Protecting changes in the Administration Console
Change management in a production environment is critical and has to be done with careful preparation and planning. WebLogic provides a way to save and later track all the changes made in its configuration.
This recipe focuses on how to enable the embedded configuration backup, how to enable the configuration changes audit, and how to automatically record a Jython script to all the changes made in the Administration Console that can be used later with WLST.
Getting ready
WebLogic Administration Server must be up and running.
How to do it...
Carry out the following steps to protect the configuration changes:
Access the Administration Console with your web browser at
http://prod01.domain.local:7001/console
.Click on the Preferences link.
Enable the following checkboxes:
Show Advanced Sections
Warn If User Holds Lock
Warn User Before Taking Lock
Click on the Save button.
Open the WLST Script Recording tab.
Enable the following checkboxes:
Append to File
Automatic Recording
Click on the Save button.
Obtain the configuration lock by clicking on Lock & Edit.
Click the
PROD_DOMAIN
link on the Domain Structure on the left.Choose Change Log and Audit in the Configuration Audit Type drop-down menu.
Enable the Configuration Archive Enabled checkbox.
Set the number of back files in the Archive Configuration Count text field. Type
250
as the value. The default value is50
.Click on the Save button.
Activate the changes by clicking on the Activate Changes button.
You will have to restart the Administration Server for the changes to take effect.
How it works...
The Preferences section changes will enable some messages in the Administration Console that will warn the user when the edit lock is already being used in another browser session. This is important in a production environment to avoid the changes being made by other administrators at the same time.
The WLST Script Recording changes will enable a Jython script to be recorded to every change made in the Administration Console. The script is recorded by default in the $DOMAIN_HOME
root directory with a filename Script*.py
.
With the backup configuration enabled, every time the domain configuration is modified, a JAR file containing the old configuration($DOMAIN_HOME/config/*
) will be archived until the limit of 250 archives as you defined in Archive Configuration Count. Change the value so it suits your needs. JAR will be saved in the directory $DOMAIN_HOME/configArchive/config-XXX.jar
. The lesser the XXX
number, the older the configuration archive is.
The audit configuration registers every step and change made in the Administration Server log file (.log
). The following example shows the wlsadmin
user changing the JTA timeout from 30
to 300
:
<BEA-159904><USER wlsadmin MODIFIED com.bea:Name=PROD_DOMAIN,Type=JTA ATTRIBUTE TimeoutSeconds FROM 30 TO 300>
There's more...
Enabling the protection changes can also be done through WLST.
Protecting changes using WLST
You can use WLST to make the exact same configuration changes. The exception is the Preferences section, which is a bunch of parameters from the Administration Console application and not from the WebLogic domain:
Log in as a
wls
user to shell and start WLST:[wls@prod01]$ $WL_HOME/common/bin/wlst.sh
Connect to the Administration Server using
wlsadmin
as the user,<pwd>
as the password, andt3://prod01.domain.local:7001
as the server URL:wls:/offline>connect("wlsadmin","<pwd>","t3://prod01.domain.local:7001")
Run the following WLST commands:
edit() startEdit() cmo.setConfigurationAuditType('logaudit') cmo.setConfigBackupEnabled(true) cmo.setArchiveConfigurationCount(250) save() activate() exit()
See also
Starting the Administration Server
Saving and activating changes in the Administration Console