最近我全新安装了 Oracle Cloud Control 13.3。我注意到的第一件事是,根据 Cloud Control 的说法,Weblogic 管理服务器似乎已关闭。
当通过查询时emctl status oms -details
一切似乎正常:
[oracle@ora-cloud-control nodemanager]$ emctl status oms -details
Oracle Enterprise Manager Cloud Control 13c Release 3
Copyright (c) 1996, 2018 Oracle Corporation. All rights reserved.
Enter Enterprise Manager Root (SYSMAN) Password :
Console Server Host : ora-cloud-control.localdomain
HTTP Console Port : 7788
HTTPS Console Port : 7803
HTTP Upload Port : 4889
HTTPS Upload Port : 4903
EM Instance Home : /u01/app/oracle/gc_inst/em/EMGC_OMS1
OMS Log Directory Location : /u01/app/oracle/gc_inst/em/EMGC_OMS1/sysman/log
OMS is not configured with SLB or virtual hostname
Agent Upload is locked.
OMS Console is locked.
Active CA ID: 1
Console URL: https://ora-cloud-control.localdomain:7803/em
Upload URL: https://ora-cloud-control.localdomain:4903/empbs/upload
WLS Domain Information
Domain Name : GCDomain
Admin Server Host : ora-cloud-control.localdomain
Admin Server HTTPS Port: 7102
Admin Server is RUNNING
Oracle Management Server Information
Managed Server Instance Name: EMGC_OMS1
Oracle Management Server Instance Host: ora-cloud-control.localdomain
WebTier is Up
Oracle Management Server is Up
JVMD Engine is Up
BI Publisher Server Information
BI Publisher Managed Server Name: BIP
BI Publisher Server is Up
BI Publisher HTTP Managed Server Port : 9701
BI Publisher HTTPS Managed Server Port : 9803
BI Publisher HTTP OHS Port : 9788
BI Publisher HTTPS OHS Port : 9851
BI Publisher is locked.
BI Publisher Server named 'BIP' running at URL: https://ora-cloud-control.localdomain:9851/xmlpserver/servlet/home
BI Publisher Server Logs: /u01/app/oracle/gc_inst/user_projects/domains/GCDomain/servers/BIP/logs/
BI Publisher Log : /u01/app/oracle/gc_inst/user_projects/domains/GCDomain/servers/BIP/logs/bipublisher/bipublisher.log
但是,无法通过以下方式访问管理服务器:https://ora-cloud-control.localdomain:7102/console
也无法通过 WLST 访问:
wls:/offline> connect('weblogic','*******','t3s://ora-cloud-control.localdomain:7102')
Connecting to t3s://ora-cloud-control.localdomain:7102 with userid weblogic ...
<Apr 1, 2021 10:02:29 PM CEST> <Info> <Security> <BEA-090905> <Disabling the CryptoJ JCE Provider self-integrity check for better startup performance. To enable this check, specify -Dweblogic.security.allowCryptoJDefaultJCEVerification=true.>
<Apr 1, 2021 10:02:29 PM CEST> <Info> <Security> <BEA-090906> <Changing the default Random Number Generator in RSA CryptoJ from ECDRBG128 to FIPS186PRNG. To disable this change, specify -Dweblogic.security.allowCryptoJDefaultPRNG=true.>
<Apr 1, 2021 10:02:29 PM CEST> <Info> <Security> <BEA-090908> <Using the default WebLogic SSL Hostname Verifier implementation.>
Traceback (innermost last):
File "<console>", line 1, in ?
File "<iostream>", line 19, in connect
File "<iostream>", line 552, in raiseWLSTException
WLSTException: Error occurred while performing connect : Cannot connect via t3s or https. If using demo certs, verify that the -Dweblogic.security.TrustKeyStore=DemoTrust system property is set. : t3s://ora-cloud-control.localdomain:7102: Destination 127.0.0.1, 7102 unreachable; nested exception is:
javax.net.ssl.SSLHandshakeException: General SSLEngine problem; No available router to destination
Use dumpStack() to view the full stacktrace :
dumpStack()
如下:
wls:/offline> dumpStack()
This Exception occurred at Thu Apr 01 22:02:30 CEST 2021.
javax.naming.CommunicationException: t3s://ora-cloud-control.localdomain:7102: Destination 127.0.0.1, 7102 unreachable; nested exception is:
javax.net.ssl.SSLHandshakeException: General SSLEngine problem; No available router to destination [Root exception is java.net.ConnectException: t3s://ora-cloud-control.localdomain:7102: Destination 127.0.0.1, 7102 unreachable; nested exception is:
javax.net.ssl.SSLHandshakeException: General SSLEngine problem; No available router to destination]
at weblogic.jndi.internal.ExceptionTranslator.toNamingException(ExceptionTranslator.java:40)
at weblogic.jndi.WLInitialContextFactoryDelegate.toNamingException(WLInitialContextFactoryDelegate.java:808)
at weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialContextFactoryDelegate.java:363)
at weblogic.jndi.Environment.getContext(Environment.java:319)
at weblogic.jndi.Environment.getContext(Environment.java:288)
at weblogic.jndi.WLInitialContextFactory.getInitialContext(WLInitialContextFactory.java:117)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:307)
at javax.naming.InitialContext.init(InitialContext.java:242)
at javax.naming.InitialContext.<init>(InitialContext.java:216)
at weblogic.management.scripting.WLSTHelper.populateInitialContext(WLSTHelper.java:519)
at weblogic.management.scripting.WLSTHelper.initDeprecatedConnection(WLSTHelper.java:570)
at weblogic.management.scripting.WLSTHelper.initConnections(WLSTHelper.java:310)
at weblogic.management.scripting.WLSTHelper.connect(WLSTHelper.java:200)
at weblogic.management.scripting.WLScriptContext.connect(WLScriptContext.java:67)
at weblogic.management.scripting.utils.WLSTUtil.initializeOnlineWLST(WLSTUtil.java:188)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at org.python.core.PyReflectedFunction.__call__(Unknown Source)
at org.python.core.PyMethod.__call__(Unknown Source)
at org.python.core.PyObject.__call__(Unknown Source)
at org.python.core.PyObject.invoke(Unknown Source)
at org.python.pycode._pyx7.connect$1(<iostream>:13)
at org.python.pycode._pyx7.call_function(<iostream>)
at org.python.core.PyTableCode.call(Unknown Source)
at org.python.core.PyTableCode.call(Unknown Source)
at org.python.core.PyTableCode.call(Unknown Source)
at org.python.core.PyFunction.__call__(Unknown Source)
at org.python.pycode._pyx87.f$0(<console>:1)
at org.python.pycode._pyx87.call_function(<console>)
at org.python.core.PyTableCode.call(Unknown Source)
at org.python.core.PyCode.call(Unknown Source)
at org.python.core.Py.runCode(Py.java:1226)
at org.python.core.Py.exec(Py.java:1252)
at org.python.util.PythonInterpreter.exec(Unknown Source)
at org.python.util.InteractiveInterpreter.runcode(Unknown Source)
at org.python.util.InteractiveInterpreter.runsource(Unknown Source)
at org.python.util.InteractiveInterpreter.runsource(Unknown Source)
at weblogic.management.scripting.utils.WLSTInterpreter.runsource(WLSTInterpreter.java:910)
at weblogic.management.scripting.WLST.main(WLST.java:217)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at weblogic.WLST.main(WLST.java:29)
Caused by: java.net.ConnectException: t3s://ora-cloud-control.localdomain:7102: Destination 127.0.0.1, 7102 unreachable; nested exception is:
javax.net.ssl.SSLHandshakeException: General SSLEngine problem; No available router to destination
at weblogic.rjvm.RJVMFinder.findOrCreateInternal(RJVMFinder.java:241)
at weblogic.rjvm.RJVMFinder.findOrCreate(RJVMFinder.java:169)
at weblogic.rjvm.ServerURL.findOrCreateRJVM(ServerURL.java:177)
at weblogic.jndi.WLInitialContextFactoryDelegate$1.run(WLInitialContextFactoryDelegate.java:342)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:146)
at weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialContextFactoryDelegate.java:337)
... 44 more
Caused by: java.rmi.ConnectException: Destination 127.0.0.1, 7102 unreachable; nested exception is:
javax.net.ssl.SSLHandshakeException: General SSLEngine problem; No available router to destination
at weblogic.rjvm.ConnectionManager.bootstrap(ConnectionManager.java:489)
at weblogic.rjvm.ConnectionManager.bootstrap(ConnectionManager.java:327)
at weblogic.rjvm.RJVMManager.findOrCreateRemoteInternal(RJVMManager.java:309)
at weblogic.rjvm.RJVMManager.findOrCreate(RJVMManager.java:213)
at weblogic.rjvm.RJVMFinder.findOrCreateRemoteServer(RJVMFinder.java:263)
at weblogic.rjvm.RJVMFinder.findOrCreateInternal(RJVMFinder.java:225)
... 50 more
javax.naming.CommunicationException: t3s://ora-cloud-control.localdomain:7102: Destination 127.0.0.1, 7102 unreachable; nested exception is:
javax.net.ssl.SSLHandshakeException: General SSLEngine problem; No available router to destination [Root exception is java.net.ConnectException: t3s://ora-cloud-control.localdomain:7102: Destination 127.0.0.1, 7102 unreachable; nested exception is:
javax.net.ssl.SSLHandshakeException: General SSLEngine problem; No available router to destination]
wls:/offline>
根据我浏览网页时发现的情况,我尝试了三种方法来解决该问题:
附加
-Dweblogic.security.TrustKeyStore=DemoTrust
到文件JAVA_OPTIONS
中的字符串/u01/app/oracle/gc_inst/user_projects/domains/GCDomain/bin/startWebLogic.sh
使用以下密钥库提取 SSL 证书
https://ora-cloud-control.localdomain:7803
并将其导入到以下密钥库中这作为参考:/u01/app/oracle/middleware/oracle_common/jdk/jre/lib/security/cacerts /u01/app/oracle/middleware/wlserver/server/lib/cacerts /u01/app/oracle/agent/agent_13.3.0.0.0/oracle_common/jdk/jre/lib/security/cacerts
将同一证书导入
/u01/app/oracle/middleware/wlserver/server/lib/DemoTrust.jks trustore
我尝试在执行上述每个操作后重新启动整个 OMS 堆栈,但没有成功,仍然收到相同的错误消息。
请问有什么想法吗?
答案1
关于通过 WLST 本地连接到管理服务器:
我发现我弄错了证书,例如,在 Cloud Control 安装期间生成并用于https://ora-cloud-control.localdomain:7803/em站点和用于 Weblogic 管理服务器的证书不同。
Weblogic 默认配置了两个密钥库 - DemoIdentity.jks 和 DemoTrust.jks。有关更多信息,请参见这里。
就我而言,问题是安装时附带的演示私钥太短。这导致日志中出现错误 - “收到致命警报 certificate_unknown“。我后来才注意到这一点。查看有关此主题的更多信息这里。
我已经通过重新生成 DemoIdentity.jks 和 DemoTrust.jks 解决了这个问题以下步骤并添加证书生成工具- 将证书颁发机构的证书添加到 JDK cacerts 密钥库(位于/u01/应用程序/oracle/中间件/oracle_common/jdk/jre/lib/security/cacerts就我而言)。
我最终可以通过 wlst.sh 连接到管理服务器。
但是我还是无法远程连接到 weblogic。我通过 netstat 发现 weblogic 一直在监听 172.0.0.1:7102。我尝试通过 $WL_DOMAIN/config/config.xml 更改其监听地址,但没有成功。
最后我找到了这文章指出:WebLogic Server 侦听与托管计算机关联的所有主机名 - 即计算机主机名和 localhost并意识到我的 /etc/hosts 遗漏了本地 IP 地址,只包含“127.0.0.1”。修复此问题并重新启动 OMS 堆栈后,管理服务器开始监听 192.168.0.50:7102,因此可以进行远程访问。
希望这对某人有帮助。问候,Michal