中间件环境如下:
在weblogic console上开启Administration Port,如下图:
此后用stopWebLogic.sh脚本去关闭AdminServer报错如下,
[bea@mylinux bin]$ ./stopWebLogic.sh
Stopping Weblogic Server…
Initializing WebLogic Scripting Tool (WLST) …
Welcome to WebLogic Server Administration Scripting Shell
Type help() for help on available commands
Connecting to t3://localhost:7001 with userid weblogic …
This Exception occured at Sat Nov 20 11:34:45 EST 2010.
javax.naming.AuthenticationException [Root exception is java.lang.SecurityException: User 'principals=[weblogic, Administrators]‘ has administration role. All tasks by adminstrators must go through an Administration Port.]
at weblogic.jndi.internal.ExceptionTranslator.toNamingException(ExceptionTranslator.java:53)
at weblogic.jndi.WLInitialContextFactoryDelegate.toNamingException(WLInitialContextFactoryDelegate.java:773)
at weblogic.jndi.WLInitialContextFactoryDelegate.pushSubject(WLInitialContextFactoryDelegate.java:670)
at weblogic.jndi.WLInitialContextFactoryDelegate.newContext(WLInitialContextFactoryDelegate.java:466)
at weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialContextFactoryDelegate.java:373)
at weblogic.jndi.Environment.getContext(Environment.java:307)
at weblogic.jndi.Environment.getContext(Environment.java:277)
at weblogic.jndi.WLInitialContextFactory.getInitialContext(WLInitialContextFactory.java:117)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:247)
at javax.naming.InitialContext.init(InitialContext.java:223)
at javax.naming.InitialContext.<init>(InitialContext.java:197)
at weblogic.management.scripting.WLSTHelper.populateInitialContext(WLSTHelper.java:494)
at weblogic.management.scripting.WLSTHelper.initDeprecatedConnection(WLSTHelper.java:547)
at weblogic.management.scripting.WLSTHelper.initConnections(WLSTHelper.java:299)
at weblogic.management.scripting.WLSTHelper.connect(WLSTHelper.java:201)
at weblogic.management.scripting.WLScriptContext.connect(WLScriptContext.java:60)
at weblogic.management.scripting.utils.WLSTUtil.initializeOnlineWLST(WLSTUtil.java:121)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at org.python.core.PyReflectedFunction.__call__(PyReflectedFunction.java:160)
at org.python.core.PyMethod.__call__(PyMethod.java:96)
at org.python.core.PyObject.__call__(PyObject.java:248)
at org.python.core.PyObject.invoke(PyObject.java:2016)
at org.python.pycode._pyx6.connect$1(<iostream>:16)
at org.python.pycode._pyx6.call_function(<iostream>)
at org.python.core.PyTableCode.call(PyTableCode.java:208)
at org.python.core.PyTableCode.call(PyTableCode.java:404)
at org.python.core.PyFunction.__call__(PyFunction.java:184)
at org.python.pycode._pyx18.f$0(/home/bea/bea923/user_projects/domains/base_domain/shutdown.py:1)
at org.python.pycode._pyx18.call_function(/home/bea/bea923/user_projects/domains/base_domain/shutdown.py)
at org.python.core.PyTableCode.call(PyTableCode.java:208)
at org.python.core.PyCode.call(PyCode.java:14)
at org.python.core.Py.runCode(Py.java:1135)
at org.python.util.PythonInterpreter.execfile(PythonInterpreter.java:167)
at weblogic.management.scripting.WLST.main(WLST.java:106)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at weblogic.WLST.main(WLST.java:29)
Caused by: java.lang.SecurityException: User ‘principals=[weblogic, Administrators]‘ has administration role. All tasks by adminstrators must go through an Administration Port.
at weblogic.common.internal.RMIBootServiceImpl.checkAdminPort(RMIBootServiceImpl.java:154)
at weblogic.common.internal.RMIBootServiceImpl.authenticate(RMIBootServiceImpl.java:132)
at weblogic.common.internal.RMIBootServiceImpl_WLSkel.invoke(Unknown Source)
at weblogic.rmi.internal.BasicServerRef.invoke(BasicServerRef.java:553)
at weblogic.rmi.internal.BasicServerRef$1.run(BasicServerRef.java:443)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:147)
at weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.java:439)
at weblogic.rmi.internal.BasicServerRef.access$300(BasicServerRef.java:61)
at weblogic.rmi.internal.BasicServerRef$BasicExecuteRequest.run(BasicServerRef.java:983)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:181)
Problem invoking WLST – Traceback (innermost last):
File "/home/bea/bea923/user_projects/domains/base_domain/shutdown.py", line 1, in ?
File "<iostream>", line 22, in connect
WLSTException: "Error occured while performing connect : User ‘principals=[weblogic, Administrators]‘ has administration role. All tasks by adminstrators must go through an Administration Port. Use dumpStack() to view the full stacktrace"
Done
经查看,weblogic进程还在,没有停止成功,
[bea@mylinux bin]$ ps -ef grep java
bea 3058 3021 0 10:37 pts/0 00:00:11 /home/bea/bea923/jdk150_12/bin/java -server -Xms256m -Xmx512m -XX:MaxPermSize=128m -da -Dplatform.home=/home/bea/bea923/weblogic92 -Dwls.home=/home/bea/bea923/weblogic92/server -Dwli.home=/home/bea/bea923/weblogic92/integration -Dweblogic.management.discover=true -Djava.rmi.server.hostname=192.168.0.56 -Dwlw.iterativeDev=false -Dwlw.testConsole=false -Dwlw.logErrorsToConsole= –Djava.rmi.server.hostname=192.168.0.56 -Dweblogic.Name=AdminServer -Djava.security.policy=/home/bea/bea923/weblogic92/server/lib/weblogic.policy weblogic.Server
bea 3633 2246 0 11:36 pts/0 00:00:00 grep java
修改
stopWebLogic.sh 里的ADMIN_URL="t3://localhost:7001"为
ADMIN_URL=https://localhost:9002
后,再次执行脚本后报错,
[bea@mylinux bin]$ ./stopWebLogic.sh
Stopping Weblogic Server…
Initializing WebLogic Scripting Tool (WLST) …
Welcome to WebLogic Server Administration Scripting Shell
Type help() for help on available commands
Connecting to https://localhost:9002 with userid weblogic …
<Nov 20, 2010 11:53:19 AM EST> <Warning> <Security> <BEA-090542> <Certificate chain received from localhost – 127.0.0.1 was not trusted causing SSL handshake failure. Check the certificate chain to determine if it should be trusted or not. If it should be trusted, then update the client trusted CA configuration to trust the CA certificate that signed the peer certificate chain. If you are connecting to a WLS server that is using demo certificates (the default WLS server behavior), and you want this client to trust demo certificates, then specify -Dweblogic.security.TrustKeyStore=DemoTrust on the command line for this client.>
<Nov 20, 2010 11:53:20 AM EST> <Warning> <Security> <BEA-090542> <Certificate chain received from localhost – 127.0.0.1 was not trusted causing SSL handshake failure. Check the certificate chain to determine if it should be trusted or not. If it should be trusted, then update the client trusted CA configuration to trust the CA certificate that signed the peer certificate chain. If you are connecting to a WLS server that is using demo certificates (the default WLS server behavior), and you want this client to trust demo certificates, then specify -Dweblogic.security.TrustKeyStore=DemoTrust on the command line for this client.>
<Nov 20, 2010 11:53:20 AM EST> <Warning> <Security> <BEA-090542> <Certificate chain received from localhost – 127.0.0.1 was not trusted causing SSL handshake failure. Check the certificate chain to determine if it should be trusted or not. If it should be trusted, then update the client trusted CA configuration to trust the CA certificate that signed the peer certificate chain. If you are connecting to a WLS server that is using demo certificates (the default WLS server behavior), and you want this client to trust demo certificates, then specify -Dweblogic.security.TrustKeyStore=DemoTrust on the command line for this client.>
This Exception occured at Sat Nov 20 11:53:20 EST 2010.
javax.naming.CommunicationException [Root exception is java.net.ConnectException: https://localhost:9002: Destination unreachable; nested exception is:
javax.net.ssl.SSLKeyException: [Security:090542]Certificate chain received from localhost – 127.0.0.1 was not trusted causing SSL handshake failure. Check the certificate chain to determine if it should be trusted or not. If it should be trusted, then update the client trusted CA configuration to trust the CA certificate that signed the peer certificate chain. If you are connecting to a WLS server that is using demo certificates (the default WLS server behavior), and you want this client to trust demo certificates, then specify -Dweblogic.security.TrustKeyStore=DemoTrust on the command line for this client.; No available router to destination]
at weblogic.jndi.internal.ExceptionTranslator.toNamingException(ExceptionTranslator.java:49)
at weblogic.jndi.WLInitialContextFactoryDelegate.toNamingException(WLInitialContextFactoryDelegate.java:773)
at weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialContextFactoryDelegate.java:363)
at weblogic.jndi.Environment.getContext(Environment.java:307)
at weblogic.jndi.Environment.getContext(Environment.java:277)
at weblogic.jndi.WLInitialContextFactory.getInitialContext(WLInitialContextFactory.java:117)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:247)
at javax.naming.InitialContext.init(InitialContext.java:223)
at javax.naming.InitialContext.<init>(InitialContext.java:197)
at weblogic.management.scripting.WLSTHelper.populateInitialContext(WLSTHelper.java:494)
at weblogic.management.scripting.WLSTHelper.initDeprecatedConnection(WLSTHelper.java:547)
at weblogic.management.scripting.WLSTHelper.initConnections(WLSTHelper.java:299)
at weblogic.management.scripting.WLSTHelper.connect(WLSTHelper.java:201)
at weblogic.management.scripting.WLScriptContext.connect(WLScriptContext.java:60)
at weblogic.management.scripting.utils.WLSTUtil.initializeOnlineWLST(WLSTUtil.java:121)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at org.python.core.PyReflectedFunction.__call__(PyReflectedFunction.java:160)
at org.python.core.PyMethod.__call__(PyMethod.java:96)
at org.python.core.PyObject.__call__(PyObject.java:248)
at org.python.core.PyObject.invoke(PyObject.java:2016)
at org.python.pycode._pyx6.connect$1(<iostream>:16)
at org.python.pycode._pyx6.call_function(<iostream>)
at org.python.core.PyTableCode.call(PyTableCode.java:208)
at org.python.core.PyTableCode.call(PyTableCode.java:404)
at org.python.core.PyFunction.__call__(PyFunction.java:184)
at org.python.pycode._pyx18.f$0(/home/bea/bea923/user_projects/domains/base_domain/shutdown.py:1)
at org.python.pycode._pyx18.call_function(/home/bea/bea923/user_projects/domains/base_domain/shutdown.py)
at org.python.core.PyTableCode.call(PyTableCode.java:208)
at org.python.core.PyCode.call(PyCode.java:14)
at org.python.core.Py.runCode(Py.java:1135)
at org.python.util.PythonInterpreter.execfile(PythonInterpreter.java:167)
at weblogic.management.scripting.WLST.main(WLST.java:106)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at weblogic.WLST.main(WLST.java:29)
Caused by: java.net.ConnectException: https://localhost:9002: Destination unreachable; nested exception is:
javax.net.ssl.SSLKeyException: [Security:090542]Certificate chain received from localhost – 127.0.0.1 was not trusted causing SSL handshake failure. Check the certificate chain to determine if it should be trusted or not. If it should be trusted, then update the client trusted CA configuration to trust the CA certificate that signed the peer certificate chain. If you are connecting to a WLS server that is using demo certificates (the default WLS server behavior), and you want this client to trust demo certificates, then specify -Dweblogic.security.TrustKeyStore=DemoTrust on the command line for this client.; No available router to destination
at weblogic.rjvm.RJVMFinder.findOrCreate(RJVMFinder.java:204)
at weblogic.rjvm.ServerURL.findOrCreateRJVM(ServerURL.java:154)
at weblogic.jndi.WLInitialContextFactoryDelegate$1.run(WLInitialContextFactoryDelegate.java:342)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:147)
at weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialContextFactoryDelegate.java:337)
… 38 more
Caused by: java.rmi.ConnectException: Destination unreachable; nested exception is:
javax.net.ssl.SSLKeyException: [Security:090542]Certificate chain received from localhost – 127.0.0.1 was not trusted causing SSL handshake failure. Check the certificate chain to determine if it should be trusted or not. If it should be trusted, then update the client trusted CA configuration to trust the CA certificate that signed the peer certificate chain. If you are connecting to a WLS server that is using demo certificates (the default WLS server behavior), and you want this client to trust demo certificates, then specify -Dweblogic.security.TrustKeyStore=DemoTrust on the command line for this client.; No available router to destination
at weblogic.rjvm.ConnectionManager.bootstrap(ConnectionManager.java:475)
at weblogic.rjvm.ConnectionManager.bootstrap(ConnectionManager.java:326)
at weblogic.rjvm.RJVMManager.findOrCreateRemoteInternal(RJVMManager.java:261)
at weblogic.rjvm.RJVMManager.findOrCreate(RJVMManager.java:204)
at weblogic.rjvm.RJVMFinder.findOrCreateRemoteServer(RJVMFinder.java:226)
at weblogic.rjvm.RJVMFinder.findOrCreate(RJVMFinder.java:189)
… 43 more
Problem invoking WLST – Traceback (innermost last):
File "/home/bea/bea923/user_projects/domains/base_domain/shutdown.py", line 1, in ?
File "<iostream>", line 22, in connect
WLSTException: ‘Error occured while performing connect : Error getting the initial context. There is no server running at https://localhost:9002 Use dumpStack() to view the full stacktrace’
Done
报错里提到了-Dweblogic.security.TrustKeyStore=DemoTrust 参数。
在setDomainEnv.sh 里添加该参数如下,
JAVA_OPTIONS="${JAVA_OPTIONS} ${JAVA_PROPERTIES} -Dweblogic.security.TrustKeyStore=DemoTrust -Djava.rmi.server.hostname=192.168.0.56 -Dwlw.iterativeDev=${iterativeDevFlag} -Dwlw.testConsole=${testConsoleFlag} -Dwlw.logErrorsToConsole=${logErrorsToConsoleFlag}"
export JAVA_OPTIONS
再次执行停止脚本,还是报错:
[bea@mylinux bin]$ ./stopWebLogic.sh
Stopping Weblogic Server…
Initializing WebLogic Scripting Tool (WLST) …
Welcome to WebLogic Server Administration Scripting Shell
Type help() for help on available commands
Connecting to https://localhost:9002 with userid weblogic …
This Exception occured at Sat Nov 20 12:10:27 EST 2010.
javax.naming.CommunicationException [Root exception is java.net.ConnectException: https://localhost:9002: Destination unreachable; nested exception is:
java.net.ProtocolException: Tunneling result unspecified - is the HTTP server at host: 'localhost' and port: '9002' a WebLogic Server?; No available router to destination]
无法识别https://localhost:9002。
再次查看stopWebLogic.sh脚本,修改ADMIN_URL="https://localhost:9002"为
ADMIN_URL="t3s://localhost:9002"后,停止成功!
[bea@mylinux bin]$ ./stopWebLogic.sh
Stopping Weblogic Server…
Initializing WebLogic Scripting Tool (WLST) …
Welcome to WebLogic Server Administration Scripting Shell
Type help() for help on available commands
Connecting to t3s://localhost:9002 with userid weblogic …
Successfully connected to Admin Server ‘AdminServer’ that belongs to domain ‘base_domain’.
Shutting down the server AdminServer with force=false while connected to AdminServer …
Disconnected from weblogic server: AdminServer
Exiting WebLogic Scripting Tool.
Done
总结:
1、当启动了管理port,在使用stopWebLogic.sh脚本时,需将原来的url改为t3s协议以及管理端口
2、如使用demo的证书,需在启动参数里添加-Dweblogic.security.TrustKeyStore=DemoTrust