Skip to main content

This post is from the XebiaLabs blog and has not been updated since the original publish date.

Last Updated Jun 28, 2015 — DevOps Expert

Extending WLS Plugin to Support t3s Connections to Admin Server

DevOps

Recently, I had the opportunity to visit a client with a significant WebLogic installation.  This customer has specific security interests.  Part of their interest in security requires that all connections to the WebLogic server (including wlst command line tools) should use SSL.  By default WebLogic wlst does not use SSL.  In order to get wlst to work cleanly via T3S needs to have a keystore that trusts the certificate from the server.  Furthermore, the client did not want to modify anything in the WebLogic install.  WebLogic does provide for some customizations in wlst at start up by defining templates.  We need to make sure there is a keystore so that wlst can find the server certificate and to know if hostname verification should be used.  I have created a little customization that you can use to easily enable T3S communication in wlst to talk to your WebLogic servers.   We can override the default behavior of the WebLogic plugin for the wls.Domain CI by changing the hidden property for the customWlstTemplatePath.   This will create a custom wlst template where we can set some custom properties.  To set this up we first need to modify the synthetic.xml file in the ext directory by adding the following:

<type-modification type="wls.Domain">
	<property name="customWlstTemplatePath" required="false" hidden="true"
                  default="wlst/templates"/>
	<property name="libraryScripts" kind="list_of_string" required="false"
                  hidden="true"
                  default="wlst/runtime/connect.py"/>
        <property name="wlstProperties" kind="list_of_string" inspectionProperty="true"
                  default="weblogic.security.TrustKeyStore=CustomTrust,
                           weblogic.security.CustomTrustKeyStoreFileName=truststore,
                           weblogic.security.SSL.enableJSSE=true,
                           weblogic.security.SSL.ignoreHostnameVerification=true,
                           weblogic.security.SSL.enforceConstraints=off" />
</type-modification>
When we do discovery on a WebLogic domain, we will be offered a default list of properties that will help make the T3S connection.

Screen Shot 2015-06-01 at 4.32.09 PM

Notice at the bottom of the properties page we now have a list of wlst Properties.  These Java system properties will be loaded into wlst before it connects to the WebLogic server.  These properties are set in the synthetic.xml file and will be saved in the wls.Domain after the discovery. We can create a template script for wlst in the ext directory wlst/templates/wlst.sh.ftl.  We have one freemarker script added here.  We can define a Unix shell script and an Windows batch script here.  In our example, we will add a Unix shell script wlst/templates/wlst.sh.ftl.
<#assign hostForUrl=container.host.address?string>
<#if container.hostname?has_content>
	<#assign hostForUrl=container.hostname>
</#if>
<#assign adminUrl = container.protocol + "://" + hostForUrl + ":" + container.port>
<#list container.wlstProperties as prop>
    key=$(echo ${prop} | cut -f1 -d=)
    val=$(echo ${prop} | cut -f2 -d=)
    echo "${r"${key}"} = ${r"${val}"}"
    echo "${r"${key}"}=${r"${val}"}" >> /tmp/wlst.properties
</#list>
echo "======================================="
export DEPLOYIT_WLST_PASSWORD=${container.password}
${container.getWlstPath()} -i ${script} ${container.username} ${adminUrl}
res=$?
if [ $res != 0 ] ; then
	exit $res
fi
rm /tmp/wlst.properties
This little template script will create an property file from the properties that were set in the previous screen.  That property file can then be loaded up by one of the library scripts (i.e. wlst/runtime/connect.py).  The connect.py script is as follows:
import os
import java.lang.System as System
import java.io.FileInputStream as FileInputStream
import java.util.Properties as Properties
propFile="/tmp/wlst.properties"
if( os.path.isfile( propFile ) ):
   propFile = FileInputStream("/tmp/wlst.properties")
   prop = System.getProperties()
   prop.load( propFile )
   System.setProperties( prop )
   System.getProperties().list(System.out)
#End if
def connectToAdminServer():
    script = sys.argv.pop(0)
    user = sys.argv.pop(0)
    url = sys.argv.pop(0)
    password = os.getenv('DEPLOYIT_WLST_PASSWORD')
    print "Connecting to WebLogic %s as user %s" %(url, user)
    connect(user, password, url)
This library script will get loaded every time we start wlst from XL Deploy.  This library script picks up the properties that enable the SSL connection. In addition to showing you how you can configure wlst to be able to connect using t3s, you could also use this blog as an example of how you can configure XL Deploy, to use meaningful default values when you are configuring new WebLogic containers.

More from the Blog

View more
Feb 22, 2021

Reckoning DevOps’ role in the enterprise value stream

DevOps
If you’re a software or digital solutions company, you may use DevOps ...
Read More
Feb 10, 2021

Customer spotlight: Schneider avoiding bumps in the road with DevOps adoption

DevOps
Everyone wants to deliver software faster and more reliably. Companies ...
Read More
Jan 06, 2021

How testing automation can build a culture of QA while accelerating continuous delivery

DevOps
An organization’s level of automated test coverage is quickly emerging ...
Read More
Jul 30, 2020

Part 2: Is Technology Slowing Down Your Digital Transformation?

DevOps
In part one of this post, we shared insights from Andreas Prins’ webin ...
Read More
Contact Us