EDS HS WebLogic Server 92 Operations Guide HPUX11.23 2.0

EDS Hosting Services
WebWerks
Operations Guide
(Authorized User's Operations Guide)
WebLogic Server 9.2 HPUX 11.23

Itanium
Version 2.0
9 November 2009
GM/EDS Confidential

WebLogic Server 9.2 HPUX 11.23 Itanium
Statement of Confidentiality
This document contains information that is confidential and proprietary to EDS. This information is made
available with the express understanding that it will be held in strict confidence and not disclosed,
duplicated, or used, in whole or in part, without written consent from the EDS Legal department.
Information can only be disclosed, duplicated, or otherwise used in accordance with the nondisclosure
agreement with EDS. Additionally, this information shall be limited to EDS and GM persons having a need
to know.
EDS is a registered mark, and the EDS logo is a trademark, of Electronic Data Systems Corporation. EDS
is an equal opportunity employer and values the diversity of its people. Copyright 2014 Electronic Data
Systems Corporation. All rights reserved.
Product names referred to herein are trademarks of their respective companies. Many of the designations
used by manufacturers and sellers to distinguish their products are claimed as trademarks. Where those
designations appear in this document, and the editorial staff was aware of a trademark claim, the
designations have been printed in initial capital letters.
Version 2.0
GM/EDS Confidential
9 November 2009
Change History
This document complies with the requirements of the Content Standard for Operations Guide,
version 2.05, effective 02 Sep 2008. The QMS Web site version of this document is controlled.
All other versions are uncontrolled.
The following Change History table contains a record of changes made to this document:
Published /
Revised Date
Version
#
Document Owner
Section / Nature of Change
Published /
Revised Date
Version
#
Document Owner
Section / Nature of Change
05 October
2009
1.0
09 November
2009
2.0
SreeLatha Chalasani HP
HS
sreelatha.chalasani@hp.c
om 248-364-5819
Same
Created Document
Made changes as per peer review

comments
http://ustlsvugq001.amer.cor
p.eds.com/sites/Applications
/PeerReview/Pages/Request.as
px?reqid=81430
04 January
2010
2.0
19 January
2010
same
GM/EDS Confidential
Same
Made a note regarding /var/tmp

directories
Jessica Leja
HP ES HS
jessica.leja@hp.com
248-754-7767
Added Failed Logon Attempt and

Account Lockout information in the
security section of the document.

Contents
Introduction................................................................................................................................... 4
Architecture Design...................................................................................................................... 5
Logical Architecture....................................................................................................................................... 5
Related Manuals and Training.......................................................................................................................7
Support.......................................................................................................................................... 7
Ongoing Support........................................................................................................................................... 7
Optional Configurations............................................................................................................................. 7
WebLogic OpsWare Signature File............................................................................................................7
WebLogic Opsware MAPL......................................................................................................................... 9
Manually Changing the System Password..............................................................................................10
Using an Automated Script with a Manual Step to Change the System ID Password.............................11
Adding a User ID to the Embedded LDAP...............................................................................................13
Deleting a User ID from the Embedded LDAP.......................................................................................14
Unlocking a User Account........................................................................................................................ 14
Change or Remove Oracle Thin Driver from CLASSPATH......................................................................14
Configure Managed Server Instance Memory.........................................................................................15
Configure the Level of Messages Sent to Standard Out..........................................................................16
Configure a Default Web Application.......................................................................................................17
Deploy an Application.............................................................................................................................. 17
Create a Data Source.............................................................................................................................. 18
Update (Redeploy) an Application...........................................................................................................19
Delete (Undeploy) an Application.............................................................................................................19
Start/Stop an Application.......................................................................................................................... 20
Deploy the Sample Application................................................................................................................21
Using WLST (WebLogic Scripting Tool)...................................................................................................23
Version 2.0
GM/EDS Confidential
9 November 2009 i

Files Deployed that Contain Encrypted Passwords.................................................................................23

Files that Can Be Shared with Application Development Teams.............................................................23
Files that Can Not Be Shared with Application Development Teams.......................................................25
Standard/Recommended JAVA_OPTIONS.............................................................................................25
Starting, Stopping, and Restarting...........................................................................................................26
Log Files.................................................................................................................................................. 29
Determing WLS Version........................................................................................................................... 32
Maintenance Window.................................................................................................................................. 32
Troubleshooting.......................................................................................................................... 32
Troubleshooting Standards.........................................................................................................................32
Troubleshooting Performance.....................................................................................................................35
http://download.oracle.com/docs/cd/E13222_01/wls/docs92/perform/topten.html..................................35
Vendor recommendations for Resolving Performance Issues.................................................................35
Known Problems......................................................................................................................................... 36
Support........................................................................................................................................................ 36
Contacts................................................................................................................................................... 37
Product-Specific Support......................................................................................................................... 38
Event Monitoring.......................................................................................................................................... 39
SiteScope Monitoring............................................................................................................................... 39
Real Time Monitoring............................................................................................................................... 40
Install and Uninstall.................................................................................................................... 41

Prerequisites................................................................................................................................................ 41
System Parameters................................................................................................................................. 42
HP-UX WebLogic Tuning Parameters......................................................................................................42
Initial Configuration / Setup...................................................................................................................... 42
Initial Configuration / Setup...................................................................................................................... 43
Installation................................................................................................................................................... 43
Create an HP HS Administration Server..................................................................................................43
Create Self-Signed Application Server SSL Certificate(s)........................................................................46
Install Binaries.......................................................................................................................................... 47
Install Domain.......................................................................................................................................... 52
Install Additional Instancef....................................................................................................................... 60
De-installation.............................................................................................................................................. 69
De-Install Binaries.................................................................................................................................... 69
De-Install Domain.................................................................................................................................... 70
De-Install Miscellaneous.......................................................................................................................... 72
Non-Standard Configurations......................................................................................................................72
Migration...................................................................................................................................... 72
Technical...................................................................................................................................... 72
Administrative / Back-End Access...............................................................................................................72
Application Access....................................................................................................................................... 72
Application Testing....................................................................................................................................... 73
Availability and Load Balancing................................................................................................................... 73
Domain Administration Server.................................................................................................................73
Clustering Managed Server Instances.....................................................................................................74
JMS.......................................................................................................................................................... 75
JSP/Servlet Clustering.............................................................................................................................75
JDBC Clustering...................................................................................................................................... 76
Patching & Maintenance Pack General Information....................................................................................76
Patching................................................................................................................................................... 76
Maintenance Pack Information................................................................................................................77
Version 2.0
GM/EDS Confidential
9 November 2009 ii

Backup and Restore.................................................................................................................................... 77

Changing the Embedded LDAP Backup Schedule.....................................................................................77
Batch Processes.......................................................................................................................................... 78
Embedded LDAP..................................................................................................................................... 78
Control Tool................................................................................................................................................. 79
Disaster Recovery....................................................................................................................................... 79
Network....................................................................................................................................................... 79
Notices of Decision and Approved Deviations.............................................................................................79
Remote Access............................................................................................................................................ 79
Reporting..................................................................................................................................................... 81
Security........................................................................................................................................................ 81
General Motors WebLogic Related ISP Information................................................................................81
Anonymous Admin Lookup......................................................................................................................82
Enabling Trust Between WebLogic Server Domains...............................................................................82
SSL.......................................................................................................................................................... 82
boot.properties......................................................................................................................................... 82
Embedded LDAP..................................................................................................................................... 82
User Lockout............................................................................................................................................ 83
Users........................................................................................................................................................ 83
Firewall Rules.......................................................................................................................................... 84
Software Discovery...................................................................................................................................... 84
Storage........................................................................................................................................................ 85
User Management....................................................................................................................................... 85
Volume and Expected Usage......................................................................................................................85
Appendix 1: How to Configure SSH Key Trust........................................................................86

Appendix 2: How to Manually Configure the WLS Administration Port................................87
Appendix 3: How to Deploy a Patch to WLS 9.2......................................................................89
Engineering Task Download Patch via Smart Update and Create Patch Install Script............................89
Operations Task Validate Patch Deployment...........................................................................................91
Appendix 4: Create Service Guard package............................................................................93

Appendix 5: WebLogic Server FAQ.......................................................................................... 96
Appendix 6: Entrust certificate troubleshooting.....................................................................97
Installing chain certificate............................................................................................................................97
Using 2048 RSA keys.................................................................................................................................. 98
Version 2.0
GM/EDS Confidential
9 November 2009 iii

Introduction
The purpose of this document is to describe the design for the HP Hosting Services (HP HS) WebLogic Server (WLS) 9.2 build specifically for
HPUX 11.23 Itanium.
The intended audience for this document is system administrators, the Middleware team, engineers, security administrators, and help desk
personnel.
This document is supported by the WebLogic 9.2 Requirements Guide found at
http://admin.gweb.eds.com/gwh/doc/release/wls/wls92/hpux/guides/requirements/EDS_HS_WebLogic_Server_9.2_Requirements_Guidehpux.doc.
This document is supported by the WebLogic 9.2 Design Guide found at
http://admin.gweb.eds.com/gwh/doc/release/wls/wls92/hpux/guides/design/EDS_HS_WebLogic_Server_9.2_Requirements_Guide-hpux.doc
This document is intended for the HPUX 11.23 Itanium operating system. This design and operations guide provides details for installing and
configuring WLS 92 on HPUX build as per GBD standards, however if intended this build can be used to install the build into non standard
directories that are not mentioned in the GBD. A single directory prefix to the standard installation directory is feasible. Many features such as
integration with Sun Web Server using Weblogic plugin, control tool, migration, admin instance failover and Node Manager are out of scope of
this build.
Throughout this document the reference /<VENDORDIR>/<BEAHOME> and /usr/local/bea/wls92 are generally interchangeable as examples
of where WebLogic 9.2 binaries should be deployed. Inspite of that installation directory with a single directory prefix is also feasible for e.g.
<PREFIX>/<VENDORDIR>/<BEAHOME> i.e. /wls92pkg/usr/local/bea/wls92 non standard directory structure is accommodated by this build if
required. See the Install Binaries section of this document for information on naming conventions for directories where additional binaries
should be deployed.
Environment for this Guide

GMAC Pre-production environment
GMAC Production environment
Y/N
Y
Y
This document refers to an <installid>. Wherever you see <installid> you should replace it with the UNIX user ID that has sudo to root privileges on the HP HS
administration server and that also has the ability to ssh from the HP HS administration server to the remote application server and sudo to root. To meet the GM
Version 2.0
GM/EDS Confidential
9 November 2009 4

and HP security standards <installid> should not be a generic id, it should be a EDSNET id.This <installid> will be always be part of gwlsins group. The
INSTALLGRP variable should not be changed in any of the server.conf files.
It is easier for the installer if this ID has not only the ability to sudo to root but to sudo to root without entering a password. Also ensure to remove the sudo access
for the <installid> on the server where WLS 9.2 is deployed and remove SSH trust after the installation is complete.
Architecture Design
The General Motors WebLogic Server 9.2 Gold Build Definition includes both Solaris 10 and HP-UX 11i v2.3 Enterprise Operating Environment (EOE). This guide
is for HPUX Itanium version 11.23 WebLogic 9.2 only. This template supports BEA WebLogic Server 9.2 deployments on HPUX Itanium version 11.23
In general WebLogic is the 3rd tier in a 4 tier architecture consisting of browser web server application server (WLS) and database. The General Motors Gold
Build integrates WebLogic Server 9.2 with the Sun Java Web Server and Oracle database server.
However for the current scope of the project integration with Web server by using Weblogic Plugin is not included.
Logical Architecture
Version 2.0
GM/EDS Confidential
9 November 2009 5

WebLogic Server Data Flow:

1.
End users will access the Sun Java System Web Server which when configured will pass that traffic via HTTP or HTTPS to the backend
WebLogic Server Cluster. However Web Server integration is out of scope of this project.
2.
The WebLogic Server Cluster will process the traffic.
3.
If the transaction requires database connectivity WebLogic will use connection pools and datasources to connect to the Oracle
Database using standard JDBC/SQL.
4.
HP SMC Administrators, Application Owners and HP HS Engineers will be able to access the WLS Administration console via HTTPS.
Version 2.0
GM/EDS Confidential
9 November 2009 6

Related Manuals and Training

The WebLogic/Oracle site that contains all WLS documentation.
Initially when WLS92 was released the vendor of the product is BEA, in the later years BEA is acquired by Oracle.
http://www.oracle.com/technology/products/weblogic/index.html can be used to view or download the WebLogic Server 9.2 documentation
the URL for which is http://download.oracle.com/docs/cd/E13222_01/wls/docs92/index.html
The Oracle WebLogic Product Downloads site http://www.oracle.com/technology/software/products/ias/bea_main.html can be used to
download Oracle WebLogic Server.
Support
Ongoing Support
Optional Configurations
WebLogic OpsWare Signature File
As of the 3rd quarter 2009 block point any HP HS standard deployments of WebLogic at the most current version will contain a WebLogic Opsware Signature File.
This file is used by HP Opsware to identify whether the deployment is an HP HS standard deployment and whether the deployment is up-to-date with the most
current security patches and / or service pack releases. This file will contain version history information. This file will exist in /<VENDORDIR>/<BEAHOME> (in
most cases* this is /usr/local/bea/wls92) and is called eds-gm-wls92.txt. The following is the current signature file:
*****************************************************************************************
DO NOT MODIFY OR DELETE THIS FILE. Permissions on this file should be set to 444.
*****************************************************************************************
This is a signature file for the EDS Hosting Services binary build used on the GM account
(GSC36a). While Opsware MAPLs will exist to identify all deployments of this technology,
an additional MAPL will uniquely identify this as the EDS-GM standard / gold build. This
will enable us to leverage automated patching, and standardized upgrade procedures.
The file can also be manually viewed to determine binary version information.
*****************************************************************************************
Product:
WebLogic Server 9.2
Version 2.0
GM/EDS Confidential
9 November 2009 7

Location:
$BEAHOME (normally /usr/local/bea/wls92.)
Version History:
---------------11/2009
- New build including 2009q3 patches.
- 2LYV.jar - CVE-2009-1974
- TRY5.jar - CVE-2009-0217
* The following MAPL was created to determine if the eds-gm-wls92.txt file exists and what version or block point it is related to:
Action
Priority
File Name
Add
n/a
eds-gm-wls92.txt
Product Name
WebLogic
Server
Product
Version
9.2MP3
Vendor Name
BEA Systems
Inc.
Min File
Size
1022
Max
File
Size
1022
Min
File
Date
Max
File
Date
OS
n/a
n/a
HPUX 11.23
WebLogic Opsware MAPL

Operations Guide Content
The following 2 MAPLs have been submitted for creation and should be used to determine if WLS 9.2 is deployed:
Action
Priority
File Name
Add
n/a
libwlenv.so
Add
n/a
weblogic.jar
Version 2.0
Product Name
Weblogic
Server
Weblogic
Server
GM/EDS Confidential
Product
Version
Vendor Name
Min File
Size
Max File
Size
Min
File
Date
Max
File
Date
OS
9.2MP3
BEA / Oracle
14308
14308
n/a
n/a
HPUX 11.23
9.2MP3
BEA / Oracle
53961499
53961499
n/a
n/a
HPUX 11.23
9 November 2009 8

Manually Changing the System Password

All instances in a domain should be in RUNNING mode when changing any user id password or
the updated password will likely not get updated in the managed server instance replica copy
of the embedded ldap causing errors.
If you change the WebLogic 9.2 domain system users password, please note all the areas that
it will need to be changed in:
1. Open a browser session to the administration console. Login using the system user id
and password. Leave this session open while you complete the following. That
way in case the change does not go as planned, you will have a console open that you
can use to either reset the password or unlock the system user id.
2. Use a second browser session to access the administration console for the domain.
Login using the system user id and password.
3. Click on Security-Realms click on the myRealm link.
4. Click on the Users and Groups tab
5. Click the system user link in the right-most pane.
6. Click the Passwords tab.
7. Enter the new system users password in the New Password field.
8. Enter the same password in the Confirm New Password field.
9. Click Save.
10. Click the Continue link at the "Password has been changed" notice.
11. Click on the domain name in the left navigation pane
12. Click on the Security Embedded LDAP tab
13. Click Lock & Edit
14. Change the Credential and confirm the updated Credential in the Confirm
Credential field.
15. Click Save
16. Click Activate Changes
17. On each server that hosts the domain:
Version 2.0
Login to the application server using the B<shortname> id

You should be in the /<VENDORDIR>/<BEAHOME>/domains/<shortname>
directory or for non standard directories /<PREFIX>/<
VENDORDIR>/<BEAHOME>/domains/<shortname>
For each instance on the physical server in this domain do the following:
cd servers/INSTANCE/security
Edit the boot.properties file by replacing the encrypted password with the new
plain text password (note, when you restart the server instances, this
password will automatically be encrypted).
Once all instances have been updated restart the instance(s) to verify that the
boot.properties file change was successful. Make sure to restart the admin
instance first. When running the stop scripts it is likely that the instances will be
killed by the script rather than stopped nicely because of the password change.
This is ok. If you were to start and then stop the instances again you should
notice that they stop nicely the 2nd time. This is because the boot.properties file
was not encrypted with the new password when you ran the first stop. Only the
startup of the instance will encrypt the boot.properties file.
GM/EDS Confidential
9 November 2009 9

If theres a problem restarting an instance try moving the

/<VENDORDIR>/<BEAHOME>/domains/<shortname>/servers/<INSTANCE>/data
/ldap/ldapfiles or for non standard directories
/<PREFIX>/<VENDORDIR>/<BEAHOME>/domains/<shortname>/servers/<INSTA
NCE>/data/ldap/ldapfiles file to ldapfiles.$DATE (where $DATE is todays date) and
then try restarting the instance. This will force the instance to download a new
ldap from the admin instance.
Validate that the password entry in the boot.properties files for all instances on all
servers that host the domain are now encrypted.
18. If this is successful, update the system2, system3 and system4 passwords to match
the system password.
Changing Other ID Passwords

1. Use a browser session to access the administration console for the domain. Login
using the system user id and password.
2. Click on the domain name in the left navigation pane
3. Click on the Security Embedded LDAP tab
5. Change the Credential and confirm the updated Credential in the Confirm
Credential field.
6. Click Save
8. Click on Security-Realms click on the myRealm link.
9. Click on the Users and Groups tab
10. Click the appropriate user link in the right-most pane.
11. Click the Passwords tab.
12. Enter the new users password in the New Password field.
13. Enter the same password in the Confirm New Password field.
14. Click Save.
15. Click the Continue link at the "Password has been changed" notice.
Using an Automated Script with a Manual Step to Change the System ID

Password
Please note that all instances in a domain should be in RUNNING mode when changing any
user id password or the updated password will likely not get updated in the managed server
instance replica copy of the embedded ldap causing errors.
It is recommended that each WebLogic domain have a unique system password.
If anyone has clicked on Lock & Edit on the Administration Console or is running a WLST or
some type of script that is making changes to the WLS configuration that you are adding an
instance to then the following will not work. In other words, you need exclusive access to
the WebLogic domain configuration to run the following commands.
If there are any existing changes to be activated in the WLS domain (for example if you login
to the admin console and the activate changes button is available to click then those
changes should be activated before continuing with this deployment or this deployment will
likely fail.
Please stay out of the administration console during this installation. Do not open a browser
and browse the admin console during these updates. If necessary temporarily change the
Version 2.0
GM/EDS Confidential
9 November 2009 10

deployer ID and system ID passwords before starting the additional instance installation to
keep all other potential users out of the administration console during this change as well.
1.
Open a browser session to the administration console. Login using the system user id
and password. Leave this session open while you complete the following. That
way in case the change does not go as planned, you will have a console open that you
can use to either reset the password or unlock the system user id.
2.
Use a second browser session to access the administration console for the domain.
Login using the system user id and password.
3.
Click on Security-Realms click on the myRealm link.
4.
Click on the Users and Groups tab
5.
Click the system user link in the right-most pane.
6.
Click the Passwords tab.
7.
Enter the new system users password in the New Password field.
8.
Enter the same password in the Confirm New Password field.
9.
Click Save.
On the HP HS Admin Server as the <install_id> complete the following:

1. Type
For HPUX cd /usr/local/gwh/scripts/wls92 _hpux_11.23_itanium/pwd_change
2.
Edit the server.conf file for the following:
Variable
AS1_DNS
Definition
The fully qualified dns name for
the server that hosts the sites
WebLogic administration server.
Sample Value
app-r-vs01.iweb.gm.com
ADMIN_PORT
The domains WebLogic

administration server
administration port
The directory where the
BEAHOME is deployed.
7503
VENDORDIR
Standard directory :
/usr/local/bea
Non standard directory :
BEAHOME
SHORTNAME
ORIGPASS
Version 2.0
The beahome for this domain

installation. The standard HP
HS Design is for all WebLogic
9.2 Domains to be installed in
the wls81 BEAHOME. This
means that the standard
"binaries" for HP HS WebLogic
9.2 are located in the
/usr/local/bea/wls92 directory.
If for some reason this domain is
to be installed into a second,
third, etc. BEAHOME, then
change this entry accordingly.
The applications shortname.
The current WLS system ID
password
GM/EDS Confidential
/<PREFIX>/usr/local/bea
wls92
test4
start123
9 November 2009 11

JDKVER
The JDK version deployed in the jdk150_13

WebLogic binaries (in
/usr/local/bea/wls92 for
example)
NEWPASS
The new password to be
test1234
assigned to the WLS system ID.
RUNID
The ID that can ssh from the HP <installid>
HS administration server to the
server where the WLS
administration server instance is
deployed without being
prompted for a password and
that has sudo to root capabilities
once on the remote server.
APPSERVERS
List of physical WebLogic
"130.175.101.35
application servers or zones the
130.175.101.36"
SHORTNAME is installed on. If
more than one server, then put
the list in double quotes and
separate each server with a
space. If the HP HS admin
server does not know the
application servers by just their
hostname then this list should
contain each hosts fully qualified
host name.)
3. Type ./change_pw | tee $SHORTNAME.out where $SHORTNAME is replaced with the
shortname.
4. Restart all instances in the domain. When running the stop scripts it is likely that the instances will
be killed by the script rather than stopped nicely because of the password change. This is ok. If
you were to start and then stop the instances again you should notice that they stop nicely the 2nd
time. This is because the boot.properties file was not encrypted with the new password when you
ran the first stop. Only the startup of the instance will encrypt the boot.properties file.
5.
If there are no errors in $SHORTNAME.out and all instances restart properly then you can remove
the $SHORTNAME.out file.
Run this script against each site that requires the system ID password to be changed (one at a time only -please be careful since this is changing the system id and the cn=Admin LDAP Owner ids password for
each weblogic domain).
In order to encrypt the boot.properties file each instance on each physical server that hosts the site should
be stopped and started after the script has completed successfully. It is required that all instances are
stopped and started to verify that the changes were successful for all instances in a domain and to
avoid errors on startup because passwords of different jvms in the same domain do not match and
to make other id / pw changes.
Any SiteScope monitors that use the system id should also be updated with the new password.
Adding a User ID to the Embedded LDAP

1.
Use a browser to access the administration console for the domain. Use an ID with
administration access to the WLS Administration console.
2.
Click on the Securtiy Realms name in the left navigation pane.
3.
Click on myrealm.
4.
Click on the Users and Groups tab.
5.
Click New.
Version 2.0
GM/EDS Confidential
9 November 2009 12

6.
Enter the Name, Description, Password and Confirm Password.
7.
Click on the user ID in the list of user IDs.
8.
Click on the Groups tab.
9.
Add the user to the appropriate group. (For example, if adding an ID for an engineer
who requires access only to view the configuration then assign them to the Monitors
group). Use the arrow to add the appropriate group(s) to the Chosen field.
10. Click Save.
Deleting a User ID from the Embedded LDAP

1.
2.
Make sure all instances in the domain are running.

Use a web browser to login to the Administration Console for the domain that you need to delete
the deployer ids from. Login using the web administrators id and password.
3.
Click on the Security Realms entry. Click on the myRealm entry in the Name column in the
right most frame.
4.
Click on the Users and Groups tab.
5.
Place a check mark in the first column in front of the user ID to be deleted. This will enable the
Delete button. Click the Delete button.
6.
When prompted Are you sure you want to delete the following items? Click Yes
7.
A message stating Selected users have been deleted should be displayed.
Unlocking a User Account

By default user lockout is enabled. The lockout threshold is set to 3. This means a users
account (including system user) will be locked for 30 minutes (lockout duration) after 3 invalid
login attempts. This is required by the GM Technical Security Standard for WebLogic Server.
Note, if the system administrators account is locked out, no instances can be stopped or
started until the lockout timeout has occurred. If the administrator is already logged into the
administration console in another browser window, they may be able to unlock their own id
using the following instructions.
11. Use a browser to access the administration console for the domain. If the system id is
the id that is locked out then use the system2, system3, system4 id to unlock the
system id.
12. Click on the Domain name in the left navigation pane.
13. Click on the Security tab
14. Click on the Unlock User tab
15. Enter the name of the locked user in the Unlock User text field
16. Click the Save button
17. Note the message above the tabs in the right-most pane: User successfully unlocked
Change or Remove Oracle Thin Driver from CLASSPATH

The startWebLogic.sh (admin server instance file) and startWebLogic_instancename files contain the
following entry when configured to the Oracle 10g Thin Driver:
CLASSPATH="/usr/local/bea/wls92/weblogic92/server/ext/jdbc/oracle/10g/ojd
bc14.jar:${CLASSPATH}"
The startWebLogic.sh (admin server instance file) and startWebLogic_instancename files contain the
following entry when configured to the Oracle 11g Thin Driver:
Version 2.0
GM/EDS Confidential
9 November 2009 13

CLASSPATH="/usr/local/bea/wls92/weblogic92/server/ext/jdbc/oracle/11g/ojd
bc5.jar:${CLASSPATH}"
To remove the Oracle Thin Driver from the CLASSPATH remove the following if 10g is configured:
/usr/local/bea/wls92/weblogic92/server/ext/jdbc/oracle/10g/ojdbc14.jar
To remove the Oracle Thin Driver from the CLASSPATH remove the following if 11g is configured:
To set the instance to use 10g make sure the only oracle thin driver entry in the CLASSPATH is set to
To set the instance to use 11g make sure the only oracle thin driver entry in the CLASSPATH is set to
Configure Managed Server Instance Memory

NOTE: The following changes should be made to all WebLogic 9.2 instances in a domain that
require memory configuration changes.
1.
Login to the application server as the B<shortname> UNIX user id. This should put
you in the domain root (something like /usr/local/bea/wls92/domains/shortname or if
a non standard directory structure is used into /<PREFIX>/
usr/local/bea/wls92/domains/shortname).
2.
Change to the bin directory (/usr/local/bea/wls92/domains/test4/bin or if a non

standard directory structure is used /<PREFIX>/
usr/local/bea/wls92/domains/shortname/bin)
3.
Make a backup of the startWebLogic_instance files that you are going to update the
memory allocation for.
4.
Edit the startWebLogic_instance files by replacing the two 512 entries in the
MEM_ARGS value with the new memory allocation (such as 1024, etc.)
5.
Save and quit the file.
6.
Restart the instance.
7.
Also see http://edocs.bea.com/wls/docs92/perform/JVMTuning.html
MEM_ARGS="-Xms1024m -Xmx1024m"
NOTE: the following is taken from the General Motors Gold Build for WebLogic Server
9.2
Memory: The memory required varies by application. For capacity planning purposes, three sizes
(small, medium, large) have been defined. One may have bigger application server instances but this
would be the exception. For sizing the available memory capacity of a server, reserve 20% of the
memory for the OS, tools, and margin.
It is expected that in most cases the WebLogic administration server Instance will require 512 MB of
memory.
Version 2.0
GM/EDS Confidential
9 November 2009 14

Memory Allocation
Size of
Application
Server
instance/JVM
Small
Medium
Large
512 MB RAM minimum
1 GB RAM
typical
2GB RAM
Extra Large
More than
2GB RAM
Disk Space: 1.8 GB minimum plus application data and related files. Multiple instances require
slightly more disk space (minimum of 30 MB each instance).
Capacity Chart of 1) Single Instances per server; 2) Active-Active Instances
Memory Capacity
Configure the Level of Messages Sent to Standard Out

Work with the application developers to determine what level of messages should be output to
standard out and then use the following to change that level for each managed server
instance:
1. Login to the WebLogic 9.2 Administration Console using an ID with System
Administration privileges.
3. Click Environment Servers
4. Click on a Server Instance
5. Click the Logging tab for that instance
6. Expand the Advanced section at the bottom of the page
7. Change the Severity level as appropriate (the default is Debug)
8. Select Redirect stdout logging enabled (by default this is not selected but standard
out is redirected to the instance_start log by the custom start scripts)
9. Set the Standard Out Severity Level as appropriate
10. Click Save
Version 2.0
GM/EDS Confidential
9 November 2009 15

Configure a Default Web Application

This is not something that HP HS Operations or Engineering should be doing. This is an
application development or sustain team responsibility. This is included here for informational
purposes only.
In some cases an application owner may require that a default web application be configured.
In WebLogic 9.2 this must be done by setting the URI in the deployment descriptor (the value
of context-root in the application.xml file takes precedence over the value of context-root in
weblogic.xml file) to /. This can not be done through the admin console. This is the
responsibility of the application owner.
The default Web Application responds to any HTTP request that cannot be resolved to another
deployed Web Application. In contrast to all other Web Applications, the default Web
Application does not use the Web Application name as part of the URI. Any Web Application
targeted to a server can be declared as the default Web Application.
<weblogic-web-app>
<context-root>/</context-root>
</weblogic-web-app>
Deploy an Application
The Middleware team should rarely have to deploy applications the following instructions are supplied to
assist in cases when the Middleware team needs to deploy an application.
1. Use a browser to login to the WebLogic Administration Console.
3. Click on Deployments
4. Click Install
5. Either browse to the ear or war file using the Location links or use the upload your
file(s) option to upload the ear or war file from your work station. Select the ear or
war file and click Next.
6. Select Install this deployment as an application and click Next.
7. Target the application to the appropriate instances or cluster and click Next.
8. To stage the application click Copy this application onto every target for me and
click Next. It is up to the application owner to tell you which option they want to
select, for example (Use the defaults defined by the deployments targets, Copy this
application onto every target for me or I will make the deployment accessible from the
following location).
9. Click Finish.
10. Click Activate Changes.
11. Test the application URL.
Version 2.0
GM/EDS Confidential
9 November 2009 16

Create a Data Source

The Middleware team should rarely have to deploy Data Sources the following instructions are supplied to
assist in cases when the Middleware team needs to deploy a Data Source.
1. Use a browser to login to the WebLogic Administration Console.
3. Click on Services JDBC Data Sources
4. Click New
5. Enter the Data Source name in the Name field
6. Enter the Data Source JNDI name in the JNDI Name field
7. Select the Database Type from the Database Type drop down box
8. Select the Database Driver from the Database Driver drop down box
9. Click Next
10. Select the appropriate values on the Transaction Options page and click Next
11. Enter the Database Name in the Database Name field
12. Enter the Database Host Name in the Host Name field
13. Enter the Database Port in the Port field
14. Enter the Database User Name in the Database User Name field
15. Enter the Database User Password in the Password and Confirm Password fields
16. Click Next
17. Verify the information on the Test Database Connection page
18. Click Test Configuration
19. You should see the message Connection test succeeded at the top of the page
20. Click Next
21. Target the Data Source to the appropriate managed server instances or cluster and
click Finish
22. To configure additional parameters for the Data Source Connection Pool (for example
Test Connections On Reserve) do the following:
a. Click on the Data Source name link
b. Click on the Configuration Connection Pool tab
c.
Set the initial capacity to 0.
d. Click Save.
e. Expand the Advanced section at the bottom of the page
f.
Make the necessary changes (for example, enable Test Connections On

Reserve and ensure Test Table Name is set to SQL SELECT 1 FROM
DUAL).
g. Click Save
24. Click the Monitoring tab
25. Click the Testing tab
Version 2.0
GM/EDS Confidential
9 November 2009 17

26. Select the managed server instance to test the Data Source on and click Test Data
Source (you will need to test the Data Source on each managed server instance it is
targeted to one at a time)
27. You should receive a message at the top of the page Test of <DATA SOURCE> on
server <INSTANCE> was successful.
Update (Redeploy) an Application

If updating an application for a customer (not the sample application for example) be sure to use an ID with
deployer level access and not any of the IDs with system administration privileges. If asked to deploy using
the system ID then the application team should submit a detailed business case for use of the system ID to
HP Hosting. The application team may be requested to obtain a NOD from General Motors depending on
the business case.
The following is taken from
http://download.oracle.com/docs/cd/E13222_01/wls/docs92/ConsoleHelp/taskhelp/deploymen
t/UpdateApplication.html
1.
2.
Use a browser to login to the administration console using the ID required to deploy the application
(for example the sample application is deployed using the system id but in general all other
applications are deployed using the deployer ID).
If you have not already done so, in the Change Center of the Administration Console, click Lock &
Edit.
3.
In the left pane of the Administration Console, select Deployments. A table in the right pane
displays all deployed applications and modules.
4.
In the right pane, locate the application you want to update (redeploy).
5.
Select the check box next to the name of the application you want to update.
6.
Click Update to redeploy the application.
7.
Change the source and deployment plan paths as desired.
8.
Click Finish to confirm your decision.
9.
To activate these changes, in the Change Center of the Administration Console, click Activate
Changes. Not all changes take effect immediatelysome require a restart (see Use the Change
Center).
Delete (Undeploy) an Application

If you want to remove an application from just one instance that it is currently targeted to but keep the
application deployed and targeted to other managed server instances:
1.
Use the WebLogic Administration Console to make sure the application is stopped (start/stop an
application).
2.
Click Lock & Edit
3.
Click Deployments
4.
Click the name of the application
5.
Click Targets
6.
Uncheck or deselect the target to remove the application from and click Save
7.
Click Activate Changes
To completely remove the application from being deployed to any managed server instances:
1.
Use the WebLogic Administration Console to make sure the application is stopped (start/stop an
application).
Version 2.0
GM/EDS Confidential
9 November 2009 18

2.
Click Lock & Edit
3.
Click Deployments
4.
Place a check mark next to the application name to be undeployed
5.
Click Delete
6.
When prompted to confirm the deletion answer appropriately.
7.
8.
This should remove the application from the staged directory if the application was deployed with
staging enabled. It should not remove the original EAR/WAR file from the upload directory.
Start/Stop an Application
The following is taken from
http://download.oracle.com/docs/cd/E13222_01/wls/docs92/ConsoleHelp/taskhelp/applications/StopDeploye
dEnterpriseApplications.html Starting an Enterprise Application makes the application available to
WebLogic Server clients; stopping it makes it unavailable.
When you start an application, you can make it immediately available to clients, or you can start it in
administration mode to first ensure that it is working as you expect. Starting in administration mode allows
you to perform final ("sanity") checking of the distributed application directly in the production environment
without disrupting clients.
Similarly, you can stop an application so that no clients can use it, or you can stop it in administration mode
so that only administrative tasks can be performed.
Stopping an application does not remove its source files from the server; you can later redeploy (also called
update) a stopped application to make it available to WebLogic Server clients once again.
If stopping or starting an application for a customer (not the sample application for example) be sure to use
one of the deployer IDs and not any of the IDs with system administration privileges.
To stop an application:
1.
Use a browser to login to the administration console using the ID required to deploy the
application (for example the sample application is deployed using the system ID but in general
all other applications are deployed using the deployer ID).
2.
Click on Deployments
3.
Place a checkmark in the available checkbox next to the application name
4.
Click the Stop arrow and select the appropriate option (When work completes, Force Stop
Now or Stop, but continue servicing administration requests)
5.
When asked to confirm the stop click Yes if appropriate.
6.
If there are SiteScope monitors configured for this application then you should expect
SiteScope to start reporting that the instance or application is down.
To start an application:
1.
Use a browser to login to the administration console using the ID required to deploy the
application (for example the sample application is deployed using the system ID but in general
all other applications are deployed using the deployer ID).
2.
3.
Place a checkmark in the available checkbox next to the application name
4.
Click the Start arrow and select the appropriate option (Servicing all requests or Servicing only
administration requests)
Version 2.0
GM/EDS Confidential
9 November 2009 19

5.
When asked to confirm the start click Yes if appropriate.
6.
Validate that the application is now accessible either via SiteScope or manually.
Deploy the Sample Application

Be sure to use one of the deployer IDs and not any of the IDs with system administration privileges.
In some cases customers have undeployed/trashed the sample application that is installed
with each new managed server instance. If for some reason the sample application needs to
be redeployed and the InMemRepClient_clus.war and/or InMemRepClient_scell.war file are not
in the
/<VENDORDIR>/<BEAHOME>/domains/SHORTNAME/servers/SHORTNAME_admin/upload or if
a non standard directory is used
/<PREFIX>/<VENDORDIR>/<BEAHOME>/domains/SHORTNAME/servers/SHORTNAME_admin/
upload directory on the server that hosts the domains administration server instance then do
the following:
If the war file is already on the file system in the
/<VENDORDIR>/<BEAHOME>/domains/SHORTNAME/servers/SHORTNAME_admin/upload or if
a non standard directory structure is used then
/<PREFIX>/<VENDORDIR>/<BEAHOME>/domains/SHORTNAME/servers/SHORTNAME_admin/
upload you can skip directly to step 3 below. If the application is already deployed and you
just need to start/stop it then you can skip to the Start/Stop an Application section of this
document.
1.
Note, both war files should be available on the file system in the directory noted above
for every domain admin instance regardless of whether the domain currently only
hosts clustered or non-clustered instances.
2.
The InMemRepClient_clus sample application should be deployed to any managed

server instances in a cluster. The InMemRepClient_scell sample application should be
deployed to any managed server instances that are not in a cluster. To determine if an
instance is part of a cluster login to the WLS Administration Console, click Environment
Clusters <CLUSTER NAME> - Configuration Servers tab to see the list of
instances in the cluster (if there are several clusters then you will need to check each
cluster).
3.
If you need to deploy the clustered version of the sample application then do the
following substituting InMemRepClient_clus.war for SAMPLEAPP. If you need to deploy
the unclustered version of the sample application then do the following substituting
InMemRepClient_scell.war for SAMPLEAPP.
4.
Do the following for each of the sample applications (InMemRepClient_clus.war and

InMemRepClient_scell.war):
a. Copy the InMemRepClient*.war from the admin server For HPUX
/usr/local/gwh/scripts/wls92_hpux_11.23_itanium /wls-as to
/tmp/InMemRepClient on the application server that hosts the admin instance
for the domain/site.
b. As root on the application server that hosts the admin instance for the
domain/site cd /tmp/InMemRepClient. Make sure that nothing but the
InMemRepClient*.war file exists there.
c.
Type unzip SAMPLEAPP
d. Type rm SAMPLEAPP # for example rm InMemRepClient_clus.war or rm

InMemRepClient_scell.war
e. Type cd WEB-INF
Version 2.0
GM/EDS Confidential
9 November 2009 20

f.
Edit the weblogic.xml file by replacing SITE with the shortname for the site.
This is for the workingDir parameter.
g. Save the new weblogic.xml file.

h. Type cd ..
i.
If working with the InMemRepClient_clus.war file then type zip -r

SAMPLEAPP * (for example zip r InMemRepClient_clus.war * if working
with the clustered version of the sample application or zip r
InMemRepClient_scell.war * if working with the nonclustered version of
the sample application.
j.
Copy the new war file to the

/<VENDORDIR>/<BEAHOME>/domains/<SHORTNAME>/servers/<SHORTNAM
E>_admin/upload or if a non standard directory is used
/<PREFIX/<VENDORDIR>/<BEAHOME>/domains/<SHORTNAME>/servers/<S
HORTNAME>_admin/upload (for example
/usr/local/bea/wls92/domains/test4/servers/test4_admin/upload or
/wls92pkg/usr/local/bea/wls92/domains/test4/servers/test4_admin/upload)
directory.
k. Remove the /tmp/InMemRepClient directory and its contents.

l.
5.
Make sure the file is owned by B<shortname>:g<shortname>
If you need to add a server to the sample application targets, skip to step 4 below. If
you need to deploy the application for the first time continue here. If the domain has
both clustered and non-clustered instances then you will need to do the following one
time using the InMemRepClient_clus.war file and targeting it to the cluster(s) and once
using the InMemRepClient_scell.war file and targeting it to the nonclustered instances.
a. Make sure all managed server instances in the domain (or cluster) are
running.
b. Use the admin console to redeploy the new war file to the cluster.
i.
ii.
Click Deployments
iii.
Click Install
iv.
Navigate to
/<VENDORDIR>/<BEAHOME>/domains/SHORTNAME/servers/SHORTN
AME_admin/upload or if a non standard directory structure is used
/<PREFIX>/<VENDORDIR>/<BEAHOME>/domains/SHORTNAME/serve
rs/SHORTNAME_admin/upload
v.
vi.
vii.
viii.
ix.
x.
xi.
xii.
xiii.
Version 2.0
Click Lock & Edit
Select the SAMPLEAPP file and click Next

Select Install this deployment as an application and click Next
Select the target(s) and click Next
Select Copy this application onto every target for me and leave
all other default values
Click Next
Click Finish
Click Deployments (in the left navigation pane)
Place a check mark in the checkbox next to InMemRepClient_clus or
InMemRepClient_scell and click Start Servicing all Requests
GM/EDS Confidential
9 November 2009 21

xiv.
xv.
6.
Click Yes
You should see that the State changed to Active
To add a managed server instance as a target for the sample application that is
already deployed to other instances in the domain complete the following:
a. Login to the WLS Administration Console

b. Click Lock & Edit
c.
d. Click on the application name link

e. Click the Targets tab
f.
Select the proper targets
g. Click Save
h. Click Activate Changes
Using WLST (WebLogic Scripting Tool)

WLST, a command line utility, can be used to create, configure and manage domains. The .profile for each
B<shortname> ID includes the CLASSPATH, PATH and JAVA_OPTIONS settings necessary for the
Middleware team to login as the B<shortname> UNIX User ID and type java $JAVA_OPTIONS
weblogic.WLST to open the WLST command prompt.
The first time you invoke wlst, it is slow because it caches all the jar information in your classpath to this
directory, so that it can find the classes at runtime efficiently. Further invocations will be faster because it
does not have to do any caching if the classpath did not change, if it did change it will do an incremental
cache.
For more information regarding WLST please reference
http://download.oracle.com/docs/cd/E13222_01/wls/docs92/config_scripting/wlst_faq.html
and
http://download.oracle.com/docs/cd/E13222_01/wls/docs92/config_scripting/index.html
Files Deployed that Contain Encrypted Passwords

/<VENDORDIR>/<BEAHOME>/domains/SHORTNAME/config/config.xml
/<VENDORDIR>/<BEAHOME>/domains/SHORTNAME/servers/domain_bak/config_prev/config.xml
/<VENDORDIR>/<BEAHOME>/domains/SHORTNAME/fileRealm.properties
/<VENDORDIR>/<BEAHOME>/domains/SHORTNAME/servers/INSTANCE/security/boot.properties
Or if a non standard directory structure is used
/<PREFIX>/<VENDORDIR>/<BEAHOME>/domains/SHORTNAME/config/config.xml
/
<PREFIX>/<VENDORDIR>/<BEAHOME>/domains/SHORTNAME/servers/domain_bak/config_prev/config.x
ml
/<PREFIX>/<VENDORDIR>/<BEAHOME>/domains/SHORTNAME/fileRealm.properties
/
<PREFIX>/<VENDORDIR>/<BEAHOME>/domains/SHORTNAME/servers/INSTANCE/security/boot.properti
es
Version 2.0
GM/EDS Confidential
9 November 2009 22

Files that Can Be Shared with Application Development Teams

/<VENDORDIR>/<BEAHOME>/weblogic92/* except for any node manager specific files (for example
weblogic92/common/nodemanager/*)
/<VENDORDIR>/<BEAHOME>/jdk150_##/*
/<VENDORDIR>/<BEAHOME>/silent.xml
/<VENDORDIR>/<BEAHOME>/registry.xml
/<VENDORDIR>/<BEAHOME>/license.bea
/<VENDORDIR>/<BEAHOME>/ wls_binaries_wls92_$DATE.log
/<VENDORDIR>/<BEAHOME>/UpdateLicense.sh
/<VENDORDIR>/<BEAHOME>/utils/*
/<VENDORDIR>/<BEAHOME>/domains/SHORTNAME/bin/start*
/<VENDORDIR>/<BEAHOME>/domains/SHORTNAME/bin/stop*
/<VENDORDIR>/<BEAHOME>/domains/SHORTNAME/config/config.xml
/<VENDORDIR>/<BEAHOME>/domains/SHORTNAME/init-info/*
/<VENDORDIR>/<BEAHOME>/domains/SHORTNAME/InMemRepClient_clus.war
/<VENDORDIR>/<BEAHOME>/domains/SHORTNAME/InMemRepClient_scell.war
/<VENDORDIR>/<BEAHOME>/domains/SHORTNAME/config/deployments/*
/<VENDORDIR>/<BEAHOME>/domains/SHORTNAME/servers/domain_bak/config_prev/config.xml
/<VENDORDIR>/<BEAHOME>/domains/SHORTNAME/servers/INSTANCE/cache
/<VENDORDIR>/<BEAHOME>/domains/SHORTNAME/servers/INSTANCE/data
/<VENDORDIR>/<BEAHOME>/domains/SHORTNAME/servers/INSTANCE/logs
/<VENDORDIR>/<BEAHOME>/domains/SHORTNAME/servers/INSTANCE/stage
/<VENDORDIR>/<BEAHOME>/domains/SHORTNAME/servers/INSTANCE/tmp
Or if a non standard directory structure is used then

/<PREFIX>/<VENDORDIR>/<BEAHOME>/weblogic92/* except for any node manager specific files (for
example weblogic92/common/nodemanager/*)
/<PREFIX>/<VENDORDIR>/<BEAHOME>/jdk150_##/*
/<PREFIX>/<VENDORDIR>/<BEAHOME>/silent.xml
/<PREFIX>/<VENDORDIR>/<BEAHOME>/registry.xml
/<PREFIX>/<VENDORDIR>/<BEAHOME>/license.bea
/<PREFIX>/<VENDORDIR>/<BEAHOME>/ wls_binaries_wls92_$DATE.log
/<PREFIX>/<VENDORDIR>/<BEAHOME>/UpdateLicense.sh
/<PREFIX>/<VENDORDIR>/<BEAHOME>/utils/*
/<PREFIX>/<VENDORDIR>/<BEAHOME>/domains/SHORTNAME/bin/start*
/<PREFIX>/<VENDORDIR>/<BEAHOME>/domains/SHORTNAME/bin/stop*
/<PREFIX>/<VENDORDIR>/<BEAHOME>/domains/SHORTNAME/config/config.xml
/<PREFIX>/<VENDORDIR>/<BEAHOME>/domains/SHORTNAME/init-info/*
/<PREFIX>/<VENDORDIR>/<BEAHOME>/domains/SHORTNAME/InMemRepClient_clus.war
/<PREFIX>/<VENDORDIR>/<BEAHOME>/domains/SHORTNAME/InMemRepClient_scell.war
Version 2.0
GM/EDS Confidential
9 November 2009 23

/<PREFIX>/<VENDORDIR>/<BEAHOME>/domains/SHORTNAME/config/deployments/*
/
<PREFIX>/<VENDORDIR>/<BEAHOME>/domains/SHORTNAME/servers/domain_bak/config_prev/config.x
ml
/<PREFIX>/<VENDORDIR>/<BEAHOME>/domains/SHORTNAME/servers/INSTANCE/cache
/<PREFIX>/<VENDORDIR>/<BEAHOME>/domains/SHORTNAME/servers/INSTANCE/data
/<PREFIX>/<VENDORDIR>/<BEAHOME>/domains/SHORTNAME/servers/INSTANCE/logs
/<PREFIX>/<VENDORDIR>/<BEAHOME>/domains/SHORTNAME/servers/INSTANCE/stage
/<PREFIX>/<VENDORDIR>/<BEAHOME>/domains/SHORTNAME/servers/INSTANCE/tmp
Files that Can Not Be Shared with Application Development Teams

/<VENDORDIR>/<BEAHOME>/weblogic92/common/nodemanager/*
/<VENDORDIR>/<BEAHOME>/eds-gm-wls92.txt
/<VENDORDIR>/<BEAHOME>/domains/SHORTNAME/JKS/*
/<VENDORDIR>/<BEAHOME>/domains/SHORTNAME/security/*
/<VENDORDIR>/<BEAHOME>/domains/SHORTNAME/fileRealm.properties
/<VENDORDIR>/<BEAHOME>/domains/SHORTNAME/config/nodemanager/*
/<VENDORDIR>/<BEAHOME>/domains/SHORTNAME/servers/INSTANCE/security/*
Of if a non standard directory structure is used
/<PREFIX>/<VENDORDIR>/<BEAHOME>/weblogic92/common/nodemanager/*
/<PREFIX>/<VENDORDIR>/<BEAHOME>/eds-gm-wls92.txt
/<PREFIX>/<VENDORDIR>/<BEAHOME>/domains/SHORTNAME/JKS/*
/<PREFIX>/<VENDORDIR>/<BEAHOME>/domains/SHORTNAME/security/*
/<PREFIX>/<VENDORDIR>/<BEAHOME>/domains/SHORTNAME/fileRealm.properties
/<PREFIX>/<VENDORDIR>/<BEAHOME>/domains/SHORTNAME/config/nodemanager/*
/<PREFIX>/<VENDORDIR>/<BEAHOME>/domains/SHORTNAME/servers/INSTANCE/security/*
And any other files not specifically mentioned in this section or in the Files that Can Be Shared with
Application Development Teams section of this document.
Standard/Recommended JAVA_OPTIONS
The following JAVA_OPTIONS are required for the SSL configuration to work properly:
In the /<VENDORDIR>/<BEAHOME>/domains/SHORTNAME/INSTANCE/bin/startWebLogic_instance
and /<VENDORDIR>/<BEAHOME>/domains/SHORTNAME/INSTANCE/bin/stop files or if a non standard
directory structure is used then in
/<PREFIX>/<VENDORDIR>/<BEAHOME>/domains/SHORTNAME/INSTANCE/bin/startWebLogic_instance
and /<PREFIX>/<VENDORDIR>/<BEAHOME>/domains/SHORTNAME/INSTANCE/bin/stop the following
JAVA_OPTIONS should be set:
JAVA_OPTIONS="${JAVA_OPTIONS} -Dweblogic.security.SSL.nojce=true
-Dweblogic.security.SSL.trustedCAKeyStore=/<VENDORDIR>/<BEAHOME>/domains/SHORTNA
ME/JKS/SHORTNAMEtrust.jks
-Djavax.net.ssl.trustStore=/<VENDORDIR>/<BEAHOME>/domains/SHORTNAME/JKS/SHORTNAM
Etrust.jks -Djavax.net.ssl.trustStorePassword=KEYPASS"
Or in case of non standard directory structure
Version 2.0
GM/EDS Confidential
9 November 2009 24

-Dweblogic.security.SSL.trustedCAKeyStore=/<PREFIX>/<VENDORDIR>/<BEAHOME>/domain
s/SHORTNAME/JKS/SHORTNAMEtrust.jks
-Djavax.net.ssl.trustStore=/<PREFIX>/<VENDORDIR>/<BEAHOME>/domains/SHORTNAME/JKS
/SHORTNAMEtrust.jks -Djavax.net.ssl.trustStorePassword=KEYPASS"
For example:
-Dweblogic.security.SSL.trustedCAKeyStore=/usr/local/bea/wls92/domains/test4/JKS
/test4trust.jks
-Djavax.net.ssl.trustStore=/usr/local/bea/wls92/domains/test4/JKS/test4trust.jks
-Djavax.net.ssl.trustStorePassword=Test1234+"
Or in case of non standard directory structure

-Dweblogic.security.SSL.trustedCAKeyStore=/wls92pkg/usr/local/bea/wls92/domains/
test4/JKS/test4trust.jks
-Djavax.net.ssl.trustStore=/wls92pkg/usr/local/bea/wls92/domains/test4/JKS/test4
trust.jks -Djavax.net.ssl.trustStorePassword=Test1234+"
Starting, Stopping, and Restarting

On average the WebLogic 9.2 administration server instances take 1 minute to start and the managed
server instances take 30-60 seconds to start (depending on how many connection pools, applications, etc.
are deployed to the instance). You can tail -f the instances log file and look for RUNNING to validate whether
it started correctly or not.
When rebooting the application servers if possible the server that hosts the administration instance(s) should
always be restarted first. Once that server is restarted and all WebLogic instances are running then restart
the 2nd, 3rd, 4th, etc. application servers/zones. If both or all servers are restarted at the same time the
managed server instances hosted on the server that does not host the admin instances will startup in
managed server independence mode which in some cases will cause the managed server instances to be
unable to serve the application(s).
Version 2.0
GM/EDS Confidential
9 November 2009 25

Script Name:
start
Script Location:
Standard location /usr/local/bea/wls92/domains/SHORTNAME/bin or

Non standard location
/PREFIX/usr/local/bea/wls92/domains/SHORTNAME/bin
Script Purpose:
Calls the startWebLogic.sh to start the WLS 9.2 domain admin server
Instance
Validation
Instructions (include
which processes
should be running):
Standard location
/usr/local/bea/wls92/domains/<shortname>/bin/startWebLogic.sh
standard location
/PREFIX/usr/local/bea/wls92/domains/<shortname>/bin/startWebLogic.s
h
Script Name:
startWebLogic.sh
Script Location:
Standard location /usr/local/bea/wls92/domains/SHORTNAME/bin

Or
Non Standard location /PREFIX
/usr/local/bea/wls92/domains/SHORTNAME/bin
Script Purpose:
Called by the start script to start the WLS 9.2 domain admin server
Instance. In general this script should not be run directly unless during
a troubleshooting session.
Validation
which processes
should be running):
Type ps ef | grep B<SHORTNAME> the expected result is that at

least one of the processes returned by the command is a line similar to
the following
Standard location /usr/local/bea/wls92/jdk150_06/bin/java -server
-Xms256m -Xmx256m -XX:MaxPermSi
Or
Non Standard location /PREFIX/usr/local/bea/wls92/jdk150_06/bin/java
-server -Xms256m -Xmx256m -XX:MaxPermSi
Check for RUNNING in the
Standard location
/sites/<SHORTNAME>/site/common/logs/92_<SHORTNAME>_admin/<S
HORTNAME>_start.log
Or
Non Standard location
/PREFIX/sites/<SHORTNAME>/site/common/logs/92_<SHORTNAME>_ad
min/<SHORTNAME>_start.log
Script Name:
start_instance
Script Location:
Standard location /usr/local/bea/wls92/domains/SHORTNAME/bin or

Non Standard location
Script Purpose:
Calls the startManaged_instance which calls the startWebLogic_instance

to start the WLS 9.2 domain managed server instance
Validation
which processes
should be running):
See Validation for startManaged_instance and startWebLogic_instance.
Script Name:
startManaged_instance
Version 2.0
GM/EDS Confidential
9 November 2009 26

Script Location:
Standard location is /usr/local/bea/wls92/domains/SHORTNAME/bin

Or
Non Standard location is
Script Purpose:
Calls the startWebLogic_instance to start the WLS 9.2 domain managed

server instance. In general this script should not be run directly unless
during a troubleshooting session.
Validation
which processes
should be running):
/usr/bin/ksh
Standard directory
/usr/local/bea/wls92/domains/<shortname>/bin/startWebLogic_<instan
ce> node
Or Non Standard directory
/<PREFIX/>usr/local/bea/wls92/domains/<shortname>/bin/startWebLog
ic_<instance> node
Script Name:
startWebLogic_instance
Script Location:
Standard directory /usr/local/bea/wls92/domains/SHORTNAME/bin

Or
Non Standard directory
/<PREFIX>/usr/local/bea/wls92/domains/SHORTNAME/bin
Script Purpose:
Starts the WLS 9.2 domain managed server instance. In general this
script should not be run directly unless during a troubleshooting session.
Validation
which processes
should be running):
Type ps ef | grep B<SHORTNAME> the expected result is that at

least one of the processes returned by the command is a line similar to
the following
Standard
/usr/local/bea/wls92/jdk150_13/bin/java -server -Xms512m -Xmx512m
-XX:NewRatio=
Or
Non Standard
/<PREFIX>/usr/local/bea/wls92/jdk150_13/bin/java -server -Xms512m
-Xmx512m -XX:NewRatio=
Or
Check for RUNNING in the
Standard
/sites/<SHORTNAME>/site/common/logs/92_<INSTANCE>/<INSTANCE
>_start.log
Non Stanadard
/
<PREFIX>//sites/<SHORTNAME>/site/common/logs/92_<INSTANCE>/<
INSTANCE>_start.log
Script Name:
stop
Script Location:
Standard
Or
Non Standard
Version 2.0
GM/EDS Confidential
9 November 2009 27

Script Purpose:
Stops the WLS 9.2 domain admin server instance
Validation
which processes
should be running):
The admin instance processes should no longer be running
Script Name:
stop_instance
Script Location:
Standard
Or
Non standard
Script Purpose:
Stops the WLS 9.2 domain managed server instance
Validation
which processes
should be running):
The managed server instance processes should no longer be running
Log Files
Log File
access.log
Log File
Location
Standard
/
sites/<SHOR
TNAME>/site
/common/log
s/92_<INSTA
NCE>
Log File Purpose

Logs all HTTP
requests to the
admin instance
Rotation
Schedule
Nightly
Retention
Period
Indefinitely
Non
Standard
/
<PREFIX>/sit
es/<SHORTN
AME>/site/co
mmon/logs/9
2_<INSTANC
E>
Version 2.0
GM/EDS Confidential
9 November 2009 28

Log File
Location
Log File
instance.log
Standard
/
sites/<SHOR
TNAME>/site
/common/log
s/92_<INSTA
NCE>
Or
Non
Standard
/
<PREFIX>//s
ites/<SHORT
NAME>/site/
common/logs
/92_<INSTA
NCE>
start_instance.lo
g
Standard
Log File Purpose
Rotation
Schedule
Retention
Period
Each WLS managed

server instance has
its own message log
file In addition, by
default, a server
forwards all
messages of
severity ERROR and
higher to the
domain log. The
server message log
does not contain
HTTP requests or
JDBC messages.
Nightly
Indefinitely
Standard output log
Nightly
Indefinitely
/
sites/<shortn
ame./site/co
mmon/logs/9
2_<instance
>
Or
Non
Standard
/
<PREFIX>/sit
es/<shortna
me./site/com
mon/logs/92
_<instance>
Version 2.0
GM/EDS Confidential
9 November 2009 29

Log File
shortname.log
Log File
Location
Standard
/
sites/<SHOR
TNAME>/site
/common/log
s/92_<SHOR
TNAME>_ad
min
Or Non
Standard
/
<PREFIX>//s
ites/<SHORT
NAME>/site/
common/logs
/92_<SHORT
NAME>_admi
n
diagnostic_imag
es
Standard
/
sites/<shortn
ame>/site/co
mmon/logs/9
2_<instance
>
Log File Purpose
Rotation
Schedule
Retention
Period
A domain log is
automatically
configured when the
domain is installed.
The domain log
collects messages
from all server
instances in the
domain. The
domain log does not
contain HTTP
requests (which are
stored in a separate
access log for each
server) or JDBC
messages (which
are stored in a
separate JDBC log
for each server).
Nightly
Indefinitely
Directory where
debugging output is
written to when
server debug is
turned on.
None at this
time
Indefinitely
Or
/
<PREFIX>/sit
es/<shortna
me>/site/co
mmon/logs/9
2_<instance
>
The following links are deployed when the domain or additional instance(s) are deployed:
Standard
/<VENDORDIR>/<BEAHOME>/domains/<SHORTNAME>/servers/<SHORTNAME>_admin/logs links to
/sites/<SHORTNAME>/site/common/logs/92_<SHORTNAME>_admin
/<VENDORDIR>/<BEAHOME>/domains/<SHORTNAME>/servers/<INSTANCE>/logs links to
/sites/<SHORTNAME>/site/common/logs/92_<INSTANCE>
Or
Non standard
/<PREFIX>/<VENDORDIR>/<BEAHOME>/domains/<SHORTNAME>/servers/<SHORTNAME>_admin/logs
links to /sites/<SHORTNAME>/site/common/logs/92_<SHORTNAME>_admin
/<PREFIX>/<VENDORDIR>/<BEAHOME>/domains/<SHORTNAME>/servers/<INSTANCE>/logs links to
/sites/<SHORTNAME>/site/common/logs/92_<INSTANCE>
Version 2.0
GM/EDS Confidential
9 November 2009 30

The log files are rotated on a nightly basis via a cron job. The log file rotation tars and gzips the log files ad
the embedded ldap backups and on the server/zone that hosts the WLS administration server instance the
config.xml and SerializedSystemIni.dat files as well. The gzipped files are stored in
/sites/<SHORTNAME>/site/common/logs/92_dailybackups or if a non standard directory structure is used
then /<PREFIX>/sites/<SHORTNAME>/site/common/logs/92_dailybackups
Determing WLS Version

BEA has disabled the version info check from WLS Console in 9.2 and above. We can find it in the
config.xml and also in the startup logs.
There are two other ways BEA has recommended to find the version info 1. The file "registry.xml" under BEA_HOME (standard is /usr/local/bea/wls92 and non standard is
/<PREFIX>/usr/local/bea/wls92) has the version and patch info.
2. - Su to AppID(Bid)
- Cd to WL_HOME(/usr/local/bea/wls92/weblogic92)/server/bin or in case of non standard directory structure
to /<PREFIX>/usr/local/bea/wls92/weblogic92/server/
- Run setWLSEnv.sh
- Run "java weblogic.version -verbose"
(verbose flag is optional)
Following is the example ccts-app-pp-vs01(usplsonst280):/vol01/local/bea/wls92/weblogic92/server/bin> java weblogic.version
-verbose
WebLogic Server 9.2 MP3 Mon Mar 10 08:28:41 EDT 2008 1096261
SERVICE NAME
VERSION INFORMATION
============
===================
Kernel
Commonj WorkManager v1.1
TimerService
Commonj TimerManager v1.1
CorbaService
CORBA 2.3, IIOP 1.2, RMI-IIOP SFV2, OTS 1.2, CSIv2 Level 0 + Stateful
XMLService
XML 1.1
Transaction Service
JTA 1.0.1B
JDBCService
JSR-114, JDBC 3.0
ConnectorService
JCA 1.5
JMS Service
JMS 1.1
CustomResourceServerService 1.0.0.0
EJB Container
EJB 2.1
Servlet Container
Servlet 2.4, JSP 2.0
WebServices
JSR-173, JAX-RPC, JSR-109, WSDL, WS-Addressing, WS-Policy, JAX-B, JAXR, UDDI, WS-Management(HP), JAXP-1.3, WS-Security
MDBService
EJB 2.1, JCA 1.5
Maintenance Window
Maintenance windows will be defined by the customer.
Troubleshooting
Troubleshooting Standards
Version 2.0
GM/EDS Confidential
9 November 2009 31

Symptom
Possible
Cause(s)
Action(s) to Take
1.
Cannot release
2.
configuration on the
admin console or
unlock the admin
console edit
function.
An edit
hung or
someone else
has started an
edit and never
finished it.
There is a file in the domain root called edit.lok that can be

moved out of the way and then you should be able to re-lock
the admin console and make your edit.
3.
Application cannot 4.
revert deployment
to an older version.
BEA WLS
Known Issue
The application team has to make a change for example to the

manifest file (touch the file) so that BEA WLS knows that
something has changed and it should redeploy rather then
leave deployed as is.
Users receives error

message login
failed when trying
to access site from
a junction
Validate/verify
that the
junction is
configured
correctly and
the web
site/weblogic
site is
responding to
non-junction
based traffic if
possible.
Ensure the
junction is
created with
the junction
b flag is set to
filter instead
of ignore.
Add the following: <enforce-valid-basic-authcredentials>false</enforce-valid-basic-auth-credentials>

before the line </security-configuration> and restart the domain.
The admin console

or WLST times-out
or hangs when
making a change or
trying to deploy an
application.
The system
may be
locked by
one of the
managed
server
instances
having a hold
or lock on
something
that was
being changed
via WLST or
the admin
console.
Stop the managed server instance(s) and then restart the managed
server instance(s). In most cases as soon as all the managed server
instances are stopped the change will activate successfully.
If managed server
instances are
started in the
absence of a
RUNNING
administration
server instance
when the
administration
server instance is
started, automatic
This is a
known issue
and hopefully
will be
resolved with
a future patch
or service
pack upgrade.
The
start_instance
scripts contain
Restart the managed server instances in an HA fashion after the

administration server instance has been started and is in RUNNING
mode.
Version 2.0
Another thing to try is to try stopping the application(s) on the

managed server instances before making any changes.
GM/EDS Confidential
9 November 2009 32

managed server
discovery does not
work if the domain
wide administration
port is enabled.
The domain wide
administration port
has to be enabled
for the WLS
deployment to be
compliant with the
General Motors
WebLogic Technical
Security Standards.
a step that
checks for a
RUNNING
admin
instance for
10 minutes
and then
starts up the
managed
server in MSI
mode if
necessary.
This is mainly
intended to be
used during a
physical
server/zone
reboot to
allow the
admin
instance(s)
time to start
up before the
managed
server
instances
start.
When Entrust
certificates are used,
from the browser the
certificates are not
recognized to be a
authorized certificate.
Entrust issues a
chain certificate
and it needs to
be installed.
The solution is mentioned in the appendix 9
Entrust certificates do
not use 1024 RSA
keys any further
Entrust is
moving to 2048
RSA keys
The solution is mentioned in the appendix 9
Health-Check Tool or Procedure:
InMemRepClient Sample Application
Tool/Procedure Location:
If testing on an instance that is clustered then: http://<web

server url>/weblogic/InMemRepClient_clus/Session.jsp
or
http://<weblogic server
url>:weblogicport/InMemRepClient_clus/Session.jsp
If testing on an instance that is not clustered then:
http://<web server
url>/weblogic/InMemRepClient_scell/Session.jsp
or
http://<weblogic server
url>:weblogicport/InMemRepClient_scell/Session.js
p
Any of these monitors may be https if the
application team deems that a requirement.
Version 2.0
GM/EDS Confidential
9 November 2009 33

Execution Instructions / Command

Automatic (at system startup/reboot):
Manual:
If the site is displayed in the browser then Weblogic is

functioning. This check is a manual procedure. SiteScope
monitors will be used to monitor the individual instances.
Instructions for interpreting results

(include which processes should be
running):
Health-Check Tool or Procedure:
If SiteScope alerts then one of the following has likely

occurred:
the sample application or other application has been

undeployed
the instance is down for an unknown reason
the instance is down due to a manual or

control tool restart
the managed server has become unresponsive

to new requests
WLS Administration Console
Tool/Procedure Location:
https://<app server url>/console
Execution Instructions / Command

Automatic (at system startup/reboot):
Manual:
If the console login page is displayed in the browser and

you can login then WebLogic is functioning. This check is a
manual procedure. SiteScope monitors will be used to
monitor the admin instance.
Instructions for interpreting results

(include which processes should be
running):
If SiteScope alerts then the instance is down for an

unknown reason or the instance is down for a
manual or control tool restart.
Troubleshooting Performance
The following is based on input from BEA during troubleshooting the PRTS application slow
response issue. Please note that the PRTS troubleshooting effort was based on WebLogic
Server 8.1 although the recommendations should be the same for 9.2.
For general BEA performance tuning information see the following URL:
http://download.oracle.com/docs/cd/E13222_01/wls/docs92/perform/topten.html
Vendor recommendations for Resolving Performance Issues

Set -XX:PermSize=128m -XX:MaxPermSize=128m in the JAVA_OPTIONS for all instances and restart.
The HP HS standard build included the XX:MaxPermSize entry to begin with. Although this was done for
the PRTS application it did not resolve the issue. The 128m size may not work for all applications. This is
something that should be determined during performance/load testing of the application.
Set the Initial JDBC Connection Pool Capacity to equal that of the Max Capacity.
Disable the Test Created Connections option for the JDBC Connection Pool.
Disable Shrinking of Connections for the JDBC Connection Pool.
Enable the Test Connections on Reserve option for the JDBC Connection Pool.
Disable the Test Released Connections option for the JDBC Connection Pool.
Set servlet-reload-check-secs in weblogic.xml (application file) to -1 so that it never checks. When
optimizing for speed, increase pageCheckSeconds to 10, 20 or 30+ seconds by determining how many
times your JSPs will change during the day and setting the parameter appropriately.
Set jsp precomiple on in the weblogic.xml file.
Version 2.0
GM/EDS Confidential
9 November 2009 34

Increasing JSP Performance and Best Practices

If you have precompiled your JSPs, the precompile parameter should be set to false.
1.Compile your JSPs using weblogic.jspc.
2.Put your compiled JSP classes into their proper locations under the WEB-INF/classes directory of your
web application. If you use the default package name, then your classes should all be under WEBINF/classes/jsp_servlet i.e. if you have login.jsp, then it should be located under WEBINF/classes/jsp_servlet/login.class
3.Archive your web application into a WAR.
4.ReDeploy your web application.
Known Problems
When using one of the deployer IDs and clicking on the Testing tab for a deployment the user receives a
page full of errors. The Vendor is aware of this issue and has an open CR (change request) for this issue
but it has not been resolved yet. When the vendor provides a fix for this issue it will be tested in the release
environment and released to the environment if it works as expected.
Support
Any changes to a system should be part of an authorized work order which is documented at
installation time stating a change is occurring and be authorized via change control processes.
Version 2.0
GM/EDS Confidential
9 November 2009 35

Contacts
Name
Jessica Leja
Sreelatha
Chalasani
Beth Van Egeren
Tony Mazur
Yona Shaposhnik
Role
Phone
Pager
HP HS WebLogic Engineer
HP HS WebLogic Engineer
248-754-7767
248-364-5819
EON
EON
248-364-4918
248-370-1402
248-364-5539
EON
EON
EON
Oracle Support
HP HS Architect
HP HS Oracle Engineer
HP HS Sun Java System Web
Server Engineer
Oracle Support
1-800-633-0738
Metalink
Oracle Support
Not available
Dale Deloy
Oracle Weblogic Server

Consultant to General Motors
Not available
Support Identifier
3238825
metalink.oracle.co
m Support
Identifier 3238825
dale.deloy@oracle.c
om
Version 2.0
GM/EDS Confidential
9 November 2009 36

Product-Specific Support
The following was taken from http://www.oracle.com/support/library/brochure/lifetime-support-middleware.pdf
and is the End-of-Life Support for WebLogic Server 9.2
Product
WebLogic Server/Express
(WLS)
WL Platform
(WLS+WLW+WLP+WLI)
Version 2.0
Version
Status
Order
Availability
9.x
Active
Available
9.x
Active
Available
GM/EDS Confidential
GA Date
July, 2005
November
28, 2006
Retirement
Date
See WL
Platform 9.x
November 30,
2011
End of
Extended
Support
See WL
Platform 9.x
November
30, 2013
9 November 2009 37
Sustaining
Support
Yes
Yes

Technical
Event Monitoring
SiteScope Monitoring
A SiteScope monitor should be configured for the following:
Application Transaction Monitor

Configure a transaction monitor that accesses the application using it's web server VIP and performs a
transaction that utilizes all layers of the application (for example, web, app and database).
Administration Console Monitor

Configure a URL monitor that accesses the admin servers console application. For example,
https://triras001.iweb.gm.com:7181/console. In the preproduction and production monitors, you will
need to replace triras001.iweb.gm.com and 7181 with the WLS domains appropriate information.
Managed Server Instance Monitor

For each managed server instance configure a URL monitor that accesses the application directly using the
managed server instance on it's non-SSL port or SSL port depending on which is used. If both are used
then the application team will have to decide which to monitor or pay for additional monitors if both ports
need to be monitored.
Import EDS HS WLS 9.2 Root Certificate Authority into SiteScope To be performed by the
Tools Team
Before SiteScope monitors can be configured to monitor the WLS SSL ports the following
needs to be completed by the tools team:
Complete the following using the administration id on the Pre-Production and Production Intranet SiteScope
servers. Contact the engineer assigned to obtain the passwords noted in red text below before starting this
change.
1.
Copy the attached ca.cert.pem file to c:\SiteScope\java\lib\security on the SiteScope server.
ca.cert.pem
If there is already a ca.cert.pem in that directory then be sure to make a backup copy of it first.
2.
Make a backup of the c:\SiteScope\java\lib\security\cacerts file in the same directory called

cacerts.b4wls92certimport
3.
Open a DOS command prompt on the SiteScope server and cd to c:\SiteScope\java\lib\security
4.
Type ..\..\bin\keytool -alias edshswls92 -trustcacerts -import -file ca.cert.pem -keystore cacerts
-storepass password
5.
You should get prompted with something similar to the following

Owner: CN=EDS Hosting Services Certificate Authority, C=US, ST=Michigan, L=Aubur
n Hills, EMAILADDRESS=gwh@gweb.eds.com, OU=Hosting Services, O=EDS
Issuer: CN=EDS Hosting Services Certificate Authority, C=US, ST=Michigan, L=Aubu
rn Hills, EMAILADDRESS=gwh@gweb.eds.com, OU=Hosting Services, O=EDS
Serial number: c20b25501f5829d0
Version 2.0
GM/EDS Confidential
9 November 2009 38

Technical
Valid from: Thu May 17 11:43:19 EDT 2007 until: Thu May 15 11:43:19 EDT 2014
Certificate fingerprints:
MD5: 04:58:21:C8:35:AA:FD:BE:FB:B6:15:48:B5:47:2A:D0
SHA1: D2:65:27:57:38:43:99:A1:45:E1:6E:BF:9C:FB:5D:B7:B1:1C:A5:02
Trust this certificate? [no]:
7.
Answer yes
8.
Then you should get prompted with the following:

Certificate was added to keystore
9.
Then restart SiteScope
10. To backout this change move the cacerts to cacerts.watommoca and move the cacerts.
b4wls92certimport to cacerts and restart SiteScope.
11. If for some reason a backup of the cacerts before the import was not made you can use the following
command to delete the newly trusted certificate authority from the cacerts and then restart SiteScope.
12. C:\SiteScope\java\lib\security>..\..\bin\keytool -keystore cacerts -storepass password -delete -alias
edshswls92
Real Time Monitoring

The tool for real-time monitoring of the WLS domain health and performance is the WLS
domain administration console. The administration console allows you to view status and
statistics for WebLogic Server resources such as instances/servers, HTTP, JNDI, security, EJB,
and JDBC.
The administration console also provides the capability to monitor JVM memory heap usage,
request and throughput.
JDBC connection pools and WLS security issues such as user lockouts can also be monitored
from the administration console.
Version 2.0
GM/EDS Confidential
9 November 2009 39

Technical
Install and Uninstall

Any changes to a system should be part of an authorized work order which is documented at
installation time stating a change is occurring and be authorized via change control processes.
Verify a signed Systems Access and Security Request Form exists for each UNIX user on the
system (for example the Bshortname ID).
Prerequisites
This section describes the other systems and resources that must be in place in order for
WebLogic 9.2 to function properly.
An HP HS Standard Solaris 8 or 10 server or a HPUX 11.23 to be used as an EDS HS

administration server. This is a server that will:
house the EDS HS WebLogic 9.2 installation scripts and binaries
have access to ssh to the server(s) where WLS 9.2 will be deployed without being
prompted for a user id/password and with the capability to sudo to root once
logged into the remote application server. The portion about not being prompted
for user id/password is more of a convenience for the Middleware Team than a
requirement.
Load balancing equipment must be available in front of the web server instances if
web server instances are used. The General Motors Gold Build states that all WebLogic
deployments should have corresponding Sun Java System Web Server infrastructure
used to load balance requests to WebLogic. If you are not using SJWS then please
obtain a NOD from General Motors. This build will require point solution engineering
to provide customization such as load balancing device configuration for
communications directly to WebLogic if SJWS is not used. However integration with
Web Server & WLS plugin configuration are out of scope of this project.
Sufficient disk space must be available on the server(s) where BEA WebLogic will be
deployed (at least 1 GB of free disk space in each of the following file systems
/usr/local/ , /sites, and /var/tmp volumes) or for non standard directory structures
/<PREFIX>/usr/local/, /<PREFIX>/sites and /var/tmp. /usr/local or and /sites (or in
case of non standard directory structure /<PREFIX>/usr/local, /<PREFIX>/sites must
be on SAN or NAS mounted file systems. At least 800 MB available in /var. The space
requirements should be in addition to the Service Guard package requirements if WLS
is being installed into a non standard directory structure corresponding to Service
Guard package.
Sufficient memory must be available on the server(s) where BEA WebLogic will be
deployed (at least 1 GB free that can be dedicated to each domain installed -- but this
is really application dependent). Also if WLS is being installed into non standard
directory structure corresponding to a Service Guard package then the domain space
requirements should be in addition to the Service Guard package and the application
requirements.
The application shortname is 7 characters or less. NOTE: The installation scripts will
not work with a shortname with more characters. The shortname should match the
WebWerks shortname. If it does not then custom point solution engineering should be
engaged to determine if nay issues exist and what needs to be done to resolve them.
The EDS HS HPUX 11.23 Itanium Standard Build must be installed on the web and
application servers.
If WLS needs to be installed into a Service guard package then the Service Guard
cluster should be installed and a package should have been created. And the package
name should be provided for WLS install. This package name should be used as a
PREFIX parameter in server.conf files. An example for creating a service guard
package in a service guard cluster is included in Appendix 4.
Version 2.0
GM/EDS Confidential
9 November 2009 40

Technical
If WLS needs to be installed into a Service guard package then then the Service Guard
cluster should be installed and a package should have been created. And the package
name should be provided for WLS install. This package name should be used as a
PREFIX parameter in server.conf files.
Only one directory structure PREFIX of off root is accommodated with this build into
which WLS can be installed. For example the Service Guard package should be created
off of root i.e. /wls92pkg. And WLS directory structure will appear as
/wls92pkg/usr/local/bea, sites directory will be /wls92pkg/sites and gwh directory
where start and stop scripts corresponding to WLS are stored are under
/wls92pkg/usr/local/gwh
WLS process are not monitored by Service Guard. Service Guard package can be
manually failed over or it can failover when a Service Guard cluster node fails.
System Parameters
HP-UX WebLogic Tuning Parameters
From http://download.oracle.com/docs/cd/E13222_01/wls/docs92/pdf/perform.pdf
WebLogic will function correctly without these changes, but performance may not be optimal for larger
applications. If any of these parameters have been set by another application, then the higher of the two
values must be used. Following are the values for WebLogic 9.2 (based on tuning information from
http://download.oracle.com/docs/cd/E13222_01/wls/docs92/pdf/perform.pdf and
http://docs.hp.com/hpux/onlinedocs/TKP-90203/TKP-90203.html
http://h21007.www2.hp.com/dspp/tech/tech_TechDocumentDetailPage_IDX/1,1701,1602,00.html). The
System Administrator should set the following based on the HP-UX 11.i v2.3 GBD.
Make a backup of the kernel before altering the kernel and network parameters below.
Table 3: WebLogic HP-UX 11iv2.3 Operating System Tuning Parameters

Network Parameter
Value
Comment
tcp_conn_req_max
4096
The max number of outstanding connection requests
tcp_xmit_hiwater_def
1048576
The amount of unsent data that triggers TCP flow control
tcp_ip_abort_interval
60000
R2 for established connection
tcp_rexmit_interval_initial
4000
Initial value for round-trip timeout
tcp_keepalive_interval
900000
Interval for sending keepalive probes
Initial Configuration / Setup

NOTE: only do this once for each physical application server
Before installing WebLogic 9.2 binaries or domains please verify that the following is
configured:
Login to each of the application servers that you plan to use and make sure that for each fully
qualified application server hostname there is a line in the /etc/hosts file that defines how best
to access the server. Typically this will be the internal network address (front end). This will
make sure that the network traffic inside the application server cluster will use the shortest
possible routes and does not get routed out and then back in using the NAT-ed IP addresses
that are normally defined in DNS.
Version 2.0
GM/EDS Confidential
9 November 2009 41

Technical
For example, here are the lines for the shared application servers in pre-production
10.30.150.87 usplgmas002.iweb.gm.com
3
4
And as another example, here are the lines for the shared application servers in production
10.20.150.87 usahgmas002.iweb.gm.com
5
Initial Configuration / Setup

NOTE: only do this once for each physical application server
Before installing WebLogic 9.2 binaries or domains please verify that the following is
configured:
Login to each of the web and application servers that you plan to use and make sure that for
each fully qualified application server hostname there is a line in the /etc/hosts file that
defines how best to access the server. Typically this will be the internal network address (front
end). This will make sure that the network traffic inside the application server cluster will use
the shortest possible routes and does not get routed out and then back in using the NAT-ed IP
addresses that are normally defined in DNS.
For example, here are the lines for the shared application servers in pre-production
6
7
And as another example, here are the lines for the shared application servers in production
8
Installation
This section of the document describes how to install and configure WebLogic 9.2.
1.
2.
3.
4.
5.
6.
7.
Ensure that all items documented in the Installation and De-Installation Prerequisites
section of this document have been met.
Create and install the Application Server SSL Certificates using the Create
Application Server SSL Certificate section of this document.
Install the WebLogic 9.2 Binaries using the Install Binaries section of this document.
Install a WebLogic 9.2 domain using the Install Domain section of this document.
Please note that during the time of the install in any of the server.conf files the
installer should enter values of the parameters and should NOT use substitutions (for
e.g. $variable). If there are variables set in the value already for example in
server.conf file corresponding to additional instance they should be left as is.
Please note that Hosting engineering has provided some variables in the server.conf
file for which values can be set in the server.conf file. But there are additional variables
that needs to be set when running the install at the prompt. For example password
parameters needs to set on the fly they are not provided in the server.conf file.
Installer should not add or remove parameters in the server.conf file.
Please note that if not in all of the HP hosting environments, some HP hosting
environments ( for example in GME ) the ids corresponding to SERVGID and SERVUID
needs to be obtained from the Unix Admin team before they can be set at the time of
the install. Unix team provides specific tracked numbers which should be used to set
these parameters.
Version 2.0
GM/EDS Confidential
9 November 2009 42

Technical
8.
In some environments (for example GME) users and groups cannot be created by any
process (script) they can be created only by the Unix Administration in which case the
install can work with pre existing user and groups.
9. Please note the install file corresponding to binaries, wls-as (domain), additional
instance contains a temporary location set to a prefix of /var/tmp/. If /var/tmp on
the target sever (On the server where WLS needs to be installed) does not have
enough space then this variable can be changed to /tmp if tmp has enough space.
Following is how the variable looks currently
"TMPDIR=/var/tmp/wls_install${DATE}" >> $CONFIGDIR/$CONFIGFILE \
If needed depending on the space constraints this can be changed to
"TMPDIR=/tmp/wls_install${DATE}" >> $CONFIGDIR/$CONFIGFILE \
10. If for any reason if the install is unsuccessful verify the /var/tmp directory and clean
up any remnants of the install.
Create an HP HS Administration Server

Note, the following will not create Control Tool capabilities. This will only allow you to use the HP HS
installation scripts for WLS 9.2 binaries, domains, additional managed server instances.
If you do not have access to one of the original HP HS Administration Servers (for example, ustrsdead001,
usplgmad001, usahgmad001, gmac-adm-pp-vs01, gmac-adm-p-vs01) then you will need to complete the
following:
Obtain a server that has the HP HS Standard Solaris 8 or 10 Operating System build deployed on it.
Create the following directories on the server:
Directory/File Name
Permissions
Owner
/usr/local/gwh/scripts/tarballs/wls92
770
wlsins:gwlsins
/usr/local/gwh/scripts/common/sitesdir/hpux
755
phreak:ed
/
usr/local/gwh/scripts/wls92/binaries/gwhsslcerts/wl
s92
770
root:other
/usr/local/gwh/scripts/wls92_hpux_11.23_itanium
770
wlsins:gwlsins
/usr/local/gwh/scripts/tarballs/java/hpux
755
phreak:ed
Preferably make sure the <installid> UNIX User ID on the new HP HS Administration Server has access to
ssh to <installid> on the servers where WLS 9.2 will be deployed and become root (sudo) without having to
pass a password either during the ssh or the sudo command. To meet the GM and HP security standards
<installid> should not be a generic id, it should be a EDSNET id . This <installid> will be always be part of
gwlsins group. The INSTALLGRP variable should not be changed in any of the server.conf files.
It is required to ensure that the install id has sudo set into default path on the server where WLS needs to be
installed. It is usually set in the default path on the server but incase if it is not in place then this needs to be
requested before the installation. If it is known that in your environment (for e.g. GME, GMAC) it is not set
into default path it is suggested to request it while requesting the installid access privileges.
Please see Appendix 1 of this document for detailed information on how to configure SSH keys if necessary.
Also ensure to remove the sudo access for the <installid> on the server where WLS 9.2 is deployed and
remove SSH trust after the installation is complete.
Copy the following files from the existing HP HS Administration Server to the new HP HS Administration
Server in the same location:
/usr/local/gwh/scripts/common/sitesdir/hpux/makesitesdir
/usr/local/gwh/scripts/common/sitesdir/hpux/sitesdir.tar
Version 2.0
GM/EDS Confidential
9 November 2009 43

Technical
/usr/local/gwh/scripts/tarballs/wls92/<tarball name>
for example
/usr/local/gwh/scripts/tarballs/wls92/server923_generic_hpux_itanium_11.23.jar
/usr/local/gwh/scripts/tarballs/java/hpux/<tarball name>
for example
/usr/local/gwh/scripts/tarballs/java/hpux/jdk1.5.0_13.tar.gz
At some time the scripts and tarballs will be put into an OpsWare ISM and you will be able to use OpsWare
SAS to setup the HP HS Administration Server WebLogic scripts but they are not there at this time.
In general the contents of /usr/local/gwh/scripts/tarballs/wls92 will look similar to the following (note with
each block point these files/directories may be changed)::
-rwxr-xr-x
1 phreak
ed 292020417
server923_generic_hpux_itanium_11.23.jar
In general the contents of /usr/local/gwh/scripts/wls92_hpux_11.23_itanium will look similar to the following

(note with each block point these files/directories may be changed):
Note : After phreak is replaced by generic <installid>
and everything underneath will recursively have 770 as the permissions.( with an exception to the
cert files that will be created for each server under
/usr/local/gwh/scripts/wls92_hpux_11.23_itanium/binaries/gwhsslcerts).
Ensure that the <installid> is added to gwlsins group on the HP HS Administration server for installtion and
configuration purposes. In the server.conf file make sure the INSTALLID and INSTALLGRP are set to the
<install id> and gwlsins.
wls-as:
total 1892
-rwxrwx---rwxrwx---rwxrwx---rwxrwx---rwxrwx---rwxrwx---rwxrwx---rwxrwx---rwxrwx---rwxrwx---rwxrwx---rwxrwx---rwxrwx---rwxrwx---rwxrwx---rwxrwx---rwxrwx---rwxrwx---rwxrwx---rwxrwx---rwxrwx---rwxrwx---rwxrwx---rwxrwx---rwxrwx---rwxrwx---rwxrwx--drwxrwx---rwxrwx---rwxrwx---rwxrwx---
Version 2.0
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
5
1
1
1
wlsins
wlsins
wlsins
wlsins
wlsins
wlsins
wlsins
wlsins
wlsins
wlsins
wlsins
wlsins
wlsins
wlsins
wlsins
wlsins
wlsins
wlsins
wlsins
wlsins
wlsins
wlsins
wlsins
wlsins
wlsins
wlsins
wlsins
wlsins
wlsins
wlsins
wlsins
gwlsins
gwlsins
gwlsins
gwlsins
gwlsins
gwlsins
gwlsins
gwlsins
gwlsins
gwlsins
gwlsins
gwlsins
gwlsins
gwlsins
gwlsins
gwlsins
gwlsins
gwlsins
gwlsins
gwlsins
gwlsins
gwlsins
gwlsins
gwlsins
gwlsins
gwlsins
gwlsins
gwlsins
gwlsins
gwlsins
gwlsins
2978
2976
5734
3404
1898
7310
440
452
440
7705
512
3723
1294
6432
7121
7849
55
10488
2719
3440
2241
1245
968
51
12674
2439
50095
512
50107
50096
27937
Aug
Aug
Aug
Aug
Aug
Aug
Aug
Aug
Aug
Aug
Aug
Aug
Aug
Aug
Aug
Aug
Sep
Dec
Sep
Oct
Nov
Nov
Nov
Nov
Nov
Nov
Dec
Dec
Dec
Dec
Dec
13
13
13
13
13
13
13
13
13
13
13
13
13
13
13
13
4
2
15
30
21
24
26
26
26
26
4
4
4
4
4
2007
2007
2007
2007
2007
2007
2007
2007
2007
2007
2007
2007
2007
2007
2007
2007
2007
2007
2008
2008
2008
2008
2008
2008
2008
2008
2008
2008
2008
2008
2008
wls-logrollover.sh
wls-logrollover-admin.sh
stop_instance
startManaged_instance
start
makemeadmin
deploysample_single921.py
deploysample_ncha921.py
deploysample_clus921.py
createnonhaclusdomain921.py
admincopy_cron.sh
admincopy
ALPHABUILD.txt
createsinglecelldomain921.py
createnonclustereddomain921.py
createdomain921.py
test.txt
setDomainEnv.sh
server.conf_09152008
stop
start_instance
install_users.ldif
user_list.txt
middleware_support_domain_info
middleware_support.ldif.0304091428
create_middleware_support_ldif.sh
InMemRepClient_scell.war.working
jesstmp2
InMemRepClient.war
InMemRepClient_scell.war
InMemRepClient_clus.war
GM/EDS Confidential
9 November 2009 44

drwxrwx---rwxrwx---rwxrwx---rwxrwx---rwxrwx---rwxrwx---rwxrwx--drwxrwx---rwxrwx---rwxrwx---rwxrwx---rwxrwx---rwxrwx---
2
1
1
1
1
1
1
2
1
1
1
1
1
wlsins
wlsins
wlsins
wlsins
wlsins
wlsins
wlsins
wlsins
wlsins
wlsins
wlsins
wlsins
wlsins
gwlsins
gwlsins
gwlsins
gwlsins
gwlsins
gwlsins
gwlsins
gwlsins
gwlsins
gwlsins
gwlsins
gwlsins
gwlsins
Technical
512
12927
1864
12354
6808
9460
1079
3072
1314
166747
37253
25916
2601
Dec 4 2008 jesstmp

Dec 4 2008 nohup.out
Dec 14 10:40 middleware_support2.ldif
Apr 3 14:31 middleware_support.ldif
Apr 6 21:53 configuresinglecelldomain921.py
Apr 6 21:55 configurehadomain921.py
May 4 08:52 cfgadminport.py
May 29 15:51 configs
May 29 17:39 jess.out
Jun 2 14:40 makeserver
Jun 2 15:41 install_as
Jun 2 17:25 install
Jun 2 17:26 server.conf
binaries:
-rwxrwx--drwxrwx---rwxrwx---rwxrwx---rwx-----rwxrwx---rwx-----rwxrwx---rwxrwx---rwxrwx---rwxrwx--drwxrwx---rwxrwx---rwxrwx---rwxrwx--drwxrwx---rwxrwx---rwxrwx--drwxrwx---rwxrwx---rwxrwx---rwxrwx---rwxrwx---rwxrwx---rwxrwx---
wlsins gwlsins
wlsins gwlsins
wlsins gwlsins
wlsins gwlsins
1 root
other
1 wlsins gwlsins
1 root
other
1 wlsins gwlsins
1 wlsins gwlsins
1 wlsins gwlsins
1 wlsins gwlsins
2 wlsins gwlsins
1 wlsins gwlsins
1 wlsins gwlsins
1 wlsins gwlsins
2 wlsins gwlsins
1 wlsins gwlsins
1 wlsins gwlsins
3 wlsins gwlsins
1 wlsins gwlsins
1 wlsins gwlsins
1 wlsins gwlsins
1 wlsins gwlsins
1 wlsins gwlsins
1 wlsins gwlsins
-rwxrwx---
1 wlsins gwlsins
1 wlsins gwlsins
3 root
other
-rwxrwx--drwxrwx---
1
2
1
1
addl-instance:
total 486
-rwxrwx--1
-rwxrwx--1
-rwxrwx--1
-rwxrwx--1
-rwxrwx--1
-rwxrwx--1
drwxrwx--2
-rwxrwx--1
-rwxrwx--1
-rwxrwx--1
-rwxrwx--1
-rwxrwx--1
-rwxrwx--1
-rwxrwx--1
-rwxrwx--1
-rwxrwx--1
-rwxrwx--1
Version 2.0
wlsins
wlsins
wlsins
wlsins
wlsins
wlsins
wlsins
wlsins
wlsins
wlsins
wlsins
wlsins
wlsins
wlsins
wlsins
wlsins
wlsins
gwlsins
gwlsins
gwlsins
gwlsins
gwlsins
gwlsins
gwlsins
gwlsins
gwlsins
gwlsins
gwlsins
gwlsins
gwlsins
gwlsins
gwlsins
gwlsins
gwlsins
501 Aug 13 2007 silent.xml

512 Aug 13 2007 server
2082 Aug 13 2007 openssl.cnf
12288 Aug 13 2007 gwhsslcerts.tar
1818 Aug 13 2007 ca.cert.pem
1051 Aug 13 2007 admincopy_cron.sh
1751 Aug 13 2007 ca.key.pem
3 Aug 14 2007 ca.srl
187 Apr 16 2008 smart_update_silent.xml
70000 Apr 16 2008 prod-info.xml
517 Feb 4 07:44 files.txt
512 Feb 9 20:39 wls92mp3_2009q1_upgrade
35624960 Feb 27 13:34 wls92mp3_2009q1_upgrade.tar
2252 Feb 27 13:44 eds-gm-wls92.txt
13847 Mar 30 15:58 commEnv.sh
2048 Apr 10 13:05 configs
311 Apr 17 06:40 jess.sh
3963 May 28 13:38 makecert.orig
512 May 29 14:29 gwhsslcerts1
55200 Jun 2 14:28 makeserver.problem
55803 Jun 2 14:31 makeserver
12316 Jun 2 15:29 install_wls_binaries_as
7010 Jun 2 15:29 install.orig
7161 Jun 2 15:30 install
1392 Jun 2 15:31 server.conf
4935 Jun 3 15:00 makecert
2088 Jun 3 15:05 openssl.req.cnf
512 Jun 3 15:05 gwhsslcerts
779 Aug 13 2007 deploysample_single921.sh

2978 Aug 13 2007 wls-logrollover.sh
374 Aug 13 2007 weblogic.conf
5748 Aug 13 2007 stop_instance
3748 Aug 13 2007 start_instance
3404 Aug 13 2007 startManaged_instance
512 Aug 13 2007 old
19166 Aug 13 2007 makeaddlinstance_admin.jess.072607
545 Aug 13 2007 getclusterinfo.py
194 Aug 13 2007 deploysample_single921_stop_clus.py
196 Aug 13 2007 deploysample_single921_stop.py
251 Aug 13 2007 deploysample_single921_start_clus.py
253 Aug 13 2007 deploysample_single921_start.py
299 Aug 13 2007 deploysample_single921_deploy.py
536 Aug 13 2007 deploysample_single921.py.bak
523 Aug 13 2007 deploysample_single921.py
554 Aug 13 2007 deploy.sh
GM/EDS Confidential
9 November 2009 45

-rwxrwx---rwxrwx---rwxrwx---rwxrwx---rwxrwx---rwxrwx---rwxrwx---rwxrwx---rwxrwx---rwxrwx---rwxrwx---rwxrwx--drwxrwx---rwxrwx---rwxrwx---rwxrwx---rwxrwx---
1
1
1
1
1
1
1
1
1
1
1
1
2
1
1
1
1
wlsins
wlsins
wlsins
wlsins
wlsins
wlsins
wlsins
wlsins
wlsins
wlsins
wlsins
wlsins
wlsins
wlsins
wlsins
wlsins
wlsins
gwlsins
gwlsins
gwlsins
gwlsins
gwlsins
gwlsins
gwlsins
gwlsins
gwlsins
gwlsins
gwlsins
gwlsins
gwlsins
gwlsins
gwlsins
gwlsins
gwlsins
Technical
7849
921
960
4001
1294
1362
10488
6452
57860
20017
3899
4184
1536
28121
28272
12675
1258
Aug
Aug
Aug
Aug
Aug
Oct
Dec
Jan
Apr
Apr
Apr
Apr
Apr
Jun
Jun
Jun
Jun
13
13
13
13
13
26
2
27
6
6
6
6
10
2
2
2
2
2007
2007
2007
2007
2007
2007
2007
08:24
22:07
22:20
22:21
22:21
19:20
15:42
15:43
17:28
17:30
createdomain921.py
create_machine.py
assign_instance_to_machine.py
assign_instance_2_machine
ALPHABUILD.txt
server.conf.b44q2007
setDomainEnv.sh
startWebLogic_instance
makeaddlinstance
makeaddlinstance_admin
configureaddlinstance921.py
configureaddlinstance921_clus.py
configs
install_addl_instance.orig
install_addl_instance
install
server.conf
Create Self-Signed Application Server SSL Certificate(s)

NOTE: do this once for each physical application server/zone that WebLogic will be deployed
on.
If this is the first time you install binaries on the physical server then complete the following:
1) Login to the HP HS administration server as the <installid> UNIX user id.
2) Ensure that the <installid> is added to gwlsins group on the HP HS Administration server
for installtion and configuration purposes. In the server.conf file make sure the INSTALLID
and INSTALLGRP are set to the <install id> and gwlsins.
3) Type
a) For HPUX cd /usr/local/gwh/scripts/wls92_hpux_11.23_itanium /binaries

directory
4) Type ./makecert <APPSERVERNAME> <APPSERVERDOMAIN> to create the

certificate (for example ./makecert triras001 iweb.gm.com ).
5) When asked to enter values for the following 7 questions you should accept the defaults:
Organization Name, should be EDS

Organizational Unit Name, should be Hosting Services
Email address, should be gwh@gweb.eds.com
Locality Name, should be Auburn HIlls
State or Province name, should be Michigan
2 letter Country Name, should be US
Common Name for the application server, should be
<APPSERVERNAME>.<APPSERVERDOMAIN>
6) When prompted to enter a pass phrase for the root certificate, enter b00gie5r (those are
zero's)
7) Create the directory
a) /
usr/local/gwh/scripts/wls92_hpux_11.23_itanium/binaries/gwhsslcert
s/wls92
Version 2.0
GM/EDS Confidential
9 November 2009 46

Technical
on the pre-production administration server (for example usplgmad001) and copy these
files to that server/directory. Verify that the file ownership and privileges are set the same
on both administration servers. It is expected that all certificates will be created and
signed using the production administration server and the preproduction administration
server will only be used in cases where disaster recovery is necessary.
$APPSERVERHOSTNAME.key.pem
$APPSERVERHOSTNAME.cert.pem
$APPSERVERHOSTNAME.req.pem
Install Binaries
NOTE: do this once for each application server that will host WebLogic 9.2
Expected Time to Install Binaries is approximately 45 minutes depending on whether this is
your first time using these instructions, the speed of your application server host and the
speed of your network.
Complete the following for each physical application server that you need to install the
WebLogic 9.2 Binaries on:
1.
If the application servers are deployed behind a load balancing device then verify that
a NAT exists for each of the application servers on the load balancing device that is in
front of them. This NAT will be used by the extranet web servers to access WebLogic
9.2 and also by the Application Owners, Web Masters and Engineers to access the
Administration Console for each domain. The engineer assigned to the project should
have submitted a work order for this NAT to be created.
2.
Login to the HP HS Administration Server using the installid UNIX id.
3.
Ensure that the <installid> is added to gwlsins group on the HP HS Administration

server for installtion and configuration purposes. In the server.conf file make sure the
INSTALLID and INSTALLGRP are set to the <install id> and gwlsins.
4.
Type
1.
cd /usr/local/gwh/scripts/wls92_hpux_11.23_itanium /binaries
directory
5.
If you want the installation information to be prepopulated edit the server.conf with
the BEAHOME and APPSERVER information before running the install script.
6.
If more than one instance of the binaries are required on the same server then the
following directory structure can be followed
(a) In case of non standard directory structure or
/wls92pkg1/usr/local/bea/wls92a (for the first instance)
and /wls92pkg2/usr/local/bea/wls92b (for the second instance) and so on.
Please note that even though the PREFIX differs (wls92pkg1 vs
wls92pkg2) it is NOT possible to have same BEAHOME. The BEAHOME (in
this example it is wls92a vs wls92b) should be different.
(b) When ever WebLogic is installed into a non standard directory then create
a soft link wls92 to the BEAHOME. In the above examples
i.e. /wls92pkg1/usr/local/bea/wls92a
and /wls92pkg2/usr/local/bea/wls92b create the link as follows
cd /wls92pkg1/usr/local/bea
ln s wls92a wls92
cd /wls92pkg2/usr/local/bea
Version 2.0
GM/EDS Confidential
9 November 2009 47

Technical
ln s wls92b wls92
The creation of link is only to facilitate an easier custom patching in future

when ever it may be required. Due to non standard directory structure
standard automatic patching could not be used as is.
8) Note you can pre-configure the answers to the install script by editing the server.conf file.
In most cases the only items you need to change in this file would be the BEAHOME,
VENDORDIR, APPSERVER and APPSERVER DOMAIN, most other entries should be left at
their default values. If you change any other values then be sure to change them back to
their default values after the installation is complete.
9) This build gives a flexibility to install WLS binaries into standard directory structure as well
as into a non standard directory structure. Non standard directory structure is limited to
one prefix directory of the root which prepended making it /PREFIX/usr/local/bea. If
binaries are being installed into a non standard directory structure then the GWH dir also
reflects the non standard directory structure.
10)It is required to ensure when installation completes successfully or even if it fails manually
verify there are no directories or files associated with this or a previous Weblogic install in
the install tmp directory (for example /var/tmp or /tmp) that have permissions of 777. If
they exist they need to be removed.
11)Type ./install
12)Enter values for the following variables:
Variable Name
Description of Variable
Sample Variable Value
VENDORDIR
The vendor dir for the installation.

The standard installation this
always has to be bea preceded
by /usr/local.
Stanadard /usr/local/bea
But if a non standard installation

is required for example in
scenario where WLS needs to
installed into a Service Guard
package created then
VENDORDIR needs to be
prefixed with the pacakage
name.
/PREFIX/usr/local/bea
The beahome for this

installation. The standard HP HS
Design is for all WebLogic 9.2
Domains to be installed in the
wls92 BEAHOME. This means
that the standard "binaries" for
HP HS WebLogic 9.2 are located
in the /usr/local/bea/wls92
standard directory or
/PREFIX/usr/local/bea/wls92 If
for some reason a second, third,
etc. BEAHOME needs to be
installed, then change this entry
accordingly. The following is
taken from the WebLogic 9.2
Gold Build documentation. The
Gold Build actually states: If you
wls92
BEAHOME
Version 2.0
GM/EDS Confidential
Non Standard :
For e.g.
/wls92pkg/usr/local/bea
9 November 2009 48

Technical
plan on running multiple versions

of WebLogic Server on the
targeted server, use the following
Home Directory naming
convention
/usr/local/bea/wls92a,
/usr/local/bea/wls92b, etc.
And similarly when a non
standard directory needs to be
accommodated then
/PREFIX/usr/local/bea/wls92a,
/PREFIX/usr/local/bea/wls92b
GWHDIR
The directory where all the start

or stop commands for all the
instances is stored.
Standard directory
structure /usr/local/gwh
Non standard directory
structure
/PREFIX/usr/local/gwh
APPSERVER
appserver name
triras001
APPSERVERDOMAIN
appserver domain name
iweb.gm.com
This domain name was used in

the previous step to create the
Application Server SSL
Certificate. This should be the
domain name that application
owners will use to access their
WebLogic Admin Console.
SERVGID
the UNIX GID for the WLS

binaries being installed. Please
note the SERVGRP is
g$BEAHOME (for example
gwls92).
5000
SERVUID
The UNIX UID for the app server

binaries being installed. Please
note the SERVUSER is
B$BEAHOME (for example
Bwls92).
5000
13)NOTE: The following files are created on the administration server in For Solaris
/usr/local/gwh/scripts/wls92_hpux_11.23_itanium/binaries/configs in case you want to
review the output of the script after it has been run:
Log File Name
Log File Description
Wlsbin.cfg.<BEAHOME>.<APPSERVER>.out
The output from the installation on the

application server for the wls92
binaries.
wlsbin.cfg.<BEAHOME>
The input file for the installation on the

application server for the wls92
binaries.
14)The wls_binaries_<BEAHOME>_<DATE>.log file will be created in the BEAHOME

directory. This file contains the output of the BEA WebLogic 9.2 silent install.
Version 2.0
GM/EDS Confidential
9 November 2009 49

Technical
15)Create the following cron job for the root UNIX user id (note that /usr/local/bea/wls92
should be replaced with the BEAHOME for the binaries that you just installed):
30 1 * * * /usr/local/bea/wls92/admincopy_cron.sh > /dev/null 2> &1
Or for Non standard directory structure
30 1 * * * /PREFIX/usr/local/bea/wls92/admincopy_cron.sh > /dev/null 2> &1
16)Make sure that the UNIX user ID that owns the binaries (for example Bwls92) is set so
that its password is non-expiring.
17)Manually add the Bwls92 (or B$BEAHOME) ID to the cron.allow file.
a) Please note that the cron.allow file can be found on HPUX 11.23 OS under
/etc/cron.d/cron.allow. But if there is a ServiceGuard cluster existing on the box the

cluster cron might be used. Please contact the SA for any SeriviceGuard cluster cron
details.
18)For each set of binaries that hosts admin instances that are configured in an HA domain
that is deployed across multiple physical servers configure SiteScope admincopy monitor.
19)In order to be TSS compliant you must import the self-signed SSL Certificate Root
Authority Certificate into your brower. Below are instructions for importing into Internet
Explorer and Netscape browsers. If a customer requests a copy of the ca.cert.pem file you
can send it to them.
a) Internet Explorer
i)
The ca.cert.pem file should be copied from the admin server;

/usr/local/gwh/scripts/wls92_hpux_11.23_itanium/binaries or incase of non
standard directory structure from /PREFIX/usr/local/bea/

wls92_hpux_11.23_itanium/binaries directory to your file system then complete
the following:
ii) Open the IE browser

iii) Select "Tools" > "Internet Options" from the menu
iv) Select the "Content" tab
v) Click the "Certificates..." button
vi) Select the "Trusted Root Certification Authorities" tab
vii) Click the "Import..." button
viii)
Click "Next" at the "Welcome to the Certificate Import Wizard" dialog box
ix) Use the "Browse..." button to find the certificate file you saved to your file system
x) Make sure the "Files of type" drop down has "All files" selected
xi) Select the certificate file and click "Open"
xii) Click "Next"
xiii)
The "Place all certificates in the following store" is selected and the store
is set to "Trusted Root Certification Authorities"
xiv)
Click "Next"
xv) Click "Finish"

xvi)
Click "OK" when prompted with "The import was successful"
xvii)
Close the "Certificates" dialog box.
Version 2.0
GM/EDS Confidential
9 November 2009 50

xviii)
Technical
Close the "Internet Options" dialog box.
b) Netscape:
i)
Navigate to the web server url.
ii) Click "Next" when prompted with the "New Site Certificate" dialog box
iii) Click "Next" at the next dialog box ("Certificate for: EDS, Signed by: EDS...")
iv) Select "Accept this certificate forever" if you do not want to be asked to accept
this certificate again.
v) Click "Next"
vi) Click "Next"
vii) Click "Finish"
General WebLogic License Information

Bea Licenses are Per CPU. So when you are installing WebLogic , be aware the number of cpus your
system holds.
The CPU information can be found via SAM performance monitors system properties.
If you are working in a virtualized environment (zones) then, get your licenses for the ip range, but do get a
license per each (physical Host x number of cpus).
Here is an example of one project and how licensing was done for it.
IP range for Pluat environment - 129.124.60.1-254
PLUAT SERVERS DETAILS:
Server Name
IP Address
USPLSONST769 1 cpu
129.124.60.82
Domain
Name
eabp
Managed
Instance
eabp001
USPLSONST797 1 cpu
129.124.60.83
eabp
eabp002
USPLSONST798 1 cpu
129.124.60.84
eaon
eaon001
USPLSONST799 1 cpu
129.124.60.86
eaon
eaon002
Request a WebLogic License

Oracle no longer requires your IP address(es) in order to provide a license key. Oracle is now providing new
generic license files that simplify the licensing process. New license keys will enable the ful utilization of all
the features of your BEA purchase. Following is the URL for the new licensing information.
http://licensecodes.oracle.com/bea.html#WLPLAT
If you require assistance with your license keys, please contact by sending an email to
licensecodes_ww@oracle.com
Version 2.0
GM/EDS Confidential
9 November 2009 51

Technical
See the Product Licensing, Warranty, and Upgrades section of the document for license
information.
Update the WebLogic License

See the Product Licensing, Warranty, and Upgrades section of the document for license
information.
NOTE: : In order to be TSS compliant all installed software must be appropriately licensed and
authorized. In order to meet this TSS requirement do the following once for each set of
WebLogic 9.2 binaries installed.
Obtain the valid license file(s) from the Service Line Management team. To determine what IP
address should be used for the license you can use the following steps:
1.
Login to the application server as root.
2.
Type hostname. This will return the name of the host, e.g. usplgmas001
3.
Look up the IP address in /etc/hosts for the name returned by the hostname
command. This is the IP address that should be used to create the license.
The license that is originally installed with the binaries is an evaluation license. Please perform
the following on each application server that the binaries were installed on to update the
license to a production license:
1. Login to the application server as root.
2. Type cd <BEAHOME>, for example cd /usr/local/bea/wls92 or
/PREFIX/usr/local/bea/wls92
3. Type cp license.bea license.bea.orig
4. Make sure a copy of the valid/new license is located in this directory
5. Type cp license_update_file license.bea.
NOTE: license_update_file is the name of the valid/new license file.
6. This will overwrite the new license over the top of the original license.bea file.
7. Save a copy of your updated license.bea file in a safe place such as the
/home/<installid>/wls_license directory on the admin server outside the WebLogic
directories. Although no one else can use your license file, you should save it in a
place that is protected from both malicious and innocent tampering.
8. If there are WebLogic 9.2 domains installed that will use this license restart the
domains and ensure that they startup properly.
Install Domain
NOTE: complete the following once for each new WebLogic 9.2 site
The domain installation will check to ensure the WebLogic 9.2 binaries or BEAHOME exists on
the server(s) on which the domain is being installed. If the binaries or BEAHOME does not
exist, the domain installation will fail.
A typical WebLogic 9.2 site in HP HS consists of:
1) A WebLogic 9.2 domain (containing a WebLogic 9.2 admin server and 2 managed server
instances on 2 physically separate servers -- one managed server instance will reside on
the same physical server as the admin server.)
Expected Elapsed Time to Install an HA Clustered Domain is 45 minutes per server (this
includes the time it takes to gather information for the installation such as app server name.)
Version 2.0
GM/EDS Confidential
9 November 2009 52

Technical
NOTE: If you are installing BEA WebLogic 9.2 on the same server as the web server, please
install the application server components first, and install the web server components later
with the -x option. This option was added to support the VSP project, which needed to install a
WebLogic Cluster on the same two machines as the Web Server instances. It is described in
the online help for the ws-site install script as (toggles CREATE_SITESDIR to no). After the
web server installation check the /sites/<shortname>/site/common/logs directory and make
sure all the WLS log directories and the files/subdirectories in those directories are owned by
the B<shortname>:g<shortname> UNIX user ID and group. If they are not change the
ownership of only the WLS log directories and the files/subdirectories in those directories to
the B<shortname>:g<shortname> UNIX user ID and group.
NOTE: You should not try to install the same site in preproduction and production
simultaneously unless you are installing from separate administration servers, otherwise, the
installations will fail as the configuration files created by the install scripts will only work for
one of the installs at a time.
Overview
There are 4 different ways to install a WebLogic 9.2 domain using this templated build:
1.
Install a domain using the DOHACLUS=true entry in server.conf. This will install an
admin instance on 1 physical application server and two managed server instances
clustered across 2 physical application servers. This assumes that the admin instance
will be installed on the same physical server as the 1st managed server instance and
that DONONHACLUS, DONOCLUSHA and DOSINGLECELL server.conf entries are set to
false.
2.
Install a domain using the DONONHACLUS=true entry in server.conf. This will install
an admin instance and two managed server instances clustered on 1 physical
application server. This assumes that the DOHACLUS, DONOCLUSHA and
DOSINGLECELL server.conf entries are set to false.
3.
Install a domain using the DONOCLUSHA=true entry in server.conf. This will install an
admin instance and one managed server instance on one physical application server
and a second managed server instance on a second physical application server. The
managed server instances will not be clustered together. This assumes that the
DOHACLUS, DONONHACLUS and DOSINGLECELL server.conf entries are set to false.
4.
Install a domain using the SINGLECELL=true entry in server.conf. This will install an
admin instance and 1 managed server instance on 1 physical application server. This
installation option is meant for sites using the Advantage license which does not
support WebLogic clustering. Additional instances can be installed, either on the same
physical server or a new physical server to provide for some failover but session
failover will not work. This assumes that the DOHACLUS and DONONHACLUS and
DONOCLUSHA server.conf entries are set to false.
In addition to the above there is a variable named DEV in server.conf. If this domain is being
installed in the HP HS development environment then enter DEV=true, otherwise enter
DEV=false. This variable is mainly used to make sure the system password in the
development environment is different from that in the pre-production and production
environments.
Install Instructions
1. You will need to get the following from the Web Administration Team
2. 5 consecutive ports in the 7000 range (the Web Administration Team will only give you
the first port in this range, and you should assume the next 4 are dedicated for your
application):
a.
Version 2.0
Non-SSL WebLogic 9.2 domain administration port
GM/EDS Confidential
9 November 2009 53

Technical
b.
SSL WebLogic 9.2 domain administration port ("Non-SSL WebLogic 9.2 domain
administration port" + 1)
c. WebLogic 9.2 cluster port ("Non-SSL WebLogic 9.2 domain administration port" +
2)
d. WebLogic domain wide administration port (Non-SSL WebLogic 9.2 domain
administration port + 3)
e. Reserved for future use
10 consecutive ports in the 15000 range (the Web Administration Team will
only give you the first port in this range, and you should assume the next
9 are dedicated for your application):
i. Non-SSL 1st & 2nd managed server instance Port
ii. SSL 1st & 2nd managed server instance port ("Non-SSL 1st & 2nd
managed server instance Port" +1)
iii. Managed server instance administration port (local administration port
override ) (Non-SSL 1st & 2nd managed server instance port +2)
iv. 7 ports reserved for future expansion of the site (additional instances)
3. Note for custom installations: If you are installing a non-HA deployment with multiple
managed server instances you will need to ask for the following because your 1st and
2nd Managed Server Instances can not run on the same IP address and same port as
they do in an HA cluster:
a.
b.
Non-SSL 1st managed server instance port

SSL 1st managed server instance port ("Non-SSL 1st managed server instance
port" +1)
c. Managed instance administration port (local administration port override) (NonSSL 1st Managed Server Instance Port +2)
d. Non-SSL 2nd managed server instance port ("Non-SSL 1st managed server
instance port" +1)
e. SSL 2nd managed server instance port ("Non-SSL 1st managed server instance
port" +1)
f. Managed instance administration port (local administration port override) (NonSSL 2nd managed server instance port +2)
g. 4 ports reserved for future expansion of the site (additional instances)
4. For applications requiring more than 3 managed instances in a non-HA deployment
with multiple managed server instances or more than 6 managed instance in a HA
deployment then additional managed server instance ports will need to be allocated,
for example if SITEA has 15000-150009 allocated but SITEA has a requirement for 10
managed server instances. You would need to allocate 15000-15029 for the non-HA
deployments or 15000-15014 for the HA deployments. In general try to allocate ports
in blocks of 10.
5. If WLS needs to be installed into a Service guard package or non standard directory
structure such as /PREFIX/usr/local/bea/wls92, then it is important to obtain the
service guard package name. Also it is presumed that the binaries are already installed
into the package/prefix directory. It is important to make a note of the
PREFIX/packagename and this will be used in the server.conf file.
6. Login to the HP HS Administration Server using the <installid> UNIX id.
A.
cd /usr/local/gwh/scripts/wls92_hpux_11.23_itanium /wls-as
directory
7. Use the create_middleware_support_ldif.sh script to create the

middleware_support.ldif file as follows:
A. Manually update or verify user_list.txt
Version 2.0
GM/EDS Confidential
9 November 2009 54

Technical
B. Change the Shortname/domain name variable, i.e. SHORTNAME and set a

temporary password in the create_middleware_support_ldif.sh file.
C. Type ./create_middleware_support_ldif.sh
D.
The WEBADMINID entered in the install menu (below) should NOT exist in the
middleware_support.ldif or the ldif import will fail. Please double-check the contents of the
middleware_support.ldif to ensure the WEBADMINID (the EDSNET ID of the installer) is not in
the ldif file before the installation begins.
8. Depending on your location copy the appropriate middleware_support.ldif file to

middleware_support.ldif (for example, cp middleware_support.gmna
middleware_support.ldif).
9. Note you can pre-configure the answers to the install script by editing the server.conf
file. Ensure that the <installid> is added to gwlsins group on the HP HS Administration
INSTALLID and INSTALLGRP are set to the <install id> and gwlsins. In most cases the
only items you need to change in this file would be the SHORTNAME, APPSERVER1,
APPSERVER2, APPSVRDNS, ADMIN_PORT, MGD_SVR_PORT, MCAST_ADDR, SERVGID,
SERVUID, DOHACLUS, DONONHACLUS, DONOCLUSHA, DOSINGLECELL. Most other
entries should be left at their default values, although in some cases for custom
solutions the other options may be changed. If you change any other values then be
sure to change them back to their default values after the installation is complete.
10. This build gives a flexibility to install WLS domain into standard directory structure as
well as into a non standard directory structure depending on the location for the WLS
binaries. Non standard directory structure is limited to one prefix directory of the root
which prepended making it /PREFIX/usr/local/bea. While installing into a non standard
directory structure care needs to be taken to set the PREFIX, VENDORDIR, SITES and
GWHDIR paramaters. All these parameters needs to be consistent.
11. It is required to ensure when installation completes successfully or even if it fails
manually verify there are no directories or files associated with this or a previous
Weblogic install in the install tmp directory (for example /var/tmp or /tmp) that have
permissions of 777. If they exist they need to be removed.
12. Type ./install
13. When prompted enter the password for the system ID and other variables using the
interactive menu. The following was taken from the GM ISP&P 2007: The
recommended password configuration should be a mix of the following combinations:
Upper case alpha (i.e., capital letter)

Lower case alpha
Numeric
14. Enter values for the following variables (note, the 2nd web and 2nd app server
variables will not be displayed in the menu if you do not set DOHACLUS or
DONOCLUSHA to true):
Variable Name
SHORTNAME
The sites shortname
test
APPSERVER1
1st app server name
triras001
APPSVRDNS
app server domain name.
iweb.gm.com
ADMIN_PORT
port that the admin server for this domain

should run on. WebLogic 9.2 admin
server ports are in the 7000 range. Each
WebLogic 9.2 domain has 1 admin server
7000
Version 2.0
GM/EDS Confidential
9 November 2009 55

Technical
and each admin server must run on a

unique port. Contact the HP HS WebLogic
Administration Team to get the assigned
port for this domain.
MGD_SVR_PORT
port that the first managed server in the

domain should run on. WebLogic 9.2
managed server ports are in the 15000
range. Each WebLogic 9.2 managed
server must have a unique port. Contact
the HP HS WebLogic Administration Team
to get the assigned port for this managed
server.
15000
MCAST_ADDR
multicast address that the domain cluster

instances will use to communicate with
each other and the domain admin server
on. Each WebLogic 9.2 domain that uses
the cluster license has 1 multicast address
that is unique from all other domains.
Contact the HP HS WebLogic
Administration Team to get the assigned
multicast address for this domain.
239.1.0.1
NOTE: Do not use the 238.x.x.x range.

This range was used for the iAS instances.
NOTE: Be careful not to use an address
that is allocated to other hardware, for
example Cisco switch hardware
NOTE: Make sure this traffic is routed over
the front-end network
NOTE: Although multicast addresses are
only necessary for sites that use the
cluster license and have a cluster
configured all HP HS domains are
assigned a multicast address in case a
domain determines at a later date that they
require cluster capabilities.
SERVGID
the UNIX GID for the app server user
50518
SERVUID
the UNIX UID for the app server user
50518
PREFIX
The prefix depends on if the binaries are

installed into a standard directrory or a non
standard directory. If the installation of the
binaries is into a non standard directory for
example into a Service Guard package
then the PREFIX value will be set to
package name
Standard value is /
The vendor dir for the installation. The

standard installation this always has to be
bea preceded by /usr/local.
Stanadard /usr/local/bea
But if a non standard installation is

required for example in scenario where
WLS needs to installed into a Service
Guard package created then VENDORDIR
needs to be prefixed with the pacakage
name.
Non Standard :
VENDORDIR
Version 2.0
GM/EDS Confidential
Non standard /<PREFIX>

for example /wls92pkg
/<PREFIX>/usr/local/bea
For e.g.
9 November 2009 56

SITES
Technical
The sites value depends on if the binaries

are installed into a standard directory or a
non standard directory structure for
example into a Service Guard package
Standard : /sites
NonStandard
:/<PREFIX>/sites
for example
/wls92pkg/sites
GWHDIR
The directory where all the start or stop

commands for all the instances is stored.
Standard directory
structure /usr/local/gwh
structure
/<PREFIX>/usr/local/gwh
for example
/wls92pkg/sites
BEAHOME
The beahome for this domain installation.

The standard HP HS Design is for all
WebLogic 9.2 Domains to be installed in
the wls92 BEAHOME. This means that
the standard "binaries" for HP HS
WebLogic 9.2 are located in the
wls92
If for some reason this domain is to be

installed into a second, third, etc.
BEAHOME, then change this entry
accordingly.
WLSPW
The password for the system IDs.

This must be at least 8 characters.
The following was taken from the GM
ISP&P 2007: The recommended
password configuration should be a
mix of the following combinations:
Test123+
Upper case alpha (i.e., capital

letter)
Lower case alpha
Numeric
WEBADMINID
The ID for the web admin installing the

domain. Please remember to remove this
ID from the middleware_support.ldif file
before running the installation. This is the
ID that can be used to set passwords for
the other web administrators unique IDs
after the domain is installed.
zzgm4j
WEBADMINIDPW
The password for the ID for the web admin

installing the domain. This password must
be at least 8 characters in length. The
following was taken from the GM ISP&P
2007: The recommended password
configuration should be a mix of the
following combinations:
Lower case alpha
Numeric
Test123+
Version 2.0
GM/EDS Confidential
9 November 2009 57

CERTKEYPASS
KEYKEYPASS
ORACLEVER
APPSERVER2
Technical
The password to the Java keystore

that stores the servers public SSL
certificate. This must be different
then the KEYKEYPASS and different
then the WLSPW.
The password to the java keystore
that stores the servers private SSL
key. This must be different then the
CERTKEYPASS. The KEYKEYPASS
value is not stored in any files in a
user readable format so this is
something that the Operations team
will need to keep track of in order to
maintain the environment.
Either 10g or 11g. The version of the
Oracle thin driver that the WebLogic
Server instances should have configured
in their CLASSPATH.
2nd app server name
test1234
start1234
11g
triras002
NOTE: The following files are created on the administration server in

/usr/local/gwh/scripts/wls92_hpux_11.23_itanium /wls-as/configs in case you want to review
the output of the script after it has been run:
Log File Name
site.cfg.wls.<SHORTNAME>.as1
The configuration file (answers to the menu options)

for the first application server installation.
site.cfg.wls.<SHORTNAME>.as2
The configuration file (answers to the menu options)

for the second application server installation. Note,
this file will not exist unless you set DOHACLUS=true
in the server.conf file.
site.cfg.wls.<SHORTNAME>.as1.out
The output from the installation on the first application

server.
site.cfg.wls.<SHORTNAME>.as2.out
The output from the installation on the second

application server. Note, this file will not exist unless
you set DOHACLUS=true in the server.conf file.
server.conf
Used by the install scripts as input.
The install script writes the total number of OK, WARNING and ERROR messages
that occurred during the install. If in doubt you should grep the *out files for your
installation for "ERROR", "WARNING", or "Failed" to see if there were any errors
during the installation.
To test that the domain was installed correctly, use the following URLs (replacing the
necessary server DNS names and ports based on the information you ran the
installation with):
https://triras003.iweb.gm.com:7023/console
If instances are clustered:
Version 2.0
GM/EDS Confidential
9 November 2009 58

Technical
http://triras003.iweb.gm.com:15020/InMemRepClient_clus/Session.jsp
http://triras004.iweb.gm.com:15020/InMemRepClient_clus/Session.jsp
If instances are not clustered:
http://triras003.iweb.gm.com:15020/InMemRepClient_scell/Session.jsp
http://triras004.iweb.gm.com:15020/InMemRepClient_scell/Session.jsp
If the sample application is not deployed then please refer to the Deploy the Sample
Application section of this document for information on how to deploy the sample
application.
The wls_install_<shortname>_date/timestamp.out file will be created in the domain
root (/<VENDORDIR>/<BEAHOME>/domains/<SHORTNAME> directory. This should
only contain INFO messages, but no WARN or ERROR messages
15. Important TSS NOTES:
A. Using a web browser access the admin console, deselect the Listen Port
Enabled entry for the administration server instance only. Restart the admin
instance to make the change take affect.
B. The automatically generated webadmin, gwheng and shortname_deployer ID
should already be deleted from the embedded LDAP. A deployer ID tied to a
specific user ID (or multiple deployer IDs) needs to be created for each person
that is to deploy code. Please set the ids password to something that is
specific to the site (not easily guessable) and notify the application owner of
the id/password combination. Verify a signed systems access and security
request form exists for each user on the system.
16. All B<shortname> ids should be non-expiring batch IDs. These IDs should never
expire their passwords or the nightly cronjob to rotate log files may not work properly.
17. Remove the middleware_support.ldif file
18. In the create_middleware_support_ldif.sh script replace the domain/shortname with SHORTNAME
in all caps so the next installer can use find and replace to update that value.
19. In the create_middleware_support_ldif.sh script replace the temporary password with TEMPPW in
all caps so the next installer can use find and replace to update that value.
20. Email global distribution for the local Middleware/COTS support teams (Operations team members
that require Administrative access to WebLogic) about the installation including. the
shortname/domain name, admin URL, admin server name, and temporary password in the email.
The GM GSO GLOBAL SOFTWARE distribution list should only be in the bcc field of the email to
hide the list of recipients. The email should also state that all temporary passwords are required to
be changed by the individual user immediately. (General Motors UNIX Security Checklist item
1.2.3)
21. Make a note to login to the application servers the day after the domain was installed
and validate that the cron job to rotate log files and if applicable the admincopy
portion of the log file rotation is working. You should see a gz file in
/sites/<shortname>/site/common/logs/92_dailybackups for the previous night to
ensure the log file rotation worked. If you do not then check /var/cron/log to see what
type of error/issue was encountered or the
/sites/<shortname>/site/common/logs/wlscron.log file. To ensure the admincopy
portion of the log file rotation worked you should review the first application servers
/sites/SHORTNAME/site/common/logs/92_wlscron.log for any errors from the previous
nights cron run specifically the copy of the admin files from the first server to the
second server in the domain. As a second check point to ensure the admincopy
portion of the log file rotation worked you should login to the 2 nd server in the domain
and cd to the domain root/admin_bak directory. Check to ensure the admincopy.tar.gz
Version 2.0
GM/EDS Confidential
9 November 2009 59

Technical
file exists in that directory, that it has a file size greater than 0 and has the
date/timestamp of the previous night.
22. Configure the Event Monitors for the new domain.
23. To allow Deployer IDs access to manage JDBC elements complete the following (the
following is in red text because at the current time this does not work. A ticket has
been opened with Oracle and the vendor has confirmed this is a bug and has
submitted a request to Oracle engineering to provide a patch. When a patch is
available HP HS engineering will evaluate and apply the patch as appropriate):
a.
b.
c.
d.
e.
f.
g.
h.
i.
j.
k.
Version 2.0
Add the Deployer Role to the ADS_deployer group:

1. Login to the WebLogic Administration Console using an ID with
administration access.
2. Click Security Realms myRealm - Roles and Policies Realm
Roles.
3. Expand Global Roles.
4. Expand Roles.
5. Click View Role Conditions for the Deployer Role.
6. Click the Group: Deployers link.
7. Enter ADS_deployer in the Group Argument Name field and click
Add.
8. Click Save.
Add the newly created deployer ID(s) to the ADS_deployer group
1. Go to Security Realms myrealm-Users and Groups. You should be on
the Users Tab
2. Click on $domain_deployer ID
3.
Select Groups then Click on Deployers on the Chosen Field and click
on the <- button to remove the group from the Chosen Field.
4. Click on the ADS_deployer to highlight the group and click on the ->
button to move the group to the Chosen Field.
5. Click on Save.
Click Lock & Edit.
In the left pane of the Administration Console, select Security Realms
Select myRealm- Configuration-General
Enable Use Authorization Providers to Protect JMX Access.
Click Activate Changes.
Restart the WebLogic server (mandatory).
Login to the Administration Console using an ID that has administration access and
select Security Realms- myRealm- Roles and Policies-Realm Policies
Allow Datasource Creation:
1. Select JMX Policy Editor (Help topics in left hand panel HOW DO I
contains more clear explanation Create JMX policies)
2. GLOBAL SCOPE should be enabled by default click Next
3. A list of MBean Type will be displayed.
4. Expand the weblogic.management.configuration tree and select
DomainMBean and click Next
5. A list of Attributes and Operations will be displayed.
6. Expand the Operations: Permission to Invoke tree, select
createJDBCSystemResource and click the Create Policy button
7. On the Edit JMX Policies page, click the first Add Conditions
8. On the Choose a Predicate page, in the Predicate List, select group and
click Next
9. Enter ADS_deployer in the argument field, and click Add.
10. Add a second group, the Administrators group as well
11. Click Finish
12. Click Save after you finish
Allow Datasource Password to be Stored:
1. In the same window pane, right under the Search box select JMX
Policy Editor from the Home> entry.
GM/EDS Confidential
9 November 2009 60

Technical
2.
3.
4.
5.
6.
7.
8.
Again, GLOBAL SCOPE should automatically be selected, click Next.

Expand the weblogic.j2ee.descriptor.wl tree.
Select the JDBCDriverParamsBean entry and click Next.
Expand the Encrypted Attributes: Permission to Write tree entry.
Select Password and click Create Policy.
On the Edit JMX Policies page, click the first Add Conditions
On the Choose a Predicate page, in the Predicate List, select group
and click Next
l. Allow Datasource Deletion:
2. Again, GLOBAL SCOPE should automatically be selected, click Next.
3. Expand the weblogic.management.configuration entry.
4. Select the DomainMBean entry and click Next.
5. Expand the Operations: Permission to Invoke entry.
6. Select the destroyJDBCSystemResource entry.
7. Click Create Policy.
8. On the Edit JMX Policies page, click the first Add Conditions
9. On the Choose a Predicate page, in the Predicate List, select group
and click Next
m. Allow Datasource Modification:
2. Again, GLOBAL SCOPE should automatically be selected, click Next.
3. Expand the weblogic.maangement.runtime entry.
4. Select the JDBCDataSourceRuntimeMBean entry and click Next.
5. Expand the Operations: Permissions to Invoke entry.
6. Select the isOperationAllowed entry and click Create Policy.
7. On the Choose a Predicate page, in the Predicate List, select group
and click Next
Initiate Trust Relationship Between B<shortname> Ids in the Cluster

If this site is clustered across 2 physical servers, create a trust relationship for the
B<shortname> ids on the servers as follows:
1.
Set the B<shortname> Unix User ID's password on both application servers. Set the
ID password to be non-expiring. NOTE: If you do not do this, the nightly cron that
runs to rollover the log files and to copy admin instance information to the second
server in the cluster will not work properly. This means that you will not be able
to fail over the administration server to the second application server.
2.
Configure the B<shortname> Unix User IDs that the domain was installed with so that
their passwords do not expire.
3.
Login to the first server as the B<shortname> Unix User ID
Version 2.0
GM/EDS Confidential
9 November 2009 61

Technical
4.
Type ssh B<shortname>@appserver2.appsvrdns and make sure that you are able
to login without getting prompted for a password. NOTE: make sure you use the full
dns name and not just the hostname when you do this.
5.
All B<shortname> ids should never expire their passwords or the nightly cronjob to
copy admin server instance files to the 2nd server in the cluster for failover purposes
may not work properly.
Install Additional Instance

It takes approximately 45 minutes to install each additional instance (15 minutes to prepare, 15 minutes to
run the script and 15 minutes to validate the installation was successful.)
Notes for deploying additional instances:
If anyone has clicked on Lock & Edit on the Administration Console or is

running a WLST or some type of script that is making changes to the WLS
configuration that you are adding an instance to then the following will not
work. In other words, you need exclusive access to the WebLogic domain
configuration to run the following commands.
If there are any existing changes to be activated in the WLS domain (for
example if you login to the admin console and the activate changes button is
available to click then those changes should be activated before continuing
with this deployment or this deployment will likely fail.
Please stay out of the administration console during this installation. Do not
open a browser and browse the admin console during these updates. If
necessary temporarily change the deployer ID and system ID passwords
before starting the additional instance installation to keep all other potential
users out of the administration console during this change as well.
This deployment will not target the sample application to the new instance if it
is not part of an existing cluster. That is a manual step you will need to
perform after the script has finished running.
This script to install an additional instance expects the administration server

for the instance to be running when this script is run.
It was discovered during the testing of this build that when installing a domain
if port 7001 is used as non ssl admin server port then the additional instance
install will potentially fail while setting the listen address. This was
investigated and the reason for this issue is that WebLogic is possibly using
7001 as a default port for various configuration purposes. There are couple of
alternatives. First one is to avoid using 7001 port while installing any
WebLogic domains. However if you are forced to use this port for any reason
then on the HP admin server under
/usr/local/gwh/scripts/wls92_hpux_11.23_itanium/addl-instance do the
following steps
1.
Rename the configureaddlinstance921.py file to

configureaddlinstance921.py.orig
2.
Rename the configureaddlinstance921.py.test to

configureaddlinstance921.py.test file alters the sequence of wlst

commands as compared to configureaddlinstance921.py file by moving the
setting port commands prior to setting the listen address and there by
excluding the port conflict issue.
Version 2.0
GM/EDS Confidential
9 November 2009 62

3.
Technical
After completion of the install it is required to put the original file back
by renaming configureaddlinstance921.py.orig to
Instructions for deploying additional instances:

1. Gather the following information:
Next instance name (for example, if gmbla001 and gmbla002 managed server
instances are already installed, the next instance name for the domain would be
gmbla003. You can view the currently installed managed server instance names in
the WebLogic 9.2 Administration Console using a browser).
Next available managed server instance port in the 15000-16000 range.
2. NOTE: Because of the updates made to the config.xml file in WLST offline mode
(when the admin instance is down), you should only install 1 additional instance to a
domain at a time.
3. If you are adding an instance to a WebLogic 9.2 domain that consists of one or more
managed server instances that is/are not already part of a cluster and you want to
cluster the existing instance(s) and the new instance, use the following instructions to
create the cluster and then continue with the rest of this section. You can view
whether a cluster is installed and what instances are a part of it in the WebLogic 9.2
Administration console using a browser:
a. Click on Lock & Edit
b. Click on Environment
c.
Click on Clusters
d. Click on New
e. Enter shortname_cluster in the Name field, for example test4_cluster. If
shortname_cluster already exists then enter the new cluster name.
f.
Enter the multicast address and port assigned to the cluster in the appropriate
fields. If multiple clusters are deployed to this domain they should each have their
own unique multicast address and port.
g. Enter the cluster address which will be in the format of

ms1_dns_name:ms1_port,ms2_dns_name:ms2_port for example jess-app-rvs01.iweb.gm.com:16580,jess-app-r-vs02.iweb.gm.com:16580,jess-app-rvs01.iweb.gm.com:16583,jess-app-r-vs02.iweb.gm.com:16583
h. Click OK
i.
Click on the Configuration Servers tab
j.
For each instance to add to the cluster

1. Click Add
2. Make sure Select an existing server, and add it as a member of this cluster is
selected and select the instance from the drop down and click Next
k. Make sure the instances to be added to the cluster are stopped. Please remember
if this is the first time WLST is being used for an instance it will take a minute or
two to stop the instance.
l.
m. Start the stopped managed server instances in the domain.

4. If you add a cluster to a configuration that was originally installed without a cluster,
you need to un-target the InMemRepClient_scell from the managed server instances
Version 2.0
GM/EDS Confidential
9 November 2009 63

Technical
that are now clustered and instead deploy the InMemRepClient_clus sample app to
those instances. Both sample applications are in the
/<VENDORDIR>/<BEAHOME>/domains/SHORTNAME/servers/SHORTNAME_admin/upl
oad directory or a non standard directory such as
<PREFIXDIR>/<VENDORDIR>/<BEAHOME>/domains/SHORTNAME/servers/SHORTNA
ME_admin/upload on the server that hosts the domains admin server. You will need to
first stop and undeploy the InMemRepClient_scell application from the instance(s) and
then use the instructions starting with #3 of the Deploy the Sample Application
section of this document to deploy the InMemRepClient_clus application.
5. On the EDS HS administration server cd
A. For HPUX Solaris /usr/local/gwh/scripts/wls92 _hpux_11.23_itanium
/addl-instance
6. You can pre-configure the answers to the install script by editing the server.conf file
Ensure that the <installid> is added to gwlsins group on the HP HS Administration
INSTALLID and INSTALLGRP are set to the <install id> and gwlsins. In most cases the
only items you need to change in this file would be the SHORTNAME, ADMINSERVER,
ADMIN_PORT, ADMINSVRDNS, APPSERVER, APPSVRDNS, SERVGID, SERVUID,
MGD_SVR_PORT, INSTANCENUM, and NEWSVR. If you are installing using
DONONHACLUS or DOSINGLECELL then you do not need to enter anything for
APPSERVER2 or you can leave what ever entry is there alone, the script will ignore it.
7. Following are the examples to set standard VENDOR dir and PREFIX parameters in
server.conf
A. Standard directory structure is required the
o
VENDORDIR=/usr/local/bea
PREFIX=/
SITES=/sites
GWHDIR=/usr/local/gwh
B. non standard prefix directory required to be prepended to /usr/local/bea/wls92

(for e.g. /wls92pkg/usr/local/bea/wls92) and if the sites, gwh directory also
needs to be installed into into the prefix directoty then in server.conf file
should be set as follows
o
VENDORDIR=/wls92pkg/usr/local/bea
PREFIX=/wls92pkg
SITES=/wls92pkg/sites
GWHDIR=/wls92pkg/usr/local/gwh
8. If you are installing this instance on a server that already hosts this WLS domain for
this WLS version then you will need to find out what the CERTKEYPASS (see the stop
files for any of the instances in that domain on that server) and KEYKEYPASS are for
the existing SHORTNAMEkeystore.jks which is where the public and private key portion
of the SSL certificate are stored respectively. The KEYKEYPASS can be tested
manually before running the install by using a command for example:
As the Bshortname ID in the ~BSHORTNAME/JKS directory type
keytool list keystore SHORTNAMEkeystore.jks storepass password
replacing the SHORTNAME and password entries as appropriate for this site.
The KEYKEYPASS value is not stored in any files in a user readable format so
Version 2.0
GM/EDS Confidential
9 November 2009 64

Technical
this is something that the Operations team will need to keep track of in order
to maintain the environment.
9. If the following directory exists on the server/zone where the additional instance is to
be deployed make sure the permissions of the directory recursively are set to 770 then
continue with the installation: /var/tmp/wlstTemp/packages
10. It is required to ensure when installation completes successfully or even if it fails
manually verify there are no directories or files associated with this or a previous
Weblogic install in the install tmp directory (for example /var/tmp or /tmp) that have
permissions of 777. If they exist they need to be removed.
11. Type ./install
12. Enter values for the following variables (Please make sure the ip/port combination you
assign to the new instance is not already being used, the script will not validate this
for you it will just fail if this is not the case):
Variable Name
SHORTNAME
The sites shortname
test4
ADMINSERVER
The sites WebLogic 9.2

administration server host
name
triras001
ADMIN_PORT

administration server
administration port number
(in the 7000 range).
7003
ADMINSVRDNS

administration server domain
name. NOTE: DO NOT USE
GWEB.EDS.COM it will not
work, i.e. use front end
network and not back end
network.
iweb.gm.com
APPSERVER
The application server host

name where the new instance
should be installed
triras001
APPSVRDNS
The application server domain

name.
iweb.gm.com
NOTE: DO NOT USE

GWEB.EDS.COM it will not
work
SERVGID
the UNIX GID for the app

server user
50518
SERVUID
the UNIX UID for the app

server user
50518
BEAHOME

that the standard "binaries" for HP
HS WebLogic 9.2 are located in
wls92
Version 2.0
GM/EDS Confidential
9 November 2009 65

Technical
the /usr/local/bea/wls92 directory.
If WLS needs to be installed into a
non standard directory then a
<prefix>/<vendordir><beahome>
could be used. This means that
an example of a non standard
directory is set to
/wls92pkg/usr/local/bea/wls92
If for some reason this
domain was installed into a
second, third, etc. BEAHOME,
then change this entry
accordingly.
The following is taken from the
WebLogic 9.2 Gold Build
documentation. This build is for
9.2MP2 or later so the 9.2SP1
reference below is out of date but
is what the Gold Build actually
states: If you plan on running
multiple versions of WebLogic
Server on the targeted server, use
the following Home Directory
naming convention
/usr/local/bea/wls92a,
/usr/local/bea/wls92b, etc. The
WebLogic 9.2 SP1 version has to
be installed in the directory
/usr/local/bea/wls92. If needed a
non standard directory structure
can be accommodated by
prepending with a prefix directory
MGD_SVR_PORT
The new instances non-SSL

port in the 15000 range.
Note: If you are installing 2
new instances, for example,
instance 003 & 004. As long
as the instances are on
separate physical servers or
zones (or ip addresses) you
can assign them the same
port number.
15003
INSTANCENUM
The new instances number,

for example, if you are
adding an instance to the
gmbla cluster that already
has a gmbla001 and
gmbla002 instance, then
enter 003 here
003
NEWSVR
If you are installing this

instance on a new server that
the domain does not already
exist on, then enter true
here, otherwise, enter false.
If you answer true to this,
then you will have additional
false
Version 2.0
GM/EDS Confidential
9 November 2009 66

Technical
manual steps to take to get
the boot.properties
configured for this instance.
This manual step is
documented below, but is not
supported at this time and
has not been tested. This
option is included for future
enhancement purposes only.
CLUSTERED
If you are adding this

instance to a cluster, then
enter true here, otherwise
enter false. Standard HP HS
WebLogic 9.2 installations are
clustered.
true
Note: If there are multiple

clusters configured in the
domain then always set this
to false and use a web
browser to access the WLS
admin console and add the
appropriate instances to the
appropriate cluster using the
instructions at the beginning
of this section after the
instances are installed.
CLUSTERNAME
If CLUSTERED=true then
provide the name of the
cluster here. The default for
this value is
SHORTNAME_cluster.
test4_cluster
ORACLEVER
Either 10g or 11g. The

version of the Oracle thin
driver that the WebLogic
Server instances should have
configured in their
CLASSPATH.
11g
CERTKEYPASS
Provide the password to the

Java keystore that stores the
servers public SSL certificate.
This must be different then
the KEYKEYPASS and the
WLSPW.
test1234
KEYKEYPASS
Provide the password to the

java keystore that stores the
servers private SSL key. This
must be different then the
CERTKEYPASS. The
KEYKEYPASS value is not
stored in any files in a user
readable format so this is
something that the
Operations team will need to
keep track of in order to
start1234
Version 2.0
GM/EDS Confidential
9 November 2009 67

Technical
maintain the environment.
PREFIX
SITES
PREFIX is the parameter that

allows to use this build to
install WLS into non standard
directories. To install WLS 92
into standard directory
structure PREFIX is set /. To
install WLS92 into non
standard directories then
prefix is set to a directory for
example wls92pkg
Standard directory structure

set it to /
Sites is set to /sites for

standard directory structure
and for non standard
directory structure the same
variable as that set for
PREFIX should be prepended.
Standared is /sites

structure set it to prefix
directory for example
/wls92pkg
Non standard is
<PREFIX>/sites for e.g.
/wls92pkg/sites
13. NOTE: The following files are created on the administration server in
For HPUX /usr/local/gwh/scripts/wls92_hpux_11.23_itanium /addl-instance/configs

in case you want to review the output of the script after it has been run:
Log File Name
site.cfg.wlsaddl.<SHORTNAME>.<INSTANCENUM>
The input used to run the

installation -- saved for historical
and troubleshooting purposes.
server.conf
The input used by the script to

run the installation. This file is
replaced every time the script is
run.
site.cfg.wlsaddl.<SHORTNAME>.<INSTANCENUM>.out
The output of the installation -saved for historical and

troubleshooting purposes
14. If you installed with CLUSTERED=true then, the sample application will get deployed
to the new instance as soon as it becomes part of the cluster assuming the cluster had
the sample application deployed to all servers in the cluster without issue before this
instance was installed.
15. If you installed with CLUSTERED=false then you need to manually deploy the sample
application to the new instance(s):
Version 2.0
GM/EDS Confidential
9 November 2009 68

Technical
A. Restart the entire domain including the administration server instance. This
restart can be done in HA mode if the application requires it. Do not continue
until all instances in the domain are in RUNNING mode.
B. Using the system ID login in to the administration console for the domain.
C. Make sure there are no changes to activate. If there are then activate those
changes before continuing.
D. If the InMemRepClient_scell has NOT been deployed in the domain before
then use the following instructions otherwise continue with step E:
1. In the WLS Administration Console click Lock & Edit
2. Click Deployments (in the left navigation pane)
3. Click Install
4. Navigate to
/<VENDORDIR>/<BEAHOME>/domains/SHORTNAME/servers/SHORTN
AME_admin/upload or for non standard directories
<PREFIX>/<VENDORDIR>/<BEAHOME>/domains/SHORTNAME/server
s/SHORTNAME_admin/upload
5. Select the InMemRepClient_scell.war file and click Next
6. Select Install this deployment as an application and click Next
7. Select the appropriate target(s) and click Next
8. Select Copy this application onto every target for me and leave
all other default values
9. Click Next
10. Click Finish
12. Click Deployments (in the left navigation pane)
13. Place a checkmark in the checkbox next to InMemRepClient_scell and
click Start servicing all Requests
14. Click Yes, you should see the InMemRepClient_scell application State
change to Active.
E. If the InMemRepClient_scell is already deployed to existing instances in the
domain and you need to add the new instance(s) as target(s) for the
application then:
1.
In the WLS Administration Console click Lock & Edit
2. Click on Deployments
3. Place a checkmark in the checkbox next to InMemRepClient_scell and
click Stop Force Stop Now
4. Click Yes
5. Click on the InMemRepClient_scell application link
6. Click on the Targets tab
7. Select the new instance to be targeted and click Save
9. Click Deployments
Version 2.0
GM/EDS Confidential
9 November 2009 69

Technical
10. Place a checkmark in the checkbox next to InMemRepClient_scell

and click Start Servicing All Requests
11. Click Yes, you should see the State change to Active.
16. Make sure that you can access the sample application via a browser using a URL
similar to the following:
A. http://new_instance_url:port/InMemRepClient_clus/Session.jsp for clustered
new instances
or
B. http://new_instance_url:port/InMemRepClient_scell/Session.jsp for single cell
new instances
17. If this is the first time the domain is being deployed on a 2nd server or zone (for
example, the domain was a SINGLECELL installation originally) then configure the
nightly admin copy cron job by doing the following:
A. Make sure the Bid on the server/zone hosting the admin instance can ssh to
the Bid on the second server/zone using the fully qualified DNS name of the
2nd server/zone without using a password. See the Create Trust Relationship
Between B<shortname> Ids in the Cluster section of the document.
B. Uncomment the following entries in the first servers
/<VENDORDIR>/<BEAHOME>/domains/SHORTNAME/wls-logrollover.sh script,
if non standard directories are used in the first servers
/<PREFIX>/<VENDORDIR>/<BEAHOME>/domains/SHORTNAME/wlslogrollover.sh script,
1. #echo "running admincopy script now ..."
2. #$WLSDIR/admincopy
C. Copy the HP HS Administration Server
For HPUX /usr/local/gwh/scripts/wls92_hpux_11.23_itanium/wlsas/admincopy

script to the first server in the domain in
/<VENDORDIR>/<BEAHOME>/domains/SHORTNAME/admincopy and for non
standard directories it is in
/<PREFIX>//<VENDORDIR>/<BEAHOME>/domains/SHORTNAME/admincopy. Edit
the following variables in the admincopy script in the domain:
Variable
Definition
Sample Value
SHORTNAME
The sites shortname
test4
SERVUSER
The Unix User ID that runs the

site
Btest4
SECOND_SERVER
The fully qualified DNS name for

the 2nd server the domain is
deployed to
jess-app-r-vs02.iweb.gm.com
BEAHOME
The VENDORDIR/
BEAHOME/domains/SHORTNAME
for the directory structure where
the domain is installed
Standard directory structure

/usr/local/bea/wls92/domains/test4
Non standard directory structure
/<PREFIX>/usr/local/bea/wls92/test4
or for e.g.
Version 2.0
GM/EDS Confidential
9 November 2009 70

Technical
/wls92pkg/usr/local/bea/wls92/test4
D. On the 2nd server in the domain create the

/<VENDORDIR>/<BEAHOME>/domains/SHORTNAME/admin_bak directory or
for non standard directories
/<PREFIX>/<VENDORDIR>/<BEAHOME>/domains/SHORTNAME/admin_bak
owned by the B<shortname>:g<shortname> UNIX user ID and group with
permissions set to 750.
E. Copy the HP HS Administration Server for HPUX
/usr/local/gwh/scripts/wls92_hpux_11.23_itanium /wls-as/makemeadmin
script to the second server in the domain in
/<VENDORDIR>/<BEAHOME>/domains/SHORTNAME/makemeadmin or for
non standard directories/<PREFIX>/<
VENDORDIR>/<BEAHOME>/domains/SHORTNAME/admin_bak. Edit the
following variables in the admincopy script in the domain:
Variable
Definition
Sample Value
VENDORDIR
The directory where the

BEAHOME is deployed.
Standard directories
/usr/local/bea
Non standard directories
/<PREFIX>/usr/local/bea for
example
BEAHOME

that the standard "binaries" for HP
HS WebLogic 9.2 are located in the
wls92
If for some reason this domain

is to be installed into a second,
third, etc. BEAHOME, then
change this entry accordingly.
Version 2.0
SHORTNAME
The sites shortname
test4
SERVUSER
The Unix User ID that runs the

site
Btest4
AS1_DNS
The fully qualified DNS name

for the 1st server/zone the
domain is deployed to
AS2_DNS
The fully qualified DNS name

for the 2nd server/zone the
domain is deployed to
AS1
The short server name for the

1st server/zone the domain is
deployed to
jess-app-r-vs01
AS2
The short server name for the

2nd server/zone the domain is
deployed to
jess-app-r-vs02
GM/EDS Confidential
9 November 2009 71

Technical
F. Make sure the owner of the makemeadmin and admincopy scripts is

B<shortname>:g<shortname> and the permissions are set to 770.
G. After completion of the install ONLY if the original domain install used port
7001 and if you have renamed configureaddlinstance921.py.test to
configureaddlinstance921.py then it is required to put the original file back by
renaming configureaddlinstance921.py.orig to configureaddlinstance921.py
H. One day after configuring this validate that the admincopy worked by checking
the 2nd servers (However admin failover is out of scope of this project and this
step is not tested specifically)
/<VENDORDIR>/<BEAHOME>/domains/SHORTNAME/admin_bak directory or
in case of non standard directories use
/<PREFIX>/<VENDORDIR>/<BEAHOME>/domains/SHORTNAME/admin_bak
to make sure the tar.gz file from the first server is there.
De-installation
De-Install Binaries
NOTE: Repeat the following steps on all of the application servers where the binaries exist.
IMPORTANT: Before removing the binaries from an application, be sure to stop any domains running on
those binaries and remove them before removing the binaries.
NOTE: Replace <BEAHOME> below with the name of the binaries that are being removed. For example,
the standard HP HS BEAHOME is wls92, but in some cases there may be a 2nd or 3rd set of binaries
installed.
1.
2.
Login to the application server as root

Type cd /usr/local/bea
3.
Type rm -rf <BEAHOME>
4.
If this is the last set of WebLogic binaries in the /usr/local/bea directory, then remove the entire
/usr/local/bea directory.
5.
Remove the B< BEAHOME> UNIX user ID from /etc/passwd and /etc/shadow.
6.
Remove the g<BEAHOME> UNIX user ID from /etc/group.
7.
As root type pwconv to make sure the edits to /etc/passwd and /etc/group are finished.
8.
If the admincopy_cron.sh for the set of binaries you are removing is configured for the root id cron
Remove the cron entry. Please note that each set of binaries has its own cron entry for the root id
so there could be multiple cron entries that look similar, please do not delete the wrong one. If this
is the only set of WebLogic 9.2 binaries on the server then remove the wlsmon Solaris id from the
server as well. If you do not perform this task then please open up a request with the security team
to remove this id.
9.
If there are any /usr/local/gwh/lib/start<BEAHOME>admin, start<BEAHOME>managed,

stop<BEAHOME>admin or stop<BEAHOME>managed scripts then they should be removed.
These scripts should also be removed from /usr/local/gwh/lib/startcommands and
/usr/local/gwh/lib/stopcommands.
De-Install Domain
Version 2.0
GM/EDS Confidential
9 November 2009 72

Technical
NOTE: Repeat the following steps on all of the application servers where the domain components exist.
IMPORTANT NOTE: Before removing the domain from an application, be sure to stop any instances
running in that domain.
NOTE: Replace <BEAHOME> below with the name of the binaries that the domain in installed in. For
example, the standard HP HS BEAHOME is wls92, but in some cases there may be a 2nd or 3rd set of
binaries installed.
1.
2.
Login to the application server as root

Type cd /<VENDORDIR>/<BEAHOME>/domains
3.
Make sure the domain instances are not running.
4.
Type rm -rf <DOMAIN_NAME> where DOMAIN_NAME is replaced with the shortname for the
domain/site you are removing.
5.
If nothing else is installed in /sites/<shortname>, such as no iAS installation, no other version of

weblogic, no batch scripts, etc. then you can just remove /sites/<shortname>. In other words, if
there is nothing other than the "base" weblogic files (for example, if they have batch files in the
following directories than you will have to work with the app team to backup those files before this
directory is removed if they will need those files after the de-install), otherwise, remove only the
following directories from /sites/<shortname>:
6.
<SITES>/live/wls92
<SITES>/backup/wls92
<SITES>/upload/wls92
<SITES>/common/wls92
<SITES>/common/logs/92_instance and site/common/logs/92_dailybackups NOTE: there

will be a site/common/logs92_instance directory for each wls instance in the sites domain
on this physical server, you will need to delete each of these directories.
Remove the following entries from the B<shortname> crontab if they exist:
9
10 00 * * * /<VENDORDIR>/<BEAHOME>/wls92/domains/<shortname>/wlslogrollover.sh >> /<SITES>/<shortname>/site/common/logs/wlscron.log
1.
Make sure that the ids and groups are removed from /etc/passwd and /etc/group, again, assuming
no other software or applications are using the id(s) or group(s).
2.
Make sure that the /<GWHDIR>/lib/start<BEAHOME>admin and start<BEAHOME>managed

entries for this shortname are removed, again, assuming no other software or applications are
using these entries
3.
Make sure that the /<GWHDIR>/lib/stop<BEAHOME>admin and stop<BEAHOME>managed

entries for this shortname are removed, again, assuming no other software or applications are
using these entries.
De-Install / Back out Additional Instance Instructions

If you receive an error during the additional instance installation use the following instructions
to remove the "new instance" information, files, subdirectories before you run the addlinstance installation script again:
1. Make sure the instance to be removed is not running.
2. Depending on where you got in the script when the error occurred, some of the
following instructions may or may not apply.
3. Use a web browser to open the WebLogic 9.2 domains admin console (for example,
https://triras001.iweb.gm.com:7003/console)
4. If you have the option to click the Undo Changes button then click it.
Version 2.0
GM/EDS Confidential
9 November 2009 73

Technical

6. If the instance was part of a cluster then Click Environment, click Clusters, click the
name of the cluster, click the Configuration Servers tab, put a checkmark in the
checkbox next to the server instance to be removed from the cluster and click
Remove, verify the right server instance is displayed when asked Are you sure you
want to remove the following servers? and click Yes
7. If the instance was part of a cluster and the cluster address was updated then remove
the new instance information from the cluster address by clicking Environment, click
Clusters, click the name of the cluster, click the Configuration General tab,
update the cluster address and click Save.
8. Click Environment, click Servers, and put a checkmark in the checkbox next to the
server instance to be deleted and click Delete. Verify the right server instance is
displayed when asked Are you sure you want to delete the following items and click
Yes
9. If the instance was deployed with the NEWSVR=true option then remove the Machine
for the NEWSVR by clicking Environment Machines, put a checkmark in the
checkbox next to the machine to be deleted and click Delete. Verify the right server
machine is displayed when asked Are you sure you want to delete the following items
and click Yes
11. Use the B<shortname> id to login to the application server where the instance was
being installed.
12. You should be in the WebLogic 9.2 domain root.
13. Remove the new instance subdirectory, in domains/shortname/servers/, and all files
and subdirectories beneath it.
14. Remove the new instance start_instance and startManaged_instance scripts in the
domains/shortname/bin directory.
15. Remove the new instance stop_instance script in the domains/shortname/bin
directory.
16. Remove the new instance /sites/shortname/site/live/wls92/instance directory or for
non standard directories /<PREFIX>/sites/shortname/site/live/wls92/instance
17. Remove the /sites/shortname/site/common/logs/92_instance or for non standard
directories /<PREFIX>/ sites/shortname/site/common/logs/92_instance directory
18. Remove the /sites/shortname/site/live/wls92/instance or for non standard
directories /<PREFIX>/sites/shortname/site/live/wls92/instance,
backup/wls92/instance and upload/wls92/instance subdirectories and any files or
subdirectories beneath them.
19. Restart the admin server instance.
De-Install Miscellaneous
If WebLogic is de-installed then remove any SiteScope or BMC patrol monitors that related to the WebLogic
deployment (its processes or log files for example).
If WebLogic is de-installed and if Control Tool was used in conjunction with the de-installed WebLogic then
remove the wls.cfg file in the /<SITES>/control/site/common/control_configs/<SHORTNAME> directory
along with the entry to the wls.cfg in the
/<SITES>/control/site/common/control_configs/<SHORTNAME>/<SHORTNAME>.cfg file
Version 2.0
GM/EDS Confidential
9 November 2009 74

Technical
Non-Standard Configurations
There are no non-standard configurations documented in this guide. This guide documents a
standard WebLogic 10.3 deployment in HP HS.
Migration
Migration is out of scope for this build
Technical
Administrative / Back-End Access
There is not expected to be any special or non-standard uses of the Administrative / Backend interface.
The Middleware team must have highly available Unix shell and WLS Administration Console network
access. If an engineered work around is designed it must be highly available and must not include any
single points of failure.
Backup/Restore access to the application servers will take place through the back-end network. No other
access is expected to take place over the back-end network connection to the application servers.
Application Access
As detailed in the Architecture section of this document and in the GM Gold Build for WLS 9.2
As detailed in the Architecture section of this document and in the GM Gold Build for WLS 9.2 end
users will access the application via the Sun Java System Web Server which will use the BEA Plugin to communicate with the backend BEA WebLogic Servers. However integration with WebServer
is out of scopt for current HPUX build.
The HP HS Operations Team on the GM or HP Network will have system level access to the WLS
Admin Console via a browser using https*.
The Application Owner on the GM or HP Network will have deployer level access to the WLS
Admin Console via a browser using https*.
This assumes no dedicated firewalls are in place to stop traffic. If this happens the application
team needs to either provide a workaround or engage engineering to provide a workaround.
Application Testing
The sample application deployed as part of the WLS standard build can be used to validate
that WebLogic Server was installed correctly. This application will also be used after block
point patches to validate that infrastructure is still working properly.
A test guide will be created as a part of this project. All test cases in the Test Guide will be
performed and results will be documented. The Test Guide will be stored in the CVS
repository.
Version 2.0
GM/EDS Confidential
9 November 2009 75

Technical
Availability and Load Balancing

Domain Administration Server
Clustering is the process of combining two or more WLS managed servers on a network into
one logical entity for the purpose of increasing an applications scalability and availability.
Scalability is increased because the more CPUs and memory you add to a system, the more
users you can support. Availability is increased because if one server crashes, you have other
servers available in the cluster to handle the requests. BEA WebLogic Server has no built-in
limit for the number of server instances that can reside in a cluster.
WLS uses multicast, IP sockets and JNDI to share and maintain information about the
availability of objects in a cluster.
In the HP HS environment, configuration information for a cluster is stored in the
/<VENDORDIR>/wls92/domains/shortname/config/config.xml file.
The following table details the configuration attributes of a cluster element in the config.xml:
Attribute
General Description
HP HS Description
Name
Name of the cluster
Shortname
ClusterAddress
Address to be used by clients to

connect to the cluster.
Comma-separated list of
single-address host names or
IP addresses
When you configure a cluster,

you define a cluster address that
identifies the managed servers
in the cluster. The cluster
address is used in entity and
stateless beans to construct the
host name portion of URLs. If
the cluster address is not set,
EJB handles may not work
properly.
MulticastAddress
Multicast address to be used by

the servers to communicate with
each other.
A multicast address can be an IP
number between 224.0.0.0 and
239.255.255.255, BEA requires
you cluster multicast address to
begin with 239.xx.xx.xxxx.
Even though the BEA

documentation states that
multiple clusters on a network
may share multicast address
and multicast port combinations
if necessary, each HP HS
cluster will communicate on a
separate unique multicast
address.
HP HS has experienced
problems if each site does not
have its own multicast address.
MulticastPort
Multicast port used by cluster

members to communicate with
each other
Each cluster will communicate

on a separate unique multicast
port.
A sample config.xml entry specifying the cluster name, address, and multicast address
follows:
<cluster>
<name>test11_cluster</name>
<cluster-address>jess-app-r-vs01.iweb.gm.com:16570,jessapp-r-vs02.iweb.gm.com:16570</cluster-address>
<multicast-address>239.3.28.95</multicast-address>
Version 2.0
GM/EDS Confidential
9 November 2009 76

Technical
<multicast-port>7587</multicast-port>
<weblogic-plugin-enabled>true</weblogic-plugin-enabled>
</cluster>
IP sockets are used for peer-to-peer communication such as replicating HTTP session states
and stateful session EJB states between a primary and secondary server instance and
accessing clustered objects that reside on a remote server instance. Servers broadcast their
heartbeat messages every 10 seconds. If a server monitoring the multicast address misses
three heartbeats from a peer server (30 seconds), the monitoring server marks the peer
server as failed. It then updates its local JNDI tree, if necessary, to retract the services that
were hosted on the failed server.The following sections detail how clustering of JSPs, servlets,
EJBs and JDBC configurations works.
Clustering Managed Server Instances

Clustering is the process of combining two or more WLS managed servers on a network into
one logical entity for the purpose of increasing an applications scalability and availability.
Scalability is increased because the more CPUs and memory you add to a system, the more
users you can support. Availability is increased because if one server crashes, you have other
servers available in the cluster to handle the requests. BEA WebLogic Server has no built-in
limit for the number of server instances that can reside in a cluster.
WLS uses multicast, IP sockets and JNDI to share and maintain information about the
availability of objects in a cluster.
In the HP HS environment, configuration information for a cluster is stored in the
/<VENDORDIR>/wls92/domains/shortname/config/config.xml file.
The following table details the configuration attributes of a cluster element in the config.xml:
Attribute
General Description
HP HS Description
Name
Name of the cluster
Shortname
ClusterAddress
Address to be used by clients to

connect to the cluster.
Comma-separated list of
single-address host names or
IP addresses
When you configure a cluster,

you define a cluster address that
identifies the managed servers
in the cluster. The cluster
address is used in entity and
stateless beans to construct the
host name portion of URLs. If
the cluster address is not set,
EJB handles may not work
properly.
MulticastAddress
Multicast address to be used by

the servers to communicate with
each other.
A multicast address can be an IP
number between 224.0.0.0 and
239.255.255.255, BEA requires
you cluster multicast address to
begin with 239.xx.xx.xxxx.
Even though the BEA

documentation states that
multiple clusters on a network
may share multicast address
and multicast port combinations
if necessary, each HP HS
cluster will communicate on a
separate unique multicast
address.
HP HS has experienced
problems if each site does not
have its own multicast address.
MulticastPort
Version 2.0
Multicast port used by cluster

members to communicate with
GM/EDS Confidential
Each cluster will communicate

on a separate unique multicast
9 November 2009 77

Technical
each other
port.
A sample config.xml entry specifying the cluster name, address, and multicast address
follows:
<cluster>
<name>test11_cluster</name>
<cluster-address>jess-app-r-vs01.iweb.gm.com:16570,jessapp-r-vs02.iweb.gm.com:16570</cluster-address>
<multicast-address>239.3.28.95</multicast-address>
<multicast-port>7587</multicast-port>
<weblogic-plugin-enabled>true</weblogic-plugin-enabled>
</cluster>
IP sockets are used for peer-to-peer communication such as replicating HTTP session states
and stateful session EJB states between a primary and secondary server instance and
accessing clustered objects that reside on a remote server instance. Servers broadcast their
heartbeat messages every 10 seconds. If a server monitoring the multicast address misses
three heartbeats from a peer server (30 seconds), the monitoring server marks the peer
server as failed. It then updates its local JNDI tree, if necessary, to retract the services that
were hosted on the failed server.
The following sections detail how clustering of JSPs, servlets, EJBs and JDBC configurations
works.
JMS
Most JMS queues used by WLS applications are configured as distributed destinations across the WLS
cluster. The exceptional cases are JMS queues that are targeted to single managed servers. If failover is
required for the queues that are targeted to single managed server instances failover
instructions/configuration should be provided by the application owner.
JSP/Servlet Clustering
WLS provides clustering support for JSPs and servlets by replicating the session state of clients
that access them. To enable automatic failover of servlets and JSPs, session state must
persist in memory. Session replication occurs only if the session state is persistent. A session
state can be persisted in the following ways:
In-memory replication -- recommended for use in HP HS
File-based persistence -- not recommended for use in HP HS (not capable of this unless
using a shared file system, which is not part of the HP HS WLS standard build)
JDBC-based persistence -- not recommended for use in HP HS
In Memory Replication/Session Persistence

To support automatic failover for servlet and JSP HTTP session states, WLS replicates the
session state in memory by creating a primary session state on the server to which the client
first connects, and a secondary replica on another WLS instance in the cluster. Using JNDI and
IP Sockets, the replica is kept up-to-date so that it may be used if the server that hosts the
servlet fails.
In-memory replication uses fewer resources and is much faster than JDBC and file-based
replication, so it is the best way to provide failover for servlets in a WLS cluster. For this
reason, File-based and JDBC-based persistence will not be discussed in this document.
Every web application deployed on the application server has a WebLogic Deployment
Descriptor (weblogic.xml). To enable in-memory HTTP session replication, the application
developer should set the weblogic.xml parameter PersistentStoreType to a value of replicated.
To utilize in-memory replication for HTTP session state, a WebLogic cluster must be accessed
in either of the following ways:
Version 2.0
GM/EDS Confidential
9 November 2009 78

Technical
Through load-balancing hardware. (this is not included in the GM WLS 9.2 GBD and is
included here for informational purposes only)
Through a group of web servers configured identically with WebLogic proxy plug-ins. The
plug-in provides the logic necessary to locate the replica of a clients HTTP session state if
a WLS instance should fail.
For information regarding Stateful Session EJB failover please see

http://download.oracle.com/docs/cd/E13222_01/wls/docs92/cluster/failover.html#wp1027483
JDBC Clustering
WLS allows you to cluster JDBC objects, including datasources. Each JDBC object configured
for the cluster must be targeted to each managed server in the cluster.
Clustering JDBC objects does not enable failover of connections In other words, if a WLS
instance dies, any JDBC connections that it managed will also die, and the database will roll
back any transactions that were under way.
A server-side datasource will not go to another cluster member for its JDBC connections. The
connection is pinned to the local server instance for the duration of the database transaction
and as long as the application code retains it.
Patching & Maintenance Pack General Information
If a non standard directory structure is used then the regular automated patching cannot be
applied. There is a custom engineering required for that purposes. Instructions are provided
without taking into consideration the non standard directory structure those instructions could
be leveraged as much as possible depending on the support scope for any given application.
The following is for informational purposes only. In general no patches or maintenance packs should be
deployed without HP HS Engineering instructions.
Patching
Patches should always be applied to binaries, not to specific instances. In rare cases, and only after
Engineering has been consulted, patches may be applied specifically to instances and not binaries in an
emergency situation.
WebLogic security patches generally are provided in jar file format. In the past the HP HS standard
placement for the jar files is in the /<VENDORDIR>>/<BEAHOME>/weblogic92/patches directory (for
example /<VENDORDIR>/wls92/weblogic92/patches). This is no longer the case. BEA recommends the
use of the Smart Update utility to apply patches to WLS9.2. Please see Appendix 3 of this document for
information on how to use the Smart Update tool.
Maintenance Pack Information

Maintenance packs are intended to be applied to modify an existing set of binaries. Maintenance packs
should not require another set of binaries to be installed on the server. Maintenance packs can generally be
backed out using the /<VENDORDIR>>/<BEAHOME>/weblogic92/uninstall/uninstall.sh along with scripts
provided by the HP HS Engineering team.
Backup and Restore

The standard HP HS backup and restore procedure is intended to be used for any WebLogic
installations unless a project using the template has a specific requirement. The /usr/local/bea
and /sites/shortname directories should be backed up. If a non standard directory structure is
used for example when WLS is installed into a Service Guard package it is required to make
sure the daily backups including backing up the package directory and the subsequent
Version 2.0
GM/EDS Confidential
9 November 2009 79

Technical
directories that contain WLS in which case /PREFIX/usr/local/bea and /PREFIX/sites/shortname

should be backed up.
On a nightly basis a cron job will run to backup each domains log files as follows:
Gather the domain embedded ldap backup zip file, config.xml, SerializedSystemIni.dat and
all log files in /<SITES>/SHORTNAME/site/common/logs/tmp/ with an extension of .log
Append the current date to the file names.
Tar and gzip the files
Move the tar/gzipped file to /<SITES>/ SHORTNAME /site/common/logs/92_dailybackups
directory.
Changing the Embedded LDAP Backup Schedule

It is not expected that you will ever need to change the embedded LDAP Backup Schedule, but
if it starts to interfere with other processes, here are instructions for changing this
configuration:
1. Use a browser to open the Administration Console for the domain
3. Click on the domain name in the left-most frame.
4. Click on Security tab in the right frame.
5. Click the Embedded LDAP tab in the right frame..
6. Set the Backup Hour,Backup Minute, and Backup Copies attributes on the
Embedded LDAP tab.
7. Click Save to save your changes.
9. Restart the domain administration server instance.
By default the embedded LDAP will be backed up for each domain at 23:05 nightly local time.
The backup file can be found in /<VENDORDIR>/<BEAHOME>/domains/shortname/
[shortname_admin | shortname001 | shortname002, etc] /ldap/backup. The backup file is
called EmbeddedLDAPBackup.zip.
See http://download.oracle.com/docs/cd/E13222_01/wls/docs92/secmanage/ldap.html for
additional information.
Batch Processes
Note that admin failover is not in the scope of this build and hence anything specific to admin
failover is not tested.
Batch Process Component:
admincopy_cron.sh
Location:
/<VENDORDIR>/<BEAHOME>/admincopy_cron.sh
Access Level Requirements:
Only for use by root.
Notifications:
Will write out SUCCESSFULL or FAILED to

/var/tmp/admincopy_<beahome>.out which should be
checked daily at 8am by Sitescope or another monitor and
alert the Middleware Team (WebLogic Administrators) if
FAILED is in the out file or if the date in the file is not the
current days date.
Log File Location:
/var/tmp/admincopy_<beahome>.out
Version 2.0
GM/EDS Confidential
9 November 2009 80

Technical
Timing:
Nightly at 01:30 am.
Dependencies:
The B<SHORTNAME> ids password must be set. The

B<SHORTNAME> id trusted ssh keys must be configured for
B<SHORTNAME> ids on each physical server in the sites
cluster.
Batch Process Component:
wls-logrollover.sh
Location:
In the B<shortname> user ids home directory.

/<VENDORDIR>/<BEAHOME>/domains/<SHORTNAME>/wls
-logrollover.sh
Access Level Requirements:
Only for use by the B<shortname> id.
Notifications:
n/a
Log File Location:
sites/<SHORTNAME></site/common/logs/wlscron.log
Timing:
Nightly at 00:10 am.
Dependencies:
The B<SHORTNAME> ids password must be set. The

B<SHORTNAME> id trusted ssh keys must be configured for
B<SHORTNAME> ids on each physical server in the sites
cluster.
Embedded LDAP
The Embedded LDAP will only be backed up on the administration server instance. According
to BEA, you do not need to back up the LDAP data on a managed server instance because the
master LDAP server replicates the LDAP on each managed server instance as updates are
made to the master server. If a domains administration server instance is unavailable, the
WebLogic security providers cannot modify security data. (The LDAP repositories on managed
server instances are replicas and therefore cannot be modified.)
By default the master embedded LDAP is backed up to a zip file in
/usr/local/bea/wls92/domains/SHORTNAME/servers/SHORTNAME_admin/ldap/backup/Embedd
edLDAPBackup.zip each night at 23:05. Each backup file is kept for 7 days which is the BEA
WLS default. As part of the nightly log file rollover cron job, each nights ldap backup will get
copied and stored with its daily log files.
Control Tool
The control tool is out of scope.
Disaster Recovery
It is intended that each application that uses the WebLogic template will have a production and
a preproduction site that are in sync. The preproduction site will be used as the disaster
recovery site for any applications using the WebLogic template. The preproduction site must
be at a physically different location to qualify as a disaster recovery site.
Version 2.0
GM/EDS Confidential
9 November 2009 81

Technical
Network
Each project that uses this template will have specific information regarding network
bandwidth required in each segment of the network that will be used, network interface
information, nonstandard networks or network configurations that will be used, any WAN
requirements, etc.
All WLS instances in a cluster and domain must reside on the same network subnet.
To install or patch WLS 9.2 a centralized administration server is required. For more
information please see the Create an EDS HS Administration Server section of this document
Notices of Decision and Approved Deviations

Following are the GM TSS specific deviations. But GMAC does not have deviation process
similar to that of GM and the following deviations may or may not apply to GMAC
environment. Following are the deviations
WebLogic Server 9.2 and higher passwords are masked, never displayed in clear
text on any GM computing and communication device
WebLogic Server 9.2 and higher Passwords are always stored in encrypted form, on
any GM computing and communication device
Password complexity and expiration
Remote Access
End users will access the application via the Web Server which will use the BEA Plug-in to
communicate with the BEA WebLogic Servers. However providing integration instruction for Web
Server and plugin is out of scope of this project.
The HP SMC on the GM or HP Network will have system level access to the WLS Admin Console via
a browser using https.
The Application Owner on the GM or HP Network will have deployer level access to the WLS Admin
Console via a browser using https.
The HP HS Engineers on the GM or HP Network will have view/monitor level access to the WLS
Admin Console via a browser using https.
Type of
Remote
Access
Security Level of
Remote Access Type
WLS
Administratio
n Console
Deployer ID
WLS
Administratio
n Console
Administration ID
Version 2.0
Purpose
To allow application
owners to deploy
ear/war files and
create connection
pools and / or
datasources.
To start/stop
WebLogic instances
and perform
maintenance when
necessary
GM/EDS Confidential
Description
WLS
Embedded
LDAP ID
WLS
Embedded
LDAP ID
9 November 2009 82

Type of
Remote
Access
Security Level of
Remote Access Type
Technical
Purpose
WLS
Administratio
n Console
WLS
Administratio
n Console
WLS
Administratio
n Console
WLS
Administratio
n Console
Backup
Administration ID
Backup system ID
Backup
Administration ID
Backup system ID
Backup
Administration ID
Backup system ID
Web
Administration
Team ID
WLS
Administratio
n Console
Engineering/
Monitoring ID
To allow WebLogic
system
administrators
access to
troubleshoot the
environment and
make any required
configuration
changes.
To allow HP HS
Engineers access to
troubleshoot the
environment.
Description
WLS
Embedded
LDAP ID
WLS
Embedded
LDAP ID
WLS
Embedded
LDAP ID
WLS
Embedded
LDAP ID
WLS
Embedded
LDAP ID
Reporting
Even though it is possible to analyze the WLS managed server instance access logs using a
tool like Webalizer or WebTrends, this is not included in this project.
Standard availability reports as detailed in the HP HS contract will be provided to the customer
via the Global Visualization link at http://webwerks.gm.com.
OpsWare MAPL information can be found in this document in the following places:
WebLogic OpsWare MAPL
Security
The Solaris and WebLogic software release builds are either compliant (or have submitted
necessary deviations) to the General Motors Technical Security Standards and Information
Security Practices and Policies. The HP HS Operations Teams should be validating that the
Solaris (by the System Administrator) and WebLogic software (by the WebLogic Administrator)
stays compliant to the General Motors Technical Security Standards and Information Security
Practices and Policies, if any customized changes are requested to Solaris and WebLogic
software by non-EHS engineering teams or persons.
Verify a signed Systems Access and Security Request Form exists for each UNIX user on the
system (for example the Bshortname ID).
The following was taken from the GM ISP&P 2007: The recommended password
configuration should be a mix of the following combinations:
Lower case alpha
Version 2.0
GM/EDS Confidential
9 November 2009 83

Technical
Numeric
Failed Login Attempts

When a failed logon attempt occurs the data owner must be notified to download or request log files so the
data owner can address failed access attempts.
The standard WebLogic build is configured so that the following types of entries will be logged whenever any
user that tries to authenticate to the WebLogic Administration Console with the wrong credentials:
When accessing 9.2 with wrong credentials get the following in the DefaultAuditRecorder.log file:
#### Audit Record Begin <Jan 17, 2010 2:42:37 PM> <Severity =FAILURE> <<<Event
Type = Authentication Audit Event><system2><AUTHENTICATE>>> <FailureException
=javax.security.auth.login.FailedLoginException: [Security:090304]Authentication
Failed: User system2 javax.security.auth.login.FailedLoginException:
[Security:090302]Authentication Failed: User system2 denied> Audit Record End
####
A deviation is currently being filed because with WLS 9.2 it is not possible to log the location of the failed
logon attempt which is a requirement of the ISP.
To be able to log failed logon attempts the WLS standard build must create an Auditor.
If a client requests to have the Auditor disabled you can use the following instructions to delete the Auditor
but engineering will need to be engaged in order to submit a deviation as once the Auditor is removed the
site will no longer be considered ISP compliant:
1.
Login the UNIX server where the WLS domain administration instance is running.
2.
Become the B$SHORTNAME Unix user ID and type the following commands substituting the
appropriate values for admininstanceurl, admininstanceport, and SITENAME:
java $JAVA_OPTIONS weblogic.WLST
connect(url=t3s://admininstanceurl:admininstanceport)
cd('/SecurityConfiguration/SITENAME/Realms/myrealm/Auditors/')
delete(SITENAME_Auditor)
save()
activate()
exit()
3.
Restart all instances in the domain including the administration server instance.
Anonymous Admin Lookup

According to the GM TSS (Technical Security Standard) for WLS 9.2 Anonymous Admin Lookup should not
be enabled (or should be unchecked). If an application requires this to be enabled they must obtain a
deviation from GM Security before the configuration can be deployed.
Enabling Trust Between WebLogic Server Domains

According to vendors website enabling trust between WebLogic Server domains opens the servers up to
man-in-the-middle attacks. Great care should be taken when enabling trust in a production environment.
BEA recommends having strong network security such as a dedicated communication channel or production
by a strong firewall. Based on this and in accordance with the General Motors ISP
(http://infosecurity.gm.com/tech/gcts/infosecurity/gm_ispp/index.html) if an application requires
this configuration they must obtain a deviation from GM Security before the configuration can be deployed.
Version 2.0
GM/EDS Confidential
9 November 2009 84

Technical
SSL
In the HP HS environment, the administration servers will be assigned a non-SSL and an SSL
port in the 7000 range but the non-SSL port will be disabled. All communications with the
administration server instance will be via SSL.
By default each managed server has both non-SSL and SSL mode enabled. The managed
server instances will be assigned a non-SSL and SSL port in the 15000 range.
The operations team may deem it necessary to use other ports for both administration and
managed server instances.
boot.properties
The boot.properties file located in
/<VENDORDIR>/<BEAHOME>/domains/SHORTNAME/servers/INSTANCE/security (for example
/usr/local/bea/wls92/domains/test4/servers/test4001/security/boot.properties) contains the
encrypted ID and password for the WebLogic server administration and managed server
instances in the domain. This file is used to pass the start and stop scripts the WLS_USER
and WLS_PW values. This file will automatically be configured during the installation of the
domain in the HP HS environment. If the system password needs to change then the
encrypted portions of the boot.properties can be removed and replaced with plain text. When
the WLS admin server instance is restarted the new entries will be encrypted
Embedded LDAP
When WLS is installed each site will have its own WLS embedded LDAP. The embedded LDAP
server is used as the security provider database for the WebLogic Authentication,
Authorization, Credential Mapping and Role Mapping providers. The embedded LDAP must be
the only repository for IDs used to access the WebLogic Administration Console.
The embedded LDAP server contains user, group, group membership, security role, security
policy, and credential map information. By default, each WebLogic Server domain has an
embedded LDAP server configured with the default values set for each attribute. The WebLogic
Authentication, Authorization, Credential Mapping, and Role Mapping providers use the
embedded LDAP server as their database
Since the developers will use the Administration Console to deploy their application(s), the
embedded LDAP will contain the developers ids and passwords.
Each managed server instance contains a replica of the domains embedded ldap server. When
you use the embedded LDAP Server in a WebLogic Server domain, updates are sent to a
master LDAP server. The master LDAP server maintains a log of all changes. The master LDAP
server also maintains a list replicated servers and the current change status for each one. The
master LDAP server sends appropriate changes to each replicated server and updates the
change status for each server. This process occurs when an update is made to the Master
LDAP server. However, depending on the number of updates, it may take several seconds or
more for the change to be replicated to the managed server. The master LDAP server is the
embedded LDAP server on the administration server. The replicated servers are all the
managed server instances in the WebLogic Server domain.
Caching of embedded LDAP entries will be configured by default. The cache size is set to 32
and the cache time to live is set to 60 seconds. These are both WLS default settings.
Each physical server that a WLS domain is installed on will be configured to keep a replica
copy of the embedded LDAP. One reason for this is to enable managed server independences,
another is to limit network traffic by configuring each managed server instance to use its own
copy of the embedded LDAP rather than the master embedded LDAP on the administration
server.
Version 2.0
GM/EDS Confidential
9 November 2009 85

Technical
The managed server instances are not configured to refresh all embedded LDAP replicated
data at boot time because the expectation is that the embedded LDAP data will be fairly small
(about 10 entries user IDs per domain) and because this data is not expected to change
often.
By default, the master LDAP server sends appropriate changes to each replicated server and
updates the change status for each server every 30 seconds.
The Master First option in the Embedded LDAP configuration page will not be selected. This
option specifies that connections to the master LDAP server should always be made instead of
connections to the local replicated LDAP server. Again, because the master LDAP is expected
to replicate with the managed servers replica copies of the LDAP every 30 seconds and
because the data in the LDAP is not expected to be a large amount or to change very often,
this option will not be enabled.
User Lockout
Per the GM draft TSS for WebLogic user lockout is enabled. The lockout threshold is set to 6.
This means a users account (including system user) will be locked for 30 minutes (lockout
duration) after 6 invalid login attempts. The Lockout Reset Duration is also set to 30.
When an ID is locked out of the environment a message like the following will occur in the
instance.log file:
####<Jan 19, 2010 4:43:23 PM EST> <Notice> <Security> <jess-app-rvs01.rel.gweb.eds.com> <test4_admin> <[ACTIVE] ExecuteThread: '3' for queue:
'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1263937403235>
<BEA-090078> <User system2 in security realm myrealm has had 6 invalid login
attempts, locking account for 30 minutes.>
When a user ID is locked out the data owner must be notified to download or request log files
so the data owner can address the lockout.
Note, if the Middleware team account (system id) is locked out, no instances can be stopped
or started until the lockout timeout has occurred. In this case the system2, system3, system4
IDs can be used to unlock the system id.
Four additional system ids called system2, system3, and system4 are created as part of the
installation of each WLS domain (site). These ids are to be used in cases where it is
imperative to get access to an administration console when the system id has been locked out.
The boot. properties and stop files will have to be updated with this additional system id in
order to restart the system in these cases.
Users
As stated above, there is the main system user id (system) which is used to run the WLS
domain. A system2 id will be used in case the system id gets corrupted or locked out.
Developer id(s) will be created for the domain to be used by the application owner(s) or
developer(s) to deploy code.
WLS is installed with five default groups:
Group Name
Permissions
Administrators
View and modify all resource attributes and

perform start and stop operations. In order
to boot WLS, a user must be in this group.
AppTesters
Access applications for testing purposes that

are running in Administration mode.
Operators
View all resource attributes and perform

server lifecycle operations. By default, this
Version 2.0
GM/EDS Confidential
9 November 2009 86

Technical
group is empty. This group will not be used
in the HP HS design.
Deployers
View all resource attributes and deploy

applications such as EJBs. By default, this
group is empty. This group will be populated
with application owner/developer ids for
purposes of deploying code only.
Monitors
View all resource attributes, modify resource

attributes, and perform operations that are
not restricted by role. By default, this group
is empty. This group will not be used in the
HP HS design.
Steps for creating and removing groups from domain configurations will not be included in the
Operations Guide for this project. It is assumed that if groups are required to be created, they
will be created in an external LDAP.
The only users that will be defined in the WLS security realm are the Middleware team ids and
the developers deployer ids. All user and group names will be unique per domain. Manual
steps for creating and removing user ids from WLS domains will be included in the Operations
Guide section of this document.
Because external LDAP or portal connectivity configured at the Sun Web Server layer is
expected to be used for any application level access restriction, WLS Roles (which dynamically
calculate access for example, based on time of day) will not be defined in this design.
Firewall Rules
A firewall rule will need to be opened on the GM Firewall from the HP HS Extranet web servers
to the HP HS Intranet application servers using HTTP on ports in the 15000 range (or the
range that the WebLogic Server Managed Server Instances are configured to use).
If WebLogic Server is to be deployed to a environment that includes a dedicated network with
dedicated firewalls the dedicated firewall should be opened to allow HP HS Engineering and the
HP HS Middleware teams access via HP network or HP VPN to the WebLogic Admin Console via
HTTPS, WebLogic managed server instances via HTTPS and HTTP and Unix Shell access via
SCP and SSH. If this access cannot be granted then point solution custom engineering will be
required to provide a highly available work around.
Software Discovery
OpsWare MAPL information can be found in this document in the following places:
WebLogic OpsWare MAPL
Storage
The WLS installation will use the standard HP HS Storage Area Network.
The WLS installation scripts will not be written to install WLS on a network attached storage
file system shared with any other server/zone. This does not preclude the use of NAS by
individual applications for shared application data.
Version 2.0
GM/EDS Confidential
9 November 2009 87

Technical
User Management
There should be no shared or group in accordance with site security policy.
Please see the following sections of this document for user management information:
Manually Changing the System Password
Using an Automated Script to Change ID Passwords
Embedded LDAP
Volume and Expected Usage

Each application that uses WLS will have its own Volume and Expected Usage information.
Version 2.0
GM/EDS Confidential
9 November 2009 88

Technical
Appendix 1: How to Configure SSH Key

Trust
The following assumes you are creating an SSH trust for the XYZ ID when creating a new HP
HS Administration Server.
Login to the HP HS administration server and become the <installid>.
Make sure that the /home/XYZ/.ssh/id_dsa.pub file does not already exist on the server, if it
does then skip the ssh-keygen and start with the scp id_dsa.pub below.
Note appserver and appsvrdns below should be replaced with environment specific
information.
1. Type ssh-keygen -t dsa -f ~/.ssh/id_dsa (note: when prompted to enter a passphrase
press return -- leave the passphrase empty)
2. Type cd .ssh
3. Type scp id_dsa.pub XYZ@appserver2.appsvrdns:~/id_dsa.pub
4. Type ssh XYZ@appserver.appsvrdns
5. Type mkdir .ssh
6. Type mv id_dsa.pub .ssh
7. Type cd .ssh
8. Type cat id_dsa.pub >> authorized_keys2
9. Type chmod 640 authorized_keys2
10. Type rm -f id_dsa.pub
11. Type exit
12. You should now be back on the new HP HS Administration Server
13. Type ssh XYZ@appserver.appsvrdns and make sure that you are able to login without
getting prompted for a password.
14. Type exit
15. You should now be back on the new HP HS Administration Server
16. Type ssh XYZ@appserver and make sure that you are able to login without getting
prompted for a password.
17. Ensure the ssh trust is removed between the admin server and the server where Weblogic
is deployed onto after completion of the installation
Version 2.0
GM/EDS Confidential
9 November 2009 89

Technical
Appendix 2: How to Manually Configure

the WLS Administration Port
The following is done automatically when the installation script is run. These instructions are provided for
informational purposes only.
B. Stop the managed server instance(s) for this domain. DO NOT stop the
administration server instance.
C. Use a browser and the WLS 9.2 system user ID to open the new domains WLS
administration console using a URL similar to the following (replace the server
name and port as necessary) https://triras003.iweb.gm.com:7021/console.
D. Click the Lock & Edit button.
E. In the left pane of the Console, under Domain Structure, click the domain
name.
F. Select Configuration > General and check the Enable Domain Wide
Administration Port check box to enable the domain wide administration
port for this domain.
G. In the Administration Port field, enter the port number which should be the
non-ssl port +3.
H. Click Save
I.
Click Environment > Servers
J.
For each managed server complete the following:

1. Click on the managed server instance name link
2. Click on the Advanced link on the Configuration > General tab
3. Validate that the Local Administration Port Override setting is set
to the managed server instance port +2 or set that. If you have to set
this then click Save
K. Click Activate Changes

L.
In the stop and stop_instance script(s), on all servers where the domain was
installed, comment out the URL=t3:// entry and uncomment the URL=t3s://
entry.
M. In the start_instance script(s) on all servers where the domain was installed
comment out the two t3:// entries and uncomment the two t3s:// entries.
N. Stop all server instances, including the admin instance (you may have to kill
the processes) for this domain. (The managed server instance(s) should
already be stopped.)
O. If this domain was installed on more than one physical server then complete
the following, otherwise start the administration and managed server instances
for this domain:
1. On the first and second physical servers cd to the domain root (for
example, /<VENDORDIR>/wls92/domains/<shortname>.
2. Type mv JKS JKS.orig
3. Copy the first physical servers
/<VENDORDIR>/wls92/domains/<shortname>/JKS.orig directory to
the second physical server
Version 2.0
GM/EDS Confidential
9 November 2009 90

Technical
/<VENDORDIR>/wls92/domains/<shortname>/JKS directory
preserving file ownership and permissions.
4. Login to the second physical server as the B<shortname> ID
5. Type cd JKS
6. Set the following variables as appropriate (comments are noted below
as examples):
VENDORDIR=/usr/local/bea or /<PREFIX>/usr/local/bea
BEAHOME=wls92
WLSJDKVER=jdk150_13
APPSERVER=
#triras001
APPSERVERDOMAIN=
# iweb.gm.com
KEYPASS=b00gie5r
STATE=
#Michigan
SHORTNAME=
7. Run the following commands (note each of the following 3 commands
should all be on one line):
a.
$VENDORDIR/$BEAHOME/$WLSJDKVER/bin/keytool -genkey
-keyalg RSA -dname "CN=$APPSERVER.
$APPSERVERDOMAIN,OU=HS,O=EDS,L=$LOCALE,S=$STATE,C=U
S" -keystore $VENDORDIR/$BEAHOME/domains/
$SHORTNAME/JKS/${SHORTNAME}keystore.jks -alias
$APPSERVER.$APPSERVERDOMAIN -keysize 1024 -keypass
$KEYPASS -storepass $KEYPASS -validity 2555
b.
$VENDORDIR/$BEAHOME/$WLSJDKVER/bin/keytool -export -alias
$APPSERVER.$APPSERVERDOMAIN -file $VENDORDIR/
$BEAHOME/domains/${SHORTNAME}/JKS/$APPSERVER.
$APPSERVERDOMAIN.pem -keystore $VENDORDIR/
$BEAHOME/domains/${SHORTNAME}/JKS/$
{SHORTNAME}keystore.jks -storepass $KEYPASS -rfc
c.
$VENDORDIR/$BEAHOME/$WLSJDKVER/bin/keytool -import -alias
$APPSERVER.$APPSERVERDOMAIN -file $VENDORDIR/
$BEAHOME/domains/${SHORTNAME}/JKS/$APPSERVER.
$APPSERVERDOMAIN.pem -keystore $VENDORDIR/
$BEAHOME/domains/${SHORTNAME}/JKS/$
{SHORTNAME}trust.jks -storepass $KEYPASS -noprompt
8. Copy the second physical servers
/<VENDORDIR>/wls92/domains/<shortname>/JKS directory back to
the first physical server
/<VENDORDIR>/wls92/domains/<shortname>/ directory preserving
file ownership and permissions.
Version 2.0
GM/EDS Confidential
9 November 2009 91

Technical
Appendix 3: How to Deploy a Patch to

WLS 9.2
Engineering Task Download Patch via Smart Update and

Create Patch Install Script
The following assumes that WLS 9.2 is installed in /usr/local/bea/wls92 and owned by the
Bwls92:gwls92 UNIX user and group IDs. If this is not the case then please adjust the
instructions and commands in this section as appropriate for your deployment.
The following should only be done by HP HS Engineering. If a patch is required, Operations
should contact HP HS Engineering with the Patch ID and Patch password (generally provided
by BEA during a troubleshooting effort or when a ticket is open with BEA and there is a patch
to resolve an issue). Then HP HS Engineering will use the Smart Update GUI tool in the
Engineering Release Environment to download the patch and create the patch install script
which will be provided to Operations to deploy where necessary.
1.
You will need to be running software that will allow you to export your Display to your local client
(for example Exceed).
2.
You will also require a vendor Support ID and password.
3.
Login to 130.175.101.35 and become the Bwls92 UNIX user ID.
4.
Export your DISPLAY variable, for example type export DISPLAY=130.175.228.242:0
5.
Type cd /<VENDORDIR>/wls92/utils/bsu
6.
Type ./bsu.sh
7.
You should see the Smart Update GUI interface.
8.
If this is a brand new deployment of the WLS 9.2 binaries then enter your Support ID and Password
and click Work Offline. Otherwise enter your Support ID and Password in the appropriate fields
and click Login.
9.
If you clicked Work Offline then you will need to configure your proxy information by clicking FilePreferences from the main menu then click the Proxy tab. Select the checkbox next to Use HTTP
Proxy and Use Authentication. Enter the appropriate information in the Host, Post, Username
and Password fields and click Save. Then click File-Login and reenter your Support ID and
Password and click Login. If you logged in already you do not need to do this.
10. Once logged in make sure the BEA Home is the expected BEA Home, for example
/usr/local/bea/wls92 or /<PREFIX>/usr/local/bea/wls92 Make sure you are on the Get Patches tab.
11. Select the checkbox in the Select column for any patches required and then click Download
Selected.
12. When prompted Do you want Smart Update to check each patch for conflicts before download?
select Yes, check for conflicts now. And then click OK.
Version 2.0
GM/EDS Confidential
9 November 2009 92

Technical
13. If there are no conflicts you should see a dialog box stating No conflicts detected. Click OK. If the
dialog box shows conflicts then you will need to open a ticket with vendor to determine if there is a
combo patch available for the conflicting patches or if one of the patches takes precedence over
the other.
14. If there are any private patches to be downloaded click Patches-Retrieve Private from the main
menu. Enter the Patch identifier (for example E36T) and the Passcode (generally supplied via a
support ticket with the vendor) in the appropriate fields and click Download. If prompted check for
conflicts again.
15. Once all patches are downloaded click the Manage Patches tab.
16. You should see all new patches that were just downloaded in the bottom section of the Smart
Update screen under Download Patches
17. For each patch click the Apply button associated with that patch.
18. Again, the patches will be validated before being applied. If there are no conflicts you should see a
dialog box that states No conflicts detected. Click OK. If you see a dialog box that shows
conflicts then again you will need to open a ticket with the vendor to determine if there is a combo
patch available for the conflicting patches or if one of the patches takes precedence over the other.
Sometimes there are no conflicts but Smart Update will tell you that one of the patches needs to be
installed before one of the other patch(es) . If this happens you need to remove the patch noted in
the dialog box, apply the patch that should be applied first and then re-apply the other patch.
19. Select File-Exit from the main menu.
20. Once you have applied the patch(es) via the Smart Upate GUI in Release provide the ABCD.jar (for
example E36T.jar) file(s) along with the patch-catalog.xml file (from the release application server in
/<VENDORDIR>/wls92/utils/bsu/cache_dir to the operations team and ask them to put the files on
the app server that needs to be updated. If any of the files already exist on the application server
to be patched then Operations should make a backup of the existing files before copying in the
new files. All the files in the cache_dir should be owned by the UNIX user ID and group that own
the WLS 9.2 binary files (for example Bwls92:gwls92) and should have permissions set to 750.
21. Once the files are in place Operations should run the following commands as the UNIX user ID that
owns the WLS 9.2 binary files (for example Bwls92:gwls92) to install the patch(es)
a.
cd /<VENDORDIR>/wls92/utils/bsu
b.
./bsu.sh -install -patchlist=81XN,EP13,VSZL,KSMA,2RWZ

-prod_dir=/usr/local/bea/wls92/weblogic92
Or
For non standard directories
-prod_dir=/PREFIX/usr/local/bea/wls92/weblogic92
c.
Replace the 81XN,EP13 values in the command above with the patch(es) being deployed.
The output should look similar to the following:
Checking for conflicts..
No conflict(s) detected
Installing Patch ID: 81XN.
Result: Success
Installing Patch ID: EP13.
Result: Success
Installing Patch ID: VSZL.
Result: Success
Installing Patch ID: KSMA.
Result: Success
Installing Patch ID: 2RWZ.
Result: Success
Version 2.0
GM/EDS Confidential
9 November 2009 93

Technical
d.
Restart all instances in the binaries that were patched.
e.
To back out the patches deployed run the same command except instead of install use
remove, for example: ./bsu.sh -remove -patchlist=81XN,EP13,VSZL,KSMA,2RWZ
-prod_dir=/<VENDORDIR>/wls92/weblogic92
f.
Note: neither the install or the backout of patches via Smart Update change the
commEnv.sh file. The $
{BEA_HOME}/patch_weblogic922/profiles/default/sys_manifest_classpath/weblogic_patch
.jar file is updated with the new patches. This jar file is what is called by the commEnv.sh
file.
g.
Restart all instances in the binaries that had the patch(es) backed out.
Operations Task Validate Patch Deployment

1.
HP HS Engineering will supply you with the patch jar file(s) along with a patch-catalog.xml file.
Copy the files to the app server that needs to be updated. If any of the files already exist on the
application server to be patched then Operations should make a backup of the existing files before
copying in the new files. The files should be copied to the /usr/local/bea/wls92/utils/bsu/cache_dir
directory. All the files in the /usr/local/bea/wls92/utils/bsu/cache_dir should be owned by the UNIX
user ID and group that own the WLS 9.2 binary files (for example Bwls92:gwls92) and should have
permissions set to 750.
2.
Once the files are in place Operations should run the following type of command as the UNIX user
ID that owns the WLS 9.2 binary files to install the patch(es)
h.
cd /usr/local/bea/wls92/utils/bsu or cd /PREFIX/usr/local/bea/wls92/utils/bsu
i.

-prod_dir=/usr/local/bea/wls92/weblogic92
Or
For non standard directories
j.
Replace the 81XN,EP13, etc values in the command above with the patch(es) being
deployed.
The output should look similar to the following:
k.
l.
Version 2.0
Checking for conflicts..

No conflict(s) detected
Installing Patch ID: 81XN.
Result: Success
Installing Patch ID: EP13.
Result: Success
Installing Patch ID: VSZL.
Result: Success
Installing Patch ID: KSMA.
Result: Success
Installing Patch ID: 2RWZ.
Result: Success
Restart all instances in the binaries that were patched.
To back out the patches deployed run the same command except instead of -install use
-remove, for example: ./bsu.sh -remove -patchlist=81XN,EP13,VSZL
-prod_dir=/usr/local/bea/wls92/weblogic92 or for non standard directories : ./bsu.sh
-remove -patchlist=81XN,EP13,VSZL
GM/EDS Confidential
9 November 2009 94

Technical
m. Restart all instances in the binaries that had the patch(es) backed out.
To validate if an instance has the patch(es) applied you can either
1.
Type cd /<SITES>/<shortname>/site/common/logs/92_shortname_admin
2.
Type grep i Temporary *
Version 2.0
GM/EDS Confidential
9 November 2009 95

Technical
Appendix 4: Create Service Guard

package.
UNIX SA steps
-build the package
- Presumptions
Name of Service Guard package to be created : wls92pkg1
On the first node for example on hprel36a

Following is an example to create volume group and logical volume
#mkdir /dev/vg92
#mknod /dev/vg92/group c 64 0x050000
# pvcreate /dev/rdsk/c1t0d0
Physical volume "/dev/rdsk/c1t0d0" has been successfully created.
# vgcreate /dev/vg92 /dev/dsk/c1t0d0

Increased the number of physical extents per physical volume to 17501.
Volume group "/dev/vg92" has been successfully created.
Volume Group configuration for /dev/vg92 has been saved in
/etc/lvmconf/vg92.conf
#vgdisplay v > sree.txt

VG Name
/dev/vg92
VG Write Access
read/write
VG Status
available
Max LV
255
Cur LV
Open LV
Max PV
16
Cur PV
Act PV
Max PE per PV
VGDA
PE Size (Mbytes)
Total PE
Version 2.0
17501
2
4
17499
GM/EDS Confidential
9 November 2009 96

Technical
Alloc PE
Free PE
17499
Total PVG
Total Spare PVs
Total Spare PVs in use
--- Physical volumes --PV Name
/dev/dsk/c1t0d0
PV Status
available
Total PE
17499
Free PE
17499
Autoswitch
On
Proactive Polling
On
Depending on the size of PE (assign 120*17499 = about 2 GB)
# lvcreate -L 120 -n sglvol1 /dev/vg92

# lvcreate -L 120 -n sglvol1 /dev/vg92
Logical volume "/dev/vg92/sglvol1" has been successfully created with
character device "/dev/vg92/rsglvol1".
Logical volume "/dev/vg92/sglvol1" has been successfully extended.
Volume Group configuration for /dev/vg92 has been saved in
/etc/lvmconf/vg92.conf (if needed to remove this group the command is #
lvremove -f /dev/vg92/sglvol1)
# newfs -F vxfs /dev/vg92/rsglvol1

version 6 layout
122880 sectors, 122880 blocks of size 1024, log size 1024 blocks
largefiles supported
#mkdir /wls92pkg
#mount /dev/vg92/sglvol1 /wls92pkg
# bdf
Version 2.0
Filesystem
kbytes
used avail %used Mounted on
/dev/vg00/lvol3
4194304 1201600 2974096 29% /
GM/EDS Confidential
9 November 2009 97

Technical
/dev/vg00/lvol1
1835008 279520 1543424 15% /stand
/dev/vg00/lvol7
8388608 5763968 2614952 69% /var
/dev/vg00/lvol6
10027008 7933728 2081712 79% /usr
/dev/vg00/lvol9
16777216 16426454 328912 98% /u01
/dev/vg00/lvol5
8388608 6804768 1578120 81% /tmp
/dev/vg00/lvol4
8388608 4976584 3387328 60% /opt
/dev/vg92/sglvol1 122880
1754 113563
2% /wls92pkg
#cp /etc/passwd /wls92pkg

# umount /wls92pkg
# vgchange -a n vg92
Volume group "vg92" has been successfully changed.
# vgexport -v -p -s -m /tmp/vg92.map /dev/vg92
Beginning the export process on Volume Group "/dev/vg92".
/dev/dsk/c1t0d0
scp the export to second node.
On host hprel36b (repeat some of the steps)

# mkdir /dev/vg92
# mknod /dev/vg92/group c 64 0x050000
# vgimport -v -s -m /tmp/vg92.map /dev/vg92
# vgchange -a y vg92
# verify that all the logical info is present in the vg92
# mkdir /wls92pkg
# mount /dev/vg92/sglvol1 /wls92pkg
# ls al /wls92pkg verify that the same file exist that you copied on the first system.
# umount /wls92pkg
# vgchange a n vg92
Version 2.0
GM/EDS Confidential
9 November 2009 98

Technical
-Create a Weblogic package conf file for this package

mkdir <wls92pkg> under /etc/cmcluster
cd /etc/cmcluster/<wls92pkg>
cmmakepkg v p <wls92pkg>.conf
vi <wls92pkg>.conf
-add the following:
PACKAGE_NAME
<wls92pkg>
PACKAGE_TYPE
FAILOVER
NODE_NAME
hprel36a
NODE_NAME
hprel36b
AUTO_RUN
NO
NODE_FAIL_FAST_ENABLED
RUN_SCRIPT
NO
/etc/cmcluster/<wls92pkg>/<wls92pkg>.cntl
HALT_SCRIPT
/etc/cmcluster/<wls92pkg>/<wls92pkg>.cntl
RUN_SCRIPT_TIMEOUT
NO_TIMEOUT
SUCCESSOR_HALT_TIMEOUT
NO_TIMEOUT
FAILOVER_POLICY
CONFIGURED_NODE
FAILBACK_POLICY
MANUAL
PRIORITY
NO_PRIORITY
LOCAL_LAN_FAILOVER_ALLOWED
YES
MONITORED_SUBNET
192.85.89.0
-Create a package cntl file for this package

cmmakepkg v s <wls92pkg>.cntl
vi <wls92pkg>.cntl
-add the following:
. ${SGCONFFILE:=/etc/cmcluster.conf}
PATH=$SGSBIN:/usr/bin:/usr/sbin:/etc:/bin
VGCHANGE="vgchange -a e"
Version 2.0
GM/EDS Confidential
# Default
9 November 2009 99

Technical
CVM_ACTIVATION_CMD="vxdg -g \$DiskGroup set activation=exclusivewrite"

VG[0]="wls92pkg"
*VXVM_DG_RETRY="NO"
DEACTIVATION_RETRY_COUNT=2
KILL_PROCESSES_ACCESSING_RAW_DEVICES="NO"
VXVOL="vxvol -g \$DiskGroup startall"
# Default
FS_UMOUNT_COUNT=1
FS_MOUNT_RETRY_COUNT=0
CONCURRENT_VGCHANGE_OPERATIONS=1
ENABLE_THREADED_VGCHANGE=0
CONCURRENT_FSCK_OPERATIONS=1
CONCURRENT_MOUNT_AND_UMOUNT_OPERATIONS=1
log_file=${SG_SCRIPT_LOG_FILE:-$0.log}
KILL_PROCESSES_ACCESSING_RAW_DEVICES="NO"
LV[0]="/dev/vg04/10gtest"; FS[0]="/wls92pkg"; FS_MOUNT_OPT[0]="-o rw";
FS_UMOUNT_OPT[0]=""; FS_FSCK_OPT[0]=""
FS_TYPE[0]="vxfs"
VXVOL="vxvol -g \$DiskGroup startall"
# Default
FS_UMOUNT_COUNT=1
FS_MOUNT_RETRY_COUNT=0
CONCURRENT_VGCHANGE_OPERATIONS=1
CONCURRENT_FSCK_OPERATIONS=1
CONCURRENT_MOUNT_AND_UMOUNT_OPERATIONS=1
IP[0]="192.85.89.243"
SUBNET[0]="192.85.89.0"
IP[1]="192.85.89.245"
SUBNET[1]="192.85.89.0"
# START OF CUSTOMER DEFINED FUNCTIONS
# This function is a place holder for customer define functions.
# You should define all actions you want to happen here, before the service is
# started. You can create as many functions as you need.
function customer_defined_run_cmds
{
# ADD customer defined run commands.
: # do nothing instruction, because a function must contain some command.
/<wls92pkg>/usr/local/gwh/lib/startcommands
test_return 51
}
# This function is a place holder for customer define functions.
# You should define all actions you want to happen here, after the service is
# halted.
Version 2.0
GM/EDS Confidential
9 November 2009 100

Technical
function customer_defined_halt_cmds
{
# ADD customer defined halt commands.
# do nothing instruction, because a function must contain some command.
/<wls92pkg>/usr/local/gwh/lib/stopcommands
test_return 52
}
# END OF CUSTOMER DEFINED FUNCTIONS
-Create a Weblogic ascii file for this package

vi cmclconf.ascii
CLUSTER_NAME hprel
FIRST_CLUSTER_LOCK_VG
/dev/vg04
NODE_NAME hprel36b
NETWORK_INTERFACE lan1
HEARTBEAT_IP
172.0.1.1
FIRST_CLUSTER_LOCK_PV /dev/dsk/c1t0d3
NODE_NAME hprel36a
HEARTBEAT_IP
172.0.1.2
FIRST_CLUSTER_LOCK_PV /dev/dsk/c1t0d3
MAX_CONFIGURED_PACKAGES 10
VOLUME_GROUP VG04
-Add the package to the cluster

cmapplyconf P <wls92pkg>
for example
cmapplyconf -P wls92pkg.conf
Modify the package configuration ([y]/n)?
Completed the cluster update
cmmodpkg e n <node1> n <node2> <wls92pkg>
cmmodpkg e < wls92pkg>
-Start the cluster and the package

cmruncl v
Note: make sure that the cluster and the package is started.
Version 2.0
GM/EDS Confidential
9 November 2009 101

Technical
Appendix 5: WebLogic Server FAQ
When using WLST in offline mode if changes are made to the config.xml file WLST will
automatically create files called backup_config.xml. As long as these files are not
causing space issues they can remain on the file system without issue. If they are
causing space issues then make sure they have been backed up via the standard BUR
and then delete them.
Port information can be found in the Domain Installation section of this document.
There are two sample applications (InMemRepClient_clus and InMemRepClient_scell)

because there are occasions where a domain is required to host a cluster and instances
that are not clustered. The InMemRepClient_clus sample application should be deployed
to any managed server instances in a WebLogic cluster. The InMemRepClient_scell
sample application should be deployed to any managed server instances that are not in
a WebLogic cluster. To determine if an instance is part of a WebLogic cluster login to the
WLS Administration Console, click the Environment Clusters <CLUSTER NAME>
- Configuration Servers tab to see the list of instances in the cluster (if there are
several clusters then you will need to check each cluster). The sample application has
different deployment descriptor value for persistent-store-type in the weblogic.xml file
when deployed to a cluster vs. when deployed to an instance that is not clustered. The
InMemRepClient_clus weblogic.xml file is displayed below:
<?xml version="1.0" encoding="UTF-8"?>
<weblogic-web-app xmlns="http://www.bea.com/ns/weblogic/90">
<session-descriptor>
<persistent-store-type>replicated</persistent-store-type>
</session-descriptor>
<jsp-descriptor>
<precompile>true</precompile>
<workingdir>/sites/test4/site/live/wls92/jsp_gwhsession_clus</working-dir>
</jsp-descriptor>
</weblogic-web-app>
The InMemRepClient_scell weblogic.xml file is displayed below:

<?xml version="1.0" encoding="UTF-8"?>
<weblogic-web-app xmlns="http://www.bea.com/ns/weblogic/90">
<session-descriptor>
<persistent-store-type>memory</persistent-store-type>
</session-descriptor>
<jsp-descriptor>
<precompile>true</precompile>
<workingdir>/sites/test4/site/live/wls92/jsp_gwhsession_scell</working-dir>
</jsp-descriptor>
</weblogic-web-app>
Version 2.0
GM/EDS Confidential
9 November 2009 102

Technical
Appendix 6: Entrust certificate

troubleshooting.
Installing chain certificate
Install the Entrust L1B Chain Certificate in your web server you should
Click Install Certificate.
Under Certificate For: select Server Certificate Chain.
Cryptographic module should be Internal (Software).
Enter the Trust Database password in the Key Pair File Password box.
Enter "Entrust L1B Chain Certificate" (without the quotes) as the Certificate Name.
Select Message Text (with headers).
Open a Web browser and go to the URL that appears in the confirmation email
you received from Entrust. Your certificates are displayed.
The Entrust SSL Certificate is in the section named "Entrust SSL Certificate"
and the chain certificate is in the section named "Entrust L1B chain certificate".
The certificates is below:
Copy the Entrust Chain Certificate to your clipboard. You must include the "----BEGIN CERTIFICATE-----"
and "-----END CERTIFICATE-----" lines.
Paste the Entrust Chain Certificate into the text box under Message Text ensuring that
it is all left aligned with no trailing white space.
Click OK.
Click Add Server Certificate
Click OK to the warning regarding the server having to be restarted.
You should now receive a "Success" message, click OK.
Now you must restart your web server for the changes to take effect.
-----BEGIN CERTIFICATE----MIIFkTCCBHmgAwIBAgIEOGPFrjANBgkqhkiG9w0BAQUFADCBtDEUMBIGA1UEChML
RW50cnVzdC5uZXQxQDA+BgNVBAsUN3d3dy5lbnRydXN0Lm5ldC9DUFNfMjA0OCBp
Version 2.0
GM/EDS Confidential
9 November 2009 103

Technical
bmNvcnAuIGJ5IHJlZi4gKGxpbWl0cyBsaWFiLikxJTAjBgNVBAsTHChjKSAxOTk5
IEVudHJ1c3QubmV0IExpbWl0ZWQxMzAxBgNVBAMTKkVudHJ1c3QubmV0IENlcnRp
ZmljYXRpb24gQXV0aG9yaXR5ICgyMDQ4KTAeFw0wODA4MjUxODE0MjZaFw0xODA4
MjUxODQ0MjZaMIIBNDELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIElu
Yy4xODA2BgNVBAsTL0FORCBBRERJVElPTkFMIFRFUk1TIEdPVkVSTklORyBVU0Ug
QU5EIFJFTElBTkNFMUcwRQYDVQQLEz5DUFMgQ09OVEFJTlMgSU1QT1JUQU5UIExJ
TUlUQVRJT05TIE9GIFdBUlJBTlRJRVMgQU5EIExJQUJJTElUWTE5MDcGA1UECxMw
d3d3LmVudHJ1c3QubmV0L0NQUyBpcyBpbmNvcnBvcmF0ZWQgYnkgcmVmZXJlbmNl
MR8wHQYDVQQLExYoYykgMjAwOCBFbnRydXN0LCBJbmMuMS4wLAYDVQQDEyVFbnRy
dXN0IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gTDFCMIIBIjANBgkqhkiG9w0B
AQEFAAOCAQ8AMIIBCgKCAQEA3CH1aPl6zofyeN/YO00GfcYk5KnNnQFW5PZxF6p/
dSIY5HRtGz5W1bGmHt1ZJlPKBua6C283u6jGnBU7BhuHDMIaTdOBrttQZaU6ZE8w
NJorqR/9K9E4cRlo8o7re8lAPEjEGbG3ECXvRKfmd5t9Ipre2F7Zw87JcSK7ru8F
1vIX51Z44VMFSiZzuMdJZ5MjD1ayj93JWQXlYxW0h35ARum1AHsDtA3klmcs3htZ
CxofuGNErsHXRIfEkVmcAENtxt8KsLEEzf6+MF46JXLdoj7tRjrHpFxc5CXyEwfo
rtqbGZui2WCdzpBHamF7QOgUwv4vhFpmF8CX00k43mMCnwIDAQABo4IBJjCCASIw
DgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wMwYIKwYBBQUHAQEEJzAl
MCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5lbnRydXN0Lm5ldDAyBgNVHR8EKzAp
MCegJaAjhiFodHRwOi8vY3JsLmVudHJ1c3QubmV0LzIwNDhjYS5jcmwwOwYDVR0g
BDQwMjAwBgRVHSAAMCgwJgYIKwYBBQUHAgEWGmh0dHA6Ly93d3cuZW50cnVzdC5u
ZXQvQ1BTMB0GA1UdDgQWBBT18paIfQ3zKvlO5zSgvUZ+E9YWyDAfBgNVHSMEGDAW
gBRV5IHREYC+2Im5CKMx+aEkCRa5cDAZBgkqhkiG9n0HQQAEDDAKGwRWNy4xAwIA
gTANBgkqhkiG9w0BAQUFAAOCAQEACyU8WPqO3KJCO3ZxbmzUTyu5U1yyWLmx3G8a
5OPEUPJBgrr0fcfB+fqMU7+5YrdJ4x0K/B/WxHZqk8t3Hix/0D8WY0xyTGdgD/iA
1qeayqIzkQ9EsmY9jmgMQIUSN5G5gnc0WS1c34JuLLZ60gSQZ2hLcPwtuP+QZG9+
kffRRzPzW7hYLiHYdWAbE8z4sqj6aqkqWk9FhUC03TQFt3DKAe/hgecRUNs+4tcQ
LmoVf7fUo2KyiWlhV8Z/jp7UJHrzoUNfoHqJ3FnNfdd1p7xT1Uc1xjEwIJ+burWD
5olVAU2RO9aJNYc8g2t6KYLUS9TmFnSwARCraQYUN3v3ZjA6xQ==
-----END CERTIFICATE-----
Using 2048 RSA keys

In addition to the above cert, we must also add the following,
using the above procedures for SunOne. Call this one 2048 to 1024 Cross Cert.
Version 2.0
GM/EDS Confidential
9 November 2009 104

Technical
2048 to 1024 Cross Cert.
-----BEGIN CERTIFICATE----MIIEnzCCBAigAwIBAgIERp6RGjANBgkqhkiG9w0BAQUFADCBwzELMAkGA1UEBhMC
VVMxFDASBgNVBAoTC0VudHJ1c3QubmV0MTswOQYDVQQLEzJ3d3cuZW50cnVzdC5u
ZXQvQ1BTIGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxpYWIuKTElMCMGA1UECxMc
KGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDE6MDgGA1UEAxMxRW50cnVzdC5u
ZXQgU2VjdXJlIFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wOTAz
MjMxNTE4MjdaFw0xOTAzMjMxNTQ4MjdaMIG0MRQwEgYDVQQKEwtFbnRydXN0Lm5l
dDFAMD4GA1UECxQ3d3d3LmVudHJ1c3QubmV0L0NQU18yMDQ4IGluY29ycC4gYnkg
cmVmLiAobGltaXRzIGxpYWIuKTElMCMGA1UECxMcKGMpIDE5OTkgRW50cnVzdC5u
ZXQgTGltaXRlZDEzMDEGA1UEAxMqRW50cnVzdC5uZXQgQ2VydGlmaWNhdGlvbiBB
dXRob3JpdHkgKDIwNDgpMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
rU1LqRKGsuqjIAcVFmQqK0vRvwtKTY7tgHalZ7d4QMBzQshowNtTK91euHaYNZOL
Gp18EzoOH1u3Hs/lJBQesYGpjX24zGtLA/ECDNyrpUAkAH90lKGdCCmziAv1h3ed
Vc3kw37XamSrhRSGlVuXMlBvPci6Zgzj/L24ScF2iUkZ/cCovYmjZy/Gn7xxGWC4
LeksyZB2ZnuU4q941mVTXTzWnLLPKQP5L6RQstRIzgUyVYr9smRMDuSYB3Xbf9+5
CFVghTAp+XtIpGmG4zU/HoZdenoVve8AjhUiVBcAkCaTvA5JaJG/+EfTnZVCwQ5N
328mz8MYIWJmQ3DW1cAH4QIDAQABo4IBJzCCASMwDgYDVR0PAQH/BAQDAgEGMA8G
A1UdEwEB/wQFMAMBAf8wMwYIKwYBBQUHAQEEJzAlMCMGCCsGAQUFBzABhhdodHRw
Oi8vb2NzcC5lbnRydXN0Lm5ldDAzBgNVHR8ELDAqMCigJqAkhiJodHRwOi8vY3Js
LmVudHJ1c3QubmV0L3NlcnZlcjEuY3JsMDsGA1UdIAQ0MDIwMAYEVR0gADAoMCYG
CCsGAQUFBwIBFhpodHRwOi8vd3d3LmVudHJ1c3QubmV0L0NQUzAdBgNVHQ4EFgQU
VeSB0RGAvtiJuQijMfmhJAkWuXAwHwYDVR0jBBgwFoAU8BdiE1U9s/8KAGv7UISX
8+1i0BowGQYJKoZIhvZ9B0EABAwwChsEVjcuMQMCAIEwDQYJKoZIhvcNAQEFBQAD
gYEAj2WiMI4mq4rsNRaY6QPwjRdfvExsAvZ0UuDCxh/O8qYRDKixDk2Ei3E277M1
RfPB+JbFi1WkzGuDFiAy2r77r5u3n+F+hJ+ePFCnP1zCvouGuAiS7vhCKw0T43aF
SApKv9ClOwqwVLht4wj5NI0LjosSzBcaM4eVyJ4K3FBTF3s=
-----END CERTIFICATE-----
Version 2.0
GM/EDS Confidential
9 November 2009 105

EDS HS WebLogic Server 92 Operations Guide HPUX11.23 2.0

Hochgeladen von

Dokumentinformationen

Originalbeschreibung:

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

EDS HS WebLogic Server 92 Operations Guide HPUX11.23 2.0

Hochgeladen von

Copyright:

Verfügbare Formate

EDS Hosting Services

WebLogic Server 9.2 HPUX 11.23

(Authorized User's Operations Guide)

Section / Nature of Change

Section / Nature of Change

Made changes as per peer review

Made a note regarding /var/tmp

Added Failed Logon Attempt and

(Authorized User's Operations Guide)

(Authorized User's Operations Guide)

Files Deployed that Contain Encrypted Passwords.................................................................................23

Install and Uninstall.................................................................................................................... 41

(Authorized User's Operations Guide)

Backup and Restore.................................................................................................................................... 77

Appendix 1: How to Configure SSH Key Trust........................................................................86

Appendix 4: Create Service Guard package............................................................................93

9 November 2009 iii

(Authorized User's Operations Guide)

Environment for this Guide

(Authorized User's Operations Guide)

(Authorized User's Operations Guide)

WebLogic Server Data Flow:

The WebLogic Server Cluster will process the traffic.

(Authorized User's Operations Guide)

Related Manuals and Training

(Authorized User's Operations Guide)

WebLogic Opsware MAPL

(Authorized User's Operations Guide)

Manually Changing the System Password

Login to the application server using the B<shortname> id

(Authorized User's Operations Guide)

If theres a problem restarting an instance try moving the

Changing Other ID Passwords

Using an Automated Script with a Manual Step to Change the System ID

(Authorized User's Operations Guide)

Click on Security-Realms click on the myRealm link.

Click on the Users and Groups tab

Click the system user link in the right-most pane.

Click the Passwords tab.

Enter the same password in the Confirm New Password field.

On the HP HS Admin Server as the <install_id> complete the following:

Edit the server.conf file for the following:

The domains WebLogic

The beahome for this domain

(Authorized User's Operations Guide)

The JDK version deployed in the jdk150_13

Adding a User ID to the Embedded LDAP

Click on the Securtiy Realms name in the left navigation pane.

Click on the Users and Groups tab.

(Authorized User's Operations Guide)

Enter the Name, Description, Password and Confirm Password.

Click on the user ID in the list of user IDs.

Click on the Groups tab.

10. Click Save.

Deleting a User ID from the Embedded LDAP

Make sure all instances in the domain are running.

Click on the Users and Groups tab.

A message stating Selected users have been deleted should be displayed.

Unlocking a User Account

Change or Remove Oracle Thin Driver from CLASSPATH

(Authorized User's Operations Guide)

Configure Managed Server Instance Memory