Home » Blogs » theCamel's blog

Controlling Weblogic Node Manager with Solaris SMF as non-root

Submitted by theCamel on Tue, 07/10/2007 - 11:08.
Tags:

First, I made a few modifications to the nodemanager start/stop scripts:

(on weblogic 8.1)

in startNodeManager.sh, I added a -D tag to be able to easily spot the nodemanager process when doing a 'ps' by adding this line:

----------------------------------------------------------------------------
JAVA_OPTIONS="${JAVA_OPTIONS} -Dnodemanager"
----------------------------------------------------------------------------

and then in the actual java start commands, adding ${JAVA_OPTIONS} to each line that calls nodemanager:

----------------------------------------------------------------------------
"${JAVA_HOME}/bin/java" ${JAVA_OPTIONS} ${JAVA_VM} ${MEM_ARGS}
 -Djava.security.policy="${WL_HOME}/server/lib/weblogic.policy"
 -Dweblogic.nodemanager.javaHome="${JAVA_HOME}" 
 -DListenAddress="${LISTEN_ADDRESS}" -DListenPort="${LISTEN_PORT}"
 weblogic.NodeManager
----------------------------------------------------------------------------

...etc.

then, I created a nodemanager stop script:


stopNodeManager.sh

----------------------------------------------------------------------------
#!/bin/sh
# *************************************************************************
# This script can be used to stop the WebLogic NodeManager
#

USERNAME="weblogic"

PID=`ps -fu ${USERNAME} | grep java | grep "nodemanager" | awk '{print $2}'`

if [ ${PID} ]
then
   kill ${PID}
fi
----------------------------------------------------------------------------

verify that the paths are correct and that the scripts are starting and stopping node manager properly. Then, I created the SMF manifest (as root):


nodemanager.xml
----------------------------------------------------------------------------
<?xml version='1.0'?>
<!DOCTYPE service_bundle SYSTEM '/usr/share/lib/xml/dtd/service_bundle.dtd.1'>
<!--
    nodemanager.xml : Weblogic NodeManager manifest, Kyle Reynolds
    2006-07-02
-->

<service_bundle type='manifest' name='nodemanager'>
<service name='application/management/nodemanager/weblogic' type='service' version='1'>

   <single_instance />

   <dependency
      name='multi-user-server'
      grouping='require_any'
      restart_on='error'
      type='service'>
      <service_fmri value='svc:/milestone/multi-user-server:default' />
   </dependency>

   <exec_method
      type='method'
      name='start'
      exec='/u01/app/weblogic/bea81sp6/user_projects/domains/mydomain/startNodeManager'
      timeout_seconds='120' >
      <method_context>
         <method_credential user='weblogic' group='weblogic' />
      </method_context>
   </exec_method>


   <exec_method
      type='method'
      name='stop'
      exec='/u01/app/weblogic/bea81sp6/weblogic81/server/bin/stopNodeManager.sh'
      timeout_seconds='120' >
      <method_context>
         <method_credential user='weblogic' group='weblogic' />
      </method_context>
   </exec_method>

        <property_group name='start' type='method'>
                <propval name='action_authorization' type='astring'
                        value='solaris.smf.manage.nodemanager/weblogic' />
                <propval name='modify_authorization' type='astring'
                        value='solaris.smf.manage.nodemanager/weblogic' />
                <propval name='value_authorization' type='astring'
                        value='solaris.smf.manage.nodemanager/weblogic' />
        </property_group>
        <property_group name='stop' type='method'>
                <propval name='action_authorization' type='astring'
                        value='solaris.smf.manage.nodemanager/weblogic' />
                <propval name='modify_authorization' type='astring'
                        value='solaris.smf.manage.nodemanager/weblogic' />
                <propval name='value_authorization' type='astring'
                        value='solaris.smf.manage.nodemanager/weblogic' />
        </property_group>
        <property_group name='general' type='framework'>
                <propval name='action_authorization' type='astring'
                        value='solaris.smf.manage.nodemanager/weblogic' />
                <propval name='value_authorization' type='astring'
                        value='solaris.smf.manage.nodemanager/weblogic' />
                <propval name='modify_authorization' type='astring'
                        value='solaris.smf.manage.nodemanager/weblogic' />
        </property_group>

   <instance name='default' enabled='false' />

   <stability value='Unstable' />

   <template>
      <common_name>
         <loctext xml:lang='C'>NodeManager</loctext>
      </common_name>
   </template>

</service>
</service_bundle>
----------------------------------------------------------------------------

Notice the property groups and values in the above manifest, for example:

----------------------------------------------------------------------------
        <property_group name='start' type='method'>
                <propval name='action_authorization' type='astring'
                        value='solaris.smf.manage.nodemanager/weblogic' />
                <propval name='modify_authorization' type='astring'
                        value='solaris.smf.manage.nodemanager/weblogic' />
                <propval name='value_authorization' type='astring'
                        value='solaris.smf.manage.nodemanager/weblogic' />
        </property_group>
----------------------------------------------------------------------------

These are what will allow the user "weblogic" to start and stop the service, which, be default is only allowed for root.

So check the paths in the manifest, run (as root):

----------------------------------------------------------------------------
svccfg validate nodemanager.xml
----------------------------------------------------------------------------

to make sure there are no syntax errors, and then I had to set up RBAC to allow the "weblogic" user to manage the service.

in /etc/security/auth_attr, add (as root):

----------------------------------------------------------------------------
solaris.smf.manage.nodemanager/weblogic:::Nodemanager Management::
----------------------------------------------------------------------------

and then run the usermod command (as root):

----------------------------------------------------------------------------
usermod -A solaris.smf.manage.nodemanager/weblogic weblogic
----------------------------------------------------------------------------

now, RBAC is set up and we just need to import the manifest (as root):

----------------------------------------------------------------------------
svccfg import nodemanager.xml
----------------------------------------------------------------------------

and now, as the "weblogic" user, you can control the service:

----------------------------------------------------------------------------
% svcs -a | grep nodemanager
online         Jul_05   svc:/application/management/nodemanager/weblogic:default

% svcadm disable application/management/nodemanager/weblogic

% svcadm enable application/management/nodemanager/weblogic
----------------------------------------------------------------------------

»
nice
Submitted by Derek (not verified) on Thu, 07/19/2007 - 17:46.

its about time you update your shit. something interesting too.

»