Wednesday, December 13, 2006

Reset OC4J Admin Password

Seems like a rash of questions recently about how to reset Oracle Application Server/OC4J's administrator password and for whatever reason Google doesn't index our doc (as per the feedback below, due to our robot.txt disallowing this - I don't know why this is the policy) and as a result isn't finding the entry in our doc on how to do this here:

http://download-west.oracle.com/docs/cd/B31017_01/core.1013/b28940/trouble_asc.htm#BCEDHFEI

Reproduced in its entirety below [1] and hopefully this will help Google point people to the right information.

One of the "tricks" you have to be aware of when doing this is that if you are using Application Server Control to manage a cluster of OC4J's, there is a default assumption that all the OC4J's use the same administrator password (you can override) - if you are doing this, step 5 of the instructions, which talks about removing the ASControl cached security file (passwords encrypted!) to re-enable cluster management, is important to heed when you do this.

[1]

Reset the oc4jadmin password using the following procedure while you are logged in as the user who installed the Oracle Application Server instance:

  1. Stop OC4J and the Application Server Control.

    Enter the following command in the Oracle home of the application server instance:

    (UNIX) ORACLE_HOME/opmn/bin/opmnctl stopproc ias-component=OC4J
    (Windows) ORACLE_HOME\opmn\bin\opmnctl stopproc ias-component=OC4J

  2. Locate and open the following file in a text editor:

    (UNIX)ORACLE_HOME/j2ee/home/config/system-jazn-data.xml
    (Windows)ORACLE_HOME\j2ee\home\config\system-jazn-data.xml

  3. Locate the line that defines the credentials property for the oc4jadmin user.

    The following example shows the section of system-jazn-data.xml with the encrypted credentials entry in boldface type:


     
        jazn.com
        
         .
         .
         .
           
              oc4jadmin
              OC4J Administrator
              OC4J Administrator
                {903}4L50lHJWIFGwLgHXTub7eYK9e0AnWLUH

  4. Replace the existing encrypted password with the new password.

    Be sure to prefix the password with an exclamation point (!). For example:

    !mynewpassword123

    The password for the oc4jadmin user should conform to following guidelines:

    • Must contain at least five characters, but not more than 30 characters.

    • Must begin with an alphabetic character. It cannot begin with a number, the underscore (_), the dollar sign ($), or the number sign (#).

    • At least one of the characters must be a number.

    • Can contain only the following characters; numbers, letters, and the following special characters: US dollar sign ($), number sign (#), or underscore (_).

    • Cannot contain any Oracle reserved words, such as VARCHAR.

    See Also:

    "The oc4jadmin User and Restrictions on its Password" in the Oracle Application Server Installation Guide

  5. Delete cached password data by deleting the contents of the following directory:

    (UNIX)
    ORACLE_HOME/j2ee/oc4jinstance /persistence/ascontrol/ascontrol/securestore/
    (Windows)
    ORACLE_HOME\j2ee\oc4jinstance\persistence\ascontrol\ascontrol\securestore/

  6. Start OC4J and the Application Server Control.

    After the restart, the Application Server Control will use your new Administrator (oc4jadmin) password, which will be stored in encrypted format within the system-jazn-data.xml file.

Posted by Mike Lehmann at 6:25 PM

Sunday, December 03, 2006

OracleAS JVM Analysis in Application Server Control

Sometimes you are pleasantly surprised by some of the technologies your colleagues put out. I was in a meeting with the Application Server Control folks last week and was reminded that a fair bit of work was done around JVM analysis in OracleAS 10.1.3 Application Server Control.

Check these screen shots below out:

1. Starting with a quick look at how your heap is doing on your OracleAS instance (remember if you browse my blog, I am running a 6 instance OC4J OracleAS cluster on my laptop). On this one I have two JVMs running this OC4J:


2. At the bottom of this page, there is a more detailed link to look at the 2 JVM's that that summarized heap usage represents taking me down to statistics summarizing each JVM:


3. Then I can click on that JVM and see more breakdowns on CPI, active threads, response and load. At the bottom of this page there is one more button which asks me whether I am using Java SE 5.0 which in turns I can turn on specific MBeans to monitor it. Before clicking that I have to configure OracleAS to monitor those Mbeans as an optional performance monitoring option.


4. In the server properties, it is a one click option to start up monitoring of the Java SE 5.0 Mbeans:


5. And when I return to the last page I couldn't show before I see more detailed analysis of the threads, memory pools, resource usage, number of classes loaded amongst others:



Would be very interested in other metrics and performance issues you would like to see - my personal area of interest that I see customers facing is capturing this kind of information sensibly for analysis in a cluster versus on a per JVM basis ... which one of my JVMs is misbehaving and how can I now get a sensible thread dump to do the analysis.

Your views on the utility of this in your management console and what you really need versus surfacing well known metrics would be great. Thanks!

Posted by Mike Lehmann at 6:22 PM

Saturday, December 02, 2006

OC4J HTTP Server on OracleAS 10.1.3.1

Here's a deep in the muck kind of post for those who want to know the gory internals of Oracle Application Server and two ways of having an HTTP server set up on it.

Oracle provides an HTTP server out of the box if you download OC4J stand-alone - the 80M download here - http://www.oracle.com/technology/software/products/ias/index.html. If you choose the second download (470M) along with what we call the SOA Suite (BPEL PM, Web Services Manager, Oracle Rules and our new ESB), you will get the managed environment owned by Oracle Process Manager and Notification Service (OPMN) and Oracle HTTP Server - a slight derivate of Apache HTTP Server packaged with Oracle DB RSFs amongst other things.

Sometimes people like to use the OC4J HTTP server which is extremely lightweight, written in Java and does great for high performance smaller environments or even popular in larger environments if you throw a hardware load balancer in front of several OC4J containers - emulating what OHS does out of the box. We have an install option for this lighter weight approach, shown here, where you get our J2EE server with the OC4J HTTP server rather than OHS (the OHS one been the first and second choices, OC4J HTTP being the highlighted choice):


But of course what almost invariably happens is that you choose the first and second choice and then realize you don't want the OHS listener - maybe too much to manage or in production you expect to use generic Apache, SunOne or IIS ... whatever it is - and decide to revert back to the OC4J HTTP server. While it isn't exactly hard, it isn't exactly perfectly intuitive either. So here's how to do it:

1. Shut down your application server:

$ORACLE_HOME\opmn\bin\opmnctl stopall

2. Go to your $ORACLE_HOME\opmn\conf\opmn.xml and find the line:

<ias-component id="HTTP_Server">

and replace it with:

<ias-component id="HTTP_Server" status="disabled" >

What you have done here is turned off the Oracle HTTP Server


3. Now lets turn on the OC4J HTTP Listener. Go to $ORACLE_HOME\opmn\conf\opmn.xml and find the line:

<port id="default-web-site" range="12501-12600" protocol="ajp"/>

and change it to

<port id="default-web-site" range="80" protocol="http"/>

I am assuming you want it on port 80 here; choose the appropriate HTTP port for your machine. You can also do this in Application Server Control screen shown below but you have to make sure OracleAS is running and then after making the change, bounce the OC4J instance you are doing this on. Frankly speaking, it is probably easier just to edit the file when the server is stopped for this kind of surgery.



4. Lastly, edit the file $ORACLE_HOME/j2ee/config/default-web-site.xml and you will see a line like this:

<web-site xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="http://xmlns.oracle.com/oracleas/schema/web-site-10_0.xsd" protocol="ajp13" port="0" display-name="OC4J 10g (10.1.3) Default Web Site" schema-major-version="10" schema-minor-version="0" >

Noted the bolded lines here - we need to make the default web site wire up to the ports and protocol in opmn.xml as follows:


<web-site xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="http://xmlns.oracle.com/oracleas/schema/web-site-10_0.xsd" protocol="http" port="80" display-name="OC4J 10g (10.1.3) Default Web Site" schema-major-version="10" schema-minor-version="0" >

5. Re-start the server:

$ORACLE_HOME/opmn/bin/opmnctl startall

Now your server should be happily using the Java based OC4J HTTP listener and not using the Apache based Oracle HTTP Server.


Posted by Mike Lehmann at 10:04 PM

Labels: ,

Subscribe to: Posts (Atom)