Tag Archives: fusion middleware

Username & password required at Weblogic domain startup


When installing a new WebLogic Domain for any a-specific Oracle (Fusion) Middleware application or any other implementation requiring a WebLogic domain like ORDS for instance, a new ‘home’ is created under [MW-home]/user_domains/. [MW-Home] translates, for instance, to /u01/oracle/product/Middleware.

ordsTo start your brand-new domain, or perhaps and rather, to automate the startup of your domain, you would use the supplied [MW-home]/user_domains/[DomainName]/startWebLogic.sh command-file.
This file will start the Weblogic domain (the Admin Server) and the deployed components. After this start, you will be able to follow through with the administration over the web-console. Typically its URL is: http://[ServerName]:[PortNumber]/console.

One nasty thing you can run into, is that starting the server can require you to enter username and password during the run of [MW-home]/user_domains/[DomainName]/startWebLogic.sh. Of course this is rather annoying because it requires interaction which is not good for auto-start. Regular input-tooling you can wrap around this command-file, for example with input redirection, would require you to save your username / password combination in plain text. That is certainly never a good idea!!

Luckily there is a trick to enable your WebLogic domain to start without this interaction. And it also makes sure that username & password are not stored in plain text. Actually it is quite easy to get this facility in place.

This is how:

Go to [MW-home]/user_domains/[DomainName]/Servers/AdminServer/security and create a plain text file called boot.properties.

This file gets two lines:
username: Your WebLogic Username
password: Your WebLogic Password

Basically, this is now a plain-text recording of the username and password on the server, which seems quite scary.

Good thing though, is that when you have successfully run [MW-home]/user_domains/[DomainName]/startWebLogic.sh command file, which will now continuously run through, username and password will be encrypted:

#Thu Mar 10 14:11:38 UTC 2016
password={AES}JoMm+ymJUvbcQld84ofjSR5KhwFVP7mCgTpYBtTS7TA\=
username={AES}vY8NlWXCh156j/uAIpyFY4MVxPt8cdAbUpaTku+sJsU\=

You will now be able to call [MW-home]/user_domains/[DomainName]/startWebLogic.sh from your startup-script without having to worry about the need to interactively entering username / password or have to worry about plain text storage of these to artifacts.

Hope this helps!


Idempotent, a parameter with adverse effect

To create and distribute, since long, we have had the power of Oracle Reports at our fingertips. These same report definitions can still be used successfully nowadays.

With all the technical changes over the years, we’ve come to a point where Oracle Reports Server, is now part of Oracle Fusion Middleware proposition. It is a (small) container, application or component of this software stack, where it is loaded in an application server and thus deployed.
Although this takes Oracle Reports Server into the modern age, it adds a lot of complexity for smaller implementations, a lot of tweaking and tuning to get it all running smoothly. One of these examples I would like to address here…

We were faced with a situation where we were running a report, an e-mail distribution report, sending out specific information to a multitude of e-mail addresses. And there was this situation where this report was run on a system, which was somewhat overloaded. This is not good, but not always completely predictable or avoidable.
For this report to run very long, actually was not a big issue as these individual e-mails were just informational and not time-bound on a minute-scale.

The problems started when we were getting word that some recipients of these e-mails were getting multitudes of copies of these e-mails! Which was sloppy at best…
Wait… multitudes of e-mail from a job which is running slow… That’s odd, they should be getting either a late e-mail or perhaps no e-mail at all! Not a lot of e-mails, that is contradictory!

This called for an investigation.

Finally we stumbled across a technology designed to do no harm, I would like to call your attention to idempotence!
Funny thing is, this setting is not part of Oracle Reports Server, but of another component used in this complexity, Oracle HTTP Server (OHS).

  • When set to ON and if the servers do not respond within WLIOTimeoutSecs (new name for HungServerRecoverSecs), the plug-ins fail over.
  • As stated on WikiPedia, an idempotent operation is “that can be applied multiple times without changing the result beyond the initial application

Obviously, this was not the case with our situation! This idempotent operation was applied multiple times and it did change the result far beyond the initial application. Up to 40 e-mails per recipients on one specific occasion.

In effect, what happened, was that the Oracle Report, which was called through a URL, did not complete within WLIOTimeoutSecs, was just restarted. The URL, as it was called to start the process, was called again from withing the Oracle Fusion Middleware Stack, starting a new run of e-mail distribution… over and over again.

We resolved the situation by two completely different actions.

  1. we made sure this operation was not run on a system which was too busy to handle the load
  2. we made sure Oracle Fusion Middleware wouldn’t get the crazy idea to re-run this operation again.

Number two was fixed by the adding of the following instruction to the installation guide (and actually doing this too):

Toggle parameter IdemPotent to ‘off’ in reports_ohs.conf in:

<drive>\oracle\middleware\asinst_1\config\OHS\ohs1\moduleconf\reports_ohs.conf

This can be accomplished through the Enterprise Manager

Webtier -> Ohs1 -> Oracle http Server -> Administration -> Advanced Configuration -> Choose a file -> reports_ohs.conf

Add the following line to the body:
## Added <name> <date>
IdemPotent off

Our problems are gone now!