1. Upgrading Oracle WebLogic Server
  2. Reconfiguring WebLogic Domains

3 Reconfiguring WebLogic Domains

You can use the Reconfiguration Wizard to upgrade any WebLogic domain that was created with Oracle WebLogic Server 12.2.1.4 or later.

When you use the Reconfiguration Wizard to reconfigure a WebLogic Server domain, the following items are automatically updated, depending on the applications in the domain:

  • WLS core infrastructure

  • Domain version

Note:

The Reconfiguration Wizard does not update any of your applications that are included in the domain. For information about how to upgrade your applications, see WebLogic Server 14.1.2.0.0 Compatibility with Previous Releases.

Learn how to use the Reconfiguration Wizard to reconfigure WebLogic Server domains.

Before You Begin

The reconfiguration may require you to perform additional tasks, such as configuring the CONFIG_JVM_ARGS environment variable, backing up the domain, and choosing the Node Manager configuration that you want to use with the upgraded domain.

Setting CONFIG_JVM_ARGS on UNIX and Linux Systems

Prior to running the Reconfiguration Wizard to reconfigure a domain on a UNIX or Linux operating system, if you have not already done so, set the CONFIG_JVM_ARGS environment variable to the following value to use the operating system's random number generator:

-Djava.security.egd=file:/dev/./urandom

This decreases the amount of time it takes for the Reconfiguration Wizard to reconfigure a domain.

Backing Up the Domain

Prior to running the Reconfiguration Wizard, make a backup copy of the domain directory. For example, copy C:\domains\mydomain to C:\domains\mydomain_backup.

Prior to updating the domain on each remote Managed Server, make a backup copy of the domain directory on each remote machine.

If domain reconfiguration fails for any reason, you must copy all files and directories from the backup directory into the original domain directory to ensure that the domain is returned entirely to its original state prior to reconfiguration.

Determining Node Manager Upgrade Procedure

A Node Manager default configuration is a per domain Node Manager configuration. That is, the Node Manager configuration is specific to a given domain. This configuration allows multiple domains on a given machine to have different Node Manager configurations. See Default Node Manager Configuration in Administering Node Manager for Oracle WebLogic Server.

Table 3-1 shows the supported Node Manager upgrade paths when upgrading WebLogic Server from version 12.2.1.4.0 or later to the current version. Per host in this context means any Node Manager configuration that is outside of your per domain Node Manager configurations.

Table 3-1 Supported Node Manager Upgrade Paths

Node Manager Upgrade Paths From WebLogic Server 12.2.1.4 or later

Per domain to per domain

Supported

Per domain to per host

Not supported

Per host to per domain

Supported

Per host to per host

Manual configuration

Table 3-2 shows the Node Manager upgrade details for each supported upgrade path.

Table 3-2 Node Manager Upgrade Details

Per Domain to Per Domain Per Host to Per Domain Per Host to Per Host

This is an automatic upgrade for all WebLogic Server 12.2.1.4.0 or later releases that are already configured for per domain Node Manager. The environment is updated to standard settings and can be customized later.

The upgrade is automatic whether you are using the Reconfiguration Wizard or WLST to upgrade the domain.

In this case, the Reconfiguration Wizard provides a Node Manager screen during domain reconfiguration. Use this screen to select the Node Manager configuration to use for the reconfigured domain. The resulting configuration depends on the combination of options that you select for Node Manager Type and Node Manager Configuration.

You can also use WLST to upgrade the domain and Node Manager configuration as desired. See Reconfiguring a WebLogic Domain Using WebLogic Scripting Tool.

If multiple per domain Node Managers run on the same machine, see Configuring Multiple Per Domain Node Managers on the Same Machine.

Click the Help button on the screen on the Fusion Middleware Reconfiguration Wizard window to see the Reconfiguration Wizard Context-Sensitve Help.

Node Manager configuration must be completed manually as described in Completing the Node Manager Configuration.

Configuring Multiple Per Domain Node Managers on the Same Machine

If you have multiple domains on the same machine using a Per Domain Node Manager configuration, when running the Reconfiguration Wizard, do the following:

  • On the Advanced Configuration screen, select Managed Servers, Clusters, and Coherence to reconfigure the existing machines for the 14c Node Manager.

  • No changes are needed on the Managed Servers and Clusters screens. When the Machines screen appears, ensure that you use a unique Node Manager port for each domain. For example, if you have three per domain Node Managers running on the machine, use port 5556 for Domain 1, port 5557 for Domain 2, and port 5558 for Domain 3.

    Click the Help button on the screen on the Fusion Middleware Reconfiguration Wizard window to see the Reconfiguration Wizard Context-Sensitve Help .

Running Two Per Host Node Managers on the Same Machine

If all the following items apply to your upgrade scenario, extra steps are needed during the reconfiguration process to create a second Node Manager for the 14c domains:

  • You want to upgrade only some of your existing domains to 14c.

  • You want to continue using a per host Node Manager for the 14c domains.

  • Your existing per host Node Managers and 14c per host Node Managers are running on the same machine.

When running the Reconfiguration Wizard:

  • On the Node Manager screen, select Manual Node Manager Setup. This option keeps the Node Manager configuration as a per host Node Manager for the 14c domain being upgraded.

  • On the Advanced Configuration screen, select Managed Servers, Clusters, and Coherence to reconfigure the existing machines for the 14c Node Manager. In addition, select Deployments and Services to check machine assignments for your deployments and services.

  • No changes are needed on the Managed Servers and Clusters screens. When the Machines screen appears, change the name of each machine to something other than the name that is being used for the 12c domains. In addition, enter a Node Manager port number that is different than the Node Manager port number that is being used for the exisitng Node Manager. Use the same port number for each 14c machine in this domain.

  • Verify that your deployments and services are assigned to the new machine names.

Reconfiguring a WebLogic Domain

Oracle provides a choice of two tools for reconfiguring a WebLogic domain: the graphical Fusion Middleware Reconfiguration Wizard or the WebLogic Scripting Tool (WLST).

Caution:

Once the domain reconfiguration process starts, it is irreversible. Before using the Reconfiguration Wizard or WLST to upgrade the domain, ensure that you have backed up the domain as described in Backing Up the Domain. If an error or other interruption occurs during the reconfiguration process, you must restore the domain by copying the files and directories from the backup location to the original domain directory. This workaround is the only way to ensure that the domain has been returned to its original state before reconfiguration.

When you reconfigure a domain:

  • The domain version number in the config.xml file for the domain is updated to the Administration Server's installed WebLogic Server version major and minor version number (for example, 14.1.2.0).

  • As of WebLogic Server 14.1.2.0.0, when you select production mode, it automatically enables the stricter settings of secured production mode. If you truly want to implement the more moderate settings of production mode, you must explicitly disable secured production mode after the upgrade. For more information, see Changing Domain Mode Post Upgrade.

  • Reconfiguration templates for all installed Oracle products are automatically selected and applied to the domain. These templates define any reconfiguration tasks that are required to make the WebLogic domain compatible with the current WebLogic Server version.

  • Start scripts are updated.

  • After reconfiguring the domain on the Administration Server, you must port the reconfigured domain to all remote Managed Servers in the domain. See Updating a Managed Server Domain on a Remote Machine.

  • After reconfiguring a domain to a per host Node Manager by using either WLST or the Reconfiguration Wizard, you must take additional steps to complete the Node Manager configuration. See Completing the Node Manager Configuration and Completing the Node Manager Configuration (Two Per Host Node Managers).

Reconfiguring a WebLogic Domain in Graphical Mode

To reconfigure a domain using the Reconfiguration Wizard, you first launch it from a DOS command prompt or UNIX shell, and then provide the required upgrade details in a sequence of screens that are displayed.

Note:

If you cannot run the Reconfiguration Wizard in GUI mode, Oracle recommends that you use a WLST script to reconfigure your domain. See Reconfiguring a WebLogic Domain Using WebLogic Scripting Tool.

To start the Reconfiguration Wizard in graphical mode from a Windows command prompt or on UNIX systems:

  1. Log in to the system on which the domain resides.
  2. Open an MS-DOS command prompt window (on Windows) or a command shell (on UNIX).
  3. Go to the following directory, where ORACLE_HOME is your Oracle home directory:

    On Windows: ORACLE_HOME\oracle_common\common\bin

    On UNIX: ORACLE_HOME/oracle_common/common/bin

  4. Run the following commands:

    On Windows: reconfig.cmd

    On UNIX: sh reconfig.sh

    Note:

    When you run the reconfig.cmd or reconfig.sh command, the following error message appears if the default cache directory is not valid:

    *sys-package-mgr*: can't create package cache dir

    You can change the cache directory by including the -Dpython.cachedir=valid_directory option in the command.

    To create a log file of the Reconfiguration Wizard session, include the -log=reconfig.log -log_priority=debug parameter in the command. You can specify any file name for the log file, such as config_today.log. The log file is stored in the logs directory of the Oracle Home directory. Other valid values for log_priority are OFF, SEVERE, WARNING, INFO, CONFIG, FINE, FINER, FINEST, and ALL.

    The Select Domain screen appears.

The Reconfiguration Wizard displays a sequence of screens in the order listed in Table 3-3.

Note:

Depending on the applications in your domain and other factors, extra configuration screens appear in addition to the screens shown in the following table. For information on these screens, click the Help button on the screen.

If the Advanced Configuration screen appears during the reconfiguration process, do not select any options to skip all advanced configuration. If necessary, you can use WLST, the Configuration Wizard, or the WebLogic Server Administration Console later to perform advanced configuration such as adding more servers and clusters or changing deployment targeting.

Table 3-3 Reconfiguring an Existing WebLogic Domain

Screen When Does This Screen Appear? Perform the Following Action

Select Domain

Always

Enter the full path to the domain directory or click Browse to navigate to and select the domain directory.

Click Next to continue.

Reconfiguration Setup Progress

Always

Shows the progress of the application of reconfiguration templates.

When the process completes, click Next to continue.

Reconfiguration Summary

Always

Displays the information about the reconfiguration process for all the reconfigured templates.

Click Next to continue.

Domain Mode and JDK

Always
Domain mode cannot be changed during the reconfiguration. You can change domain mode after the upgrade.

Note:

If you upgrade from WebLogic Server 14.1.1.0.0 or earlier and your domain was in production mode, it will remain in production mode with secured production mode now explicitly disabled in the domain configuration file. However, if you upgrade and then switch to production mode, secured production mode will be enabled.

Select the JDK to use in the domain or click Browse to navigate to the JDK you want to use.

Click Next to continue.

Additional domain configuration screens may appear at this point

Additional screens depend on the domain configuration

Click the Help button on the screen or refer to Reconfiguration Wizard Screens, which describes all the screens in the order in which they are displayed.

Advanced Configuration

Always

Select the check box for each category (if any) for which you want to perform advanced configuration tasks.

The available check boxes depend on the domain configuration.

Click Next to continue.

Configuration Summary

Always

Review the configuration.

Click the Back button to change the configuration or click the Reconfig button to complete the domain reconfiguration process.

Reconfiguration Success

Always

Shows the final status of the reconfiguration process.

Click Finish to exit the Configuration Wizard.

Reconfiguring a WebLogic Domain Using WebLogic Scripting Tool

To reconfigure a domain using WLST, you use the readDomainForUpgrade command. You can also use this command to migrate an existing per host Node Manager configuration to a per domain configuration.

Note:

If the original domain is using a per domain Node Manager configuration, Node Manager is upgraded automatically and no additional steps are needed.

If the original domain is using a per host Node Manager, and you want to continue using that configuration, you must manually reconfigure Node Manager as described in Completing the Node Manager Configuration.

Example 3-1 shows how to reconfigure a domain called my_domain using WLST offline.

Example 3-2 shows how to migrate an existing per host Node Manager configuration to a per domain configuration located in DOMAIN_HOME/nodemanager.

Example 3-3 shows how to migrate an existing per host configuration located in /Oracle/Middleware/oracle_common/common/nodemanager to a per domain configuration located in /Oracle/Middleware/custom/nodemanager.

For information about available Node Manager options for the setOption command, see setOption in WLST Command Reference for Oracle WebLogic Server. For information about available Node Manager WLST commands, see Node Manager Commands in WLST Command Reference for Oracle WebLogic Server.

Example 3-1 Reconfiguring a WebLogic Domain

# Open the domain for upgrade.
wls:/offline> readDomainForUpgrade('c:/domains/my_domain')

# Save the updated domain.
wls:/offline/my_domain> updateDomain()

# Close the domain.
wls:/offline/my_domain> closeDomain()

If your existing domain is using a per host Node Manager and you want to move to a per domain Node Manager configuration, you have several options:

  • Create a per domain configuration in the default location (DOMAIN_HOME/nodemanager) by migrating an existing per host configuration.

  • Create a per domain configuration in the default location (DOMAIN_HOME/nodemanager) with a new configuration based on Oracle-recommended defaults.

  • Create a per domain configuration in a custom location by migrating an existing per host configuration.

  • Create a per domain configuration in a custom location with a new configuration based on Oracle-recommended defaults.

Example 3-2 Creating a New Node Manager Configuration in the Default Location

#Read domain for reconfiguration
readDomainForUpgrade('domains/mydomain')
 
#Set Node Manager username and password.
cd('/')
cd('SecurityConfiguration/mydomain')
cmo.setNodeManagerUsername('username')
cmo.setNodeManagerPasswordEncrypted('password')
 
#Browse Node Manager properties
cd('/')
cd('NMProperties')
 
# Create per domain Node Manager with new default configuration. Existing
# Node Manager properties will not be migrated in this case.
setOption('NodeManagerType','PerDomainNodeManager')
setOption('NodeManagerUpgradeType','New')
 
# Update the domain to commit the changes.
updateDomain()

Example 3-3 Migrating an Existing Configuration to a Custom Location

#Read domain for reconfiguration
readDomainForUpgrade('/domains/mydomain')
 
#Set Node Manager username and password.
cd('/')
cd('SecurityConfiguration/mydomain')
cmo.setNodeManagerUsername('username')
cmo.setNodeManagerPasswordEncrypted('password')
 
#Browse node manager properties
cd('/')
cd('NMProperties')
 
# Create custom location Node Manager, migrating an existing Node Manager
# configuration with default values for Oracle-recommended default properties.
setOption('NodeManagerType','CustomLocationNodeManager')
setOption('NodeManagerHome','/Oracle/Middleware/custom/nodemanager/')
setOption('NodeManagerUpgradeType','Migrate')
setOption('OldNodeManagerHome','/Oracle/Middleware/Oracle_Home/oracle_common/
common/nodemanager')
setOption('NodeManagerUpgradeOverwriteDefault','true')
 
# Update the domain to commit the changes.
updateDomain()

Completing the Node Manager Configuration

If the domain you reconfigured was using a per host Node Manager configuration and you want to continue using a per host Node Manager for the domain, you must complete a set of configuration tasks for Node Manager.

  1. In the new WebLogic Server installation, create the nodemanager directory in ORACLE_HOME/oracle_common/common.

  2. Copy the nodemanager.properties and nodemanager.domains files from the WL_HOME/common/nodemanager directory of your previous WebLogic Server installation to the directory you created in Step 1.

  3. If your previous installation includes an nm_data.properties, SerializedSystemIni.data, or security/SerializedSystemIni.dat file, copy it to the directory you created in Step 1. If copying SerializedSystemIni.dat, you must create a security directory under the nodemanager directory and store the file there.

  4. Make the following edits to the nodemanager.properties file, where ORACLE_HOME is the Oracle home directory for your WebLogic Server installation:

    • Update DomainsFile to point to ORACLE_HOME/oracle_common/common/nodemanager/nodemanager.domains file.

    • Update JavaHome to point to the jre directory for the JDK that you are using for WebLogic Server. If the file also contains a javaHome property setting (lower-case j), remove it as it is not needed.

    • Update NodeManagerHome to point to ORACLE_HOME/oracle_common/common/nodemanager.

    • Update LogFile to point to ORACLE_HOME/oracle_common/common/nodemanager/nodemanager.log.

  5. If you are using your own security certificates, verify that the location of those certificates is correct in nodemanager.properties. You may have to update the path if you moved the certificates to another location.

    If you were using the WebLogic Server demo certificate in your previous installation, you must run CertGen to create a demo keystore for this installation:

    1. Run setWLSEnv:

      cd WL_HOME/server/bin

      . ./setWLSEnv.sh (UNIX)

      setWLSEnv.cmd (Windows)

      Note:

      On UNIX operating systems, the setWLSEnv.sh command does not set the environment variables in all command shells. Oracle recommends that you execute this command using the Korn shell or bash shell.

    2. Change to the ORACLE_HOME/oracle_common/common/nodemanager/ directory and create a security directory if it does not exist.

    3. Change to the security directory and enter the following command:

      java utils.CertGen -certfile democert -keyfile demokey -keyfilepass DemoIdentityPassPhrase

    4. To generate the DemoIdentity.jks file, enter the following command:

      java utils.ImportPrivateKey -certfile democert.pem -keyfile demokey.pem -keyfilepass DemoIdentityPassPhrase -keystore DemoIdentity.jks -storepass DemoIdentityKeyStorePassPhrase -alias demoidentity

  6. From the ORACLE_HOME/wlserver/server/bin directory, run startNodeManager.cmd (Windows) or startNodeManager.sh (UNIX).

  7. Verify that you can start servers using Node Manager. See Using Node Manager to Control Servers in Administering Node Manager for Oracle WebLogic Server. To ensure that your permgen settings are adequate for starting the servers, you can use any one of the following methods:

    • Start the Managed Servers using the startManagedWebLogic script.

    • Use a setUserOverrides script to specify permgen settings for server startup. See Customizing Domain Wide Server Parameters in Administering Server Startup and Shutdown for Oracle WebLogic Server.

Completing the Node Manager Configuration (Two Per Host Node Managers)

If the domain you reconfigured was using a per host Node Manager configuration, you can continue using a per host Node Manager for the 14c domain on a machine that already has a per host Node Manager for the existing domain.

Complete the following steps on each machine in the domain:

Note:

Prior to performing the steps in this section, ensure that you have unpacked the domain to each remote machine in the domain. Include the -nodemanager_type=ManualNodeManagerSetup and -overwrite_domain=true parameters in the command. For example: 

./unpack.sh -domain=domain_home -template=template_jar -nodemanager_type=ManualNodeManagerSetup -overwrite_domain=true

  1. In the new WebLogic Server installation, create the nodemanager directory in ORACLE_HOME/oracle_common/common.

  2. Copy the nodemanager.domains and nodemanager.properties files from the WL_HOME/common/nodemanager directory of your previous WebLogic Server installation to the directory you created in Step 1. If any 12c domains are listed in the nodemanager.domains file, delete or comment out those lines.

  3. Edit the nodemanager.properties file as appropriate on each machine. In particular:

    • Verify that the SecureListener is set to true if using an SSL Node Manager, or is set to false if using a Plain Node Manager.

    • Change DomainsFile to point to ORACLE_HOME/oracle_common/common/nodemanager/nodemanager.domains.

    • Change PropertiesVersion to 14.1.2.0.0.

    • Change NodeManagerHome to ORACLE_HOME/oracle_common/common/nodemanager.

    • Change JavaHome to point to the jre directory for the Java installation that you are using for WebLogic Server 14.1.2.0.0.

    • Remove the javaHome line as it is not needed in 14c.

    • Change ListenPort to the value you specified on the Machines screen of the Configuration Wizard.

    • Change LogFile to the desired location and file name. The recommended value is ORACLE_HOME/oracle_common/common/nodemanager/nodemanager.log.

  4. If you are using your own security certificates, verify that the location of those certificates is correct in nodemanager.properties. If you moved the certificates to another location, you have to update the path.

    If you used the WebLogic Server demo certificate in your previous installation, you must run CertGen to create a demo keystore for this installation:

    1. Run setWLSEnv:

      cd WL_HOME/server/bin

      . ./setWLSEnv.sh (UNIX)

      setWLSEnv.cmd (Windows)

      Note:

      On UNIX operating systems, the setWLSEnv.sh command does not set the environment variables in all command shells. Oracle recommends that you execute this command using the Korn shell or bash shell.

    2. Change to the ORACLE_HOME/oracle_common/common/nodemanager/ directory and create a security directory if it does not exist.

    3. Change to the security directory and enter the following command:

      java utils.CertGen -certfile democert -keyfile demokey -keyfilepass DemoIdentityPassPhrase

    4. To generate the DemoIdentity.jks file, enter the following command:

      java utils.ImportPrivateKey -certfile democert.pem -keyfile demokey.pem -keyfilepass DemoIdentityPassPhrase -keystore DemoIdentity.jks -storepass DemoIdentityKeyStorePassPhrase -alias demoidentity

  5. From the ORACLE_HOME/wlserver/server/bin directory, start Node Manager.

  6. If the Administration Server is running, restart the Administration Server.

  7. Verify that you can start servers using Node Manager. See Using Node Manager to Control Servers in Administering Node Manager for Oracle WebLogic Server. To ensure that your permgen settings are adequate for starting the servers, you can use any one of the following methods:

    • Start the Managed Servers using the startManagedWebLogic script.

    • Set permgen space

    • Use a setUserOverrides script to specify permgen settings for server startup. See Customizing Domain Wide Server Parameters in Administering Server Startup and Shutdown for Oracle WebLogic Server.

Updating a Managed Server Domain on a Remote Machine

If your WebLogic domain contains multiple Managed Servers, and each Managed Server domain directory is located on a machine that is remote to the Administration Server host machine, you can use one of two methods to update the domain on the remote machine.

  • Use the pack command to generate the domain template JAR. Ensure that you include the -managed=true argument in the pack command. Move the JAR to the remote machine and then use the unpack command on the remote machine to create the Managed Server domain. See Creating Templates and Domains Using the Pack and Unpack Commands.

  • Use the WLST writeTemplate command in online mode. When you execute the writeTemplate command while connected to the Administration Server from a remote machine, it dynamically packs the domain on the Administration Server into a template JAR file and transfers the template JAR to the specified directory.

    The following sample WLST script demonstrates how to use writeTemplate to create or update a Managed Server domain on a remote machine. Run the script on each remote machine in the domain. This script does the following tasks:

    • logs in to the Administration Server

    • packs the Administration Server domain into a JAR file and writes it to the specified template directory on the remote machine

    • disconnects from the Administration Server

    • reads the template JAR

    • creates the domain on the remote machine

    import os
 
wlsHome = os.getenv('WL_HOME')
mwHome = os.path.join(wlsHome, '..')
 
#Substitute the administrator user name and password values below as needed
connect('adminuser','adminpassword','admin_server_url')
 
#Create the path on the local machine where the template will be stored, 
#The specified template JAR should not already exist. The timeout value 
#specifies the number of milliseconds to elapse before the connection between
#the Administration Server and remote machine times out (default is 120000).
templatePath = '/user_templates/myTemplate.jar'
timeout = 180000
 
#get the packed template from the Administration Server
writeTemplate(templatePath, timeout)
 
#disconnect from online WLST connection to the Administration Server
disconnect()
 
#read the template that was downloaded from the Administration Server
readTemplate(templatePath)
 
#specify the domain directory where the domain needs to be created
domainPath = 'domains/myDomain'
 
#create the domain
writeDomain(domainPath)

Important Notes About the Domain Upgrade Process

Bear in mind several key notes about the domain upgrade process, such as whether it is necessary to undeploy WebLogic Server applications, the minimum set of files that must exist in the domain directory, and more.

  • It is not always necessary to undeploy WebLogic Server applications. Usually, WebLogic Server applications can run without modifications in the new WebLogic Server 14.1.2.0.0 application environment. Run the WebLogic Migration Analysis Tool before an upgrade to identify classes and APIs are no longer in the new version and reports any that changes are required for the application to successfully deploy. For more information, see Identifying Unused APIs.

  • At a minimum, the domain directory must contain the following files:

    • config.xml

    • Security-related files, including SerializedSystemIni.dat, DefaultAuthenticatorInit.ldift, DefaultAuthorizerInit.ldift, and DefaultRoleMapperInit.ldift

      If the security-related files are not available, the server fails to start and an authentication error message is logged.

    • Any transaction log (.tlog) files that reside in the domain. See Using Transaction Log Files to Recover Transactions in Developing JTA Applications for Oracle WebLogic Server.

  • All contents of the domain directory on the target computer are updated during this process.

  • You must upgrade the domain on every computer in the application environment.

  • The Reconfiguration Wizard does not upgrade your own applications that may exist in the domain during a WebLogic domain upgrade.

  • Domains that contain resources for WebLogic Liquid Data, or AquaLogic Data Services Platform cannot be upgraded to WebLogic Server 14.1.2.0.0.

Completing Post-Upgrade Tasks

After you upgrade the application environment, it may be necessary to perform tasks such re-applying customizations to startup scripts, verifying file permissions and remote server startup options, and more.

This section includes the following topics:

Not all these steps are required for all situations. Review the sections to determine which, if any, of these steps are appropriate for your environment.

Changing Domain Mode Post Upgrade

After the upgrade, your domain retains its original pre-upgrade domain security mode settings. If you want to change the domain mode, to enable enhanced security, for example, you must explicitly change the settings using the WebLogic Remote Console or by modifying the DomainMBean.

If your domain is currently set to Production Mode, and you want to enable added security, then after the upgrade use the WebLogic Remote Console to change the domain mode and enable the Secured Production Mode. Change the Domain Mode in Oracle WebLogic Remote Console Online Help.

Caution:

Changes to the domain mode require a full domain restart - a rolling restart is not sufficient. You must stop all managed servers before you attempt to change the domain mode.

When upgrading a domain to 14c (14.1.2.0.0), if there is no explicit secure mode setting, then the Reconfiguration Wizard will explicitly set secure mode to disabled in the upgraded domain. This is to preserve the behavior that was present in the original domain. If there is an explicit secure mode setting, it will be preserved in the upgraded domain. For more information, see Understand How Domain Mode Affects the Default Security Configuration in Securing a Production Environment for Oracle WebLogic Server.

Note:

Secured Production Mode enforces more restrictive and stringent security settings to ensure less vulnerability to threats. To make sure that your domain is secure, after enabling Secured Production Mode, you will have to choose the security configuration options that are appropriate for the environment in which the domain runs, such as obtaining and storing certificates, protecting user accounts, and securing the network on which the domain runs. If these options are not properly configured, you will be blocked from using WebLogic Server.

After you have created your WebLogic domain, several key steps remain to ensure its integrity such as selecting appropriate security configurations. For more information, see Securing the Domain After You Have Created It in Administering Security for Oracle WebLogic Server.

Identifying Unused APIs

It is important to know which classes and APIs are no longer in the new version and to address any changes required for the application to successfully deploy. Use the WebLogic Migration Analysis Tool to identify these classes and APIs.

The WebLogic Migration Analysis Tool is a command line utility that identifies APIs in a WebLogic application that have been removed or are no longer used in WebLogic Server 14.1.2.0.0 and generates a report. The report is meant to show only those deletions that are on the classpath of a running WebLogic Server (such as weblogic.jar). The reports are not intended to report on all jar files that are missing in a class - just those associated with the WebLogic applications.

Note:

This report will not catch all potential problems associated with missing or deprecated APIs or classes. For example, if you are using reflection, this report will not detect it. Similarly, this report may state that a library has been removed and could cause and issue, but you may have your own copy of that library somewhere else.

To run the Migration Analysis Tool, execute the following:
java -jar $WL_HOME/server/lib/weblogic.migration-analysis-tool.jar <archive-file-name> <archive-2> <archive-3>
Where <archive-file-name> parameters are the files you want to analyze. For example:
java -jar $WL_HOME/server/lib/weblogic.migration-analysis-tool.jar /tmp/em_example.war

Re-apply Customizations to Startup Scripts

To complete the upgrade of your application environment to 14.1.2.0.0, it might be necessary to re-apply any customizations to startup scripts. The following sections describe how to customize the default startup scripts as well as any custom startup scripts.

Default Startup Scripts

The Reconfiguration Wizard does not carry forward any customizations that have been made to the default startup scripts, such as the setting of the JAVA_OPTIONS environment variable. After the upgrade process is complete, you must customize the default scripts again.

Custom Startup Scripts

To update custom startup scripts:

  • Set the JDK version to the JDK that you are using with WebLogic Server.

  • Update the CLASSPATH variable, as follows:

    • Add WebLogic Server 14.1.2.0.0 classes to the beginning of the variable.

    • Remove all unused WebLogic classes prior to version 10.3.

Verify File Permissions

Verify the file permissions, as follows:

  • If you backed up the domain directory as part of the upgrade, you must make your backup files secure because they might contain confidential information.

  • During the upgrade process, file permissions are not preserved. If nondefault file permissions are set on files, they must be verified and reset.

  • On a UNIX system, ownership and permissions for any new files created during the upgrade process are assigned to the user performing the upgrade. For example, if the upgrade is performed by root, then root is assigned ownership of any new files. As a result, any user who subsequently wants to update these files in the domain must have root privileges. You may want to review or modify the permissions on files created during the upgrade process.

Verify Remote Server Startup Options

When you start the Administration Server, verify that the remote server start options, such as JAVA_HOME, BEA_HOME, and CLASSPATH, reference the WebLogic Server installation on the target Managed Server. This can be accomplished using the WebLogic Server Remote Console, as described in Configure startup arguments for Managed Servers in Oracle WebLogic Server Remote Console Online Help.

Note:

If the remote server startup options are not set correctly, when attempting to start a Managed Server using Node Manager, messages similar to the following may be written to the log file. Because these messages may be sent recursively, they may eventually consume all space available on the drive.

No config.xml was found.

Would you like the server to create a default configuration and boot? (y/n): 
java.io.IOException: The handle is invalid

Recreating the Windows Node Manager Service

On Windows systems, if you were running Node Manager as a Windows service for your domain, you must reconfigure it if you want to continue using it.

For information about how to configure the Node Manager service for Windows, see Default Node Manager Configuration in Administering Node Manager for Oracle WebLogic Server.

Optionally, you can remove the Node Manager service from your installation by running uninstallNodeMgrSrv.cmd. See Default Node Manager Configuration in Administering Node Manager for Oracle WebLogic Server.

Promote the Application Environment to Production

Execute standard procedures for quality assurance and performance tuning before promoting an application environment to production. You should test the execution of your applications (including external client applications) in your test application environment. If your applications use APIs that have been deprecated or removed, then you may encounter warnings or exceptions at run time. If you do, you can make any required modifications before promoting your applications to production.

When all test criteria have been met, you can promote the application environment to production, as outlined in your upgrade plan (defined previously in Step 4: Create an Upgrade Plan).

When the new 14.1.2.0.0 application environment is deployed into production, you can start redirecting requests to the new environment from the existing environment. Gradually, you can bring the existing environment to a safe state for shutdown. This might be accomplished using a load balancer, for example.

Maintain FIPS 140-2 Compliance

As of WebLogic Server 14.1.2.0.0, the FIPS 140-2 compliant implementation of WebLogic Server changed to rely on the Jipher JCE and SunJSSE providers rather than the Dell JCE and Dell BSAFE JSSE providers (previously known as RSA JCE and RSA BSAFE JSSE).

If you wish to continue using FIPS mode following your upgrade, then you must update your environment to use the Jipher JCE and SunJSSE providers. See Enabling FIPS Mode with Jipher JCE and Sun JSSE Providers in Administering Security for Oracle WebLogic Server.

Additionally, you should remove the Dell JCE and Dell BSAFE JSSE providers from your WebLogic Server environment. See Removing Dell JCE and Dell BSAFE JSSE Providers in Administering Security for Oracle WebLogic Server.