tag:blogger.com,1999:blog-43497015606870421282024-02-07T07:42:42.109+00:00Angle of Illuminationillumineit.com blogMichael Mountrakishttp://www.blogger.com/profile/05421326797935920498noreply@blogger.comBlogger31125tag:blogger.com,1999:blog-4349701560687042128.post-69845323320219334632020-07-09T12:45:00.001+01:002023-01-16T09:29:04.208+00:00Linux Authentication and Access - A different approach<div style="background-color: white; box-sizing: border-box; color: #24292e; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji"; font-size: 16px; margin-bottom: 16px;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEggeoM0Opr6WCBtfQuZLFlDcTtNx6yFcK1Vdh1Jpgrm40C_OKVsdEm83TwDNTkI1OQ4N40xLKfAePAwx0Sz1A9p0OtK97a4oJC_tux7O97h4OQEIFu4Hf01gPVfrlXwNEAsUL5MmusMYe5mbAAybGbjByaOFNAIWszSRNsmQTLj8NPkuspqQvvz6WbC" style="font-family: Calibri; font-size: 14px; margin-left: 1em; margin-right: 1em; text-align: center; white-space: pre-wrap;"><img alt="" data-original-height="196" data-original-width="385" height="163" src="https://blogger.googleusercontent.com/img/a/AVvXsEggeoM0Opr6WCBtfQuZLFlDcTtNx6yFcK1Vdh1Jpgrm40C_OKVsdEm83TwDNTkI1OQ4N40xLKfAePAwx0Sz1A9p0OtK97a4oJC_tux7O97h4OQEIFu4Hf01gPVfrlXwNEAsUL5MmusMYe5mbAAybGbjByaOFNAIWszSRNsmQTLj8NPkuspqQvvz6WbC" width="320" /></a></div><div style="background-color: white; box-sizing: border-box; color: #24292e; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji"; font-size: 16px; margin-bottom: 16px;">
A small briefing that covers the basic points of creating a new user in a Linux host. We start with a simple username/password old and insecure authentication method and then we add RSA certificate to make the user authentication modern and more robust. In the second section, we copy the private key to our windows machine and we configure windows PuTTY so that we connect to the Linux server using RSA certificates.</div>
<div style="background-color: white; box-sizing: border-box; color: #24292e; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji"; font-size: 16px; margin-bottom: 16px;">
In the second part of the article, we make a very short introduction to <a href="https://www.chef.io/" rel="nofollow" style="background-color: initial; box-sizing: border-box; color: #0366d6; text-decoration-line: none;">Chef</a> Technology and how this can be used in order to automate user provisioning on a host. This example does exactly the same user provisioning operations shown in the first part but this time with Chef.</div>
<div style="background-color: white; box-sizing: border-box; color: #24292e; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji"; font-size: 16px; margin-bottom: 16px;">
In the last section we introduce we introduce a simple Jenkins pipeline that demonstrates the use of the <code style="background-color: rgba(27, 31, 35, 0.05); border-radius: 6px; box-sizing: border-box; font-family: SFMono-Regular, Consolas, "Liberation Mono", Menlo, monospace; font-size: 13.6px; margin: 0px; padding: 0.2em 0.4em;">sftp</code> and <code style="background-color: rgba(27, 31, 35, 0.05); border-radius: 6px; box-sizing: border-box; font-family: SFMono-Regular, Consolas, "Liberation Mono", Menlo, monospace; font-size: 13.6px; margin: 0px; padding: 0.2em 0.4em;">ssh</code> commands for the linux user we previously created. </div>
<div style="background-color: white; box-sizing: border-box; color: #24292e; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji"; font-size: 16px; margin-bottom: 16px;">
Just 10 minutes reading.</div>
<div style="background-color: white; box-sizing: border-box; color: #24292e; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji"; font-size: 16px; margin-bottom: 16px;">
<br /></div>
<div style="background-color: white; box-sizing: border-box; color: #24292e; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji"; font-size: 16px; margin-bottom: 16px;">
Read the full article here:</div>
<div style="background-color: white; box-sizing: border-box; color: #24292e; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji"; font-size: 16px; margin-bottom: 16px;">
<a href="https://github.com/illumine/articles/blob/master/Linux-Admin-School/Create-and-Delete-Users-SSH-from-Windows.md" target="_blank">https://github.com/illumine/articles/blob/master/Linux-Admin-School/Create-and-Delete-Users-SSH-from-Windows.md</a></div>
Michael Mountrakishttp://www.blogger.com/profile/05421326797935920498noreply@blogger.com0tag:blogger.com,1999:blog-4349701560687042128.post-78651020594833394592020-06-22T09:53:00.000+01:002020-06-22T10:05:08.646+01:00Web based CRUD operations made with ZKoss ZK Framework with JPA, Spring, using Intellij IdeaHi folks!<br />
<br />
This month we will continue the ZKoss/<a href="https://www.zkoss.org/" rel="nofollow" style="background-color: white; box-sizing: border-box; color: #0366d6; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji"; font-size: 16px; outline-width: 0px;">ZK framework</a><span style="background-color: white; color: #24292e; font-family: , "blinkmacsystemfont" , "segoe ui" , "helvetica" , "arial" , sans-serif , "apple color emoji" , "segoe ui emoji"; font-size: 16px;">.</span> series and we present you a full functional example of a simple ZKoss ZK web application that makes JPA/CRUD operations on a database entity. The user is introduced to a web form that is build around a ZK listbox and presents the contents of a DB table. The user through the web form can perform <a href="https://en.wikipedia.org/wiki/Create,_read,_update_and_delete" rel="nofollow" style="background-color: white; box-sizing: border-box; color: #0366d6; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji"; font-size: 16px; text-decoration-line: none;">CRUD operations (Create, Retrieve, Update and Delete</a><span style="background-color: white; color: #24292e; font-family: , "blinkmacsystemfont" , "segoe ui" , "helvetica" , "arial" , sans-serif , "apple color emoji" , "segoe ui emoji"; font-size: 16px;"> </span> table records that are subsequently persisted in the DB level using <a href="https://www.javaworld.com/article/3379043/what-is-jpa-introduction-to-the-java-persistence-api.html" rel="nofollow" style="background-color: white; box-sizing: border-box; color: #0366d6; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji"; font-size: 16px; text-decoration-line: none;">Hibernate JPA implementation</a><span style="background-color: white; color: #24292e; font-family: , "blinkmacsystemfont" , "segoe ui" , "helvetica" , "arial" , sans-serif , "apple color emoji" , "segoe ui emoji"; font-size: 16px;">.</span> In the article we come across with the <a href="https://datacadamia.com/lang/java/dao?404id=java%3Adao&404type=bestPageName" target="_blank">DAO/Adapter pattern</a>, we explain how ZK implements the <span style="background-color: white; color: #24292e; font-family: , "blinkmacsystemfont" , "segoe ui" , "helvetica" , "arial" , sans-serif , "apple color emoji" , "segoe ui emoji"; font-size: 16px;">the </span><a href="https://en.wikipedia.org/wiki/Model%E2%80%93view%E2%80%93viewmodel" rel="nofollow" style="background-color: white; box-sizing: border-box; color: #0366d6; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji"; font-size: 16px; text-decoration-line: none;">MVVM Pattern</a> and we explain the design using simple elements of the <a href="https://en.wikipedia.org/wiki/Unified_Modeling_Language" target="_blank">UML methodology</a>.<br />
The implementation of the example utilizes technologies such as J2EE JPA, Spring framework and Maven in order to compile and build the WAR artifact over <span style="background-color: white; color: #24292e; font-family: , "blinkmacsystemfont" , "segoe ui" , "helvetica" , "arial" , sans-serif , "apple color emoji" , "segoe ui emoji"; font-size: 16px;"> the </span><a href="https://www.jetbrains.com/idea/" rel="nofollow" style="background-color: white; box-sizing: border-box; color: #0366d6; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji"; font-size: 16px; text-decoration-line: none;">Intelij IDEA</a><span style="background-color: white; color: #24292e; font-family: , "blinkmacsystemfont" , "segoe ui" , "helvetica" , "arial" , sans-serif , "apple color emoji" , "segoe ui emoji"; font-size: 16px;"> </span> programming environment/IDE.<br />
<br />
Read the full article in Illumine IT articles GitHub:<br />
<br />
<a href="https://github.com/illumine/articles/tree/master/ZK-JPA-Spring-Tutorial-with-IDEA-Maven">https://github.com/illumine/articles/tree/master/ZK-JPA-Spring-Tutorial-with-IDEA-Maven</a>Michael Mountrakishttp://www.blogger.com/profile/05421326797935920498noreply@blogger.com0tag:blogger.com,1999:blog-4349701560687042128.post-35956718075761353792020-05-28T12:13:00.002+01:002023-01-16T09:27:36.866+00:00ZKoss ZK framework for Java Application Development<div><span color="rgba(0 , 0 , 0 , 0.9)" face=", , "blinkmacsystemfont" , "segoe ui" , "roboto" , "helvetica neue" , "fira sans" , "ubuntu" , "oxygen" , "oxygen sans" , "cantarell" , "droid sans" , "apple color emoji" , "segoe ui emoji" , "segoe ui symbol" , "lucida grande" , "helvetica" , "arial" , sans-serif" style="background: rgb(255, 255, 255); border: 0px; box-sizing: inherit; font-size: 14px; line-height: inherit; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline; white-space: pre-wrap;"><div class="separator" style="clear: both; text-align: center;"><div class="separator" style="clear: both; text-align: center;"><br /></div><a href="https://blogger.googleusercontent.com/img/a/AVvXsEggeoM0Opr6WCBtfQuZLFlDcTtNx6yFcK1Vdh1Jpgrm40C_OKVsdEm83TwDNTkI1OQ4N40xLKfAePAwx0Sz1A9p0OtK97a4oJC_tux7O97h4OQEIFu4Hf01gPVfrlXwNEAsUL5MmusMYe5mbAAybGbjByaOFNAIWszSRNsmQTLj8NPkuspqQvvz6WbC" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="196" data-original-width="385" height="163" src="https://blogger.googleusercontent.com/img/a/AVvXsEggeoM0Opr6WCBtfQuZLFlDcTtNx6yFcK1Vdh1Jpgrm40C_OKVsdEm83TwDNTkI1OQ4N40xLKfAePAwx0Sz1A9p0OtK97a4oJC_tux7O97h4OQEIFu4Hf01gPVfrlXwNEAsUL5MmusMYe5mbAAybGbjByaOFNAIWszSRNsmQTLj8NPkuspqQvvz6WbC" width="320" /><br /></a></div><br /><br /></span></div><span color="rgba(0 , 0 , 0 , 0.9)" face=", , "blinkmacsystemfont" , "segoe ui" , "roboto" , "helvetica neue" , "fira sans" , "ubuntu" , "oxygen" , "oxygen sans" , "cantarell" , "droid sans" , "apple color emoji" , "segoe ui emoji" , "segoe ui symbol" , "lucida grande" , "helvetica" , "arial" , sans-serif" style="background: rgb(255, 255, 255); border: 0px; box-sizing: inherit; font-size: 14px; line-height: inherit; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline; white-space: pre-wrap;">Publish those two training sessions dealing with <a href="https://www.zkoss.org/" target="_blank">ZKoss </a></span><span class="hashtag-a11y ember-view" dir="ltr" face=", , "blinkmacsystemfont" , "segoe ui" , "roboto" , "helvetica neue" , "fira sans" , "ubuntu" , "oxygen" , "oxygen sans" , "cantarell" , "droid sans" , "apple color emoji" , "segoe ui emoji" , "segoe ui symbol" , "lucida grande" , "helvetica" , "arial" , sans-serif" id="ember4692" style="background: transparent; border: 0px; box-sizing: inherit; color: #0073b1; font-size: 14px; font-weight: 600; line-height: inherit; margin: 0px; outline: 0px; padding: 0px; position: relative; vertical-align: baseline; white-space: pre-wrap;"><a class="hashtag-link ember-view" data-control-name="hashtag" href="https://www.linkedin.com/feed/hashtag/?highlightedUpdateUrns=urn%3Ali%3Aactivity%3A6671726340678410240&keywords=%23ZK&originTrackingId=hRtgLvKSpM69p0yzWcb07w%3D%3D" id="ember4691" style="background: rgb(255, 255, 255); border: 0px; box-sizing: inherit; color: #0073b1; font-family: -apple-system, system-ui, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica Neue", "Fira Sans", Ubuntu, Oxygen, "Oxygen Sans", Cantarell, "Droid Sans", "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol", "Lucida Grande", Helvetica, Arial, sans-serif; font-size: 14px; font-weight: 600; line-height: inherit; margin: 0px; padding: 0px; position: relative; text-decoration-line: none; touch-action: manipulation; vertical-align: baseline; white-space: pre-wrap;" target="_self"><span class="visually-hidden" style="background: transparent; border: 0px; box-sizing: inherit; clip: rect(1px, 1px, 1px, 1px); display: block; height: 1px; line-height: inherit; margin: -1px; outline: 0px; overflow: hidden; padding: 0px; position: absolute; user-select: none; vertical-align: baseline; white-space: nowrap; width: 1px;">hashtag</span><span aria-hidden="true" style="background: transparent; border: 0px; box-sizing: inherit; line-height: inherit; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;"> </span></a></span><span color="rgba(0 , 0 , 0 , 0.9)" face=", , "blinkmacsystemfont" , "segoe ui" , "roboto" , "helvetica neue" , "fira sans" , "ubuntu" , "oxygen" , "oxygen sans" , "cantarell" , "droid sans" , "apple color emoji" , "segoe ui emoji" , "segoe ui symbol" , "lucida grande" , "helvetica" , "arial" , sans-serif" style="background: rgb(255, 255, 255); border: 0px; box-sizing: inherit; font-size: 14px; line-height: inherit; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline; white-space: pre-wrap;"> <a href="https://www.zkoss.org/documentation" target="_blank">ZK framework </a> for Java</span><span color="rgba(0 , 0 , 0 , 0.9)" face=", , "blinkmacsystemfont" , "segoe ui" , "roboto" , "helvetica neue" , "fira sans" , "ubuntu" , "oxygen" , "oxygen sans" , "cantarell" , "droid sans" , "apple color emoji" , "segoe ui emoji" , "segoe ui symbol" , "lucida grande" , "helvetica" , "arial" , sans-serif" style="background: rgb(255, 255, 255); border: 0px; box-sizing: inherit; font-size: 14px; line-height: inherit; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline; white-space: pre-wrap;"> web application development. </span><br />
<span color="rgba(0 , 0 , 0 , 0.9)" face=", , "blinkmacsystemfont" , "segoe ui" , "roboto" , "helvetica neue" , "fira sans" , "ubuntu" , "oxygen" , "oxygen sans" , "cantarell" , "droid sans" , "apple color emoji" , "segoe ui emoji" , "segoe ui symbol" , "lucida grande" , "helvetica" , "arial" , sans-serif" style="background: rgb(255, 255, 255); border: 0px; box-sizing: inherit; font-size: 14px; line-height: inherit; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline; white-space: pre-wrap;"><br /></span>
<span color="rgba(0 , 0 , 0 , 0.9)" face=", , "blinkmacsystemfont" , "segoe ui" , "roboto" , "helvetica neue" , "fira sans" , "ubuntu" , "oxygen" , "oxygen sans" , "cantarell" , "droid sans" , "apple color emoji" , "segoe ui emoji" , "segoe ui symbol" , "lucida grande" , "helvetica" , "arial" , sans-serif" style="background: rgb(255, 255, 255); border: 0px; box-sizing: inherit; font-size: 14px; line-height: inherit; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline; white-space: pre-wrap;">Both those training sessions were given to the engineers/analysts of MOU S.A. some years ago.</span><br />
<span color="rgba(0 , 0 , 0 , 0.9)" face=", , "blinkmacsystemfont" , "segoe ui" , "roboto" , "helvetica neue" , "fira sans" , "ubuntu" , "oxygen" , "oxygen sans" , "cantarell" , "droid sans" , "apple color emoji" , "segoe ui emoji" , "segoe ui symbol" , "lucida grande" , "helvetica" , "arial" , sans-serif" style="background: rgb(255, 255, 255); border: 0px; box-sizing: inherit; font-size: 14px; line-height: inherit; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline; white-space: pre-wrap;"><br /></span>
<br />
<div style="background-color: white; box-sizing: border-box; color: #24292e; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji"; font-size: 16px; margin-bottom: 16px;">
<a href="https://github.com/illumine/articles/blob/master/ZK-training/pdf/J2EE6_01_ZKIntro.pdf" style="background-color: initial; box-sizing: border-box; color: #0366d6; outline-width: 0px;">ZKoss: Introduction to ZK Java Framework</a></div>
<span color="rgba(0 , 0 , 0 , 0.9)" face=", , "blinkmacsystemfont" , "segoe ui" , "roboto" , "helvetica neue" , "fira sans" , "ubuntu" , "oxygen" , "oxygen sans" , "cantarell" , "droid sans" , "apple color emoji" , "segoe ui emoji" , "segoe ui symbol" , "lucida grande" , "helvetica" , "arial" , sans-serif" style="background: rgb(255, 255, 255); border: 0px; box-sizing: inherit; font-size: 14px; line-height: inherit; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline; white-space: pre-wrap;"></span><br />
<div style="background-color: white; box-sizing: border-box; color: #24292e; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji"; font-size: 16px; margin-bottom: 16px;">
<a href="https://github.com/illumine/articles/blob/master/ZK-training/pdf/J2EE6_02_ZKApplication.pdf" style="background-color: initial; box-sizing: border-box; color: #0366d6; text-decoration-line: none;">ZKoss: Introduction to Application development with ZK Java Framework</a><br />
<br />
If you like the work, give a star to the <a href="https://github.com/illumine/articles" target="_blank">github repo</a> 😃</div>
Michael Mountrakishttp://www.blogger.com/profile/05421326797935920498noreply@blogger.com0tag:blogger.com,1999:blog-4349701560687042128.post-76027205033365872102020-04-15T20:06:00.002+01:002020-04-15T20:07:21.112+01:00ακατάληπτα σύμβολα στην ελληνική γραμματοσειρά του microworlds pro<h3 style="text-align: justify;">
<span style="background-color: white; font-size: 14px; white-space: pre-wrap;"><span style="font-family: , , "blinkmacsystemfont" , "segoe ui" , "roboto" , "helvetica neue" , "fira sans" , "ubuntu" , "oxygen" , "oxygen sans" , "cantarell" , "droid sans" , "apple color emoji" , "segoe ui emoji" , "segoe ui symbol" , "lucida grande" , "helvetica" , "arial" , sans-serif;">MICROWORLDS PRO Πρόβλημα εγκατάστασης στα Microsoft Windows 10</span></span></h3>
<div style="text-align: justify;">
<span style="background-color: white; font-size: 14px; white-space: pre-wrap;"><span style="font-family: , , "blinkmacsystemfont" , "segoe ui" , "roboto" , "helvetica neue" , "fira sans" , "ubuntu" , "oxygen" , "oxygen sans" , "cantarell" , "droid sans" , "apple color emoji" , "segoe ui emoji" , "segoe ui symbol" , "lucida grande" , "helvetica" , "arial" , sans-serif;"><br /></span></span></div>
<br />
<div style="text-align: justify;">
<span style="background-color: white; font-family: , , "blinkmacsystemfont" , "segoe ui" , "roboto" , "helvetica neue" , "fira sans" , "ubuntu" , "oxygen" , "oxygen sans" , "cantarell" , "droid sans" , "apple color emoji" , "segoe ui emoji" , "segoe ui symbol" , "lucida grande" , "helvetica" , "arial" , sans-serif; font-size: 14px; white-space: pre-wrap;">Το φοβερό </span><a href="http://photodentro.edu.gr/edusoft/r/8531/157" style="background-color: white; font-family: -apple-system, system-ui, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica Neue", "Fira Sans", Ubuntu, Oxygen, "Oxygen Sans", Cantarell, "Droid Sans", "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol", "Lucida Grande", Helvetica, Arial, sans-serif; font-size: 14px; white-space: pre-wrap;" target="_blank">MICROWORLDS PRO</a><span style="background-color: white; font-family: , , "blinkmacsystemfont" , "segoe ui" , "roboto" , "helvetica neue" , "fira sans" , "ubuntu" , "oxygen" , "oxygen sans" , "cantarell" , "droid sans" , "apple color emoji" , "segoe ui emoji" , "segoe ui symbol" , "lucida grande" , "helvetica" , "arial" , sans-serif; font-size: 14px; white-space: pre-wrap;"> - το επίσημο εποπτικό μέσο που προτείνει το Υπ. Παιδέιας - δε παίζει πάντα στα Microsoft Windows 10. Γιατί? Γιατί απλά η εφαρμογή που προτείνει το Υπ. Παιδείας είναι αρχαία βασισμένη σε 32 bit βιβλιοθήκες, χρησιμοποιεί άλλο code page από τις περισσότερες σύγχρονες εγκαταστάσεις των Microsoft Windows 10 και φυσικά κατά την εγκατάσταση στην οθόνη βγαίνουν μπαρμπουτσαλα στην καθομιλουμένη και _"ακατάληπτα σύμβολα στην ελληνική γραμματοσειρά του microworlds pro" </span><a href="https://answers.microsoft.com/el-gr/windows/forum/all/%CE%B1%CE%BA%CE%B1%CF%84%CE%AC%CE%BB%CE%B7%CF%80/9529d990-486e-400b-b314-ed8f5e6b0a5f" style="background-color: white; font-family: -apple-system, system-ui, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica Neue", "Fira Sans", Ubuntu, Oxygen, "Oxygen Sans", Cantarell, "Droid Sans", "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol", "Lucida Grande", Helvetica, Arial, sans-serif; font-size: 14px; white-space: pre-wrap;" target="_blank">όπως το έθεσε η γραφουσσα εδω</a></div>
<div style="text-align: justify;">
<br /></div>
<span style="background-color: white;"><span style="font-family: , , "blinkmacsystemfont" , "segoe ui" , "roboto" , "helvetica neue" , "fira sans" , "ubuntu" , "oxygen" , "oxygen sans" , "cantarell" , "droid sans" , "apple color emoji" , "segoe ui emoji" , "segoe ui symbol" , "lucida grande" , "helvetica" , "arial" , sans-serif;">
</span></span>
<div class="separator" style="clear: both; font-size: 14px; text-align: justify; white-space: pre-wrap;">
<span style="background-color: white;"><span style="font-family: , , "blinkmacsystemfont" , "segoe ui" , "roboto" , "helvetica neue" , "fira sans" , "ubuntu" , "oxygen" , "oxygen sans" , "cantarell" , "droid sans" , "apple color emoji" , "segoe ui emoji" , "segoe ui symbol" , "lucida grande" , "helvetica" , "arial" , sans-serif;"><a href="https://github.com/illumine/articles/raw/master/MICROWORLDS_PRO_Windows10_Problem/img/barboutsala.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="468" data-original-width="606" height="247" src="https://github.com/illumine/articles/raw/master/MICROWORLDS_PRO_Windows10_Problem/img/barboutsala.png" width="320" /></a></span></span></div>
<span style="background-color: white;"><span style="font-family: , , "blinkmacsystemfont" , "segoe ui" , "roboto" , "helvetica neue" , "fira sans" , "ubuntu" , "oxygen" , "oxygen sans" , "cantarell" , "droid sans" , "apple color emoji" , "segoe ui emoji" , "segoe ui symbol" , "lucida grande" , "helvetica" , "arial" , sans-serif;">
<div style="text-align: justify;">
<span style="font-size: 14px; white-space: pre-wrap;"><br /></span></div>
<span style="font-size: 14px; white-space: pre-wrap;"><div style="text-align: justify;">
</div>
</span></span></span><div style="text-align: justify;">
<span style="background-color: white; font-family: , , "blinkmacsystemfont" , "segoe ui" , "roboto" , "helvetica neue" , "fira sans" , "ubuntu" , "oxygen" , "oxygen sans" , "cantarell" , "droid sans" , "apple color emoji" , "segoe ui emoji" , "segoe ui symbol" , "lucida grande" , "helvetica" , "arial" , sans-serif; font-size: 14px; white-space: pre-wrap;"><br /></span></div>
<div style="text-align: justify;">
<span style="background-color: white; font-family: , , "blinkmacsystemfont" , "segoe ui" , "roboto" , "helvetica neue" , "fira sans" , "ubuntu" , "oxygen" , "oxygen sans" , "cantarell" , "droid sans" , "apple color emoji" , "segoe ui emoji" , "segoe ui symbol" , "lucida grande" , "helvetica" , "arial" , sans-serif; font-size: 14px; white-space: pre-wrap;"><b>Για την υποστήριξη της εφαρμογής MICROWORLDS PRO που δυστυχώς ακόμη τυραννάει τους μαθητές Γυμνασίων και Λυκείων η <a href="http://illumineit.com/" target="_blank">Illumine IT Consulting</a> έγραψε <a href="https://github.com/illumine/articles/blob/master/MICROWORLDS_PRO_Windows10_Problem/MICROWORLDS_PRO_Microsoft_Windows10_%CF%80%CF%81%CE%BF%CE%B2%CE%BB%CE%B7%CE%BC%CE%B1_%CE%B5%CE%B3%CE%BA%CE%B1%CF%84%CE%AC%CF%83%CF%84%CE%B1%CF%83%CE%B7%CF%82.md" target="_blank">το παρακάτω άρθρο</a></b></span></div>
<span style="background-color: white; color: rgba(0 , 0 , 0 , 0.9); font-family: , , "blinkmacsystemfont" , "segoe ui" , "roboto" , "helvetica neue" , "fira sans" , "ubuntu" , "oxygen" , "oxygen sans" , "cantarell" , "droid sans" , "apple color emoji" , "segoe ui emoji" , "segoe ui symbol" , "lucida grande" , "helvetica" , "arial" , sans-serif; font-size: 14px; white-space: pre-wrap;"><br /></span>
Michael Mountrakishttp://www.blogger.com/profile/05421326797935920498noreply@blogger.com0tag:blogger.com,1999:blog-4349701560687042128.post-55823548600195317412020-01-03T16:36:00.003+00:002020-01-03T17:14:59.103+00:00Creating a Full Web Based BusinessHi folks! Merry Christmas to everyone!<br />
<br />
One of my old clients asked me how to create a full web business site. the site should be able to do the common basic usual stuff:<br />
<ul>
<li>Promote the company - Inform customers about the brand</li>
<li>Present products </li>
<li>Do online sales</li>
</ul>
The interesting part of the story is that this guy did not want me to do the actual site work. Instead he asked me:<br />
<ul>
<li> to make a TODO list of ll basic steps with a correct order so that nothing is missing and everything is in order. Write down a well formed procedure. </li>
<li>also to put all those artifacts that should be delivered in each of the steps from the side of the implementing contract company, so that the contractor is checked - ensuring no hidden details</li>
</ul>
<span style="font-size: large;"><a href="https://github.com/illumine/articles/blob/master/Web-Business-Site-Construction-A-Z/Web-Business-Site-Construction-A-Z.md" target="_blank">Read the full article </a></span><a href="https://github.com/illumine/articles/blob/master/Web-Business-Site-Construction-A-Z/Web-Business-Site-Construction-A-Z.md" target="_blank"><span style="font-size: large;"> </span><span style="font-size: large;">on Illumine IT Consulting</span><span style="font-size: large;"> GitHub Space</span></a><br />
<br />Michael Mountrakishttp://www.blogger.com/profile/05421326797935920498noreply@blogger.com0tag:blogger.com,1999:blog-4349701560687042128.post-24540869993632340212019-10-17T15:39:00.001+01:002019-10-17T15:45:16.388+01:00Elementary Linux Performance Monitoring The basic tool here is <a href="http://man7.org/linux/man-pages/man1/top.1.html" target="_blank">top</a><br />
Monitoring a single process can be done with -p option, in the next example we measure the MySQL process:<br />
<br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">[root@(db-master) ~]# <b>top -p 2521</b></span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">top - 15:42:54 up 40 days, 10:46, 4 users, <b>load average: 0.14, 0.24, 0.48</b></span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">Tasks: 1 total, 0 running, 1 sleeping, 0 stopped, 0 zombie</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">%Cpu0 : 1.0 us, 1.0 sy, 0.0 ni, 98.0 id, 0.0 wa, 0.0 hi, 0.0 si, 0.0 st</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">%Cpu1 : 0.0 us, 0.0 sy, 0.0 ni,100.0 id, 0.0 wa, 0.0 hi, 0.0 si, 0.0 st</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">KiB Mem: 32551020 total, 32285684 used, 265336 free, 149660 buffers</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">KiB Swap: 3129340 total, 402572 used, 2726768 free. 16662620 cached Mem</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"><br /></span>
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> <b>2521 mysql 20 0 18.725g 0.014t 4548 S 6.000 46.50 2735:03 mysqld</b></span><br />
<div>
<br /></div>
<div>
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif;">Load Average is a linux/unix mystery: Linux load averages are "system load averages" that show the running thread (task) demand on the system as an average number of running plus waiting threads. This measures demand, which can be greater than what the system is currently processing. </span></div>
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif;">For an extended excellent article around Linux Load Average, refer to <a href="http://www.brendangregg.com/blog/2017-08-08/linux-load-averages.html" target="_blank">Brendan Gregg's Blog</a></span></div>
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div>
<span style="font-family: "arial" , "helvetica" , sans-serif;">On the other hand good old </span><span style="font-family: "courier new" , "courier" , monospace;"><b><a href="http://man7.org/linux/man-pages/man1/ps.1.html" target="_blank">ps</a></b></span><span style="font-family: "arial" , "helvetica" , sans-serif;"> which is available on all UNIX flavors and LINUX distributions can also help. The following command shows the most CPU consuming processes in ascending order along with their virtual size </span></div>
</div>
<div>
<br /></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">[root@(db-master) ~]# <b>ps -e -o pid,pcpu,vsz,comm= | sort -n --key=3</b></span></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">...</span></div>
<div>
<div>
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> 1669 0.0 752396 isecespd</span></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> 1759 0.0 1561472 isectpd</span></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"><b> 2521 52.4 19634584 mysqld</b></span></div>
</div>
<div>
<br /></div>
<div>
To get the process tree try <b style="font-family: "Courier New", Courier, monospace; font-size: small;">pstree -aAl</b>:</div>
<div>
<br /></div>
<div>
<div>
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">[root@(db-master) ~]# <b>pstree -aAl</b></span></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">systemd --switched-root --system --deserialize 24</span></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> |-VGAuthService -s</span></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> |-agetty --noclear tty1 linux</span></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> |-automount -p /var/run/automount.pid</span></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> | `-5*[{automount}]</span></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> |-cron -n</span></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> |-dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation</span></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> |-discagnt /etc/init.d/discagnt start</span></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> | `-discagnt</span></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> |-haveged -w 1024 -v 0 -F</span></div>
</div>
<div>
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">...</span></div>
<div>
<br /></div>
<div>
For systems that do not have <span style="font-family: Courier New, Courier, monospace;">pstree </span>try<span style="font-family: Courier New, Courier, monospace;"> ps -ejH </span><br />
<br />
To get information about threads created by processes try <span style="font-family: Courier New, Courier, monospace;">ps -eLf</span><br />
<br />
To get information about disk performance try <a href="http://man7.org/linux/man-pages/man1/iostat.1.html" target="_blank"><b>iostat</b></a>:</div>
<div>
<br /></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> [root@(mmcp_prod_corp)(db-master) ~]# <b>iostat -dcm</b></span></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">Linux 4.4.121-92.117-default (mo-1400a55c2) 10/17/19 _x86_64_ (8 CPU)</span></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"><br /></span></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">avg-cpu: %user %nice %system %iowait %steal %idle</span></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> 7.22 0.00 0.59 1.19 0.00 91.00</span></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"><br /></span></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">Device: tps MB_read/s MB_wrtn/s MB_read MB_wrtn</span></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">sda 1.56 0.01 0.01 44144 51244</span></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">sdb 146.49 5.48 1.79 19159479 6250758</span></div>
<div>
<br /></div>
<div>
Finally to see <b>all open files</b> by a process such as data/shared objects/dynamic libraries and sockets use <a href="https://linux.die.net/man/8/lsof" target="_blank">lsof</a>. In the following example we can see all open files of mysql process:</div>
<div>
<br /></div>
<div>
<div>
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">[root@(db-master) ~]#<b> lsof -p 2521</b></span></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME</span></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">mysqld 2521 mysql cwd DIR 254,2 4096 6815769 /monsoon/mysql/data</span></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">mysqld 2521 mysql rtd DIR 254,0 4096 2 /</span></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">mysqld 2521 mysql txt REG 254,0 250387936 794500 /usr/sbin/mysqld</span></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">mysqld 2521 mysql mem REG 254,0 97056 1065145 /lib64/libresolv-2.22.so</span></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">mysqld 2521 mysql mem REG 254,0 26976 1065107 /lib64/libnss_dns-2.22.so</span></div>
</div>
<div>
<br /></div>
<div>
<br /></div>
<div>
To see the TCP listening server sockets on a linux server, we can do that with <b style="font-family: "Courier New", Courier, monospace; font-size: small;"><a href="http://man7.org/linux/man-pages/man8/netstat.8.html" target="_blank">netstat -tulpn</a></b></div>
<div>
<br /></div>
<div>
<div>
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">[root@(db-master) ~]# <b>netstat -tulpn</b></span></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">Active Internet connections (only servers)</span></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name</span></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 2521/mysqld</span></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">tcp 0 0 0.0.0.0:2738 0.0.0.0:* LISTEN 3282/discagnt</span></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 3289/sshd</span></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">tcp 0 0 127.0.0.2:25 0.0.0.0:* LISTEN 3671/master</span></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 3671/master</span></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">tcp 0 0 127.0.0.1:6010 0.0.0.0:* LISTEN 38622/0</span></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">tcp 0 0 :::7938 :::* LISTEN 3317/nsrexecd</span></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">tcp 0 0 :::5666 :::* LISTEN 1/systemd</span></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">udp 4352 0 0.0.0.0:68 0.0.0.0:* 1521/wickedd-dhcp4</span></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">udp 0 0 10.97.6.160:123 0.0.0.0:* 3343/ntpd</span></div>
</div>
<div>
<br /></div>
<div>
<br /></div>
<div>
while for all open TCP sockets:</div>
<div>
<br /></div>
<div>
<div>
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">[root@(db-master) ~]# <b>netstat -t</b></span></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">Active Internet connections (w/o servers)</span></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">Proto Recv-Q Send-Q Local Address Foreign Address State</span></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">tcp 0 0 mo-1400a55c2.zone:mysql mo-6740a22da.zone:46138 ESTABLISHED</span></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">tcp 0 64 mo-1400a55c2.zone1.:ssh mo-657dabf53.zone:58606 ESTABLISHED</span></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">tcp 0 0 mo-1400a55c2.zone:mysql mo-23acddcc0.zone:50068 ESTABLISHED</span></div>
</div>
<div>
<br /></div>
<div>
<br /></div>
<div>
<br /></div>
<div>
<br /></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"><b><br /></b></span></div>
Michael Mountrakishttp://www.blogger.com/profile/05421326797935920498noreply@blogger.com0tag:blogger.com,1999:blog-4349701560687042128.post-84091987448803295752019-09-20T12:02:00.001+01:002019-09-20T12:04:08.564+01:00Creating a RSA Key pair, a Self Signed Certificate and put it on a JKS Java Key Store<h2 style="background-color: white; border-bottom: 1px solid rgb(234, 236, 239); box-sizing: border-box; color: #24292e; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol"; line-height: 1.25; margin-bottom: 16px; margin-top: 24px; padding-bottom: 0.3em;">
Generating a Key Pair (Private/Public key) and a Self-Signed Certificate and store them to a JKS Java Key Store </h2>
<div>
Job done on a Linux box using the <a href="https://www.openssl.org/" target="_blank">openssl </a>tools and JDK 's <a href="https://docs.oracle.com/javase/8/docs/technotes/tools/unix/keytool.html" target="_blank">keytool</a></div>
<div>
<br /></div>
<pre style="background-color: #f6f8fa; border-radius: 3px; box-sizing: border-box; color: #24292e; font-family: SFMono-Regular, Consolas, "Liberation Mono", Menlo, Courier, monospace; font-size: 13.6px; line-height: 1.45; overflow-wrap: normal; overflow: auto; padding: 16px;">1) Generate RSA key pair of 2048 bits
openssl genrsa -out illumineit.com.key 2048
2) Generate certificate request for CA (.csr)
openssl req -x509 -sha256 -new -subj '/C=CY/ST=Nikosia/L=Center/CN=illumineit.com' -key illumineit.com.key -out illumineit.com.csr
3) Generate self signed certificate expiry-time 10 years from the certificate request
openssl x509 -sha256 -days 3652 -in illumineit.com.csr -signkey illumineit.com.key -out illumineit.com.crt
4) Import the pair (private key and selfsigned certificate) in a new JKS (Trustore and Keystore together)
# Create PKCS12 keystore from private key and public certificate.
openssl pkcs12 -export -name illumineit.com -in illumineit.com.crt -inkey illumineit.com.key -out illumineit.com.p12 -passin pass:welcome -password pass:welcome
# Convert PKCS12 keystore into a JKS keystore
keytool -importkeystore -destkeystore illumineit.com.jks -srckeystore illumineit.com.p12 -srcstoretype pkcs12 -alias illumineit.com -srcstorepass welcome -storepass welcome -noprompt
</pre>
<div>
<br /></div>
Michael Mountrakishttp://www.blogger.com/profile/05421326797935920498noreply@blogger.com0tag:blogger.com,1999:blog-4349701560687042128.post-35265795684034148992019-06-19T14:51:00.001+01:002019-06-19T14:51:05.630+01:00Retrieving the Posts and Pages from Wordpress Database.<br />
<br />
Sometimes shit happens. Client took backup only the Wordpress DB without taking the PHP files. In other words, configuration, plugins, custom templates, skins and images.... just lost. Last Well Known good backup gone with the server.... and what we only got is a Wordpress DB without images. So practically, it would be a better idea to backup one by one pages from browser by clicking Save as.... Just jogging of course...<br />
<br />
<br />
<br />
<br />
Now he has to write everything from scratch. <br />
<br />
<b>Step 1. </b><br />
<br />
Examine your backup file:<br />
<br />
<br />
<span style="font-family: Courier New, Courier, monospace;">-- MySQL dump 10.13 Distrib 5.5.55, for Linux (x86_64)</span><br />
<span style="font-family: Courier New, Courier, monospace;">--</span><br />
<span style="font-family: Courier New, Courier, monospace;">-- Host: localhost Database: wordpress9</span><br />
<span style="font-family: Courier New, Courier, monospace;">-- ------------------------------------------------------</span><br />
<span style="font-family: Courier New, Courier, monospace;">-- Server version 5.5.55</span><br />
<br />
<br />
<br />
<br />
<b>Step 2: </b><br />
<br />
Go to MySQL and download <b>the exact server version your previous installation comes from</b>. Here is our link: <a href="https://dev.mysql.com/downloads/mysql/5.5.html">https://dev.mysql.com/downloads/mysql/5.5.html</a><br />
<br />
Install the MySQL temporarily in your PC or a simple VM or anything else. <br />
<br />
<br />
<br />
<br />
<b>Step 3:</b><br />
<br />
Create a Database in your server just like the backup specifies:<br />
<br />
<span style="font-family: Courier New, Courier, monospace;">C:\Users\>mysql -uroot -pmypass </span><br />
<span style="font-family: Courier New, Courier, monospace;"><br /></span>
<span style="font-family: Courier New, Courier, monospace;">mysql> CREATE DATABASE wordpress9 CHARACTER SET utf8 COLLATE utf8_general_ci;</span><br />
<span style="font-family: Courier New, Courier, monospace;"><br /></span>
<span style="font-family: Courier New, Courier, monospace;">Query OK, 1 row affected (0.01 sec)</span><br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<b>Step 4:</b><br />
<br />
Copy your backup file. Edit your backup file <br />
<br />
Restore your last backup in the server<br />
<br />
<span style="font-family: Courier New, Courier, monospace;">C:\Users\>mysql -uroot -pmypass wordpress9 < backup_2019_01_18_1547817726_4347121_wpdb.sql</span><br />
<br />
<br />
<br />
<b>Step 5:</b><br />
<br />
Create a file called restore.sql with the following query to retrieve your posts, pages and news:<br />
<br />
select '<h1>',post_title,'</h1>',post_content, '<hr/> End Post <hr/>' from wp_posts where post_status='publish' and post_type in ('page','post','nooz_release') order by post_name, post_date ;<br />
<br />
<b>Step 6:</b><br />
Run the query command as follows:<br />
<span style="font-family: Courier New, Courier, monospace;">C:\Users\>mysql -uroot -pmypass wordpress9 < restore.sql > restored.html</span><br />
<br />
The results are inside restored.html and can be viewed with a browser.<br />
More careful backup next time....<br />
<br />Michael Mountrakishttp://www.blogger.com/profile/05421326797935920498noreply@blogger.com0tag:blogger.com,1999:blog-4349701560687042128.post-15072756422573975882018-02-03T11:42:00.005+00:002018-02-03T11:59:31.363+00:00Enable SSL for your Wordpress/Plesk site using a free authority-signed certificate<h2>
</h2>
This article explains how to replace HTTP with HTTPS on your site. This is an easy task if your site is relatively small and can be accomplished with 5 to 6 basic steps.<br />
<br />
The article assumes site deployment with Wordpress and Plesk dashboards and suggests the creation of a free trusted authority signed SSL sertificate from <a href="https://comodo.com/" rel="nofollow">Comodo Cyber Security</a> trusted authority which is valied for 3 months (90 days).<br />
<br />
Read the overall article here: <br />
<a href="https://github.com/illumine/articles/blob/master/Enable-SSL-for-your-Wordpress-Plesk-site-using-a-free-authority-signed-certificate/Enable-SSL-for-your-Wordpress-Plesk-site-using-a-free-authority-signed-certificate.md" target="_blank">Illumine IT Consulting GitHub Articles.</a><br />
<h1>
</h1>
<h1>
</h1>
Michael Mountrakishttp://www.blogger.com/profile/05421326797935920498noreply@blogger.com0tag:blogger.com,1999:blog-4349701560687042128.post-42116779089318046992017-09-12T14:04:00.000+01:002018-02-03T11:43:32.824+00:00disk-benchmark A mutlipurpose benchmark program that can simulate your application's I/O performance<h1>
<a href="https://github.com/illumine/disk-benchmark" target="_blank">disk-benchmark tool - get it here!</a></h1>
Sometimes we need to have a prior estimation of I/O performance of a program we plan to develop or we currently posses.
<br />
This may be triggered by a number of reasons:<br />
<ul>
<li> Order specific Disk hardware in advance
</li>
<li> Plan to rent cloud based volume from a cloud provider
</li>
<li> Estimate the total performance of your application in order to establish operational scenarios and calculate KPIs.
</li>
<li> Check the cloud providers SLA compliance.</li>
</ul>
In the past I dealt with all those challenges using standard Linux methods for benchamarking a volume like the classic one:
<br />
<br />
<pre></pre>
<pre>dd if=/dev/zero of=/root/testfile bs=1G count=1 oflag=direct
</pre>
<div>
<br /></div>
Or other similar methods or tools like <a href="https://linux.die.net/man/1/iostat" target="_blank">iostat</a>.<br />
<br />
The problem with all those methods, is that you can have an idea of how your disk performs in general, <b>but not according to a given scenario</b>, for example:<br />
<div>
<ul>
<li>20 concurrent users each of them reads and writes of a random file of size between 20k and 1 MB with a pause of 2 seconds for 5 mins.</li>
<li>10 concurrent users each of them reads/ writes a file of 60kb with a pause of 2 seconds after read repeatedly for 100 times. </li>
</ul>
<br />
<br />
Unless you go to very sophisticated tools like <a href="http://jmeter.apache.org/" target="_blank">JMeter</a>, you don't really have something very handy. On the other hand, sophisticated tools most of the times, have a significant learning curve but of course in most cases, you want something to use it in the next 5 mins with very simple options just like the above scenarios. To amend this situation, last year, I developed a small C program that can be used to do the job, the disk-benchmark program available on<a href="https://github.com/illumine" target="_blank"> Illumine IT Consulting GitHub URL</a>:
<br />
<br />
<a href="https://github.com/illumine/disk-benchmark" target="_blank"><b>https://github.com/illumine/disk-benchmark</b></a></div>
<div>
<br /></div>
<div>
This is a benchmark program to test Hard Drives, SSD Drives, HBAs, RAID Adapters & Storage Controllers. This is a really simple C program that you can compile using the standard GNU/gcc compiler that comes with your Linux distribution.</div>
<div>
<br /></div>
<div>
<b>How to setup the disk-benchmark in your Linux system:</b></div>
<div>
Installation of the disk-benchmark is as simple as this:</div>
<pre></pre>
<pre><span style="font-family: "courier new" , "courier" , monospace;"># git clone https://github.com/illumine/disk-benchmark
# cd disk-benchmark/src/
# gcc disk-benchmark.c -o disk-benchmark -l pthread -lrt -O3 -Wall
# ls -l disk-benchmark
-rwxr-xr-x 1 root root 23365 Apr 15 10:23 disk-benchmark</span>
</pre>
<br />
A simple scenario implementation using disk-benchmark<br />
<br />
<b><u>Scenario: 10</u></b> concurrent users each writing and reading a file of size ~10MB in /var. Each user pauses for some seconds randomly picked from the interval [2,10] sec. The command that implements the above scenario has as follows:<br />
<br />
<pre>[root@mo-8f752419d src]# ./disk-benchmark -p /var -t 10 -a 10000000 -E 2:10
Test scenario:
test path=/var
Threads=10, sleep sec between write/read = 1, repeats per thread=5, random pick sleep sec from [2 10]
Lower file size=1024, Upper file size=10240, Absolute file size=10000000
Read/Write buffer size=8192, Buff Siz W 0, Buf Siz R 0,
Do write only=0, Delete files=1
Print values only=0 dont print scenario info= 0, dont print clocks=0 dont print headers=0 print date=1
Work Continously=0 Work Continously Sleep Brake=5
T=7, Avg W=0.016134 Avg R=0.002160 Total W=0.080671 Total R=0.010801 Total Time=0.091473 Sleep=4.600000 Avg File Size =10000000.000000
T=2, Avg W=0.014436 Avg R=0.002411 Total W=0.072179 Total R=0.012056 Total Time=0.084234 Sleep=4.800000 Avg File Size =10000000.000000
T=4, Avg W=0.016104 Avg R=0.002189 Total W=0.080520 Total R=0.010943 Total Time=0.091463 Sleep=4.800000 Avg File Size =10000000.000000
T=9, Avg W=0.011966 Avg R=0.002069 Total W=0.059829 Total R=0.010347 Total Time=0.070176 Sleep=4.800000 Avg File Size =10000000.000000
T=6, Avg W=0.013065 Avg R=0.001826 Total W=0.065323 Total R=0.009128 Total Time=0.074451 Sleep=5.000000 Avg File Size =10000000.000000
T=1, Avg W=0.015399 Avg R=0.003005 Total W=0.076996 Total R=0.015025 Total Time=0.092021 Sleep=5.200000 Avg File Size =10000000.000000
T=8, Avg W=0.012883 Avg R=0.002303 Total W=0.064416 Total R=0.011513 Total Time=0.075930 Sleep=5.200000 Avg File Size =10000000.000000
T=3, Avg W=0.015850 Avg R=0.002492 Total W=0.079251 Total R=0.012458 Total Time=0.091709 Sleep=5.400000 Avg File Size =10000000.000000
T=0, Avg W=0.013430 Avg R=0.002697 Total W=0.067151 Total R=0.013487 Total Time=0.080637 Sleep=5.600000 Avg File Size =10000000.000000
T=5, Avg W=0.016659 Avg R=0.002387 Total W=0.083293 Total R=0.011934 Total Time=0.095226 Sleep=5.600000 Avg File Size =10000000.000000
T=-1, Avg W=0.014593 Avg R=0.002354 Total W=0.072963 Total R=0.011769 Total Time=0.084732 Sleep=5.100000 Avg File Size =10000000.000000
Wall time 28.000000, CPU time 0.880000
Tue Sep 12 13:36:26 2017
</pre>
Michael Mountrakishttp://www.blogger.com/profile/05421326797935920498noreply@blogger.com0tag:blogger.com,1999:blog-4349701560687042128.post-4010268014699101782016-05-18T20:43:00.000+01:002016-05-18T21:14:17.353+01:00Web Service Client with Basic Authentication and SSL<h1>
Web Service Client with Basic Authentication and SSL</h1>
Recently, I had to create a web service client for a web service that uses a number of <a href="https://www.w3.org/TR/ws-policy/">Web Service Policies</a>.
In general, the web service utilizes the following policies:
<br />
<ul>
<li>Transport: Service uses one way certificates. Client had to download and check server´s certificate in order to prove the server´s identity.</li>
<li>Authentication: <a href="https://en.wikipedia.org/wiki/Basic_access_authentication" target="_blank">Basic authentication</a> is required to access the URL and the service WSDL.</li>
</ul>
The following steps were used.
<br />
<ul>
<li><b>Creating the TrustStore</b>: Access the Web Service URL, download the web service certificate and create a x509 trustStore to host the server´s certificate.</li>
<li><b>Create the client Stub</b>: Access the Web Service URL and create the client stub by compiling the WSDL with wsimport.</li>
<li><b>Code and complete the service client</b>. This has the following sub tasks:</li>
<ul>
<li>Code the client to use Basic Authentication </li>
<li>Code the client to utilize the trustStore in order to setup SSL session with the server</li>
<li>Code the client to call the web method.</li>
</ul>
</ul>
<h2>
Creating the SSL Trustore. </h2>
During SSL handshake, the trustStore is used to verify server´s id.<br />
Download the Server´s certificate by hitting the Web Service URL. There you will be prompted for login. You can login with the given user/password.<br />
<br />
Then, the certificate is stored in your browser. You can export it easy but that depends to you browser. Chrome for example, the certificate can be downloaded directly as a x509 trustStore like the following image illustrates:
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhjNzG35D7ovDWFiK4vWAZdVTLbxKC-XwVlZdYJxY-dVrXvRfT0csnwK0fUackH_o4Ye0_prs9G8RoQDiRDKNk9acvUUH3semCk42lW3oZHFhMyKs-878qSPZ19l8gliqzu-gR_FsDuf9o/s1600/chrome-export-certificate.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="114" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhjNzG35D7ovDWFiK4vWAZdVTLbxKC-XwVlZdYJxY-dVrXvRfT0csnwK0fUackH_o4Ye0_prs9G8RoQDiRDKNk9acvUUH3semCk42lW3oZHFhMyKs-878qSPZ19l8gliqzu-gR_FsDuf9o/s320/chrome-export-certificate.PNG" width="320" /></a></div>
<br />
<br />
If you want to create the a trustStore manually you need to create a X509 keystore file using Java keytool and then import the server´s public certificate in it. The trustStore will be password protected and the certificate inside the trustStore will be password protected using "password" passphrase:
<br />
<br />
<pre>$ keytool -genkey -alias replserver -keyalg RSA -keystore mykeystore.jks -dname "cn=localhost, ou=IT, o=Continuent, c=DE" -storepass password -keypass password
</pre>
<br />
Now you have the keyStore. Next you need to import the server´s public certificate in it. In the general case, supposing the Server certificate is the following one plain text file server-certificate.txt then do one of the following actions to:
<br />
<br />
Check the server´s certificate:
<br />
<pre>openssl x509 -in server-certificate.txt -text -noout
</pre>
<br />
Delete previous certificate version from the trustStore if any:
<br />
<pre>keytool -delete -alias myserver-name.com -keystore mykeystore.jks
</pre>
<br />
Re-import the server certificate to the trustStore:
<br />
<pre>keytool -import -alias myserver-name.com -keystore mykeystore.jks -file server-certificate.txt
</pre>
<h2>
Access the Web Service URL and create the client stub by compiling the WSDL with wsimport. </h2>
After running your wsimport command directly you should get a message complaining about a missing web authorization file.
<br />
What you need to do is create an authorization file (usually the default name/location for it is $HOME_DIRECTORY/.metro/auth, but check the previous error message, you'll get the hint from there).<br />
Inside this file you just write the line: "https://username:password@url?wsdl"<br />
<br />
Now create a file called: wsimport_mysvc.bat and code the following commands:
<br />
<pre>setlocal
set _JAVA_OPTIONS=%_JAVA_OPTIONS% -Djavax.net.ssl.trustStore=mykeystore.jks -Djavax.net.ssl.keyStorePassword=changeit -Djavax.net.ssl.trustStore=mykeystore.jks
wsimport -s . -verbose -keep -p gr.illumine.wsclient.stub -extension https://myserver-name.com/wsd/alc_interface?wsdl
endlocal
</pre>
<br />
Doing so, you fulfill both conditions for basic authentication and also for transport/SSL by asking wsimport to examine what is been sent from server against to what is stored in mykeystore.jks
<br />
<br />
Run the wsimport_mysvc.bat and the client stub files will be created in the package gr.illumine.wsclient.stub
<br />
<pre></pre>
<pre>C:\>set _JAVA_OPTIONS= -Djavax.net.ssl.trustStore=cacerts -Djavax.
net.ssl.keyStorePassword=changeit -Djavax.net.ssl.trustStore=cacerts
C:\>wsimport -s . -verbose -keep -p gr.illumine.wsclient.stub -extension https://myserver-name.com/wsd/alc_interface?wsdl
Picked up _JAVA_OPTIONS: -Djavax.net.ssl.trustStore=cacerts -Djavax.net.ssl.key
StorePassword=changeit -Djavax.net.ssl.trustStore=cacerts
parsing WSDL...
</pre>
<h2>
Code the client</h2>
The first thing you have to do is to add a static initializer that will provide the username and password for basic authentication:
<br />
<pre></pre>
<pre>public class AlcClient {
private static final Logger log= Logger.getLogger( AlcClient.class.getName() );
/*
* Use this static initializer to provide Basic Authentication for the Web Service Consumption
*/
static {
java.net.Authenticator.setDefault(new java.net.Authenticator() {
@Override
protected java.net.PasswordAuthentication getPasswordAuthentication() {
return new java.net.PasswordAuthentication("happyuser", "mypassword".toCharArray());
}
});
}
</pre>
<br />
Next, configure your SSL settings in the code, by adding the following system parameters:
<br />
<pre> /*
* Use the following settings to specify how this client will utilize the X509 trust store
* called mykeystore.jks. In this trustore, it is stored the server´s public certificate
* Also the trustore/keystores are password protected with a password "password"
*/
System.setProperty("java.protocol.handler.pkgs","com.sun.net.ssl.internal.www.protocol");
System.setProperty("javax.net.ssl.keyStore","mykeystore.jks");
System.setProperty("javax.net.ssl.keyStorePassword","password");
System.setProperty("javax.net.ssl.keyStoreType", "JKS");
System.setProperty("javax.net.ssl.trustStore","mykeystore.jks");
System.setProperty("javax.net.ssl.trustStorePassword","password");
System.setProperty("javax.net.ssl.trustStoreType", "JKS");
</pre>
<br />
Then add some debugging options to debug your SSL session. You are strongly advised to comment out the following code after testing it since it will affect the SSL performance.
<br />
<pre> /* Following options enable logging of all communication to the console
* We are most interested in the request response SOAP Messages */
System.setProperty("com.sun.xml.ws.transport.http.client.HttpTransportPipe.dump", "true");
System.setProperty("com.sun.xml.internal.ws.transport.http.client.HttpTransportPipe.dump", "true");
System.setProperty("com.sun.xml.ws.transport.http.HttpAdapter.dump", "true");
System.setProperty("com.sun.xml.internal.ws.transport.http.HttpAdapter.dump", "true");
</pre>
<br />
Now code the Web Service client instance by using the stub you have created with the wsimport:
<br />
<pre> ZALCINTERFACE_Service service = new ZALCINTERFACE_Service( new URL("myserver-name.com/wsd/alc_interface?wsdl"),
new QName("urn:com:myserver-name:document:sap:soap:functions:mc-style", </pre>
<pre> "ZALC_INTERFACE"));
/*
* From this service get the proper port
*/
ZALCINTERFACE port = service.getZALCINTERFACE();
/* Make the web service call */
String responseMessage = port.callMyWebMethod();
</pre>
<br />
Get the entire web service client java implementation <a href="http://illumine.gr/joomla/images/blog/AlcClient.java" target="_blank">can be downloaded here</a>Michael Mountrakishttp://www.blogger.com/profile/05421326797935920498noreply@blogger.com0Chalandri, Greece38.0137298171338 23.80971193313598638.0121658171338 23.807190433135986 38.0152938171338 23.812233433135987tag:blogger.com,1999:blog-4349701560687042128.post-22336883385901865092016-03-15T18:55:00.000+00:002016-05-24T13:04:44.713+01:00Set your HTML META tags in WordPressHi folks!<br />
<br />
I think there is no much need to tell you how important are HTML META tags for SEO for your site.<br />
So in order to have a simple touch of perfection, you just have to edit the following META tags:<br />
<br />
<pre>
<meta name="" content="Illumine Consulting - Europe" property="og:title"/>
<meta name="" content="website" property="og:type"/>
<meta name="" content="technology" property="website:tag"/>
<meta name="" content="cloud computing" property="website:tag"/>
<meta name="" content="b2b" property="website:tag"/>
<meta name="" content="science" property="website:tag"/>
<meta name="" content="http://www.illumine.gr" property="og:url"/>
<meta name="" content="https://www.linkedin.com/company/illumine-it-consulting?trk=company_logo" property="og:image"/></pre>
<pre><meta name="" content="Illumine IT Consulting - Greece" property="og:site_name"/>
<meta name="" content="For more than ten years Illumine IT Consulting " property="og:description"/></pre>
<pre><meta name="" content="1392144595" property="og:updated_time"/>
<link href="https://plus.google.com/{+PageId}" rel="publisher" />
<meta name="" content="https://media.licdn.com/media/p/2/005/020/2ca/29e39f7.png" </pre>
<pre>property="og:image"/>
<meta name="robots" content="index, follow" />
<meta name="keywords" content="illumine, IT, technology, consulting, services, software,mountrakis" /></pre>
<pre>
<meta name="generator" content="illumine it consulting" />
<meta name="author" content="michael mountrakis" />
<meta name="copyright" content="Copyright (c) Illumine Consulting. All Rights Reserved." />
</pre>
To do so, go to your WordPress admin panel
Then in the left menu select Appearance, Editor and select to edit header.php file. Then add your meta tags just like the following picture illustrates:
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi_ZtGJvMxkW4W0cWLGvHFgFMesFW0RfKwtWwAP1EipqKFSfoRVkyrUv07QzlOLZvFONgmFvKoxbsZoClfh7OcdLy6SCyhST-lzUszNii3yq84V0Zxo3VqLzAZKwmGQlkkrwmrVmVdYk34/s1600/wordpress_update_meta.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="213" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi_ZtGJvMxkW4W0cWLGvHFgFMesFW0RfKwtWwAP1EipqKFSfoRVkyrUv07QzlOLZvFONgmFvKoxbsZoClfh7OcdLy6SCyhST-lzUszNii3yq84V0Zxo3VqLzAZKwmGQlkkrwmrVmVdYk34/s320/wordpress_update_meta.PNG" width="320" /></a></div>
<br />Michael Mountrakishttp://www.blogger.com/profile/05421326797935920498noreply@blogger.com0tag:blogger.com,1999:blog-4349701560687042128.post-47976142122495484362016-03-08T01:48:00.002+00:002016-03-16T09:08:11.173+00:00Implement Redirects withing WordPress and Eggplant 301 RedirectsThe easiest way in order to add a redirect in your Wordpress site is by installing Eggplant 301 Redirects Plugin.
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjgWVZ3vd3haSKEbnOlHHhOc1wMLcb3RJpCgWa5XNrhyuwN2ocCSMLFNIHrpT7O8MJnw2zin4SbH0fDVd_-OinjqNwl992BepOLucTdBBzz_KYzSyF_pACFFLeDhjjj_ulIqEoz-LaW0Io/s1600/wordpress-eggplant1.PNG" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjgWVZ3vd3haSKEbnOlHHhOc1wMLcb3RJpCgWa5XNrhyuwN2ocCSMLFNIHrpT7O8MJnw2zin4SbH0fDVd_-OinjqNwl992BepOLucTdBBzz_KYzSyF_pACFFLeDhjjj_ulIqEoz-LaW0Io/s1600/wordpress-eggplant1.PNG" /></a></div>
<br />
To do so login to WordPress as administrator<br />
<br />
On the Left side menu go to Plugins --> Add New --><br />
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEizsByqaf7jF14o6nbCD4Hc5LUKUiVlRk6MB1mRB-FKsa_XUJkkdFrfddNNRAvNAdCdQZXJYFJQZhxIVCTyB-W0G8q1Jm0K6Pu698b5W9CFrnxBgwoiedmBU0FQadfOONtPtR5NnI6uu7A/s1600/wordpress-eggplant2.PNG" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="161" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEizsByqaf7jF14o6nbCD4Hc5LUKUiVlRk6MB1mRB-FKsa_XUJkkdFrfddNNRAvNAdCdQZXJYFJQZhxIVCTyB-W0G8q1Jm0K6Pu698b5W9CFrnxBgwoiedmBU0FQadfOONtPtR5NnI6uu7A/s400/wordpress-eggplant2.PNG" width="400" /></a></div>
<br />
<br />
Now in the Add Plugin page you have to add the word "eggplant" in the textfield and click "Install now"<br />
<div>
<br /></div>
<br />
<br />
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjK_WVt5E3RCAp9ylr2snRtpEttNFWEXTr8dH_jqI_1LODTt-E9Uub6K4MJ6keE_SsIbMlLd7M8A5P72KjVvBsYwNabwg9fjg-yEQQgBxph3lV-yczJHajBNfngVRHZAAyGBO_gdOUDHQQ/s1600/wordpress-eggplant3.PNG" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" height="283" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjK_WVt5E3RCAp9ylr2snRtpEttNFWEXTr8dH_jqI_1LODTt-E9Uub6K4MJ6keE_SsIbMlLd7M8A5P72KjVvBsYwNabwg9fjg-yEQQgBxph3lV-yczJHajBNfngVRHZAAyGBO_gdOUDHQQ/s320/wordpress-eggplant3.PNG" width="320" /></a></div>
The last part is to add a redirect. To do so, go on the Left side menu go to Settings --> EPS Redirects<br />
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
And finally add the redirect to your Wordpress page using Eggplant plugin redirect management:</div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiyQCm8g3adOgU4rWMKCOc8biDpzQOslRrZTla4qcpA4irpWoCzI1wyBdjgvh695WrNkaCXblF_hZu1gdZaeAstEedQog70TxePhDTEDzTcrc_k7obbXwFH4M8ckpvVFqcPfXx7IAiu_vY/s1600/wordpress-eggplant4.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="154" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiyQCm8g3adOgU4rWMKCOc8biDpzQOslRrZTla4qcpA4irpWoCzI1wyBdjgvh695WrNkaCXblF_hZu1gdZaeAstEedQog70TxePhDTEDzTcrc_k7obbXwFH4M8ckpvVFqcPfXx7IAiu_vY/s640/wordpress-eggplant4.PNG" width="640" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<br />Michael Mountrakishttp://www.blogger.com/profile/05421326797935920498noreply@blogger.com0tag:blogger.com,1999:blog-4349701560687042128.post-15004580848136933722016-03-07T18:47:00.000+00:002016-03-07T21:22:04.285+00:00Apache httpd reverse proxy for Tomcat with SSL self signed certificates.Recalling from the <a href="http://illumineconsulting.blogspot.gr/2016/03/fedora-22-apache-tomcat-and-httpd.html" target="_blank">previous article on how to install Apache Tomcat 7 and Httpd on Fedora 22 </a>we are now going to present how to configure Apache Httpd working as a reverse proxy for Apache Tomcat. <br />
<br />
In more details, we are going to implement the following setup:
<br />
<ul>
<li>Setup Tomcat 7 listening on port 8080
</li>
<li>Redirect port 80 (HTTP) to port 443 (HTTPS)
</li>
<li>Use self signed RSA server certificates to authenticate our HTTPs server on clients and secure the TCP session.
</li>
</ul>
<h3>
Public and Private Server Key</h3>
In order to create the Server Public/Private key set we are going to use <a href="https://www.openssl.org/" target="_blank">openSSL tools. </a><br />
To install them in you Fedora 22 server do:
<br />
<pre># dnf install openssl
# or for older Fedora systems
# yum install openssl
</pre>
<br />
Then openssl tools are installed to:
<br />
<pre># which openssl
/bin/openssl
</pre>
<br />
Go to the apache httpd configuration directory and do the following:
<br />
<pre># cd /etc/httpd/conf/
</pre>
<br />
Generate a PEM RSA private key key using DES3
<br />
<pre># openssl genrsa -des3 -passout pass:mypass -out server.pass.key 2048
Generating RSA private key, 2048 bit long modulus
..............................+++
...................................................................................+++
e is 65537 (0x10001)
</pre>
<br />
Create a Server PEM certificate request using the server key:
<br />
<pre># openssl req -new -key server.pass.key -out server.csr
Enter pass phrase for server.pass.key: # put mypass here
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:GR
State or Province Name (full name) [Some-State]:Athens
Locality Name (eg, city) []:Athens
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Illumine IT Consulting
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:www.illumineit.com
Email Address []:info@illumine.gr
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []: # press enter here to skip password
An optional company name []: Illumine IT Consulting
</pre>
<br />
<br />
Finally, create the server certificate using the PEM Certificate Request
<br />
<pre># openssl x509 -req -in server.csr -signkey server.pass.key -out server.crt -days 365
Signature ok
subject=/C=GR/ST=Athens/L=Athens/O=Illumine IT Consulting/CN=www.illumineit.com/emailAddress=info@illumineit.com
Getting Private key
Enter pass phrase for server.pass.key: # put mypass here
</pre>
<br />
<br />
By the end of this operation you should have the following files created:
<br />
<pre># ls -l
-rw-r--r--. 1 root root 1318 Mar 7 18:11 server.crt
-rw-r--r--. 1 root root 1115 Mar 7 18:07 server.csr
-rw-r--r--. 1 root root 1743 Mar 7 18:05 server.pass.key
</pre>
<ul>
<li>server.ctr: is the server certificate
</li>
<li>server.csr: is the server PEM certificate request
</li>
<li>server.pass.key : server´s private RAS key.
</li>
</ul>
<h3>
Configure Apache HTTPd working with SSL certificates and reverse proxy to Tomcat </h3>
<pre># vi /etc/httpd/conf/httpd.conf
</pre>
<br />
Add the following section:
<br />
<pre class="xml" name="code">ServerRoot "/etc/httpd"
# Port 80 (HTTP) will be redirected to 443 (HTTPS)
Listen 80
<virtualhost>
ServerName www.illumineit.com
Redirect permanent / https://www.illumineit.com
</virtualhost>
# Port 443 HTTPS will be default
Listen 443
<virtualhost _default_:443="">
ServerName www.illumineit.com
ServerAdmin my-mail-here
#
# Configure SSL engine on and add your certificates
#
SSLEngine on
SSLCertificateFile conf/server.crt
SSLCertificateKeyFile conf/server.key
#
# proxypass configuration to your tomcat server running on 8080
#
ProxyPass /zsecure-pdf/ http://www.illumineit.com:8080/zsecure-pdf/
ProxyPassReverse /zsecure-pdf/ http://www.illumineit.com:8080/zsecure-pdf/
ProxyPassReverseCookieDomain www.illumineit.com www.illumineit.com
ProxyPassReverseCookiePath /zsecure-pdf /zsecure-pdf
<location>
ProxyPassReverse /
SetOutputFilter proxy-html
RequestHeader unset Accept-Encoding
</location>
BrowserMatch "MSIE [2-5]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
</virtualhost>
</pre>
The first section VirtualHost configures Apache to redirect whatever goes to port 80 to be redirected to port 443 (HTTPS)
<br />
<br />
The second section VirtualHost configures Apache to use Tomcat as reverse Proxy. So if someone requests URI path /zsecure-pdf/ this will be redirected to port 8080 where tomcat listens.
<br />
<br />
Save and restart the Apache HTTPD:
<br />
<pre># service httpd restart
Redirecting to /bin/systemctl restart httpd.service
</pre>
<h3>
Test Apache </h3>
Hit with browser http://www.illumineit.com this will redirect you to https://www.illumineit.com
<br />
<br />
if you also navigate to the path that was reverse pass:
https://31.171.245.82/zsecure-pdf/secure-my-pdf-to-image-password-encrypt-and-watermark.html
then you will be served from Tomcat serving your application.
<br />
<h3>
Potential problems </h3>
AH01114: HTTP: failed to make connection to backend<br />
To get rid of this log to your server as root and run those commands:<br />
<pre>/usr/sbin/setsebool httpd_can_network_connect 1
/usr/sbin/setsebool -P httpd_can_network_connect 1
</pre>
<br />
<br />
Page does not renders correctly: images and CSS are missing.
That is very common since HTML pages might taken from other sites by A HREF. The only think you can do is copy them locally to WebContent directory of your WAR deployment.
Michael Mountrakishttp://www.blogger.com/profile/05421326797935920498noreply@blogger.com0tag:blogger.com,1999:blog-4349701560687042128.post-17252591790678048132016-03-07T14:12:00.000+00:002016-03-07T19:07:13.799+00:00Fedora 22 Apache Tomcat and Httpd. Publishing an application in minutes.Recalling from the previous article "<a href="http://illumineconsulting.blogspot.gr/2016/03/the-quest-for-holy-cloud.html" target="_blank">Quest of the Holy Cloud</a>" I got a provider and started a simple VM over there.<br />
One of my first actions was to <a href="http://illumineconsulting.blogspot.gr/2016/03/set-you-linux-host-name-and-domain.html" target="_blank">baptize my server and give it a fancy hostname</a>. <br />
Now lets come to the juicy part. In this article I am going to build a simple application server to handle PDF trans-code to images with a custom Java application I built.<br />
The actions I am going to demonstrate are how to:
<br />
<ul>
<li>Setup OpenJKD on Fedora 22
</li>
<li>Install Ghostscript libraries required for my application.
</li>
<li>Download, install and configure Apache Tomcat 7
</li>
<li>Install and configure Apache HTTPd.
</li>
<li>Installing Open JDK
</li>
</ul>
<h3>
Install OpenJDK </h3>
The first step is really easy. We need a JDK or a JRE in order to run Tomcat that hosts our application. The straight option is to use <a href="http://openjdk.java.net/" target="_blank">opensource community JAVA: OpenJDK. </a><br />
To do so, I entered the following commands:
<br />
<pre># dnf install java
Last metadata expiration check performed 1:09:31 ago on Mon Mar 7 12:20:26 2016.
...
</pre>
To check where java is and what has been installed:
<br />
<pre># which java
/bin/java
# java -version
openjdk version "1.8.0_72"
OpenJDK Runtime Environment (build 1.8.0_72-b15)
OpenJDK 64-Bit Server VM (build 25.72-b15, mixed mode)
</pre>
<h3>
Install Ghostscript </h3>
Most of the software I wrote rely to <a href="http://www.ghostscript.com/" target="_blank">Ghostscript</a> shared libraries that are called from the corresponding Java API. To install them I entered the following commands:
<br />
<pre># dnf install ghostscript
Last metadata expiration check performed 1:15:36 ago on Mon Mar 7 12:20:26 2016.
..
</pre>
The library got installed at:
<br />
<pre># ls -lh /lib64/libgs*
..
-rwxr-xr-x. 1 root root 16M Mar 31 2015 /lib64/libgs.so.9.16
# file /lib64/libgs.so.9.16
/lib64/libgs.so.9.16: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=6601d742a4829cb3e4fe8197f1b1457f665ce130, stripped
</pre>
<h3>
Install Apache Tomcat 7</h3>
<a href="https://tomcat.apache.org/download-70.cgi" target="_blank">Apache Tomcat 7</a> can be downloaded from here as a tar.gz file by picking up a binary distribution as follows:
<br />
<pre># cd /opt
# wget http://mirror.serversupportforum.de/apache/tomcat/tomcat-7/v7.0.68/bin/apache-at-7.0.68.tar.gz
# tar -xvf apache-tomcat-7.0.68.tar.gz
</pre>
<br />
Now tomcat is not provided as a service from Fedora. To do so, we need to create a simple start script in /etc/init.d:
<br />
<pre class="bash" name="code">
</pre>
<pre class="bash" name="code"># cd /etc/init.d
# vi tomcat
</pre>
paste the following to the script tomcat:
<br />
<pre>#!/bin/bash
# start/ stop Tomcat script
# Since you are using OpneJDK put this as your java home
JAVA_HOME=/
export JAVA_HOME
PATH=$JAVA_HOME/bin:$PATH
export PATH
# Where you have placed tomcat
CATALINA_HOME=/opt/apache-tomcat-7.0.68
case $1 in
start)
sh $CATALINA_HOME/bin/startup.sh
;;
stop)
sh $CATALINA_HOME/bin/shutdown.sh
;;
restart)
sh $CATALINA_HOME/bin/shutdown.sh
sh $CATALINA_HOME/bin/startup.sh
;;
esac
exit 0
</pre>
Now tomcat needs to be registered as a Linux service. To do so add those commands:
<br />
<pre># cd /etc/init.d
# chmod 755 tomcat
# chkconfig --add tomcat
# chkconfig --level 234 tomcat on
# chkconfig --list tomcat
</pre>
<h3>
Installing Apache HTTPD </h3>
This comes <a href="https://docs.fedoraproject.org/en-US/Fedora/12/html/Managing_Confined_Services/chap-Managing_Confined_Services-The_Apache_HTTP_Server.html" target="_blank">as a standard service supported from Fedora distribution</a>. To install it:
<br />
<pre># dnf install httpd
...
</pre>
For a very fast configuration of http you can edit httpd.conf and add a simple virtual host:
<br />
<pre># vi /etc/httpd/conf/httpd.conf
# add where "Listen 80" is:
Listen My.Host.IP.Here:80
<virtualhost>
DocumentRoot "/www/illumineit.com"
ServerName www.illumineit.com
# Other directives here
</virtualhost>
</pre>
Since in modern Cloud environments the linux firewall IP Tables may block everything, here are the commands to unlock the ports:
<br />
<pre>iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
</pre>
You can start the HTTP service and get its status:
<br />
<br />
<pre># service httpd start
Redirecting to /bin/systemctl start httpd.service
# service httpd status
Redirecting to /bin/systemctl status httpd.service
httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)
Active: active (running) since Mon 2016-03-07 14:09:27 UTC; 4s ago
Main PID: 1760 (httpd)
Status: "Processing requests..."
CGroup: /system.slice/httpd.service
├─1760 /usr/sbin/httpd -DFOREGROUND
├─1761 /usr/sbin/httpd -DFOREGROUND
├─1762 /usr/sbin/httpd -DFOREGROUND
├─1763 /usr/sbin/httpd -DFOREGROUND
├─1764 /usr/sbin/httpd -DFOREGROUND
└─1765 /usr/sbin/httpd -DFOREGROUND
Mar 07 14:09:27 securepdf.illumineit.com systemd[1]: Starting The Apache HTTP Server...
Mar 07 14:09:27 securepdf.illumineit.com systemd[1]: Started The Apache HTTP Server.
</pre>
The deployment directory for tomcat where you can place your WAR files is: /opt/apache-tomcat-7.0.68/webapps/ since I have donwloaded and installed tomcat on /opt. <br />
You can use WinSCP to copy your WAR file there:
<br />
<br />
<pre># ls -lh /opt/apache-tomcat-7.0.68/webapps/
total 27M
drwxr-xr-x. 14 root root 4.0K Mar 3 11:00 docs
drwxr-xr-x. 7 root root 4.0K Mar 3 11:00 examples
drwxr-xr-x. 5 root root 4.0K Mar 3 11:00 host-manager
drwxr-xr-x. 5 root root 4.0K Mar 3 11:00 manager
drwxr-xr-x. 3 root root 4.0K Mar 3 11:00 ROOT
drwxr-xr-x. 4 root root 4.0K Mar 4 16:59 zsecure-pdf
-rw-r--r--. 1 root root 27M Mar 4 16:59 zsecure-pdf.war
</pre>
<br />Michael Mountrakishttp://www.blogger.com/profile/05421326797935920498noreply@blogger.com0tag:blogger.com,1999:blog-4349701560687042128.post-20232374596160349672016-03-04T12:55:00.004+00:002016-03-04T12:55:50.198+00:00Set you linux host name and domain<span style="font-family: Arial, Helvetica, sans-serif;">Recently I have created a new VM linux server on <a href="https://www.cloudsigma.com/" target="_blank">CloudSigma</a>. The Server runs Fedora 22. In order to setup the hostname and network domain I have changed the following files:</span><br />
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;">[root@illumine ~]# cat /etc/host</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;">securepdf</span><br />
<span style="font-size: x-small;"><br /></span>
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;">[root@illumine ~]# cat /etc/hostname</span><br />
<span style="font-family: 'Courier New', Courier, monospace;"><span style="font-size: x-small;">securepdf</span></span><br />
<span style="font-family: 'Courier New', Courier, monospace;"><span style="font-size: x-small;"><br /></span></span>
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;">[root@illumine ~]# cat /etc/hosts</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;">127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;">::1 localhost localhost.localdomain localhost6 localhost6.localdomain6</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"><br /></span>
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;">178.XXX.XXX.132 securepdf.illumineit.com securepdf</span><br />
<div>
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Arial, Helvetica, sans-serif;">Test it using ping:</span></div>
<div>
<br /></div>
<div>
<div>
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;">[root@securepdf ~]# ping securepdf</span></div>
<div>
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;">PING securepdf.illumineit.com (</span><span style="font-family: 'Courier New', Courier, monospace; font-size: x-small;">178.XXX.XXX.132</span><span style="font-family: Courier New, Courier, monospace; font-size: x-small;">) 56(84) bytes of data.</span></div>
<div>
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;">64 bytes from securepdf.illumineit.com (</span><span style="font-family: 'Courier New', Courier, monospace; font-size: x-small;">178.XXX.XXX.132</span><span style="font-family: Courier New, Courier, monospace; font-size: x-small;">): icmp_seq=1 ttl=64 time=0.036 ms</span></div>
</div>
<div>
<br /></div>
<div>
<br /></div>
<div>
<br /></div>
Michael Mountrakishttp://www.blogger.com/profile/05421326797935920498noreply@blogger.com0tag:blogger.com,1999:blog-4349701560687042128.post-4567920305803034902016-03-04T12:42:00.000+00:002016-03-07T13:18:10.929+00:00The quest for the Holy Cloud.<span style="font-family: "arial" , "helvetica" , sans-serif;">The last 10 days I am struggling myself to choose a cloud provider. </span><br />
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span>
<span style="font-family: "arial" , "helvetica" , sans-serif;">My selection criteria:</span><br />
<br />
<ul>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Free of charge for a trial use. No credit card registration.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Easy to use with what I know without having to invest on extra study</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">The resources the cloud provider offers for trial/free tries, like CPU, allowed Network bandwidth. The more resources offered, the best scoring for the cloud provider.</span></li>
<li><span style="font-family: "arial" , "helvetica" , sans-serif;">Technology used for Automation and VM provisioning. </span></li>
</ul>
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span>
<span style="font-family: "arial" , "helvetica" , sans-serif;">I tried several cloud providers by the order they appear on Google. </span><br />
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span>
<span style="font-family: "arial" , "helvetica" , sans-serif;">First of all, I dumped <a href="https://aws.amazon.com/" target="_blank">Amazon Cloud Services</a> only for one reason: I don not really want to put my Credit Card even before I have to pay for something just because the site asks it. If it was not Amazon behind the site- would you put your card? So no Amazon for me.</span><br />
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span>
<span style="font-family: "arial" , "helvetica" , sans-serif;">Second try with <a href="https://openshift.redhat.com/" target="_blank">Openshift</a> from Red Hat. I registered there and created a VM with Tomcat7/JBoss "cartridge". Cool - worked out easy and in about 10 minutes I managed to register and create a VM. However: the machine has too many restrictions, for example you cannot add the packages you like with RPM or yum. Moreover, the Tomcat7 differs from the standard tomcat you download from Apache. When I tried to deploy one of my apps in the new machine there the deployment failed. Also, I did not like the approach of automation implementation with rhc tools. It reminded me some nightmares I had with Chef´s knife. </span><br />
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span><span style="font-family: "arial" , "helvetica" , sans-serif;">My next try was with <a href="https://www.digitalocean.com/" target="_blank">DigitalOcean</a>. They do not have a free plan but instead they offer a voucher with discount. Again when I tried to register, after following the link in the confirmation email that was sent from them, I was redirected to their page asking for my Credit Card details again: "</span><span style="background-color: #f9fcff; color: #444444; font-family: , "proxima nova" , "helvetica neue" , "helvetica" , "arial" , sans-serif; font-size: 16px; line-height: 23.2px;">Thanks! Please add a credit card to activate your account." </span><span style="font-family: "arial" , "helvetica" , sans-serif;">Thanks but no thanks guys. "There are other orange trees that also make oranges" as an old Greek piece of mind says.</span><br />
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span>
<span style="font-family: "arial" , "helvetica" , sans-serif;">Finally I got there: </span><span style="font-family: "arial" , "helvetica" , sans-serif;"> </span><a href="https://www.cloudsigma.com/" style="font-family: Arial, Helvetica, sans-serif;" target="_blank">cloudsigma.com</a>. <span style="font-family: "arial" , "helvetica" , sans-serif;">No credit card requirement for a test drive of 7 days. So I created a VM with Fedora 22 in less than a minute. </span><span style="font-family: "arial" , "helvetica" , sans-serif;">If you register with them you can run your instance for free for 7 days with a limitation about port 25 for email. They offer VNC client on their site to connect to the running VM. I also got connected using Putty and OpenSSL tools with a minimal configuration of the security keys. At some point, I could not find the Super user credentials for the VM but there was a message box with 24/7 online help even for the trial users. The operator responded instantly and gave me some hints. The extra bonus for this cloud provider is the billing scheme they apply: they bill <i>the usage of the resources</i> not the resources. So you pay if you exceed your contract threshold per 5 minutes sampling. They utilize <a href="https://cloudsigma-docs.readthedocs.org/en/2.14/" target="_blank">HTTP/HTTPS API</a> for cloud management and Operations, a design that according to my opinion is the most flexible way to build your applications on top. </span><br />
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span>
<span style="font-family: "arial" , "helvetica" , sans-serif;">From my quest for the holy cloud I think I made the correct decision with </span><a href="https://www.cloudsigma.com/" style="font-family: Arial, Helvetica, sans-serif;">cloudsigma.com</a>.<br />
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span>
Michael Mountrakishttp://www.blogger.com/profile/05421326797935920498noreply@blogger.com0tag:blogger.com,1999:blog-4349701560687042128.post-68299354043135823462014-07-15T15:45:00.002+01:002014-07-15T15:53:26.764+01:00Pattern to Deliver Different Automation Templates per server group<b><u>The Problem: </u></b><br />
<div style="text-align: justify;">
I have 3 groups servers that utilize different settings like LDAP, Apache config, Splunk. Each group has around 30 servers.
Each of the configuration file for LDAP, Apache and Splunk does <b>NOT </b>have the same format, so a general automation Ruby template cannot be used for all three groups of servers. </div>
<br />
For example I cannot have a Splunk authentication.conf.erb for all groups like:
<br />
<pre class="php" name="code">[default]
[Corporate AD]
bindDN = <%= @node['splunk']['ldap-bindDN'] %>
charset = utf8
bindDNpassword = <%= @node['splunk']['ldap-bindDNpassword'] %>
SSLEnabled = 0
port = 389
userBaseDN = <%= @node['splunk']['ldap-userBaseDN'] %>
host = <%= @node['splunk']['ldap-binddn'] %>
[authentication]
authType = LDAP
authSettings = <%= @node['splunk']['ldap-authSettings'] %>
# Here the splunk Stanga is always different for all 4 group of servers!!!
[roleMap_Corporate]
admin = wewvffsf3f
myreporting = 0110052012E
power = 0110052012E;0110052012E;0110052012E;0110052012E;
</pre>
<br />
<b><u>Question: </u></b><br />
How to apply automation for all four server groups by having templates of different formats ?<br />
<br />
<b><u>Solution:</u></b><br />
I give each server group a group id as an attribute: <br />
<div style="text-align: center;">
<span style="font-family: Courier New, Courier, monospace;">node['splunk']['group-id'] = groupA or groupB or groupC </span></div>
<br />
Then in my Chef project I organize my templates folder as follows:<br />
<br />
Contents of my-chef-project/templates/default<br />
<ul>
<li>groupA-authentication.conf.erb : describes LDAP settings for Group A
</li>
<li>groupA-authorization.conf.erb : describes Splunk Authorization settings for Group A
</li>
<li>groupB-authentication.conf.erb : describes LDAP settings for Group B
</li>
<li>groupB-authorization.conf.erb : describes Splunk Authorization settings for Group B
</li>
<li>groupC-authentication.conf.erb : describes LDAP settings for Group C
</li>
<li>groupC-authorization.conf.erb : describes Splunk Authorization settings for Group C
</li>
</ul>
Each of those templates is bare simple text without any parameters or anything else except perhaps node IP, hostname...
See an example <span style="font-family: Courier New, Courier, monospace;">groupA-authentication.conf.erb :
</span><br />
<pre class="php" name="code">[default]
[Corporate Settings]
bindDN = CN=splunk,OU=Services,OU=Company Page,OU=Resources,DC=illumine,DC=gr
SSLEnabled = 1
port = 437
host = ldap.illumine.com
client = <%= @node['ip'] %>
[authentication]
authType = LDAP
authSettings = Corporate Settings
[roleMap_Corporate kl]
admin = nottellingya
blog = 0110341333450057252012E
puser = 0110003532234123412342012E;0110003532234123412342012E;0110003532234122412342012E
</pre>
<br />
In my automated delivery chef recipe for any type of those templates I do something like the following chef ruby illustrates:
<br />
<br />
<pre class="php" name="code"> template "/opt/splunk/etc/system/local/authentication.conf" do
source "#{node['splunk']['group-id']}_authentication.conf.erb"
owner 'splunk'
group 'splunk'
mode 0600
variables()
ignore_failure true
end
</pre>
<br />
Note that:<br />
<br />
<ul>
<li>The template that is sourced is bound to the server´s group ID. </li>
<li>Any server is the group will take the same group template. </li>
<li>The parameter<span style="font-family: Courier New, Courier, monospace;"> ignore_failure true </span>denotes that if a template is not found for this group-id then no configuration is delivered and Chef automation will continue without brake.</li>
</ul>
Michael Mountrakishttp://www.blogger.com/profile/05421326797935920498noreply@blogger.com0Walldorf, Germany49.306769754041078 8.64761352539062549.265361754041081 8.5669325253906248 49.348177754041075 8.7282945253906252tag:blogger.com,1999:blog-4349701560687042128.post-28263028585377914412014-03-14T13:19:00.002+00:002014-07-15T15:11:32.539+01:00Concurrent mode failure: Tuning JVM GC for Solr <b><u>The machine</u></b><br />
I have an 8 CPU VM server with 32GB RAM running Solr. My JVM is 1.6.0_37 with the following JVM settings:<br />
<pre class="java" name="code">-Xms28g
-Xmx28g
-XX:NewSize=6g
-XX:MaxNewSize=6g
-XX:SurvivorRatio=4
-XX:PermSize=512m
-XX:MaxPermSize=512m
-XX:SoftRefLRUPolicyMSPerMB=500
-XX:+PrintCommandLineFlags
-XX:+HeapDumpOnOutOfMemoryError
-XX:+DumpGCHistoryOnOutOfMemory
-XX:+DumpDetailedClassStatisticOnOutOfMemory
-XX:HeapDumpPath=/opt/alfresco/tomcat/dumps
-verbose:gc
-Xloggc:/opt/alfresco/tomcat/dumps/gc-logs/gc-2014-03-13-10-00-07.log
-XX:+GCHistory
-XX:+CMSClassUnloadingEnabled
-XX:+DisableExplicitGC
-XX:+PrintGCDateStamps
-XX:+PrintGCDetails
-XX:+PrintTenuringDistribution
-XX:+UseCompressedOops
-XX:+UseConcMarkSweepGC
-XX:+UseParNewGC
</pre>
<br />
The reason for such huge heap is that the Solr data are about 130 GB and Sorl is heavily utilized from around 100 concurrent threads performing text search on documents.<br />
I notice that Sorl application <b>pauses </b>for some time without responding. I discovered on the GC logs the following problem:
<br />
<pre class="java" name="code">2014-03-17T14:29:23.438+0100: 7991.661: [GC2014-03-17T14:29:23.438+0100: 7991.661: [ParNew (promotion failed)
Desired survivor size 268435456 bytes, new threshold 15 (max 15)
- age 1: 125233576 bytes, 125233576 total
: 2621440K->2228808K(2621440K), 5.9399450 secs]2014-03-17T14:29:29.378+0100: 7997.601: [CMS2014-03-17T14:29:32.715+0100: 8000.938: [CMS-concurrent-sweep: 21.573/33.920 secs] [Times: user=118.80 sys=3.29, real=33.91 secs]
(concurrent mode failure): 20465547K->11174034K(26214400K), 33.5774490 secs] 22674213K->11174034K(28835840K), [CMS Perm : 47873K->47648K(524288K)], 39.5176760 secs] [Times: user=46.19 sys=2.36, real=39.51 secs]
</pre>
<div>
<br /></div>
This issue is summarized in the official ORACLE documentation for JVM v6 as follows: <br />
<br />
<i>..a concurrent collection needs to be started at a time such that the collection can finish before the tenured generation becomes full; otherwise the application would observe longer pauses due to concurrent mode failure. There are several ways a concurrent collection can be started. </i><br />
<br />
See: <a href="http://www.oracle.com/technetwork/java/javase/gc-tuning-6-140523.html#cms.concurrent_mode_failure" target="_blank"> Concurrent Mode Failure</a><br />
<br />
The message "concurrent mode failure" signifies that the concurrent collection of the tenured generation did not finish before the tenured generation became full. In other words, the new generation is filling up too fast, it is overflowing to tenured generation but the CMS could not clear out the tenured generation in the background.
When a concurrent mode failure happens, the low pause collector does a <b>stop-the-world</b> (STW) collection. All the application threads are stopped, a different algorithm is used to collect the tenured generation (our particular flavor of a mark-sweep-compact), the applications threads are started again, and life goes on....<br />
<br />
Seems that a concurrent mode failure is responsible for a "<b>Stop the World</b>" JVM pausing.<br />
See also another <a href="https://blogs.oracle.com/jonthecollector/entry/what_the_heck_s_a" target="_blank">wonderful Blog about the same issue here</a> :<br />
<br />
In order to treat problem we tune the following JVM flags:<br />
<pre class="java" name="code">-XX:CMSInitiatingOccupancyFraction=10
</pre>
Indicating that a concurrent collection will start if the occupancy of the tenured generation exceeds 10% instead of 92% that is the default threshold.<br />
<pre class="java" name="code">-XX:CMSIncrementalSafetyFactor=100
</pre>
Indicating to the JVM GC to start a concurrent collection at the next opportunity without any delay.<br />
See also <a href="http://www.oracle.com/technetwork/java/javase/gc-tuning-6-140523.html" target="_blank">Oracles GC tunning instructions here</a>Michael Mountrakishttp://www.blogger.com/profile/05421326797935920498noreply@blogger.com0tag:blogger.com,1999:blog-4349701560687042128.post-77582649696393893982014-01-28T18:46:00.003+00:002014-01-28T19:37:03.006+00:00Overriding finalize() for reference count on active threadsThe need for this small article came from the implementation of a custom thread controller. In my design I am using a <a href=""http://docs.oracle.com/javase/7/docs/api/java/lang/ThreadGroup.html">ThreadGroup</a> that holds threads that dynamically
load classes and invoke methods of objects created on the fly.<br />
<br />
The problem here comes with the ThreadGroup. I want to have the number of all threads in the group and we mean absolute number not something like
<code> myThreadGroup.activeCount() </code> that shows only the active threads of the group.
Normally <code> ThreadGroup.activeCount() </code> <b>returns an estimate</b> of the number of active threads in this thread group, so we cannot rely on the this.
<br />
One solution is to hold a container of references to all the new threads, but then I have to implement custom synchronized code for accessing
the container and blah blah... <p>
The solution I finally followed was to implement an object reference count on the parent class <code>CustomPlugin</code>.
When a new object of any descendant class rooted from CustomPlugin, reference count is augmented.
When a plugin exits <code>execute()</code> method, the curring thread exits <code>run()</code>. </br>
Plugin object reference terminated and destroyed by the JVM GC and the number of concurent plugins is decreased to something less than
<code>MAX_TOTAL_PLUGINS</code>. Only then a new plugin can be created.
<pre class="java" name="code">
public abstract class CustomPlugin extends Thread implements Plugin{
public static final int MAX_TOTAL_PLUGINS = 3;
private static int refCount = 0;
public CustomPlugin(String name) throws Exception{
if(!allowLoad()){
throw new Exception("Maximum plugin objects already loaded!");
}
Thread.currentThread().setName(name + "-" + Thread.currentThread().getId() );
refCount++;
}
@Override
protected void finalize(){
try {
super.finalize();
} catch (Throwable e) {
e.printStackTrace();
}finally{
refCount--;
}
}
public static boolean allowLoad() {
return (refCount>=MAX_TOTAL_PLUGINS?false:true);
}
public abstract execute(String [] args);
}
</pre>
Remember that you have only <code>CustomPlugin.MAX_TOTAL_PLUGINS=3</code> available threads that you can use for your plugins, meaning that only MAX_TOTAL_PLUGINS can be used in total, regardless if their threads are sleeping! When a plugin exits <code>execute()</code> method, the curring thread exits
<code>run()</code>.
Plugin object reference terminated and destroyed by the JVM GC and the number of concurrent plugins is decreased to something less
than <code>MAX_TOTAL_PLUGINS</code>. Only then a new plugin can be called.Michael Mountrakishttp://www.blogger.com/profile/05421326797935920498noreply@blogger.com0tag:blogger.com,1999:blog-4349701560687042128.post-69030643233986706592014-01-22T16:37:00.000+00:002020-06-22T10:10:00.708+01:00Implementing 2-way SSL in Java using TLS and Self Signed Certificates part4<div dir="ltr" style="text-align: left;" trbidi="on">
<b><u>Debug the Client/Server Communication </u></b><br />
<br />
<br />
<b>Entire Source Code of the tutorial here: </b><br />
<a href="https://github.com/illumine/articles/tree/master/Implementing-2-way-SSL-in-Java-using-TLS-and-Self-Signed-Certificates"><b>https://github.com/illumine/articles/tree/master/Implementing-2-way-SSL-in-Java-using-TLS-and-Self-Signed-Certificates</b></a><br />
<br />
<br />
This part depends on the:<br />
<ul style="text-align: left;">
<li>Communication credentials, or the Keystore/Trustore file created in<a href="http://illumineconsulting.blogspot.de/2014/01/implementing-2-way-ssl-in-java-using.html" target="_blank"> Part-1</a></li>
<li>Server implemented in<a href="http://illumineconsulting.blogspot.de/2014/01/implementing-2-way-ssl-in-java-using_22.html" target="_blank"> Part-2</a></li>
<li>Client implemented in <a href="http://illumineconsulting.blogspot.de/2014/01/implementing-2-way-ssl-in-java-using_967.html" target="_blank">Part-3</a></li>
</ul>
<br />
To start with we need to include on our JVM arguments on both client and server the following option:<br />
<span style="font-family: "courier new" , "courier" , monospace;">-Djavax.net.debug=all </span><br />
<br />
So for example to run the server we do:<br />
<span style="font-family: "courier new" , "courier" , monospace;">$ java TwoWaySslServer -Djavax.net.debug=all</span><br />
<br />
As a result, we have all the debugging information we need for network operations from the JVM and the imported classes, like <span style="font-family: "courier new" , "courier" , monospace;">SSLServerSocket</span>.<br />
<br />
Having our server in debug mode, we can observe that the <b>Keystore (mysystem.jks) </b> was loaded correctly if we notice the following private key log entry:<br />
<br />
<pre>***
found key for : <span style="color: red;"><b>mysystem</b></span>
chain [0] = [
[
Version: V3
Subject: <b>CN=mysystem, L=Chalandri, ST=Athens, C=GR</b>
Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
Key: Sun RSA public key, 1024 bits
modulus: 127165120252867655295291767293201905001859144644390543231567027664179957281793248832544049047501722299712701237862474932181664724853946779349563166371011412260964043029373627517538842247060193170649833260910804612805979354599504164270912367917881965338674535760796311997608873587262396297225200721624071184029
public exponent: 65537
Validity: [From: Wed Jan 22 12:46:44 CET 2014,
To: Mon Jan 22 12:46:44 CET 2024]
Issuer: CN=mysystem, L=Chalandri, ST=Athens, C=GR
SerialNumber: [ af1b0164 bd3095fa]
Certificate Extensions: 3
[1]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 03 B2 09 B4 89 36 32 E4 D6 A3 51 4A 5D 3B CD ED .....62...QJ];..
0010: B2 00 77 EC ..w.
]
]
[2]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:true
PathLen:2147483647
]
[3]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 03 B2 09 B4 89 36 32 E4 D6 A3 51 4A 5D 3B CD ED .....62...QJ];..
0010: B2 00 77 EC ..w.
]
]
]
Algorithm: [SHA256withRSA]
Signature:
0000: 78 58 C9 F5 C0 42 2D 62 B5 0D 8A 79 6B 57 5A 85 xX...B-b...ykWZ.
0010: 8C 85 20 4D 7B B3 8A 0A DF 83 D9 D1 5A FA F6 26 .. M........Z..&
0020: 53 56 DB FE B3 82 42 35 0C BF E8 BD 75 0A 18 7A SV....B5....u..z
0030: D7 B0 36 E5 4E F9 82 FB 23 57 EC 23 3F D0 92 9E ..6.N...#W.#?...
0040: 9C D6 FA 26 32 7C B6 4A 62 A4 4B AB F7 D3 64 7C ...&2..Jb.K...d.
0050: 37 92 ED F2 2B 62 BC E7 A6 35 E6 87 67 9E BD 0D 7...+b...5..g...
0060: 97 5E 0F 31 A9 B1 AB 64 CC F9 4B 51 3E 90 7B 2F .^.1...d..KQ>../
0070: E9 2E 23 E5 BC D3 DA 32 20 3B 6C 2C B8 E2 7C 6B ..#....2 ;l,...k
]
</pre>
<br />
If we don´t find our private key in the above debugging information,<b> we need to check again the parameters</b>:
<br />
<br />
<pre class="java" name="code"> System.setProperty("javax.net.ssl.keyStore","mysystem.jks");
System.setProperty("javax.net.ssl.keyStorePassword","welcome");
</pre>
<br />
Similarly again in debugging mode, we can observe that the <b>Trustore (mysystem.jks) </b> was loaded correctly from server if we notice the following log entry:<br />
<pre>***
trustStore is: <span style="color: red;"><b>mysystem.jks</b></span>
trustStore type is : jks
trustStore provider is :
init truststore
adding as trusted cert:
Subject: CN=mysystem, L=Chalandri, ST=Athens, C=GR
Issuer: CN=mysystem, L=Chalandri, ST=Athens, C=GR
Algorithm: RSA; Serial number: 0xaf1b0164bd3095fa
Valid from Wed Jan 22 12:46:44 CET 2014 until Mon Jan 22 12:46:44 CET 2024
trigger seeding of SecureRandom
done seeding SecureRandom
SERVER
socket class: class com.sun.net.ssl.internal.ssl.SSLServerSocketImpl
Socker address = 0.0.0.0/0.0.0.0
Socker port = 8095
Need client authentication = true
Want client authentication = false
Use client mode = false
</pre>
<br />
If we don´t find the self signed certificate key in the above debugging information,<b> we need to check again the parameters</b>:
<br />
<br />
<pre class="java" name="code">System.setProperty("javax.net.ssl.trustStore","mysystem.jks");
System.setProperty("javax.net.ssl.trustStorePassword","welcome");
</pre>
<br />
<b><u>Some really interesting Exceptions you may come across while debugging your application:
</u></b><br />
<br />
<span style="font-family: "courier new" , "courier" , monospace;">javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?</span><br />
Caught on Server<br />
Probably you have created the client socket with something like:<br />
<pre class="java" name="code">clientSocket = new Socket();
</pre>
Instead of :
<br />
<pre class="java" name="code">SSLSocketFactory factory = (SSLSocketFactory) SSLSocketFactory.getDefault();
clientSocket = (SSLSocket) factory.createSocket("localhost",port);
</pre>
<br />
<br />
<span style="font-family: "courier new" , "courier" , monospace;">java.lang.IllegalStateException: KeyManagerFactoryImpl is not initialized</span><br />
You have not initialized KeyManagerFactory object, meaning that you should call method init() with a valid KeyStore and Certificate Password:
<br />
<pre class="java" name="code"> String keystoreFile = "/opt/mysystem/etc/mysystem.jks";
String keystorePassword = "welcome";
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(new FileInputStream(keystoreFile), keystorePassword );
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(ks,"myCertificatePassword");
</pre>
<br />
<span style="font-family: "courier new" , "courier" , monospace;">java.security.cert.CertificateException: No X509TrustManager implementation avaiable</span><br />
Check the trustrore. Ensure that property javax.net.ssl.trustStore is set appropriately.<br />
<br />
<span style="font-family: "courier new" , "courier" , monospace;">javax.net.ssl.SSLHandshakeException: null cert chain</span><br />
Received on server<br />
Check that both Client and server share the trustore.<br />
Check that trustore contains the same signed certificate<br />
<br />
<span style="font-family: "courier new" , "courier" , monospace;">java.io.IOException: Keystore was tampered with, or password was incorrect</span><br />
Check the Keystore password, system property<span style="font-family: "courier new" , "courier" , monospace;"> javax.net.ssl.keyStorePassword</span><br />
<br /></div>
Michael Mountrakishttp://www.blogger.com/profile/05421326797935920498noreply@blogger.com0tag:blogger.com,1999:blog-4349701560687042128.post-67941792324769362512014-01-22T14:07:00.001+00:002020-06-22T10:09:44.571+01:00Implementing 2-way SSL in Java using TLS and Self Signed Certificates part3<div dir="ltr" style="text-align: left;" trbidi="on">
<b><u>Step 3: The Client (<a href="http://illumine.gr/joomla/images/blog/twowaysslclient.java" target="_blank">Get the complete code here</a>)</u></b><br />
<b><u><br /></u></b>
<br />
<b>Entire Source Code of the tutorial here: </b><br />
<a href="https://github.com/illumine/articles/tree/master/Implementing-2-way-SSL-in-Java-using-TLS-and-Self-Signed-Certificates"><b>https://github.com/illumine/articles/tree/master/Implementing-2-way-SSL-in-Java-using-TLS-and-Self-Signed-Certificates</b></a><br />
<b><u><br /></u></b>
The client also requires the Keystore/Trustore created in<a href="http://illumineconsulting.blogspot.de/2014/01/implementing-2-way-ssl-in-java-using.html" target="_blank"> Part-1</a><br />
<br />
Again in the client we have to do a couple of things similar <a href="http://illumineconsulting.blogspot.de/2014/01/implementing-2-way-ssl-in-java-using_22.html" target="_blank">to the server</a>:<br />
<br />
The first is to specify the Java Keystore/Trustore we created in <a href="http://illumineconsulting.blogspot.de/2014/01/implementing-2-way-ssl-in-java-using.html" target="_blank"> Part-1 </a>of this article:<br />
<br />
<pre class="php" name="code">System.setProperty("javax.net.ssl.keyStore","mysystem.jks");
System.setProperty("javax.net.ssl.keyStorePassword","welcome");
System.setProperty("javax.net.ssl.trustStore","mysystem.jks");
System.setProperty("javax.net.ssl.trustStorePassword","welcome");
</pre>
<br />
Similarly with the server side described in Part-2, we have to create the client socket as an SSLSocket:<br />
<br />
<pre class="php" name="code">SSLSocketFactory factory = (SSLSocketFactory) SSLSocketFactory.getDefault();
SSLSocket sslSock = (SSLSocket) factory.createSocket("localhost",8095);</pre>
<br />
The entire code of<a href="http://illumine.gr/joomla/images/blog/twowaysslclient.java" target="_blank"> the client can be downloaded here</a>.
<br />
<br />
<a href="http://illumineconsulting.blogspot.de/2014/01/implementing-2-way-ssl-in-java-using_8152.html" target="_blank">Next article, Part-4</a>, of this Blog series will assist you to debug the SSL/TLS client/server communication.</div>
Michael Mountrakishttp://www.blogger.com/profile/05421326797935920498noreply@blogger.com0tag:blogger.com,1999:blog-4349701560687042128.post-40960323796761181992014-01-22T13:47:00.002+00:002020-06-22T10:09:26.768+01:00Implementing 2-way SSL in Java using TLS and Self Signed Certificates part2<div dir="ltr" style="text-align: left;" trbidi="on">
<b><u>Step 2: The server (<a href="http://illumine.gr/joomla/images/blog/twowaysslserver.java" target="_blank">Get the complete server code here</a>)</u></b><br />
<br />
<br />
<b>Entire Source Code of the tutorial here: </b><br />
<b><a href="https://github.com/illumine/articles/tree/master/Implementing-2-way-SSL-in-Java-using-TLS-and-Self-Signed-Certificates">https://github.com/illumine/articles/tree/master/Implementing-2-way-SSL-in-Java-using-TLS-and-Self-Signed-Certificates</a></b><br />
<br />
<br />
Requires the Trustore/Keystore created in <a href="http://illumineconsulting.blogspot.de/2014/01/implementing-2-way-ssl-in-java-using.html" target="_blank">Step-1</a>.<br />
<br />
To write the server process in Java is pretty simple. You just have to do a couple of steps:<br />
Specify a couple of properties so that the Trustore/Keystore can be loaded like the following code fragment shows:<br />
<br />
<pre class="java" name="code">System.setProperty("javax.net.ssl.keyStore","mysystem.jks");
System.setProperty("javax.net.ssl.keyStorePassword","welcome");
System.setProperty("javax.net.ssl.trustStore","mysystem.jks");
System.setProperty("javax.net.ssl.trustStorePassword","welcome");
</pre>
<br />
Create the <span style="font-family: "courier new" , "courier" , monospace;">ServerSocket </span>as an<span style="font-family: "courier new" , "courier" , monospace;">SSLServerSocket</span>like the following code fragment shows:<br />
<pre class="java" name="code">
char ksPass[] = "welcome".toCharArray();
char ctPass[] = "welcome".toCharArray();
//Create and load the Keystore
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(new FileInputStream("ianalyzer.jks"), ksPass);
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(ks, ctPass);
//Create the ServerSocket as an SSLServerSocket
SSLContext secureSocket = SSLContext.getInstance("TLS");
secureSocket.init(kmf.getKeyManagers(), null, null);
SSLServerSocketFactory ssf = secureSocket.getServerSocketFactory();
ssocket = (SSLServerSocket) ssf.createServerSocket(8095);
SSLServerSocket ss = (SSLServerSocket) ssocket;
//This explicitly states TLS with 2-way authentication
ss.setNeedClientAuth(true); </pre>
<br />
The entire code for server implementation <a href="http://illumine.gr/joomla/images/blog/twowaysslserver.java" target="_blank">can be downloaded here</a>.</div>
Michael Mountrakishttp://www.blogger.com/profile/05421326797935920498noreply@blogger.com0tag:blogger.com,1999:blog-4349701560687042128.post-87200187091747779302014-01-22T13:43:00.001+00:002020-06-22T10:07:53.284+01:00Implementing 2-way SSL in Java using TLS and Self Signed Certificates part1<div dir="ltr" style="text-align: left;" trbidi="on">
Consider that we want to implement in Java a secure communication (<a href="http://en.wikipedia.org/wiki/Transport_Layer_Security" target="_blank">Transport Layer Security</a> ) for a system called <b>MySystem.</b><br />
<br />
<b>Entire Source Code of the tutorial here: </b><br />
<a href="https://github.com/illumine/articles/tree/master/Implementing-2-way-SSL-in-Java-using-TLS-and-Self-Signed-Certificates"><b>https://github.com/illumine/articles/tree/master/Implementing-2-way-SSL-in-Java-using-TLS-and-Self-Signed-Certificates</b></a><br />
<br />
<b><u>The problem</u></b><br />
<b><u><br /></u></b>
The security scenario for the implementation of <b>MySystem </b>is simple:<br />
<ul style="text-align: left;">
<li>Authentication only between peers that both share the Keystore/Trustore file</li>
<li>Session establishment only between peers that have the Keystore/Trustore file</li>
</ul>
Doing so, the entire communication between client and server requires authentication and is encrypted:<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjry5zy9mfv2MsSfuzVIvtsRv26BbFkYh91FdCC-JxzOhOBvE5xq66kCZ9HL6okcKzRIqWNPzZptamnjWX1ytOkHa1dbycKvxckNLrRvD7Jg57yJrkpGsYF6pj6w4wdjLE1wB1dZ6kkWVk/s1600/ssl_in_action.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="83" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjry5zy9mfv2MsSfuzVIvtsRv26BbFkYh91FdCC-JxzOhOBvE5xq66kCZ9HL6okcKzRIqWNPzZptamnjWX1ytOkHa1dbycKvxckNLrRvD7Jg57yJrkpGsYF6pj6w4wdjLE1wB1dZ6kkWVk/s1600/ssl_in_action.png" width="200" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<br />
Before going further on this study, pay a visit to this site for Java SSL: <a href="https://sites.google.com/site/ssljavaguide/Home" target="_blank">ssljavaguide</a>.<br />
<br />
To implement the scenario, there are three basic steps:<br />
<ol style="text-align: left;">
<li>Create the Java Keystore/Trustore that will be used for Authentication and Encryption of Transport/Session. This will be used from both Client and Server parties. (Current Part)</li>
<li>Implement the Client side: (See blog article <a href="http://illumineconsulting.blogspot.de/2014/01/implementing-2-way-ssl-in-java-using_22.html" target="_blank">Part-2</a>)</li>
<li>Implement the Server side: (See blog article <a href="http://illumineconsulting.blogspot.de/2014/01/implementing-2-way-ssl-in-java-using_967.html" target="_blank">Part-3</a>)</li>
</ol>
<a href="http://illumineconsulting.blogspot.de/2014/01/implementing-2-way-ssl-in-java-using_8152.html" target="_blank">Part-4</a> deals with debugging the Client/Server SSL/TLS communication.<br />
<ol style="text-align: left;">
</ol>
<b><u><br /></u></b>
<b><u>Step 1: Create the Keystore/Trustore</u></b><br />
Following <a href="http://illumine.gr/joomla/images/blog/create-keystore.txt" target="_blank">steps</a> of this section, results in the creation of a Keystore/Trustore .jks file that contains:<br />
<ul style="text-align: left;">
<li><b><b>MySystem </b>Private key </b></li>
<li><b><b>MySystem </b>Selfsigned Certificate</b></li>
</ul>
To do so we are going to use the tools <a href="http://www.openssl.org/" target="_blank">openssl </a> and <a href="http://docs.oracle.com/javase/6/docs/technotes/tools/windows/keytool.html" target="_blank">keytool</a>. We prefer using openssl because it can work silently - without prompt the user to put passwords, domains, server names....<br />
<br />
The steps are:<br />
1) Generate RSA 1024 bit private key. The key will be password protected:<br />
<span style="font-family: "courier new" , "courier" , monospace;">openssl genrsa -out mysystem.key 1024 -passin pass:welcome</span><br />
<br />
2) Generate Certificate Request for CA (.csr) using the private key<br />
<span style="font-family: "courier new" , "courier" , monospace;">openssl req -x509 -sha256 -new -subj '/C=GR/ST=Athens/L=Chalandri/CN=mysystem' -key mysystem.key -out mysystem.csr</span><br />
<br />
3) Generate self signed certificate expiry-time 10 years from the certificate request<br />
<span style="font-family: "courier new" , "courier" , monospace;">openssl x509 -sha256 -days 3652 -in mysystem.csr -signkey mysystem.key -out mysystem.crt</span><br />
<br />
<br />
4) Import the pair (private key and selfsigned certificate) in a new JKS (Trustore/Keystore together)<br />
First we need to create PKCS12 keystore from private key and self signed certificate.<br />
<span style="font-family: "courier new" , "courier" , monospace;">openssl pkcs12 -export -name mysystem -in mysystem.crt -inkey mysystem.key -out mysystem.p12 -passin pass:welcome -password pass:welcome</span><br />
<br />
Then we need to convert PKCS12 keystore into a JKS keystore<br />
<span style="font-family: "courier new" , "courier" , monospace;">keytool -importkeystore -destkeystore mysystem.jks -srckeystore mysystem.p12 -srcstoretype pkcs12 -alias mysystem -srcstorepass welcome -storepass welcome -noprompt</span><br />
<br />
At this point we have created the Java Keystore/Trustore <span style="font-family: "courier new" , "courier" , monospace;">mysystem.jks</span> file.<br />
<br />
Copy <span style="font-family: "courier new" , "courier" , monospace;">mysystem.jks </span>on both client and server machines.<br />
<br />
<a href="http://illumine.gr/joomla/images/blog/create-keystore.txt" target="_blank">Download all the commands for the Keystore/Trustore .jks file generation here</a></div>
Michael Mountrakishttp://www.blogger.com/profile/05421326797935920498noreply@blogger.com0tag:blogger.com,1999:blog-4349701560687042128.post-14791141779931210442013-11-24T17:31:00.005+00:002014-03-24T10:04:00.456+00:00MySQL Master Slave Synchronization<div dir="ltr" style="text-align: left;" trbidi="on">
In MySQL when Master/slave synchronization brakes, we can start the debugging with show slave status command like the following example illustrates:<br />
<br />
<span style="font-family: Courier New, Courier, monospace;">[root@my-db-slave ~]# echo "show slave status\G" | mysql -u root -ppass</span><br />
<span style="font-family: Courier New, Courier, monospace;">*************************** 1. row ***************************</span><br />
<span style="font-family: Courier New, Courier, monospace;"> Slave_IO_State: Waiting for master to send event</span><br />
<span style="font-family: Courier New, Courier, monospace;"> Master_Host: my-db-master.mydomain.com</span><br />
<span style="font-family: Courier New, Courier, monospace;"> Master_User: repl</span><br />
<span style="font-family: Courier New, Courier, monospace;"> Master_Port: 3306</span><br />
<span style="font-family: Courier New, Courier, monospace;"> Connect_Retry: 60</span><br />
<span style="font-family: Courier New, Courier, monospace;"> Master_Log_File: binlog.000522</span><br />
<span style="font-family: Courier New, Courier, monospace;"> Read_Master_Log_Pos: 50224067</span><br />
<span style="font-family: Courier New, Courier, monospace;"> Relay_Log_File: relay.000005</span><br />
<span style="font-family: Courier New, Courier, monospace;"> Relay_Log_Pos: 10328614</span><br />
<span style="font-family: Courier New, Courier, monospace;"> Relay_Master_Log_File: binlog.000520</span><br />
<span style="font-family: Courier New, Courier, monospace;"> Slave_IO_Running: Yes</span><br />
<span style="font-family: Courier New, Courier, monospace;"> Slave_SQL_Running: No</span><br />
<span style="font-family: Courier New, Courier, monospace;"> Replicate_Do_DB:</span><br />
<span style="font-family: Courier New, Courier, monospace;"> Replicate_Ignore_DB:</span><br />
<span style="font-family: Courier New, Courier, monospace;"> Replicate_Do_Table:</span><br />
<span style="font-family: Courier New, Courier, monospace;"> Replicate_Ignore_Table:</span><br />
<span style="font-family: Courier New, Courier, monospace;"> Replicate_Wild_Do_Table:</span><br />
<span style="font-family: Courier New, Courier, monospace;"> Replicate_Wild_Ignore_Table:</span><br />
<span style="font-family: Courier New, Courier, monospace;"> Last_Errno: 1032</span><br />
<span style="font-family: Courier New, Courier, monospace;"> Last_Error: Could not execute Delete_rows event on table mydatabase.example_table; Can't find record in 'example_table', Error_code: 1032; handler error HA_ERR_KEY_NOT_FOUND; the event's master log binlog.000520, end_log_pos 10330060</span><br />
<span style="font-family: Courier New, Courier, monospace;"> Skip_Counter: 0</span><br />
<span style="font-family: Courier New, Courier, monospace;"> Exec_Master_Log_Pos: 10328471</span><br />
<span style="font-family: Courier New, Courier, monospace;"> Relay_Log_Space: 259941828</span><br />
<span style="font-family: Courier New, Courier, monospace;"> Until_Condition: None</span><br />
<span style="font-family: Courier New, Courier, monospace;"> Until_Log_File:</span><br />
<span style="font-family: Courier New, Courier, monospace;"> Until_Log_Pos: 0</span><br />
<span style="font-family: Courier New, Courier, monospace;"> Master_SSL_Allowed: No</span><br />
<span style="font-family: Courier New, Courier, monospace;"> Master_SSL_CA_File:</span><br />
<span style="font-family: Courier New, Courier, monospace;"> Master_SSL_CA_Path:</span><br />
<span style="font-family: Courier New, Courier, monospace;"> Master_SSL_Cert:</span><br />
<span style="font-family: Courier New, Courier, monospace;"> Master_SSL_Cipher:</span><br />
<span style="font-family: Courier New, Courier, monospace;"> Master_SSL_Key:</span><br />
<span style="font-family: Courier New, Courier, monospace;"> Seconds_Behind_Master: NULL</span><br />
<span style="font-family: Courier New, Courier, monospace;">Master_SSL_Verify_Server_Cert: No</span><br />
<span style="font-family: Courier New, Courier, monospace;"> Last_IO_Errno: 0</span><br />
<span style="font-family: Courier New, Courier, monospace;"> Last_IO_Error:</span><br />
<span style="font-family: Courier New, Courier, monospace;"> Last_SQL_Errno: 1032</span><br />
<span style="font-family: Courier New, Courier, monospace;"> Last_SQL_Error: Could not execute Delete_rows event on table mydatabase.example_table; Can't find record in 'example_table', Error_code: 1032; handler error HA_ERR_KEY_NOT_FOUND; the event's master log binlog.000520, end_log_pos 10330060</span><br />
<span style="font-family: Courier New, Courier, monospace;"> Replicate_Ignore_Server_Ids:</span><br />
<span style="font-family: Courier New, Courier, monospace;"> Master_Server_Id: 49</span><br />
<br />
<br />
<b>On Slave</b> MYSQL_HOME/logs/mysql.err this can be shown as:<br />
<br />
<span style="font-family: Courier New, Courier, monospace;">131108 18:22:55 [Note] Slave I/O thread: connected to master 'replication@my-db-master.mydomain.com:3306',replication started in log 'binlog.000522' at position 50224067</span><br />
<span style="font-family: Courier New, Courier, monospace;">131109 2:26:19 [ERROR] Could not execute Delete_rows event on table mydatabase.example_table; Can't find record in 'example_table', Error_code: 1032; handler error HA_ERR_KEY_NOT_FOUND; the event's master log binlog.000520, end_log_pos 10330060, Error_code: 1032</span><br />
<span style="font-family: Courier New, Courier, monospace;">131109 2:26:19 [Warning] Slave: Can't find record in 'alf_node' Error_code: 1032</span><br />
<span style="font-family: Courier New, Courier, monospace;">131109 2:26:19 [ERROR] Error running query, slave SQL thread aborted. Fix the problem, and restart the slave SQL thread with "SLAVE START". We stopped at log 'binlog.000522' at position 50224067</span><br />
<br />
There are several treatments for this issue that depend on what is the state of binlogs on master and how long the slave has been out of synchronization.<br />
<b>The following were tested on <span style="color: blue;">MySQL 5.5.31</span> / <span style="color: blue;"> RedHat 2.6.32-358.2.1.el6.x86_64</span></b><br />
<br />
<h3 style="text-align: left;">
The simple case : Restart Slave </h3>
<br />
When synchronization fails between MASTER/SLAVE due to some error, normally the slave retries to reconnect after MASTER_CONNECT_RETRY seconds. <br />
Slave will try to reconnect MASTER_RETRY_COUNT times.<br />
<br />
In some cases, when synchronization lost within a small time frame and not many updates have been to the Master, then a simple "stop slave" / "start slave" may restore sync:<br />
<br />
<u><b>On Slave:</b></u><br />
<span style="font-family: Courier New, Courier, monospace;">[root@my-db-slave ~]# echo "stop slave" | mysql -u root -ppass</span><br />
<span style="font-family: Courier New, Courier, monospace;">[root@my-db-slave ~]# echo "start slave" | mysql -u root -ppass</span><br />
<span style="font-family: Courier New, Courier, monospace;">[root@my-db-slave ~]# echo "show slave status\G" | mysql -u root -ppass</span><br />
<br />
<br />
<br />
<h3 style="text-align: left;">
Resetting the Slave (Ignore Master Updates )</h3>
Another treatment is to reset the Slave to follow the master in the future:<b> <span style="color: red;">doing this you are lossing all updates from master and you just want slave to ignore all changes happened to the master while slave was out of sync!</span></b><br />
<b><span style="color: red;"><br /></span></b>
<u><b>On Master</b></u><br />
[<span style="font-family: Courier New, Courier, monospace;">root@my-db-master ~]#echo "SHOW MASTER STATUS" | mysql -uroot -ppass </span><br />
<br />
<u><b>On Slave:</b></u><br />
<span style="font-family: Courier New, Courier, monospace;">[root@my-db-slave ~]#Take from master the binlog and pos</span><br />
<span style="font-family: Courier New, Courier, monospace;">[root@my-db-slave ~]#echo "slave stop"| mysql -uroot -ppass</span><br />
<span style="font-family: Courier New, Courier, monospace;">[root@my-db-slave ~]#echo "CHANGE MASTER TO MASTER_HOST='my-db-master',MASTER_USER='replication', MASTER_PASSWORD='apassword', MASTER_LOG_FILE='binlog.001006', MASTER_LOG_POS= 102018129;"| mysql -uroot -ppass</span><br />
<span style="font-family: Courier New, Courier, monospace;">[root@my-db-slave ~]#echo "start slave"| mysql -uroot -ppass</span><br />
<span style="font-family: Courier New, Courier, monospace;">[root@my-db-slave ~]#echo "SHOW SLAVE STATUS\G" | mysql -uroot -ppass </span><br />
<br />
<br />
<h3 style="text-align: left;">
Forcing Slave to get binlog files from Master</h3>
Sometimes, it might help to force slave get the binlogs again from the master. This will work if master has not rotate its binlogs: in other words if master have not started writting the binlogs again. That may happened because for example someone issued a<a href="http://dev.mysql.com/doc/refman/5.5/en/reset-master.html" target="_blank"> RESET MASTER</a> on master. To force SLAVE retrieve the binlogs from start do the following steps:<br />
<br />
<u><b>On Slave:</b></u><br />
Stop slave & Database<br />
<span style="font-family: Courier New, Courier, monospace;">[root@my-db-slave ~]#echo "slave stop"| mysql -uroot -ppass</span><br />
<span style="font-family: Courier New, Courier, monospace;">[root@my-db-slave ~]#/etc/init.d/mysql stop</span><br />
<br />
Be sure that you have enough space when you do the next step:<br />
<span style="font-family: Courier New, Courier, monospace;">[root@my-db-slave ~]#rm -rf $MYSQL-HOME/relaylogs/* </span><br />
<span style="font-family: Courier New, Courier, monospace;">[root@my-db-slave ~]#rm -rf $MYSQL-HOME/mysqld-relay-bin.* $MYSQL-HOME/mysqld-relay-bin.index $MYSQL-HOME/relay-log.info</span><br />
<span style="font-family: Courier New, Courier, monospace;">[root@my-db-slave ~]#/etc/init.d/mysql start</span><br />
<span style="font-family: Courier New, Courier, monospace;">[root@my-db-slave ~]#echo "stop slave" | mysql -u root -ppass</span><br />
<span style="font-family: Courier New, Courier, monospace;">[root@my-db-slave ~]#echo "reset slave" | mysql -u root -ppass</span><br />
<span style="font-family: Courier New, Courier, monospace;">[root@my-db-slave ~]#echo "start slave" | mysql -u root -ppass</span><br />
<br />
<br />
<br />
<h3 style="text-align: left;">
Restore Slave from clear export from Master</h3>
Use this when you cannot restore the slave with any of the above ways.<br />
<br />
<br />
<u><b>On Master:</b></u><br />
I need only mydatabase database, do not care about the others. Even if mydatabase db is in usage from application clients:<br />
<br />
Take the dump of current Master database<br />
<span style="font-family: Courier New, Courier, monospace;">[root@my-db-master ~]# sudo -i</span><br />
<span style="font-family: Courier New, Courier, monospace;">[root@my-db-master ~]# cd /dbexport/</span><br />
<span style="font-family: Courier New, Courier, monospace;">[root@my-db-master ~]# nohup mysqldump --master-data -u root -ppass mydatabase > mydatabase.dump &</span><br />
<br />
With the previous command mysql dumps mydatabase database to the <b>mydatabase.dump</b> by:<br />
Reserving the master binlog status at the moment of backup transaction<br />
Locking each backuped table in <b>mydatabase</b>, so it corresponds to the binlog state.<br />
<br />
<b><u>Note that:</u></b> with the previous command <b>I export only one database instance</b> : <b>mydatabase</b><br />
In case your server hosts more that one databases and those are replicated on different slaves, you should consider taking an export for them also.<br />
<br />
Check the last command output and also the dump status:<br />
<span style="font-family: Courier New, Courier, monospace;">[root@my-db-master ~]# head mydatabase.dump</span><br />
<span style="font-family: Courier New, Courier, monospace;">[root@my-db-master ~]# tail mydatabase.dump</span><br />
<br />
Put a new password for trasport the dump<br />
<span style="font-family: Courier New, Courier, monospace;">[root@my-db-master ~]# passwd</span><br />
<br />
<u><b>On Slave:</b></u><br />
<span style="font-family: Courier New, Courier, monospace;">[root@my-db-slave ~]# sudo -i</span><br />
<span style="font-family: Courier New, Courier, monospace;">[root@my-db-slave ~]# cd /monsoon/dbexport/</span><br />
<span style="font-family: Courier New, Courier, monospace;">[root@my-db-slave ~]# scp root@my-db-master:/dbexport/mydatabase.dump .</span><br />
<span style="font-family: Courier New, Courier, monospace;"><br />
[root@my-db-slave ~]# echo "show slave status\G" | mysql -u root -ppass | egrep "Slave_IO_Running|Slave_SQL_Running"</span><br />
<span style="font-family: Courier New, Courier, monospace;"> Slave_IO_Running: No</span><br />
<span style="font-family: Courier New, Courier, monospace;"> Slave_SQL_Running: No</span><br />
<span style="font-family: Courier New, Courier, monospace;"><br />
[root@my-db-slave ~]# nohup mysql -u root -ppass mydatabase < mydatabase.dump &</span><br />
<span style="font-family: Courier New, Courier, monospace;"><br />
[root@my-db-slave ~]# cat nohup.out</span><br />
<span style="font-family: Courier New, Courier, monospace;">--there must be nothing here--</span><br />
<span style="font-family: Courier New, Courier, monospace;"><br />
[root@my-db-slave ~]# echo "start slave" | mysql -u root -ppass</span><br />
<span style="font-family: Courier New, Courier, monospace;">[root@my-db-slave ~]# echo "show slave status\G" | mysql -u root -ppass | egrep "Slave_IO_Running|Slave_SQL_Running"</span><br />
<span style="font-family: Courier New, Courier, monospace;"> Slave_IO_Running: Yes</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> Slave_SQL_Running: Yes</span><br />
<br /></div>
Michael Mountrakishttp://www.blogger.com/profile/05421326797935920498noreply@blogger.com0