Sunday, December 18, 2016

Finding the Eclipse test client URL

Generate a bottom-up web service and deploy to Eclipse Tomcat, and the internal browser automatically pops up:


Now, what if you close that browser? Well you're in a predicament, you either have to:
- regenerate the test client project
- guess the URL of the sample test project

This caused me much grief, so for reference, here's the URL:
http://localhost:/Client/sampleProxy/TestClient.jsp
Where your port is either the Tomcat port or the monitor port.
Posted by at No comments:

Friday, July 8, 2016

Oracle Linux & yum

Recently my wife had brought back a laptop with an Oracle Linux VM running on VMWare Fusion. It was based off RHEL 4.4 which I thought was pretty darned old. She was undergoing training at her new job and the class were trying to install the "screen" command with yum. Apparently not even the trainer could figure out how to get "yum" to work.

The first thing I noticed was the Red Hat subscription message:
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
Setting up Install Process
No package screen available.

I'd never setup an RHEL OS before, so I looked for online repos to add to yum.repos.d, and tried to enable the "rhel-source" repo that was available by default, but no dice.

After a bit of playing around, I realized I had to activate Red Hat subscription. I was quite surprised the company would give out VMs with expired/no subscriptions to freshies, for training! Instructions here: https://access.redhat.com/solutions/253273

First you have to create an account on the Red Hat portal. You can choose "Personal" or "Corporate", this confused me for awhile because you can't get an Evaluation Subscription without a corporate email address. This was restrictive based on the email address you provided (I gave a gmail account), but then changed it to her company's provided one. Then you have to activate the subscription, otherwise you'll get: <user> cannot register with any organizations. Once you have a subscription, you'll be able to run "yum install screen" (or any package for that matter!)

Hope this helps someone!
Posted by at No comments:

Sunday, June 19, 2016

Java 7 and SSL

We faced this at work a few days ago.
We run a Java standalone application, with embedded JBoss. It runs on Java 7. One of our customers insisted on TLSv1.2 protocol for their server.
Now, the issue with this is Java 8 has TLSv1.2 enabled by default. Java 7 doesn't, it's only got SSLv2 and 3 enabled by default.
Typically, just setting something like "-Ddeployment.security.TLSv1.2=true" to run your application would be sufficient, however our coders actually hardcoded the SSL context so this never worked...
Posted by at No comments:

Monday, April 18, 2016

Docker Machine on Windows

After having so much fun with running Docker in a Virtualbox VM, I decided to explore Docker's solution to running Docker on Windows. Turns out, there's really not much different, apart from using 'docker-machine create' to link Windows Docker commands to the VM one.

I run the Docker Quickstart terminal, which creates a 'default' VM under IP 192.168.99.100, with Docker installed and daemon running on port 2376. It has a NAT Network Adapter, with a randomly forwarded port (e.g. 56858) to guest port 22. It also creates a Host-Only Network Adapter in Virtualbox, named "Virtualbox Host-Only Ethernet Adapter", and this has a DHCP server enabled to distribute IPs. The adapter has an IP address of "192.168.99.1". The rest looks like this:



I had to figure all this out myself, and I really wish all this information was just laid out from the start on the Docker documentation.

My goal was to create a Virtualbox VM, and hook up Windows Docker commands to it. This gives me the flexibility of starting a VM via Vagrant, and not having to use boot2docker OS. Seems logical to me.

First, this line is required in Vagrantfile:
config.vm.network "private_network", type: "dhcp"


This will create a Host-Only network for you, meaning the VM will have an IP assigned by Virtualbox's DHCP server. I don't know about you, but I get an automatically assigned IP: 172.28.128.1

Then you need to somehow automatically determine this IP. You can use this:
"vagrant ssh -c "ip address show eth1 | grep 'inet ' | sed -e 's/^.inet //' -e 's/^([0-9.]+)./\1/'"

Note how I assume 'eth1'. This is because I expect to only have 2 adapters, and eth0 is used by the NAT adapter.

Knowing the IP of your VM, you can run this on Windows (you must pass in the private key to generic-ssh-key):
docker-machine -D create --driver generic --generic-ssh-user root --generic-ssh-key myfolder/id_rsa --generic-ip-address 172.28.128.4 --generic-ssh-port 22 myserver


But then you may encounter this:
Error running SSH command: exit status 127

This actually requires you to put your public key into the 'authorized_keys' file for that user (in my case, root) on your VM.

After that, you may get this:
Reading server key from C:\Users\Alkaiser\.docker\machine\machhefserver\server-key.pem
Error creating machine: Error checking the host: Error checkinor regenerating the certs: There was an error validating certis for host "172.28.128.4:2376": dial tcp 172.28.128.4:2376: i/out
You can attempt to regenerate them using 'docker-machine regencerts [name]'.
Be advised that this will trigger a Docker daemon restart whic stop running containers.


Other users suggest you have a conflicting Host-Only adapter. I wouldn't rule this out, however it is more likely your TCP connection is being blocked. You can validate this by running "telnet 172.28.128.4 2376". This should connect because the Docker daemon is listening on that port. If this doesn't work, it means your VM is blocking that port. On CentOS7, I unblock it by using:
firewall-cmd --permanent --zone=public --add-port=2376/tcp; systemctl restart firewalld


Now you should get (with debug output):
Docker is up and running!
Reticulating splines...
(chefserver) Calling .GetConfigRaw
To see how to connect your Docker Client to the Docker Engine g on this virtual machine, run: D:\Program Files\Docker Toolboer-machine.exe env chefserver
Making call to close driver server
(chefserver) Calling .Close
Successfully made call to close driver server
Making call to close connection to plugin binary
Making call to close driver server
(flag-lookup) Calling .Close
Successfully made call to close driver server
Making call to close connection to plugin binary


Have fun with your custom Docker machine!
Posted by at No comments:

Friday, February 12, 2016

Setting up Chef with Vagrant box

I certainly ran into some frustrating scenarios with this setup, either because my Engrish isn't good, or documentation isn't as comprehensible as it should be (for Chef).
Here's what I wanted to achieve:
- Vagrantfile to spin up a Virtualbox instance
- Chef Server on Virtualbox instance
- Chef Client on Windows workstation

This was my guide, pretty good one at that: https://www.digitalocean.com/community/tutorials/how-to-set-up-a-chef-12-configuration-management-system-on-ubuntu-14-04-servers
1. I create a simple Vagrantfile with 'vagrant init'. Easy.
Also I note the default Vagrantfile has some stuff about setting up Chef Solo and linking to an existing Chef Server. However it has nothing along the lines of creating my own Chef Server in the Vbox instance. Shame...
2. 'vagrant up' and follow steps on digitalocean website. I skipped adding a hostname initially since vagrant instances already add the hostname to 127.0.0.1, but later added it in during troubleshooting. Shouldn't make any difference unless SSH-ing from a machine not on localhost.
3. Install Chef Server using rpm, then ran chef-server-ctl reconfigure, takes 10-15 minutes but all seemed functional.

It comes around to Chinese New Year and some spring cleaning was in order, so my PC gets shut off. I now start up my VBox instance again, but I wonder how to start the chef-server, if that's even necessary.
So I do some googling and find it's started with 'chef-server-ctl reconfigure', and I run this. However after a few hours, NOTHING HAPPENS. Nothing in /etc/init.d either. Turns out it's using an embedded nginx server...surely it's not this hard?
After a night's sleep, I figure out why. It's because vagrant started my virtualbox instance with 633MB of memory. Bugger that! I also missed this part: The Chef documentation tells us that your Chef server should have at least 4 cores and 4 GB of RAM; That's quite a bit...anyway I bumped it up to 2GB and reconfigure takes a couple of minutes, yay!

4. Create a simple chef-repo, put it in git. Setup Chef DK on my Windows PC. So far so good.
5. Create a couple of .pem files on server as per guide. I just copy them over to workstation via /vagrant folder, no biggie.
6. Create knife.rb in my .chef folder, and run knife client list. But instead of "certificate verify failed" like the guide says, I get "unknown protocol". Continuing to the next step, "knife ssl fetch", that yields the same result. Ah shit, I've now skipped some of the previous steps like setting up SSH keys, where have I gone wrong!
7. I setup all my SSH keys, setup hosts in /etc/hosts like a studious boy, and make sure normal SSH works like 'vagrant ssh' would...oh right default vagrant SSH port is '2222', maybe that could be it...
But if you look at the knife.rb file, it looks like this:

current_dir = File.dirname(__FILE__)
log_level                :info
log_location             STDOUT
node_name                "admin"
client_key               "#{current_dir}/admin.pem"
validation_client_name   "digitalocean-validator"
validation_key           "#{current_dir}/digitalocean-validator.pem"
chef_server_url          "https://server_domain_or_IP/organizations/digitalocean"
syntax_check_cache_path  "#{ENV['HOME']}/.chef/syntaxcache"
cookbook_path            ["#{current_dir}/../cookbooks"]

Hmmm, but it's using "https" so it must use port 443, and it's not using SSH...ok so nginx is exposing a chef webservice on port 443.
Maybe my certs were generated with the wrong host in /etc/hosts file...I regenerate the .pem files and put them in my .chef folder...no that ain't working either!!
Oh. I haven't port forwarded port 443 from Virtualbox. So I set my host port to 4443 and guest to 443. Voila that let me use 'knife ssl fetch'! 'knife client list' is showing me what I want too.
8. I run this command:
knife bootstrap vagrant-centos65.vagrantup.com:2222 -N testing -x vagrant -P vagrant --sudo --use-sudo-password
It starts up Chef Client version 12.7.0 and does this:

vagrant-centos65.vagrantup.com      [2016-02-11T17:37:09+00:00] ERROR: Error connecting to https://vagrant-centos65.vagrantup.com:4443/organizations/myapp/nodes/testing, retry 1/5
vagrant-centos65.vagrantup.com      [2016-02-11T17:38:17+00:00] ERROR: Error connecting to https://vagrant-centos65.vagrantup.com:4443/organizations/myapp/nodes/testing, retry 2/5
vagrant-centos65.vagrantup.com      [2016-02-11T17:39:25+00:00] ERROR: Error connecting to https://vagrant-centos65.vagrantup.com:4443/organizations/myapp/nodes/testing, retry 3/5
vagrant-centos65.vagrantup.com      [2016-02-11T17:40:33+00:00] ERROR: Error connecting to https://vagrant-centos65.vagrantup.com:4443/organizations/myapp/nodes/testing, retry 4/5
vagrant-centos65.vagrantup.com      [2016-02-11T17:41:41+00:00] ERROR: Error connecting to https://vagrant-centos65.vagrantup.com:4443/organizations/myapp/nodes/testing, retry 5/5
vagrant-centos65.vagrantup.com
vagrant-centos65.vagrantup.com      ================================================================================
vagrant-centos65.vagrantup.com      Chef encountered an error attempting to load the node data for "testing"
vagrant-centos65.vagrantup.com      ================================================================================
vagrant-centos65.vagrantup.com
vagrant-centos65.vagrantup.com      Networking Error:
vagrant-centos65.vagrantup.com      -----------------
vagrant-centos65.vagrantup.com      Error connecting to https://vagrant-centos65.vagrantup.com:4443/organizations/myapp/nodes/testing - Connection timed out - connect(2) for "vagrant-centos65.vagrantup.com" port 4443
vagrant-centos65.vagrantup.com
vagrant-centos65.vagrantup.com      Your chef_server_url may be misconfigured, or the network could be down.

Oh noooo what's happening...what's worse is if I "Ctrl+C" out of the timeout I get this:
vagrant-centos65.vagrantup.com [2016-02-11T17:29:17+00:00] WARN: Chef client 18958 is running, will wait for it to finish and then run.
Firstly, what is this PID? "ps -ef" on Cygwin, and Task Manager doesn't show any PID anywhere near that number.
I find this blog and start searching for a "chef-client-running.pid" file on my system. The code references on the blog look a little outdated so I search the code for references to that file, and I find this: 

/cygdrive/c/opscode
$ grep -ir "chef-client-running.pid"
...
chef/embedded/lib/ruby/gems/2.0.0/gems/chef-12.6.0-universal-mingw32/spec/unit/run_lock_spec.rb:  default_pid_location = windows? ? 'C:\chef\cache\chef-client-running.pid' : '/var/chef/cache/chef-client-running.pid'

Sure enough, there's a PID file in that location. I delete the file and re-run knife.
Knife didn't seem to care about that file, it still presented itself with the "will wait for it to finish" message. After a day of hunting around on my system, I take a pause and realize 'knife' is actually doing an SSH to my Virtualbox instance, and running chef-client there! I run 'vagrant ssh' and a 'ps -ef | grep chef' on the server and yes, there's that dang PID!
Alright so now I can break out of a hanging knife. But why's it hanging? Turns out when I use port "443" to access this URL "https://vagrant-centos65.vagrantup.com/organizations/myapp" it all works. I'm guessing the certificates that were generated force us to use port 443 on the host machine ... either that or knife bootstrap really wants to use port 443. Anyway that resolved the problem and now I get: 

~/myapp/gitrepo/chef-repo
$ knife bootstrap -V vagrant@vagrant-centos65.vagrantup.com:2222 -N testing -x vagrant -P vagrant --sudo --use-sudo-password
INFO: Using configuration from D:/cygwin64/home/Alkaiser/myapp/gitrepo/chef-repo/.chef/knife.rb
Doing old-style registration with the validation key at D:/cygwin64/home/Alkaiser/myapp/gitrepo/chef-repo/.chef/myapp-validator.pem...
Delete your validation key in order to use your user credentials instead

Connecting to vagrant-centos65.vagrantup.com:2222
vagrant-centos65.vagrantup.com      -----> Existing Chef installation detected
vagrant-centos65.vagrantup.com      Starting the first Chef Client run...
vagrant-centos65.vagrantup.com      Starting Chef Client, version 12.7.0
vagrant-centos65.vagrantup.com
vagrant-centos65.vagrantup.com      ================================================================================
vagrant-centos65.vagrantup.com      Chef encountered an error attempting to load the node data for "testing"
vagrant-centos65.vagrantup.com      ================================================================================
vagrant-centos65.vagrantup.com
vagrant-centos65.vagrantup.com      Authentication Error:
vagrant-centos65.vagrantup.com      ---------------------
vagrant-centos65.vagrantup.com      Failed to authenticate to the chef server (http 401).
vagrant-centos65.vagrantup.com
vagrant-centos65.vagrantup.com      Server Response:
vagrant-centos65.vagrantup.com      ----------------
vagrant-centos65.vagrantup.com      Failed to authenticate as 'testing'. Ensure that your node_name and client key are correct.
vagrant-centos65.vagrantup.com
vagrant-centos65.vagrantup.com      Relevant Config Settings:
vagrant-centos65.vagrantup.com      -------------------------
vagrant-centos65.vagrantup.com      chef_server_url   "https://vagrant-centos65.vagrantup.com/organizations/myapp"
vagrant-centos65.vagrantup.com      node_name         "testing"
vagrant-centos65.vagrantup.com      client_key        "/etc/chef/client.pem"
vagrant-centos65.vagrantup.com
vagrant-centos65.vagrantup.com      If these settings are correct, your client_key may be invalid, or
vagrant-centos65.vagrantup.com      you may have a chef user with the same client name as this node.
vagrant-centos65.vagrantup.com
vagrant-centos65.vagrantup.com
vagrant-centos65.vagrantup.com      Running handlers:
vagrant-centos65.vagrantup.com      [2016-02-13T05:22:44+00:00] ERROR: Running exception handlers
vagrant-centos65.vagrantup.com      Running handlers complete
vagrant-centos65.vagrantup.com      [2016-02-13T05:22:44+00:00] ERROR: Exception handlers complete
vagrant-centos65.vagrantup.com      Chef Client failed. 0 resources updated in 07 seconds
vagrant-centos65.vagrantup.com      [2016-02-13T05:22:44+00:00] FATAL: Stacktrace dumped to /var/chef/cache/chef-stacktrace.out
vagrant-centos65.vagrantup.com      [2016-02-13T05:22:44+00:00] FATAL: Please provide the contents of the stacktrace.out file if you file a bug report
vagrant-centos65.vagrantup.com      [2016-02-13T05:22:44+00:00] ERROR: 401 "Unauthorized"
vagrant-centos65.vagrantup.com      [2016-02-13T05:22:44+00:00] FATAL: Chef::Exceptions::ChildConvergeError: Chef run process exited unsuccessfully (exit code 1)

Unauthorized? Oh I registered the node and removed the node from my client so I could reproduce this for my blog...ehem. This kind soul here helped me figure it out. Delete /etc/chef/client.pem from your server and re-run knife bootstrap. Now I get "Chef Client finished, 0/0 resources updated in 09 seconds", alright!

Now I want to run some playbooks. More frustration...
8. Run "knife cookbook upload -a". This actually required me to manually clone the different dependant projects (e.g. Tomcat relies on Java which relies on yum-epel and openssl etc.) before this would even work. Surely there's an automated way to do this...?
UPDATE: Just so I don't confuse anyone, yes you can do this with "knife cookbook site install COOKBOOK_NAME [COOKBOOK_VERSION] (options)"
9. Run "knife node edit testing" to update the run list, so I can actually install stuff. Instead I get this
ERROR: RuntimeError: Please set EDITOR environment variable
So I find out I have to set knife[:editor] in my knife.rb file. I set it to the long filepath to Notepad++.exe, however I just keep getting the same error, or this:
syntax error, unexpected tSTRING_BEG, expecting end-of-input
Argh...so in the end I finally found this:
https://tickets.opscode.com/browse/CHEF-4503
Looks like you MUST set the value to a Windows shortname using 8.3 notation. It ended up looking like this (the options are mandatory for this to work):
knife[:editor] = "D:\\PROGRA~1\\NOTEPA~1\\NOTEPA~1.EXE -nosession -multiInst"

Where on earth is this in the documentation for that here https://docs.chef.io/config_rb_knife.html??? For the love of ...
10. Run "chef-client" as root on the target server. Hm can't I manage the node remotely? Yes you can, I ended up with this:
knife ssh "name:testing" "sudo chef-client" -x vagrant -p 2222
In the end you get this:
Running handlers:
Running handlers complete
Chef Client finished, 14/15 resources updated in 04 minutes 51 seconds

Yay!
Extra point: I had to add the same version of the Guest Additions ISO that I had on my base box to my Vagrantfile. For 4.3.14 for example, I downloaded it from here: http://download.virtualbox.org/virtualbox/4.3.14/VBoxGuestAdditions_4.3.14.iso, and put in the Vagrantfile this config: config.vbguest.iso_path=
Posted by at No comments:

Wednesday, January 27, 2016

Corsair Void Headset

Short post in case anyone has the same product.
Bought a Corsair VOID RGB headset at $180, looks and sounds great! http://www.corsair.com/en-us/landing/void
I'd be playing music and suddenly I'd get my microphone beeping red rapidly, and a few seconds later it'd just shut off. I'd turn it on again and the side lights wouldn't go on...
I saw a setting on the CUE control panel called "Disable auto shutoff" disabled, which I find really weird for a default setting. Anyway I've now enabled it, hopefully I don't face the issue anymore!
Posted by at No comments:

Thursday, January 21, 2016

Setting up webserver on RasPi

This shouldn't have been a headache, but it sure was!
The idea was:
1. Get a domain
2. Put my site content on RasPi
3. Profit
I'd recently moved to Singapore from Australia, so naturally a new router. I'm actually surprised by the amount of changes I needed to move from my previous DLink router to the new DLink router. Anyway this is what I ended up having:

auto lo

iface lo inet loopback
iface eth0 inet dhcp

wireless-power off
allow-hotplug wlan0
auto wlan0

iface wlan0 inet manual
   wireless-essid 'MyInternetz'
   wpa-roam /etc/wpa_supplicant/wpa_supplicant.conf

iface home inet static
   address 192.168.0.250
   netmask 255.255.255.0
   network 192.168.0.0
   gateway 192.168.0.1

iface default inet dhcp

I'd actually struggled with stability with the RasPi. The keywords are "wireless-power off". The /var/logs/network said nothing about power saving...
So I go on to buy a domain off NameCheap, and learn a thing or two about CNAMEs. Hence I create one that points to my IP...oh hang on, I need a static IP which typically means I need to pay my ISP a few more dollars...lets not.

I set up NoIP and use their dynamic IP updater so I can set a hostname which points to my dynamic IP. This is where I then realize my ISP has some paranoia issues and blocked port 80! No problem, I'll setup a URL Redirect record in NoIP, then on NameCheap my CNAME can point to this URL Redirect. If only it were that simple, it doesn't look like CNAMEs can point to URL Redirects, not quite sure why this doesn't work...

Luckily, NameCheap have their own dynamic IP updater which I hadn't realized earlier, so I scrap the NoIP idea. This creates an A+ dynamic DNS record which points to my dynamically updated IP. Unfortunately, this still means I can't use port 80, because CNAMEs don't accept ports, and neiher does the dynamic IP updater...I've decided to live with specifying ports for now.
Posted by at 2 comments:

Tuesday, January 5, 2016

What I find wrong with MacOS

Just a rant. Since using a Mac I question why all the hype about using Macs over Windows. There are interface problems that persist that no one is reviewing and irritate the hell out of me. And then some problems are probably just personal preference...

  • On Date & Time preferences, why do I need to "unlock to make changes", and then untick "Set date and time automatically" (which lags by the way), just to view other months on my calendar?
  • If for some reason a script on my browser takes awhile to run, my cursor clicks go mental. E.g. if I click on a file to rename it, Mac immediately unfocuses my highlight, so quickly that I can't rename my file. Or if I highlight a file, I lose my highlight almost immediately. There must be something wrong with the multi-threading...
  • When I minimize a window, why does a new window get created in my dock?
  • Can't resize images in Outlook. Microsoft hurry up with the update.
  • The closest thing to a Notepad++ (free text editor) I could find for Mac is Brackets, which is lacking alot of features.
  • Fn+F11 is NOT how I want to shimmy to Desktop (given minimizing is not an option either), give me a handy button in the Dock.
  • Opening programs in the Dock require only a single-click to open. So I get alot of misfires and get frustrated.
  • Format Painter in Microsoft products on Mac are on the top, but on Windows it's in the ribbon. This is more a Microsoft inconsistency issue...
  • If I drag a file into a folder on Finder, please put it into that folder, NOT the folder I am currently in. Jeez!
  • Scrolling horizontally requires 2 fingers to drag horizontally, which is great, except on a browser this pushes me back a page as well.
  • Volume keys randomly stop working. I get the 'restricted' sign instead. "sudo killall coreaudiod" fixes this. What on earth?

Posted by at No comments:
Subscribe to: Posts (Atom)