storeUserConfig caveats
While creating a small startup script for nodemanager on my test setup (to prevent me from having to start nodemanager manually all the time) I figured storing the clear text password in the script was a bad practice. Therefore I wanted to use the storeUserConfig command in WLST to store the username and password in a user configuration file and an associated key file.
You would expect that to be not too exciting, but some caveats arose. First you have to connect nodemanager
wls:/offline> nmConnect('nodemanager','Welkom01','wls1.area51.local',5556,'hs_test');
Successfully Connected to Node Manager.
Then you can store the configuration:
wls:/nm/hs_test> storeUserConfig(userConfigFile='/u01/app/oracle/admin/nodemanager/nodemanager.config', userKeyFile='/u01/app/oracle/admin/nodemanager/nodemanager.keyfile'); Currently connected to Node Manager to monitor the domain hs_test. You will need to be connected to a running WLS or Node Manager to execute this command
mmmm… that was unexpected. Seems you have to pass an extra argument to mention that you are only connected to the nodemanager
storeUserConfig(userConfigFile='/u01/app/oracle/admin/nodemanager/nodemanager.config', userKeyFile='/u01/app/oracle/admin/nodemanager/nodemanager.keyfile',nm='true'); Currently connected to Node Manager to monitor the domain hs_test. Creating the key file can reduce the security of your system if it is not kept in a secured location after it is created. Do you want to create the key file? y or ny The username and password that were used for this WebLogic NodeManager connection are stored in /u01/app/oracle/admin/nodemanager/nodemanager.config and /u01/app/oracle/admin/nodemanager/nodemanager.keyfile .
Now that is all cool, next if you should be able to connect to nodemanager without specifying a username and password:
wls:/offline> nmConnect(userConfigFile='/u01/app/oracle/admin/nodemanager/nodemanager.config', userKeyFile='/u01/app/oracle/admin/nodemanager/nodemanager.keyfile', host='wls1.area51.local', port=5556, domainName='hs_test'); Connecting to Node Manager ... Traceback (innermost last): File "", line 1, in ? File "", line 123, in nmConnect File "", line 648, in raiseWLSTException WLSTException: Error occured while performing nmConnect : Cannot connect to Node Manager. : Access to domain 'hs_test' for user 'weblogic' denied Use dumpStack() to view the full stacktrace
Ehhrmm… that sort of sucks. Seems that the username is defaulted to weblogic all of the sudden. Well that sucks, that implies that you cannot use the stored configuration if your username is not weblogic (like in my case). Bummer… (I just hope I am wrong)
Hope this helps.
And thanks to Peter van Nes to learn me how to use the sourcecode setting in wordpress.
Oracle MVA 
Hi Jacco,
As far as I can see you can connect with the encrypted credentials to the NodeManager that are different than the one used for connecting to the WebLogic domain. I tested this in my environment and connecting to the NodeManager with a different username and password than for the domain works.
I was also capable of reproducing your error in my environment, I’m not sure if you had the same issue but let’s see.
First of all I did a fresh start of my wlst session and then executed the nmConnect command like you did with the stored credentials. Connecting to the NodeManager was successfully.
wls:/offline> nmConnect(userConfigFile=’/u02/user_projects/keys/nm_domain.configFile’,userKeyFile=’/u02/user_projects/keys/nm_domain.keyFile’,domainName=’nm_domain’,host=’wls01′)
Connecting to Node Manager …
Successfully Connected to Node Manager.
Now for the reproduction of your error, in the userConfigFile property I made a type nm_domain1.configFile instead of nm_domain.configFile:
As you can see I made a mistake in the location of the userConfigFile. When I correct my mistake with the correct nmConnect command, which proved correct in my earlier session, the nmConnect still fails. In my opinion the nmConnect command doesn’t read the userConfigFile again but still keeps the originally used user from the last command to connect to the NodeManager.
With a new session the correct nmConnect still shows that a connection to the NodeManager is possible without errors.
If you have the error I had, the one with the type and before doing the nmConnect again you execute nmDisconnect() a new nmConnect without typos execute correct. So in my opinion a nmDisconnect releases the earlier userName.
I’m note sure if you had a similar scenario as I had but I expect that Nodemanager is not releasing its username in a failure situation which gives the errors you had.
B.t.w., if you have doubts about the contents of the encrypted file you can retrieve the contents with some java code.
Kind regards,
Oscar
Oscar Bell
January 11, 2013 at 8:24 pm
Hi Oscar,
Thanks for your extensive reply. I might have had a typo in my first attempt to connect to the nodemanager with the keys (and not restart the session). Your scenario is reproducible for me.
Thanks!
Jacco H. Landlust
January 12, 2013 at 2:18 pm
It will work if you create a user called weblogic as your nodemanager user
David Rice
March 13, 2013 at 2:35 pm
Hi Jacco
A workaround is to set AuthenticationEnabled to false in your nodemanager.properties.
But of course, it’s a workaround, not a solution
Kind regards
Michel
mnemonic01
April 16, 2013 at 3:52 pm
Interestingly enough, the nmConnect() string seems to have a 256 char limit. If you exceed this limit, you won’t be able to use nmConnect.
Btw, the solution above worked, with a non-weblogic NM admin user. Thanks, it’s not even funny how I keep stumbling across this blog and people commenting on it 🙂
Sandeep S
April 30, 2014 at 11:54 pm