Administration Console Online Help

Machines

[Attributes and Console Screen Reference for Machines]

A machine is a logical representation of the physical machine (computer) that hosts one or more WebLogic Server instances.

If you run Node Manager on a machine that does not host an Administration Server, as is typical in production environments, you must create a machine configuration for each computer that runs a Node Manager process. The machine configuration includes information about the listen address and port number that the Administration Server uses to connect with the Node Manager process running on that machine.

In a cluster, WebLogic Server uses machines to ensure that server session data is replicated on separate pieces of hardware.

If the computer runs a UNIX operating system, you can create a UNIX machine configuration, which enables you to assign the process under which a WebLogic Server instance runs to a user ID (UID) or group ID (GID). The WebLogic Server process is assigned (bound) to the UID or GID after the computer has carried out all privileged startup actions.

 

---

Tasks

Configuring a Machine

Click the Machines node. The Machines table displays in the right pane showing all the machines defined in the domain.
Click the Configure a New Machine link (or, if you are configuring a UNIX machine, click the Configure a New Unix Machine link). A dialog displays in the right pane showing the tabs associated with the new machine.
Enter a name for the new machine in the Name attribute field. This name is used to identify the machine within the WebLogic Server domain; it does not have to correspond to the machine's network name.

Note: The name must be unique in relation to all other configurable resources in the domain.

If you are creating a UNIX machine and you want to bind the processes under which WebLogic Server instances run to a user ID or group ID, do any of the following:
• To bind the server processes to a user ID, select Enable Post-Bind UID and enter the user ID in the Post-Bind UID box.
• To bind the server processes to a group ID, select Enable Post-Bind GID and enter the group ID in the Post-Bind GID box.
Click Create to create a machine instance with the name you specified. The new instance is added to the Machines node in the left pane.
Click the Node Manager tab to define the Node Manager connection and authentication attributes for the machine.

Enter the DNS name or IP address upon which Node Manager listens in the Listen Address box. If you identify the Listen Address by IP address, you must disable Host Name Verification on Administration Servers that will access Node Manager. For more information and instructions, see Using a Hostname Verifier in Managing WebLogic Security.

Click Apply to apply your changes.

Click the Servers tab to identify which Managed Servers reside on this machine. To assign an existing server to this machine, select the server name in the Available column, and click the appropriate arrow to move the server to the Chosen column.
Click Apply to apply your changes. The new machine entry now specifies the attributes required to connect to the Node Manager process running on the machine, as well as identify which WebLogic Server instances reside on the machine.

Cloning a Machine

Click the Machines node. The Machines table displays in the right pane showing all the machines defined in the domain.
Click the Clone icon in the row of the machine you want to clone. A dialog displays in the right pane showing the tabs associated with cloning a machine.
Enter a name for the new machine in the Name attribute field.
Click Clone to create a machine instance with the name you specified in the Name field. The new instance is added under the Machines node in the left pane.
Click the Node Manager tab and modify the connection information as needed.
Click the Servers tab and modify the list of servers that this machine hosts.
Click Apply to save the changes.

Deleting a Machine

Click the Machines node. The Machines table displays in the right pane showing all the machines defined in the domain.
Click the Delete icon in the row of the machine you want to delete. A dialog displays in the right pane asking you to confirm your deletion request.
Click Yes to delete the machine. The machine instance is deleted from the Machines node in the left pane.

Assign a WebLogic Server Instance to a Machine

Click the Machines node. The Machines table displays in the right pane showing all the machines defined in the domain
Click the name of the machine to which you wish to assign a server instance.
Click the Servers Tab in the right pane.
Select a server from the Available box.
Click the right arrow to move the server to the Chosen box.
Click Apply.

Monitoring Node Manager Status

Click the Machines node. The Machines table displays in the right pane showing all the machines defined in the domain
Click the name of the machine on which you wish to monitor Node Manager.
Click the Monitoring tab in the right pane. If Node Manager is currently running on the machine, the Node Manager Status tab displays the following information about the Node Manager process:
• State—current operating state
• BEA Home—the BEA home directory used by the Node Manager process when starting Managed Servers on the machine
• Java Home—the directory containing the JDK used by the Node Manager process
• Listen Address—the address upon which the Node Manager process listens for requests
• Listen Port—the port upon which the Node Manager process listens for requests
• CLASSPATH—the classpath defined on the machine
To view the contents of the Node Manager Log, click the Node Manager Log tab g tab in the right pane. If Node Manager is currently running on the machine, contents of the log file are displayed.

Monitoring Node Manager Log

Click the Machines node. The Machines table displays in the right pane showing all the machines defined in the domain
Click the name of the machine on which you wish to monitor Node Manager.
Click the Monitoring tab in the right pane.
To view the contents of the Node Manager Log, click the Node Manager Log tab g tab in the right pane. If Node Manager is currently running on the machine, contents of the log file are displayed.

Binding to Protected Ports on UNIX

On UNIX systems, only processes that run under a privileged user account (in most cases, root) can bind to ports lower than 1024. However, long-running processes like WebLogic Server should not run under these privileged accounts.

If you want a WebLogic Server instance to bind to protected ports (such as port 80), do either of the following:

• Start WebLogic Server instances from a non-privileged account and configure your firewall to use Network Address Translation (NAT) software to map protected ports to unprotected ones. BEA does not provide NAT software.
• For each WebLogic Server instance that needs access to privileged ports, configure the server to start under a privileged user account, bind to privileged ports, and change its user ID to a non-privileged account.

Note: WebLogic Server uses native code to change user IDs. To verify that this feature is supported for your UNIX platform, refer to "Supported Configurations."

To configure a server instance to bind to protected ports on UNIX:

Start the Administration Server for the domain.

See Starting Administration Servers.

Stop the server instances that you want to configure.
Create a UNIX machine and assign the server to the machine:
In the Administration Console, in the left pane, click on the Machines folder.
In the right pane, select the Configure a New Unix Machine link.
On the Create a New UNIX Machine page, in the Name field, enter a name for the new machine.

A machine represents the physical machine that hosts one or more WebLogic Server instances. BEA recommends that you create one UNIX machine for each UNIX host that runs instances of WebLogic Server.

The machine name is used for identification within the WebLogic Server domain; it does not have to correspond to the machine's network name.

Note: Assign a unique name to the machine. Each configurable resource in your WebLogic Server environment should have a unique name.

To specify a non-privileged user account under which the server instance runs, place a check mark in the Enable Post-bind UID field and enter the user ID in the Post-Bind UID field.

The user ID that you enter must have read, write, and execute privileges within the BEA Home directory, the WebLogic Server product directory tree, and your domain directory.

The default value of the Post-Bind UID field, nobody, is a standard UNIX account that provides the least possible privileges. While the nobody account is acceptable for use in a development environment, in a production environment, BEA recommends that you create an operating-system user account specifically for running instances of WebLogic Server. See "Securing the WebLogic Server Host."

To specify a non-privileged group instead of (or in addition to) providing a user ID, place a check mark in the Enable Post-bind GID field and enter the group ID in the Post-Bind GID field.
Click Create.
Select the Servers tab. Move each server instance that you want to run on this UNIX machine from the Available list to the Chosen list. Then click Apply.
If you want to use the Node Manager to start server instances on this UNIX machine, click the Node Manager tab and specify the address and listen port through which the Node Manager can be reached.

In a production environment, BEA recommends that you specify a listen port that is secured by SSL. See Binding to Protected Ports with Servers That a Node Manager Starts.

Click Apply to apply your changes.

Log in to the WebLogic Server host computer under an account that has access to protected ports.
Do either of the following for the server instances that you assigned to the UNIX machine:
• Start a WebLogic Server instance by invoking the weblogic.Server class or by invoking a script that invokes the class.

See Starting Administration Servers and Starting Managed Servers From a WebLogic Server Script.

• (For Managed Servers only) Start the Node Manager. Then use the Node Manager to start Managed Servers.

See "Starting and Stopping Node Manager" and Starting Managed Servers from the Administration Console.

The WebLogic Server instance starts under the privileged user ID. After it binds to ports, it invokes native code to change its user or group ID to the one you specified in the UNIX machine configuration.

Binding to Protected Ports with Servers That a Node Manager Starts

Node Manager is a small Java application that runs on WebLogic Server hosts and can start and stop instances of WebLogic Server. When Node Manager starts a server instance, the server instance starts under the same user account under which the Node Manager is running.

If you Node Manager to start server instances that bind to protected ports, you must run the Node Manager under a privileged account. If you configure a post-bind user ID or group for a server instance, after Node Manager starts a server, the server binds to ports and then changes the user account under which it runs.

In a production environment, BEA recommends that you do the following to secure Node Manager:

Configure the Node Manager to listen on a port that is secured by SSL.
In the Node Manager's nodemanager.hosts file, specify the host name of the Administration Server only.

See "Configuring Node Manager."

With the above configuration, Node Manager will accept requests only on a secure port and only from a single, known host.