Simon Vans-Colina's Blog

Simon Vans-Colina's Homepage
Simon Vans-Colina is an independent WebLogic consultant who specializes in intergrating Weblogic into enterprise build processes using Ant, Jython, WLST, ksh, and anything else that gets the job done.

How to rename a WebLogic 8.1.x Domain using Jython (WLST)

#! /bin/false

# This script must be run with the command: java weblogic.WLST RenameDomain.py
# from the source domain directory.
#
# Author: Simon Vans-Colina
# Client: XXXXXXXXXXXXXXX
# Date: 10 July 2006
# Purpose: This script runs in the domain home of a weblogic domain that needs to be
# standardized. It takes the essential config from the domain and builds a new domain
# according to an agreed standard. This new domain is put in the standard location,
# will have standard start and stop scripts etc.

try:
  import weblogic
except:
  print "Weblogic.jar needs to be on your CLASSPATH. Exiting"
  raise SystemExit(1)

import javax.xml
import java.io.FileInputStream as fis
import java.io.FileOutputStream as fos

try:
  import org.apache.tools.ant as ant
except:
  print "Ant.jar needs to be on your classpath"
  raise SystemExit(1)

try:
  import os
  import shutil
except:
  print "Python shutils could not be found, are you running java weblogic.WLST to execute this script?"
  raise SystemExit(1)

import java.io.BufferedReader as BR
import java.lang.System.in  as Sin
import java.io.InputStreamReader as isr
import java.lang.System.out.print as jprint

import weblogic.security

es=weblogic.security.internal.SerializedSystemIni.getEncryptionService(".")
ces=weblogic.security.internal.encryption.ClearOrEncryptedService(es)

#Standards are defined here

class ConfigStore:
  def __init__(self, fileLocation):
    factory=javax.xml.parsers.DocumentBuilderFactory.newInstance()
    builder=factory.newDocumentBuilder()
    input=fis(fileLocation)
    self.document=builder.parse(input)
    self.DOM=self.document.getDocumentElement()
  def write(self, newFileLocation):
    xmlFrom=javax.xml.transform.dom.DOMSource(self.document)
    xmlTo=javax.xml.transform.stream.StreamResult(fos(newFileLocation))
    Transformer=javax.xml.transform.TransformerFactory.newInstance().newTransformer()
    Transformer.transform(xmlFrom, xmlTo)


def ask(Question, default=None):
  jprint(Question)
  if default:
    jprint("[%s]" % default)
  return BR(isr(Sin)).readLine() or default

def changeAttributes(node, oldvalue, newvalue):
  if node.getAttributes():
    for i in range(node.getAttributes().getLength()):
      attr=node.getAttributes().item(i)
      if attr.getValue()==oldvalue:
        attr.setValue(newvalue)

def nodeWalk(node, oldvalue, newvalue):
  for n in range(node.getChildNodes().getLength()):
    cn=node.getChildNodes().item(n)
    nodeWalk(cn, oldvalue, newvalue)
  changeAttributes(node, oldvalue, newvalue)



configxml=ConfigStore("./config.xml")

numServers=configxml.DOM.getElementsByTagName("Server").getLength()
domainName=configxml.DOM.getAttribute("Name")

print "The domain found: %s has %s servers." % (domainName, numServers)

## Rename the Domain.
oldName=configxml.DOM.getAttribute("Name")
newName=ask("What do you want to rename this domain to? ", "Domain")
nodeWalk(configxml.DOM, oldName, newName)

## Rename the servers if required.
for i in range(configxml.DOM.getElementsByTagName("Server").getLength()):
  serverNode=configxml.DOM.getElementsByTagName("Server").item(i)
  oldName=serverNode.getAttribute("Name")
  newName= ask("What do you want to rename the %s server to? " % oldName, oldName)
  nodeWalk(configxml.DOM, oldName, newName)

## Decrypt the JDBC passwords
for j in range(configxml.DOM.getElementsByTagName("JDBCConnectionPool").getLength()):
  poolNode=configxml.DOM.getElementsByTagName("JDBCConnectionPool").item(j)
  poolNode.setAttribute("Password",  ces.decrypt(poolNode.getAttribute("PasswordEncrypted")) )
  poolNode.removeAttribute("PasswordEncrypted")


## Decrypt the EmbeddedLDAP
for j in range(configxml.DOM.getElementsByTagName("EmbeddedLDAP").getLength()):
  poolNode=configxml.DOM.getElementsByTagName("EmbeddedLDAP").item(j)
  poolNode.setAttribute("Credential",  ces.decrypt(poolNode.getAttribute("CredentialEncrypted")) )
  poolNode.removeAttribute("CredentialEncrypted")


## Decrypt the Security Configuration
for j in range(configxml.DOM.getElementsByTagName("SecurityConfiguration").getLength()):
  poolNode=configxml.DOM.getElementsByTagName("SecurityConfiguration").item(j)
  poolNode.setAttribute("Credential",  ces.decrypt(poolNode.getAttribute("CredentialEncrypted")) )
  poolNode.removeAttribute("CredentialEncrypted")

## Decrypt the ServerStart
for j in range(configxml.DOM.getElementsByTagName("ServerStart").getLength()):
  poolNode=configxml.DOM.getElementsByTagName("ServerStart").item(j)
  poolNode.setAttribute("Password",  ces.decrypt(poolNode.getAttribute("PasswordEncrypted")) )
  poolNode.removeAttribute("PasswordEncrypted")



## Finally write out the config.xml
configxml.write(ask("What do you want to call the new config.xml? ", "new-config.xml"))

Competitive Intelligence Gathering with Google.

If you're in Sales and Marketing, or a Security Auditor, or even just job hunting here is a simple technique for finding out what a particular organization is running.

Go to google and search for this exact phrase (include the quotes.)

"at com.companyOfYourChoice."

for example if you were interested in BT, you'd search for:

"at com.bt."

This should return for you few pages full of Java stack traces. From this its usually pretty easy to work out what companies, and even what projects are using which technologies.

Scarily, you'll probably also find code snippets, encrypted passwords, misconfigured configuration files and other gems that really shouldn't be out-there.

This technique is called "Googledorking" and can also be used for finding WebLogic consoles which have been left exposed to the internet:
http://www.google.com/search?q=%22Administration+Console...

So there's a couple more things to worry about ok.

The Bibles. (or what should i read next?)

I've been asking around the office for a list of "the classics" of computer science. Here's what ive got so far, has anyone got any other suggestions for my list? Things i should take off, things i should add?

The Bibles:

Structure and Interpretation of Computer Programs by Abelson and Sussman

Operating System Concepts by Silberschatz and Galvin

Operating Systems. Design and Implementation by Andrew Tanenbaum

Compilers: Principles, Techniques, and Tools "The Dragon Book" by Aho and Ullman

Applied Cryptography, 2nd Edition by Bruce Schneier. Bible of cryptography.

Design Patterns by the Gang o' Four

Art of Computer Programming by Donald Knuth

Internetworking with TCP/IP Vol 1, 2, 3 aka the TCP bible.

The C Programming Language. Kernighan and Ritchie

Paradigms of AI Programming by Norvig

Honorable Mentions

Thinking in Java by Bruce Eckel.

[UPDATE]
Theres quite a long discussion of this list over at Reddit, with lots more comments.

I'm famous in China.

Not really. I just noticed dev2dev have translated some of my blog articles into Chinese.

I got quite a kick out of that, thanks dev2dev. I even had one of my chineese speaking collegues translate it back to me.

Link

In praise of: JRuby 1.0

I write this post with a slightly guilty conscience, I feel like an adulterer finally introducing his new mistress to the world.

My old flame, Jython, still has magic in her, but I've been a seduced by Suns new bottle blond bombshell JRuby.

JRuby 1.0 is slick. You can do all the code borrowing magic from Jython, but the language is being actively developed and supported by Sun.

JRuby 1.0 is 100%* complete Ruby compatible, which means you can now build Ruby-On-Rails apps, and deploy them to WebLogic. Thoughtworks already have a production ready application built this way, and I expect to see lots more following soon.
*100% good enough :-)

The Java Class integration is solid, if a little quirky. Remember the Python philosophy: "There's Only One Way To Do It And It's Obvious" doesn't apply to Ruby, who's moral ancestor is Perl. ("Executable Line Noise")

The trick to accessing WebLogic classes is to reference them like this:

C=Java::weblogic.management.ClassName.function for functions.
D=Java::weblogic.management.ClassName::CONSTANT for constants.
E=Java::weblogic.management.ClassName.new to instantiate

Another gotcha is recasting Ruby types to Java types, but JRuby has a very nice way to do this ( even nicer than Jythons). To convert a Ruby Array to a Java int[] you say:

palette=[red, green, blue].to_java :int

So if you've been looking for the Next Big Thing in Java i highly recommend checking out JRuby 1.0

Stealing passwords from core dumps. Not Weblogic.

So what? you ask.

Some security policies demand that no Unix or Middleware admins are able to recover the production JDBC passwords. It's up to the Application server to protect this password.

With this in mind i set about trying to recover the JDBC passwords from the three commercial application servers we use here.

This wasn't the most scientific of tests, and i only tested the versions of the products i happened to have installed on my laptop. But here's what i did:

Firstly i created new default installs of the three products. The Weblogic version i used was 9.2.

Then i created a single JDBC pool with the password "3r3hp5nurJ".

Next I shut down and restarted all three products.

Now the way to force a core dump on Unix is "kill -11 ". You need to make sure you've set the "maximum core file size" to be big enough. Use "ulimit -c unlimited".

Now do a "strings core | grep 3r3hp5nurJ" on each of the core files and see if the JDBC password shows up.

Where the other two products keep the JDBC password in cleartext in memory, WebLogic must do somthing clever, perhaps storing each byte in a seperate place.

It's little things like this that make WebLogic the best enterprise application server in my opinion. Details that are too small or obscure to be called features, and probably don't matter to anyone but me.

Jython 2.2 Beta is out!

If you haven't heard of it before: Jython is an implementation of the Python programming language that runs on the Java JVM.

http://sourceforge.net/mailarchive/message.php?msg_id=38176533

Thanks to Charles "JRuby" Nutter for the heads up:

http://headius.blogspot.com/2007/02/jython-22-beta-1-released.html

Jython development has been mature and useful for a while now, but its nice to see some of the newer features in python coming down.

How to stop worrying and love the Excel

How to stop worrying and love excel.

Like most "techies" i hate excel. Its a spreadsheet for crying out loud, its not a database. Its not meant to be used for forms. Its not meant to be used for network diagrams. And its certainly not meant to be used for storing the configuration information of the 280 weblogic domains i need to get built by Christmas.

So my challenge this week is to find a way to build all these domains, quickly and without introducing errors. To make matters slightly more complicated, I've had 6 months to do this, but the model of what a domain should look like kept changing. To make matters even more complicated the spreadsheet changes all the time (its up to version 10 right now.)

So a couple of possibilities came to mind. I could just get The Grads to do it. While this may seem attractive at first, and an effective use of my time, i don't want them to quit. And the thought of them mindlessly copy-pasting several thousand bits of configuration from a spreadsheet makes me want to quit.

What i need is some way of quickly checking that the information in our CVS repository is still correct. There's no point doing all this work this week, only to have to redo it when Version 11 drops next week.

So, as usual WLST/Jython saves the day. Firstly i modify our build.xml to include a new task, called Validate. This gets kicked off after the domains properties have been loaded from the properties files. It knows that certain properties correspond to certain fields in the spreadsheet.

But how do i read the spreadsheet? My first thought was to copy-paste the spreadsheet into a text file, or save it as a CSV file, but then I'd need a way of keeping the text file in sync with the Spreadsheet. A quick search of the Apache site lead me to the Jakarta POI project. One of the API's provided there is a pure java library for what they term the Horrible Spread Sheet Format (or HSSF). Jython being Java it only took me a few hours of playing around before i was able to read in a spreadsheet and pull out arbitrary cells.

Here's the Jython code to read in a spreadsheet.

Once you have the value from the Spreadsheet, its a simple matter of comparing the value with the value from the ant Project object.

So now when you do a build, you get a nice warning if any of the properties in the configuration files don't match whats in the spreadsheet. And all you need to do is copy-paste the value from the warning message into the configuration file for the domain you're building.

And that's something Grads can do.

Free simple Java introspection with Glassbox.

One of the trends i love in this industry is the steady commoditization of concepts and tools. A few years ago Java introspection tools were some kind of voodoo magic, difficult to install, difficult to understand. Then came a bunch of mostly good commercial tools that made introspection enterprise worthy.

If you've never used one of these tools you don't know what your missing.

There's nothing like being able to point at a particular problem and say with absolute confidence that the reason the application isn't working is stored procedure "X" or servlet "Y".
These products are great, but they're usually very proprietary. One i know only works with Internet Explorer, and another requires a license for the "viewer application".

For a developer introspection can help you concentrate on the parts of you application that are under performing. They can give you accurate statistics about how long servlets take to run, and how much of that is down to the database, and how much is down to the CPU.

You can use the same introspection tools in production too, but you need to be careful of a couple of things: Firstly there is a small but significant overhead due to the monitoring and statistics collection.
Its claimed by just about all the vendors I've dealt with that this too low to worry about, and ill accept that argument in principal.
Secondly, the way these tools generally work is by hooking into the classloader and replacing bits of your Java that are maybe not as well tested as you'd hope.
Ive never been able to prove it but i believe one introspection tool i used was causing occasional signal 11 errors in Java 1.4.2_02 (as in a complete core dump)

The other thing is that while your developers may understand what the tool is trying to tell you, there is no guarantee that the application support person will. And they're probably already doing a pretty good job using nothing more than logs, debug statements and sniffing network traffic.
All of which costs you nothing.

But I've just spent a good few hours playing with Glassbox and I'm impressed. For starters its Free (both as in Beer, and in Speech).

The install is painless.
You just deploy a webapp to your shiny new Weblogic 9.2 server and the webapp produces a wrapper script for you. (called startWeblogic_with_glassbox.sh)
After you restart your server you point your browser at the /glassbox webapp and your're good to go.
It doesn't do everything that a Quest, Wily, or I3 install will do, but it does the important stuff. It tells you about long running queries.
It watches for slow JDBC calls (and tells you the stored procedure).

Its simple. It just works.

Like Java, Glassbox is licensed under the Gnu Public Library.
I think once developers realize how easy and powerful it is when they're doing development, we'll start to see it turning up in more and more production and UAT installs.

Somthing from the BEA skunkworks?

Artificial Intelligence Filtering Of WebLogic Logs

Last week I wrote an article about my experiment in using a spam filter to classify candidate CVs.

The article got quite a lot of attention, rising as high as number 3 on programming.reddit.com, probably thanks to Jon bumping it onto the front page. (Thanks Jon)

This week I want to show how you can use CRM114 to solve one of most common administrator nightmares.

A couple of years ago I had the great fortune to work on a project whose release date had been mandated by the government... In legislation...

This particular project was a code fork of an in-development application, with responsibility for parts being owned by 2 Major consulting firms (you know who you are) as well as a team of in house developers.
With the government deadline bearing down on us, and near constant political in-fighting the application went in to UAT.

The first thing I noticed was that within hours the 100Gb disk partition we had allocated to log files was full.
The application was slow. It was outputting log data faster than the disks could write it, and when something went wrong, finding out what it was, was impossible.

Developers would ask us to "send them the log files" and we would fall out of our chairs laughing.

But delaying the release date for something as trivial as log file purity was unthinkable. Even to mention such a thing would result would result in dirty looks.

So the application went live, spitting out stack traces faster than Oracle spits out press releases. With, of course, the promise that they would revisit it some time in the future. (after all the developers had moved on, yeah right.)

What we really needed was some kind of Artificial Intelligence filtering, that could cut down the volume of traffic. Somthing that could learn the difference between the "interesting errors" and the "oh-thats-normal-don't-worry-about-that" errors. And what the hell is a normal stack trace anyway?

I didn't have a solution then, but i do now: CRM114

So what should an intelligent log file parser look like. Well for starters you need to train it, so we'll need a script called learn.

$ ./learn --in=LogFileName.log --ks=weblogiclog

View Source learn.crm

#!/usr/bin/env crm

# Usage: ./learn --in=LogFileName.log --ks=weblogiclog

{

  window

}


{ 

  isolate (:logentry:)

  isolate (:hr:) /-------------------------------------------\n/

}

{

  input (:logdata:) [:*:in:]

  {

    window (:logentry:) (:logdata:) /####/ /####/  

    output /\n\nNew Log Entry :*:hr:\n :*:logentry:\n:*:hr:Hit ENTER for uninteresting,/

    output / or SPACE-ENTER to mark this as interesting.\n:*:hr:\n /

    input (:userinput:) 

    { 

     {

      match /[[:space:]]/ (:thematch:) [:userinput:]

      output /LEARNING THAT THIS IS INTERESTING   :-)\n\n/

      learn (./:*:ks:.ksi) [:logentry:]/[[:graph:]]+/

     }

     alius

     {

      output /Learning "UnInteresting   :-|\n\n"/

      learn (./:*:ks:.ksd) [:logentry:]/[[:graph:]]+/

     }

    } 

    liaf

  }

}

{

  output /\n Learning Complete\n The knowledge store :*:ks:.ks has been updated\n\n /

}

This script will walk through a WebLogic log asking you about each entry. An entry is defined as starting with "####" and continuing over as many lines as necessary till it sees the start of the next entry. This works well for WebLogic logs, and its easy enough to change the Regular Expression to work with different types of logs.

Once you've done a bit of training, you hit CTRL-C and you'll notice that your learning has created two 12Mb files, in this case weblogiclog.ksi and weblogiclog.ksd. (Knowledge Store Interesting, and Knowledge Store Dull)

In this case weblogiclog.ksi contains all the information about Interesting log entries, and weblogiclog.ksd contains information about Dull log entries.

The next script is the one that will walk through a WebLogic log showing only the entries that more closely match the Interesting category.

$ ./filter --in=LogFileName.log --ks=weblogiclog

View Source: filter.crm

#!/usr/bin/env crm


{

  window

}

{ 

  isolate (:logentry:)

  isolate (:hr:) /-------------------------------------------\n/

}

{

  input (:logdata:) [:*:in:]

  {

    window (:logentry:) (:logdata:) /####/ /####/ 

    {

      classify ( :*:ks:.ksi | :*:ks:.ksd ) [:logentry:] /[[:graph:]]+/

      output /:*:hr:\n :*:logentry: \n/

    }

    liaf

  }

}

{

  output /\n ==Done==\n /

}

Running this script on a sample WebLogic log I found on the Internet did indeed find all sorts of interesting things. Stack traces are the easy ones: once its been told a particular "stack" is Interesting (or Dull) it will correctly classify it from then on.

Intelligent log filtering shouldn't be an alternative to enforced log file purity.

It might be possible to insist that developers train up a knowledge store on their application during UAT, and deliver that into production with their app.

CRM114 could then be integrated with monitoring solutions like BMC Patrol so that Patrol can raise an alert when an Interesting log entry occurs.

In this way Admins could spend less time wading through the logs trying to work out what's a real error, and more time fixing things.

Sorting Candidate CV's using the anti-spam algorithm...

Its 16:44 in the afternoon. For the past 4 hours I've been head down staring at a WebLogic Server log watching stack traces fly past like leaves on a waterfall.

The ticket queue is growing hour by hour and the deadline, while still weeks away is starting to look slightly transparent.

"Simon, Can you have a look at this CV for me and let me know what you think?" Says the Boss

"Oh and Simon, i need to know by 5!" He adds.

Thanks boss. I've devoted my life to understanding computers for the express reason that They're Easier To Understand Than People.
And you've just given me 15 minutes to read-between-the-lines of a 6 page CV that is almost certainally 60% lies.

15 Minutes to absorb the subtle nuaince, the hints of hesitation or confidence. 15 minutes to....
Oh sod it. Most CV's have the same level as truthiness as Spam anyway.. Ill just spend a couple of hours adapting the learning algorithm from a Spam Filter to work on CV's and ill never have to worry about this again.

So Ladies and Gentlemen, i present to you: The worlds first Bayesian CV sorting application.

Online to play with at http://londonmiddleware.org/chaff

*

My tool is based on the excellent "Learning Grep" called CRM114. In the coming weeks i plan on writing an article on how to use it to monitor logs files for new problems.

*Choom Cheef and Chaff, see a pattern here Hoos?

The London Middleware User Group - First Meeting tonight.

We are meeting tonight at about 7pm at:

http://marriott.com/property/propertypage/LONCC

The bar to meet in is located on the right just as you enter through the front entrance, before you get into the main court.

Cheers, Hoos

My bold prediction...

In 5 years virtualization like VMWare, Xen, MS-VS and the like will largely replace traditional server installs.

Regardless of where you sit in an organization, you probably have a limited view of "The Stack".

To a Developer the System looks like a Container (WebLogic).
To an Integrator it looks like a JVM running on an Operating System.
To a SysAdmin, its an Application running on a Machine in a Frame.

If you're a CTO, its probably "a BEA" sitting on "A Sun" talking to "An Oracle" over "A Cisco", which is a good enough understanding for what you do.

The truth is way more complicated. "The Stack" is divided up a million ways. JVMs contain objects, networks contain subnets, and V-Lans, Machines are really Frames, which contain Clusters which contain Hosts and so on and so forth.

The reality is, probably no one understands "The whole stack".

The art of creating an elegant piece of software is Finding The Right Metaphor. Anyone can write code that works, but a truly elegant program executes on two CPU's. The Chip, and the mind of the next Developer who tries to understand it.

The same goes for architecture.

The ultimate metaphor for an infrastructure architect is "The Computer".
The Machine, The System, or as VMWare et.al. refer to it, The Appliance.

With consistency of break points comes consistency in the demarcation of responsibility.

In your organization, "Who's Responsible" for a particular part of the stack is "Hard To Work Out".

With Virtualization you can cancel out this confusion by enforcing consistent break points.

See? Consistent.

With virtualization comes ease of upgrades.

And with Appliances you can disavow Configuration. Instead of having an organization wide WebLogic Build Guide, just have a Standardized Appliance that gets cloned as many times as needed.

These can even be Vendor supplied. Did you know that BEA and Redhat already have a pre-built Linux-WeblogicPlatform Vmware appliance?
see http://www.vmware.com/vmtn/appliances/directory/bea.html

Moores Law is slowly negating any performance related issues with virtualization. Remember 10 years ago when nay-sayers said Java would never take off because a Java-Virtual-Machine could never be as fast as native machine code? I expect the same thing will happen with Whole-System-Virtual-Machines.

"The Appliance" is a powerful metaphor, and my bold prediction is that it will increasingly become the default paradigm in the next couple of years.

J2EE has some catching up to do...

This weekend I helped my wife setup a new website for her art and objects conservation business.

I love J2EE and WebLogic, but I still haven't seen a drop in framework that is as easy to use as Drupal (php/mysql/lamp), Ruby-On-Rails (Ruby) or Django(Python).

Drupal was a breeze to set up. I just created the database and fired it up. And it got me thinking, JSP is great technology, but the LAMP frameworks do so much more. The LAMP frameworks set up your database schema, standardise things like forms, user input validation, and Ajax.

The other thing that makes the LAMP frameworks so attractive is the ability to develop new live content in a dynamic language instead of Java.

Ruby (the language) made Ruby-on-rails possible.

Python (the language) made Django and Turbogears possible.

Java already has arguably the Worlds Best web framework in the form of JEE (nee J2EE), it just needs a strong, supported dynamic language to make rapid site development fun.

Jython should be that language. Some of the parts are already in place, Jython already has a servlet wrapper, and can access the whole JEE stack to do everything else.

Someone should step up to the plate and sponsor Jython development to bring it up to Python 2.4. Then you could take Turbogears or Django and drop it into WebLogic and have a rapid application framework every bit as powerful as Ruby-on-Rails.

Someone like, say Sun? or BEA? Jim Hugunin who originally wrote Jython now works at Microsoft, where he's bringing the power of the Python language to .net.

May 2008

Search this blog:

Archives

April 2008
February 2008
October 2007
September 2007
June 2007
February 2007
December 2006
November 2006
October 2006
August 2006
July 2006
May 2006

Categories

Recent Entries

How to rename a WebLogic 8.1.x Domain using Jython (WLST)

Competitive Intelligence Gathering with Google.

The Bibles. (or what should i read next?)