tag:blogger.com,1999:blog-82572686964593207082024-02-09T13:58:25.748-08:00RoosBertl's BlogGroovy, Grails, IOS/OSX, Java, Linux and Hardware stuff.Unknownnoreply@blogger.comBlogger36125tag:blogger.com,1999:blog-8257268696459320708.post-19763471711343605732023-06-14T08:39:00.016-07:002023-06-14T09:22:59.537-07:00<h1 style="text-align: left;">Use Dynamic IP Addresses in firewalld</h1><div><br /></div><h2 style="text-align: left;">Using ipset</h2><div>If you want to use dynamic IP-Adresses (dyndns) in firewalld rules, you can use ipset(s).</div><div><br /></div><div>With the following script we create one ipset per configured ddns hostname. The script automatically create/update all ddns ipset entries with the actually resolved IP-address of the ddns hostnames. </div><div>You can use the ipset names (same as the hostname) in your firewalld rules then. See comment in script.</div><div><br /></div><div>Example cron script. Enable in /etc/cron.d/. Tested in Rocky 8.</div><div>/usr/local/bin/firewall_ddns_update.sh:</div><div><br /></div><div><div><div style="background-color: #2b2b2b; color: #a9b7c6; font-family: "Fira Code", monospace; white-space: pre;"><div><div><span style="font-weight: bold;">#!/usr/bin/env bash<br /></span><span style="font-weight: bold;"><br /></span><span style="color: grey;"># Bash script to query for current IP address of given Dynamic-DNS<br /></span><span style="color: grey;"># hosts and create or update firewalld ipset(s).<br /></span><span style="color: grey;"># You are then able to use the ipset in firewalld rules.<br /></span><span style="color: grey;"># Obtain the current ipset(s) with:<br /></span><span style="color: grey;"># firewall-cmd --permanent --get-ipsets<br /></span><span style="color: grey;">#<br /></span><span style="color: grey;"># This script is intended to be run from a cron job with root privileges.<br /></span><span style="color: grey;"># The script will only update the ipset if the IP address has changed.<br /></span><span style="color: grey;"># based on<br /></span><span style="color: grey;"># https://www.baeldung.com/linux/allowing-traffic-from-dynamic-ip-address<br /></span><span style="color: grey;"><br /></span><span style="color: grey;"># Why ipset?<br /></span><span style="color: grey;"># firewalld lacks support for comments in rules, so it is hard to keep<br /></span><span style="color: grey;"># track of what IP address belongs to what hostname.<br /></span><span style="color: grey;"># ipset allows you to create a set of IP addresses and use that set in<br /></span><span style="color: grey;"># firewalld rules.<br /></span><span style="color: grey;"># ipset also allows you to add a description to each IP address, so you<br /></span><span style="color: grey;"># can keep track of what IP address belongs to what hostname.<br /></span><span style="color: grey;"># ipset IP-adresses are independent of firewall rules, so you can update<br /></span><span style="color: grey;"># the ipset without reconfiguring rules.<br /></span><span style="color: grey;"><br /></span><span style="color: grey;"># Using an ipset in a firewall rule:<br /></span><span style="color: grey;"># firewall-cmd --permanent --zone=public --add-source=ipset:my_ip_set_name<br /></span><span style="color: grey;"># firewall-cmd --reload<br /></span><span style="color: grey;"><br /></span><span style="color: grey;">#######################################<br /></span><span style="color: grey;"># Config section<br /></span><span style="color: grey;">#######################################<br /></span><span style="color: grey;"># Set the DDNS hostnames you want to update its IP-adresses for<br /></span>DDNS_HOSTNAMES=<span style="color: #6a8759;">"myexampledynhost1.ddnss.org myexampledynhost2.ddns.de"<br /></span><span style="color: #6a8759;"><br /></span><span style="color: grey;"># work<br /></span><span style="color: grey;">#######################################<br /></span><span style="color: #cc7832;">for </span>DDNS_HOSTNAME <span style="color: #cc7832;">in </span>$DDNS_HOSTNAMES; <span style="color: #cc7832;">do<br /></span><span style="color: #cc7832;"> </span><span style="color: grey;"># Get the DDNS hostname IP address<br /></span><span style="color: grey;"> </span>DDNS_IP=<span style="color: #cc7832;">$</span><span style="color: #c57633;">(dig </span>+short <span style="color: #6a8759;">"</span><span style="color: #cc7832;">$</span>{DDNS_HOSTNAME}<span style="color: #6a8759;">"</span><span style="color: #c57633;">)<br /></span><span style="color: #c57633;"><br /></span><span style="color: #c57633;"> </span><span style="color: grey;"># Get the ipset for this ddns host<br /></span><span style="color: grey;"> </span><span style="color: #c57633;">firewall-cmd </span>--permanent --ipset=<span style="color: #6a8759;">"</span>$DDNS_HOSTNAME<span style="color: #6a8759;">" </span>--get-entries <span style="color: #cc7832;">></span>/dev/null <span style="color: #6897bb;">2</span>>&<span style="color: #6897bb;">1<br /></span><span style="color: #6897bb;"> </span><span style="color: #cc7832;">if </span>[ $? != <span style="color: #6897bb;">0 </span>]; <span style="color: #cc7832;">then<br /></span><span style="color: #cc7832;"> </span><span style="color: grey;"># create ipset<br /></span><span style="color: grey;"> </span><span style="color: #c57633;">firewall-cmd </span>--permanent \<br /> --new-ipset=<span style="color: #6a8759;">"</span>$DDNS_HOSTNAME<span style="color: #6a8759;">"</span> \<br /> --type=hash:ip \<br /> --set-description <span style="color: #6a8759;">"</span>$DDNS_HOSTNAME<span style="color: #6a8759;"> dyndns" </span><span style="color: #cc7832;">></span>/dev/null <span style="color: #6897bb;">2</span>>&<span style="color: #6897bb;">1<br /></span><span style="color: #6897bb;"> </span><span style="color: #cc7832;">fi<br /></span><span style="color: #cc7832;"><br /></span><span style="color: #cc7832;"> </span><span style="color: grey;"># Get the OLD IP from the ipset<br /></span><span style="color: grey;"> </span>OLD_IP=<span style="color: #cc7832;">$</span><span style="color: #c57633;">(firewall</span>-cmd --permanent --ipset=<span style="color: #6a8759;">"</span><span style="color: #cc7832;">$</span>{DDNS_HOSTNAME}<span style="color: #6a8759;">" </span>--get-entries<span style="color: #c57633;">)<br /></span><span style="color: #c57633;"><br /></span><span style="color: #c57633;"> </span><span style="color: grey;"># Check if the DDNS hostname IP address is valid<br /></span><span style="color: grey;"> </span><span style="color: #cc7832;">if [[ </span><span style="color: #6a8759;">"</span><span style="color: #cc7832;">$</span>{DDNS_IP}<span style="color: #6a8759;">" </span><span style="color: #cc7832;">=~ </span>^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+ <span style="color: #cc7832;">]]</span>; <span style="color: #cc7832;">then<br /></span><span style="color: #cc7832;"> </span><span style="color: grey;"># Check if the old IP is valid / Exists<br /></span><span style="color: grey;"> </span><span style="color: #cc7832;">if [[ </span><span style="color: #6a8759;">"</span><span style="color: #cc7832;">$</span>{OLD_IP}<span style="color: #6a8759;">" </span><span style="color: #cc7832;">=~ </span>^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+ <span style="color: #cc7832;">]]</span>; <span style="color: #cc7832;">then<br /></span><span style="color: #cc7832;"> </span><span style="color: grey;"># Check if the DDNS service IP address is different from the old IP address<br /></span><span style="color: grey;"> </span><span style="color: #cc7832;">if [[ </span><span style="color: #6a8759;">"</span><span style="color: #cc7832;">$</span>{DDNS_IP}<span style="color: #6a8759;">" </span><span style="color: #cc7832;">== </span><span style="color: #6a8759;">"</span><span style="color: #cc7832;">$</span>{OLD_IP}<span style="color: #6a8759;">" </span><span style="color: #cc7832;">]]</span>; <span style="color: #cc7832;">then<br /></span><span style="color: #cc7832;"> </span><span style="color: grey;"># NOT CHANGED<br /></span><span style="color: grey;"> </span><span style="color: #c57633;">echo </span><span style="color: #6a8759;">"IP address </span><span style="color: #cc7832;">$</span>{DDNS_IP}<span style="color: #6a8759;"> hasn't changed for </span><span style="color: #cc7832;">$</span>{DDNS_HOSTNAME}<span style="color: #6a8759;">."<br /></span><span style="color: #6a8759;"> </span><span style="color: #c57633;">continue<br /></span><span style="color: #c57633;"> </span><span style="color: #cc7832;">else<br /></span><span style="color: #cc7832;"> </span><span style="color: grey;"># UPDATE<br /></span><span style="color: grey;"> </span><span style="color: #c57633;">echo </span><span style="color: #6a8759;">"Delete entry </span><span style="color: #cc7832;">$</span>{OLD_IP}<span style="color: #6a8759;"> from pool </span>$DDNS_HOSTNAME<span style="color: #6a8759;">"<br /></span><span style="color: #6a8759;"> </span><span style="color: #c57633;">firewall-cmd </span>--permanent --ipset=<span style="color: #6a8759;">"</span><span style="color: #cc7832;">$</span>{DDNS_HOSTNAME}<span style="color: #6a8759;">" </span>--remove-entry=<span style="color: #6a8759;">"</span><span style="color: #cc7832;">$</span>{OLD_IP}<span style="color: #6a8759;">"<br /></span><span style="color: #6a8759;"> </span><span style="color: #c57633;">echo </span><span style="color: #6a8759;">"Add entry </span><span style="color: #cc7832;">$</span>{DDNS_IP}<span style="color: #6a8759;"> to ipset </span>$DDNS_HOSTNAME<span style="color: #6a8759;">"<br /></span><span style="color: #6a8759;"> </span><span style="color: #c57633;">firewall-cmd </span>--permanent --ipset=<span style="color: #6a8759;">"</span><span style="color: #cc7832;">$</span>{DDNS_HOSTNAME}<span style="color: #6a8759;">" </span>--add-entry=<span style="color: #6a8759;">"</span><span style="color: #cc7832;">$</span>{DDNS_IP}<span style="color: #6a8759;">"<br /></span><span style="color: #6a8759;"> </span><span style="color: #cc7832;">fi<br /></span><span style="color: #cc7832;"> else<br /></span><span style="color: #cc7832;"> </span><span style="color: grey;"># NEW HOST<br /></span><span style="color: grey;"> </span><span style="color: #c57633;">echo </span><span style="color: #6a8759;">"Add IP </span><span style="color: #cc7832;">$</span>{DDNS_IP}<span style="color: #6a8759;"> to new ipset </span><span style="color: #cc7832;">$</span>{DDNS_HOSTNAME}<span style="color: #6a8759;">"<br /></span><span style="color: #6a8759;"> </span><span style="color: #c57633;">firewall-cmd </span>--permanent --ipset=<span style="color: #6a8759;">"</span><span style="color: #cc7832;">$</span>{DDNS_HOSTNAME}<span style="color: #6a8759;">" </span>--add-entry=<span style="color: #6a8759;">"</span><span style="color: #cc7832;">$</span>{DDNS_IP}<span style="color: #6a8759;">"<br /></span><span style="color: #6a8759;"> </span><span style="color: #c57633;">echo </span><span style="color: #6a8759;">"*******************************************************************************"<br /></span><span style="color: #6a8759;"> </span><span style="color: #c57633;">echo </span><span style="color: #6a8759;">"**** Add ipset </span><span style="color: #cc7832;">$</span>{DDNS_HOSTNAME}<span style="color: #6a8759;"> to your firewall rules as needed. Example: "<br /></span><span style="color: #6a8759;"> </span><span style="color: #c57633;">echo </span><span style="color: #6a8759;">"**** firewall-cmd --permanent --zone=public --add-source=ipset:</span><span style="color: #cc7832;">$</span>{DDNS_HOSTNAME}<span style="color: #6a8759;">"<br /></span><span style="color: #6a8759;"> </span><span style="color: #c57633;">echo </span><span style="color: #6a8759;">"*******************************************************************************"<br /></span><span style="color: #6a8759;"> </span><span style="color: #cc7832;">fi<br /></span><span style="color: #cc7832;"> </span><span style="color: #c57633;">echo </span><span style="color: #6a8759;">"Activating.."<br /></span><span style="color: #6a8759;"> </span><span style="color: #c57633;">firewall-cmd </span>--reload<br /> <span style="color: #cc7832;">else<br /></span><span style="color: #cc7832;"> </span><span style="color: #c57633;">echo </span><span style="color: #6a8759;">"DDNS IP address is not valid for </span><span style="color: #cc7832;">$</span>{DDNS_HOSTNAME}<span style="color: #6a8759;">"<br /></span><span style="color: #6a8759;"> </span><span style="color: #c57633;">firewall-cmd </span>--permanent --delete-ipset=<span style="color: #6a8759;">"</span><span style="color: #cc7832;">$</span>{DDNS_HOSTNAME}<span style="color: #6a8759;">" </span><span style="color: #cc7832;">></span>/dev/null <span style="color: #6897bb;">2</span>>&<span style="color: #6897bb;">1<br /></span><span style="color: #6897bb;"> </span><span style="color: #c57633;">firewall-cmd </span>--reload <span style="color: #cc7832;">></span>/dev/null <span style="color: #6897bb;">2</span>>&<span style="color: #6897bb;">1<br /></span><span style="color: #6897bb;"> </span><span style="color: #cc7832;">fi<br /></span><span style="color: #cc7832;">done<br /></span><span style="color: #cc7832;"><br /></span><span style="color: #c57633;">echo </span><span style="color: #6a8759;">"Available ipsets:"<br /></span><span style="color: #c57633;">firewall-cmd </span>--permanent --get-ipsets<br /></div></div><div><br /></div><div># end of script.</div><div><br /></div></div></div></div><div><br /></div><div><br /></div><h2 style="text-align: left;">Add to cron</h2><div>Create /etc/cron.d/firewall_update_ddns:</div><div><div style="background-color: #2b2b2b; color: #a9b7c6; font-family: "Fira Code", monospace; white-space: pre;"><span style="color: grey;"># Update DDNS host IPs in firewall ipset(s)<br /></span><span style="color: grey;"><br /></span><span style="color: #c57633;">*/5 </span>* * * * root /usr/local/bin/firewall_ddns_update.sh <span style="color: #cc7832;">> </span>/var/log/firewall_ddns_update.log</div></div><div><br /></div>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-8257268696459320708.post-16639305285604693902019-06-13T05:45:00.001-07:002019-06-13T09:20:55.123-07:00Securing Docker Ports with Firewalld (CentOS7, etc)<h1 id="DockerBestPractice-DockerandFirewalld" style="border-bottom-color: rgb(255, 255, 255); caret-color: rgb(23, 43, 77); color: #172b4d; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 24px; font-weight: normal; letter-spacing: -0.01em; line-height: 1.25; margin: 30px 0px 0px; padding: 0px;">
Docker and Firewalld</h1>
<div>
<br /></div>
<h3>
Overview</h3>
<div style="caret-color: rgb(23, 43, 77); color: #172b4d; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 14px; margin-top: 10px; padding: 0px;">
To secure Docker exposed ports from external access, so access is only allowed for named IP addresses, you can use firewalld rules.<br />
I needed to play around a bit, as all the information I found so far is either not working, or just exposes ports to the public, which I wanted to avoid.</div>
<div style="caret-color: rgb(23, 43, 77); color: #172b4d; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 14px; margin-top: 10px; padding: 0px;">
Tested on CentOS7 with Docker-CE 18.09.6</div>
<ol style="caret-color: rgb(23, 43, 77); color: #172b4d; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 14px; margin: 10px 0px 0px;">
<li>Docker maintains IPTABLES chain "DOCKER-USER". </li>
<li>If you restart firewalld when docker is running, firewalld is removing the DOCKER-USER chain, so no Docker access is possible after this.</li>
<li>Docker adds a default rule to the DOCKER-USER chain which allows all IPs to access (possibly unsecure).</li>
</ol>
<div>
<span style="color: #172b4d; font-family: , "blinkmacsystemfont" , "segoe ui" , "roboto" , "oxygen" , "ubuntu" , "fira sans" , "droid sans" , "helvetica neue" , sans-serif; font-size: 14px;"><br /></span></div>
<div>
<span style="color: #172b4d; font-family: , "blinkmacsystemfont" , "segoe ui" , "roboto" , "oxygen" , "ubuntu" , "fira sans" , "droid sans" , "helvetica neue" , sans-serif; font-size: 14px;">We can achive secured Docker ports maintained by firewalld by letting firewalld create the DOCKER-USER chain, then apply iptables direct rules to secure the docker ports in this chain. When Docker is then started, it adds its allow-all rule to the bottom of our chain, but as we add a reject-all rule before, this rule is not in effect.</span><br />
<div style="caret-color: rgb(23, 43, 77); color: #172b4d; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 14px; margin-top: 10px; padding: 0px;">
<br />
<h3>
Configure firewalld</h3>
Example:</div>
<div style="caret-color: rgb(23, 43, 77); color: #172b4d; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 14px; margin-top: 10px; padding: 0px;">
We expose Docker Ports 80 (HTTP) and 443 (HTTPS) of an NGINX docker container and want to allow access to this ports only by named IP addresses or subnets.</div>
<div style="caret-color: rgb(23, 43, 77); color: #172b4d; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 14px; margin-top: 10px; padding: 0px;">
<br /></div>
<div class="code panel pdl conf-macro output-block" data-hasbody="true" data-macro-name="code" style="background-color: white; border-bottom-left-radius: 3px; border-bottom-right-radius: 3px; border-top-left-radius: 3px; border-top-right-radius: 3px; border: 1px solid rgb(223, 225, 229); color: #333333; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 14px; margin: 10px 0px; overflow: auto; padding: 0px;">
<div class="codeContent panelContent pdl" style="border-bottom-left-radius: 3px; border-bottom-right-radius: 3px; line-height: 20px; margin: 0px; overflow: hidden; padding: 0px;">
<div style="margin: 0px; padding: 0px;">
<div class="syntaxhighlighter sh-confluence nogutter bash" id="highlighter_88148" style="font-size: 1em; margin: 0px; overflow: auto; padding: 0px; position: relative; width: 1144.28125px;">
<div class="syntaxhighlighter sh-confluence nogutter bash" id="highlighter_88148" style="font-size: 1em; margin: 0px; overflow: auto; padding: 0px; position: relative; width: 1144.28125px;">
# 1. Stop Docker</div>
<div class="syntaxhighlighter sh-confluence nogutter bash" id="highlighter_88148" style="font-size: 1em; margin: 0px; overflow: auto; padding: 0px; position: relative; width: 1144.28125px;">
systemctl stop docker<br />
<br /></div>
<div class="syntaxhighlighter sh-confluence nogutter bash" id="highlighter_88148" style="font-size: 1em; margin: 0px; overflow: auto; padding: 0px; position: relative; width: 1144.28125px;">
</div>
<div class="syntaxhighlighter sh-confluence nogutter bash" id="highlighter_88148" style="font-size: 1em; margin: 0px; overflow: auto; padding: 0px; position: relative; width: 1144.28125px;">
# 2. Recreate DOCKER-USER iptables chain in firewalld. Ignore any warnings</div>
<div class="syntaxhighlighter sh-confluence nogutter bash" id="highlighter_88148" style="font-size: 1em; margin: 0px; overflow: auto; padding: 0px; position: relative; width: 1144.28125px;">
<span style="font-family: "courier new" , "courier" , monospace;">firewall-cmd --permanent --direct --remove-chain ipv4 filter DOCKER-USER</span></div>
<div class="syntaxhighlighter sh-confluence nogutter bash" id="highlighter_88148" style="font-size: 1em; margin: 0px; overflow: auto; padding: 0px; position: relative; width: 1144.28125px;">
<span style="font-family: "courier new" , "courier" , monospace;">firewall-cmd --permanent --direct --remove-rules ipv4 filter DOCKER-USER</span></div>
<div class="syntaxhighlighter sh-confluence nogutter bash" id="highlighter_88148" style="font-size: 1em; margin: 0px; overflow: auto; padding: 0px; position: relative; width: 1144.28125px;">
<span style="font-family: "courier new" , "courier" , monospace;">firewall-cmd --permanent --direct --add-chain ipv4 filter DOCKER-USER</span></div>
<div class="syntaxhighlighter sh-confluence nogutter bash" id="highlighter_88148" style="font-size: 1em; margin: 0px; overflow: auto; padding: 0px; position: relative; width: 1144.28125px;">
</div>
<div class="syntaxhighlighter sh-confluence nogutter bash" id="highlighter_88148" style="font-size: 1em; margin: 0px; overflow: auto; padding: 0px; position: relative; width: 1144.28125px;">
# 3. Add iptables rules to DOCKER-USER chain<br />
<br /></div>
<div class="syntaxhighlighter sh-confluence nogutter bash" id="highlighter_88148" style="font-size: 1em; margin: 0px; overflow: auto; padding: 0px; position: relative; width: 1144.28125px;">
<span style="font-family: "courier new" , "courier" , monospace;">firewall-cmd --permanent --direct --add-rule ipv4 filter DOCKER-USER 1 \</span></div>
<div class="syntaxhighlighter sh-confluence nogutter bash" id="highlighter_88148" style="font-size: 1em; margin: 0px; overflow: auto; padding: 0px; position: relative; width: 1144.28125px;">
<span style="font-family: "courier new" , "courier" , monospace;"> -m conntrack \</span></div>
<div class="syntaxhighlighter sh-confluence nogutter bash" id="highlighter_88148" style="font-size: 1em; margin: 0px; overflow: auto; padding: 0px; position: relative; width: 1144.28125px;">
<span style="font-family: "courier new" , "courier" , monospace;"> --ctstate RELATED,ESTABLISHED -j ACCEPT \</span></div>
<div class="syntaxhighlighter sh-confluence nogutter bash" id="highlighter_88148" style="font-size: 1em; margin: 0px; overflow: auto; padding: 0px; position: relative; width: 1144.28125px;">
<span style="font-family: "courier new" , "courier" , monospace;"> -m comment --comment 'Allow containers to connect to the outside world'</span><br />
<br /></div>
<div class="syntaxhighlighter sh-confluence nogutter bash" id="highlighter_88148" style="font-size: 1em; margin: 0px; overflow: auto; padding: 0px; position: relative; width: 1144.28125px;">
<span style="font-family: "courier new" , "courier" , monospace;">firewall-cmd --permanent --direct --add-rule ipv4 filter DOCKER-USER 1 \</span></div>
<div class="syntaxhighlighter sh-confluence nogutter bash" id="highlighter_88148" style="font-size: 1em; margin: 0px; overflow: auto; padding: 0px; position: relative; width: 1144.28125px;">
<span style="font-family: "courier new" , "courier" , monospace;"> -j RETURN \</span></div>
<div class="syntaxhighlighter sh-confluence nogutter bash" id="highlighter_88148" style="font-size: 1em; margin: 0px; overflow: auto; padding: 0px; position: relative; width: 1144.28125px;">
<span style="font-family: "courier new" , "courier" , monospace;"> -s 172.17.0.0/16 \</span></div>
<div class="syntaxhighlighter sh-confluence nogutter bash" id="highlighter_88148" style="font-size: 1em; margin: 0px; overflow: auto; padding: 0px; position: relative; width: 1144.28125px;">
<span style="font-family: "courier new" , "courier" , monospace;"> -m comment --comment 'allow internal docker communication'</span><br />
<br /></div>
<div class="syntaxhighlighter sh-confluence nogutter bash" id="highlighter_88148" style="font-size: 1em; margin: 0px; overflow: auto; padding: 0px; position: relative; width: 1144.28125px;">
Note: Change the Docker Subnet address to your network settings (Could be 172.18.0.0/16 as well).<br />
<br /></div>
<div class="syntaxhighlighter sh-confluence nogutter bash" id="highlighter_88148" style="font-size: 1em; margin: 0px; overflow: auto; padding: 0px; position: relative; width: 1144.28125px;">
</div>
<div class="syntaxhighlighter sh-confluence nogutter bash" id="highlighter_88148" style="font-size: 1em; margin: 0px; overflow: auto; padding: 0px; position: relative; width: 1144.28125px;">
# 4. Add rules for IPs 1.2.3.4 and 5.6.7.8 allowed to access the Docker exposed ports 80/443. </div>
<div class="syntaxhighlighter sh-confluence nogutter bash" id="highlighter_88148" style="font-size: 1em; margin: 0px; overflow: auto; padding: 0px; position: relative; width: 1144.28125px;">
# Precedence is 1 (so you can add more rules with precedence 0, later. See below)<br />
<br /></div>
<div class="syntaxhighlighter sh-confluence nogutter bash" id="highlighter_88148" style="font-size: 1em; margin: 0px; overflow: auto; padding: 0px; position: relative; width: 1144.28125px;">
<span style="font-family: "courier new" , "courier" , monospace;">firewall-cmd --permanent --direct --add-rule ipv4 filter DOCKER-USER 1 \</span><br />
<span style="font-family: "courier new" , "courier" , monospace;"> </span><span style="font-family: "courier new", courier, monospace; font-size: 1em;">-o docker0 \</span></div>
<div class="syntaxhighlighter sh-confluence nogutter bash" id="highlighter_88148" style="font-size: 1em; margin: 0px; overflow: auto; padding: 0px; position: relative; width: 1144.28125px;">
<span style="font-family: "courier new" , "courier" , monospace;"> -p tcp -m multiport \</span></div>
<div class="syntaxhighlighter sh-confluence nogutter bash" id="highlighter_88148" style="font-size: 1em; margin: 0px; overflow: auto; padding: 0px; position: relative; width: 1144.28125px;">
<span style="font-family: "courier new" , "courier" , monospace;"> --dports 80,443 -s 1.2.3.4/32 -j ACCEPT \</span></div>
<div class="syntaxhighlighter sh-confluence nogutter bash" id="highlighter_88148" style="font-size: 1em; margin: 0px; overflow: auto; padding: 0px; position: relative; width: 1144.28125px;">
<span style="font-family: "courier new" , "courier" , monospace;"> -m comment \</span></div>
<div class="syntaxhighlighter sh-confluence nogutter bash" id="highlighter_88148" style="font-size: 1em; margin: 0px; overflow: auto; padding: 0px; position: relative; width: 1144.28125px;">
<span style="font-family: "courier new" , "courier" , monospace;"> --comment 'Allow IP 1.2.3.4 to access http and https docker ports'</span><br />
<span style="font-family: "courier new" , "courier" , monospace;"><br /></span></div>
<div class="syntaxhighlighter sh-confluence nogutter bash" id="highlighter_88148" style="font-size: 1em; margin: 0px; overflow: auto; padding: 0px; position: relative; width: 1144.28125px;">
<span style="font-family: "courier new" , "courier" , monospace;">firewall-cmd --permanent --direct --add-rule ipv4 filter DOCKER-USER 1 \</span><br />
<span style="font-family: "courier new" , "courier" , monospace;"><span style="font-family: "courier new" , "courier" , monospace;"> </span><span style="font-size: 1em;">-o docker0 \</span></span></div>
<div class="syntaxhighlighter sh-confluence nogutter bash" id="highlighter_88148" style="font-size: 1em; margin: 0px; overflow: auto; padding: 0px; position: relative; width: 1144.28125px;">
<span style="font-family: "courier new" , "courier" , monospace;"> -p tcp -m multiport \</span></div>
<div class="syntaxhighlighter sh-confluence nogutter bash" id="highlighter_88148" style="font-size: 1em; margin: 0px; overflow: auto; padding: 0px; position: relative; width: 1144.28125px;">
<span style="font-family: "courier new" , "courier" , monospace; font-size: 1em;"> --dports 80,443 -s 5.6.7.8/32 -j ACCEPT \</span></div>
<div class="syntaxhighlighter sh-confluence nogutter bash" id="highlighter_88148" style="font-size: 1em; margin: 0px; overflow: auto; padding: 0px; position: relative; width: 1144.28125px;">
<span style="font-family: "courier new" , "courier" , monospace; font-size: 1em;"> -m comment \</span></div>
<div class="syntaxhighlighter sh-confluence nogutter bash" id="highlighter_88148" style="font-size: 1em; margin: 0px; overflow: auto; padding: 0px; position: relative; width: 1144.28125px;">
<span style="font-family: "courier new" , "courier" , monospace; font-size: 1em;"> --comment 'Allow IP 5.6.7.8 to access http and https docker ports'</span></div>
<div class="syntaxhighlighter sh-confluence nogutter bash" id="highlighter_88148" style="font-size: 1em; margin: 0px; overflow: auto; padding: 0px; position: relative; width: 1144.28125px;">
<br /></div>
<div class="syntaxhighlighter sh-confluence nogutter bash" id="highlighter_88148" style="font-size: 1em; margin: 0px; overflow: auto; padding: 0px; position: relative; width: 1144.28125px;">
# 5. Block all other IPs. This rule has lowest precedence, so you can add rules before this one later.</div>
<div class="syntaxhighlighter sh-confluence nogutter bash" id="highlighter_88148" style="font-size: 1em; margin: 0px; overflow: auto; padding: 0px; position: relative; width: 1144.28125px;">
<span style="font-family: "courier new" , "courier" , monospace;">firewall-cmd --permanent --direct --add-rule ipv4 filter DOCKER-USER 10 \</span></div>
<div class="syntaxhighlighter sh-confluence nogutter bash" id="highlighter_88148" style="font-size: 1em; margin: 0px; overflow: auto; padding: 0px; position: relative; width: 1144.28125px;">
<span style="font-family: "courier new" , "courier" , monospace;"> -j REJECT -m comment --comment 'reject all other traffic to DOCKER-USER'</span></div>
<div class="syntaxhighlighter sh-confluence nogutter bash" id="highlighter_88148" style="font-size: 1em; margin: 0px; overflow: auto; padding: 0px; position: relative; width: 1144.28125px;">
</div>
<div class="syntaxhighlighter sh-confluence nogutter bash" id="highlighter_88148" style="font-size: 1em; margin: 0px; overflow: auto; padding: 0px; position: relative; width: 1144.28125px;">
<br />
# 6. Activate rules</div>
<div class="syntaxhighlighter sh-confluence nogutter bash" id="highlighter_88148" style="font-size: 1em; margin: 0px; overflow: auto; padding: 0px; position: relative; width: 1144.28125px;">
<span style="font-family: "courier new" , "courier" , monospace;">firewall-cmd --reload</span></div>
<div class="syntaxhighlighter sh-confluence nogutter bash" id="highlighter_88148" style="font-size: 1em; margin: 0px; overflow: auto; padding: 0px; position: relative; width: 1144.28125px;">
<br /></div>
<div class="syntaxhighlighter sh-confluence nogutter bash" id="highlighter_88148" style="font-size: 1em; margin: 0px; overflow: auto; padding: 0px; position: relative; width: 1144.28125px;">
# 7. Start Docker</div>
<div class="syntaxhighlighter sh-confluence nogutter bash" id="highlighter_88148" style="font-size: 1em; margin: 0px; overflow: auto; padding: 0px; position: relative; width: 1144.28125px;">
<span style="font-family: "courier new" , "courier" , monospace;">systemctl start docker</span></div>
<div class="syntaxhighlighter sh-confluence nogutter bash" id="highlighter_88148" style="font-size: 1em; margin: 0px; overflow: auto; padding: 0px; position: relative; width: 1144.28125px;">
<br /></div>
</div>
</div>
</div>
</div>
<div style="caret-color: rgb(23, 43, 77); color: #172b4d; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 14px; margin-top: 10px; padding: 0px;">
<br /></div>
<div style="caret-color: rgb(23, 43, 77); color: #172b4d; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 14px; margin-top: 10px; padding: 0px;">
This must lead to a /etc/firewalld/direct.xml file like this:</div>
<div style="caret-color: rgb(23, 43, 77); color: #172b4d; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 14px; margin-top: 10px; padding: 0px;">
<br /></div>
<div class="code panel pdl conf-macro output-block" data-hasbody="true" data-macro-name="code" style="background-color: white; border-bottom-left-radius: 3px; border-bottom-right-radius: 3px; border-top-left-radius: 3px; border-top-right-radius: 3px; border: 1px solid rgb(223, 225, 229); margin: 10px 0px; overflow: auto; padding: 0px;">
<div class="codeContent panelContent pdl" style="border-bottom-left-radius: 3px; border-bottom-right-radius: 3px; line-height: 20px; margin: 0px; overflow: hidden; padding: 0px;">
<div style="margin: 0px; padding: 0px;">
<div class="syntaxhighlighter sh-confluence nogutter bash" id="highlighter_88148" style="margin: 0px; overflow: auto; padding: 0px; position: relative; width: 1144.28125px;">
<div class="syntaxhighlighter sh-confluence nogutter bash" id="highlighter_88148" style="margin: 0px; overflow: auto; padding: 0px; position: relative; width: 1144.28125px;">
<div class="syntaxhighlighter sh-confluence nogutter bash" id="highlighter_88148" style="margin: 0px; overflow: auto; padding: 0px; position: relative; width: 1144.28125px;">
<span style="color: #333333; font-family: , "blinkmacsystemfont" , "segoe ui" , "roboto" , "oxygen" , "ubuntu" , "fira sans" , "droid sans" , "helvetica neue" , sans-serif;"><span style="caret-color: rgb(51, 51, 51); font-size: xx-small;"><?xml version="1.0" encoding="utf-8"?></span></span></div>
<div class="syntaxhighlighter sh-confluence nogutter bash" id="highlighter_88148" style="margin: 0px; overflow: auto; padding: 0px; position: relative; width: 1144.28125px;">
<span style="color: #333333; font-family: , "blinkmacsystemfont" , "segoe ui" , "roboto" , "oxygen" , "ubuntu" , "fira sans" , "droid sans" , "helvetica neue" , sans-serif;"><span style="caret-color: rgb(51, 51, 51); font-size: xx-small;"><direct></span></span></div>
<div class="syntaxhighlighter sh-confluence nogutter bash" id="highlighter_88148" style="margin: 0px; overflow: auto; padding: 0px; position: relative; width: 1144.28125px;">
<span style="color: #333333; font-family: , "blinkmacsystemfont" , "segoe ui" , "roboto" , "oxygen" , "ubuntu" , "fira sans" , "droid sans" , "helvetica neue" , sans-serif;"><span style="caret-color: rgb(51, 51, 51); font-size: xx-small;"> <chain table="filter" ipv="ipv4" chain="DOCKER-USER"/></span></span></div>
<div class="syntaxhighlighter sh-confluence nogutter bash" id="highlighter_88148" style="margin: 0px; overflow: auto; padding: 0px; position: relative; width: 1144.28125px;">
<span style="color: #333333; font-family: , "blinkmacsystemfont" , "segoe ui" , "roboto" , "oxygen" , "ubuntu" , "fira sans" , "droid sans" , "helvetica neue" , sans-serif;"><span style="caret-color: rgb(51, 51, 51); font-size: xx-small;"> <rule priority="1" table="filter" ipv="ipv4" chain="DOCKER-USER">-m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -m comment --comment 'Allow docker containers to connect to the outside world'</rule></span></span></div>
<div class="syntaxhighlighter sh-confluence nogutter bash" id="highlighter_88148" style="margin: 0px; overflow: auto; padding: 0px; position: relative; width: 1144.28125px;">
<span style="color: #333333; font-family: , "blinkmacsystemfont" , "segoe ui" , "roboto" , "oxygen" , "ubuntu" , "fira sans" , "droid sans" , "helvetica neue" , sans-serif;"><span style="caret-color: rgb(51, 51, 51); font-size: xx-small;"> <rule priority="1" table="filter" ipv="ipv4" chain="DOCKER-USER">-j RETURN -s 172.17.0.0/16 -m comment --comment 'allow internal docker communication'</rule></span></span></div>
<div class="syntaxhighlighter sh-confluence nogutter bash" id="highlighter_88148" style="margin: 0px; overflow: auto; padding: 0px; position: relative; width: 1144.28125px;">
<span style="color: #333333; font-family: , "blinkmacsystemfont" , "segoe ui" , "roboto" , "oxygen" , "ubuntu" , "fira sans" , "droid sans" , "helvetica neue" , sans-serif;"><span style="caret-color: rgb(51, 51, 51); font-size: xx-small;"> <rule priority="1" table="filter" ipv="ipv4" chain="DOCKER-USER">-p tcp -m multiport --dports 80,443 -s 1.2.3.4/32 -j ACCEPT -m comment --comment 'Allow IP 1.2.3.4 to access http and https docker ports'</rule></span></span></div>
<div class="syntaxhighlighter sh-confluence nogutter bash" id="highlighter_88148" style="margin: 0px; overflow: auto; padding: 0px; position: relative; width: 1144.28125px;">
<span style="color: #333333; font-family: , "blinkmacsystemfont" , "segoe ui" , "roboto" , "oxygen" , "ubuntu" , "fira sans" , "droid sans" , "helvetica neue" , sans-serif;"><span style="caret-color: rgb(51, 51, 51); font-size: xx-small;"> <rule priority="1" table="filter" ipv="ipv4" chain="DOCKER-USER">-p tcp -m multiport --dports 80,443 -s 5.6.7.8/32 -j ACCEPT -m comment --comment 'Allow IP 5.6.7.8 to access http and https docker ports'</rule></span></span></div>
<div class="syntaxhighlighter sh-confluence nogutter bash" id="highlighter_88148" style="margin: 0px; overflow: auto; padding: 0px; position: relative; width: 1144.28125px;">
<span style="color: #333333; font-family: , "blinkmacsystemfont" , "segoe ui" , "roboto" , "oxygen" , "ubuntu" , "fira sans" , "droid sans" , "helvetica neue" , sans-serif;"><span style="caret-color: rgb(51, 51, 51); font-size: xx-small;"> <rule priority="10" table="filter" ipv="ipv4" chain="DOCKER-USER">-j REJECT -m comment --comment 'reject all other traffic to DOCKER-USER'</rule></span></span></div>
<div class="syntaxhighlighter sh-confluence nogutter bash" id="highlighter_88148" style="margin: 0px; overflow: auto; padding: 0px; position: relative; width: 1144.28125px;">
<span style="color: #333333; font-family: , "blinkmacsystemfont" , "segoe ui" , "roboto" , "oxygen" , "ubuntu" , "fira sans" , "droid sans" , "helvetica neue" , sans-serif;"><span style="caret-color: rgb(51, 51, 51); font-size: xx-small;"></direct></span></span></div>
</div>
<div style="color: #333333; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 1em;">
<br /></div>
<div style="color: #333333; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 1em;">
<br /></div>
</div>
</div>
</div>
</div>
<div style="caret-color: rgb(23, 43, 77); color: #172b4d; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 14px; margin-top: 10px; padding: 0px;">
<br />
<h3>
Docker Port Forwardings</h3>
<div>
If you mapped Docker Container ports to another host port (e.g. 8443:443), you must state the target NAT port (so the Docker Container port), and not the NAT source port (in the example above, you must open port 443/tcp, not port 8443/tcp).<br />
I do not fully understand why it is so, but I assume NAT happens in chain "DOCKER" before "DOCKER-USER", but thats just an assumption.</div>
<div>
<br /></div>
<h3>
Debug log</h3>
</div>
<div style="caret-color: rgb(23, 43, 77); color: #172b4d; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 14px; margin-top: 10px; padding: 0px;">
<h3>
<div style="font-size: 14px; margin-top: 10px; padding: 0px;">
<span style="font-weight: normal;">For debug purposes, you can add logging to the DOCKER-USER chain with highest priority. Perform "firewall-cmd --reload" to deactivate this logging again.</span></div>
<div class="code panel pdl conf-macro output-block" data-hasbody="true" data-macro-name="code" style="background-color: white; border-bottom-left-radius: 3px; border-bottom-right-radius: 3px; border-top-left-radius: 3px; border-top-right-radius: 3px; border: 1px solid rgb(223, 225, 229); color: #333333; font-size: 14px; margin: 10px 0px; overflow: auto; padding: 0px;">
<div class="codeContent panelContent pdl" style="border-bottom-left-radius: 3px; border-bottom-right-radius: 3px; line-height: 20px; margin: 0px; overflow: hidden; padding: 0px;">
<div style="margin: 0px; padding: 0px;">
<div class="syntaxhighlighter sh-confluence nogutter bash" id="highlighter_88148" style="font-size: 1em; margin: 0px; overflow: auto; padding: 0px; position: relative; width: 1144.28125px;">
<div class="syntaxhighlighter sh-confluence nogutter bash" id="highlighter_88148" style="font-size: 1em; margin: 0px; overflow: auto; padding: 0px; position: relative; width: 1144.28125px;">
<span style="font-weight: normal;">firewall-cmd --direct --add-rule ipv4 filter DOCKER-USER 0 \</span></div>
<div class="syntaxhighlighter sh-confluence nogutter bash" id="highlighter_88148" style="font-size: 1em; margin: 0px; overflow: auto; padding: 0px; position: relative; width: 1144.28125px;">
<span style="font-weight: normal;"> -j LOG --log-prefix ' DOCKER TCP: '</span></div>
</div>
</div>
</div>
</div>
<div style="font-size: 14px; margin-top: 10px; padding: 0px;">
<br /></div>
<div style="font-size: 14px; margin-top: 10px; padding: 0px;">
</div>
</h3>
<h3>
Tip</h3>
</div>
<div style="caret-color: rgb(23, 43, 77); color: #172b4d; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 14px; margin-top: 10px; padding: 0px;">
If you want to restart, you can stop firewalld, remove /etc/firewalld/direct.xml and start firewalld again.</div>
<div style="caret-color: rgb(23, 43, 77); color: #172b4d; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 14px; margin-top: 10px; padding: 0px;">
Ensure Docker is NOT running when you want to restart.</div>
<div style="caret-color: rgb(23, 43, 77); color: #172b4d; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 14px; margin-top: 10px; padding: 0px;">
<br /></div>
<div style="caret-color: rgb(23, 43, 77); color: #172b4d; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 14px; margin-top: 10px; padding: 0px;">
<br /></div>
<div style="caret-color: rgb(23, 43, 77); color: #172b4d; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 14px; margin-top: 10px; padding: 0px;">
<br /></div>
<div style="caret-color: rgb(23, 43, 77); color: #172b4d; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 14px; margin-top: 10px; padding: 0px;">
<br /></div>
</div>
Unknownnoreply@blogger.com1tag:blogger.com,1999:blog-8257268696459320708.post-87681535124583038212018-02-13T01:26:00.001-08:002018-04-13T08:31:06.866-07:00Resize encrypted CentOS7 PV volume<h2 id="ResizeencryptedCentOS7PVvolume" style="border-bottom-color: rgb(221, 221, 221); border-bottom-style: solid; border-bottom-width: 1px; box-shadow: rgb(242, 242, 242) 0.1em 0.4em 0.7em 0px; break-after: avoid-page; font-family: Arial, Verdana, "Bitstream Vera Sans", Helvetica, sans-serif; font-size: 16px; letter-spacing: -0.018em; margin-left: -18px; padding: 0.2em 0.3em 0.1em;">
<br /><a class="anchor" href="https://dev.symentis.com/symentis/intern/wiki/SymentisBpLinuxUnixDiskEncryption#ResizeencryptedCentOS7PVvolume" style="border: none; color: #d7d7d7; font-size: 0.8em; text-decoration: none; vertical-align: text-top; visibility: hidden;" title="Link to this section"></a></h2>
<div style="font-family: Verdana, Arial, "Bitstream Vera Sans", Helvetica, sans-serif; font-size: 13px;">
If you ticked the checkbox "encrypt volume" during CentOS7 installation, the Disk is encrypted on the LVM PV (Physical Volume) level by CentOS using LUKS.</div>
<div style="font-family: Verdana, Arial, "Bitstream Vera Sans", Helvetica, sans-serif; font-size: 13px;">
Therefore you need to perform this steps to grow one of the LVM partitions:</div>
<ul style="font-family: Verdana, Arial, "Bitstream Vera Sans", Helvetica, sans-serif; font-size: 13px;">
<li>Increase the Partition of the disk</li>
<li>Increase the PV (physical LVM Volume)</li>
<li>Increase the LV (logical LVM Volume) </li>
<li>Increase the file system of the partition holding your data.</li>
</ul>
<div style="font-family: Verdana, Arial, "Bitstream Vera Sans", Helvetica, sans-serif; font-size: 13px;">
Steps (example using VMWare ESXi VM):</div>
<ol style="font-family: Verdana, Arial, "Bitstream Vera Sans", Helvetica, sans-serif;">
<li style="font-size: 13px;">Increase the disk size in vCenter / ESXi for the VM (e.g from 750 GB to 800 GB). This can be done while the VM machine is up.</li>
<li style="font-size: 13px;">Create a snapshot of the VM</li>
<li style="font-size: 13px;">Reboot the VM</li>
<li><span style="font-size: x-small;">Resize the disk partition</span><pre class="wiki" style="background-color: #f7f7f7; border-bottom-left-radius: 0.3em; border-bottom-right-radius: 0.3em; border-top-left-radius: 0.3em; border-top-right-radius: 0.3em; border: 1px solid rgb(215, 215, 215); box-shadow: rgb(238, 238, 238) 0px 0px 1em; font-size: 13px; margin: 1em 1.75em; overflow: auto; padding: 0.25em;">fdisk /dev/sda
</pre>
<ul>
<li><span style="font-size: x-small;">Print the partition table:</span><pre class="wiki" style="background-color: #f7f7f7; border-bottom-left-radius: 0.3em; border-bottom-right-radius: 0.3em; border-top-left-radius: 0.3em; border-top-right-radius: 0.3em; border: 1px solid rgb(215, 215, 215); box-shadow: rgb(238, 238, 238) 0px 0px 1em; margin: 1em 1.75em; overflow: auto; padding: 0.25em;"><span style="font-size: x-small;">Command (m for help): p
Disk /dev/sda: 859.0 GB, 858993459200 bytes, 1677721600 sectors <--size in GiB!
Device boot. Start End Blocks Id System
/dev/sda1 * 2048 2099199 1048576 83 Linux
/dev/sda2 2099200 1572863999 785382400 83 Linux <-- Holds the LVM vols.</span>
</pre>
</li>
<li style="font-size: 13px;">Now delete the partition (not kidding):<pre class="wiki" style="background-color: #f7f7f7; background-position: initial initial; background-repeat: initial initial; border-bottom-left-radius: 0.3em; border-bottom-right-radius: 0.3em; border-top-left-radius: 0.3em; border-top-right-radius: 0.3em; border: 1px solid rgb(215, 215, 215); box-shadow: rgb(238, 238, 238) 0px 0px 1em; margin: 1em 1.75em; overflow: auto; padding: 0.25em;">Command (m for help): <b>d</b>
Partition number (1,2, default 2): <b>2</b>
</pre>
</li>
<li><span style="font-size: x-small;">Re-create the partion with larger size:</span><pre class="wiki" style="background-color: #f7f7f7; border-bottom-left-radius: 0.3em; border-bottom-right-radius: 0.3em; border-top-left-radius: 0.3em; border-top-right-radius: 0.3em; border: 1px solid rgb(215, 215, 215); box-shadow: rgb(238, 238, 238) 0px 0px 1em; margin: 1em 1.75em; overflow: auto; padding: 0.25em;"><span style="font-size: x-small;">Command (m for help): </span><b style="font-size: 13px;">n</b>
<span style="font-size: x-small;">Partition type:
p primary (1 primary, 0 extended, 3 free)
e extended
Select (default p): </span><b style="font-size: 13px;">p</b>
<span style="font-size: x-small;">Partition number (2-4, default 2): </span><b style="font-size: 13px;">2</b>
<span style="font-size: x-small;">First sector (2099200-1677721599, default 2099200): </span><b style="font-size: 13px;">[ENTER]</b>
<span style="font-size: x-small;">Using default value 2099200</span>
<span style="font-size: x-small;">Last sector, +sectors or +size{K,M,G} (2099200-1677721599, default 1677721599): </span><b style="font-size: 13px;">[ENTER]</b>
<span style="font-size: x-small;">Using default value 1677721599</span>
<span style="font-size: x-small;">Partition 2 of type Linux and of size 799 GiB is set</span>
</pre>
</li>
<li><span style="font-size: x-small;">Check the partition table:</span><pre class="wiki" style="background-color: #f7f7f7; border-bottom-left-radius: 0.3em; border-bottom-right-radius: 0.3em; border-top-left-radius: 0.3em; border-top-right-radius: 0.3em; border: 1px solid rgb(215, 215, 215); box-shadow: rgb(238, 238, 238) 0px 0px 1em; margin: 1em 1.75em; overflow: auto; padding: 0.25em;"><span style="font-size: x-small;"><span style="font-family: "verdana" , "arial" , "bitstream vera sans" , "helvetica" , sans-serif;">Command (m for help):</span><span style="font-family: "verdana" , "arial" , "bitstream vera sans" , "helvetica" , sans-serif; font-size: 13px;"> <b>p</b></span>
Disk /dev/sda: 859.0 GB, 858993459200 bytes, 1677721600 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk label type: dos
Disk identifier: 0x000f06d8
Device Boot Start End Blocks Id System
/dev/sda1 * 2048 2099199 1048576 83 Linux
/dev/sda2 2099200 1677721599 837811200 83 Linux <-- New size</span>
</pre>
</li>
<li style="font-size: 13px;">Write the partition table and exit:<pre class="wiki" style="background-color: #f7f7f7; background-position: initial initial; background-repeat: initial initial; border-bottom-left-radius: 0.3em; border-bottom-right-radius: 0.3em; border-top-left-radius: 0.3em; border-top-right-radius: 0.3em; border: 1px solid rgb(215, 215, 215); box-shadow: rgb(238, 238, 238) 0px 0px 1em; margin: 1em 1.75em; overflow: auto; padding: 0.25em;">Command (m for help): <b>w</b>
</pre>
</li>
</ul>
</li>
<li style="font-size: 13px;">reboot</li>
<li><span style="font-size: x-small;">Resize the PV (LVM Physical Volume):</span><ul>
<li><span style="font-size: x-small;">Display the PV volumes:</span><pre class="wiki" style="background-color: #f7f7f7; border-bottom-left-radius: 0.3em; border-bottom-right-radius: 0.3em; border-top-left-radius: 0.3em; border-top-right-radius: 0.3em; border: 1px solid rgb(215, 215, 215); box-shadow: rgb(238, 238, 238) 0px 0px 1em; margin: 1em 1.75em; overflow: auto; padding: 0.25em;">[root@localhost]# <b>pvdisplay</b>
<span style="font-size: x-small;">--- Physical volume ---
PV Name <b>/dev/mapper/luks-999a99b9-8a99-9abc-d999-b99bb9999bb9</b>
VG Name cl
PV Size <749,00 GiB / not usable 0
Allocatable yes
PE Size 4.00 MiB
Total PE 191743
Free PE 1
Allocated PE 191742
PV UUID Zu21Ve-7mx5-v4p2-bxfa-ZH2N-EbWE-WeMk3T</span>
</pre>
</li>
<li><span style="font-size: x-small;">Resize the PV (to the maximum available)</span><pre class="wiki" style="background-color: #f7f7f7; border-bottom-left-radius: 0.3em; border-bottom-right-radius: 0.3em; border-top-left-radius: 0.3em; border-top-right-radius: 0.3em; border: 1px solid rgb(215, 215, 215); box-shadow: rgb(238, 238, 238) 0px 0px 1em; margin: 1em 1.75em; overflow: auto; padding: 0.25em;">[root@localhost]# <b>pvresize /dev/mapper/luks-999a99b9-8a99-9abc-d999-b99bb9999bb9</b></pre>
<pre class="wiki" style="background-color: #f7f7f7; border-bottom-left-radius: 0.3em; border-bottom-right-radius: 0.3em; border-top-left-radius: 0.3em; border-top-right-radius: 0.3em; border: 1px solid rgb(215, 215, 215); box-shadow: rgb(238, 238, 238) 0px 0px 1em; margin: 1em 1.75em; overflow: auto; padding: 0.25em;"><span style="font-size: x-small;">Physical volume "/dev/mapper/luks-999a99b9-8a99-9abc-d999-b99bb9999bb9" changed
1 physical volume(s) resized / 0 physical volume(s) not resized</span>
</pre>
</li>
<li><span style="font-size: x-small;">check the PV:</span><pre class="wiki" style="background-color: #f7f7f7; border-bottom-left-radius: 0.3em; border-bottom-right-radius: 0.3em; border-top-left-radius: 0.3em; border-top-right-radius: 0.3em; border: 1px solid rgb(215, 215, 215); box-shadow: rgb(238, 238, 238) 0px 0px 1em; margin: 1em 1.75em; overflow: auto; padding: 0.25em;">[root@localhost]# <b>pvdisplay</b>
<span style="font-size: x-small;"> --- Physical volume ---
PV Name /dev/mapper/luks-999a99b9-8a99-9abc-d999-b99bb9999bb9
VG Name cl
PV Size <<b>799,00 GiB</b> / not usable 1,00 MiB
Allocatable yes
PE Size 4,00 MiB
Total PE 204543
Free PE 12801
Allocated PE 191742
PV UUID Zu21Ve-7mx5-v4p2-bxfa-ZH2N-EbWE-WeMk3T</span>
</pre>
</li>
</ul>
</li>
<li><span style="font-size: x-small;">Resize LV (logical volume):</span><ul>
<li><span style="font-size: x-small;">Display the Logical volume(s):</span><pre class="wiki" style="background-color: #f7f7f7; border-bottom-left-radius: 0.3em; border-bottom-right-radius: 0.3em; border-top-left-radius: 0.3em; border-top-right-radius: 0.3em; border: 1px solid rgb(215, 215, 215); box-shadow: rgb(238, 238, 238) 0px 0px 1em; margin: 1em 1.75em; overflow: auto; padding: 0.25em;">[root@localhost]# <b>lvdisplay</b>
...
<span style="font-size: x-small;">--- Logical volume ---
LV Path /dev/cl/DATA
LV Name DATA2
VG Name cl
LV UUID X8AAA-4aAa-Aaaa-8A8A-BbbB-bb8b-bbB8BB
LV Write Access read/write
LV Creation host, time localhost.localdomain, 2018-02-02 09:50:26 +0400
LV Status available
# open 1
LV Size <411,12 GiB
Current LE 105246
Segments 1
Allocation inherit
Read ahead sectors auto
- currently set to 8192
Block device 253:8</span>
</pre>
</li>
<li><span style="font-size: x-small;">Resize the LV:</span><pre class="wiki" style="background-color: #f7f7f7; border-bottom-left-radius: 0.3em; border-bottom-right-radius: 0.3em; border-top-left-radius: 0.3em; border-top-right-radius: 0.3em; border: 1px solid rgb(215, 215, 215); box-shadow: rgb(238, 238, 238) 0px 0px 1em; margin: 1em 1.75em; overflow: auto; padding: 0.25em;">[root@localhost]# <b>lvresize --size +50G /dev/cl/DATA</b></pre>
<pre class="wiki" style="background-color: #f7f7f7; border-bottom-left-radius: 0.3em; border-bottom-right-radius: 0.3em; border-top-left-radius: 0.3em; border-top-right-radius: 0.3em; border: 1px solid rgb(215, 215, 215); box-shadow: rgb(238, 238, 238) 0px 0px 1em; margin: 1em 1.75em; overflow: auto; padding: 0.25em;"><span style="font-size: x-small;">Size of logical volume cl/DATA changed from <411,12 GiB (105246 extents) to <461,12 GiB (118046 extents).
Logical volume cl/DATA successfully resized.</span>
</pre>
</li>
<li><span style="font-size: x-small;">Check the LV partition:</span><pre class="wiki" style="background-color: #f7f7f7; border-bottom-left-radius: 0.3em; border-bottom-right-radius: 0.3em; border-top-left-radius: 0.3em; border-top-right-radius: 0.3em; border: 1px solid rgb(215, 215, 215); box-shadow: rgb(238, 238, 238) 0px 0px 1em; margin: 1em 1.75em; overflow: auto; padding: 0.25em;">[root@localhost]# <b>lvdisplay</b>
...
<span style="font-size: x-small;">--- Logical volume ---
LV Path /dev/cl/DATA
LV Name DATA2
VG Name cl
LV UUID X8AAA-4aAa-Aaaa-8A8A-BbbB-bb8b-bbB8BB
LV Write Access read/write
LV Creation host, time localhost.localdomain, 2018-02-02 09:50:26 +0400
LV Status available
# open 1
LV Size <461,12 GiB
Current LE 118046
Segments 1
Allocation inherit
Read ahead sectors auto
- currently set to 8192
Block device 253:8</span>
</pre>
</li>
</ul>
</li>
<li><span style="font-size: x-small;">Resize file system (can be done on-the-fly without unmount if it is XFS):</span><pre class="wiki" style="background-color: #f7f7f7; border-bottom-left-radius: 0.3em; border-bottom-right-radius: 0.3em; border-top-left-radius: 0.3em; border-top-right-radius: 0.3em; border: 1px solid rgb(215, 215, 215); box-shadow: rgb(238, 238, 238) 0px 0px 1em; margin: 1em 1.75em; overflow: auto; padding: 0.25em;">[root@localhost]# <b>xfs_growfs /dev/cl/DATA</b></pre>
<pre class="wiki" style="background-color: #f7f7f7; border-bottom-left-radius: 0.3em; border-bottom-right-radius: 0.3em; border-top-left-radius: 0.3em; border-top-right-radius: 0.3em; border: 1px solid rgb(215, 215, 215); box-shadow: rgb(238, 238, 238) 0px 0px 1em; margin: 1em 1.75em; overflow: auto; padding: 0.25em;"><span style="font-size: x-small;">meta-data=/dev/mapper/cl-DATA2 isize=512 agcount=4, agsize=26942976 blks
= sectsz=512 attr=2, projid32bit=1
= crc=1 finobt=0 spinodes=0
data = bsize=4096 blocks=107771904, imaxpct=25
= sunit=0 swidth=0 blks
naming =version 2 bsize=4096 ascii-ci=0 ftype=1
log =Intern bsize=4096 blocks=52623, version=2
= sectsz=512 sunit=0 blks, lazy-count=1
realtime =keine extsz=4096 blocks=0, rtextents=0</span>
<span style="font-size: x-small;">Datablocks changed from 107771904 to 120879104.</span></pre>
</li>
</ol>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-8257268696459320708.post-55773556059907845682017-12-27T05:45:00.004-08:002017-12-27T06:21:01.742-08:00Relocate defect HDD Sectors of an iMac 27" Fusion DriveI was facing a problem in one of my VMWare Fusion VMs I used for many years on an encrypted OSX High Sierra Fusion Drive (1TB HDD, 120GB SDD) on my 27" iMac. It led to VM crashes and HDD I/O error were reported in the OSX logs when I tried to reinstall a program in the VM.<br />
<br />
I used SMARTReporter to perform a SMART long test, which failed with a SMART Value 197 (Current_Pending_Sector) count of 40, which means the drive internal SMART logic detected 40 defect sectors.<br />
<br />
Note: You can test the SMART status of your drives either by using the OSX SMARTReporter tool (see App Store), or by installing the smartmontools using HomeBrew and performing "smartctl -a /dev/disk1" (disk1 is the HDD in my case. Use "diskutil list" to get your drive nodes).<br />
<br />
A few people think the drive has some "magic" to relocate defect sectors automatically. <b>WRONG</b>. Modern SATA HDDs relocate defect sectors to spare sectors <u>only on WRITE</u> to such a defect sector.<br />
<br />
So my question was: How can I detect and forcibly write to such a defect sector, so the HDD relocates the sector to a good one?<br />
<br />
Using OSX High Sierra tools, I didn't find any possibility to write the sectors.<br />
Therefore I booted Ubuntu from a prepared USB Stick and repaired the defect sectors there.<br />
<br />
Prerequisites: Install HomeBrew if you do not have it installed in your OSX already. <br />
<br />
<b>Note:</b><br />
The next steps can also be performed if your drive has defect sectors and you run any other OS (Linux / Windows, etc). If you are on Linux, you can skip Steps 1-2.<br />
<br />
<b>Warning!</b><br />
You are writing dummy data to your HDD, so expect data loss. You perform the next steps on your own risk. <br />
MAKE A BACKUP OF YOUR DRIVE TO ANOTHER DRIVE (TimeMachine, CarbonCopyCloner, etc.) before you start these steps. YOU ARE WARNED.<br />
<br />
It may be wise to send your Mac to repair, or to replace the defective HDD with a new one instead of performing the next steps.<br />
<br />
<h3>
1. Install Ubuntu on an USB Stick</h3>
See <a href="https://tutorials.ubuntu.com/tutorial/tutorial-create-a-usb-stick-on-macos">https://tutorials.ubuntu.com/tutorial/tutorial-create-a-usb-stick-on-macos</a> how to create such a bootable USB Stick<br />
<br />
<h3>
2. Boot Ubuntu from the USB Stick</h3>
For this, restart your Mac, press the Option (alt) Key until the boot tone occurs and select the "Efi" Drive. In the Ubuntu boot loader, start the Live version.<br />
Note: If you use Magic Mouse / wireless keyboard, they are not automatically connected to Ubuntu. Best is you connect an USB keyboard and pair the Bluetooth Keyboard / Mouse to Ubuntu (See Preferences > Bluetooth)<br />
<br />
<h3>
3. Install needed tools in Ubuntu</h3>
We need some tools to fix the hdd. Open a terminal and enter:<br />
<span style="font-family: "courier new" , "courier" , monospace;"><br /></span>
<span style="font-family: "courier new" , "courier" , monospace;"> sudo bash</span><br />
<span style="font-family: "courier new" , "courier" , monospace;"> apt install smartmontools sg3-utils</span><br />
<br />
<h3>
4. Start SMART long selftest</h3>
<span style="font-family: "courier new" , "courier" , monospace;"> #> smartctl -t long /dev/sda</span><br />
<br />
<h3>
5. Check SMART test progress/errors</h3>
<span style="font-family: "courier new" , "courier" , monospace;"><br /></span>
<span style="font-family: "courier new" , "courier" , monospace;"> #> smartctl -a /dev/sda</span><br />
<br />
If it prints something like this, it detected sector errors:<br />
<br />
<span style="font-family: "courier new" , "courier" , monospace;"># 1 Extended offline Completed: read failure 90% 25836 1370708040</span><br />
<br />
There we see the defect sector around LBA 1370708040. <br />
<br />
<b>Note: </b><br />
This mustn't be the exact error location, therefore we check this sector and the others behind it.<br />
<br />
<h3>
6. Try to read the defect sector</h3>
<span style="font-family: "courier new" , "courier" , monospace;"> #> hdparm --read-sector 1370708040 /dev/sda</span><br />
<br />
Alternatively, use the sg-utils to read the sector:<br />
<br />
<span style="font-family: "courier new" , "courier" , monospace;">#> sg_verify --lba=</span><span style="font-family: "courier new" , "courier" , monospace;"><span style="font-family: "courier new" , "courier" , monospace;">1370708040</span> /dev/sda</span><br />
<br />
If this reads something like "bad/missing sense data" or errors like this, the sector is defect.<br />
So it is time to write the sector, so the HDD relocates the bad sector to a good one (Data at that sector is definitely lost)<br />
<br />
<h3>
4. Write bad sector (Relocate sector)</h3>
If 6. lead to sense errors, we try to write the defect sector, so it gets relocated:<br />
<br />
#> hdparm --yes-i-know-what-i-am-doing --write-sector 1370708040 /dev/sda<br />
<br />
<h3>
5. Check sectors behind the defect one</h3>
It is a good idea to check the sectors behind the defect one for errors as well, as there is a good chance they are defect as well.<br />
<br />
#> hdparm --read-sector 1370708041 /dev/sda<br />
<br />
<br />
Repeat steps 5 and 4 on incremented sector numbers as long as there are no more unreadable sectors.<br />
When you reach a zone where the sectors are ok again, repeat step 1 until smart checked the whole disk.<br />
<br />
<h3>
6. Boot into OSX and perform Disk repair</h3>
<br />
Reboot into OSX, start the Disk Utility and check the drive for errors.<br />
If OSX reports unrepairable errors, you can try to fix it by performing an fsck in single-user mode. At this stage, you are out of scope of this document.<br />
<br />
Good luck.<br />
<br />
<br />Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-8257268696459320708.post-89019974492474044792017-02-20T00:36:00.001-08:002017-03-24T07:59:54.857-07:00Import GitHub Enterprise into VMware vCenter 6.5I wanted to try GitHub Enterprise 2.8.7 in my vCenter 6.5 env, but the OVF import always cancelled with an error message that the ProductInfo is not allowed in the envelope.<br />
<br />
It seems the GitHub OVF template was created with a fairly old ovftool.<br />
<br />
Fix:<br />
<br />
1. Unpack the OVF (it's a ZIP file)<br />
2. Edit the .ovf file and move the "ProductSection" XML Element to the <VirtualSystem> node. See <a href="https://gist.github.com/robertoschwald/c51044ab56c70736517072beaf4de1c7" target="_blank">this Gist</a>.<br />
3. Afterwards, re-compute the SHA1 fingerprint of the .ovf file and update the .md file with the new fingerprint<br />
4 Re-package the files into a new .ovf zip archive.<br />
<br />
After this change, it worked here to import he GH Enterprise OVF.<br />
<br />
<br />Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-8257268696459320708.post-25948968244443953122016-10-19T10:42:00.001-07:002016-10-19T10:50:02.915-07:00Grails 3 quartz-plugin with Clustering SupportIf you need to run Quartz in Grails 3 on a clustered Application Server environment, you must change the default config so it is Cluster aware. Otherwise, each Job on each node runs independently.<br />
<br />
<h3>
1. Create the DB Tables for Quartz</h3>
<div>
This was quite hard and I needed to dig into the Quartz Library Source Code to get a Schema for Mysql with InnoDB (which had a typo..). I then created a migration file for the Grails database-migration plugin. </div>
<div>
Just copy <a href="https://gist.github.com/robertoschwald/3e67d921118f53e8f8e6dd79e64b41a9" target="_blank">this migration file</a> into your grails-app/migration directory and register it in changelog.groovy</div>
<div>
<br />
<br />
<h3>
2. Configure database-migration plugin</h3>
Next, you need to tweak the database-migration config, so it ignores the Quartz tables. Otherwise, it would drop the tables with the next dbm_gorm_diff run. Example for application.groovy:<br />
<br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: xx-small;"><span style="font-size: x-small;">grails.plugin.databasemigration.</span><span style="background-color: white;"><span style="font-size: x-small;">excludeObjects = </span><span style="font-size: xx-small;">[</span></span><span style="font-size: xx-small;"><span style="background-color: white; color: green; font-weight: bold;">'QRTZ_BLOB_TRIGGERS'</span><span style="background-color: white;">,</span></span></span><span style="font-size: xx-small;"><span style="background-color: white; color: green; font-family: "courier new" , "courier" , monospace; font-weight: bold;">'QRTZ_CALENDARS'</span><span style="background-color: white; font-family: "courier new" , "courier" , monospace;">, </span><span style="background-color: white; color: green; font-family: "courier new" , "courier" , monospace; font-weight: bold;">'QRTZ_CRON_TRIGGERS'</span><span style="background-color: white; font-family: "courier new" , "courier" , monospace;">, </span><span style="background-color: white; color: green; font-family: "courier new" , "courier" , monospace; font-weight: bold;">'QRTZ_FIRED_TRIGGERS'</span><span style="background-color: white; font-family: "courier new" , "courier" , monospace;">, </span><span style="background-color: white; color: green; font-family: "courier new" , "courier" , monospace; font-weight: bold;">'QRTZ_JOB_DETAILS'</span><span style="background-color: white; font-family: "courier new" , "courier" , monospace;">, </span><span style="background-color: white; color: green; font-family: "courier new" , "courier" , monospace; font-weight: bold;">'QRTZ_LOCKS'</span><span style="background-color: white; font-family: "courier new" , "courier" , monospace;">, </span><span style="background-color: white; color: green; font-family: "courier new" , "courier" , monospace; font-weight: bold;">'QRTZ_PAUSED_TRIGGER_GRPS'</span><span style="background-color: white; font-family: "courier new" , "courier" , monospace;">, </span><span style="background-color: white; color: green; font-family: "courier new" , "courier" , monospace; font-weight: bold;">'QRTZ_SCHEDULER_STATE'</span><span style="background-color: white; font-family: "courier new" , "courier" , monospace;">, </span><span style="background-color: white; color: green; font-family: "courier new" , "courier" , monospace; font-weight: bold;">'QRTZ_SIMPLE_TRIGGERS'</span><span style="background-color: white; font-family: "courier new" , "courier" , monospace;">, </span><span style="background-color: white; color: green; font-family: "courier new" , "courier" , monospace; font-weight: bold;">'QRTZ_SIMPROP_TRIGGERS'</span><span style="background-color: white; font-family: "courier new" , "courier" , monospace;">, </span><span style="background-color: white; color: green; font-family: "courier new" , "courier" , monospace; font-weight: bold;">'QRTZ_TRIGGERS'</span><span style="background-color: white; font-family: "courier new" , "courier" , monospace;">]</span></span></div>
<h3>
<br /></h3>
<h3>
3. Configure quartz-plugin</h3>
<div>
<br /></div>
<div>
Next, you need to configure the Grails Quartz Plugin to use the jdbc store, and enable clustering.</div>
<div>
See <a href="https://gist.github.com/robertoschwald/a2ff0fa052fd1550fd9a7994d6cf8120" target="_blank">this example for application.groovy</a>, and <a href="https://gist.github.com/robertoschwald/d532c81f15916f72ea51b9e78654101c" target="_blank">this example for application.yml</a> (whatever you prefer).</div>
<div>
<br /></div>
<h2>
4. Test clustering</h2>
<div>
Startup your application. You must see such message:</div>
<div>
<br /></div>
<div>
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"> Using job-store 'org.springframework.scheduling.quartz.LocalDataSourceJobStore' - which supports persistence. and is clustered.</span></div>
<div>
<br /></div>
<div>
<br /></div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-8257268696459320708.post-19898606257088977772016-10-14T01:36:00.002-07:002016-10-14T02:27:58.804-07:00Grails 3.x Spring Basic Authentication with JSON handlingIf you need to secure a JSON Api using Basic Authentication via HTTPS, you need to tweak the Spring Security configuration and use custom beans to support JSON / HTML error responses.<br />
<br />
<span style="font-family: "courier new" , "courier" , monospace;">If possible, use a more sophisticated authentication scheme for REST Apis, e.g. the spring-security-rest Grails plugin, which supports token based authentication (OAUTH like).</span><br />
<br />
<div>
If you still need to support Basic Auth for your Grails Rest API (e.g. server-to-server communication), read on.</div>
<div>
<br /></div>
<h2>
Goals</h2>
<div>
<ol>
<li>Support Basic Auth only on the REST Api Urls, use default (web based) Authentication on all other Urls to be secured</li>
<li>As the REST Api is stateless, no sessions should be created when accessing the Api</li>
<li>If Authentication or Authorization errors occur, the authenticator should return JSON error blocks back if accessed with a json Content-Type, and HTML errors if the Api was accessed by a Browser (e.g. for debugging or documentation purposes)</li>
</ol>
<div>
<br /></div>
</div>
<h2>
Implementation Details</h2>
<div>
<br /></div>
<div>
1. CustomBasicAuthenticationEntryPoint:</div>
<div>
<br /></div>
<div>
<!-- HTML generated using hilite.me --><br />
<div style="background: #ffffff; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;">
<pre style="line-height: 125%; margin: 0;"><span style="color: #008800; font-weight: bold;">import</span> <span style="color: #0e84b5; font-weight: bold;">groovy.transform.CompileStatic</span>
<span style="color: #008800; font-weight: bold;">import</span> <span style="color: #0e84b5; font-weight: bold;">org.springframework.security.core.AuthenticationException</span>
<span style="color: #008800; font-weight: bold;">import</span> <span style="color: #0e84b5; font-weight: bold;">org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint</span>
<span style="color: #008800; font-weight: bold;">import</span> <span style="color: #0e84b5; font-weight: bold;">javax.servlet.ServletException</span>
<span style="color: #008800; font-weight: bold;">import</span> <span style="color: #0e84b5; font-weight: bold;">javax.servlet.http.HttpServletRequest</span>
<span style="color: #008800; font-weight: bold;">import</span> <span style="color: #0e84b5; font-weight: bold;">javax.servlet.http.HttpServletResponse</span>
<span style="color: #888888;">/**</span>
<span style="color: #888888;"> * AuthenticationEntryPoint for BasicAuthentication.</span>
<span style="color: #888888;"> * Triggered if user is not (successfully) authenticated on a secured Basic Auth URL resource.</span>
<span style="color: #888888;"> * Maps all errors to 401 status code and returns a HTML or JSON error string dependent on the request content type.</span>
<span style="color: #888888;"> * Also, sends a Basic Auth Challenge header (if accessing via Browser for test purposes, to show the login popup)</span>
<span style="color: #888888;"> *</span>
<span style="color: #888888;"> * Author: Robert Oschwald</span>
<span style="color: #888888;"> * License: Apache 2.0</span>
<span style="color: #888888;"> *</span>
<span style="color: #888888;"> */</span>
<span style="color: #555555; font-weight: bold;">@CompileStatic</span>
<span style="color: #008800; font-weight: bold;">public</span> <span style="color: #008800; font-weight: bold;">class</span> <span style="color: #bb0066; font-weight: bold;">CustomBasicAuthenticationEntryPoint</span> <span style="color: #008800; font-weight: bold;">extends</span> BasicAuthenticationEntryPoint <span style="color: #333333;">{</span>
<span style="color: #555555; font-weight: bold;">@Override</span>
<span style="color: #008800; font-weight: bold;">public</span> <span style="color: #333399; font-weight: bold;">void</span> <span style="color: #0066bb; font-weight: bold;">commence</span><span style="color: #333333;">(</span>HttpServletRequest request<span style="color: #333333;">,</span> HttpServletResponse response<span style="color: #333333;">,</span> AuthenticationException authException<span style="color: #333333;">)</span>
<span style="color: #008800; font-weight: bold;">throws</span> IOException<span style="color: #333333;">,</span> ServletException <span style="color: #333333;">{</span>
String errorMessage <span style="color: #333333;">=</span> authException<span style="color: #333333;">.</span><span style="color: #0000cc;">getMessage</span><span style="color: #333333;">()</span>
<span style="color: #333399; font-weight: bold;">int</span> statusCode <span style="color: #333333;">=</span> HttpServletResponse<span style="color: #333333;">.</span><span style="color: #0000cc;">SC_UNAUTHORIZED</span>
response<span style="color: #333333;">.</span><span style="color: #0000cc;">addHeader</span><span style="color: #333333;">(</span><span style="background-color: #fff0f0;">"WWW-Authenticate"</span><span style="color: #333333;">,</span> <span style="background-color: #fff0f0;">"Basic realm=\"${realmName}\""</span><span style="color: #333333;">)</span>
<span style="color: #008800; font-weight: bold;">if</span> <span style="color: #333333;">(</span>request<span style="color: #333333;">.</span><span style="color: #0000cc;">contentType</span> <span style="color: #333333;">==</span> <span style="background-color: #fff0f0;">"application/json"</span><span style="color: #333333;">)</span> <span style="color: #333333;">{</span>
log<span style="color: #333333;">.</span><span style="color: #0000cc;">warn</span><span style="color: #333333;">(</span><span style="background-color: #fff0f0;">"Basic Authentication failed (JSON): ${errorMessage}"</span><span style="color: #333333;">)</span>
response<span style="color: #333333;">.</span><span style="color: #0000cc;">setContentType</span><span style="color: #333333;">(</span><span style="background-color: #fff0f0;">"application/json"</span><span style="color: #333333;">)</span>
response<span style="color: #333333;">.</span><span style="color: #0000cc;">sendError</span><span style="color: #333333;">(</span>statusCode<span style="color: #333333;">,</span> <span style="background-color: #fff0f0;">"{error:${HttpServletResponse.SC_UNAUTHORIZED}, message:\"${errorMessage}\""</span><span style="color: #333333;">)</span>
<span style="color: #008800; font-weight: bold;">return</span>
<span style="color: #333333;">}</span>
<span style="color: #888888;">// non-json request</span>
response<span style="color: #333333;">.</span><span style="color: #0000cc;">sendError</span><span style="color: #333333;">(</span>statusCode<span style="color: #333333;">,</span> <span style="background-color: #fff0f0;">"$statusCode : $errorMessage"</span><span style="color: #333333;">)</span>
<span style="color: #333333;">}</span>
<span style="color: #333333;">}</span>
</pre>
</div>
</div>
<br />
<div>
</div>
2. CustomBasicAuthenticationAccessDeniedHandlerImpl:
<br />
<div>
<br /></div>
<div>
<!-- HTML generated using hilite.me --><br />
<div style="background: #ffffff; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;">
<pre style="line-height: 125%; margin: 0;"><span style="color: #008800; font-weight: bold;">import</span> <span style="color: #0e84b5; font-weight: bold;">groovy.transform.CompileStatic</span>
<span style="color: #008800; font-weight: bold;">import</span> <span style="color: #0e84b5; font-weight: bold;">org.springframework.security.access.AccessDeniedException</span>
<span style="color: #008800; font-weight: bold;">import</span> <span style="color: #0e84b5; font-weight: bold;">org.springframework.security.web.access.AccessDeniedHandlerImpl</span>
<span style="color: #008800; font-weight: bold;">import</span> <span style="color: #0e84b5; font-weight: bold;">javax.servlet.ServletException</span>
<span style="color: #008800; font-weight: bold;">import</span> <span style="color: #0e84b5; font-weight: bold;">javax.servlet.http.HttpServletRequest</span>
<span style="color: #008800; font-weight: bold;">import</span> <span style="color: #0e84b5; font-weight: bold;">javax.servlet.http.HttpServletResponse</span>
<span style="color: #888888;">/**</span>
<span style="color: #888888;"> * Basic Auth Extended implementation of </span>
<span style="color: #888888;"> * {@link org.springframework.security.web.access.AccessDeniedHandlerImpl}.</span>
<span style="color: #888888;"> * Maps errors to a 403 status code and returns a HTML or JSON error string dependent on the request content type.</span>
<span style="color: #888888;"> * Author: Robert Oschwald</span>
<span style="color: #888888;"> * License: Apache 2.0</span>
<span style="color: #888888;"> */</span>
<span style="color: #555555; font-weight: bold;">@CompileStatic</span>
<span style="color: #008800; font-weight: bold;">class</span> <span style="color: #bb0066; font-weight: bold;">CustomBasicAuthenticationAccessDeniedHandlerImpl</span> <span style="color: #008800; font-weight: bold;">extends</span> AccessDeniedHandlerImpl <span style="color: #333333;">{</span>
<span style="color: #555555; font-weight: bold;">@Override</span>
<span style="color: #008800; font-weight: bold;">public</span> <span style="color: #333399; font-weight: bold;">void</span> <span style="color: #0066bb; font-weight: bold;">handle</span><span style="color: #333333;">(</span>HttpServletRequest request<span style="color: #333333;">,</span> HttpServletResponse response<span style="color: #333333;">,</span> AccessDeniedException accessDeniedException<span style="color: #333333;">)</span> <span style="color: #008800; font-weight: bold;">throws</span> IOException<span style="color: #333333;">,</span> ServletException <span style="color: #333333;">{</span>
String errorMessage <span style="color: #333333;">=</span> accessDeniedException<span style="color: #333333;">.</span><span style="color: #0000cc;">getMessage</span><span style="color: #333333;">()</span>
<span style="color: #333399; font-weight: bold;">int</span> statusCode <span style="color: #333333;">=</span> HttpServletResponse<span style="color: #333333;">.</span><span style="color: #0000cc;">SC_FORBIDDEN</span>
<span style="color: #008800; font-weight: bold;">if</span> <span style="color: #333333;">(</span>request<span style="color: #333333;">.</span><span style="color: #0000cc;">contentType</span> <span style="color: #333333;">==</span> <span style="background-color: #fff0f0;">"application/json"</span><span style="color: #333333;">){</span>
response<span style="color: #333333;">.</span><span style="color: #0000cc;">setContentType</span><span style="color: #333333;">(</span><span style="background-color: #fff0f0;">"application/json"</span><span style="color: #333333;">)</span>
response<span style="color: #333333;">.</span><span style="color: #0000cc;">sendError</span><span style="color: #333333;">(</span>statusCode<span style="color: #333333;">,</span> <span style="background-color: #fff0f0;">"{error:${statusCode}, message:\"${errorMessage}\""</span><span style="color: #333333;">)</span>
<span style="color: #008800; font-weight: bold;">return</span>
<span style="color: #333333;">}</span>
<span style="color: #888888;">// non-json request</span>
response<span style="color: #333333;">.</span><span style="color: #0000cc;">sendError</span><span style="color: #333333;">(</span>statusCode<span style="color: #333333;">,</span> <span style="background-color: #fff0f0;">"$statusCode : $errorMessage"</span><span style="color: #333333;">)</span>
<span style="color: #333333;">}</span>
<span style="color: #333333;">}</span>
</pre>
</div>
</div>
<div>
<br /></div>
3. grails-app/conf/spring/resources.groovy:
<br />
<div>
<br /></div>
<div>
<!-- HTML generated using hilite.me --><br />
<div style="background: #ffffff; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;">
<pre style="line-height: 125%; margin: 0;"> <span style="color: #888888;">// No Sessions for Basic Auth </span>
statelessSecurityContextRepository<span style="color: #333333;">(</span>NullSecurityContextRepository<span style="color: #333333;">)</span> <span style="color: #333333;">{}</span>
<span style="color: #888888;">// No Sessions for Basic Auth</span>
customBasicRequestCache<span style="color: #333333;">(</span>NullRequestCache<span style="color: #333333;">)</span>
statelessSecurityContextPersistenceFilter<span style="color: #333333;">(</span>SecurityContextPersistenceFilter<span style="color: #333333;">,</span> ref<span style="color: #333333;">(</span><span style="background-color: #fff0f0;">'statelessSecurityContextRepository'</span><span style="color: #333333;">))</span> <span style="color: #333333;">{}</span>
statelessSecurityContextPersistenceFilterDeregistrationBean<span style="color: #333333;">(</span>FilterRegistrationBean<span style="color: #333333;">){</span>
filter <span style="color: #333333;">=</span> ref<span style="color: #333333;">(</span><span style="background-color: #fff0f0;">'securityContextPersistenceFilter'</span><span style="color: #333333;">)</span>
<span style="color: #888888;">// To prevent Spring Boot automatic filter bean registration in the ApplicationContext</span>
enabled <span style="color: #333333;">=</span> <span style="color: #008800; font-weight: bold;">false</span>
<span style="color: #333333;">}</span>
<span style="color: #888888;">/**</span>
<span style="color: #888888;"> * Sends HTTP 401 error status code + HTML/JSON error in body dependent on the request type</span>
<span style="color: #888888;"> * if user is not authenticated, or if authentication failed.</span>
<span style="color: #888888;"> */</span>
customBasicAuthenticationEntryPoint<span style="color: #333333;">(</span>CustomBasicAuthenticationEntryPoint<span style="color: #333333;">)</span> <span style="color: #333333;">{</span>
realmName <span style="color: #333333;">=</span> SpringSecurityUtils<span style="color: #333333;">.</span><span style="color: #0000cc;">securityConfig</span><span style="color: #333333;">.</span><span style="color: #0000cc;">basic</span><span style="color: #333333;">.</span><span style="color: #0000cc;">realmName</span>
<span style="color: #333333;">}</span>
<span style="color: #888888;">/**</span>
<span style="color: #888888;"> * Sends HTTP 403 error status code + HTML/JSON error in body dependent on the request type</span>
<span style="color: #888888;"> * if user is authenticated, but not authorized.</span>
<span style="color: #888888;"> */</span>
basicAccessDeniedHandler<span style="color: #333333;">(</span>CustomBasicAuthenticationAccessDeniedHandlerImpl<span style="color: #333333;">)</span>
customBasicAuthenticationFilter<span style="color: #333333;">(</span>BasicAuthenticationFilter<span style="color: #333333;">,</span> ref<span style="color: #333333;">(</span><span style="background-color: #fff0f0;">'authenticationManager'</span><span style="color: #333333;">),</span> ref<span style="color: #333333;">(</span><span style="background-color: #fff0f0;">'customBasicAuthenticationEntryPoint'</span><span style="color: #333333;">))</span> <span style="color: #333333;">{</span>
authenticationDetailsSource <span style="color: #333333;">=</span> ref<span style="color: #333333;">(</span><span style="background-color: #fff0f0;">'authenticationDetailsSource'</span><span style="color: #333333;">)</span>
rememberMeServices <span style="color: #333333;">=</span> ref<span style="color: #333333;">(</span><span style="background-color: #fff0f0;">'rememberMeServices'</span><span style="color: #333333;">)</span>
credentialsCharset <span style="color: #333333;">=</span> SpringSecurityUtils<span style="color: #333333;">.</span><span style="color: #0000cc;">securityConfig</span><span style="color: #333333;">.</span><span style="color: #0000cc;">basic</span><span style="color: #333333;">.</span><span style="color: #0000cc;">credentialsCharset</span> <span style="color: #888888;">// 'UTF-8'</span>
<span style="color: #333333;">}</span>
<span style="color: #888888;">/** </span>
<span style="color: #888888;"> * basicExceptionTranslationFilter with customBasicRequestCache (no Sessions)</span>
<span style="color: #888888;"> * The bean name is used in Spring-Security by default.</span>
<span style="color: #888888;"> */</span>
basicExceptionTranslationFilter<span style="color: #333333;">(</span>ExceptionTranslationFilter<span style="color: #333333;">,</span> ref<span style="color: #333333;">(</span><span style="background-color: #fff0f0;">'basicAuthenticationEntryPoint'</span><span style="color: #333333;">),</span> ref<span style="color: #333333;">(</span><span style="background-color: #fff0f0;">'customBasicRequestCache'</span><span style="color: #333333;">))</span> <span style="color: #333333;">{</span>
accessDeniedHandler <span style="color: #333333;">=</span> ref<span style="color: #333333;">(</span><span style="background-color: #fff0f0;">'basicAccessDeniedHandler'</span><span style="color: #333333;">)</span>
authenticationTrustResolver <span style="color: #333333;">=</span> ref<span style="color: #333333;">(</span><span style="background-color: #fff0f0;">'authenticationTrustResolver'</span><span style="color: #333333;">)</span>
throwableAnalyzer <span style="color: #333333;">=</span> ref<span style="color: #333333;">(</span><span style="background-color: #fff0f0;">'throwableAnalyzer'</span><span style="color: #333333;">)</span>
<span style="color: #333333;">}</span>
</pre>
</div>
</div>
<div>
<div>
<br /></div>
4. Configure the Spring Security Core plugin in grails-app/conf/application.groovy:</div>
<div>
<br /></div>
<div>
<!-- HTML generated using hilite.me --><br />
<div style="background: #ffffff; border-width: 0.1em 0.1em 0.1em 0.8em; border: solid gray; overflow: auto; padding: 0.2em 0.6em; width: auto;">
<pre style="line-height: 125%; margin: 0;"><span style="color: #888888;">// Spring Security Core plugin</span>
grails <span style="color: #333333;">{</span>
plugin <span style="color: #333333;">{</span>
springsecurity <span style="color: #333333;">{</span>
securityConfigType <span style="color: #333333;">=</span> <span style="background-color: #fff0f0;">"InterceptUrlMap"</span> <span style="color: #888888;">// if using the chainmap in application.groovy. If you prefer Annotations, omit.</span>
auth<span style="color: #333333;">.</span><span style="color: #0000cc;">forceHttps</span> <span style="color: #333333;">=</span> <span style="color: #008800; font-weight: bold;">true</span>
useBasicAuth <span style="color: #333333;">=</span> <span style="color: #008800; font-weight: bold;">true</span> <span style="color: #888888;">// Used for /api/ calls. See chainMap.</span>
basic<span style="color: #333333;">.</span><span style="color: #0000cc;">realmName</span> <span style="color: #333333;">=</span> <span style="background-color: #fff0f0;">"App Authentication"</span>
<span style="color: #888888;">// enforce SSL</span>
secureChannel<span style="color: #333333;">.</span><span style="color: #0000cc;">definition</span> <span style="color: #333333;">=</span> <span style="color: #333333;">[</span>
<span style="color: #333333;">[</span><span style="color: #997700; font-weight: bold;">pattern:</span><span style="background-color: #fff0f0;">'/api'</span><span style="color: #333333;">,</span> <span style="color: #997700; font-weight: bold;">access:</span><span style="background-color: #fff0f0;">'REQUIRES_SECURE_CHANNEL'</span><span style="color: #333333;">]</span> <span style="color: #888888;">// strongly recommended</span>
<span style="color: #888888;">// your other secureChannel settings</span>
<span style="color: #333333;">]</span>
filterChain<span style="color: #333333;">.</span><span style="color: #0000cc;">chainMap</span> <span style="color: #333333;">=</span> <span style="color: #333333;">[</span>
<span style="color: #888888;">// For Basic Auth Chain:</span>
<span style="color: #888888;">// - Use statelessSecurityContextPersistenceFilter instead of securityContextPersistenceFilter,</span>
<span style="color: #888888;">// - no exceptionTranslationFilter</span>
<span style="color: #888888;">// - no anonymousAuthenticationFilter</span>
<span style="color: #888888;">// As springsec-core does not support (+) on JOINED_FILTERS yet, we must state the whole chain when adding our basic auth filters. See springsec-core #437.</span>
<span style="color: #333333;">[</span><span style="color: #997700; font-weight: bold;">pattern:</span><span style="background-color: #fff0f0;">'/api/**'</span><span style="color: #333333;">,</span> <span style="color: #997700; font-weight: bold;">filters:</span> <span style="background-color: #fff0f0;">'securityRequestHolderFilter,channelProcessingFilter,statelessSecurityContextPersistenceFilter,logoutFilter,authenticationProcessingFilter,customBasicAuthenticationFilter,securityContextHolderAwareRequestFilter,basicExceptionTranslationFilter,filterInvocationInterceptor'</span><span style="color: #333333;">],</span> <span style="color: #888888;">// Use BasicAuth</span>
<span style="color: #333333;">[</span><span style="color: #997700; font-weight: bold;">pattern:</span><span style="background-color: #fff0f0;">'/**'</span><span style="color: #333333;">,</span><span style="color: #997700; font-weight: bold;">filters:</span><span style="background-color: #fff0f0;">'JOINED_FILTERS,-statelessSecurityContextPersistenceFilter,-basicAuthenticationFilter,-basicExceptionTranslationFilter'</span><span style="color: #333333;">]</span> <span style="color: #888888;">// normal auth</span>
<span style="color: #333333;">]</span>
interceptUrlMap <span style="color: #333333;">=</span> <span style="color: #333333;">[</span>
<span style="color: #333333;">[</span><span style="color: #997700; font-weight: bold;">pattern:</span><span style="background-color: #fff0f0;">'/api/**'</span><span style="color: #333333;">,</span> <span style="color: #997700; font-weight: bold;">access:</span><span style="color: #333333;">[</span><span style="background-color: #fff0f0;">'ROLE_API_EXAMPLE'</span><span style="color: #333333;">]],</span>
<span style="color: #333333;">[</span><span style="color: #997700; font-weight: bold;">pattern:</span><span style="background-color: #fff0f0;">'/**'</span><span style="color: #333333;">,</span> <span style="color: #997700; font-weight: bold;">access:</span><span style="color: #333333;">[</span><span style="background-color: #fff0f0;">'ROLE_USER'</span><span style="color: #333333;">]]</span>
<span style="color: #333333;">}</span>
<span style="color: #333333;">}</span>
<span style="color: #333333;">}</span>
<span style="color: #333333;">}</span>
</pre>
</div>
</div>
<div>
<br /></div>
<div>
5. UrlMappings definition</div>
<div>
<br /></div>
<div>
For the example above, you need to map your Api Controllers to /api/ in UrlMappings.groovy.</div>
<div>
<br /></div>
<div>
<br /></div>
<div>
<br /></div>
<br />
<br />Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-8257268696459320708.post-83335868586935070032016-10-06T03:37:00.000-07:002016-10-14T02:37:08.922-07:00Fortinet Route Based VPN with overlapping NetworksThe other day I needed to establish an IPSEC VPN on a Fortinet 60D with Source NAT for an overlapping Subnet scenario. The remote subnet was the same as our local one.<br />
<br />
I only found Policy Based examples in the Fortinet kb, so I tested it myself using a route based VPN.<br />
<br />
The trick is to create an IP-Pool with the source NAT Subnet range, e.g. 192.168.99.0/24<br />
This subnet is then presented to the remote IPSEC VPN (Proxy-ID) during IPSEC Phase 2 negotiation.<br />
<br />
Whenever you access remote resources via the VPN, your local subnet IP (e.g. 192.168.1.2) is translated 1:1 into the IP-Pool subnet address (192.168.99.1) before entering the VPN.<br />
<br />
1. create a IP Pool (Policy & Objects > IP Pools > Create New) with the following settings:<br />
<ul>
<li>Type: Overload</li>
<li>Range: 192.168.99.0 - 192.168.99.255</li>
<li>ARP Reply: checked</li>
</ul>
<div>
2. Create your route based VPN (e.g. using the wizard). Type is "custom".</div>
<div>
In Phase2:<br />
<br />
<ul>
<li>Use your IP-Pool Subnet address (the source NAT translated one created in 1.)</li>
<li>Add all remote Subnets needed as Proxy-IDs. </li>
</ul>
</div>
<div>
</div>
<div>
3. Add static routes for all remote subnets (Network > Static Routes):</div>
<div>
<ul>
<li>Destination: Subnet</li>
<li>Subnet specification, e.g. 192.168.243.0/24</li>
<li>Device: <Tunnel Interface for the VPN></li>
<li>Administative Distance: 10</li>
</ul>
<div>
4. Create Address Entries for local and remote subnets. If you use the VPN wizard, these entries are created automatically. If you configure the VPN manually or on the CLI, you must create address book entries on your own:</div>
<div>
<ul>
<li>Create one entry for your local internal network, e.g: 192.168.1.0/24</li>
<li>Create entries for all remote subnets</li>
</ul>
</div>
<div>
5. Create a policy (Policy & Objects > IPv4 Policy > Create New:</div>
</div>
<div>
<ul>
<li>Incoming Interface: internal</li>
<li>Outgoing Interface: <Tunnel Interface for the VPN></li>
<li>Source: <Your local internal network Address entry created in 4.></li>
<li>Destination Address: <remote network address definition(s) created in 4.></li>
<li>Schedule: always</li>
<li>Service: ALL</li>
<li>Action: ACCEPT</li>
<li>NAT: enable</li>
<li>Fixed Port: disable</li>
<li>IP Pool Configuration: "Use Dynamic IP Pool". Select your Source-NAT IP Pool defined in 1.</li>
<li>Enable this policy: enabled</li>
</ul>
6. Test your communication to the remote subnet(s).<br />
<div>
<br /></div>
</div>
<div>
<br /></div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-8257268696459320708.post-11779747810819650182015-04-10T00:33:00.003-07:002015-04-13T00:52:33.741-07:00XCode 6.2 with IOS8.3 devices (Swift 1.1 / 1.2 problem)If you need to debug Apps on an IOS 8.3 device, you must use XCode 6.3.<br />
<br />
If you are in the situation that you have this very important Swift 1.1 based application to show your customer now, and not the time yet to migrate it to Swift 1.2, you must stick to XCode 6.2. But that does not work. You receive a "Device not eligible" error or "platform directory not found" error.<br />
<br />
To debug / deploy your Swift 1.1 application to an IOS 8.3 device with XCode 6.2, there is a workaround.<br />
<br />
<h4>
1. Archive old XCode 6.2</h4>
<div>
In Finder, go to /Applications and archive Xcode.app. This is an important step, as we need to unpack it after the upgrade to XCode 6.3</div>
<div>
<br /></div>
<h4>
2. Update XCode to 6.3</h4>
<div>
Upgrade XCode to 6.3 using the App Store application.</div>
<br />
<h4>
3. Rename XCode 6.3</h4>
After the upgrade, rename Xcode.app to Xcode6.3.app<br />
<br />
<h4>
4. Unpack XCode 6.2</h4>
Now unpack the zip file created in Step 1. Afterwards, you have 2 Xcode applications in /Applications, the old Xcode.app (6.2) and Xcode6.3.app<br />
<br />
<h4>
5. symlink IOS 6.3 Device Support into Xcode 6.2</h4>
<div>
Open Terminal.app and enter:</div>
<div>
<br /></div>
<div>
<span style="font-family: Courier New, Courier, monospace; font-size: xx-small;">cd /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/DeviceSupport/ </span></div>
<div>
<span style="font-family: Courier New, Courier, monospace; font-size: xx-small;"><br /></span></div>
<div>
<span style="font-family: Courier New, Courier, monospace; font-size: xx-small;"> ln -s /Applications/Xcode6.3.app/Contents/Developer/Platforms/iPhoneOS.platform/DeviceSupport/8.3\ \(12F69\)/ </span></div>
<div>
<span style="font-family: Courier New, Courier, monospace; font-size: xx-small;"><br /></span></div>
<div>
<span style="font-family: Courier New, Courier, monospace; font-size: xx-small;"> sudo chown -R root:wheel /Applications/Xcode.app</span></div>
<br />
This sym-links the IOS 6.3 platform directory from Xcode 6.3 into Xcode 6.2.<br />
<br />
<h4>
6. Start Xcode 6.2 and run your app on an IOS 8.3 device </h4>
Start /Applications/Xcode.app and try to run your application on an IOS 8.3 device. If you still receive the "Device not eligible" error, click on Product > Destination > "Your Iphone" and try again.<br />
It might be possible that you need to issue new provisioning profiles the first time you run the app on IOS 6.3.<br />
<br />
<h4>
7. select the command line tools</h4>
<div>
If you use Carthage, you may perform xcode-select to select the Xcode 6.2 build tools, otherwise your Carthage dependencies fail to compile. Do not forget to switch it back to 6.3 if needed.</div>
<div>
<br />
<span style="font-family: Menlo; font-size: 11px;">#> sudo xcode-select -p # print currently selected xcode commandline tools</span></div>
<div>
<div style="font-family: Menlo; font-size: 11px;">
#> sudo xcode-select -s /Applications/Xcode.app/Contents/Developer</div>
<div style="font-family: Menlo; font-size: 11px;">
<br /></div>
<div style="font-family: Menlo; font-size: 11px;">
<br /></div>
<div style="font-family: Menlo; font-size: 11px;">
<br /></div>
</div>
Note:<br />
For sure the best fix is to migrate your Swift 1.1 application to Swift 1.2 asap and work with XCode 6.3.<br />
<br />
<br />Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-8257268696459320708.post-48645093861702874622014-10-24T03:16:00.002-07:002016-10-14T02:47:45.984-07:00Auto-connect OSX IPSEC VPN on system boot / wakeupIf you have OSX 10.10 (Yosemite) or higher installed and need to automatically (re-) connect a VPN connection on system boot or wakeup, read on.<br />
<br />
For a headless remote OSX machine, I needed to setup automatic VPN connection so the remote device is always accessible via VPN.<br />
<br />
<br />
1. create LaunchDaemon plist file<br />
<div>
<!-- HTML generated using hilite.me --><div style="background: #ffffff; overflow:auto;width:auto;border:solid gray;border-width:.1em .1em .1em .8em;padding:.2em .6em;"><pre style="margin: 0; line-height: 125%">sudo vi /Library/LaunchDaemons/org.roosbertl.osxvpnautoconnect.plist
</pre></div>
</div>
<br />
<br />
content:<br />
<br />
<div>
<!-- HTML generated using hilite.me --><div style="background: #ffffff; overflow:auto;width:auto;border:solid gray;border-width:.1em .1em .1em .8em;padding:.2em .6em;"><pre style="margin: 0; line-height: 125%"><span style="color: #557799"><?xml version="1.0" encoding="UTF-8"?></span>
<span style="color: #557799"><!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"></span>
<span style="color: #007700"><plist</span> <span style="color: #0000CC">version=</span><span style="background-color: #fff0f0">"1.0"</span><span style="color: #007700">></span>
<span style="color: #888888"><!-- </span>
<span style="color: #888888"> See http://roosbertl.blogspot.com </span>
<span style="color: #888888"> Auto-connect to named OSX VPN when network is reachable. </span>
<span style="color: #888888"> This LaunchDaemon monitors the state of the given VPN configuration. </span>
<span style="color: #888888"> If the VPN is disconnected, it pings an internet host, first (www.google.com) </span>
<span style="color: #888888"> Then it establishes the VPN again. </span>
<span style="color: #888888"> Note: using scutil to connect, as "networksetup" does not work on Yosemite to reconnect a VPN </span>
<span style="color: #888888"> Based on plist by patrix </span>
<span style="color: #888888"> http://apple.stackexchange.com/questions/42610/getting-vpn-to-auto-reconnect-on-connection-drop </span>
<span style="color: #888888"> Config: </span>
<span style="color: #888888"> 1. Replace "VPN (Cisco IPSec)" below with your VPN connection name as configured in system prefs </span>
<span style="color: #888888"> 2. Install this file in /Library/LaunchDaemons/org.roosbertl.osxvpnautoconnect.plist (sudo) </span>
<span style="color: #888888"> 3. Set permissions </span>
<span style="color: #888888"> sudo chown root:wheel /Library/LaunchDaemons/org.roosbertl.osxvpnautoconnect.plist </span>
<span style="color: #888888"> sudo chmod 644 /Library/LaunchDaemons/org.roosbertl.osxvpnautoconnect.plist </span>
<span style="color: #888888"> 4. activate/update with: </span>
<span style="color: #888888"> sudo launchctl unload -w /Library/LaunchDaemons/org.roosbertl.osxvpnautoconnect.plist </span>
<span style="color: #888888"> sudo launchctl load -w /Library/LaunchDaemons/org.roosbertl.osxvpnautoconnect.plist </span>
<span style="color: #888888"> --></span>
<span style="color: #007700"><dict></span>
<span style="color: #007700"><key></span>Label<span style="color: #007700"></key></span>
<span style="color: #007700"><string></span>org.roosbertl.osxvpnautoconnect<span style="color: #007700"></string></span>
<span style="color: #007700"><key></span>ProgramArguments<span style="color: #007700"></key></span>
<span style="color: #007700"><array></span>
<span style="color: #007700"><string></span>bash<span style="color: #007700"></string></span>
<span style="color: #007700"><string></span>-c<span style="color: #007700"></string></span>
<span style="color: #007700"><string></span>(test $(networksetup -showpppoestatus "VPN (Cisco IPSec)") = 'disconnected' <span style="color: #880000; font-weight: bold">&amp;&amp;</span> echo "Re-Connecting VPN (Cisco IPSec).." <span style="color: #880000; font-weight: bold">&amp;&amp;</span> ping -o www.google.com <span style="color: #880000; font-weight: bold">&amp;&amp;</span> scutil --nc start "VPN (Cisco IPSec)") ; sleep 10<span style="color: #007700"></string></span>
<span style="color: #007700"></array></span>
<span style="color: #007700"><key></span>RunAtLoad<span style="color: #007700"></key></span>
<span style="color: #007700"><true/></span>
<span style="color: #007700"><key></span>KeepAlive<span style="color: #007700"></key></span>
<span style="color: #007700"><true/></span>
<span style="color: #007700"></dict></span>
<span style="color: #007700"></plist></span>
</pre></div>
</div>
<br />
2. set permissions<br />
<br />
<div>
<!-- HTML generated using hilite.me --><div style="background: #ffffff; overflow:auto;width:auto;border:solid gray;border-width:.1em .1em .1em .8em;padding:.2em .6em;"><pre style="margin: 0; line-height: 125%"><span style="color: #888888">sudo chown root:wheel /Library/LaunchDaemons/org.roosbertl.osxvpnautoconnect.plist </span>
<span style="color: #888888">sudo chmod 644 /Library/LaunchDaemons/org.roosbertl.osxvpnautoconnect.plist </span>
</pre></div>
</div>
<div><br /></div>
<div><br /></div>
3. activate<br />
<br />
<div>
<!-- HTML generated using hilite.me --><div style="background: #ffffff; overflow:auto;width:auto;border:solid gray;border-width:.1em .1em .1em .8em;padding:.2em .6em;"><pre style="margin: 0; line-height: 125%"><span style="color: #888888">sudo launchctl load -w /Library/LaunchDaemons/org.roosbertl.osxvpnautoconnect.plist </span>
</pre></div>
</div>
<br />
<br />Unknownnoreply@blogger.com8tag:blogger.com,1999:blog-8257268696459320708.post-58342841587295954682014-03-06T02:20:00.001-08:002014-03-06T02:20:05.781-08:00Oracle Jaxb Maven Artifact mess...Today I wanted to upgrade jaxb-xjc from 2.1.5 to 2.1.16 and got the error<br />
<br />
<div style="font-family: Menlo; font-size: 11px;">
Could not find group:com.sun.xml.bind, module:jaxb-core, version:2.1.16.</div>
<div style="font-family: Menlo; font-size: 11px;">
<br /></div>
<div style="font-family: Menlo; font-size: 11px;">
<span style="font-family: Times; font-size: small;">After digging into mavenrepository.com, there wasn't a jaxb-core 2.1.16 available.</span></div>
I first thought the usual Sun / Oracle "download our RI zip to get the artifacts" game.<br />
Downloaded jaxb-ri-2_1_16.zip from https://jaxb.java.net/downloads/ri/ and unpacked it.<br />
<br />
No jaxb-core.jar in the zip...<br />
<br />
Then I found bug report <a href="https://java.net/jira/browse/JAXB-984">https://java.net/jira/browse/JAXB-984</a><br />
<br />
They messed up all the newer Jaxb 2.1.x version pom files. Bug seems to be partially resolved, only, as they closed it without fixing 2.1.16 (and some other versions).<br />
<br />
Thats a "reference implementation" I like a lot...<br />
<br />
<br />
<br />
<br />Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-8257268696459320708.post-56129105261331471502013-10-19T05:02:00.000-07:002016-10-14T02:22:43.057-07:00Grails database-migration-plugin: DB independent diff filesIf you are using Grails database-migration-plugin and your application has to support MySQL as well as Oracle, you have 2 choices currently. As the underlying Liquibase library is currently unable to create real database-agnostic migration files when performing a diff, you can:<br />
<br />
<ul>
<li>create 2 different sets of migration files, one for MySQL one for Oracle. Drawback of this is, that this is error prone and anything else than DRY.</li>
<li>Convert the created migration files automatically so they are real database agnostic.</li>
</ul>
<div>
Thanks to the Grails database-migration-plugin hooks (when using database-migration plugin version >= 1.3), we can do that automatically on initial start after creating a new migration file. Migration files are only migrated once, and migrated files will be marked with a special comment to indicate conversion.</div>
<div>
<br /></div>
<div>
In changelog.groovy, define all types you want to use for Oracle and MySQL (you can extend that to support other db types, easily):</div>
<div><br /></div>
<div>
<!-- HTML generated using hilite.me --><div style="background: #ffffff; overflow:auto;width:auto;border:solid gray;border-width:.1em .1em .1em .8em;padding:.2em .6em;"><pre style="margin: 0; line-height: 125%">databaseChangeLog <span style="color: #333333">=</span> <span style="color: #333333">{</span>
<span style="color: #888888">/*</span>
<span style="color: #888888"> DATABASE SPECIFIC TYPE PROPERTIES</span>
<span style="color: #888888"> */</span>
property <span style="color: #997700; font-weight: bold">name:</span> <span style="background-color: #fff0f0">"text.type"</span><span style="color: #333333">,</span> <span style="color: #997700; font-weight: bold">value:</span> <span style="background-color: #fff0f0">"varchar(50)"</span><span style="color: #333333">,</span> <span style="color: #997700; font-weight: bold">dbms:</span> <span style="background-color: #fff0f0">"mysql"</span>
property <span style="color: #997700; font-weight: bold">name:</span> <span style="background-color: #fff0f0">"text.type"</span><span style="color: #333333">,</span> <span style="color: #997700; font-weight: bold">value:</span> <span style="background-color: #fff0f0">"varchar2(500)"</span><span style="color: #333333">,</span> <span style="color: #997700; font-weight: bold">dbms:</span> <span style="background-color: #fff0f0">"oracle"</span>
property <span style="color: #997700; font-weight: bold">name:</span> <span style="background-color: #fff0f0">"string.type"</span><span style="color: #333333">,</span> <span style="color: #997700; font-weight: bold">value:</span> <span style="background-color: #fff0f0">"varchar"</span><span style="color: #333333">,</span> <span style="color: #997700; font-weight: bold">dbms:</span> <span style="background-color: #fff0f0">"mysql"</span>
property <span style="color: #997700; font-weight: bold">name:</span> <span style="background-color: #fff0f0">"string.type"</span><span style="color: #333333">,</span> <span style="color: #997700; font-weight: bold">value:</span> <span style="background-color: #fff0f0">"varchar2"</span><span style="color: #333333">,</span> <span style="color: #997700; font-weight: bold">dbms:</span> <span style="background-color: #fff0f0">"oracle"</span>
property <span style="color: #997700; font-weight: bold">name:</span> <span style="background-color: #fff0f0">"boolean.type"</span><span style="color: #333333">,</span> <span style="color: #997700; font-weight: bold">value:</span> <span style="background-color: #fff0f0">"bit"</span><span style="color: #333333">,</span> <span style="color: #997700; font-weight: bold">dbms:</span> <span style="background-color: #fff0f0">"mysql"</span>
property <span style="color: #997700; font-weight: bold">name:</span> <span style="background-color: #fff0f0">"boolean.type"</span><span style="color: #333333">,</span> <span style="color: #997700; font-weight: bold">value:</span> <span style="background-color: #fff0f0">"number(1,0)"</span><span style="color: #333333">,</span> <span style="color: #997700; font-weight: bold">dbms:</span> <span style="background-color: #fff0f0">"oracle"</span>
property <span style="color: #997700; font-weight: bold">name:</span> <span style="background-color: #fff0f0">"int.type"</span><span style="color: #333333">,</span> <span style="color: #997700; font-weight: bold">value:</span> <span style="background-color: #fff0f0">"bigint"</span><span style="color: #333333">,</span> <span style="color: #997700; font-weight: bold">dbms:</span> <span style="background-color: #fff0f0">"mysql"</span>
property <span style="color: #997700; font-weight: bold">name:</span> <span style="background-color: #fff0f0">"int.type"</span><span style="color: #333333">,</span> <span style="color: #997700; font-weight: bold">value:</span> <span style="background-color: #fff0f0">"number(19,0)"</span><span style="color: #333333">,</span> <span style="color: #997700; font-weight: bold">dbms:</span> <span style="background-color: #fff0f0">"oracle"</span>
property <span style="color: #997700; font-weight: bold">name:</span> <span style="background-color: #fff0f0">"clob.type"</span><span style="color: #333333">,</span> <span style="color: #997700; font-weight: bold">value:</span> <span style="background-color: #fff0f0">"longtext"</span><span style="color: #333333">,</span> <span style="color: #997700; font-weight: bold">dbms:</span> <span style="background-color: #fff0f0">"mysql"</span>
property <span style="color: #997700; font-weight: bold">name:</span> <span style="background-color: #fff0f0">"clob.type"</span><span style="color: #333333">,</span> <span style="color: #997700; font-weight: bold">value:</span> <span style="background-color: #fff0f0">"clob"</span><span style="color: #333333">,</span> <span style="color: #997700; font-weight: bold">dbms:</span> <span style="background-color: #fff0f0">"oracle"</span>
property <span style="color: #997700; font-weight: bold">name:</span> <span style="background-color: #fff0f0">"blob.type"</span><span style="color: #333333">,</span> <span style="color: #997700; font-weight: bold">value:</span> <span style="background-color: #fff0f0">"longblob"</span><span style="color: #333333">,</span> <span style="color: #997700; font-weight: bold">dbms:</span> <span style="background-color: #fff0f0">"mysql"</span>
property <span style="color: #997700; font-weight: bold">name:</span> <span style="background-color: #fff0f0">"blob.type"</span><span style="color: #333333">,</span> <span style="color: #997700; font-weight: bold">value:</span> <span style="background-color: #fff0f0">"blob"</span><span style="color: #333333">,</span> <span style="color: #997700; font-weight: bold">dbms:</span> <span style="background-color: #fff0f0">"oracle"</span>
<span style="color: #888888">/* DATABASE SPECIFIC FEATURES */</span>
property <span style="color: #997700; font-weight: bold">name:</span> <span style="background-color: #fff0f0">"autoIncrement"</span><span style="color: #333333">,</span> <span style="color: #997700; font-weight: bold">value:</span> <span style="background-color: #fff0f0">"true"</span><span style="color: #333333">,</span> <span style="color: #997700; font-weight: bold">dbms:</span> <span style="background-color: #fff0f0">"mysql"</span>
property <span style="color: #997700; font-weight: bold">name:</span> <span style="background-color: #fff0f0">"autoIncrement"</span><span style="color: #333333">,</span> <span style="color: #997700; font-weight: bold">value:</span> <span style="background-color: #fff0f0">"false"</span><span style="color: #333333">,</span> <span style="color: #997700; font-weight: bold">dbms:</span> <span style="background-color: #fff0f0">"oracle"</span>
<span style="color: #888888">/* Database specific prerequisite patches */</span>
changeSet<span style="color: #333333">(</span><span style="color: #997700; font-weight: bold">author:</span> <span style="background-color: #fff0f0">"changelog"</span><span style="color: #333333">,</span> <span style="color: #997700; font-weight: bold">id:</span> <span style="background-color: #fff0f0">"ORACLE-PRE-1"</span><span style="color: #333333">,</span> <span style="color: #997700; font-weight: bold">dbms:</span> <span style="background-color: #fff0f0">"oracle"</span><span style="color: #333333">)</span> <span style="color: #333333">{</span>
createSequence<span style="color: #333333">(</span><span style="color: #997700; font-weight: bold">sequenceName:</span> <span style="background-color: #fff0f0">"hibernate_sequence"</span><span style="color: #333333">)</span>
<span style="color: #333333">}</span>
<span style="color: #888888">/* Patch files */</span>
include <span style="color: #997700; font-weight: bold">file:</span> <span style="background-color: #fff0f0">'initial.groovy'</span>
<span style="color: #333333">}</span>
</pre></div>
</div>
<div>
<br /></div>
<div>
<span style="font-family: "times" , "times new roman" , serif;">Then create a Callback Bean class for database-migration-plugin and register it in resources.groovy:</span></div>
<div>
<span style="font-family: "times" , "times new roman" , serif;"><br /></span></div>
<div>
<!-- HTML generated using hilite.me --><div style="background: #ffffff; overflow:auto;width:auto;border:solid gray;border-width:.1em .1em .1em .8em;padding:.2em .6em;"><pre style="margin: 0; line-height: 125%">migrationCallbacks<span style="color: #333333">(</span>DbmCallbacks<span style="color: #333333">)</span>
</pre></div>
</div>
<div>
<span style="font-family: "courier new" , "courier" , monospace; font-size: xx-small;"><br /></span></div>
<div>
Bean:</div>
<div><br /></div>
<div>
<!-- HTML generated using hilite.me --><div style="background: #ffffff; overflow:auto;width:auto;border:solid gray;border-width:.1em .1em .1em .8em;padding:.2em .6em;"><pre style="margin: 0; line-height: 125%"><span style="color: #008800; font-weight: bold">import</span> <span style="color: #0e84b5; font-weight: bold">liquibase.Liquibase</span>
<span style="color: #008800; font-weight: bold">import</span> <span style="color: #0e84b5; font-weight: bold">liquibase.database.Database</span>
<span style="color: #008800; font-weight: bold">import</span> <span style="color: #0e84b5; font-weight: bold">org.codehaus.groovy.grails.plugins.support.aware.GrailsApplicationAware</span><span style="color: #333333">;</span>
<span style="color: #008800; font-weight: bold">import</span> <span style="color: #0e84b5; font-weight: bold">org.codehaus.groovy.grails.commons.GrailsApplication</span>
<span style="color: #008800; font-weight: bold">class</span> <span style="color: #BB0066; font-weight: bold">DbmCallbacks</span> <span style="color: #008800; font-weight: bold">implements</span> GrailsApplicationAware <span style="color: #333333">{</span>
<span style="color: #008800; font-weight: bold">private</span> <span style="color: #008800; font-weight: bold">static</span> <span style="color: #008800; font-weight: bold">final</span> String MIGRATION_KEY <span style="color: #333333">=</span> <span style="background-color: #fff0f0">"AUTO_REWORKED_MIGRATION_KEY"</span>
<span style="color: #008800; font-weight: bold">private</span> <span style="color: #008800; font-weight: bold">static</span> <span style="color: #008800; font-weight: bold">final</span> String MIGRATION_HEADER <span style="color: #333333">=</span> <span style="background-color: #fff0f0">"*/ ${MIGRATION_KEY} */"</span>
<span style="color: #888888">// DB-Specific types to liquibase properties mapping</span>
<span style="color: #888888">// see changelog.groovy for defined liquibase properties</span>
Map<span style="color: #333333"><</span>String<span style="color: #333333">,</span>String<span style="color: #333333">></span> liquibaseTypesMapping <span style="color: #333333">=</span> <span style="color: #333333">[</span>
<span style="color: #888888">// start with specific ones, then unspecific ones.</span>
<span style="background-color: #fff0f0">'type: "varchar(50)"'</span><span style="color: #333333">:</span> <span style="background-color: #fff0f0">"type: '\\\${text.type}'"</span><span style="color: #333333">,</span>
<span style="background-color: #fff0f0">'type: "varchar2(500)"'</span><span style="color: #333333">:</span> <span style="background-color: #fff0f0">"type: '\\\${text.type}'"</span><span style="color: #333333">,</span>
<span style="background-color: #fff0f0">'type: "varchar"'</span><span style="color: #333333">:</span> <span style="background-color: #fff0f0">"type: '\\\${string.type}'"</span><span style="color: #333333">,</span>
<span style="background-color: #fff0f0">'type: "varchar2"'</span><span style="color: #333333">:</span> <span style="background-color: #fff0f0">"type: '\\\${string.type}'"</span><span style="color: #333333">,</span>
<span style="background-color: #fff0f0">'type: "bit"'</span><span style="color: #333333">:</span> <span style="background-color: #fff0f0">"type: '\\\${boolean.type}\'"</span><span style="color: #333333">,</span>
<span style="background-color: #fff0f0">'type: "number(1,0)"'</span><span style="color: #333333">:</span> <span style="background-color: #fff0f0">"type: '\\\${boolean.type}'"</span><span style="color: #333333">,</span>
<span style="background-color: #fff0f0">'type: "bigint"'</span><span style="color: #333333">:</span> <span style="background-color: #fff0f0">"type: '\\\${int.type}'"</span><span style="color: #333333">,</span>
<span style="background-color: #fff0f0">'type: "number(19,0)"'</span><span style="color: #333333">:</span> <span style="background-color: #fff0f0">"type: '\\\${int.type}'"</span><span style="color: #333333">,</span>
<span style="background-color: #fff0f0">'type: "longtext"'</span><span style="color: #333333">:</span> <span style="background-color: #fff0f0">"type: '\\\${clob.type}\'"</span><span style="color: #333333">,</span>
<span style="background-color: #fff0f0">'type: "clob"'</span><span style="color: #333333">:</span> <span style="background-color: #fff0f0">"type: '\\\${clob.type}\'"</span><span style="color: #333333">,</span>
<span style="background-color: #fff0f0">'type: "longblob"'</span><span style="color: #333333">:</span> <span style="background-color: #fff0f0">"type: '\\\${blob.type}\'"</span><span style="color: #333333">,</span>
<span style="background-color: #fff0f0">'type: "blob"'</span><span style="color: #333333">:</span> <span style="background-color: #fff0f0">"type: '\\\${blob.type}\'"</span><span style="color: #333333">,</span>
<span style="color: #888888">// regEx (e.g. "varchar(2)" to ${string.type}(2)'. Do not add trailing "'", here!</span>
<span style="background-color: #fff0f0">'/.*(type: "varchar\\((.*)\\)").*/'</span><span style="color: #333333">:</span> <span style="background-color: #fff0f0">"type: '\\\${string.type}"</span><span style="color: #333333">,</span>
<span style="background-color: #fff0f0">'/.*(type: "varchar2\\((.*)\\)").*/'</span><span style="color: #333333">:</span> <span style="background-color: #fff0f0">"type: '\\\${string.type}"</span><span style="color: #333333">,</span>
<span style="color: #888888">// db features</span>
<span style="background-color: #fff0f0">'autoIncrement: "true"'</span><span style="color: #333333">:</span> <span style="background-color: #fff0f0">"autoIncrement: '\\\${autoIncrement}'"</span>
<span style="color: #333333">]</span>
<span style="color: #333399; font-weight: bold">void</span> <span style="color: #0066BB; font-weight: bold">beforeStartMigration</span><span style="color: #333333">(</span>Database database<span style="color: #333333">)</span> <span style="color: #333333">{</span>
reworkMigrationFiles<span style="color: #333333">()</span>
<span style="color: #333333">}</span>
<span style="color: #008800; font-weight: bold">private</span> <span style="color: #333399; font-weight: bold">void</span> <span style="color: #0066BB; font-weight: bold">reworkMigrationFiles</span><span style="color: #333333">()</span> <span style="color: #333333">{</span>
<span style="color: #333399; font-weight: bold">def</span> config <span style="color: #333333">=</span> grailsApplication<span style="color: #333333">.</span><span style="color: #0000CC">config</span><span style="color: #333333">.</span><span style="color: #0000CC">grails</span><span style="color: #333333">.</span><span style="color: #0000CC">plugin</span><span style="color: #333333">.</span><span style="color: #0000CC">databasemigration</span>
<span style="color: #333399; font-weight: bold">def</span> changelogLocation <span style="color: #333333">=</span> config<span style="color: #333333">.</span><span style="color: #0000CC">changelogLocation</span> <span style="color: #333333">?:</span> <span style="background-color: #fff0f0">'grails-app/migrations'</span>
<span style="color: #008800; font-weight: bold">new</span> <span style="color: #0066BB; font-weight: bold">File</span><span style="color: #333333">(</span>changelogLocation<span style="color: #333333">)?.</span><span style="color: #0000CC">listFiles</span><span style="color: #333333">().</span><span style="color: #0000CC">each</span> <span style="color: #333333">{</span> File it <span style="color: #333333">-></span>
List updateOnStartFileNames <span style="color: #333333">=</span> config<span style="color: #333333">.</span><span style="color: #0000CC">updateOnStartFileNames</span>
<span style="color: #008800; font-weight: bold">if</span> <span style="color: #333333">(</span>updateOnStartFileNames<span style="color: #333333">?.</span><span style="color: #0000CC">contains</span><span style="color: #333333">(</span>it<span style="color: #333333">.</span><span style="color: #0000CC">name</span><span style="color: #333333">))</span> <span style="color: #333333">{</span>
<span style="color: #888888">// do not convert updateOnStart files.</span>
<span style="color: #008800; font-weight: bold">return</span>
<span style="color: #333333">}</span>
convertMigrationFile<span style="color: #333333">(</span>it<span style="color: #333333">)</span>
<span style="color: #333333">}</span>
<span style="color: #333333">}</span>
<span style="color: #008800; font-weight: bold">private</span> <span style="color: #333399; font-weight: bold">void</span> <span style="color: #0066BB; font-weight: bold">convertMigrationFile</span><span style="color: #333333">(</span>File migrationFile<span style="color: #333333">)</span> <span style="color: #333333">{</span>
<span style="color: #333399; font-weight: bold">def</span> content <span style="color: #333333">=</span> migrationFile<span style="color: #333333">.</span><span style="color: #0000CC">text</span>
<span style="color: #008800; font-weight: bold">if</span> <span style="color: #333333">(</span>content<span style="color: #333333">.</span><span style="color: #0000CC">contains</span><span style="color: #333333">(</span>MIGRATION_KEY<span style="color: #333333">))</span> <span style="color: #008800; font-weight: bold">return</span>
liquibaseTypesMapping<span style="color: #333333">.</span><span style="color: #0000CC">each</span> <span style="color: #333333">{</span>
String pattern <span style="color: #333333">=</span> it<span style="color: #333333">.</span><span style="color: #0000CC">key</span>
String replace <span style="color: #333333">=</span> it<span style="color: #333333">.</span><span style="color: #0000CC">value</span>
<span style="color: #008800; font-weight: bold">if</span> <span style="color: #333333">(</span>pattern<span style="color: #333333">.</span><span style="color: #0000CC">startsWith</span><span style="color: #333333">(</span><span style="background-color: #fff0f0">'/'</span><span style="color: #333333">))</span> <span style="color: #333333">{</span>
<span style="color: #888888">// Handle regex pattern.</span>
<span style="color: #333399; font-weight: bold">def</span> newContent <span style="color: #333333">=</span> <span style="color: #008800; font-weight: bold">new</span> StringBuffer<span style="color: #333333">()</span>
content<span style="color: #333333">.</span><span style="color: #0000CC">eachLine</span> <span style="color: #333333">{</span> String line <span style="color: #333333">-></span>
<span style="color: #333399; font-weight: bold">def</span> regEx <span style="color: #333333">=</span> pattern<span style="color: #333333">[</span><span style="color: #0000DD; font-weight: bold">1</span><span style="color: #333333">..-</span><span style="color: #0000DD; font-weight: bold">2</span><span style="color: #333333">]</span> <span style="color: #888888">// remove leading and trailing "/"</span>
<span style="color: #333399; font-weight: bold">def</span> matcher <span style="color: #333333">=</span> <span style="color: #333333">(</span>line <span style="color: #333333">=~</span> regEx<span style="color: #333333">)</span>
<span style="color: #008800; font-weight: bold">if</span> <span style="color: #333333">(</span>matcher<span style="color: #333333">.</span><span style="color: #0000CC">matches</span><span style="color: #333333">()</span> <span style="color: #333333">&&</span> matcher<span style="color: #333333">.</span><span style="color: #0000CC">groupCount</span><span style="color: #333333">()</span> <span style="color: #333333">==</span> <span style="color: #0000DD; font-weight: bold">2</span><span style="color: #333333">)</span> <span style="color: #333333">{</span>
String replaceFind <span style="color: #333333">=</span> matcher<span style="color: #333333">[</span><span style="color: #0000DD; font-weight: bold">0</span><span style="color: #333333">][</span><span style="color: #0000DD; font-weight: bold">1</span><span style="color: #333333">]</span> <span style="color: #888888">// this is the found string, e.g. 'type: "varchar(22)"'</span>
String replacement <span style="color: #333333">=</span> <span style="background-color: #fff0f0">"${replace}(${matcher[0][2]})\'"</span> <span style="color: #888888">// new string, e.g. "type: '${string.type}(22)' "</span>
line <span style="color: #333333">=</span> line<span style="color: #333333">.</span><span style="color: #0000CC">replace</span><span style="color: #333333">(</span>replaceFind<span style="color: #333333">,</span> replacement<span style="color: #333333">)</span>
<span style="color: #333333">}</span>
newContent <span style="color: #333333">+=</span> <span style="background-color: #fff0f0">"${line}\n"</span>
<span style="color: #333333">}</span>
content <span style="color: #333333">=</span> newContent
<span style="color: #333333">}</span> <span style="color: #008800; font-weight: bold">else</span> <span style="color: #333333">{</span>
<span style="color: #888888">// non-regEx, so replace all in one go.</span>
content <span style="color: #333333">=</span> content<span style="color: #333333">.</span><span style="color: #0000CC">replaceAll</span><span style="color: #333333">(</span>pattern<span style="color: #333333">,</span> replace<span style="color: #333333">)</span>
<span style="color: #333333">}</span>
<span style="color: #333333">}</span>
<span style="color: #888888">// mark file as already migrated</span>
content <span style="color: #333333">=</span> <span style="background-color: #fff0f0">"${MIGRATION_HEADER} +"</span><span style="color: #FF0000; background-color: #FFAAAA">\</span>n<span style="background-color: #fff0f0">"+ content</span>
<span style="background-color: #fff0f0"> migrationFile.write(content, 'UTF-8')</span>
<span style="background-color: #fff0f0"> log.warn "</span><span style="color: #333333">***</span> Converted database migration file $<span style="color: #333333">{</span>migrationFile<span style="color: #333333">.</span><span style="color: #0000CC">name</span><span style="color: #333333">}</span> to be database independent<span style="color: #FF0000; background-color: #FFAAAA">"</span>
<span style="color: #333333">}</span>
</pre></div>
</div>
<div><br /></div>
<div><br /></div>
<div>
This for sure can be optimized (e.g. use only regEx definitions in the map and handle if no matcher groups are found, but it does it's job. </div>
<div><br /></div>
<div>
Tested with MySQL and Oracle 11.0.2 XE.</div>
<div>
<br /></div>
<div>
<br /></div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-8257268696459320708.post-13028103311606707782013-10-19T04:58:00.003-07:002013-10-19T04:58:47.854-07:00Building 64bit TrueCrypt for OSXCurrently, TrueCrypt binaries are only available for PPC and i386 without any hardware accelleration.<br />
Also, the available binaries are currently under suspect, as nobody knows if they were compiled from the official source code or if they were tampered by someone. (hick..).<br />
<br />
A project tries to get funded to audit the TrueCrypt sources and binaries for any hidden backdoors: <a href="http://istruecryptauditedyet.com/">http://istruecryptauditedyet.com</a>. The german C't magazine tried to rebuild the Windows binaries from the source code and found some suspect differences while comparing the binaries. See here <a href="http://translate.google.de/translate?hl=de&sl=de&tl=en&u=http%3A%2F%2Fwww.heise.de%2Fnewsticker%2Fmeldung%2FDer-Weg-zu-einem-verlaesslicheren-TrueCrypt-1982154.html" target="_blank">[english translation]</a> <a href="http://www.heise.de/newsticker/meldung/Der-Weg-zu-einem-verlaesslicheren-TrueCrypt-1982154.html" target="_blank">[original article in german]</a>.<br />
<br />
To ensure at least you do not use tampered binaries, you can use this script to generate a 64bit OSX version from the TrueCrypt sources with hardware accellerated AES functions yourself. (Idea and patches see this <a href="http://www.nerdenmeister.org/2013/08/16/build-truecrypt-on-os-x-64-bit-with-hardware-acceleration/" target="_blank">Blog</a> post).<br />
<br />
<br />
<span style="background-color: #f3f3f3; font-size: xx-small;">#!/bin/sh</span><br />
<span style="background-color: #f3f3f3; font-size: xx-small;"># Build TrueCrypt on OSX with 64bit and HW acc. AES</span><br />
<span style="background-color: #f3f3f3; font-size: xx-small;"># 2013 http://roosbertl.blogspot.com</span><br />
<span style="background-color: #f3f3f3; font-size: xx-small;">####</span><br />
<span style="background-color: #f3f3f3; font-size: xx-small;">version=7.1a</span><br />
<span style="background-color: #f3f3f3; font-size: xx-small;">md5="102d9652681db11c813610882332ae48"</span><br />
<span style="background-color: #f3f3f3; font-size: xx-small;">sourcename="TrueCrypt ${version} Source.tar.gz"</span><br />
<span style="background-color: #f3f3f3; font-size: xx-small;">####</span><br />
<span style="background-color: #f3f3f3; font-size: xx-small;">download_filename="TrueCrypt%20${version}%20Source.tar.gz"</span><br />
<span style="background-color: #f3f3f3; font-size: xx-small;">which /opt/local/bin/port &>/dev/null</span><br />
<span style="background-color: #f3f3f3; font-size: xx-small;">if [ $? != 0 ]; then</span><br />
<span style="background-color: #f3f3f3; font-size: xx-small;"><span class="Apple-tab-span" style="white-space: pre;"> </span>echo "Port seems not to be installed."</span><br />
<span style="background-color: #f3f3f3; font-size: xx-small;"><span class="Apple-tab-span" style="white-space: pre;"> </span>echo "Please install www.macports.org, first" </span><br />
<span style="background-color: #f3f3f3; font-size: xx-small;"><span class="Apple-tab-span" style="white-space: pre;"> </span>exit 1</span><br />
<span style="background-color: #f3f3f3; font-size: xx-small;">fi</span><br />
<span style="background-color: #f3f3f3; font-size: xx-small;">currDir=`pwd`</span><br />
<span style="background-color: #f3f3f3; font-size: xx-small;">workDir="$0.$$"</span><br />
<span style="background-color: #f3f3f3; font-size: xx-small;">echo "Creating TrueCrypt $version"</span><br />
<span style="background-color: #f3f3f3; font-size: xx-small;">mkdir $workDir</span><br />
<span style="background-color: #f3f3f3; font-size: xx-small;">trap "echo cleaning up; cd $currDir; rm -rf $workDir ; exit" SIGHUP SIGINT SIGTERM</span><br />
<span style="background-color: #f3f3f3; font-size: xx-small;">echo "Getting required Ports.."</span><br />
<span style="background-color: #f3f3f3; font-size: xx-small;">sudo port install wxWidgets-3.0 fuse4x nasm wget pkgconfig</span><br />
<span style="background-color: #f3f3f3; font-size: xx-small;">sudo port select wxWidgets wxWidgets-3.0</span><br />
<span style="background-color: #f3f3f3; font-size: xx-small;">echo " "</span><br />
<span style="background-color: #f3f3f3; font-size: xx-small;">echo "Downloading $sourcename"</span><br />
<span style="background-color: #f3f3f3; font-size: xx-small;">wget --quiet http://cyberside.planet.ee/truecrypt/$download_filename</span><br />
<span style="background-color: #f3f3f3; font-size: xx-small;">echo "Checking md5.."</span><br />
<span style="background-color: #f3f3f3; font-size: xx-small;">thisMd5=`openssl md5 < $sourcename | cut -d " " -f 2`</span><br />
<span style="background-color: #f3f3f3; font-size: xx-small;">if [ ! "$md5" = "$thisMd5" ]; then</span><br />
<span style="background-color: #f3f3f3; font-size: xx-small;"><span class="Apple-tab-span" style="white-space: pre;"> </span>echo "MD5 checksum $thisMd5 does not match expected MD5 checksum $md5"</span><br />
<span style="background-color: #f3f3f3; font-size: xx-small;"><span class="Apple-tab-span" style="white-space: pre;"> </span>echo "Either the source file was modified or you tried to download a different version"</span><br />
<span style="background-color: #f3f3f3; font-size: xx-small;"><span class="Apple-tab-span" style="white-space: pre;"> </span>echo "FATAL ERROR. Aborting."</span><br />
<span style="background-color: #f3f3f3; font-size: xx-small;"><span class="Apple-tab-span" style="white-space: pre;"> </span>exit 1</span><br />
<span style="background-color: #f3f3f3; font-size: xx-small;">else</span><br />
<span style="background-color: #f3f3f3; font-size: xx-small;"><span class="Apple-tab-span" style="white-space: pre;"> </span>echo "Checksum is ok."</span><br />
<span style="background-color: #f3f3f3; font-size: xx-small;">fi</span><br />
<span style="background-color: #f3f3f3; font-size: xx-small;">echo "Extracting '$sourcename'"</span><br />
<span style="background-color: #f3f3f3; font-size: xx-small;">tar zxf "$sourcename"</span><br />
<span style="background-color: #f3f3f3; font-size: xx-small;">cd truecrypt-${version}-source</span><br />
<span style="background-color: #f3f3f3; font-size: xx-small;">echo "Getting Patch file.."</span><br />
<span style="background-color: #f3f3f3; font-size: xx-small;">wget --quiet http://www.nerdenmeister.org/truecrypt-osx.patch</span><br />
<span style="background-color: #f3f3f3; font-size: xx-small;">mkdir Pkcs11</span><br />
<span style="background-color: #f3f3f3; font-size: xx-small;">cd Pkcs11</span><br />
<span style="background-color: #f3f3f3; font-size: xx-small;">echo "Getting pkcs11 headers.."</span><br />
<span style="background-color: #f3f3f3; font-size: xx-small;">wget --quiet ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/v2-20/pkcs11.h</span><br />
<span style="background-color: #f3f3f3; font-size: xx-small;">wget --quiet ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/v2-20/pkcs11f.h</span><br />
<span style="background-color: #f3f3f3; font-size: xx-small;">wget --quiet ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/v2-20/pkcs11t.h</span><br />
<span style="background-color: #f3f3f3; font-size: xx-small;">cd ..</span><br />
<span style="background-color: #f3f3f3; font-size: xx-small;">echo "Patching TrueCrypt for 64bit and HW accellerated AES.."</span><br />
<span style="background-color: #f3f3f3; font-size: xx-small;">patch -p0 < truecrypt-osx.patch</span><br />
<span style="background-color: #f3f3f3; font-size: xx-small;">echo "Compiling..."</span><br />
<span style="background-color: #f3f3f3; font-size: xx-small;">make -j4</span><br />
<span style="background-color: #f3f3f3; font-size: xx-small;">echo "Compile done."</span><br />
<span style="background-color: #f3f3f3; font-size: xx-small;">mv Main/TrueCrypt.app ..</span><br />
<span style="background-color: #f3f3f3; font-size: xx-small;">echo "Cleanup.."</span><br />
<span style="background-color: #f3f3f3; font-size: xx-small;">cd $currDir</span><br />
<span style="background-color: #f3f3f3; font-size: xx-small;">rm -rf $0.$$</span><br />
<span style="background-color: #f3f3f3; font-size: xx-small;">echo "Done creating TrueCrypt.app Version: $version"</span><br />
<span style="background-color: #f3f3f3; font-size: xx-small;"># end</span><br />
<br />
<br />
<br />
<br />
<br />Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-8257268696459320708.post-21106854075661617482013-07-31T11:07:00.000-07:002013-07-31T11:08:14.232-07:00jMeter-Server on OSXIf you want to run a jmeter-server unattended on one or several OSX boxes, you can perform this:<br />
<br />
<h3>
1. create /Library/LaunchAgents/org.apache.jmeter.server.plist</h3>
<br />
#>sudo vi /Library/LaunchAgents/org.apache.jmeter.server.plist<br />
<br />
<br />
<span style="font-family: Courier New, Courier, monospace;"><?xml version="1.0" encoding="UTF-8"?></span><br />
<span style="font-family: Courier New, Courier, monospace;"><!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"></span><br />
<span style="font-family: Courier New, Courier, monospace;"><plist version="1.0"></span><br />
<span style="font-family: Courier New, Courier, monospace;"><dict></span><br />
<span style="font-family: Courier New, Courier, monospace;"><span class="Apple-tab-span" style="white-space: pre;"> </span><key>LimitLoadToSessionType</key></span><br />
<span style="font-family: Courier New, Courier, monospace;"><span class="Apple-tab-span" style="white-space: pre;"> </span><string>System</string></span><br />
<span style="font-family: Courier New, Courier, monospace;"><span class="Apple-tab-span" style="white-space: pre;"> </span><key>KeepAlive</key></span><br />
<span style="font-family: Courier New, Courier, monospace;"><span class="Apple-tab-span" style="white-space: pre;"> </span><true/></span><br />
<span style="font-family: Courier New, Courier, monospace;"><span class="Apple-tab-span" style="white-space: pre;"> </span><key>Label</key></span><br />
<span style="font-family: Courier New, Courier, monospace;"><span class="Apple-tab-span" style="white-space: pre;"> </span><string>org.apache.jmeter.server.plist</string></span><br />
<span style="font-family: Courier New, Courier, monospace;"><span class="Apple-tab-span" style="white-space: pre;"> </span><key>Program</key></span><br />
<span style="font-family: Courier New, Courier, monospace;"><span class="Apple-tab-span" style="white-space: pre;"> </span><string>/Applications/JMeter-2.9.app/Contents/Resources/bin/jmeter-server</string></span><br />
<span style="font-family: Courier New, Courier, monospace;"><span class="Apple-tab-span" style="white-space: pre;"> </span><key>WorkingDirectory</key></span><br />
<span style="font-family: Courier New, Courier, monospace;"><span class="Apple-tab-span" style="white-space: pre;"> </span><string>/var/log</string></span><br />
<span style="font-family: Courier New, Courier, monospace;"><span class="Apple-tab-span" style="white-space: pre;"> </span><key>RunAtLoad</key></span><br />
<span style="font-family: Courier New, Courier, monospace;"><span class="Apple-tab-span" style="white-space: pre;"> </span><true/></span><br />
<span style="font-family: Courier New, Courier, monospace;"></dict></span><br />
<span style="font-family: Courier New, Courier, monospace;"></plist></span><br />
<span style="font-family: Courier New, Courier, monospace;"><br /></span>
<span style="font-family: Times, Times New Roman, serif;">Program path is the path to the jmeter-server script. In the example above, I bundled jmeter 2.2 with Jar Bundler into an OSX app, added all jmeter folders to Contents/Resources (bin, lib folders) so I start the jmeter-server from the bundle app on several remote OSX boxes.</span><br />
<span style="font-family: Times, Times New Roman, serif;"><br /></span>
<h3>
<span style="font-family: Times, Times New Roman, serif;">2. Load the plist file in launchctl:</span></h3>
<br />
<span style="font-family: Times, Times New Roman, serif;"><br /></span>
<span style="font-family: Times, Times New Roman, serif;"># sudo launctl load /Library/LaunchAgents/</span>org.apache.jmeter.server.plist<br />
<br />
This should immediately start the jmeter-server with working directory set to /var/log (to get the jmeter-server.log logged in the system log dir)<br />
<br />
<h3>
<span style="font-family: Times, Times New Roman, serif;">3. Register remote jmeter-servers in jMeter</span></h3>
<div>
<span style="font-family: Times, Times New Roman, serif;">To register the jmeter-server instances in your local jMeter program, edit bin/jmeter.properties and edit the property "remote_hosts". Add your remote jmeter-servers by comma-separating the IP adresses. Example:</span></div>
<div>
<span style="font-family: Times, Times New Roman, serif;"><br /></span></div>
<div>
<span style="font-family: Courier New, Courier, monospace;">remote_hosts=127.0.0.1,192.168.17.12</span></div>
<br />Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-8257268696459320708.post-90310146577790664962013-06-13T14:52:00.004-07:002014-06-18T07:48:42.933-07:00Creating OSX FusionDrive with Recovery PartitionToday I received several 2010 model iMacs which were upgraded with an additional 3rd party SSD by an Apple reseller. The reseller created a FusionDrive by using the HDD and the SSD.<br />
<br />
After reception, I recognized that no Recovery Partition was available. The whole disks were occupied by the CoreStorage volume.<br />
<br />
Almost every instruction I found on the web for creating a FusionDrive was without also preserving a Recovery Partition. So I rebuilt the FusionDrive with a working Recovery Partition on my own to be as most compliant to the default stock Apple Fusion Drive configuration you get on a Mac with a preconfigured Fusion Drive. (Original Apple partitioning of a 27" late 2012 iMac Fusion Drive see end of this article).<br />
<br />
<span style="color: red;">Warning: This procedure is deleting your data from the disks! Use on own risk.</span><br />
Note: Take a backup of all your data before proceeding, as all the data will be wiped. I take backups using TimeMachine and by using CarbonCopyCloner.<br />
<br />
Prerequistes:<br />
<br />
<ul>
<li>Install <a href="http://www.bombich.com/" target="_blank">CarbonCopyCloner</a></li>
<li> CarbonCopyCloner clone of your internal HDD to an external USB HDD (we will boot that later). If you receive a warning that no Recovery HD exists on the target USB drive, open the CarbonCopyCloner Windows > Disk Utility > Recovery HD > Select your USB drive and clone the Recovery Partition onto the USB drive.</li>
</ul>
<br />
<u>Did I mention to take a TimeMachine Backup as well? Do that to be on the safe side.</u><br />
<br />
After you made your backups, proceed with this steps:<br />
<br />
1. Boot from your CarbonCopy USB clone by pressing the option (ALT) key during power up (or boot the recovery partition using CMD-R key after power on).<br />
2. Start a Terminal<br />
3. Check your current disk partitions and CoreStorage setup:<br />
<br />
<span style="font-family: Courier New, Courier, monospace;"># sudo diskutil cs list </span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;">CoreStorage logical volume groups (1 found)</span><br />
<br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;">|</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;">+-- Logical Volume Group <span style="color: red;">78E316BB-911C-4456-9128-6925CDC3AE5F</span></span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> =========================================================</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> Name: FusionDrive</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> Status: Online</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> Size: 1127552614400 B (1.1 TB)</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> Free Space: 19023224832 B (19.0 GB)</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> |</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> +-< Physical Volume A3B20C13-4576-4FDF-A40D-F23BAA493C4C</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> | ----------------------------------------------------</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> | Index: 0</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> | Disk: disk0s2</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> | Status: Online</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> | Size: 127691702272 B (127.7 GB)</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> |</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> +-< Physical Volume 2E75ED2E-909F-44AF-A58E-57F94ABAD85C</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> | ----------------------------------------------------</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> | Index: 1</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> | Disk: disk1s2</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> | Status: Online</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> | Size: 999860912128 B (999.9 GB)</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> |</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> +-> Logical Volume Family FE296C1B-9152-42FE-8C6A-40DE18D747FA</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> ----------------------------------------------------------</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> Encryption Status: Unlocked</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> Encryption Type: None</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> Conversion Status: NoConversion</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> Conversion Direction: -none-</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> Has Encrypted Extents: No</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> Fully Secure: No</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> Passphrase Required: No</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> |</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> +-> Logical Volume 2B4753CB-7D8C-4E57-BA81-C643AE84BF4F</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> ---------------------------------------------------</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> Disk: disk2</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> Status: Online</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> Size (Total): 1100000002048 B (1.1 TB)</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> Size (Converted): -none-</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> Revertible: No</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> LV Name: Macintosh HD</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> Volume Name: Macintosh HD</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> Content Hint: Apple_HFS</span><br />
<br />
<br />
4. Note the UUID identifier of the Logical Volume group (marked in red)<br />
5. Split up the existing FusionDrive CoreStorageVolume. If you do not have a CoreStorage volume set up, you can skip this step<br />
<br />
<span style="font-family: Courier New, Courier, monospace;"># sudo diskutil cs delete <YOUR_UUID>, example:</span><br />
<span style="font-family: Courier New, Courier, monospace;"># sudo diskutil cs delete <span style="color: red;">78E316BB-911C-4456-9128-6925CDC3AE5F</span></span><br />
<br />
6. Format the internal HDD using Disk Utility<br />
7. Start CarbonCopyCloner, then open Window > Hard Disk Management. Tab on "Recovery HD", select your internal HDD volume and click on the Create Recovery-HD partition button.<br />
8. Now it is time to create your CoreStorage Logical Volume Group. But in contrast to many instructions on the net, we will not use the whole internal HDD, but only the free partition on the HDD! It is also important to state the SSD drive as the first disk to have optimum speed.<br />
9. Check your current paritioning:<br />
<br />
<span style="font-family: Courier New, Courier, monospace;"># diskutil list</span><br />
<span style="font-family: Courier New, Courier, monospace;">/dev/disk0</span><br />
<span style="font-family: Courier New, Courier, monospace;"> #: TYPE NAME SIZE IDENTIFIER</span><br />
<span style="font-family: Courier New, Courier, monospace;"> 0: GUID_partition_scheme *128.0GB disk0</span><br />
<span style="font-family: Courier New, Courier, monospace;"> 1: EFI 209.7 MB disk0s1</span><br />
<span style="font-family: Courier New, Courier, monospace;"> 2: Apple_HFS Untitled 127.7 GB disk0s2</span><br />
<span style="font-family: Courier New, Courier, monospace;">/dev/disk1</span><br />
<span style="font-family: Courier New, Courier, monospace;"> #: TYPE NAME SIZE IDENTIFIER</span><br />
<span style="font-family: Courier New, Courier, monospace;"> 0: GUID_partition_scheme *1.0 TB disk1</span><br />
<span style="font-family: Courier New, Courier, monospace;"> 1: EFI 209.7 MB disk1s1</span><br />
<span style="font-family: Courier New, Courier, monospace;"> <span style="color: red;"> 2: Apple_HFS hdd 999.2 GB disk1s2</span></span><br />
<span style="font-family: Courier New, Courier, monospace;"> <span style="color: orange;">3: Apple_Boot Recovery HD 784.2 MB disk1s3</span></span><br />
<span style="font-family: Courier New, Courier, monospace;"><br /></span>
<span style="font-family: Courier New, Courier, monospace;">/dev/disk3</span><br />
<span style="font-family: Courier New, Courier, monospace;"> #: TYPE NAME SIZE IDENTIFIER</span><br />
<span style="font-family: Courier New, Courier, monospace;"> 0: Apple_HFS CarbonCopy *998.7GB disk4</span><br />
<br />
The partition disk1s2 is the free partition on the internal disk we will use for the FusionDrive.<br />
The partition disk1s3 is the newly created Recovery Partition.<br />
<br />
10. Create a new CoreStorage Volume. Disk0 in this example is the SSD drive.<br />
<br />
<span style="font-family: Courier New, Courier, monospace;"># sudo diskutil cs create FusionDrive disk0 disk1s2</span><br />
<span style="font-family: Courier New, Courier, monospace;">Password:</span><br />
<span style="font-family: Courier New, Courier, monospace;">Started CoreStorage operation</span><br />
<span style="font-family: Courier New, Courier, monospace;">Unmounting disk0</span><br />
<span style="font-family: Courier New, Courier, monospace;">Repartitioning disk0</span><br />
<span style="font-family: Courier New, Courier, monospace;">Unmounting disk</span><br />
<span style="font-family: Courier New, Courier, monospace;">Creating the partition map</span><br />
<span style="font-family: Courier New, Courier, monospace;">Rediscovering disk0</span><br />
<span style="font-family: Courier New, Courier, monospace;">Adding disk0s2 to Logical Volume Group</span><br />
<span style="font-family: Courier New, Courier, monospace;">Unmounting disk1s2</span><br />
<span style="font-family: Courier New, Courier, monospace;">Touching partition type on disk1s2</span><br />
<span style="font-family: Courier New, Courier, monospace;">Adding disk1s2 to Logical Volume Group</span><br />
<span style="font-family: Courier New, Courier, monospace;">Creating Core Storage Logical Volume Group</span><br />
<span style="font-family: Courier New, Courier, monospace;">Switching disk0s2 to Core Storage</span><br />
<span style="font-family: Courier New, Courier, monospace;">Switching disk1s2 to Core Storage</span><br />
<span style="font-family: Courier New, Courier, monospace;">Waiting for Logical Volume Group to appear</span><br />
<span style="font-family: Courier New, Courier, monospace;">Discovered new Logical Volume Group "71377E10-7126-4E7B-A52D-F96F383F56BA"</span><br />
<span style="font-family: Courier New, Courier, monospace;">Core Storage LVG UUID: <span style="color: red;">71377E10-7126-4E7B-A52D-F96F383F56BA</span></span><br />
<span style="font-family: Courier New, Courier, monospace;">Finished CoreStorage operation</span><br />
<br />
11. Now create the CoreStorage Logical Volume:<br />
Note the LVG UUID printed by the command in step 10 (marked in red) and use that id:<br />
<br />
<span style="font-family: 'Courier New', Courier, monospace;"># </span><span style="background-color: white; color: #333333; font-family: 'Courier New', Courier, monospace; line-height: 19px; text-align: left;">diskutil cs createVolume </span><span style="color: red; font-family: 'Courier New', Courier, monospace;"><YOUR_LVG_UUID></span><span style="background-color: white; color: #333333; font-family: 'Courier New', Courier, monospace; line-height: 19px; text-align: left;"> jhfs+ "Macintosh HD" 100%</span><br />
<span style="background-color: white; color: #333333; font-family: 'Courier New', Courier, monospace; line-height: 19px; text-align: left;"><br /></span>
<span style="background-color: white; color: #333333; line-height: 19px; text-align: left;"><span style="font-family: Times, Times New Roman, serif;">Example:</span></span><br />
<span style="font-family: Courier New, Courier, monospace;"># <span style="background-color: white; color: #333333; line-height: 19px; text-align: left;">diskutil cs createVolume </span><span style="color: red;">71377E10-7126-4E7B-A52D-F96F383F56BA</span><span style="background-color: white; color: #333333; line-height: 19px; text-align: left;"> jhfs+ "Macintosh HD" 100%</span></span><br />
<br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;">Started CoreStorage operation</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;">Waiting for Logical Volume to appear</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;">Formatting file system for Logical Volume</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;">Initialized /dev/rdisk6 as a 1 TB HFS Plus volume with a 90112k journal</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;">Mounting disk</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;">Core Storage LV UUID: 04085D2E-D630-4EED-BED4-B0EFDF6C7834</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;">Core Storage disk: disk6</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;">Finished CoreStorage operation</span><br />
<div>
<br /></div>
<br />
<div style="text-align: left;">
<span style="color: #333333; font-family: inherit;"><span style="line-height: 19px;">11a. Check the CoreStorage setup:</span></span></div>
<div style="text-align: left;">
<span style="color: #333333; font-family: Courier New, Courier, monospace;"><span style="line-height: 19px;"><br /></span></span></div>
<div style="text-align: left;">
<span style="color: #333333; font-family: Courier New, Courier, monospace;"><span style="line-height: 19px;">#diskutil cs list</span></span></div>
<div style="text-align: left;">
</div>
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;">CoreStorage logical volume groups (3 found)</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;">|</span><br />
<br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;">+-- Logical Volume Group 71377E10-7126-4E7B-A52D-F96F383F56BA</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> =========================================================</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> Name: FusionDrive</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> Status: Online</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> Size: 1126902611968 B (1.1 TB)</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> Free Space: 73728 B (73.7 KB)</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> |</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> +-< Physical Volume 4512A812-D998-4A45-AF5E-CB6F8EE4BD2D</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> | ----------------------------------------------------</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> | Index: 0</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> | Disk: disk0s2</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> | Status: Online</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> | Size: 127691702272 B (127.7 GB)</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> |</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> +-< Physical Volume 2344BA4E-2460-4631-B52A-BFFB6DBBA9C7</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> | ----------------------------------------------------</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> | Index: 1</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> | Disk: disk1s2</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> | Status: Online</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> | Size: 999210909696 B (999.2 GB)</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> |</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> +-> Logical Volume Family 6994CC0B-958C-4CF1-A4BF-7B7553478619</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> ----------------------------------------------------------</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> Encryption Status: Unlocked</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> Encryption Type: None</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> Conversion Status: NoConversion</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> Conversion Direction: -none-</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> Has Encrypted Extents: No</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> Fully Secure: No</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> Passphrase Required: No</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> |</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> +-> Logical Volume 04085D2E-D630-4EED-BED4-B0EFDF6C7834</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> ---------------------------------------------------</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> Disk: disk6</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> Status: Online</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> Size (Total): 1118375247872 B (1.1 TB)</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> Size (Converted): -none-</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> Revertible: No</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> LV Name: Macintosh HD</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> Volume Name: Macintosh HD</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> Content Hint: Apple_HFS</span><br />
<br />
12. Start CarbonCopyCloner and clone back the USB boot drive to your newly created FusionDrive (named "Macintosh HD" in step 11).<br />
<div style="text-align: left;">
13. Reboot your system and try to boot the recovery partition by pressing the ALT key during reboot.</div>
<div style="text-align: left;">
14. Reboot your system from the FusionDrive.<br />
<span style="color: #333333;"><span style="line-height: 19px;">15. Enable Trim support, to keep your SSD speed high over time. You can patch the OSX driver yourself, or you use tools like </span></span><a href="http://www.groths.org/trim-enabler/">http://www.groths.org/trim-enabler/</a> or <a href="http://chameleon.alessandroboschini.it/features.php" target="_blank">Chameleon Trim Enabler</a>.<br />
<br />
<br />
<br />
<div style="text-align: -webkit-auto;">
For reference, here is the partition printout of a stock Apple 2012 iMac with original FusionDrive configuration:</div>
<div style="text-align: -webkit-auto;">
</div>
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"># diskutil list</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;">/dev/disk0</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> #: TYPE NAME SIZE IDENTIFIER</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> 0: GUID_partition_scheme *121.3 GB disk0</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> 1: EFI 209.7 MB disk0s1</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> 2: Apple_CoreStorage 121.0 GB disk0s2</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> 3: Apple_Boot Boot OS X 134.2 MB disk0s3</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;">/dev/disk1</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> #: TYPE NAME SIZE IDENTIFIER</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> 0: GUID_partition_scheme *1.0 TB disk1</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> 1: EFI 209.7 MB disk1s1</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> 2: Apple_CoreStorage 999.3 GB disk1s2</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> 3: Apple_Boot Recovery HD 650.0 MB disk1s3</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;">/dev/disk2</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> #: TYPE NAME SIZE IDENTIFIER</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> 0: Apple_HFS Macintosh HD *1.1 TB disk2</span><br />
<br /></div>
<div>
<br /></div>
Unknownnoreply@blogger.com2tag:blogger.com,1999:blog-8257268696459320708.post-82625224293841373472013-02-03T09:42:00.002-08:002013-02-03T09:42:41.099-08:00Android "Framework" a big messI think every serious developer creating apps for IOS and Android was bitten by one of the countless bugs in the Android framework and / or device bugs due to fragmentation.<br />
<br />
It seems Google is not taking this problems serious enough. Over 28.000 open bugs in <a href="http://code.google.com/p/android/issues/list" target="_blank">the Android Bugtracker</a>. Many of them were created years ago and are real show stoppers, but Google is simply not fixing them. It seems to me they fix bugs only if they need the feature for one of the Nexus devices.<br />
<br />
For example the <a href="http://code.google.com/p/android/issues/detail?id=17118" target="_blank">HTTP Live Streaming bug</a>. Opened in May 2011, it is still not fixed. But Google recently set the status of this bug to "Spam". Spam? Tsss.<br />
<br />
<br />
<br />
Unknownnoreply@blogger.com1tag:blogger.com,1999:blog-8257268696459320708.post-14052673833971765422012-12-24T06:59:00.002-08:002014-10-20T02:31:50.442-07:00CentOS6 Disk encryption with remote password entering<br />
<h2 id="Remotepasswordentering" style="background-color: white; font-family: Arial, Verdana, 'Bitstream Vera Sans', Helvetica, sans-serif; font-size: 16px; margin-left: -18px; page-break-after: avoid;">
</h2>
<h2 id="Remotepasswordentering" style="font-size: 16px; margin-left: -18px; page-break-after: avoid;">
Disk Encryption in CentOS6 with remote password entering</h2>
<div>
I played a bit with disk encryption in CentOS6. For this, I checked the "encryption" checkbox in the Anaconda installer during installation, which encrypts at the PV (Physical Volume) partition level. Therefore, all partitions except /boot are encrypted.<br />
Disadvantage is, that you need to enter the decryption password on the local console during boot.<br />
<br />
Inspired by <a href="https://bugzilla.redhat.com/show_bug.cgi?id=524727" target="_blank">RedHat Bug #524727</a> for Fedora, I setup a "Early-SSH" functionality which allows ssh login to the system at the earliest stage (before the decryption password is asked). With this, I'm able to ssh into a freshly started system and enter the decryption pw without local access.<br />
<br />
Early-SSH is a initramfs hook which installs Dropbear SSH server into the initramfs image and starts it at an early stage during boot (before the disks are mounted), so you can perform many things there (Unlock encrypted disks, checking file systems, etc.). The hook gets installed as a Dracut module, therefore it is ensured that every time you update the kernel, the early-SSH module gets installed automatically.<br />
<br />
(As usual, try at your own risk)<br />
<br /></div>
<h2 id="Remotepasswordentering" style="background-color: white; font-family: Arial, Verdana, 'Bitstream Vera Sans', Helvetica, sans-serif; font-size: 16px; margin-left: -18px; page-break-after: avoid;">
Remote password entering (early-SSH)<a class="anchor" href="https://dev.symentis.com/symentis/intern/wiki/SymentisBpLinuxUnixDiskEncryption#Remotepasswordentering" style="border: none; color: #d7d7d7; font-size: 0.8em; text-decoration: none; vertical-align: text-top; visibility: hidden;" title="Link to this section"></a></h2>
<ul style="background-color: white; font-family: Verdana, Arial, 'Bitstream Vera Sans', Helvetica, sans-serif; font-size: 13px;">
<li>Normally you can only continue booting after you entered the decryption password on the local console. </li>
<li>We will add support for early-ssh to be able to enter the decryption pw remotely.</li>
<li>There are some instructions available for Fedora Core and Debian, but not for RHEL/CentOS. So here I explain this feature on CentOS6 (tested on 6.3 x86_64)</li>
<li>See <a class="ext-link" href="https://bugzilla.redhat.com/show_bug.cgi?id=524727" style="border-bottom-color: rgb(187, 187, 187); border-bottom-style: dotted; border-bottom-width: 1px; color: #bb0000; text-decoration: none;"><span class="icon" style="background-image: url(https://dev.symentis.com/symentis/intern/chrome/common/extlink.gif); background-position: 50% 50%; background-repeat: no-repeat no-repeat; padding-left: 12px;"> </span>https://bugzilla.redhat.com/show_bug.cgi?id=524727</a> for details on Fedora.</li>
</ul>
<h3>
<span style="background-color: white; font-family: Arial, Verdana, 'Bitstream Vera Sans', Helvetica, sans-serif;"><span style="font-size: small;">Backup your initrd file</span></span></h3>
<div>
<div>
First, backup your current initrd image file to be able to fall back to it in case something goes wrong:</div>
<div>
<pre class="wiki" style="background-color: #f7f7f7; border: 1px solid rgb(215, 215, 215); margin: 1em 1.75em; overflow: auto; padding: 0.25em;"><span style="font-size: x-small;">cp /boot/initramfs-`uname -r`.img /boot/initramfs-`uname -r`.img_</span></pre>
</div>
<div>
If you need to fall back to the original inited file, simply add an "_" to the Grub line pressing "e" during Grub boot stage.<br />
<br />
<h3>
<span style="text-align: left;"><span style="font-size: small;">Create dracut module</span></span></h3>
</div>
</div>
<span style="background-color: white; font-family: Verdana, Arial, 'Bitstream Vera Sans', Helvetica, sans-serif; font-size: x-small;">Install EPEL repository (for Dropbear)</span><span style="background-color: white; font-family: Verdana, Arial, 'Bitstream Vera Sans', Helvetica, sans-serif; font-size: x-small;"><br /></span><br />
<pre class="wiki" style="background-color: #f7f7f7; border: 1px solid rgb(215, 215, 215); margin: 1em 1.75em; overflow: auto; padding: 0.25em;"><span style="font-size: x-small;">rpm -Uvh http://ftp-stud.hs-esslingen.de/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm</span></pre>
<span style="background-color: white; font-family: Verdana, Arial, 'Bitstream Vera Sans', Helvetica, sans-serif; font-size: x-small;">Install dropbear</span><span style="background-color: white; font-family: Verdana, Arial, 'Bitstream Vera Sans', Helvetica, sans-serif; font-size: x-small;"><br /></span><br />
<pre class="wiki" style="background-color: #f7f7f7; border: 1px solid rgb(215, 215, 215); margin: 1em 1.75em; overflow: auto; padding: 0.25em;"><span style="font-size: x-small;">yum install dropbear</span></pre>
<span style="background-color: white; font-family: Verdana, Arial, 'Bitstream Vera Sans', Helvetica, sans-serif; font-size: x-small;">Install compiler</span><span style="background-color: white; font-family: Verdana, Arial, 'Bitstream Vera Sans', Helvetica, sans-serif; font-size: x-small;"><br /></span><br />
<pre class="wiki" style="background-color: #f7f7f7; border: 1px solid rgb(215, 215, 215); margin: 1em 1.75em; overflow: auto; padding: 0.25em;"><span style="font-size: x-small;">yum install gcc</span></pre>
<ol style="background-color: white; font-family: Verdana, Arial, 'Bitstream Vera Sans', Helvetica, sans-serif;">
</ol>
<span style="background-color: white; font-family: Verdana, Arial, 'Bitstream Vera Sans', Helvetica, sans-serif; font-size: x-small;">Create dracut module</span><br />
<pre class="wiki" style="background-color: #f7f7f7; border: 1px solid rgb(215, 215, 215); margin: 1em 1.75em; overflow: auto; padding: 0.25em;"><span style="font-size: x-small;">cd /usr/share/dracut/modules.d/
mkdir 40earlyssh</span></pre>
<pre class="wiki" style="background-color: #f7f7f7; border: 1px solid rgb(215, 215, 215); margin: 1em 1.75em; overflow: auto; padding: 0.25em;"><span style="font-size: x-small;">cd 40earlyssh</span><span style="font-size: x-small;">
# Generate public/private DSS and RSA host keys for the server.
dropbearkey -t dss -f dropbear_dss_host_key
dropbearkey -t rsa -f dropbear_rsa_host_key
# Create config files
echo 'multi on' > host.conf
echo -en '127.0.0.1\tlocalhost\n::1\tlocalhost\n' > hosts
echo 'root:x:0:0:root:/home/root:/bin/sh' > passwd
echo '/bin/sh' > shells</span></pre>
<h3 style="background-color: white; font-family: Verdana, Arial, 'Bitstream Vera Sans', Helvetica, sans-serif;">
<span style="background-color: white; font-family: Arial, Verdana, 'Bitstream Vera Sans', Helvetica, sans-serif; font-size: small;">Create install file</span></h3>
<h3 id="Createinstall" style="background-color: white; font-family: Arial, Verdana, 'Bitstream Vera Sans', Helvetica, sans-serif; margin-left: -18px; page-break-after: avoid;">
<span style="font-size: small;"><a class="anchor" href="https://dev.symentis.com/symentis/intern/wiki/SymentisBpLinuxUnixDiskEncryption#Createinstall" style="border: none; color: #d7d7d7; text-decoration: none; vertical-align: text-top; visibility: hidden;" title="Link to this section"></a></span></h3>
<ul style="background-color: white;">
<li style="font-family: Verdana, Arial, 'Bitstream Vera Sans', Helvetica, sans-serif; font-size: 13px;">CentOS uses an old Dracut utility (Version 004). Due to this, we must separate check, installkernel and install into separate scripts. But we keep them also together in the "install" script as functions if the upstream vendor switches to a newer Dracut version, later.</li>
<li><span style="font-family: Verdana, Arial, 'Bitstream Vera Sans', Helvetica, sans-serif; font-size: x-small;">If on newer Dracult version (>= 008), this file is named "module-setup.sh"</span></li>
<li><span style="font-family: Verdana, Arial, Bitstream Vera Sans, Helvetica, sans-serif; font-size: x-small;">Updated: 2014-10-20 (pkill and remote-ssh-delete.sh added)</span><pre class="wiki" style="background-color: #f7f7f7; border: 1px solid rgb(215, 215, 215); font-family: Verdana, Arial, 'Bitstream Vera Sans', Helvetica, sans-serif; font-size: 13px; margin: 1em 1.75em; overflow: auto; padding: 0.25em;">vi install
</pre>
<div class="code" style="background-color: #f7f7f7; border: 1px solid rgb(215, 215, 215); margin: 1em 1.75em; overflow: auto; padding: 0.25em;">
<pre style="background-color: #f8f8f8; font-family: Verdana, Arial, 'Bitstream Vera Sans', Helvetica, sans-serif;"><span style="font-size: xx-small;"><span class="c" style="color: #408080; font-style: italic;">#!/bin/bash</span>
<span class="c" style="color: #408080; font-style: italic;"># On newer Dracult versions, this file is named "module-setup.sh".</span></span></pre>
<pre style="background-color: #f8f8f8; font-family: Verdana, Arial, 'Bitstream Vera Sans', Helvetica, sans-serif;"><pre><span class="c" style="color: #408080; font-size: xx-small; font-style: italic;"># These functions are currently ignored by CentOS6 Dracut.</span></pre>
<span style="font-size: xx-small;">
check<span class="o" style="color: #666666;">()</span> <span class="o" style="color: #666666;">{</span>
<span class="c" style="color: #408080; font-style: italic;"># do not add this module by default: return 255
</span> <span class="k" style="color: green; font-weight: bold;">return </span>0
<span class="o" style="color: #666666;">}</span>
depends<span class="o" style="color: #666666;">()</span> <span class="o" style="color: #666666;">{</span>
<span class="k" style="color: green; font-weight: bold;">return </span>0
<span class="o" style="color: #666666;">}</span>
installkernel<span class="o" style="color: #666666;">()</span> <span class="o" style="color: #666666;">{</span>
instmods eth0</span></pre>
<pre style="background-color: #f8f8f8; font-family: Verdana, Arial, 'Bitstream Vera Sans', Helvetica, sans-serif;"><span style="font-size: xx-small;"> instmods vmxnet3 # vmware ethernet driver in this example.
<span class="o" style="color: #666666;">}</span>
<span class="c" style="color: #408080;"># CentOS6 uses an old version of Dracut.Therefore, install() is not called, so we comment the function definition out for now, so statements are always called.</span>
<span class="c" style="color: #408080;">
</span></span></pre>
<pre style="background-color: #f8f8f8; font-family: Verdana, Arial, 'Bitstream Vera Sans', Helvetica, sans-serif;"><span style="font-size: xx-small;"><span class="c" style="color: #408080; font-style: italic;">#install() {
</span> dracut_install -o ip
</span></pre>
<pre style="background-color: #f8f8f8;"><span style="font-size: xx-small;"><span style="font-family: Verdana, Arial, Bitstream Vera Sans, Helvetica, sans-serif;"> </span><span style="color: #45818e; font-family: Verdana, Arial, 'Bitstream Vera Sans', Helvetica, sans-serif;"># Need to use inst_library insead of dracut_install for libnsl as it is a symlink</span><span style="font-family: Verdana, Arial, Bitstream Vera Sans, Helvetica, sans-serif;">
inst_library /usr/lib64/libnsl.so
dracut_install /lib64/libnss_compat.so.2
dracut_install /lib64/libnss_files.so.2
dracut_install /lib64/libnss_dns.so.2
dracut_install -o dropbear
inst_dir </span><span class="s2" style="color: #ba2121; font-family: Verdana, Arial, 'Bitstream Vera Sans', Helvetica, sans-serif;">"/etc/dropbear"</span><span style="font-family: Verdana, Arial, Bitstream Vera Sans, Helvetica, sans-serif;">
inst_simple </span><span class="s2" style="color: #ba2121; font-family: Verdana, Arial, 'Bitstream Vera Sans', Helvetica, sans-serif;">"${moddir}/dropbear_dss_host_key"</span><span style="font-family: Verdana, Arial, Bitstream Vera Sans, Helvetica, sans-serif;"> </span><span class="s2" style="color: #ba2121; font-family: Verdana, Arial, 'Bitstream Vera Sans', Helvetica, sans-serif;">"/etc/dropbear/dropbear_dss_host_key"</span><span style="font-family: Verdana, Arial, Bitstream Vera Sans, Helvetica, sans-serif;">
inst_simple </span><span class="s2" style="color: #ba2121; font-family: Verdana, Arial, 'Bitstream Vera Sans', Helvetica, sans-serif;">"${moddir}/dropbear_rsa_host_key"</span><span style="font-family: Verdana, Arial, Bitstream Vera Sans, Helvetica, sans-serif;"> </span><span class="s2" style="color: #ba2121; font-family: Verdana, Arial, 'Bitstream Vera Sans', Helvetica, sans-serif;">"/etc/dropbear/dropbear_rsa_host_key"</span><span style="font-family: Verdana, Arial, Bitstream Vera Sans, Helvetica, sans-serif;">
inst_dir </span><span class="s2" style="color: #ba2121; font-family: Verdana, Arial, 'Bitstream Vera Sans', Helvetica, sans-serif;">"/home"</span><span style="font-family: Verdana, Arial, Bitstream Vera Sans, Helvetica, sans-serif;">
inst_dir </span><span class="s2" style="color: #ba2121; font-family: Verdana, Arial, 'Bitstream Vera Sans', Helvetica, sans-serif;">"/home/root"</span><span style="font-family: Verdana, Arial, Bitstream Vera Sans, Helvetica, sans-serif;">
inst_dir </span><span class="s2" style="color: #ba2121; font-family: Verdana, Arial, 'Bitstream Vera Sans', Helvetica, sans-serif;">"/home/root/.ssh"</span><span style="font-family: Verdana, Arial, Bitstream Vera Sans, Helvetica, sans-serif;">
inst_simple </span><span class="s2" style="color: #ba2121; font-family: Verdana, Arial, 'Bitstream Vera Sans', Helvetica, sans-serif;">"${moddir}/authorized_keys"</span><span style="font-family: Verdana, Arial, Bitstream Vera Sans, Helvetica, sans-serif;"> </span><span class="s2" style="color: #ba2121; font-family: Verdana, Arial, 'Bitstream Vera Sans', Helvetica, sans-serif;">"/home/root/.ssh/authorized_keys"</span><span style="font-family: Verdana, Arial, Bitstream Vera Sans, Helvetica, sans-serif;">
inst_simple </span><span class="s2" style="color: #ba2121; font-family: Verdana, Arial, 'Bitstream Vera Sans', Helvetica, sans-serif;">"/etc/localtime"</span><span style="font-family: Verdana, Arial, Bitstream Vera Sans, Helvetica, sans-serif;">
inst_simple </span><span class="s2" style="color: #ba2121; font-family: Verdana, Arial, 'Bitstream Vera Sans', Helvetica, sans-serif;">"${moddir}/nsswitch.conf"</span><span style="font-family: Verdana, Arial, Bitstream Vera Sans, Helvetica, sans-serif;"> </span><span class="s2" style="color: #ba2121; font-family: Verdana, Arial, 'Bitstream Vera Sans', Helvetica, sans-serif;">"/etc/nsswitch.conf"</span><span style="font-family: Verdana, Arial, Bitstream Vera Sans, Helvetica, sans-serif;">
inst_simple </span><span class="s2" style="color: #ba2121; font-family: Verdana, Arial, 'Bitstream Vera Sans', Helvetica, sans-serif;">"${moddir}/resolv.conf"</span><span style="font-family: Verdana, Arial, Bitstream Vera Sans, Helvetica, sans-serif;"> </span><span class="s2" style="color: #ba2121; font-family: Verdana, Arial, 'Bitstream Vera Sans', Helvetica, sans-serif;">"/etc/resolv.conf"</span><span style="font-family: Verdana, Arial, Bitstream Vera Sans, Helvetica, sans-serif;">
inst_simple </span><span class="s2" style="color: #ba2121; font-family: Verdana, Arial, 'Bitstream Vera Sans', Helvetica, sans-serif;">"${moddir}/host.conf"</span><span style="font-family: Verdana, Arial, Bitstream Vera Sans, Helvetica, sans-serif;"> </span><span class="s2" style="color: #ba2121; font-family: Verdana, Arial, 'Bitstream Vera Sans', Helvetica, sans-serif;">"/etc/host.conf"</span><span style="font-family: Verdana, Arial, Bitstream Vera Sans, Helvetica, sans-serif;">
inst_simple </span><span class="s2" style="color: #ba2121; font-family: Verdana, Arial, 'Bitstream Vera Sans', Helvetica, sans-serif;">"${moddir}/hosts"</span><span style="font-family: Verdana, Arial, Bitstream Vera Sans, Helvetica, sans-serif;"> </span><span class="s2" style="color: #ba2121; font-family: Verdana, Arial, 'Bitstream Vera Sans', Helvetica, sans-serif;">"/etc/hosts"</span><span style="font-family: Verdana, Arial, Bitstream Vera Sans, Helvetica, sans-serif;">
inst_simple </span><span class="s2" style="color: #ba2121; font-family: Verdana, Arial, 'Bitstream Vera Sans', Helvetica, sans-serif;">"${moddir}/passwd"</span><span style="font-family: Verdana, Arial, Bitstream Vera Sans, Helvetica, sans-serif;"> </span><span class="s2" style="color: #ba2121; font-family: Verdana, Arial, 'Bitstream Vera Sans', Helvetica, sans-serif;">"/etc/passwd"</span><span style="font-family: Verdana, Arial, Bitstream Vera Sans, Helvetica, sans-serif;">
inst_simple </span><span class="s2" style="color: #ba2121; font-family: Verdana, Arial, 'Bitstream Vera Sans', Helvetica, sans-serif;">"${moddir}/shells"</span><span style="font-family: Verdana, Arial, Bitstream Vera Sans, Helvetica, sans-serif;"> </span><span class="s2" style="color: #ba2121; font-family: Verdana, Arial, 'Bitstream Vera Sans', Helvetica, sans-serif;">"/etc/shells"</span><span style="font-family: Verdana, Arial, Bitstream Vera Sans, Helvetica, sans-serif;">
inst_simple </span><span class="s2" style="color: #ba2121; font-family: Verdana, Arial, 'Bitstream Vera Sans', Helvetica, sans-serif;">"${moddir}/local.conf"</span><span style="font-family: Verdana, Arial, Bitstream Vera Sans, Helvetica, sans-serif;"> </span><span class="s2" style="color: #ba2121; font-family: Verdana, Arial, 'Bitstream Vera Sans', Helvetica, sans-serif;">"/etc/modprobe.d/local.conf"</span><span style="font-family: Verdana, Arial, Bitstream Vera Sans, Helvetica, sans-serif;">
inst_hook pre-trigger 01 </span><span class="s2" style="color: #ba2121; font-family: Verdana, Arial, 'Bitstream Vera Sans', Helvetica, sans-serif;">"$moddir/remote-ssh.sh"</span></span></pre>
<pre style="background-color: #f8f8f8;"><span style="font-size: xx-small;"><span style="font-family: Verdana, Arial, Bitstream Vera Sans, Helvetica, sans-serif;"> <span style="font-family: Verdana, Arial, Bitstream Vera Sans, Helvetica, sans-serif;">inst_hook pre-trigger 01 </span><span class="s2" style="color: #ba2121; font-family: Verdana, Arial, 'Bitstream Vera Sans', Helvetica, sans-serif;">"$moddir/remote-ssh-delete.sh"</span>
inst_binary </span><span class="s2" style="color: #ba2121; font-family: Verdana, Arial, 'Bitstream Vera Sans', Helvetica, sans-serif;">"${moddir}/auth"</span><span style="font-family: Verdana, Arial, Bitstream Vera Sans, Helvetica, sans-serif;"> </span><span class="s2" style="color: #ba2121; font-family: Verdana, Arial, 'Bitstream Vera Sans', Helvetica, sans-serif;">"/bin/auth"</span><span style="font-family: Verdana, Arial, Bitstream Vera Sans, Helvetica, sans-serif;">
inst_binary </span><span class="s2" style="color: #ba2121; font-family: Verdana, Arial, 'Bitstream Vera Sans', Helvetica, sans-serif;">"${moddir}/tiocsti"</span><span style="font-family: Verdana, Arial, Bitstream Vera Sans, Helvetica, sans-serif;"> </span><span class="s2" style="color: #ba2121; font-family: Verdana, Arial, 'Bitstream Vera Sans', Helvetica, sans-serif;">"/bin/tiocsti"</span><span style="font-family: Verdana, Arial, Bitstream Vera Sans, Helvetica, sans-serif;">
</span><span class="c" style="color: #408080; font-family: Verdana, Arial, 'Bitstream Vera Sans', Helvetica, sans-serif; font-style: italic;"># Binaries
</span><span style="font-family: Verdana, Arial, Bitstream Vera Sans, Helvetica, sans-serif;"> dracut_install -o ps find lsof grep egrep sed less more cat tac head tail </span><span class="nb" style="color: green; font-family: Verdana, Arial, 'Bitstream Vera Sans', Helvetica, sans-serif;">true false </span><span style="font-family: Verdana, Arial, Bitstream Vera Sans, Helvetica, sans-serif;">mkdir rmdir rm strace touch vi ip ping ping6 traceroute ssh scp pkill
</span><span style="font-family: inherit;"><span class="c" style="color: #408080; font-style: italic;">#</span><span class="c" style="color: #408080;"> </span><span class="c" style="color: #408080;">fsck tools so you can check disks when logged in....</span></span><span style="font-family: Verdana, Arial, Bitstream Vera Sans, Helvetica, sans-serif;">
<span style="color: #45818e;"># </span></span><span class="c" style="color: #408080; font-family: Verdana, Arial, 'Bitstream Vera Sans', Helvetica, sans-serif; font-style: italic;">dracut_install -o fsck fsck.ext2 fsck.ext4 fsck.ext3 fsck.ext4dev fsck.vfat e2fsck
#}</span></span><span class="c" style="color: #408080; font-family: Verdana, Arial, 'Bitstream Vera Sans', Helvetica, sans-serif; font-size: x-small; font-style: italic;">
</span></pre>
</div>
</li>
</ul>
<h3 id="Createcheck" style="background-color: white; font-family: Arial, Verdana, 'Bitstream Vera Sans', Helvetica, sans-serif; font-size: 14px; margin-left: -18px; page-break-after: avoid;">
<br /><a class="anchor" href="https://dev.symentis.com/symentis/intern/wiki/SymentisBpLinuxUnixDiskEncryption#Createcheck" style="border: none; color: #d7d7d7; font-size: 0.8em; text-decoration: none; vertical-align: text-top; visibility: hidden;" title="Link to this section"></a></h3>
<h3>
<span style="background-color: white;">Create check file</span></h3>
<pre class="wiki" style="background-color: #f7f7f7; border: 1px solid rgb(215, 215, 215); font-size: 13px; margin: 1em 1.75em; overflow: auto; padding: 0.25em;">vi check
</pre>
<div class="code" style="background-color: #f7f7f7; border: 1px solid rgb(215, 215, 215); font-family: Verdana, Arial, 'Bitstream Vera Sans', Helvetica, sans-serif; margin: 1em 1.75em; overflow: auto; padding: 0.25em;">
<pre style="background-color: #f8f8f8;"><span style="font-size: x-small;"><span class="c" style="color: #408080; font-style: italic;">#!/bin/sh</span><span class="c" style="color: #408080; font-style: italic;">
</span>
<span class="c" style="color: #408080; font-style: italic;"># add this module by default
</span><span class="nb" style="color: green;">exit </span>0</span></pre>
</div>
<div>
<br /></div>
<h3>
Create installkernel file</h3>
<div>
<br />
You must add the Network kernel module for your network card and place an alias to eth0. Use "ethtool -i eth0" to get the driver name (use your device name if other than eth0)</div>
<pre class="wiki" style="background-color: #f7f7f7; border: 1px solid rgb(215, 215, 215); font-size: 13px; margin: 1em 1.75em; overflow: auto; padding: 0.25em;">vi installkernel
</pre>
<div class="code" style="background-color: #f7f7f7; border: 1px solid rgb(215, 215, 215); font-family: Verdana, Arial, 'Bitstream Vera Sans', Helvetica, sans-serif; margin: 1em 1.75em; overflow: auto; padding: 0.25em;">
<pre style="background-color: #f8f8f8;"><span style="font-size: x-small;"><span class="c" style="color: #408080; font-style: italic;">#!/bin/bash
</span>
<span class="c" style="color: #408080; font-style: italic;"># install kernel module script for older dracut.
# Note: You must add your network module, here.
</span>instmods eth0
instmods vmxnet3</span></pre>
</div>
<h3>
Create local.conf (modprobe) file</h3>
<h3 id="Createlocal.confmodprobe" style="background-color: white; font-family: Arial, Verdana, 'Bitstream Vera Sans', Helvetica, sans-serif; font-size: 14px; margin-left: -18px; page-break-after: avoid;">
<a class="anchor" href="https://dev.symentis.com/symentis/intern/wiki/SymentisBpLinuxUnixDiskEncryption#Createlocal.confmodprobe" style="border: none; color: #d7d7d7; font-size: 0.8em; text-decoration: none; vertical-align: text-top; visibility: hidden;" title="Link to this section"></a></h3>
<pre class="wiki" style="background-color: #f7f7f7; border: 1px solid rgb(215, 215, 215); font-size: 13px; margin: 1em 1.75em; overflow: auto; padding: 0.25em;">vi local.conf
</pre>
<div class="code" style="background-color: #f7f7f7; border: 1px solid rgb(215, 215, 215); font-family: Verdana, Arial, 'Bitstream Vera Sans', Helvetica, sans-serif; margin: 1em 1.75em; overflow: auto; padding: 0.25em;">
<pre style="background-color: #f8f8f8;"><span style="font-size: x-small;"><span class="c" style="color: #408080; font-style: italic;"># /etc/modprobe.d/local.conf
# device to name mapping.
# Call "ethtool -i eth0" to get your driver name
# Note: You MUST add the network module to installkernel file in this dir, also!
</span>
<span class="nb" style="color: green;">alias </span>eth0 vmxnet3</span>
</pre>
</div>
<h3 id="Creatensswitch.conf" style="background-color: white; font-family: Arial, Verdana, 'Bitstream Vera Sans', Helvetica, sans-serif; font-size: 14px; margin-left: -18px; page-break-after: avoid;">
<span style="font-family: Times; font-size: small; font-weight: normal;">Alternatively, you can use the "biosdevname" utility, but I haven't done that.</span></h3>
<h3>
Create nsswitch.conf file</h3>
<h3 id="Creatensswitch.conf" style="background-color: white; font-family: Arial, Verdana, 'Bitstream Vera Sans', Helvetica, sans-serif; font-size: 14px; margin-left: -18px; page-break-after: avoid;">
<a class="anchor" href="https://dev.symentis.com/symentis/intern/wiki/SymentisBpLinuxUnixDiskEncryption#Creatensswitch.conf" style="border: none; color: #d7d7d7; font-size: 0.8em; text-decoration: none; vertical-align: text-top; visibility: hidden;" title="Link to this section"></a></h3>
<pre class="wiki" style="background-color: #f7f7f7; border: 1px solid rgb(215, 215, 215); font-size: 13px; margin: 1em 1.75em; overflow: auto; padding: 0.25em;">vi nsswitch.conf
</pre>
<div class="code" style="background-color: #f7f7f7; border: 1px solid rgb(215, 215, 215); font-family: Verdana, Arial, 'Bitstream Vera Sans', Helvetica, sans-serif; margin: 1em 1.75em; overflow: auto; padding: 0.25em;">
<pre style="background-color: #f8f8f8;"><span style="font-size: x-small;">passwd: files
shadow: files
group: files
initgroups: files
hosts: files dns
bootparams: files
ethers: files
netmasks: files
networks: files
protocols: files
rpc: files
services: files
automount: files
aliases: files</span>
</pre>
</div>
<h3>
Create resolv.conf file</h3>
<h3 id="Createresolv.conf" style="background-color: white; font-family: Arial, Verdana, 'Bitstream Vera Sans', Helvetica, sans-serif; font-size: 14px; margin-left: -18px; page-break-after: avoid;">
<a class="anchor" href="https://dev.symentis.com/symentis/intern/wiki/SymentisBpLinuxUnixDiskEncryption#Createresolv.conf" style="border: none; color: #d7d7d7; font-size: 0.8em; text-decoration: none; vertical-align: text-top; visibility: hidden;" title="Link to this section"></a></h3>
<pre class="wiki" style="background-color: #f7f7f7; border: 1px solid rgb(215, 215, 215); font-size: 13px; margin: 1em 1.75em; overflow: auto; padding: 0.25em;">vi resolv.conf
</pre>
<pre class="wiki" style="background-color: #f7f7f7; border: 1px solid rgb(215, 215, 215); font-size: 13px; margin: 1em 1.75em; overflow: auto; padding: 0.25em;">search example
nameserver 192.168.3.100
nameserver 192.168.3.200
</pre>
<h3>
Create remote-ssh.sh file</h3>
<div>
This script is called during boot. It sets up the IP-Address, default gateway and starts the dropbear ssh daemon.<br />
Note: When the system switches context, the initramfs and all processes are closed, therefore security is not harmed after successful boot. But it is absolutely necessary to keep your ssh private key for early-stage ssh secure!</div>
<h3 id="Createremote-ssh.sh" style="background-color: white; font-family: Arial, Verdana, 'Bitstream Vera Sans', Helvetica, sans-serif; font-size: 14px; margin-left: -18px; page-break-after: avoid;">
<a class="anchor" href="https://dev.symentis.com/symentis/intern/wiki/SymentisBpLinuxUnixDiskEncryption#Createremote-ssh.sh" style="border: none; color: #d7d7d7; font-size: 0.8em; text-decoration: none; vertical-align: text-top; visibility: hidden;" title="Link to this section"></a></h3>
<pre class="wiki" style="background-color: #f7f7f7; border: 1px solid rgb(215, 215, 215); font-size: 13px; margin: 1em 1.75em; overflow: auto; padding: 0.25em;">vi remote-ssh.sh
</pre>
<div class="code" style="background-color: #f7f7f7; border: 1px solid rgb(215, 215, 215); font-family: Verdana, Arial, 'Bitstream Vera Sans', Helvetica, sans-serif; margin: 1em 1.75em; overflow: auto; padding: 0.25em;">
<pre style="background-color: #f8f8f8;"><span class="c" style="color: #408080; font-size: x-small; font-style: italic;">#!/bin/sh
# Setup network card static IP and SSH server on port 222</span></pre>
<pre style="background-color: #f8f8f8;"><span style="font-size: x-small;"><span class="c" style="color: #408080; font-style: italic;"># In this example 192.168.3.10/24 with gateway 192.168.3.1
</span>
/sbin/ip link <span class="nb" style="color: green;">set </span>dev lo up
/sbin/modprobe eth0
/sbin/ip addr add 192.168.3.10/24 broadcast + dev eth0
/sbin/ip link <span class="nb" style="color: green;">set </span>dev eth0 up
/sbin/ip route add default via 192.168.3.1
mkdir -p /var/log
> /var/log/lastlog
/usr/sbin/dropbear -E -m -s -p 222 -a -K 600</span>
</pre>
</div>
<h3>
Create remote-ssh-delete.sh file</h3>
<div>
This script is called on exit of dracut after disk decryption key was entered. It clears the set IP-Address and frees the interface. (added 2014-10-20)</div>
<div>
<pre class="wiki" style="background-color: #f7f7f7; border: 1px solid rgb(215, 215, 215); font-size: 13px; margin: 1em 1.75em; overflow: auto; padding: 0.25em;">vi remote-ssh-delete.sh<span style="font-family: Courier New, Courier, monospace;">
</span></pre>
<div class="code" style="border: 1px solid rgb(215, 215, 215); margin: 1em 1.75em; overflow: auto; padding: 0.25em;">
<pre><div style="font-size: 10px; white-space: normal;">
<span style="background-color: white; font-family: Courier New, Courier, monospace;">#!/bin/sh</span></div>
<div style="font-size: 10px; white-space: normal;">
<span style="background-color: white; font-family: Courier New, Courier, monospace;"># Unsetup network card and kill SSH daemon</span></div>
<div style="font-size: 10px; min-height: 14px; white-space: normal;">
<span style="background-color: white; font-family: Courier New, Courier, monospace;">
</span></div>
<div style="font-size: 10px; white-space: normal;">
<span style="background-color: white; font-family: Courier New, Courier, monospace;">/sbin/ip link set dev lo down</span></div>
<div style="font-size: 10px; white-space: normal;">
<span style="background-color: white; font-family: Courier New, Courier, monospace;">/sbin/ip link set dev eth0 down</span></div>
<div style="font-size: 10px; white-space: normal;">
<span style="background-color: white; font-family: Courier New, Courier, monospace;">/sbin/ip addr delete 192.168.121.3.10/24 broadcast + dev eth0</span></div>
<div style="font-size: 10px; white-space: normal;">
<span style="background-color: white; font-family: Courier New, Courier, monospace;">/sbin/ip route del default via 192.168.3.1</span></div>
<div style="font-size: 10px; min-height: 14px; white-space: normal;">
<span style="background-color: white; font-family: Courier New, Courier, monospace;">
</span></div>
<div style="font-size: 10px; white-space: normal;">
<span style="background-color: white; font-family: Courier New, Courier, monospace;">[ -f /tmp/dropbear.pid ] || exit 0</span></div>
<div style="font-size: 10px; white-space: normal;">
<span style="background-color: white; font-family: Courier New, Courier, monospace;">read main_pid </tmp/dropbear.pid</span></div>
<div style="font-size: 10px; white-space: normal;">
<span style="background-color: white; font-family: Courier New, Courier, monospace;">kill -STOP ${main_pid} 2>/dev/null</span></div>
<div style="font-size: 10px; white-space: normal;">
<span style="background-color: white; font-family: Courier New, Courier, monospace;">pkill -P ${main_pid}</span></div>
<div style="font-size: 10px; white-space: normal;">
<span style="background-color: white; font-family: Courier New, Courier, monospace;">kill ${main_pid} 2>/dev/null</span></div>
<div style="font-size: 10px; white-space: normal;">
<span style="background-color: white; font-family: Courier New, Courier, monospace;">kill -CONT ${main_pid} 2>/dev/null</span></div>
</pre>
<div style="background-color: #f7f7f7; font-family: Verdana, Arial, 'Bitstream Vera Sans', Helvetica, sans-serif;">
<br /></div>
</div>
</div>
<h3>
Create authorized_keys</h3>
<h3 id="Createauthorized_keys" style="background-color: white; font-family: Arial, Verdana, 'Bitstream Vera Sans', Helvetica, sans-serif; font-size: 14px; margin-left: -18px; page-break-after: avoid;">
<a class="anchor" href="https://dev.symentis.com/symentis/intern/wiki/SymentisBpLinuxUnixDiskEncryption#Createauthorized_keys" style="border: none; color: #d7d7d7; font-size: 0.8em; text-decoration: none; vertical-align: text-top; visibility: hidden;" title="Link to this section"></a></h3>
<pre class="wiki" style="background-color: #f7f7f7; border: 1px solid rgb(215, 215, 215); font-size: 13px; margin: 1em 1.75em; overflow: auto; padding: 0.25em;">vi authorized_keys
</pre>
<pre class="wiki" style="background-color: #f7f7f7; border: 1px solid rgb(215, 215, 215); margin: 1em 1.75em; overflow: auto; padding: 0.25em;"><span style="font-size: x-small;"><Add all public ssh keys you want be able to login into this ssh server as you normally do in your regular authorized_keys file for ssh></span></pre>
<h3>
Compile some helper programs</h3>
<h3 id="Compilesomehelperprograms" style="background-color: white; font-family: Arial, Verdana, 'Bitstream Vera Sans', Helvetica, sans-serif; font-size: 14px; margin-left: -18px; page-break-after: avoid;">
<a class="anchor" href="https://dev.symentis.com/symentis/intern/wiki/SymentisBpLinuxUnixDiskEncryption#Compilesomehelperprograms" style="border: none; color: #d7d7d7; font-size: 0.8em; text-decoration: none; vertical-align: text-top; visibility: hidden;" title="Link to this section"></a></h3>
<h4>
auth</h4>
<h4 id="auth" style="background-color: white; font-family: Arial, Verdana, 'Bitstream Vera Sans', Helvetica, sans-serif; font-size: 13px; page-break-after: avoid;">
<a class="anchor" href="https://dev.symentis.com/symentis/intern/wiki/SymentisBpLinuxUnixDiskEncryption#auth" style="border: none; color: #d7d7d7; font-size: 0.8em; text-decoration: none; vertical-align: text-top; visibility: hidden;" title="Link to this section"></a></h4>
<pre class="wiki" style="background-color: #f7f7f7; border: 1px solid rgb(215, 215, 215); font-size: 13px; margin: 1em 1.75em; overflow: auto; padding: 0.25em;">vi auth.c
</pre>
<div class="code" style="background-color: #f7f7f7; border: 1px solid rgb(215, 215, 215); font-family: Verdana, Arial, 'Bitstream Vera Sans', Helvetica, sans-serif; margin: 1em 1.75em; overflow: auto; padding: 0.25em;">
<pre style="background-color: #f8f8f8;"><span style="font-size: x-small;"><span class="cp" style="color: #bc7a00;">#include <sys/ioctl.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <fcntl.h>
#include <stdio.h>
#include <termios.h>
#include <unistd.h>
#include <string.h>
</span>
<span class="kt" style="color: #b00040;">int</span> <span class="nf" style="color: blue;">main</span> <span class="p">(</span><span class="kt" style="color: #b00040;">int</span> argc<span class="p">,</span> <span class="k" style="color: green; font-weight: bold;">const</span> <span class="kt" style="color: #b00040;">char</span> <span class="o" style="color: #666666;">*</span> argv<span class="p">[])</span> <span class="p">{</span>
<span class="kt" style="color: #b00040;">char</span> <span class="o" style="color: #666666;">*</span>passphrase<span class="p">;</span>
<span class="k" style="color: green; font-weight: bold;">const</span> <span class="kt" style="color: #b00040;">char</span> <span class="o" style="color: #666666;">*</span>prompt<span class="o" style="color: #666666;">=</span><span class="s" style="color: #ba2121;">"Passphrase: "</span><span class="p">;</span>
<span class="kt" style="color: #b00040;">int</span> i<span class="p">;</span>
<span class="k" style="color: green; font-weight: bold;">if</span> <span class="p">(</span>argc <span class="o" style="color: #666666;">!=</span> <span class="mi" style="color: #666666;">2</span><span class="p">)</span> <span class="p">{</span>
printf<span class="p">(</span><span class="s" style="color: #ba2121;">"Usage: auth 'passwd'</span><span class="se" style="color: #bb6622; font-weight: bold;">\n</span><span class="s" style="color: #ba2121;">"</span><span class="p">);</span>
<span class="k" style="color: green; font-weight: bold;">return</span> <span class="mi" style="color: #666666;">1</span><span class="p">;</span>
<span class="p">}</span>
<span class="kt" style="color: #b00040;">int</span> fd <span class="o" style="color: #666666;">=</span> open<span class="p">(</span><span class="s" style="color: #ba2121;">"/dev/console"</span><span class="p">,</span> O_RDONLY<span class="p">);</span>
<span class="k" style="color: green; font-weight: bold;">if</span> <span class="p">(</span>fd <span class="o" style="color: #666666;"><</span> <span class="mi" style="color: #666666;">0</span><span class="p">)</span> <span class="p">{</span>
<span class="k" style="color: green; font-weight: bold;">return</span> <span class="mi" style="color: #666666;">2</span><span class="p">;</span>
<span class="p">}</span>
passphrase<span class="o" style="color: #666666;">=</span>getpass<span class="p">(</span>prompt<span class="p">);</span>
<span class="k" style="color: green; font-weight: bold;">for</span> <span class="p">(</span><span class="k" style="color: green; font-weight: bold;">const</span> <span class="kt" style="color: #b00040;">char</span> <span class="o" style="color: #666666;">*</span> str <span class="o" style="color: #666666;">=</span> passphrase<span class="p">;</span> <span class="o" style="color: #666666;">*</span>str<span class="p">;</span> <span class="o" style="color: #666666;">++</span>str<span class="p">){</span>
ioctl<span class="p">(</span>fd<span class="p">,</span> TIOCSTI<span class="p">,</span> str<span class="p">);</span>
<span class="p">}</span>
ioctl<span class="p">(</span>fd<span class="p">,</span> TIOCSTI<span class="p">,</span> <span class="s" style="color: #ba2121;">"</span><span class="se" style="color: #bb6622; font-weight: bold;">\r</span><span class="s" style="color: #ba2121;">"</span><span class="p">);</span>
</span></pre>
<pre style="background-color: #f8f8f8;"><span style="font-size: x-small;"> // clear string immediately
<span class="kt" style="color: #b00040;">int</span> len<span class="o" style="color: #666666;">=</span>strlen<span class="p">(</span>passphrase<span class="p">);</span>
<span class="k" style="color: green; font-weight: bold;">for</span> <span class="p">(</span>i<span class="o" style="color: #666666;">=</span><span class="mi" style="color: #666666;">0</span><span class="p">;</span>i<span class="o" style="color: #666666;"><</span>len<span class="p">;</span>i<span class="o" style="color: #666666;">++</span><span class="p">)</span> <span class="p">{</span>
passphrase<span class="p">[</span>i<span class="p">]</span><span class="o" style="color: #666666;">=</span><span class="mi" style="color: #666666;">0</span><span class="p">;</span>
<span class="p">};</span>
<span class="k" style="color: green; font-weight: bold;">return</span> <span class="mi" style="color: #666666;">0</span><span class="p">;</span>
<span class="p">}</span>
</span></pre>
</div>
<h4>
tiocsti</h4>
<h4 id="tiocsti" style="background-color: white; font-family: Arial, Verdana, 'Bitstream Vera Sans', Helvetica, sans-serif; font-size: 13px; page-break-after: avoid;">
<a class="anchor" href="https://dev.symentis.com/symentis/intern/wiki/SymentisBpLinuxUnixDiskEncryption#tiocsti" style="border: none; color: #d7d7d7; font-size: 0.8em; text-decoration: none; vertical-align: text-top; visibility: hidden;" title="Link to this section"></a></h4>
<pre class="wiki" style="background-color: #f7f7f7; border: 1px solid rgb(215, 215, 215); font-size: 13px; margin: 1em 1.75em; overflow: auto; padding: 0.25em;">vi tiocsti.c
</pre>
<div class="code" style="background-color: #f7f7f7; border: 1px solid rgb(215, 215, 215); font-family: Verdana, Arial, 'Bitstream Vera Sans', Helvetica, sans-serif; margin: 1em 1.75em; overflow: auto; padding: 0.25em;">
<pre style="background-color: #f8f8f8;"><span style="font-size: x-small;"><span class="c" style="color: #408080; font-style: italic;">// gcc -std=gnu99 -O2 -Wall tiocsti.c -o tiocsti
</span><span class="cp" style="color: #bc7a00;">#include <sys/ioctl.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <fcntl.h>
#include <stdio.h>
#include <termios.h>
#include <unistd.h>
</span>
<span class="kt" style="color: #b00040;">void</span> <span class="nf" style="color: blue;">stuff</span><span class="p">(</span><span class="kt" style="color: #b00040;">int</span> fd<span class="p">,</span> <span class="k" style="color: green; font-weight: bold;">const</span> <span class="kt" style="color: #b00040;">char</span> <span class="o" style="color: #666666;">*</span> str<span class="p">)</span> <span class="p">{</span>
printf<span class="p">(</span><span class="s" style="color: #ba2121;">"stuff [%s]</span><span class="se" style="color: #bb6622; font-weight: bold;">\n</span><span class="s" style="color: #ba2121;">"</span><span class="p">,</span> str<span class="p">);</span>
<span class="k" style="color: green; font-weight: bold;">for</span> <span class="p">(;</span> <span class="o" style="color: #666666;">*</span>str<span class="p">;</span> <span class="o" style="color: #666666;">++</span>str<span class="p">)</span> <span class="p">{</span>
<span class="c" style="color: #408080; font-style: italic;">// printf("(%c)", *str);
</span> <span class="kt" style="color: #b00040;">int</span> rv <span class="o" style="color: #666666;">=</span> ioctl<span class="p">(</span>fd<span class="p">,</span> TIOCSTI<span class="p">,</span> str<span class="p">);</span>
<span class="k" style="color: green; font-weight: bold;">if</span> <span class="p">(</span>rv <span class="o" style="color: #666666;"><</span> <span class="mi" style="color: #666666;">0</span><span class="p">)</span> perror<span class="p">(</span><span class="s" style="color: #ba2121;">"ioctl(TIOCSTI)"</span><span class="p">);</span>
<span class="p">}</span>
<span class="p">}</span>
<span class="kt" style="color: #b00040;">int</span> <span class="nf" style="color: blue;">main</span> <span class="p">(</span><span class="kt" style="color: #b00040;">int</span> argc<span class="p">,</span> <span class="k" style="color: green; font-weight: bold;">const</span> <span class="kt" style="color: #b00040;">char</span> <span class="o" style="color: #666666;">*</span> argv<span class="p">[])</span> <span class="p">{</span>
<span class="k" style="color: green; font-weight: bold;">if</span> <span class="p">(</span>argc <span class="o" style="color: #666666;"><</span> <span class="mi" style="color: #666666;">3</span><span class="p">)</span> <span class="p">{</span>
printf<span class="p">(</span><span class="s" style="color: #ba2121;">"Usage: tiocsti /dev/ttyX text string</span><span class="se" style="color: #bb6622; font-weight: bold;">\n</span><span class="s" style="color: #ba2121;">"</span><span class="p">);</span>
<span class="k" style="color: green; font-weight: bold;">return</span> <span class="mi" style="color: #666666;">1</span><span class="p">;</span>
<span class="p">}</span>
<span class="kt" style="color: #b00040;">int</span> fd <span class="o" style="color: #666666;">=</span> open<span class="p">(</span>argv<span class="p">[</span><span class="mi" style="color: #666666;">1</span><span class="p">],</span> O_RDONLY<span class="p">);</span>
<span class="k" style="color: green; font-weight: bold;">if</span> <span class="p">(</span>fd <span class="o" style="color: #666666;"><</span> <span class="mi" style="color: #666666;">0</span><span class="p">)</span> <span class="p">{</span>
perror<span class="p">(</span><span class="s" style="color: #ba2121;">"open"</span><span class="p">);</span>
<span class="k" style="color: green; font-weight: bold;">return</span> <span class="mi" style="color: #666666;">2</span><span class="p">;</span>
<span class="p">}</span>
<span class="k" style="color: green; font-weight: bold;">for</span> <span class="p">(</span><span class="kt" style="color: #b00040;">int</span> i <span class="o" style="color: #666666;">=</span> <span class="mi" style="color: #666666;">2</span><span class="p">;</span> i <span class="o" style="color: #666666;"><</span> argc<span class="p">;</span> <span class="o" style="color: #666666;">++</span>i<span class="p">)</span> <span class="p">{</span>
<span class="k" style="color: green; font-weight: bold;">if</span> <span class="p">(</span>i <span class="o" style="color: #666666;">!=</span> <span class="mi" style="color: #666666;">2</span><span class="p">)</span> stuff<span class="p">(</span>fd<span class="p">,</span> <span class="s" style="color: #ba2121;">" "</span><span class="p">);</span>
stuff<span class="p">(</span>fd<span class="p">,</span> argv<span class="p">[</span>i<span class="p">]);</span>
<span class="p">}</span>
close<span class="p">(</span>fd<span class="p">);</span>
<span class="k" style="color: green; font-weight: bold;">return</span> <span class="mi" style="color: #666666;">0</span><span class="p">;</span>
<span class="p">}</span></span>
</pre>
</div>
<h3>
Compile helper programs</h3>
<h3 id="Compilehelperprograms" style="background-color: white; font-family: Arial, Verdana, 'Bitstream Vera Sans', Helvetica, sans-serif; font-size: 14px; margin-left: -18px; page-break-after: avoid;">
<a class="anchor" href="https://dev.symentis.com/symentis/intern/wiki/SymentisBpLinuxUnixDiskEncryption#Compilehelperprograms" style="border: none; color: #d7d7d7; font-size: 0.8em; text-decoration: none; vertical-align: text-top; visibility: hidden;" title="Link to this section"></a></h3>
<pre class="wiki" style="background-color: #f7f7f7; border: 1px solid rgb(215, 215, 215); font-size: 13px; margin: 1em 1.75em; overflow: auto; padding: 0.25em;">gcc -std=gnu99 -O2 -Wall tiocsti.c -o tiocsti
gcc -std=gnu99 -O2 -Wall auth.c -o auth
</pre>
<pre class="wiki" style="background-color: #f7f7f7; border: 1px solid rgb(215, 215, 215); font-size: 13px; margin: 1em 1.75em; overflow: auto; padding: 0.25em;"></pre>
<h3>
Fix permissions</h3>
<div>
You need to ensure the permissions of the files are correct, otherwise dropbear and the helper files are not included in the initramfs (Thanks to Ben Curtis):</div>
<div>
<br />
<br />
<pre style="background-color: #f8f8f8;"><span style="color: #222222; font-family: 'Courier New', Courier, monospace; font-size: x-small; line-height: 16px; white-space: normal;">chmod 755 check install installkernel remote-ssh.sh</span>
<span style="color: #222222; font-family: 'Courier New', Courier, monospace; font-size: x-small; line-height: 16px; white-space: normal;">chmod 600 authorized_keys</span></pre>
</div>
<h3>
Build new initramfs</h3>
<div style="background-color: white; font-size: 13px;">
<div style="font-family: Verdana, Arial, 'Bitstream Vera Sans', Helvetica, sans-serif;">
<tt></tt>So you end up with the following files in /usr/share/dracut/modules.d/40earlyssh:</div>
<pre class="wiki" style="background-color: #f7f7f7; border: 1px solid rgb(215, 215, 215); margin: 1em 1.75em; overflow: auto; padding: 0.25em;"><span style="white-space: normal;"><span style="font-family: Verdana, Arial, Bitstream Vera Sans, Helvetica, sans-serif;">
auth</span></span><span style="font-family: Verdana, Arial, 'Bitstream Vera Sans', Helvetica, sans-serif; white-space: normal;">auth.c
authorized_keys
check
dropbear_dss_host_key
dropbear_rsa_host_key
host.conf
hosts
install
installkernel
local.conf
nsswitch.conf
passwd
README
remote-ssh.sh
resolv.conf
shells
tiocsti
tiocsti.c</span></pre>
<div style="font-family: Verdana, Arial, 'Bitstream Vera Sans', Helvetica, sans-serif;">
Create new initrd image:</div>
<pre class="wiki" style="background-color: #f7f7f7; border: 1px solid rgb(215, 215, 215); font-family: Verdana, Arial, 'Bitstream Vera Sans', Helvetica, sans-serif; margin: 1em 1.75em; overflow: auto; padding: 0.25em;"><tt><span style="background-color: white; white-space: normal;">dracut --force</span></tt></pre>
</div>
<h3>
Reboot, test</h3>
<h3 id="reboottest" style="background-color: white; font-family: Arial, Verdana, 'Bitstream Vera Sans', Helvetica, sans-serif; font-size: 14px; margin-left: -18px; page-break-after: avoid;">
<a class="anchor" href="https://dev.symentis.com/symentis/intern/wiki/SymentisBpLinuxUnixDiskEncryption#reboottest" style="border: none; color: #d7d7d7; font-size: 0.8em; text-decoration: none; vertical-align: text-top; visibility: hidden;" title="Link to this section"></a></h3>
<ul style="background-color: white; font-family: Verdana, Arial, 'Bitstream Vera Sans', Helvetica, sans-serif; font-size: 13px;">
<li>Now reboot. </li>
<li>Once the machine is booted and at it's waiting for the password, it should be pingable from the network.</li>
<li>Login remotely:</li>
</ul>
<div style="background-color: white; font-family: Verdana, Arial, 'Bitstream Vera Sans', Helvetica, sans-serif; font-size: 13px;">
<pre class="wiki" style="background-color: #f7f7f7; border: 1px solid rgb(215, 215, 215); margin: 1em 1.75em; overflow: auto; padding: 0.25em;"><span style="background-color: white; white-space: normal;">ssh -p 222 root@<machine_name_or_its_ip></span></pre>
</div>
<ul style="background-color: white; font-family: Verdana, Arial, 'Bitstream Vera Sans', Helvetica, sans-serif; font-size: 13px;">
<li>Enter the preboot password:</li>
</ul>
<pre class="wiki" style="background-color: #f7f7f7; border: 1px solid rgb(215, 215, 215); font-size: 13px; margin: 1em 1.75em; overflow: auto; padding: 0.25em;">tiocsti /dev/console "$(echo -n '<your_decryption_password>\r')"</pre>
<pre class="wiki" style="background-color: #f7f7f7; border: 1px solid rgb(215, 215, 215); font-size: 13px; margin: 1em 1.75em; overflow: auto; padding: 0.25em;"># example: tiocsti /dev/console "$(echo -n 'verySecurePw!\r')"
</pre>
Unknownnoreply@blogger.com47tag:blogger.com,1999:blog-8257268696459320708.post-77088023546706096672012-11-29T12:59:00.002-08:002012-11-29T12:59:32.981-08:00Repairing HP 8180 All-In-One printerA friend of mine called me yesterday.<br />
<div>
His <span style="font-family: Helvetica;">HP Model C8180 Photosmart All-In-One Printer/Scanner/Copier</span><span style="font-family: Helvetica;"> </span> was faulty and rebooted all the time after switching it on. See <a href="http://www.youtube.com/watch?v=cwlfwDUQkgY" target="_blank">this video</a> with exactly the same fault.<br />
<div>
<br /></div>
<div>
It seems this was hit by crapy electrolytic capacitors (aka <a href="http://en.wikipedia.org/wiki/Capacitor_plague" target="_blank">capacitor plague</a>).<br />
So I removed the logic board and saw the defect immediately.</div>
<div>
3 caps were defect and the other one was suspect. Therefore I replaced all of them with better ones (one voltage level higher).</div>
<div>
<br /></div>
<div>
<span style="font-family: Helvetica;">Parts: </span></div>
<div>
<div>
<span style="font-family: Helvetica;">C614 and C662 (680uF at </span><span style="font-family: Helvetica;">6.3V, replace them with 680uF/10V)</span></div>
</div>
<div>
<span style="font-family: Helvetica;">C613 and C660 (330uF at 10V, replace them with 330uF/16V) </span></div>
<div>
<br /></div>
<div>
<span style="font-family: Helvetica;">Cost: Under $2. (Good chance that shipping cost will be higher than the parts cost)</span></div>
<div>
<span style="font-family: Helvetica;"><br /></span></div>
<div>
<span style="font-family: Helvetica;">Here are some pics:</span><br />
<span style="font-family: Helvetica;"><br /></span>
<span style="font-family: Helvetica;"><br /></span></div>
<div>
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhPAXGN8O2jNDHnzhEBG8njpt3DNSJ1dkblkd6CJz_V12Z0qByiGiXUjjVV_UCYiZ-tL16sOjDi9h308P5sU9oYdjB6i1X6JRUUO_zFmuKmpRUw5nZhS5bganKHcwccObOIX8vTTddrqao/s1600/IMG_0417.jpg" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" height="240" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhPAXGN8O2jNDHnzhEBG8njpt3DNSJ1dkblkd6CJz_V12Z0qByiGiXUjjVV_UCYiZ-tL16sOjDi9h308P5sU9oYdjB6i1X6JRUUO_zFmuKmpRUw5nZhS5bganKHcwccObOIX8vTTddrqao/s320/IMG_0417.jpg" width="320" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;"><span style="font-family: Helvetica; font-size: small; text-align: -webkit-auto;">Remove 2 screws on the right upper front</span></td></tr>
</tbody></table>
</div>
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhz0iGpS1mCsC36aOv5N25X0U5Ofe5EO1MwLSfxw_qvwXrJfDEEvVQNIzC52JSLA6U1SNODgrCqCKwy5bw3svJfhsJfu7CRK905aLBR8lHupUJaVIDXznZqnvkQ-IJ0zv0zRh460ppGhi0/s1600/IMG_0418.jpg" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" height="240" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhz0iGpS1mCsC36aOv5N25X0U5Ofe5EO1MwLSfxw_qvwXrJfDEEvVQNIzC52JSLA6U1SNODgrCqCKwy5bw3svJfhsJfu7CRK905aLBR8lHupUJaVIDXznZqnvkQ-IJ0zv0zRh460ppGhi0/s320/IMG_0418.jpg" width="320" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">Remove 1 screw on the rear right. Afterwards, remove the 2 covers.</td></tr>
</tbody></table>
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgddfDB9RTHhtSWkOCJXmCaaTuKVyV7ZscYbIGOkkbGFcj-Rw-29Hp7SROhK9Y9pY6c4KmFp-tV-wXanB9n1K_jYtlUaU88cr1IshCeKrYj2DsLqIWTsY4wXJ65BTQT21cNrg9vZkJBPRY/s1600/IMG_0410.JPG" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" height="240" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgddfDB9RTHhtSWkOCJXmCaaTuKVyV7ZscYbIGOkkbGFcj-Rw-29Hp7SROhK9Y9pY6c4KmFp-tV-wXanB9n1K_jYtlUaU88cr1IshCeKrYj2DsLqIWTsY4wXJ65BTQT21cNrg9vZkJBPRY/s320/IMG_0410.JPG" width="320" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">Now you see the logic board.</td></tr>
</tbody></table>
<div>
<br />
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhp_TlM8aFkB8lq_NDboagyH8lJgaNQrWctvPo2QfWt0ru5LJIRsN48MxqQO2wrKhZQRB4lQurGIV9QcaBdUqPtfljwsyUrdo3FIrmJSU3egKk4zzt_TPc6Go2m9Am_CKMOVYDLpB0FrQs/s1600/IMG_0413.JPG" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" height="240" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhp_TlM8aFkB8lq_NDboagyH8lJgaNQrWctvPo2QfWt0ru5LJIRsN48MxqQO2wrKhZQRB4lQurGIV9QcaBdUqPtfljwsyUrdo3FIrmJSU3egKk4zzt_TPc6Go2m9Am_CKMOVYDLpB0FrQs/s320/IMG_0413.JPG" width="320" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">It might be a good idea to take some photos of the cabling now.<br />You need to remove 12 connectors.</td></tr>
</tbody></table>
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: left;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjfUt-SY6UO_hARsQl5v0ywWxo7I8lKikq8s-F2tRWzmO2fBJaXsLBJSjc0OLQcvGQRpXKIejAulpFVYdaKnA-IY3Znuq-oTecIAHJR5H24YCs9yvRz9YlmqPcf5xXdVJKqzgujV9OZ7zo/s1600/IMG_0416.jpg" imageanchor="1" style="clear: left; margin-bottom: 1em; margin-left: auto; margin-right: auto;"><img border="0" height="240" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjfUt-SY6UO_hARsQl5v0ywWxo7I8lKikq8s-F2tRWzmO2fBJaXsLBJSjc0OLQcvGQRpXKIejAulpFVYdaKnA-IY3Znuq-oTecIAHJR5H24YCs9yvRz9YlmqPcf5xXdVJKqzgujV9OZ7zo/s320/IMG_0416.jpg" width="320" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">Unscrew the logic board (4 screws) and take it out. </td></tr>
</tbody></table>
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh2rh8xZyW6FiF-jr0Iw8uG_-9IW3mu66nf24i3LayjQbHzbC5Yd-yANY3obm_4xi5T_-quC4l_WV9gV9Xg9dIOhwZ6ylW9rajAH7GiU_52LpBrDedkt5B8yjbo1F4ZjvpHjQ0D-WEiXik/s1600/IMG_0415.jpg" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" height="240" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh2rh8xZyW6FiF-jr0Iw8uG_-9IW3mu66nf24i3LayjQbHzbC5Yd-yANY3obm_4xi5T_-quC4l_WV9gV9Xg9dIOhwZ6ylW9rajAH7GiU_52LpBrDedkt5B8yjbo1F4ZjvpHjQ0D-WEiXik/s320/IMG_0415.jpg" width="320" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">There we have it. Look at the 4 capacitors. <br />If the vents are open or dried, they need to be replaced.</td></tr>
</tbody></table>
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjrLQLITblEKFoNy-zTfM3FwZMlxvzfa8ugQO5DztKXHjJ-Qfj51rEk0DFrfyaC3VdGFLZ2lyAZmfQnsD2z7mkpEww81RZdlr4rentEJHHjfb97ESM4IoiSILhjTPjipUxEewL2i4eQsVw/s1600/IMG_0414.jpg" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" height="240" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjrLQLITblEKFoNy-zTfM3FwZMlxvzfa8ugQO5DztKXHjJ-Qfj51rEk0DFrfyaC3VdGFLZ2lyAZmfQnsD2z7mkpEww81RZdlr4rentEJHHjfb97ESM4IoiSILhjTPjipUxEewL2i4eQsVw/s320/IMG_0414.jpg" width="320" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">There we see that 3 are defect and one also does not look promising.<br />Unsolder all of them. Watch out the polarity of the new ones.<br />If you insert it the wrong way, you get a nice firecracker..<br />After you replaced them, reconnect the connectors and reinstall the board.<br />Then test your printer.</td></tr>
</tbody></table>
<br />
<br />
<br /></div>
</div>
Unknownnoreply@blogger.com13tag:blogger.com,1999:blog-8257268696459320708.post-40773797883724896002012-11-23T01:59:00.004-08:002012-11-23T02:00:54.920-08:00Good bye Eclipse, Hello Idea!Used Eclipse since IBM contributed the first version in several flavors: First pure Eclipse, then MyEclipse and the last years SpringSource STS.<br />
Projects went bigger and migrated from Ant to Maven to Gradle. The last projects were 100% Grails.<br />
<br />
Grails development itself is great. Fast, nice and ... fast. <br />
But Eclipse went worse and worse with every new revision released. Spring Plugin had to be disabled as working was impossible with it. Using Eclipse at the end was a pain.<br />
<br />
Due to this, a few weeks ago I tried IntelliJ IDEA 11.<br />
And what could I say? It is great. Fast, feature rich and supports things I didn't ever think about.<br />
<br />
Small example: Resource bundles.<br />
You see miss-spelled rb key names in all files using them. All files? Yes! Java, Groovy, JSF, JSP, etc.<br />
You also see unused rb keys in the rb files!<br />
<br />
Debugging is much better than in Eclipse. Javascript debugging is simply great.<br />
Spring support? Bean validation, Spring Webflow charts, etc. work (I didn't notice and speed reduction while using it)<br />
<br />
Groovy? Much better than current Eclipse plugin.<br />
Gradle? Great as well! Including validation, which is missing in Eclipse.<br />
<br />
Code completion works like a charm, even in Groovy and Gradle build files.<br />
<br />
Eclipse is years behind.<br />
<br />
Ok, it is not free of charge. Personal license is $199 and Commercial license start at $499.<br />
This means for me, it will take only days until I got this amount back, as I'm so much faster in developing now.<br />
<br />
<br />Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-8257268696459320708.post-20620841262409177262012-11-14T04:32:00.001-08:002012-11-14T04:33:42.523-08:00Creating an Apple-Fusion like drive on your ownIf you have a SSD drive, you can create your own Fusion like drive<br />
<br />
See here: <a href="http://jollyjinx.tumblr.com/post/34638496292/fusion-drive-on-older-macs-yes-since-apple-has" target="_blank">fusion-drive-on-older-macs</a><br />
<br />Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-8257268696459320708.post-29313721276680000192012-03-30T02:59:00.002-07:002012-03-30T02:59:41.466-07:00Using Postfix SASL Mail Relay in CentOS6One day I setup a new CentOS6 machine with Postfix mail relay with SASL auth to a provider.<br />
<br />
At the start, I received lots of "no worthy mechs" errors in the mail log.<br />
<br />
Reason: you must install paket "cyrus-sasl-plain" for it.<br />
<br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;">yum install cyrus-sasl-plain</span><br />
<br />
Here is an example postfix config excerpt:<br />
<br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"># enable SASL-AUTH</span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;">smtp_sasl_auth_enable = yes</span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"># Sasl Users/passwords in this file.</span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"># NOTE: you must compile the file on every change with "postmap smtp_auth"</span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;">smtp_sasl_password_maps = hash:/etc/postfix/smtp_auth</span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"># never use anonymous login</span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;">smtp_sasl_security_options = noanonymous</span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"># relayhost with SASL-AUTH</span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;">relayhost = <your_providers_mail_relay_server_name></span><br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;"><br /></span><br />
<span class="Apple-style-span" style="font-family: Times, 'Times New Roman', serif;">The smtp_auth file contains the mail-relay-hostname, account and password:</span><br />
<br />
<br />
<span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace;">relayhost.your-provider.example example-user:example-password</span>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-8257268696459320708.post-34530122472776155232011-12-22T02:33:00.000-08:002011-12-22T02:41:08.605-08:00Tomcat7 on CentOS5 - the right wayI found many guides regarding Tomcat7 on CentOS 5, but none of them seemed to fit my needs:<br />
- Run tomcat as non-root user for security reasons<br />
- Using official tar.gz file from tomcat.apache.org<br />
- Proper handling of PID files<br />
- No need to modify any of the original Apache-Tomcat scripts<br />
- Save stop of tomcat, even when application shutdown prevents it.<br />
<br />
Therefore I've installed tomcat7 myself.<br />
<br />
Here we go:<br />
<br />
<b>1. Download apache-tomcat-7.0.23.tar.gz </b><br />
<span class="Apple-style-span" style="border-collapse: collapse; font-family: Arial, 'Liberation Sans', 'DejaVu Sans', sans-serif; font-size: 14px; line-height: 18px;"></span><br />
<pre style="background-attachment: initial; background-clip: initial; background-color: #eeeeee; background-image: initial; background-origin: initial; border-bottom-width: 0px; border-color: initial; border-left-width: 0px; border-right-width: 0px; border-style: initial; border-top-width: 0px; font-family: Consolas, Menlo, Monaco, 'Lucida Console', 'Liberation Mono', 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Courier New', monospace, serif; font-size: 14px; margin-bottom: 10px; margin-left: 0px; margin-right: 0px; margin-top: 0px; max-height: 600px; overflow-x: auto; overflow-y: auto; padding-bottom: 5px; padding-left: 5px; padding-right: 5px; padding-top: 5px; vertical-align: baseline; width: auto;"><code style="background-attachment: initial; background-clip: initial; background-color: #eeeeee; background-image: initial; background-origin: initial; border-bottom-width: 0px; border-color: initial; border-left-width: 0px; border-right-width: 0px; border-style: initial; border-top-width: 0px; font-family: Consolas, Menlo, Monaco, 'Lucida Console', 'Liberation Mono', 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Courier New', monospace, serif; font-size: 14px; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px; vertical-align: baseline;">wget http://www.bitlib.net/mirror/apache.org/tomcat/tomcat-7/v7.0.23/bin/apache-tomcat-7.0.23.tar.gz</code></pre>
<br />
<b>2. Unpack apache-tomcat-7.0.23.tar.gz</b><br />
in any directory you like. I use /opt/apache-tomcat_7.0.23 here<br />
<span class="Apple-style-span" style="border-collapse: collapse; font-family: Arial, 'Liberation Sans', 'DejaVu Sans', sans-serif; font-size: 14px; line-height: 18px;"></span><br />
<pre style="background-attachment: initial; background-clip: initial; background-color: #eeeeee; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; border-bottom-width: 0px; border-color: initial; border-left-width: 0px; border-right-width: 0px; border-style: initial; border-top-width: 0px; font-family: Consolas, Menlo, Monaco, 'Lucida Console', 'Liberation Mono', 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Courier New', monospace, serif; font-size: 14px; margin-bottom: 10px; margin-left: 0px; margin-right: 0px; margin-top: 0px; max-height: 600px; overflow-x: auto; overflow-y: auto; padding-bottom: 5px; padding-left: 5px; padding-right: 5px; padding-top: 5px; vertical-align: baseline; width: auto;">cd /opt</pre>
<pre style="background-attachment: initial; background-clip: initial; background-color: #eeeeee; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; border-bottom-width: 0px; border-color: initial; border-left-width: 0px; border-right-width: 0px; border-style: initial; border-top-width: 0px; font-family: Consolas, Menlo, Monaco, 'Lucida Console', 'Liberation Mono', 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Courier New', monospace, serif; font-size: 14px; margin-bottom: 10px; margin-left: 0px; margin-right: 0px; margin-top: 0px; max-height: 600px; overflow-x: auto; overflow-y: auto; padding-bottom: 5px; padding-left: 5px; padding-right: 5px; padding-top: 5px; vertical-align: baseline; width: auto;">tar zxvf ../apache-tomcat-7.0.23.tar.gz</pre>
<br />
<b>3. Create a tomcat user</b><br />
<span class="Apple-style-span" style="border-collapse: collapse; font-family: Arial, 'Liberation Sans', 'DejaVu Sans', sans-serif; font-size: 14px; line-height: 18px;"></span><br />
<pre style="background-attachment: initial; background-clip: initial; background-color: #eeeeee; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; border-bottom-width: 0px; border-color: initial; border-left-width: 0px; border-right-width: 0px; border-style: initial; border-top-width: 0px; font-family: Consolas, Menlo, Monaco, 'Lucida Console', 'Liberation Mono', 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Courier New', monospace, serif; font-size: 14px; margin-bottom: 10px; margin-left: 0px; margin-right: 0px; margin-top: 0px; max-height: 600px; overflow-x: auto; overflow-y: auto; padding-bottom: 5px; padding-left: 5px; padding-right: 5px; padding-top: 5px; vertical-align: baseline; width: auto;"><code style="background-attachment: initial; background-clip: initial; background-color: #eeeeee; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; border-bottom-width: 0px; border-color: initial; border-left-width: 0px; border-right-width: 0px; border-style: initial; border-top-width: 0px; font-family: Consolas, Menlo, Monaco, 'Lucida Console', 'Liberation Mono', 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Courier New', monospace, serif; font-size: 14px; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px; vertical-align: baseline;">useradd -d /usr/share/tomcat -s /sbin/nologin tomcat</code></pre>
<br />
<b>4. Create a config directory for the tomcat instance</b><br />
<span class="Apple-style-span" style="border-collapse: collapse; font-family: Arial, 'Liberation Sans', 'DejaVu Sans', sans-serif; font-size: 14px; line-height: 18px;"></span><br />
<pre style="background-attachment: initial; background-clip: initial; background-color: #eeeeee; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; border-bottom-width: 0px; border-color: initial; border-left-width: 0px; border-right-width: 0px; border-style: initial; border-top-width: 0px; font-family: Consolas, Menlo, Monaco, 'Lucida Console', 'Liberation Mono', 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Courier New', monospace, serif; font-size: 14px; margin-bottom: 10px; margin-left: 0px; margin-right: 0px; margin-top: 0px; max-height: 600px; overflow-x: auto; overflow-y: auto; padding-bottom: 5px; padding-left: 5px; padding-right: 5px; padding-top: 5px; vertical-align: baseline; width: auto;"><code style="background-attachment: initial; background-clip: initial; background-color: #eeeeee; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; border-bottom-width: 0px; border-color: initial; border-left-width: 0px; border-right-width: 0px; border-style: initial; border-top-width: 0px; font-family: Consolas, Menlo, Monaco, 'Lucida Console', 'Liberation Mono', 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Courier New', monospace, serif; font-size: 14px; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px; vertical-align: baseline;">mkdir /etc/tomcat</code></pre>
<br />
<span class="Apple-style-span" style="border-collapse: collapse; font-family: Times, 'Times New Roman', serif; line-height: 18px; white-space: pre;"><b>5. Create tomcat70.conf file</b></span><br />
<span class="Apple-style-span" style="font-family: Consolas, Menlo, Monaco, 'Lucida Console', 'Liberation Mono', 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Courier New', monospace, serif;"><span class="Apple-style-span" style="border-collapse: collapse; font-size: 14px; line-height: 18px; white-space: pre;"><br /></span></span><br />
<span class="Apple-style-span" style="border-collapse: collapse; font-family: Consolas, Menlo, Monaco, 'Lucida Console', 'Liberation Mono', 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Courier New', monospace, serif; font-size: 14px; line-height: 18px; white-space: pre;"><code style="background-attachment: initial; background-clip: initial; background-color: #eeeeee; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; border-bottom-width: 0px; border-color: initial; border-left-width: 0px; border-right-width: 0px; border-style: initial; border-top-width: 0px; font-family: Consolas, Menlo, Monaco, 'Lucida Console', 'Liberation Mono', 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Courier New', monospace, serif; font-size: 14px; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px; vertical-align: baseline;">vi /etc/tomcat/tomcat70.conf</code></span><br />
<br />
tomcat70.conf content:<br />
<br />
<br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"><i># tomcat7.0 service configuration file</i></span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"><i># you could also override JAVA_HOME here</i></span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"><i># Where your java installation lives</i></span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"><i>JAVA_HOME="/etc/alternatives/java_sdk" # we use RH/CentOS alternatives aware Jpackage created Java RPM. </i></span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"><i>##JAVA_HOME="/usr/java/default" # if you use the standard Oracle JDK .bin installer</i></span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"><i>export JAVA_HOME</i></span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"><i># You can pass some parameters to java</i></span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"><i># here if you wish to</i></span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"><i>#JAVA_OPTS="-Xminf0.1 -Xmaxf0.3"</i></span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"><i># Use JAVA_OPTS to set java.library.path for libtcnative.so</i></span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"><i>#JAVA_OPTS="-Djava.library.path=/usr/lib</i></span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"><i># Where your tomcat installation lives</i></span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"><i>CATALINA_HOME="/opt/apache-tomcat_7.0.23"</i></span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"><i>export CATALINA_HOME</i></span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"><i># What user should run tomcat</i></span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"><i>TOMCAT_USER="tomcat"</i></span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"><i># You can change your tomcat locale here</i></span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"><i>#LANG=en_US</i></span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"><i># Time to wait in seconds, before killing process</i></span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"><i>SHUTDOWN_WAIT=30</i></span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"><i># Set the TOMCAT_PID location</i></span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"><i>CATALINA_PID=/var/run/tomcat70.pid</i></span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"><i># If you wish to further customize your tomcat environment,</i></span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"><i># put your own definitions here</i></span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"><i># (i.e. LD_LIBRARY_PATH for some jdbc drivers)</i></span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"><i># Just do not forget to export them :)</i></span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"><i># Start HeapSize 512M, Max 1024MB, PermGenSize 512MB</i></span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"><i>JAVA_OPTS="-Xmx1024M -Xms512M -XX:MaxPermSize=512M"</i></span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"><i># AWT Headless Mode and JMX for Lambda-PROBE application</i></span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"><i>JAVA_OPTS="$JAVA_OPTS -Djava.awt.headless=true"</i></span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"><i>JAVA_OPTS="$JAVA_OPTS -Dcom.sun.management.jmxremote"</i></span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"><i>export JAVA_OPTS</i></span><br />
<div>
<br /></div>
<b>6. Create the start script /etc/init.d/tomcat70</b><br />
This script is based on an old JPackage init.d script for tomcat4 and was heavily modified over time by me - and of course properly supports PID file handling. This is especially needed for tomcat stop in production environment, because sometimes Tomcat is not able to stop when big applications are deployed (e.g. because of Log4J class locking)<br />
<br />
/etc/init.d/tomcat70 content:<br />
<br />
<br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;">#!/bin/sh</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;">#</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"># tomcat70<span class="Apple-tab-span" style="white-space: pre;"> </span>Startup script for Tomcat 7.0, the Apache Servlet Engine</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;">#</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;">#</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"># chkconfig: - 80 16</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"># description: Tomcat 7.0 is the Apache Servlet Engine</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"># processname: tomcat70</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"># config: /etc/tomcat/tomcat70.conf</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"># pidfile: /var/run/tomcat70.pid</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;">#</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"># Gomez Henri <hgomez@users.sourceforge.net></span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"># Keith Irwin <keith_irwin@non.hp.com></span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"># Nicolas Mailhot <nicolas.mailhot@one2team.com></span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"># </span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"># Adapted and extended for Tomcat6, Tomcat7 default installation on CentOS by Robert Oschwald <robertoschwald@google****.com></span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"># Note: You must create a config file /etc/tomcat/tomcat70.conf</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"><br /></span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"># version 1.02 - Removed initlog support</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"># version 1.03 - Removed config:</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"># version 1.04 - tomcat will start before httpd and stop after httpd</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"># version 1.05 - jdk hardcoded to link /usr/java/jdk and tomcat runs as "nobody"</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"># version 1.06 - split up into script and config file</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"># version 1.07 - Rework from Nicolas ideas</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"># version 1.08 - Fix work dir permission at start time, switch to use tomcat4</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"># version 1.09 - Fix pidfile and config tags</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"># version 1.10 - Fallback to su direct use on systems without Redhat/Mandrake init.d functions</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"># version 1.11 - Fix webapps dir permissions</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"># version 1.12 - remove initial start/stop level for chkconfig (- 80 20)</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"># version 1.13 - remove chown of logs/work/temp/webapps dir, owned by tomcat4 at install time</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"># version 1.14 - correct the start/stop ugly hack by waiting all the threads stops</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"># version 1.15 - ensure we're looking for TOMCAT_USER running catalina</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"># version 1.16 - Add support for CATALINA_PID env var</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"># version 1.17 - Remove run files only tomcat started correctl</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"># in start area, check that tomcat is not allready running</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"># version 1.18 - Fix kill typo (thanks Kaj J. Niemi)</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"># version 1.19 - Add jar relinking</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"># version 1.20 - Check there is no stalling tomcat4.pid</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"># version 1.20tc5 - Changed all instances of tomcat4 to tomcat5 except TOMCAT_USER</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"># version 1.21 - Add status command</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"># version 1.21a - Adapted for tomcat55 manual installation, roos</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"># version 1.21b - tomcat55.conf handling added, roos</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"># version 1.21b-a - moved tomcat55.conf</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"># version 1.21b-b - some more changes due to multi-tomcat boot</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"># version 1.21b-c - tomcat7 handling added, roos</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;">#</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"><br /></span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"># Source function library.</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;">if [ -x /etc/rc.d/init.d/functions ]; then</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;">. /etc/rc.d/init.d/functions</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;">fi</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"><br /></span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"># Get Tomcat config</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;">TOMCAT_CFG="/etc/tomcat/tomcat70.conf"</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;">[ -r "$TOMCAT_CFG" ] && . "${TOMCAT_CFG}"</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"><br /></span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"># if CATALINA_HOME is not set, boil out</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;">if [ -z "$CATALINA_HOME" ]; then</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"> echo "Fatal! CATALINA_HOME not set in tomcat70.conf"</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"> exit 1</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;">fi</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"><br /></span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"># Path to the tomcat launch script (direct don't use wrapper)</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;">TOMCAT_SCRIPT=$CATALINA_HOME/bin/catalina.sh</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"><br /></span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"># by roos, propper umask</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;">umask 002</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"><br /></span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"># Tomcat name :)</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;">TOMCAT_PROG=tomcat70</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"> </span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"># if TOMCAT_USER is not set, use tomcat like Apache HTTP server</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;">if [ -z "$TOMCAT_USER" ]; then</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"> TOMCAT_USER="apache"</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;">fi</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"><br /></span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"># Since the daemon function will sandbox $tomcat</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"># no environment stuff should be defined here anymore.</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"># Please use the /etc/tomcat/tomcatXX.conf file instead ; it will</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"># be read by the $tomcat script</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"><br /></span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;">RETVAL=0</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"><br /></span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"># added by roos to be able to delete logfiles</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;">umask 002</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"><br /></span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"># See how we were called.</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;">start() {</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"> echo -n "Starting $TOMCAT_PROG: "</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"><span class="Apple-tab-span" style="white-space: pre;"> </span>if [ -f /var/lock/subsys/tomcat70 ] ; then</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"> <span class="Apple-tab-span" style="white-space: pre;"> </span>if [ -f $CATALINA_PID ]; then</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"> <span class="Apple-tab-span" style="white-space: pre;"> </span> <span class="Apple-tab-span" style="white-space: pre;"> </span>read kpid < $CATALINA_PID</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"> <span class="Apple-tab-span" style="white-space: pre;"> </span># if checkpid $kpid 2>&1; then</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"><span class="Apple-tab-span" style="white-space: pre;"> </span>if [ -d "/proc/${kpid}" ]; then</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"> <span class="Apple-tab-span" style="white-space: pre;"> </span>echo "process allready running"</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"> <span class="Apple-tab-span" style="white-space: pre;"> </span>return -1</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"> <span class="Apple-tab-span" style="white-space: pre;"> </span>else</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"> <span class="Apple-tab-span" style="white-space: pre;"> </span>echo "lock file found but no process running for pid $kpid, continuing"</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"> <span class="Apple-tab-span" style="white-space: pre;"> </span>fi</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"> <span class="Apple-tab-span" style="white-space: pre;"> </span>fi</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"> <span class="Apple-tab-span" style="white-space: pre;"> </span>fi</span><br />
<br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"> <span class="Apple-tab-span" style="white-space: pre;"> </span>touch $CATALINA_PID</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"> <span class="Apple-tab-span" style="white-space: pre;"> </span>chmod 0777 $CATALINA_PID</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"> <span class="Apple-tab-span" style="white-space: pre;"> </span>chown $TOMCAT_USER $CATALINA_PID</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"><br /></span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"><span class="Apple-tab-span" style="white-space: pre;"> </span>if [ -x /etc/rc.d/init.d/functions ]; then</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"> <span class="Apple-tab-span" style="white-space: pre;"> </span>daemon --user $TOMCAT_USER $TOMCAT_SCRIPT start </span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"> <span class="Apple-tab-span" style="white-space: pre;"> </span>else</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"> <span class="Apple-tab-span" style="white-space: pre;"> </span>su - $TOMCAT_USER -c "$TOMCAT_SCRIPT start"</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"> <span class="Apple-tab-span" style="white-space: pre;"> </span>fi</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"><br /></span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"> <span class="Apple-tab-span" style="white-space: pre;"> </span>RETVAL=$?</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"> <span class="Apple-tab-span" style="white-space: pre;"> </span>echo</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"> <span class="Apple-tab-span" style="white-space: pre;"> </span>[ $RETVAL = 0 ] && touch /var/lock/subsys/tomcat70</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"> <span class="Apple-tab-span" style="white-space: pre;"> </span>return $RETVAL</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;">}</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"><br /></span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;">function stop() {</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"> RETVAL="0"</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"> echo -n "Stopping ${TOMCAT_PROG}: "</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"> if [ -f "/var/lock/subsys/tomcat70" ]; then</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"><span class="Apple-tab-span" style="white-space: pre;"> </span>if [ -x /etc/rc.d/init.d/functions ]; then</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"> daemon --user $TOMCAT_USER $TOMCAT_SCRIPT stop</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"> else</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"> su - $TOMCAT_USER -c "$TOMCAT_SCRIPT stop"</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"> fi</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"> RETVAL=$?</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"> if [ "$RETVAL" -eq "0" ]; then</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"> count="0"</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"> if [ -f $CATALINA_PID ]; then</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"> read kpid < $CATALINA_PID</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"> </span><span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;">if [ -z $kpid ]; then</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"> </span><span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"># already stopped</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"> </span><span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;">rm -f /var/lock/subsys/tomcat70 $CATALINA_PID</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"> </span><span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;">return $RETVAL</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"> </span><span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;">fi</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"> until [ "$(ps --pid $kpid | grep -c $kpid)" -eq "0" ] || \</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"> [ "$count" -gt "$SHUTDOWN_WAIT" ]; do</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"> echo "waiting for processes $kpid to exit"</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"> sleep 1</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"> let count="${count}+1"</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"> done</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"> if [ "$count" -gt "$SHUTDOWN_WAIT" ]; then</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"> echo "killing processes which didn't stop after $SHUTDOWN_WAIT seconds"</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"> kill -9 $kpid</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"> fi</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"> fi</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"> rm -f /var/lock/subsys/tomcat70 $CATALINA_PID</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"> fi</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"> fi</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"> return $RETVAL</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;">}</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"><br /></span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"><br /></span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;">status() {</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"><span class="Apple-tab-span" style="white-space: pre;"> </span>if [ -f /var/lock/subsys/tomcat70 ] ; then</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"> <span class="Apple-tab-span" style="white-space: pre;"> </span>if [ -f $CATALINA_PID ]; then</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"> <span class="Apple-tab-span" style="white-space: pre;"> </span> <span class="Apple-tab-span" style="white-space: pre;"> </span>read kpid < $CATALINA_PID</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"> <span class="Apple-tab-span" style="white-space: pre;"> </span>if checkpid $kpid 2>&1; then</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"> <span class="Apple-tab-span" style="white-space: pre;"> </span>echo "tomcat70 is running ($kpid)"</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"><span class="Apple-tab-span" style="white-space: pre;"> </span>return 0</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"> <span class="Apple-tab-span" style="white-space: pre;"> </span>else</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"> <span class="Apple-tab-span" style="white-space: pre;"> </span>echo "lock file found but no process running for pid $kpid"</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"> <span class="Apple-tab-span" style="white-space: pre;"> </span>fi</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"> <span class="Apple-tab-span" style="white-space: pre;"> </span>fi</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"> <span class="Apple-tab-span" style="white-space: pre;"> </span>fi</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"><span class="Apple-tab-span" style="white-space: pre;"> </span>echo "tomcat6 is stopped."</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"><span class="Apple-tab-span" style="white-space: pre;"> </span>return 1</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;">}</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"><br /></span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"><br /></span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"># See how we were called.</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;">case "$1" in</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"> start)</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"> start</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"> ;;</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"> stop)</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"> stop</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"> ;;</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"> status)</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"><span class="Apple-tab-span" style="white-space: pre;"> </span>status</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"><span class="Apple-tab-span" style="white-space: pre;"> </span>exit $?</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"><span class="Apple-tab-span" style="white-space: pre;"> </span>;;</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"> restart)</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"> stop</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"> sleep 2<span class="Apple-tab-span" style="white-space: pre;"> </span></span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"> start</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"> ;;</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"> condrestart)</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"> if [ -f $CATALINA_PID ] ; then</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"> stop</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"> start</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"> fi</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"> ;;</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"> *)</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"> echo "Usage: $TOMCAT_PROG {start|stop|status|restart|condrestart}"</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"> exit 1</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;">esac</span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;"><br /></span><br />
<span class="Apple-style-span" style="background-color: #fff2cc; font-size: xx-small;">exit $RETVAL</span><br />
<div>
<br /></div>
<div>
<b>7. set permissions</b></div>
<div>
<span class="Apple-style-span" style="border-collapse: collapse; font-family: Arial, 'Liberation Sans', 'DejaVu Sans', sans-serif; font-size: 14px; line-height: 18px;"></span><br />
<pre style="background-attachment: initial; background-clip: initial; background-color: #eeeeee; background-image: initial; background-origin: initial; border-bottom-width: 0px; border-color: initial; border-left-width: 0px; border-right-width: 0px; border-style: initial; border-top-width: 0px; font-family: Consolas, Menlo, Monaco, 'Lucida Console', 'Liberation Mono', 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Courier New', monospace, serif; font-size: 14px; margin-bottom: 10px; margin-left: 0px; margin-right: 0px; margin-top: 0px; max-height: 600px; overflow-x: auto; overflow-y: auto; padding-bottom: 5px; padding-left: 5px; padding-right: 5px; padding-top: 5px; vertical-align: baseline; width: auto;"><span class="Apple-style-span" style="border-collapse: collapse; font-family: Arial, 'Liberation Sans', 'DejaVu Sans', sans-serif; font-size: 14px; line-height: 18px;"><code style="background-attachment: initial; background-clip: initial; background-color: #eeeeee; background-image: initial; background-origin: initial; border-bottom-width: 0px; border-color: initial; border-left-width: 0px; border-right-width: 0px; border-style: initial; border-top-width: 0px; font-family: Consolas, Menlo, Monaco, 'Lucida Console', 'Liberation Mono', 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Courier New', monospace, serif; font-size: 14px; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px; vertical-align: baseline;">chmod 755 /etc/init.d/tomcat70</code></span></pre>
<span class="Apple-style-span" style="border-collapse: collapse; font-family: Arial, 'Liberation Sans', 'DejaVu Sans', sans-serif; font-size: 14px; line-height: 18px;">
</span></div>
<div>
<span class="Apple-style-span" style="border-collapse: collapse; font-family: Arial, 'Liberation Sans', 'DejaVu Sans', sans-serif; font-size: 14px; line-height: 18px;"></span><br />
<pre style="background-attachment: initial; background-clip: initial; background-color: #eeeeee; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; border-bottom-width: 0px; border-color: initial; border-left-width: 0px; border-right-width: 0px; border-style: initial; border-top-width: 0px; font-family: Consolas, Menlo, Monaco, 'Lucida Console', 'Liberation Mono', 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Courier New', monospace, serif; font-size: 14px; margin-bottom: 10px; margin-left: 0px; margin-right: 0px; margin-top: 0px; max-height: 600px; overflow-x: auto; overflow-y: auto; padding-bottom: 5px; padding-left: 5px; padding-right: 5px; padding-top: 5px; vertical-align: baseline; width: auto;"><span class="Apple-style-span" style="border-collapse: collapse; font-family: Arial, 'Liberation Sans', 'DejaVu Sans', sans-serif; font-size: 14px; line-height: 18px;"><code style="background-attachment: initial; background-clip: initial; background-color: #eeeeee; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; border-bottom-width: 0px; border-color: initial; border-left-width: 0px; border-right-width: 0px; border-style: initial; border-top-width: 0px; font-family: Consolas, Menlo, Monaco, 'Lucida Console', 'Liberation Mono', 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Courier New', monospace, serif; font-size: 14px; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px; vertical-align: baseline;">chown -R tomcat /opt/apache-tomcat-7.0.23</code></span></pre>
<span class="Apple-style-span" style="border-collapse: collapse; font-family: Arial, 'Liberation Sans', 'DejaVu Sans', sans-serif; font-size: 14px; line-height: 18px;">
</span><br />
<pre style="background-attachment: initial; background-clip: initial; background-color: #eeeeee; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; border-bottom-width: 0px; border-color: initial; border-left-width: 0px; border-right-width: 0px; border-style: initial; border-top-width: 0px; font-family: Consolas, Menlo, Monaco, 'Lucida Console', 'Liberation Mono', 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Courier New', monospace, serif; font-size: 14px; margin-bottom: 10px; margin-left: 0px; margin-right: 0px; margin-top: 0px; max-height: 600px; overflow-x: auto; overflow-y: auto; padding-bottom: 5px; padding-left: 5px; padding-right: 5px; padding-top: 5px; vertical-align: baseline; width: auto;"><span class="Apple-style-span" style="border-collapse: collapse; font-family: Arial, 'Liberation Sans', 'DejaVu Sans', sans-serif; font-size: 14px; line-height: 18px;"><code style="background-attachment: initial; background-clip: initial; background-color: #eeeeee; background-image: initial; background-origin: initial; background-position: initial initial; background-repeat: initial initial; border-bottom-width: 0px; border-color: initial; border-left-width: 0px; border-right-width: 0px; border-style: initial; border-top-width: 0px; font-family: Consolas, Menlo, Monaco, 'Lucida Console', 'Liberation Mono', 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Courier New', monospace, serif; font-size: 14px; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px; vertical-align: baseline;">chmod -R 775 /opt/apache-tomcat-7.0.23</code></span></pre>
<span class="Apple-style-span" style="border-collapse: collapse; font-family: Arial, 'Liberation Sans', 'DejaVu Sans', sans-serif; font-size: 14px; line-height: 18px;">
</span></div>
<br />
<br />
<b>8. create setenv.sh file </b><br />
My impression is that this is the most-overseen feature of Apache-Tomcat installation. Many people edit catalina.sh directly to set environment vars like JAVA_HOME.<br />
But there is a standard way to add environment vars by adding a setenv.sh file to the tomcat bin directory without modifying anything in the original files by adding a setenv.sh file to the tomcat bin dir.<br />
<br />
/opt/tomcat-7.0.23/bin/setenv.sh content:<br />
<br />
<span class="Apple-style-span" style="background-color: #fff2cc;"><i><span class="Apple-style-span" style="font-size: xx-small;"># setenv.sh to read env var in catalina.sh</span></i></span><br />
<span class="Apple-style-span" style="background-color: #fff2cc;"><i><span class="Apple-style-span" style="font-size: xx-small;">TOMCAT_CFG="/etc/tomcat/tomcat70.conf"</span></i></span><br />
<span class="Apple-style-span" style="background-color: #fff2cc;"><i><span class="Apple-style-span" style="font-size: xx-small;">[ -r "$TOMCAT_CFG" ] && . "${TOMCAT_CFG}"</span></i></span><br />
<span class="Apple-style-span" style="font-size: xx-small;"><i><br /></i></span><br />
<span class="Apple-style-span" style="font-size: xx-small;"><i><br /></i></span><br />
<b>9. Start tomcat</b><br />
/etc/init.d/tomcat70 start<br />
<br />
<br />
<br />
Hope that helps someone. Any comments appreciated.<br />
<br />
<span class="Apple-style-span" style="font-size: xx-small;"><i><br /></i></span>Unknownnoreply@blogger.com3tag:blogger.com,1999:blog-8257268696459320708.post-74847736902750614742011-04-12T05:47:00.001-07:002011-12-22T02:38:15.882-08:00Shutting down VMware ESXi 4.x from apcupsd remote ServerI needed to automatically shutdown my ESXi 4.0 Server remotely by my apcupsd controlled Linux Server.<br />For this, I used this steps:<br /><br />1. Enable the SSH Management Console on the ESXi Server (see ESXi console)<br /><br />2. Create the /.ssh directory<br /><font class="Apple-style-span" face="'Courier New', Courier, monospace"> ssh <esxi_server><br /> mkdir /.ssh<br /> chmod 700 /.ssh</font><font class="Apple-style-span" face="'Courier New', Courier, monospace"> </font><br /><div><font class="Apple-style-span" face="'Courier New', Courier, monospace"> exit</font></div><div><font class="Apple-style-span" face="'Courier New', Courier, monospace"><br /></font>3. copy your ssh private key (yes, you read right) to the ESXi server<br /><font class="Apple-style-span" face="'Courier New', Courier, monospace">#> scp ~/.ssh/id_rsa <vmware_server>:/.ssh/</font><br /><br />4. Convert the ssh priv key to dropbear format and generate a public key from it<br /><font class="Apple-style-span" face="'Courier New', Courier, monospace"><div>ssh <esxi_server></div><div><font class="Apple-style-span" face="'Courier New', Courier, monospace"><br /></font></div>dropbearconvert openssl dropbear /.ssh/id_rsa /.ssh/id_rsa.dropbear<br /><br />dropbearkey -y /.ssh/id_rsa.dropbear > /.ssh/authorized_keys</font></div><div><font class="Apple-style-span" face="'Courier New', Courier, monospace"><br />rm /.ssh/id_rsa /.ssh/id_rsa.dropbear</font><br /><br />5. Create the shutdown script /shutdown_apcupsd.sh on the esxi server:<br /><font class="Apple-style-span" face="'Courier New', Courier, monospace"> #!/bin/sh<br /><br />echo "Shutdown of VMs and ESXi Server initated"<br />echo " "<br />echo "Step1/2: Shutdown Autostart-VMs"<br />/sbin/shutdown.sh<br />echo "Step2/2: Shutdown Remaining VMs and Server"<br />/sbin/poweroff.sh<br />echo "Good Bye."</font><br /><font class="Apple-style-span" face="'Courier New', Courier, monospace">#> chmod 755 /shutdown_apcupsd.sh</font><br /><font class="Apple-style-span" face="'Courier New', Courier, monospace"><br /></font><br />6. On the apcupsd Server, create the shutdown script:<br /><font class="Apple-style-span" face="'Courier New', Courier, monospace">#> vi /etc/apcupsd/shutdown_esxi.sh</font><br /><font class="Apple-style-span" face="'Courier New', Courier, monospace"><br /></font><br /><font class="Apple-style-span" face="'Courier New', Courier, monospace"></font><br /><font class="Apple-style-span" face="'Courier New', Courier, monospace">#!/bin/sh<br />########################################<br />ESXI_HOST=<esxi_server.yourdomain.tld><br />ESXI_LOCAL_SHUTDOWN_SCRIPT=/shutdown_apcupsd.sh<br />########################################<br />echo "Invoking remote Shutdown of $</font><span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace; ">ESXI_HOST</span><span class="Apple-style-span" style="font-family: 'Courier New', Courier, monospace; ">"</span></div><div><font class="Apple-style-span" face="'Courier New', Courier, monospace">ssh $ESXI_HOST $ESXI_LOCAL_SHUTDOWN_SCRIPT<br /><div><font class="Apple-style-span" face="Times"><font class="Apple-style-span" face="'Courier New', Courier, monospace"><br /></font></font></div></font><br />7. Add the shutdown script to apccontrol "doshutdown" case:<br /><font class="Apple-style-span" face="'Courier New', Courier, monospace">#> vi /etc/apcupsd/apccontrol</font><br /><font class="Apple-style-span" face="'Courier New', Courier, monospace"><br />doshutdown)<br /> echo "UPS ${2} initiated Shutdown Sequence" | ${WALL}<br /> <b># ADDED FOR ESXI SHUTDOWN<br /> /etc/apcupsd/shutdown-vmware-esxi &<br /> # ADDED FOR ESXI SHUTDOWN END</b><br /> ${SHUTDOWN} -h now "apcupsd UPS ${2} initiated shutdown"<br /> ;;</font></div>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-8257268696459320708.post-2013031152894704912011-03-02T06:47:00.000-08:002011-03-02T06:49:33.760-08:00Microsofts Marketing for IE9 and the truthHave you checked the IE9 RC?<br /><br />M$ states 99% compliance to HTML5 and 100% compliance to CSS3.<br />See <a href="http://blogs.msdn.com/b/ie/archive/2011/02/10/acting-on-feedback-ie9-release-candidate-available-for-download.aspx">Microsoft IE9 Blog</a><br /><br /><br />But this is the truth:<br /><ul><li>Worst compatibility points on http://html5test.com</li><li> NO text shadows </li><li>NO border-image</li><li>NO transitions</li><li>NO gradients</li><li>NO multiple-columns</li><li>..and so on.</li></ul>Conclusion: You must test the html5/CSS3 features of IE9 yourself. Never trust marketing bullshit.Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-8257268696459320708.post-7810139244430182152010-10-08T01:18:00.000-07:002010-10-08T01:51:06.785-07:00Oracle vs. CommunitySince Oracle bought Sun Microsystems a while ago, I follow what happens to Java, Openoffice and the community process.<br /><br />All I can say so far is, that in my opinion Oracle made a very bad job. Instead of holding the community together to keep the momentum and to build a big force against M$, they disappointed many people. <div>All you can see is forks everywhere. OpenOffice forked to LibraOffice, OpenJDK currently seem to go different ways than the community, MySQL forked into several independent projects and OpenSolaris (not open anymore) forked also.<br /><br /><div>So the big question is: What the heck is the plan of Oracle? Do they have any?</div></div>Unknownnoreply@blogger.com0