Oracle Cloud Control 13,无法连接到 Weblogic 管理服务器

Oracle Cloud Control 13,无法连接到 Weblogic 管理服务器

最近我全新安装了 Oracle Cloud Control 13.3。我注意到的第一件事是,根据 Cloud Control 的说法,Weblogic 管理服务器似乎已关闭。

当通过查询时emctl status oms -details一切似乎正常:

[oracle@ora-cloud-control nodemanager]$ emctl status oms -details
Oracle Enterprise Manager Cloud Control 13c Release 3  
Copyright (c) 1996, 2018 Oracle Corporation.  All rights reserved.
Enter Enterprise Manager Root (SYSMAN) Password : 
Console Server Host        : ora-cloud-control.localdomain
HTTP Console Port          : 7788
HTTPS Console Port         : 7803
HTTP Upload Port           : 4889
HTTPS Upload Port          : 4903
EM Instance Home           : /u01/app/oracle/gc_inst/em/EMGC_OMS1
OMS Log Directory Location : /u01/app/oracle/gc_inst/em/EMGC_OMS1/sysman/log
OMS is not configured with SLB or virtual hostname
Agent Upload is locked.
OMS Console is locked.
Active CA ID: 1
Console URL: https://ora-cloud-control.localdomain:7803/em
Upload URL: https://ora-cloud-control.localdomain:4903/empbs/upload

WLS Domain Information
Domain Name            : GCDomain
Admin Server Host      : ora-cloud-control.localdomain
Admin Server HTTPS Port: 7102
Admin Server is RUNNING

Oracle Management Server Information
Managed Server Instance Name: EMGC_OMS1
Oracle Management Server Instance Host: ora-cloud-control.localdomain
WebTier is Up
Oracle Management Server is Up
JVMD Engine is Up

BI Publisher Server Information
BI Publisher Managed Server Name: BIP
BI Publisher Server is Up

BI Publisher HTTP Managed Server Port   : 9701
BI Publisher HTTPS Managed Server Port  : 9803
BI Publisher HTTP OHS Port              : 9788
BI Publisher HTTPS OHS Port             : 9851
BI Publisher is locked.
BI Publisher Server named 'BIP' running at URL: https://ora-cloud-control.localdomain:9851/xmlpserver/servlet/home
BI Publisher Server Logs: /u01/app/oracle/gc_inst/user_projects/domains/GCDomain/servers/BIP/logs/
BI Publisher Log        : /u01/app/oracle/gc_inst/user_projects/domains/GCDomain/servers/BIP/logs/bipublisher/bipublisher.log

但是,无法通过以下方式访问管理服务器:https://ora-cloud-control.localdomain:7102/console也无法通过 WLST 访问:

wls:/offline> connect('weblogic','*******','t3s://ora-cloud-control.localdomain:7102')
Connecting to t3s://ora-cloud-control.localdomain:7102 with userid weblogic ...
<Apr 1, 2021 10:02:29 PM CEST> <Info> <Security> <BEA-090905> <Disabling the CryptoJ JCE Provider self-integrity check for better startup performance. To enable this check, specify -Dweblogic.security.allowCryptoJDefaultJCEVerification=true.> 
<Apr 1, 2021 10:02:29 PM CEST> <Info> <Security> <BEA-090906> <Changing the default Random Number Generator in RSA CryptoJ from ECDRBG128 to FIPS186PRNG. To disable this change, specify -Dweblogic.security.allowCryptoJDefaultPRNG=true.> 
<Apr 1, 2021 10:02:29 PM CEST> <Info> <Security> <BEA-090908> <Using the default WebLogic SSL Hostname Verifier implementation.> 
Traceback (innermost last):
  File "<console>", line 1, in ?
  File "<iostream>", line 19, in connect
  File "<iostream>", line 552, in raiseWLSTException
WLSTException: Error occurred while performing connect : Cannot connect via t3s or https. If using demo certs, verify that the -Dweblogic.security.TrustKeyStore=DemoTrust system property is set. : t3s://ora-cloud-control.localdomain:7102: Destination 127.0.0.1, 7102 unreachable; nested exception is: 
    javax.net.ssl.SSLHandshakeException: General SSLEngine problem; No available router to destination 
Use dumpStack() to view the full stacktrace :

dumpStack()如下:

wls:/offline> dumpStack()
This Exception occurred at Thu Apr 01 22:02:30 CEST 2021.
javax.naming.CommunicationException: t3s://ora-cloud-control.localdomain:7102: Destination 127.0.0.1, 7102 unreachable; nested exception is: 
    javax.net.ssl.SSLHandshakeException: General SSLEngine problem; No available router to destination [Root exception is java.net.ConnectException: t3s://ora-cloud-control.localdomain:7102: Destination 127.0.0.1, 7102 unreachable; nested exception is: 
    javax.net.ssl.SSLHandshakeException: General SSLEngine problem; No available router to destination]
    at weblogic.jndi.internal.ExceptionTranslator.toNamingException(ExceptionTranslator.java:40)
    at weblogic.jndi.WLInitialContextFactoryDelegate.toNamingException(WLInitialContextFactoryDelegate.java:808)
    at weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialContextFactoryDelegate.java:363)
    at weblogic.jndi.Environment.getContext(Environment.java:319)
    at weblogic.jndi.Environment.getContext(Environment.java:288)
    at weblogic.jndi.WLInitialContextFactory.getInitialContext(WLInitialContextFactory.java:117)
    at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)
    at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:307)
    at javax.naming.InitialContext.init(InitialContext.java:242)
    at javax.naming.InitialContext.<init>(InitialContext.java:216)
    at weblogic.management.scripting.WLSTHelper.populateInitialContext(WLSTHelper.java:519)
    at weblogic.management.scripting.WLSTHelper.initDeprecatedConnection(WLSTHelper.java:570)
    at weblogic.management.scripting.WLSTHelper.initConnections(WLSTHelper.java:310)
    at weblogic.management.scripting.WLSTHelper.connect(WLSTHelper.java:200)
    at weblogic.management.scripting.WLScriptContext.connect(WLScriptContext.java:67)
    at weblogic.management.scripting.utils.WLSTUtil.initializeOnlineWLST(WLSTUtil.java:188)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:606)
    at org.python.core.PyReflectedFunction.__call__(Unknown Source)
    at org.python.core.PyMethod.__call__(Unknown Source)
    at org.python.core.PyObject.__call__(Unknown Source)
    at org.python.core.PyObject.invoke(Unknown Source)
    at org.python.pycode._pyx7.connect$1(<iostream>:13)
    at org.python.pycode._pyx7.call_function(<iostream>)
    at org.python.core.PyTableCode.call(Unknown Source)
    at org.python.core.PyTableCode.call(Unknown Source)
    at org.python.core.PyTableCode.call(Unknown Source)
    at org.python.core.PyFunction.__call__(Unknown Source)
    at org.python.pycode._pyx87.f$0(<console>:1)
    at org.python.pycode._pyx87.call_function(<console>)
    at org.python.core.PyTableCode.call(Unknown Source)
    at org.python.core.PyCode.call(Unknown Source)
    at org.python.core.Py.runCode(Py.java:1226)
    at org.python.core.Py.exec(Py.java:1252)
    at org.python.util.PythonInterpreter.exec(Unknown Source)
    at org.python.util.InteractiveInterpreter.runcode(Unknown Source)
    at org.python.util.InteractiveInterpreter.runsource(Unknown Source)
    at org.python.util.InteractiveInterpreter.runsource(Unknown Source)
    at weblogic.management.scripting.utils.WLSTInterpreter.runsource(WLSTInterpreter.java:910)
    at weblogic.management.scripting.WLST.main(WLST.java:217)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:606)
    at weblogic.WLST.main(WLST.java:29)
Caused by: java.net.ConnectException: t3s://ora-cloud-control.localdomain:7102: Destination 127.0.0.1, 7102 unreachable; nested exception is: 
    javax.net.ssl.SSLHandshakeException: General SSLEngine problem; No available router to destination
    at weblogic.rjvm.RJVMFinder.findOrCreateInternal(RJVMFinder.java:241)
    at weblogic.rjvm.RJVMFinder.findOrCreate(RJVMFinder.java:169)
    at weblogic.rjvm.ServerURL.findOrCreateRJVM(ServerURL.java:177)
    at weblogic.jndi.WLInitialContextFactoryDelegate$1.run(WLInitialContextFactoryDelegate.java:342)
    at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
    at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:146)
    at weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialContextFactoryDelegate.java:337)
    ... 44 more
Caused by: java.rmi.ConnectException: Destination 127.0.0.1, 7102 unreachable; nested exception is: 
    javax.net.ssl.SSLHandshakeException: General SSLEngine problem; No available router to destination
    at weblogic.rjvm.ConnectionManager.bootstrap(ConnectionManager.java:489)
    at weblogic.rjvm.ConnectionManager.bootstrap(ConnectionManager.java:327)
    at weblogic.rjvm.RJVMManager.findOrCreateRemoteInternal(RJVMManager.java:309)
    at weblogic.rjvm.RJVMManager.findOrCreate(RJVMManager.java:213)
    at weblogic.rjvm.RJVMFinder.findOrCreateRemoteServer(RJVMFinder.java:263)
    at weblogic.rjvm.RJVMFinder.findOrCreateInternal(RJVMFinder.java:225)
    ... 50 more

javax.naming.CommunicationException: t3s://ora-cloud-control.localdomain:7102: Destination 127.0.0.1, 7102 unreachable; nested exception is: 
    javax.net.ssl.SSLHandshakeException: General SSLEngine problem; No available router to destination [Root exception is java.net.ConnectException: t3s://ora-cloud-control.localdomain:7102: Destination 127.0.0.1, 7102 unreachable; nested exception is: 
    javax.net.ssl.SSLHandshakeException: General SSLEngine problem; No available router to destination]
wls:/offline> 

根据我浏览网页时发现的情况,我尝试了三种方法来解决该问题:

  • 附加-Dweblogic.security.TrustKeyStore=DemoTrust到文件JAVA_OPTIONS中的字符串/u01/app/oracle/gc_inst/user_projects/domains/GCDomain/bin/startWebLogic.sh

  • 使用以下密钥库提取 SSL 证书https://ora-cloud-control.localdomain:7803并将其导入到以下密钥库中作为参考:

    /u01/app/oracle/middleware/oracle_common/jdk/jre/lib/security/cacerts
    /u01/app/oracle/middleware/wlserver/server/lib/cacerts
    /u01/app/oracle/agent/agent_13.3.0.0.0/oracle_common/jdk/jre/lib/security/cacerts
    
  • 将同一证书导入/u01/app/oracle/middleware/wlserver/server/lib/DemoTrust.jks trustore

我尝试在执行上述每个操作后重新启动整个 OMS 堆栈,但没有成功,仍然收到相同的错误消息。

请问有什么想法吗?

答案1

关于通过 WLST 本地连接到管理服务器:

我发现我弄错了证书,例如,在 Cloud Control 安装期间生成并用于https://ora-cloud-control.localdomain:7803/em站点和用于 Weblogic 管理服务器的证书不同。

Weblogic 默认配置了两个密钥库 - DemoIdentity.jks 和 DemoTrust.jks。有关更多信息,请参见这里

就我而言,问题是安装时附带的演示私钥太短。这导致日志中出现错误 - “收到致命警报 certificate_unknown“。我后来才注意到这一点。查看有关此主题的更多信息这里

我已经通过重新生成 DemoIdentity.jks 和 DemoTrust.jks 解决了这个问题以下步骤并添加证书生成工具- 将证书颁发机构的证书添加到 JDK cacerts 密钥库(位于/u01/应用程序/oracle/中间件/oracle_common/jdk/jre/lib/security/cacerts就我而言)。

我最终可以通过 wlst.sh 连接到管理服务器。

但是我还是无法远程连接到 weblogic。我通过 netstat 发现 weblogic 一直在监听 172.0.0.1:7102。我尝试通过 $WL_DOMAIN/config/config.xml 更改其监听地址,但没有成功。

最后我找到了文章指出:WebLogic Server 侦听与托管计算机关联的所有主机名 - 即计算机主机名和 localhost并意识到我的 /etc/hosts 遗漏了本地 IP 地址,只包含“127.0.0.1”。修复此问题并重新启动 OMS 堆栈后,管理服务器开始监听 192.168.0.50:7102,因此可以进行远程访问。

希望这对某人有帮助。问候,Michal

相关内容