WebLogic Operator初试
时隔几个月,重拾WebLogic
- 为什么是WebLogic
简单说一句就是,因为WebLogic在中间件里面够复杂。
- Server不同的角色
- AdminServer和Managed Server之间的通讯
- NodeManager负责AdminServer和Managed Server的启停
- ManagedServer连上去的认证
- 状态的保存
- 域内容的共享
总而言之一句话,就是需要保存状态,需要Persistance,而operator基于一系列脚本将他自动化和脚本化,降低了创建的开销,
但有一点避免不了,就是你必须仍然对WebLogic架构工作原理比较了解,否则任何地方出现问题你都难以定位。
目前Oracle官方出的WebLogic Operator处于Techinical Preview版本阶段,按照官方说法,他提供了创建域,自动的启动,集群扩展,以及和Prometheus集成,web应用的负载均衡器(使用Traefik1.4.5版本),同时提供了ELK的集成功能。
(It provides a mechanism to create domains, automates domain startup, allows scaling WebLogic clusters up and down either manually (on-demand) or through integration with the WebLogic Diagnostics Framework or Prometheus, manages load balancing for web applications deployed in WebLogic clusters, and provides integration with ElasticSearch, logstash and Kibana.)
WebLogic Operator使用标准的WebLogic Server 12.2.1.3的镜像,可以从store/oracle下载获取,当然也可以自己构建,鉴于墙的原因,我就是自己构建的。
- 架构
总的来说和传统架构类似,重要的是需要有个PV保存共享状态,相当于传统架构中大家mount同一个存储吧。
- 前序条件
这个比较重要,特别是docker的版本,之前用12的版本,发现死活不work!
Kubernetes 1.7.5+, 1.8.0+
kubectl version
Flannel networking v0.9.1-amd64
Docker 17.03.1.ce
docker version
- 构建Operator
git clone https://github.com/oracle/weblogic-kubernetes-operator.git
构建weblogic-operator镜像,最后也是以一个pod模式运行在weblogic-operator的命名空间中。
mvn clean install
docker login
docker build -t weblogic-kubernetes-operator:some-tag --no-cache=true .
首先需要有store/oracle/serverjre:8的镜像环境,然后生成weblogic-kubernetes-operator后将镜像save再load到各个需要的节点。
Dockerfile如下
# Copyright , , Oracle Corporation and/or its affiliates. All rights reserved. # using JRE with support for container heap management
#FROM store/oracle/serverjre:
FROM linux7-jre:8u151 RUN mkdir /operator
RUN mkdir /operator/lib
ENV PATH=$PATH:/operator COPY src/scripts/* /operator/
COPY operator/target/weblogic-kubernetes-operator-0.2.jar /operator/weblogic-kubernetes-operator.jar
COPY operator/target/lib/*.jar /operator/lib/ HEALTHCHECK --interval=1m --timeout=10s \
CMD /operator/livenessProbe.sh WORKDIR /operator/ CMD ["/operator/operator.sh"]
基本就是将一大堆脚本和jar包移入镜像,然后再启动operator.sh文件
Operator的源码
[root@k8s-master src]# tree main
main
├── java
│ └── oracle
│ └── kubernetes
│ └── operator
│ ├── authentication
│ │ ├── Authenticator.java
│ │ ├── Helpers.java
│ │ └── package-info.java
│ ├── builders
│ │ ├── CallParamsImpl.java
│ │ ├── CallParams.java
│ │ ├── package-info.java
│ │ ├── UncheckedApiException.java
│ │ ├── WatchBuilder.java
│ │ ├── WatchI.java
│ │ └── WatchImpl.java
│ ├── ConfigMapWatcher.java
│ ├── DomainStatusUpdater.java
│ ├── DomainWatcher.java
│ ├── EventWatcher.java
│ ├── helpers
│ │ ├── AnnotationHelper.java
│ │ ├── AuthenticationProxy.java
│ │ ├── AuthorizationProxy.java
│ │ ├── CallBuilderFactory.java
│ │ ├── CallBuilder.java
│ │ ├── ClientPool.java
│ │ ├── ConfigMapConsumer.java
│ │ ├── ConfigMapHelper.java
│ │ ├── CRDHelper.java
│ │ ├── DomainPresenceInfo.java
│ │ ├── HealthCheckHelper.java
│ │ ├── IngressHelper.java
│ │ ├── package-info.java
│ │ ├── PodHelper.java
│ │ ├── Pool.java
│ │ ├── ResponseStep.java
│ │ ├── RollingHelper.java
│ │ ├── SecretHelper.java
│ │ ├── ServerKubernetesObjectsFactory.java
│ │ ├── ServerKubernetesObjects.java
│ │ └── ServiceHelper.java
│ ├── http
│ │ ├── HttpClient.java
│ │ ├── HTTPException.java
│ │ ├── package-info.java
│ │ └── Result.java
│ ├── IngressWatcher.java
│ ├── KubernetesConstants.java
│ ├── LabelConstants.java
│ ├── logging
│ │ ├── LoggingFacade.java
│ │ ├── LoggingFactory.java
│ │ ├── LoggingFormatter.java
│ │ ├── MessageKeys.java
│ │ └── package-info.java
│ ├── Main.java
│ ├── OperatorLiveness.java
│ ├── package-info.java
│ ├── PodWatcher.java
│ ├── ProcessingConstants.java
│ ├── rest
│ │ ├── AuthenticationFilter.java
│ │ ├── backend
│ │ │ ├── package-info.java
│ │ │ ├── RestBackend.java
│ │ │ └── VersionUtils.java
│ │ ├── BaseDebugLoggingFilter.java
│ │ ├── ErrorFilter.java
│ │ ├── ExceptionMapper.java
│ │ ├── FilterPriorities.java
│ │ ├── model
│ │ │ ├── BaseModel.java
│ │ │ ├── ClusterModel.java
│ │ │ ├── CollectionModel.java
│ │ │ ├── DomainModel.java
│ │ │ ├── ErrorModel.java
│ │ │ ├── ItemModel.java
│ │ │ ├── LinkContainerModel.java
│ │ │ ├── LinkModel.java
│ │ │ ├── package-info.java
│ │ │ ├── ScaleClusterParamsModel.java
│ │ │ └── VersionModel.java
│ │ ├── package-info.java
│ │ ├── RequestDebugLoggingFilter.java
│ │ ├── resource
│ │ │ ├── BaseResource.java
│ │ │ ├── ClusterResource.java
│ │ │ ├── ClustersResource.java
│ │ │ ├── DomainResource.java
│ │ │ ├── DomainsResource.java
│ │ │ ├── package-info.java
│ │ │ ├── ScaleClusterResource.java
│ │ │ ├── SwaggerResource.java
│ │ │ ├── VersionResource.java
│ │ │ └── VersionsResource.java
│ │ ├── ResponseDebugLoggingFilter.java
│ │ ├── RestBackendImpl.java
│ │ ├── RestConfigImpl.java
│ │ ├── RestConfig.java
│ │ └── RestServer.java
│ ├── ServerStatusReader.java
│ ├── ServiceWatcher.java
│ ├── StartupControlConstants.java
│ ├── TuningParametersImpl.java
│ ├── TuningParameters.java
│ ├── utils
│ │ └── ConcurrentWeakHashMap.java
│ ├── watcher
│ │ ├── package-info.java
│ │ └── WatchListener.java
│ ├── Watcher.java
│ ├── WebLogicConstants.java
│ ├── wlsconfig
│ │ ├── NetworkAccessPoint.java
│ │ ├── package-info.java
│ │ ├── WlsClusterConfig.java
│ │ ├── WlsDomainConfig.java
│ │ ├── WlsRetriever.java
│ │ └── WlsServerConfig.java
│ └── work
│ ├── ComponentEx.java
│ ├── Component.java
│ ├── ComponentRegistry.java
│ ├── Container.java
│ ├── ContainerResolver.java
│ ├── Engine.java
│ ├── FiberGate.java
│ ├── Fiber.java
│ ├── NextAction.java
│ ├── package-info.java
│ ├── Packet.java
│ ├── Step.java
│ └── ThreadLocalContainerResolver.java
├── javadoc
│ └── overview.html
└── resources
└── Operator.properties directories, files
- 安装指导
详情参考
https://github.com/oracle/weblogic-kubernetes-operator
https://github.com/oracle/weblogic-kubernetes-operator/blob/master/site/installation.md
git clone https://github.com/oracle/weblogic-kubernetes-operator.git
修改create-weblogic-operator-input.yaml文件,主要是 targetNamespaces,
同时修改了镜像 weblogicOperatorImage: weblogic-kubernetes-operator:developer
[root@k8s-master kubernetes]# cat create-weblogic-operator-inputs.yaml
# Copyright , Oracle Corporation and/or its affiliates. All rights reserved.
# Licensed under the Universal Permissive License v 1.0 as shown at http://oss.oracle.com/licenses/upl. # The name of the service account that the operator will use to
# make requests to the Kubernetes API server.
# The name must be lowercase
serviceAccount: weblogic-operator # The Kubernetes namespace that the operator will be deployed in.
# It is recommended that a namespace be created for the operator rather
# than using the default namespace.
# The name must be lowercase
namespace: weblogic-operator # A comma-separated list of target namespaces the operator manages
# The names must be lowercase
targetNamespaces: domain1 # The docker image containing the operator code.
#weblogicOperatorImage: container-registry.oracle.com/middleware/weblogic-kubernetes-operator:latest
weblogicOperatorImage: weblogic-kubernetes-operator:developer # The image pull policy for the operator docker image.
weblogicOperatorImagePullPolicy: IfNotPresent # Name of the Kubernetes secret to access the registry containing the operator Docker image
# The presence of the secret will be validated when this parameter is enabled.
#weblogicOperatorImagePullSecretName: # Options for externally exposing the operator REST https interface
# (i.e. outside of the Kubernetes cluster). Valid values are:
#
# "NONE"
# The REST interface is not exposed outside the Kubernetes cluster.
#
# "SELF_SIGNED_CERT"
# The REST interface is exposed outside of the Kubernetes cluster on the
# port specified by the 'externalRestHttpsPort' property.
# A self-signed certificate and private key are generated for the REST interface.
# The certificate's subject alternative names are specified by the 'externalSans'
# property.
#
# "CUSTOM_CERT"
# The REST interface is exposed outside of the Kubernetes cluster on the
# port specified by the 'externalRestHttpsPort' property.
# The customer supplied certificate and private key are used for the REST
# interface. They are specified by the 'externalOperatorCert' and
# 'eternalOperatorKey' properties.
externalRestOption: NONE # The node port that should be allocated for the external operator REST https interface.
# This parameter is required if 'externalRestOption' is not 'NONE'.
# Otherwise, it is ignored.
externalRestHttpsPort: # The subject alternative names to put into the generated self-signed certificate
# for the external WebLogic Operator REST https interface, for example:
# DNS:myhost,DNS:localhost,IP:127.0.0.1
# This parameter is required if 'externalRestOption' is 'SELF_SIGNED_CERT'.
# Otherwise, it is ignored.
externalSans: # The customer supplied certificate to use for the external operator REST
# https interface. The value must be a string containing a base64 encoded PEM certificate.
# This parameter is required if 'externalRestOption' is 'CUSTOM_CERT'.
# Otherwise, it is ignored.
externalOperatorCert: # The customer supplied private key to use for the external operator REST
# https interface. The value must be a string containing a base64 encoded PEM key.
# This parameter is required if 'externalRestOption' is 'CUSTOM_CERT'.
# Otherwise, it is ignored.
externalOperatorKey: # Controls whether or not the operator will start a Java remote debug server on the
# provided port and suspend execution until a remote debugger has attached.
# The 'internalDebugHttpPort' property controls the port number inside the Kubernetes
# cluster and the 'externalDebugHttpPort' property controls the port number outside
# the Kubernetes cluster.
remoteDebugNodePortEnabled: false # The port number inside the Kubernetes cluster for the operator's Java
# remote debug server.
# This parameter is required if 'remoteDebugNodePortEnabled' is true.
# Otherwise, it is ignored.
internalDebugHttpPort: # The node port that should be allocated for the Kubernetes cluster for the operator's
# Java remote debug server.
# This parameter is required if 'remoteDebugNodePortEnabled' is true.
# Otherwise, it is ignored.
externalDebugHttpPort: # The level of Java logging that should be enabled in the operator.
# Valid values are: "SEVERE", "WARNING", "INFO", "CONFIG", "FINE", "FINER", and "FINEST".
javaLoggingLevel: INFO # Controls whether or not ELK integration is enabled.
elkIntegrationEnabled: false
./create-weblogic-operator.sh \
-i create-weblogic-operator-inputs.yaml \
-o weblogic-operator-output-directory/
创建日志如下:
[root@k8s-master kubernetes]# ./create-weblogic-operator.sh \
> -i create-weblogic-operator-inputs.yaml \
> -o weblogic-operator-output-directory/
Input parameters being used
export serviceAccount="weblogic-operator"
export namespace="weblogic-operator"
export targetNamespaces="domain1"
export weblogicOperatorImage="weblogic-kubernetes-operator:developer"
export weblogicOperatorImagePullPolicy="IfNotPresent"
export externalRestOption="NONE"
export externalRestHttpsPort=""
export remoteDebugNodePortEnabled="false"
export internalDebugHttpPort=""
export externalDebugHttpPort=""
export javaLoggingLevel="INFO"
export elkIntegrationEnabled="true" The WebLogic Operator REST interface will not be externally exposed
/root/weblogic-kubernetes-operator/kubernetes/internal
Generating a self-signed certificate for the operator's internal https port with the subject alternative names DNS:internal-weblogic-operator-svc,DNS:internal-weblogic-operator-svc.weblogic-operator,DNS:internal-weblogic-operator-svc.weblogic-operator.svc,DNS:internal-weblogic-operator-svc.weblogic-operator.svc.cluster.local
Generating weblogic-operator-output-directory//weblogic-operators/weblogic-operator/weblogic-operator.yaml
Running the weblogic operator security customization script
...
Generating YAML script weblogic-operator-output-directory//weblogic-operators/weblogic-operator/weblogic-operator-security.yaml to create WebLogic Operator security configuration...
Create the WebLogic Operator Security configuration using kubectl as follows: kubectl create -f weblogic-operator-output-directory//weblogic-operators/weblogic-operator/weblogic-operator-security.yaml
Ensure you start the API server with the --authorization-mode=RBAC option.
Checking to see if the namespace weblogic-operator already exists
The namespace weblogic-operator already exists
Checking the target namespace domain1
Checking to see if the namespace domain1 already exists
The namespace domain1 already exists
Checking to see if the service account weblogic-operator already exists
The service account weblogic-operator already exists
Applying the generated file weblogic-operator-output-directory//weblogic-operators/weblogic-operator/weblogic-operator-security.yaml
namespace "weblogic-operator" configured
serviceaccount "weblogic-operator" configured
clusterrole "weblogic-operator-cluster-role" configured
clusterrole "weblogic-operator-cluster-role-nonresource" configured
clusterrolebinding "weblogic-operator-operator-rolebinding" configured
clusterrolebinding "weblogic-operator-operator-rolebinding-nonresource" configured
clusterrolebinding "weblogic-operator-operator-rolebinding-discovery" configured
clusterrolebinding "weblogic-operator-operator-rolebinding-auth-delegator" configured
clusterrole "weblogic-operator-namespace-role" configured
rolebinding "weblogic-operator-rolebinding" configured
Checking the cluster role weblogic-operator-namespace-role was created
Checking role binding weblogic-operator-rolebinding was created for each target namespace
Checking role binding weblogic-operator-rolebinding for namespace domain1
Checking the cluster role weblogic-operator-cluster-role was created
Checking the cluster role bindings weblogic-operator-operator-rolebinding were created
Deploy ELK...
deployment "elasticsearch" configured
service "elasticsearch" configured
deployment "kibana" configured
service "kibana" configured
Applying the file weblogic-operator-output-directory//weblogic-operators/weblogic-operator/weblogic-operator.yaml
configmap "weblogic-operator-cm" configured
secret "weblogic-operator-secrets" configured
deployment "weblogic-operator" created
service "internal-weblogic-operator-svc" created
Waiting for operator deployment to be ready...
status is , iteration of
Checking the operator labels
Checking the operator pods
Checking the operator Pod status The Oracle WebLogic Server Kubernetes Operator is deployed, the following namespaces are being managed: domain1 The following files were generated:
weblogic-operator-output-directory//weblogic-operators/weblogic-operator/create-weblogic-operator-inputs.yaml
weblogic-operator-output-directory//weblogic-operators/weblogic-operator/weblogic-operator.yaml
weblogic-operator-output-directory//weblogic-operators/weblogic-operator/weblogic-operator-security.yaml Completed
创建完成后
创建了domain1和weblogic-operator的命名空间
[root@k8s-master weblogic-operator]# kubectl get namespaces
NAME STATUS AGE
default Active 168d
domain1 Active 17h
kube-public Active 168d
kube-system Active 168d
monitoring Active 112d
weblogic-operator Active 17h
在weblogic-operator下创建的对象
[root@k8s-master weblogic-operator]# kubectl get all -n weblogic-operator
NAME READY STATUS RESTARTS AGE
po/weblogic-operator--dvqv6 / Running 17h NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE
svc/internal-weblogic-operator-svc 10.254.229.199 <none> /TCP 17h NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE
deploy/weblogic-operator 17h NAME DESIRED CURRENT READY AGE
rs/weblogic-operator- 17h
pod的日志信息
[root@k8s-master weblogic-operator]# kubectl logs weblogic-operator--dvqv6 -n weblogic-operator
Launching Oracle WebLogic Server Kubernetes Operator...
{"timestamp":"05-15-2018T00:54:01.857+0000","thread":,"level":"INFO","class":"oracle.kubernetes.operator.TuningParametersImpl","method":"update","timeInMillis":,"message":"Reloading tuning parameters from Operator's config map","exception":"","code":"","headers":{},"body":""}
{"timestamp":"05-15-2018T00:54:03.431+0000","thread":,"level":"INFO","class":"oracle.kubernetes.operator.Main","method":"main","timeInMillis":,"message":"Oracle WebLogic Server Kubernetes Operator, version: 0.2, implementation: master.3934b2c, build time: 2018-04-18T17:05:04+0800","exception":"","code":"","headers":{},"body":""}
{"timestamp":"05-15-2018T00:54:03.481+0000","thread":,"level":"INFO","class":"oracle.kubernetes.operator.Main","method":"startLivenessThread","timeInMillis":,"message":"Starting Operator Liveness Thread","exception":"","code":"","headers":{},"body":""}
{"timestamp":"05-15-2018T00:54:03.601+0000","thread":,"level":"INFO","class":"oracle.kubernetes.operator.Main","method":"begin","timeInMillis":,"message":"Operator namespace is: weblogic-operator","exception":"","code":"","headers":{},"body":""}
{"timestamp":"05-15-2018T00:54:03.675+0000","thread":,"level":"INFO","class":"oracle.kubernetes.operator.Main","method":"begin","timeInMillis":,"message":"Operator target namespaces are: domain1","exception":"","code":"","headers":{},"body":""}
{"timestamp":"05-15-2018T00:54:03.680+0000","thread":,"level":"INFO","class":"oracle.kubernetes.operator.Main","method":"begin","timeInMillis":,"message":"Operator service account is: weblogic-operator","exception":"","code":"","headers":{},"body":""}
{"timestamp":"05-15-2018T00:54:13.180+0000","thread":,"level":"WARNING","class":"oracle.kubernetes.operator.helpers.HealthCheckHelper","method":"logHealthCheckEvent","timeInMillis":,"message":"Access denied for service account system:serviceaccount:weblogic-operator:weblogic-operator for operation get on resource networkpolicies","exception":"","code":"","headers":{},"body":""}
{"timestamp":"05-15-2018T00:54:13.198+0000","thread":,"level":"WARNING","class":"oracle.kubernetes.operator.helpers.HealthCheckHelper","method":"logHealthCheckEvent","timeInMillis":,"message":"Access denied for service account system:serviceaccount:weblogic-operator:weblogic-operator for operation list on resource networkpolicies","exception":"","code":"","headers":{},"body":""}
{"timestamp":"05-15-2018T06:25:48.416+0000","thread":,"level":"INFO","class":"oracle.kubernetes.operator.helpers.ClientPool","method":"getApiClient","timeInMillis":,"message":"The Kuberenetes Master URL is set to https://10.254.0.1:443","exception":"","code":"","headers":{},"body":""}
{"timestamp":"05-15-2018T06:29:53.941+0000","thread":,"level":"INFO","class":"oracle.kubernetes.operator.helpers.ClientPool","method":"getApiClient","timeInMillis":,"message":"The Kuberenetes Master URL is set to https://10.254.0.1:443","exception":"","code":"","headers":{},"body":""}
{"timestamp":"05-15-2018T06:42:51.519+0000","thread":,"level":"INFO","class":"oracle.kubernetes.operator.helpers.ClientPool","method":"getApiClient","timeInMillis":,"message":"The Kuberenetes Master URL is set to https://10.254.0.1:443","exception":"","code":"","headers":{},"body":""}
{"timestamp":"05-15-2018T06:47:45.681+0000","thread":,"level":"INFO","class":"oracle.kubernetes.operator.helpers.ClientPool","method":"getApiClient","timeInMillis":,"message":"The Kuberenetes Master URL is set to https://10.254.0.1:443","exception":"","code":"","headers":{},"body":""}
{"timestamp":"05-15-2018T06:52:35.717+0000","thread":,"level":"INFO","class":"oracle.kubernetes.operator.helpers.ClientPool","method":"getApiClient","timeInMillis":,"message":"The Kuberenetes Master URL is set to https://10.254.0.1:443","exception":"","code":"","headers":{},"body":""}
客户化资源定义
[root@k8s-master weblogic-operator]# kubectl get crd
NAME KIND
domains.weblogic.oracle CustomResourceDefinition.v1beta1.apiextensions.k8s.io
- 创建WebLogic Domain
创建secret
kubectl -n domain1 create secret generic domain1-weblogic-credentials --from-literal=username=weblogic --from-literal=password=welcome1
创建pv,域会建立在这个pv下面,持久化在这里,如果你只有一个node,需要在node上建立,当然如果是nfs这种方式就不用
mkdir -m -p /weblogic/domain1PersistentVolume
拉取镜像
docker login
docker pull store/oracle/weblogic:12.2.1.3
这个具体的镜像名是在template文件中定义,我因为拉去不到镜像所以自己build了一个retag了一下。
input文件
[root@k8s-master kubernetes]# cat create-weblogic-domain-inputs.yaml
# Copyright , Oracle Corporation and/or its affiliates. All rights reserved.
# Licensed under the Universal Permissive License v 1.0 as shown at http://oss.oracle.com/licenses/upl. # Port number for admin server
adminPort: # Name of the Admin Server
adminServerName: admin-server # Name of the WebLogic domain to create
domainName: base_domain # Unique id identifying a domain.
# This id must be lowercase and unique across all domains in a Kubernetes cluster.
domainUID: domain1 # Determines which WebLogic Servers the Operator will start up
# Legal values are "NONE", "ALL", "ADMIN", "SPECIFIED", or "AUTO"
startupControl: AUTO # Cluster name
clusterName: cluster- # Number of managed servers to generate for the domain
configuredManagedServerCount: # Number of managed servers to initially start for the domain
initialManagedServerReplicas: # Base string used to generate managed server names
managedServerNameBase: managed-server # Port number for each managed server
managedServerPort: # Persistent volume type for the domain's storage.
# The value must be 'HOST_PATH' or 'NFS'.
# If using 'NFS', weblogicDomainStorageNFSServer must be specified.
weblogicDomainStorageType: HOST_PATH # The server name or ip address of the NFS server to use for the domain's storage.
# The following line must be uncomment and customized if weblogicDomainStorateType is NFS:
#weblogicDomainStorageNFSServer: nfsServer # Physical path of the domain's persistent storage.
# The following line must be uncomment and customized:
weblogicDomainStoragePath: /weblogic/domain1PersistentVolume # Reclaim policy of the domain's persistent storage
# The valid values are: 'Retain', 'Delete', and 'Recycle'
weblogicDomainStorageReclaimPolicy: Retain # Total storage allocated to the domain's persistent storage.
weblogicDomainStorageSize: 10Gi # Boolean indicating if production mode is enabled for the domain
productionModeEnabled: true # Name of the Kubernetes secret for the Admin Server's username and password
# The name must be lowercase
weblogicCredentialsSecretName: domain1-weblogic-credentials # Name of the Kubernetes secret to access the Docker Store to pull the WebLogic Server Docker image
# The presence of the secret will be validated when this parameter is enabled.
#weblogicImagePullSecretName: # Port for the T3Channel of the NetworkAccessPoint
t3ChannelPort: # Public address for T3Channel of the NetworkAccessPoint. This value should be set to the
# kubernetes server address, which you can get by running "kubectl cluster-info". If this
# value is not set to that address, WLST will not be able to connect from outside the
# kubernetes cluster.
t3PublicAddress: kubernetes # Boolean to indicate if the channel should be exposed as a service
exposeAdminT3Channel: false # NodePort to expose for the admin server
adminNodePort: # Boolean to indicate if the adminNodePort will be exposed
exposeAdminNodePort: false # Name of the domain namespace
namespace: domain1 # Load balancer to deploy. Supported values are:TRAEFIK, NONE
#loadBalancer: TRAEFIK
loadBalancer: NONE # Load balancer web port
loadBalancerWebPort: # Load balancer dashboard port
loadBalancerDashboardPort: #Java Option for Weblogic Server
javaOptions: -Dweblogic.StdoutDebugEnabled=false
运行脚本
./create-weblogic-domain.sh -i create-weblogic-domain-input.yaml -o weblogic-domain-output/
会先运行一个job pod(domain1-create-weblogic-domain-job-j4bsp),进行域的建立等工作,然后再通过NodeManager将AdminServer和Managed Server一个一个启动起来。
当然在PV下面(node上)看到如下目录
[root@node1 /]# tree weblogic -L
weblogic
└── domain1PersistentVolume
├── applications
├── domain
│ └── base_domain
│ ├── autodeploy
│ ├── backup_config
│ ├── bin
│ ├── config
│ ├── console-ext
│ ├── edit.lok
│ ├── fileRealm.properties
│ ├── init-info
│ ├── lib
│ ├── nodemanager
│ ├── orchestration
│ ├── resources
│ ├── security
│ ├── servers
│ ├── startManagedWebLogic_readme.txt
│ └── startWebLogic.sh
├── logs
│ ├── admin-server.log
│ ├── base_domain.log
│ ├── nodemanager-admin-server.log
│ ├── nodemanager-admin-server.log.lck
│ ├── nodemanager-managed-server1.log
│ ├── nodemanager-managed-server1.log.lck
│ ├── nodemanager-managed-server2.log
│ └── nodemanager-managed-server2.log.lck
└── stores
日志如下:
[root@k8s-master kubernetes]# ./create-weblogic-domain.sh -i create-weblogic-domain-inputs.yaml -o weblogic-domain-output/
Input parameters being used
export adminPort=""
export adminServerName="admin-server"
export domainName="base_domain"
export domainUID="domain1"
export startupControl="AUTO"
export clusterName="cluster-1"
export configuredManagedServerCount=""
export initialManagedServerReplicas=""
export managedServerNameBase="managed-server"
export managedServerPort=""
export weblogicDomainStorageType="HOST_PATH"
export weblogicDomainStoragePath="/weblogic/domain1PersistentVolume"
export weblogicDomainStorageReclaimPolicy="Retain"
export weblogicDomainStorageSize="10Gi"
export productionModeEnabled="true"
export weblogicCredentialsSecretName="domain1-weblogic-credentials"
export t3ChannelPort=""
export t3PublicAddress="kubernetes"
export exposeAdminT3Channel="false"
export adminNodePort=""
export exposeAdminNodePort="false"
export namespace="domain1"
export loadBalancer="NONE"
export loadBalancerWebPort=""
export loadBalancerDashboardPort=""
export javaOptions="-Dweblogic.StdoutDebugEnabled=false" Generating weblogic-domain-output//weblogic-domains/domain1/weblogic-domain-pv.yaml
Generating weblogic-domain-output//weblogic-domains/domain1/weblogic-domain-pvc.yaml
Generating weblogic-domain-output//weblogic-domains/domain1/create-weblogic-domain-job.yaml
Generating weblogic-domain-output//weblogic-domains/domain1/domain-custom-resource.yaml
Generating weblogic-domain-output//weblogic-domains/domain1/weblogic-domain-traefik-cluster-1.yaml
Generating weblogic-domain-output//weblogic-domains/domain1/weblogic-domain-traefik-security-cluster-1.yaml
Checking to see if the secret domain1-weblogic-credentials exists in namespace domain1
Checking if the persistent volume domain1-weblogic-domain-pv exists
The persistent volume domain1-weblogic-domain-pv does not exist
Creating the persistent volume domain1-weblogic-domain-pv
persistentvolume "domain1-weblogic-domain-pv" created
Checking if the persistent volume domain1-weblogic-domain-pv is Available
Checking if the persistent volume claim domain1-weblogic-domain-pvc in namespace domain1 exists
No resources found.
The persistent volume claim domain1-weblogic-domain-pvc does not exist in namespace domain1
Creating the persistent volume claim domain1-weblogic-domain-pvc
persistentvolumeclaim "domain1-weblogic-domain-pvc" created
Checking if the persistent volume domain1-weblogic-domain-pv is Bound
Checking if object type job with name domain1-create-weblogic-domain-job exists
No resources found.
Creating the domain by creating the job weblogic-domain-output//weblogic-domains/domain1/create-weblogic-domain-job.yaml
configmap "domain1-create-weblogic-domain-job-cm" created
job "domain1-create-weblogic-domain-job" created
Waiting for the job to complete...
status on iteration of
pod domain1-create-weblogic-domain-job- status is Running
status on iteration of
pod domain1-create-weblogic-domain-job- status is Running
status on iteration of
pod domain1-create-weblogic-domain-job- status is Running
status on iteration of
pod domain1-create-weblogic-domain-job- status is Running
status on iteration of
pod domain1-create-weblogic-domain-job- status is Running
status on iteration of
pod domain1-create-weblogic-domain-job- status is Running
status on iteration of
pod domain1-create-weblogic-domain-job- status is Running
status on iteration of
pod domain1-create-weblogic-domain-job- status is Running
status on iteration of
pod domain1-create-weblogic-domain-job- status is Running
status on iteration of
pod domain1-create-weblogic-domain-job- status is Running
status on iteration of
pod domain1-create-weblogic-domain-job- status is Running
status on iteration of
pod domain1-create-weblogic-domain-job- status is Running
status on iteration of
pod domain1-create-weblogic-domain-job- status is Completed
Creating the domain custom resource using weblogic-domain-output//weblogic-domains/domain1/domain-custom-resource.yaml
domain "domain1" created
Checking the domain custom resource was created Domain base_domain was created and will be started by the WebLogic Kubernetes Operator The following files were generated:
weblogic-domain-output//weblogic-domains/domain1/create-weblogic-domain-inputs.yaml
weblogic-domain-output//weblogic-domains/domain1/weblogic-domain-pv.yaml
weblogic-domain-output//weblogic-domains/domain1/weblogic-domain-pvc.yaml
weblogic-domain-output//weblogic-domains/domain1/create-weblogic-domain-job.yaml
weblogic-domain-output//weblogic-domains/domain1/domain-custom-resource.yaml Completed
完成后看到,在domain1下会生成AdminServer和一个受管实例,处于运行状态中..
[root@k8s-master kubernetes]# kubectl get pod -n domain1
[root@k8s-master kubernetes]# kubectl get pods -n domain1 -w
NAME READY STATUS RESTARTS AGE
domain1-admin-server 0/1 Running 0 44s
domain1-create-weblogic-domain-job-j4bsp 0/1 Completed 0 4m
domain1-admin-server 1/1 Running 0 6m
domain1-managed-server1 0/1 Pending 0 0s
domain1-managed-server1 0/1 Pending 0 0s
domain1-managed-server1 0/1 ContainerCreating 0 0s
domain1-managed-server1 0/1 Running 0 2s
domain1-managed-server1 1/1 Running 0 9m
从这个日志来看,实例的启动有一定的顺序,先AdminServer后Managed Server
[root@k8s-master kubernetes]# kubectl get svc -n domain1
NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE
domain1-admin-server 10.254.161.135 <none> /TCP 21m
domain1-cluster-cluster- 10.254.135.246 <none> /TCP 13m
domain1-managed-server1 10.254.68.132 <none> /TCP 13m
看服务,除了admin的7001和managedserver的8001,还多出一个domain1-cluster-cluster-1的服务。
[root@k8s-master kubernetes]# kubectl describe svc domain1-cluster-cluster- -n domain1
Name: domain1-cluster-cluster-
Namespace: domain1
Labels: weblogic.clusterName=cluster-
weblogic.createdByOperator=true
weblogic.domainName=base_domain
weblogic.domainUID=domain1
Annotations: weblogic.oracle/operator-formatVersion=
Selector: weblogic.clusterName=cluster-,weblogic.createdByOperator=true,weblogic.domainUID=domain1
Type: ClusterIP
IP: 10.254.135.246
Port: <unset> /TCP
Endpoints: 10.1.70.9:
Session Affinity: None
Events: <none>
describe 一下,发现这个服务直接指向了守管服务器的地址。
启动完成后,可以describe一下,看到这些实例的参数。
[root@k8s-master ~]# kubectl describe domain domain1 -n domain1
Name: domain1
Namespace: domain1
Labels: weblogic.domainName=base_domain
weblogic.domainUID=domain1
Annotations: kubectl.kubernetes.io/last-applied-configuration={"apiVersion":"weblogic.oracle/v1","kind":"Domain","metadata":{"annotations":{},"labels":{"weblogic.domainName":"base_domain","weblogic.domainUID":"dom...
API Version: weblogic.oracle/v1
Kind: Domain
Metadata:
Cluster Name:
Creation Timestamp: --16T01::36Z
Generation:
Resource Version:
Self Link: /apis/weblogic.oracle/v1/namespaces/domain1/domains/domain1
UID: 8551c004-58a5-11e8-98e4-080027e2ae0a
Spec:
Admin Secret:
Name: domain1-weblogic-credentials
As Name: admin-server
As Port:
Cluster Startup:
Cluster Name: cluster-
Desired State: RUNNING
Env:
Name: JAVA_OPTIONS
Value: -Dweblogic.StdoutDebugEnabled=false
Name: USER_MEM_ARGS
Value: -Xms64m -Xmx256m
Replicas:
Domain Name: base_domain
Domain UID: domain1
Export T Channels:
Image: store/oracle/weblogic:12.2.1.3
Image Pull Policy: IfNotPresent
Replicas:
Server Startup:
Desired State: RUNNING
Env:
Name: JAVA_OPTIONS
Value: -Dweblogic.StdoutDebugEnabled=false
Name: USER_MEM_ARGS
Value: -Xms64m -Xmx256m
Server Name: admin-server
Startup Control: AUTO
Status:
Conditions:
Last Transition Time: --16T01::.928Z
Reason: ServersReady
Status: True
Type: Available
Servers:
Health:
Activation Time: --16T01::.214Z
Overall Health: ok
Subsystems:
Node Name: node1
Server Name: admin-server
State: RUNNING
Cluster Name: cluster-
Health:
Activation Time: --16T01::.561Z
Overall Health: ok
Subsystems:
Node Name: node1
Server Name: managed-server1
State: RUNNING
Start Time: --16T01::.502Z
Events: <none>
- 扩展Scale实例
前提是在建立集群的时候需要指定多少个受管服务器,比如5个,但启动时候只启动一个,就可以通过编辑下面的domain1的配置,让operator进行实例的启动。
kubectl edit domain domain1 -n domain1
spec:
adminSecret:
name: domain1-weblogic-credentials
asName: admin-server
asPort:
clusterStartup:
- clusterName: cluster-
desiredState: RUNNING
env:
- name: JAVA_OPTIONS
value: -Dweblogic.StdoutDebugEnabled=false
- name: USER_MEM_ARGS
value: '-Xms64m -Xmx256m '
replicas:
domainName: base_domain
domainUID: domain1
exportT3Channels: []
[root@k8s-master kubernetes]# kubectl get pods -n domain1 -w
NAME READY STATUS RESTARTS AGE
domain1-admin-server / Running 25m
domain1-create-weblogic-domain-job-99qjv / Completed 30m
domain1-managed-server1 / Running 17m
domain1-managed-server2 / Running 27s
集群又会启动ms2.
- 删除weblogic domain
删除所有的域,删除一个域的命令是 -d domainname
./delete-weblogic-domain-resources.sh -d all @@ Warning! WebLogic Server pods remaining but wait time exceeds half of max wait seconds. About to directly delete all remaining resources, including the leftover pods.
pod "domain1-create-weblogic-domain-job-phm1n" deleted
job "domain1-create-weblogic-domain-job" deleted
persistentvolumeclaim "domain1-weblogic-domain-pvc" deleted
configmap "domain1-create-weblogic-domain-job-cm" deleted
persistentvolume "domain1-weblogic-domain-pv" deleted
@@ resources remaining after seconds, including WebLogic Server pods. Max wait is seconds.
- 删除WebLogic Operator
kubectl delete deploy weblogic-operator -n weblogic-operator
kubectl delete service external-weblogic-operator-svc -n weblogic-operator
kubectl delete service internal-weblogic-operator-svc -n weblogic-operator
WebLogic Operator初试的更多相关文章
- 采用Operator-sdk轻松将helm chart转为Operator
去年就接触Operator,从Oracle发布的WebLogic Operator到mySQL Operator,构建的源码一大堆,但感觉一直缺少合适的开发框架能够避免复杂性快速生成, 随着技术的日益 ...
- WebLogic SSRF 漏洞 (简要翻译)
[Ref]http://blog.gdssecurity.com/labs/2015/3/30/weblogic-ssrf-and-xss-cve-2014-4241-cve-2014-4210-cv ...
- WebLogic SSRF
本文主要记录一下Weblogic SSRF 利用的操作过程. 一.WebLogic SSRF漏洞简介 漏洞编号:CVE-2014-4210 漏洞影响: 版本10.0.2,10.3.6 Oracle W ...
- weblogic系列漏洞整理 -- 5. weblogic SSRF 漏洞 UDDI Explorer对外开放 (CVE-2014-4210)
目录 五. weblogic SSRF 漏洞 UDDI Explorer对外开放 (CVE-2014-4210) 1. 利用过程 2. 修复建议 一.weblogic安装 http://www.cnb ...
- WebLogic远程命令执行
靶机说明 目标ip:172.16.53.28(window 2003) 本靶机所针对的序列化漏洞系列以及常见安全问题如下: 弱口令登陆控制台部署war包webshell CVE-2018-2893 C ...
- 针对Weblogic测试的一些小总结(转)
1. 管理员登录页面弱密码 Weblogic的端口一般为7001,弱密码一般为weblogic/Oracle@123 or weblogic,或者根据具体情况进行猜测,公司名,人名等等,再有就可以用b ...
- [WEB安全]Weblogic漏洞总结
0x01 Weblogic简介 1.1 叙述 Weblogic是美国Oracle公司出品的一个应用服务器(application server),确切的说是一个基于Java EE架构的中间件,是用于开 ...
- SSRF——weblogic vulhub 漏洞复现及攻击内网redis(一)(附批量检测脚本)
0X01 概述 SSRF(Server-Side Request Forgery, 服务端请求伪造)利用漏洞可以发起网络请求来攻击内网服务.利用SSRF能实现以下效果:1) 扫描内网(主 ...
- 应用安全 - 工具 | 平台 - Weblogic - 漏洞 - 汇总
控制台路径 | 弱口令 前置条件 /console CVE-2016-0638 Date 类型远程代码执行 影响范围10.3.6, 12.1.2, 12.1.3, 12.2.1 CVE-2016 ...
随机推荐
- Django内置信号
阅读目录(Content) Django中内置的signal 自定义信号 1.定义信号 2.注册信号 3.触发信号 回到顶部(go to top) Django中内置的signal Django中提供 ...
- mysql 库操作、存储引擎、表操作
阅读目录 库操作 存储引擎 什么是存储引擎 mysql支持的存储引擎 如何使用存储引擎 表操作 创建表 查看表结构 修改表ALTER TABLE 复制表 删除表 数据类型 表完整性约束 回到顶部 一. ...
- 微信小程序实战篇-下拉刷新与加载更多
下拉刷新 实现下拉刷新目前能想到的有两种方式 1. 调用系统的API,系统有提供下拉刷新的API接口 2. 监听scroll-view,自定义下拉刷新,还记得scroll-view里面有一个binds ...
- [转载]Python命令行参数学习
转载自: http://blog.163.com/weak_time/blog/static/25852809120169333247925/ Python的命令行参数,提供了很多有用的功能,可以方便 ...
- git学习资源合集
git官网 Pro git 电子书,这里还有中文版,这也是官方推荐的. 再加一个廖雪峰的简明git教程.
- Java学习笔记(一)——关于java中的String类
[前面的话] 毕业将近6个月了,试用期也快要过去了,期待接下来的日子.在金融类性质的机构,最痛苦的是也许就是大部分系统外包,所以比较少写代码,在这六个月中只写了1个月左右的代码,然后每天都在做一些比较 ...
- .NET 简单的递归使用场景
什么是递归:自己调用自己,直到满足条件跳出 递归的缺点: 递归很耗内存,容易让机器挂掉 比如递归文件夹,当文件夹的层级有非常非常多的时候,就很容易挂掉,因为递归的时候把上层文件夹的上下文都保存在内存中 ...
- HBase shell 命令创建表及添加数据操作
创建表,表名hbase_1102,HBase表是由Key-Value组成的,此表中Key为NAME 此表有两个列族,CF1和CF2,其中CF1和CF2下分别有两个列name和gender,Chin ...
- 通过url判断当前页,动态给导航加样式
//通过url判断当前页,动态给导航加样式 var str =location.pathname; var index = str.lastIndexOf("\/"); str = ...
- springboot+maven+thymeleaf配置实战demo
本案例使用thymeleaf,与springboot配置使用.thymeleaf是一种模板语言,可以动态或者静态显示文本内容. 1 .项目结构 2.构建springboot项目 通过idea的new ...