
Run the sample application:
-To access the sample application, in your browser enter `http://localhost:7001/sample`.
-
-# Copyright
-Copyright (c) 2019 Oracle and/or its affiliates. All rights reserved.
+To access the sample application, in your browser enter `http://localhost:7001/smp/`.
+
+# SMP and WebLogic configuration
+
+At the first startup of the admin server, the domain is initialized and stored into the file:
+`${DOCKER_DATA}/${WL_CLUSTER_NAME}-${SMP_VERSION}.jar`
+ (the default values gives file path: `/data/smp-cluster-4.2-SNAPSHOT.jar`). The file is needed to create node deployment
+ on an empty WebLogic installation using the: unpack.sh command. Make sure the file is available on the same container
+ path when starting the nodes.
+
+## WebLogic domain init configuration
+When the domain has initialized the file
+`./weblogic-12.2-smp/properties/init/domain.properties` is used as domain base properties. To the file, the following
+environment properties are appended:
+See the: `weblogic-12.2-smp/container-scripts/init-scripts/createWLSDomain.sh`
+
+ DOMAIN_NAME=${WL_DOMAIN_NAME}
+ ADMIN_PORT=${WL_ADMIN_PORT}
+ ADMIN_HTTPS_PORT=${WL_ADMIN_PORT_HTTPS}
+ ADMIN_NAME=${WL_ADMIN_NAME}
+ ADMIN_HOST=${WL_ADMIN_HOST}
+ MANAGED_SERVER_PORT=${WL_MANAGED_SERVER_PORT}
+ MANAGED_SERVER_NAME_BASE=${WL_MANAGED_SERV_BASE_NAME}
+ CONFIGURED_MANAGED_SERVER_COUNT=${WL_MANAGED_SERVER_COUNT}
+ CLUSTER_NAME=${WL_CLUSTER_NAME}
+ DEBUG_FLAG=${WL_DEBUG_FLAG}
+ PRODUCTION_MODE_ENABLED=${WL_PRODUCTION_MODE_ENABLED}
+
+In case other properties are needed, define your own "domain.properties" and map it to the container folder: `/u01/init/`
+as example:
+
+ volumes:
+ - ./properties/weblogic-init:/u01/init/
+
+
+## WebLogic admin username and password
+The weblogi admin username and password credential are used to access `https://localhost:7001/console` and also
+for the cluster nodes to connect to WebLogic admin. The credentials are not defined in folder
+`/u01/init/domain_security.properties` as example:
+
+ username=wls-smp
+ password=wls-pass-01
+
+The default user name is used, and a random password is generated. The password is logged to the admin logs at the domain
+initialization event.
+
+ ‘/u01/oracle/init/properties/domain_security.properties’: No such file or directory
+ To increase security please provide custom admin username and password in /tmp/create-domain/properties/domain_security.properties.
+ Generated WebLogic admin user with credentials: weblogic/9HLS3cugQBlXyncNC0GcHuE3MNbhgOrrcR5kZluXAA68lTJapKeYxk7D4LbeYTwc
+
+The credentials are copied to the file `/data/weblogic/security.properties`, with intention to be used for node server.
+After servers are started for the first time - the file can be removed/deleted
+
+ # example of generated /data/weblogic/security.properties
+ username=weblogic
+ password=weblogic-custom-password
+
+## Weblogic Database configuration.
+Weblogic database configured based on the file `/u01/init/datasource.properties`
+
+ dsname=eDeliverySmpDs
+ dsdbname=eDeliverySmpDs
+ dsjndiname=jdbc/eDeliverySmpDs
+ dsdriver=oracle.jdbc.OracleDriver
+ dsurl=jdbc:oracle:thin:@//smp-oracle-db:1521/xe
+ dsusername=smp
+ dspassword=test
+ dstestquery=SQL SELECT 1 FROM DUAL
+
+## SMP initial configuration.
+SMP initial configuration can be provided in file `/smp.config.properties`
+
+ # example of the SMP configuration file (please note the example where SMP uses JNDI datasource!)
+ hibernate.dialect=org.hibernate.dialect.Oracle10gDialect
+ datasource.jndi=jdbc/eDeliverySmpDs
+ configuration.dir=/data/smp/security
+ authentication.blueCoat.enabled=true
+ log.folder=./logs/
+
diff --git a/smp-docker/images/weblogic-12.2-smp/container-scripts/init-scripts/create-wls-domain.py b/smp-docker/images/weblogic-12.2-smp/container-scripts/init-scripts/create-wls-domain.py
index 7a1788e80..c0a01ac29 100644
--- a/smp-docker/images/weblogic-12.2-smp/container-scripts/init-scripts/create-wls-domain.py
+++ b/smp-docker/images/weblogic-12.2-smp/container-scripts/init-scripts/create-wls-domain.py
@@ -35,8 +35,6 @@ number_of_ms = int(CONFIGURED_MANAGED_SERVER_COUNT)
cluster_type = CLUSTER_TYPE
managed_server_name_base = MANAGED_SERVER_NAME_BASE
production_mode_enabled = PRODUCTION_MODE_ENABLED
-ksIdentityAlias = ADMIN_HOST
-ksIdentityPassword = SERVER_TLS_KEYSTORE_PASS
# Read the domain secrets from the common python file
#execfile('%s/read-domain-secret.py' % script_dir)
diff --git a/smp-docker/images/weblogic-12.2-smp/container-scripts/init-scripts/createWLSDomain.sh b/smp-docker/images/weblogic-12.2-smp/container-scripts/init-scripts/createWLSDomain.sh
index 2667fc1e1..054f24b99 100755
--- a/smp-docker/images/weblogic-12.2-smp/container-scripts/init-scripts/createWLSDomain.sh
+++ b/smp-docker/images/weblogic-12.2-smp/container-scripts/init-scripts/createWLSDomain.sh
@@ -9,6 +9,8 @@ INIT_SCRIPTS=$1
echo "Domain Home is: $WL_DOMAIN_HOME"
echo "Scripts folder is: $INIT_SCRIPTS"
+source "${INIT_SCRIPTS}/functions/keystore.functions"
+
# If AdminServer.log does not exists, container is starting for 1st time
# So it should start NM and also associate with AdminServer
# Otherwise, only start NM (container restarted)
@@ -59,6 +61,24 @@ function check_wls() {
echo -e "WebLogic Server has $action"
}
+
+function init_server_https_keystore(){
+ # configure https
+ CERTIFICATES=${CERTIFICATES:-/tmp/}
+ HOST_DOMAIN=${WL_ADMIN_HOST:-localhost}
+ # put keystore to wildfly configuration folder
+ [[ ! -d "${WL_DATA_WEBLOGIC}/keystores" ]] && mkdir -p "${WL_DATA_WEBLOGIC}/keystores"
+ KEYSTORE_PATH="${WL_DATA_WEBLOGIC}/keystores/admin-tls-keystore.p12"
+
+ CLIENT_KEYSTORE_PATH="${WL_DATA_WEBLOGIC}/keystores/client-tls-keystore.p12"
+ TRUSTSTORE_PATH="${WL_DATA_WEBLOGIC}/keystores/admin-tls-truststore.p12"
+
+ generateKeyStore "${HOST_DOMAIN}" "${WL_SERVER_TLS_KEYSTORE_PASS}" "${WL_SERVER_TLS_KEYSTORE_PASS}" "${KEYSTORE_PATH}"
+ generateKeyStore "Client-TLS-Certificate" "${WL_SERVER_TLS_KEYSTORE_PASS}" "${WL_SERVER_TLS_KEYSTORE_PASS}" "${TRUSTSTORE_PATH}"
+
+ wlst.sh -skipWLSModuleScanning "$INIT_SCRIPTS/enable-server-https.py" "${KEYSTORE_PATH}" "${TRUSTSTORE_PATH}"
+}
+
if [ -f ${WL_DOMAIN_HOME}/servers/${WL_ADMIN_NAME}/logs/${WL_ADMIN_NAME}.log ]; then
echo "Admin log file: [${WL_DOMAIN_HOME}/servers/${WL_ADMIN_NAME}/logs/${WL_ADMIN_NAME}.log] already exists - Skip domain creation!"
exit
@@ -79,13 +99,9 @@ fi
# copy security properties - check first init folder else use default
if [ -e "${WL_INIT_PROPERTIES}/domain_security.properties" ]; then
cp -f "${WL_INIT_PROPERTIES}/domain_security.properties" "${SEC_PROPERTIES_FILE}"
+elif [ -e "${INIT_SCRIPTS}/../properties/domain_security.properties" ]; then
+ cp -f "${INIT_SCRIPTS}/../properties/domain_security.properties" "${SEC_PROPERTIES_FILE}"
else
- cp -f "${INIT_SCRIPTS}"/../properties/domain_security.properties "${SEC_PROPERTIES_FILE}"
-fi
-
-
-
-if [ ! -e "${SEC_PROPERTIES_FILE}" ]; then
echo "To increase security please provide custom admin username and password in ${SEC_PROPERTIES_FILE}."
defUsername=weblogic
randPass=$(LC_ALL=C tr -dc A-Za-z0-9 </dev/urandom | head -c 64)
@@ -121,7 +137,6 @@ CONFIGURED_MANAGED_SERVER_COUNT=${WL_MANAGED_SERVER_COUNT}
CLUSTER_NAME=${WL_CLUSTER_NAME}
DEBUG_FLAG=${WL_DEBUG_FLAG}
PRODUCTION_MODE_ENABLED=${WL_PRODUCTION_MODE_ENABLED}
-SERVER_TLS_KEYSTORE_PASS=${WL_SERVER_TLS_KEYSTORE_PASS}
EOT
echo "Init domain with following properties"
@@ -131,7 +146,7 @@ echo "Show domain home $WL_DOMAIN_HOME"
wlst.sh -skipWLSModuleScanning -loadProperties "${DOMAIN_PROPERTIES_FILE}" -loadProperties "${SEC_PROPERTIES_FILE}" "$INIT_SCRIPTS/create-wls-domain.py"
ENC_PASS=$(java -cp $ORACLE_HOME/wlserver/server/lib/weblogic.jar -Dweblogic.RootDirectory=${WL_DOMAIN_HOME} weblogic.security.Encrypt ${PASS});
-
+echo "set cluster shared secret file $WL_SECURITY_FILE"
cat <<EOT > "$WL_SECURITY_FILE"
username=${USER}
password=${PASS}
@@ -145,3 +160,5 @@ username=${USER}
password=${ENC_PASS}
EOT
fi
+
+init_server_https_keystore
\ No newline at end of file
diff --git a/smp-docker/images/weblogic-12.2-smp/container-scripts/init-scripts/deploySMPToDomain.sh b/smp-docker/images/weblogic-12.2-smp/container-scripts/init-scripts/deploySMPToDomain.sh
index 9793ba9fa..e3112a4ee 100755
--- a/smp-docker/images/weblogic-12.2-smp/container-scripts/init-scripts/deploySMPToDomain.sh
+++ b/smp-docker/images/weblogic-12.2-smp/container-scripts/init-scripts/deploySMPToDomain.sh
@@ -25,7 +25,7 @@ hibernate.dialect=org.hibernate.dialect.Oracle10gDialect
datasource.jndi=jdbc/eDeliverySmpDs
authentication.blueCoat.enabled=true
log.folder=./logs/
-configuration.dir=${SMP_CONFIG_DIR}/security
+configuration.dir=${SMP_SECURITY_DIR}/
EOT
fi
diff --git a/smp-docker/images/weblogic-12.2-smp/container-scripts/init-scripts/enable-server-https.py b/smp-docker/images/weblogic-12.2-smp/container-scripts/init-scripts/enable-server-https.py
new file mode 100644
index 000000000..bb3de92bf
--- /dev/null
+++ b/smp-docker/images/weblogic-12.2-smp/container-scripts/init-scripts/enable-server-https.py
@@ -0,0 +1,57 @@
+# pass keystore as the first parameter
+keystore_path = sys.argv[1]
+truststore_path = sys.argv[2]
+domain_name = os.environ.get("WL_DOMAIN_NAME", "")
+domain_path = os.environ.get("WL_DOMAIN_HOME", "")
+admin_server_name = os.environ.get("WL_ADMIN_NAME", "")
+admin_https_port = int(os.environ.get("WL_ADMIN_PORT_HTTPS", "7002"))
+ksIdentityPassword=os.environ.get("WL_SERVER_TLS_KEYSTORE_PASS", "")
+ksIdentityAlias=os.environ.get("WL_ADMIN_HOST", "")
+
+print('domain_name : [%s]' % domain_name)
+print('domain_home : [%s]' % domain_path)
+print('keystore_path : [%s]' % keystore_path)
+print('truststore_path : [%s]' % truststore_path)
+print('admin_server_name : [%s]' % admin_server_name)
+print('admin_https_port : [%s]' % admin_https_port)
+print('Configure : [%s]' % '/Servers/'+admin_server_name+'/TLS/' + admin_server_name)
+
+def configureHTTPS():
+ # ------------------------------------
+ try:
+ # configure HTTPS for admin server
+ cd('/Servers/%s/' % admin_server_name)
+ # set custom Identity and standards java Trust..
+ cmo.setKeyStores('CustomIdentityAndCustomTrust')
+ cmo.setCustomIdentityKeyStoreFileName(keystore_path)
+ cmo.setCustomIdentityKeyStoreType('PKCS12')
+ set('CustomIdentityKeyStorePassPhraseEncrypted', ksIdentityPassword)
+
+ # set truststore
+ cmo.setCustomTrustKeyStoreFileName(truststore_path)
+ set('CustomTrustKeyStorePassPhraseEncrypted', ksIdentityPassword)
+ cmo.setCustomTrustKeyStoreType('PKCS12')
+
+ create(admin_server_name, 'SSL')
+ cd('/Servers/'+admin_server_name+'/SSL/' + admin_server_name)
+ cmo.setServerPrivateKeyAlias(ksIdentityAlias)
+ set('ServerPrivateKeyPassPhraseEncrypted', ksIdentityPassword)
+
+
+ cd('/Servers/'+admin_server_name+'/SSL/' + admin_server_name)
+ cmo.setEnabled(true)
+ cmo.setListenPort(admin_https_port)
+ except Exception, e:
+ print "Error occurred while configuring server keystore and HTTPS connector"
+ dumpStack()
+ print e
+
+# Enable Use Authorization Providers to Protect JMX Access by default
+print('Enable server SSL ...')
+
+readDomain(domain_path)
+configureHTTPS()
+updateDomain()
+closeDomain()
+
+exit()
diff --git a/smp-docker/images/weblogic-12.2-smp/container-scripts/init-scripts/functions/keystore.functions b/smp-docker/images/weblogic-12.2-smp/container-scripts/init-scripts/functions/keystore.functions
index 1fcb1d504..e339ff832 100644
--- a/smp-docker/images/weblogic-12.2-smp/container-scripts/init-scripts/functions/keystore.functions
+++ b/smp-docker/images/weblogic-12.2-smp/container-scripts/init-scripts/functions/keystore.functions
@@ -217,8 +217,7 @@ keystoreType=${keystoreType}"
}
#
-# Creates a new keystore. The name of the keystore will be "gateway_keystore.jks" unless the optional domain name
-# argument is provided - in this case the name of the keystore will be "gateway_keystore_DOMAIN.jks" -.
+# Creates a new keystore with one key/certificate C=EU,O=eDelivery,OU=SMP_TEST,CN=${keystoreAlias}".
#
# Args:
# $1 - alias for the keystore entry (e.g. 'red_gw', 'blue_gw')
@@ -230,31 +229,29 @@ generateKeyStore() {
: "${1:?Please provide the alias of the keystore entry as the first parameter (e.g. 'red_gw', 'blue_gw')}"
: "${2:?Please provide the keystore password as the second parameter}"
: "${3:?Please provide the private key password as the third parameter}"
- : "${4:?Please provide the domain name as the fourth parameter}"
+ : "${4:?Please provide the keystore path as the fourth parameter}"
local keystoreAlias="${1}"
local keystorePassword="${2}"
local privateKeyPassword="${3}"
- local domainName="${4}"
- local keystoreFileName="${domainName}-gateway_keystore.jks"
+ local keystoreFilePath="${4}"
- echo "Generating keystore ${keystoreFileName} using: keystoreAlias=${keystoreAlias}, \
-keystorePassword=${keystorePassword}, privateKeyPassword=${privateKeyPassword}, domainName=${domainName}"
+ echo "Generating keystore ${keystoreFilePath} using: keystoreAlias=${keystoreAlias}"
- if containsKeystoreEntry "${keystoreFileName}" "${keystoreAlias}" "${keystorePassword}"; then
- echo "Cert with keystoreAlias=${keystoreAlias} already exists in ${keystoreFileName}. Deleting keystore entry before creating it again!"
- removeKeystoreEntry "${keystoreFileName}" "${keystoreAlias}" "${keystorePassword}"
+ if containsKeystoreEntry "${keystoreFilePath}" "${keystoreAlias}" "${keystorePassword}"; then
+ echo "Cert with keystoreAlias=${keystoreAlias} already exists in ${keystoreFilePath}. Deleting keystore entry before creating it again!"
+ removeKeystoreEntry "${keystoreFilePath}" "${keystoreAlias}" "${keystorePassword}"
fi
keytool -genkeypair \
- -dname "C=BE,O=eDelivery,CN=${keystoreAlias}" \
+ -dname "C=EU,O=eDelivery,OU=SMP_TEST,CN=${keystoreAlias}" \
-alias "${keystoreAlias}" \
-keyalg RSA \
-keysize 2048 \
-keypass "${privateKeyPassword}" \
-validity 3652 \
- -storetype JKS \
- -keystore "${keystoreFileName}" \
+ -storetype PKCS12 \
+ -keystore "${keystoreFilePath}" \
-storepass "${keystorePassword}" \
-v 2>/dev/null
@@ -263,9 +260,9 @@ keystorePassword=${keystorePassword}, privateKeyPassword=${privateKeyPassword},
exit 1
fi
- exportCertificate "${keystoreFileName}" "${keystoreAlias}" "${keystorePassword}"
+ exportCertificate "${keystoreFilePath}" "${keystoreAlias}" "${keystorePassword}"
- chmod a+w "${keystoreFileName}"
+ chmod a+w "${keystoreFilePath}"
}
#
@@ -291,8 +288,7 @@ updateTrustStore() {
local domainName="${4}"
local truststoreFileName="${domainName}-gateway_truststore.jks"
- echo "Updating truststore ${truststoreFileName} using: keystoreAlias=${keystoreAlias}, \
-keystorePassword=${keystorePassword}, privateKeyPassword=${privateKeyPassword}, domainName=${domainName}"
+ echo "Updating truststore ${truststoreFileName} using: keystoreAlias=${keystoreAlias}, domainName=${domainName}"
if containsKeystoreEntry "${truststoreFileName}" "${keystoreAlias}" "${keystorePassword}"; then
echo "Cert with keystoreAlias=${keystoreAlias} already exists in ${truststoreFileName}. Deleting truststore entry before importing certificate!"
diff --git a/smp-docker/images/weblogic-12.2-smp/container-scripts/startAdminServer.sh b/smp-docker/images/weblogic-12.2-smp/container-scripts/startAdminServer.sh
index d18c686d2..8aa03c976 100755
--- a/smp-docker/images/weblogic-12.2-smp/container-scripts/startAdminServer.sh
+++ b/smp-docker/images/weblogic-12.2-smp/container-scripts/startAdminServer.sh
@@ -91,45 +91,33 @@ export AS_SECURITY="${AS_HOME}/security"
if [ -f ${AS_HOME}/logs/${ADMIN_NAME}.log ]; then
exit
fi
-
-echo "Admin Server Home: ${AS_HOME}"
-echo "Admin Server Security: ${AS_SECURITY}"
-
-# WL_SECURITY_FILE should be created in createWLSDomain script
-SEC_PROPERTIES_FILE=${WL_SECURITY_FILE}
-if [ ! -e "${SEC_PROPERTIES_FILE}" ]; then
- echo "A security.properties file with the username and password needs to be supplied."
- exit
-fi
-
+echo "Initialize domain and deploy smp"
# initialize docker image
cd ~ || exit 13
if [ ! -f ".initialized" ]; then
+ echo "Initialize domain and deploy smp"
INIT_SCRIPTS=${ORACLE_HOME}/init/scripts
initWebLogicDomain "${INIT_SCRIPTS}"
deploy_smp "${INIT_SCRIPTS}"
- [ -f "${DOCKER_DATA}/${WL_CLUSTER_NAME}.jar" ] && rm -rf "${DOCKER_DATA}/${WL_CLUSTER_NAME}.jar"
+ [ -f "${DOCKER_DATA}/${WL_CLUSTER_NAME}.jar" ] && rm -rf "${DOCKER_DATA}/${WL_CLUSTER_NAME}-${SMP_VERSION}.jar"
pack.sh -domain="${WL_DOMAIN_HOME}" \
- -template="${DOCKER_DATA}/${WL_CLUSTER_NAME}.jar" \
+ -template="${DOCKER_DATA}/${WL_CLUSTER_NAME}-${SMP_VERSION}.jar" \
-template_name="${WL_CLUSTER_NAME}" \
-managed="true" \
- -template_desc="${DOMAIN_NAME}-managed-template-for-SMP-${SMP_VERSION}"
+ -template_desc="${WL_DOMAIN_NAME}-managed-template-for-SMP-${SMP_VERSION}"
touch ~/.initialized
fi
-# Get Username
-#USER=$(awk '{print $1}' ${SEC_PROPERTIES_FILE} | grep username | cut -d "=" -f2)
-#if [ -z "${USER}" ]; then
-# echo "The domain username is blank. The Admin username must be set in the properties file."
-# exit
-#fi
-# Get Password
-#PASS=$(awk '{print $1}' ${SEC_PROPERTIES_FILE} | grep password | cut -d "=" -f2)
-#if [ -z "${PASS}" ]; then
-# echo "The domain password is blank. The Admin password must be set in the properties file."
-# exit
-#fi
+echo "Admin Server Home: ${AS_HOME}"
+echo "Admin Server Security: ${AS_SECURITY}"
+
+# WL_SECURITY_FILE should be created in createWLSDomain script
+SEC_PROPERTIES_FILE=${WL_SECURITY_FILE}
+if [ ! -e "${SEC_PROPERTIES_FILE}" ]; then
+ echo "A security.properties file with the username and password needs to be supplied."
+ exit
+fi
#Define Java Options
JAVA_OPTIONS=$(awk '{print $1}' ${SEC_PROPERTIES_FILE} | grep ^JAVA_OPTIONS= | cut -d "=" -f2)
@@ -139,14 +127,6 @@ fi
export JAVA_OPTIONS=${JAVA_OPTIONS}
-
-# Create domain
-#mkdir -p ${AS_SECURITY}
-#echo "username=${USER}" >>${AS_SECURITY}/boot.properties
-#echo "password=${PASS}" >>${AS_SECURITY}/boot.properties
-#${WL_DOMAIN_HOME}/bin/setDomainEnv.sh
-
-
#echo 'Running Admin Server in background'
${WL_DOMAIN_HOME}/bin/startWebLogic.sh &
diff --git a/smp-docker/images/weblogic-12.2-smp/container-scripts/startManagedServer.sh b/smp-docker/images/weblogic-12.2-smp/container-scripts/startManagedServer.sh
index 97541ad33..df1343d46 100755
--- a/smp-docker/images/weblogic-12.2-smp/container-scripts/startManagedServer.sh
+++ b/smp-docker/images/weblogic-12.2-smp/container-scripts/startManagedServer.sh
@@ -31,16 +31,6 @@ echo "Managed Server Name: ${WL_MANAGED_SERV_NAME}"
echo "Managed Server Home: ${MS_HOME}"
echo "Managed Server Security: ${MS_SECURITY}"
-# initialize docker image
-cd ~ || exit 13
-if [ ! -f ".initialized" ]; then
- INIT_SCRIPTS=${ORACLE_HOME}/init/scripts
- echo "create domain folder ${WL_DOMAIN_HOME}"
- unpack.sh -template="${DOCKER_DATA}/${WL_CLUSTER_NAME}.jar" -domain="${WL_DOMAIN_HOME}" -app_dir="${WL_DOMAIN_HOME}"
- touch ~/.initialized
-fi
-
-
SEC_PROPERTIES_FILE=${WL_SECURITY_FILE}
if [ ! -e "${SEC_PROPERTIES_FILE}" ]; then
echo "A properties file with the username and password needs to be supplied. Use default properties"
@@ -60,6 +50,19 @@ if [ -z "${PASS}" ]; then
exit
fi
+# initialize docker image
+cd ~ || exit 13
+if [ ! -f ".initialized" ]; then
+ INIT_SCRIPTS=${ORACLE_HOME}/init/scripts
+ echo "create domain folder ${WL_DOMAIN_HOME}"
+ unpack.sh -template="${DOCKER_DATA}/${WL_CLUSTER_NAME}-${SMP_VERSION}.jar" -domain="${WL_DOMAIN_HOME}" -app_dir="${WL_DOMAIN_HOME}"
+ touch ~/.initialized
+fi
+
+cd ${WL_DOMAIN_HOME}
+
+
+
#Set Java Options
JAVA_OPTIONS=`awk '{print $1}' ${SEC_PROPERTIES_FILE} | grep ^JAVA_OPTIONS= | cut -d "=" -f2`
if [ -z "${JAVA_OPTIONS}" ]; then
diff --git a/smp-docker/images/weblogic-12.2-smp/properties/init/datasource.properties b/smp-docker/images/weblogic-12.2-smp/properties/init/datasource.properties
index 1f77d6d79..2bdd46c3d 100644
--- a/smp-docker/images/weblogic-12.2-smp/properties/init/datasource.properties
+++ b/smp-docker/images/weblogic-12.2-smp/properties/init/datasource.properties
@@ -1,9 +1,8 @@
dsname=eDeliverySmpDs
-dsdbname=default;create=true
+dsdbname=eDeliverySmpDs
dsjndiname=jdbc/eDeliverySmpDs
dsdriver=oracle.jdbc.OracleDriver
dsurl=jdbc:oracle:thin:@//smp-oracle-db:1521/xe
dsusername=smp
dspassword=test
dstestquery=SQL SELECT 1 FROM DUAL
-dsmaxcapacity=1
diff --git a/smp-docker/pom.xml b/smp-docker/pom.xml
index 902f3f74a..b2cd63cbc 100644
--- a/smp-docker/pom.xml
+++ b/smp-docker/pom.xml
@@ -14,9 +14,39 @@
<properties>
<!-- Only selected modules are deployed -->
<maven.deploy.skip>false</maven.deploy.skip>
+ <docker.artefacts.folder>/CEF/repo</docker.artefacts.folder>
</properties>
<artifactId>smp-docker</artifactId>
<packaging>jar</packaging>
- <name>SMP Docker</name>
+ <name>SMP Docker</name>
+ <profiles>
+ <profile>
+ <id>build-docker-images</id>
+ <build>
+ <plugins>
+ <plugin>
+ <artifactId>maven-antrun-plugin</artifactId>
+ <executions>
+ <execution>
+ <id>build-docker-images</id>
+ <phase>package</phase>
+ <goals>
+ <goal>run</goal>
+ </goals>
+ <configuration>
+ <target name="buildDockerImages">
+ <exec executable="/bin/bash">
+ <arg value="${project.basedir}/images/build-docker-images.sh"/>
+ <arg value="-o ${docker.artefacts.folder}"/>
+ </exec>
+ </target>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
+ </plugins>
+ </build>
+ </profile>
+ </profiles>
</project>
--
GitLab