From 9b7a2f01bbe4efb28df6548d3fc3d87b6d730352 Mon Sep 17 00:00:00 2001 From: "johnny.shum@oracle.com" Date: Sat, 29 Jun 2019 10:59:30 -0500 Subject: [PATCH 1/3] run decrypt for admin credentials before creating boot.properites as they may have encrypted. --- core/src/main/python/wlsdeploy/tool/create/domain_creator.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/core/src/main/python/wlsdeploy/tool/create/domain_creator.py b/core/src/main/python/wlsdeploy/tool/create/domain_creator.py index 1d9a763b73..b616260ece 100644 --- a/core/src/main/python/wlsdeploy/tool/create/domain_creator.py +++ b/core/src/main/python/wlsdeploy/tool/create/domain_creator.py @@ -1121,6 +1121,9 @@ def __create_boot_dot_properties(self): for server in servers: properties = Properties() + + admin_username = self.aliases.decrypt_password(admin_username) + admin_password = self.aliases.decrypt_password(admin_password) properties.put("username", encryptionService.encrypt(admin_username)) properties.put("password", encryptionService.encrypt(admin_password)) file_directory = self._domain_home + "/servers/" + server + "/security" From da05be2492fcce94908bee90c67a5d47118aea08 Mon Sep 17 00:00:00 2001 From: Johnny Shum Date: Tue, 2 Jul 2019 13:48:05 -0500 Subject: [PATCH 2/3] remove ceating boot.properties for now since it doesn't work for dynamic servers and may be a risk for production system --- core/src/main/python/wlsdeploy/tool/create/domain_creator.py | 1 - 1 file changed, 1 deletion(-) diff --git a/core/src/main/python/wlsdeploy/tool/create/domain_creator.py b/core/src/main/python/wlsdeploy/tool/create/domain_creator.py index b616260ece..e56ada2539 100644 --- a/core/src/main/python/wlsdeploy/tool/create/domain_creator.py +++ b/core/src/main/python/wlsdeploy/tool/create/domain_creator.py @@ -167,7 +167,6 @@ def create(self): self.__fail_mt_1221_domain_creation() self.__create_domain() self.__deploy() - self.__create_boot_dot_properties() self.logger.exiting(class_name=self.__class_name, method_name=_method_name) return From 71ca7806dc1cd41cd3b60b5da7b06f5a8a90dfe0 Mon Sep 17 00:00:00 2001 From: Johnny Shum Date: Wed, 3 Jul 2019 10:02:44 -0500 Subject: [PATCH 3/3] Refactor code and only generate boot.properties when not in production mode --- .../wlsdeploy/aliases/model_constants.py | 1 + .../wlsdeploy/tool/create/domain_creator.py | 24 +++++++++++++++---- 2 files changed, 20 insertions(+), 5 deletions(-) diff --git a/core/src/main/python/wlsdeploy/aliases/model_constants.py b/core/src/main/python/wlsdeploy/aliases/model_constants.py index b0b287be2a..e639f6a91f 100644 --- a/core/src/main/python/wlsdeploy/aliases/model_constants.py +++ b/core/src/main/python/wlsdeploy/aliases/model_constants.py @@ -184,6 +184,7 @@ PLAN_DIR = 'PlanDir' PLAN_PATH = 'PlanPath' PROPERTIES = 'Properties' +PRODUCTION_MODE_ENABLED='ProductionModeEnabled' QUEUE = 'Queue' QUOTA = 'Quota' REALM = 'Realm' diff --git a/core/src/main/python/wlsdeploy/tool/create/domain_creator.py b/core/src/main/python/wlsdeploy/tool/create/domain_creator.py index e56ada2539..9441f48db4 100644 --- a/core/src/main/python/wlsdeploy/tool/create/domain_creator.py +++ b/core/src/main/python/wlsdeploy/tool/create/domain_creator.py @@ -9,6 +9,7 @@ from java.util import Properties from oracle.weblogic.deploy.create import RCURunner from oracle.weblogic.deploy.util import WLSDeployArchive, FileUtils +from wlsdeploy.util import string_utils from wlsdeploy.aliases.location_context import LocationContext from wlsdeploy.aliases.model_constants import ADMIN_PASSWORD from wlsdeploy.aliases.model_constants import ADMIN_SERVER_NAME @@ -48,6 +49,7 @@ from wlsdeploy.aliases.model_constants import PARTITION from wlsdeploy.aliases.model_constants import PASSWORD from wlsdeploy.aliases.model_constants import PASSWORD_ENCRYPTED +from wlsdeploy.aliases.model_constants import PRODUCTION_MODE_ENABLED from wlsdeploy.aliases.model_constants import RCU_ADMIN_PASSWORD from wlsdeploy.aliases.model_constants import RCU_DB_CONN from wlsdeploy.aliases.model_constants import RCU_DB_INFO @@ -167,6 +169,7 @@ def create(self): self.__fail_mt_1221_domain_creation() self.__create_domain() self.__deploy() + self.__create_boot_dot_properties() self.logger.exiting(class_name=self.__class_name, method_name=_method_name) return @@ -1104,6 +1107,16 @@ def _configure_security_configuration(self): def __create_boot_dot_properties(self): _method_name = '__create_boot_dot_properties' self.logger.entering(class_name=self.__class_name, method_name=_method_name) + + if SERVER_START_MODE in self._domain_info: + server_start_mode = self._domain_info[SERVER_START_MODE] + if server_start_mode == 'prod' or server_start_mode == 'PROD': + return + + if PRODUCTION_MODE_ENABLED in self._topology: + if string_utils.to_boolean(self._topology[PRODUCTION_MODE_ENABLED]): + return + systemIni = SerializedSystemIni.getEncryptionService(self._domain_home) encryptionService = ClearOrEncryptedService(systemIni) admin_password = self._domain_info[ADMIN_PASSWORD] @@ -1118,13 +1131,14 @@ def __create_boot_dot_properties(self): name = self.wlst_helper.get_quoted_name_for_wlst(model_name) servers.append(name) + admin_username = self.aliases.decrypt_password(admin_username) + admin_password = self.aliases.decrypt_password(admin_password) + encrypted_username = encryptionService.encrypt(admin_username) + encrypted_password = encryptionService.encrypt(admin_password) for server in servers: properties = Properties() - - admin_username = self.aliases.decrypt_password(admin_username) - admin_password = self.aliases.decrypt_password(admin_password) - properties.put("username", encryptionService.encrypt(admin_username)) - properties.put("password", encryptionService.encrypt(admin_password)) + properties.put("username", encrypted_username) + properties.put("password", encrypted_password) file_directory = self._domain_home + "/servers/" + server + "/security" file_location = file_directory + "/boot.properties" if not os.path.exists(file_directory):