About Me

My photo
I know the last digit of PI

Tuesday, November 04, 2014

Jenkins deployment script with VPN establishment and SSH port forwarding

Here is a deployment script that can be run from Jenkins.
It establishes VPN connections, creates SSH tunnels and copies the WAR file to remote server. At the end the WAR is verified and a deployment script is executed.

The 192.168.0.2 is the server that gives access to other machines. The target tomcat server is 192.168.0.3, but it can be accessed only from 192.168.0.2.
The deploy.sh is responsible to stop tomcat server, delete the old artifact and start the tomcat server.

#!/bin/bash
now="$(date +'%Y%m%d%H%M')"

yes | cp /opt/hudson/jobs/WAR/lastSuccessful/archive/target/app.war ./app.war

cksumline=`cksum ./app.war`

fileChkSum=$(echo "$cksumline" | awk '{print $1}')
fileSize=$(echo "$cksumline" | awk '{print $2}')

#echo "Local Checksum:$fileChkSum"
#echo "Local FileSize:$fileSize"

sudo pon vpn-conn1
echo VPN connected
sleep 10

echo Creating tunnel
sshpass -p $pass ssh -f -o ExitOnForwardFailure=yes -o StrictHostKeyChecking=no user@192.168.0.2 -L 1234:192.168.0.3:22 'sleep 30' &
sleep 10
echo Tunnel created


echo Copyng WAR file...
sshpass -p $pass scp -oStrictHostKeyChecking=no -P 1234 ./app.war user@localhost:webapps/app.war.$now
echo WAR file copied.

cksumline2=`sshpass -p $pass ssh -oStrictHostKeyChecking=no -p 1234 user@localhost cksum webapps/app.war.$now`
echo "Checksum execution on remote machine: $cksumline2"




fileChkSum2=$(echo "$cksumline2" | awk '{print $1}')
fileSize2=$(echo "$cksumline2" | awk '{print $2}')

if [[ "$fileChkSum" != "$fileChkSum2" ]]; then
  echo "Checksum differs! local: $fileChkSum, remote: $fileChkSum2"
  sudo poff vpn-conn1
  echo VPN disconnected
  exit -1
fi

if [[ "$fileSize" != "$fileSize2" ]]; then
  echo "Size differs! local: $fileSize, remote: $fileSize2"
  sudo poff vpn-conn1
  echo VPN disconnected
  exit -1
fi


sshpass -p $pass ssh -oStrictHostKeyChecking=no -p 1234 user@localhost cp webapps/app.war.$now webapps/app.war
sshpass -p $pass ssh -oStrictHostKeyChecking=no -p 1234 user@localhost ./deploy.sh


sudo poff vpn-conn1
echo VPN disconnected

Resizing VirtualBox HDD

Original post from here https://forums.virtualbox.org/viewtopic.php?f=35&t=50661

Steps:
  1. Resize the Virutalbox HDD VBoxManage modifyhd <absolute path to file> --resize <size in MB>>
  2. Use GParted liveCD to resize the partition http://sourceforge.net/projects/gparted/

Thursday, May 22, 2014

Reverse proxy with apache

Creating reverse proxy with appache is quite easy. The common scenario is that you want to redirect entire domain to internal application server. Steps: 1) install apache 2) Edit APACHE_HOME/conf/httpd.conf with following content:
Listen 80
#Listen 1080

LogLevel debug
#ProxyHTMLLogVerbose On

LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
LoadModule authz_core_module modules/mod_authz_core.so
LoadModule xml2enc_module modules/mod_xml2enc.so
LoadModule proxy_html_module modules/mod_proxy_html.so
LoadModule deflate_module modules/mod_deflate.so

<VirtualHost *>
 ProxyRequests OFF
 ProxyPreserveHost On
 
 ProxyPass / ajp://127.0.0.1:8009/
 ProxyPassReverse / ajp://127.0.0.1:8009/

 #ProxyPass /app/ ajp://127.0.0.1:8009/app/
 #ProxyPass /app/ ajp://127.0.0.1:8009/app/
 #ProxyHTMLURLMap  / /app/ 

</VirtualHost>
3) On the application server (Tomcat/JBoss) deploy your app in the root context. For JBoss use jboss-web.xml with following content:
<?xml version="1.0" encoding="UTF-8"?>
<jboss-web>
<context-root>/</context-root>
</jboss-web>
Also do not forget to disable the default root application from JBOSS_HOME/standalone/configuration/ set enable-welcome-root to false
<virtual-server name="default-host" enable-welcome-root="false">

Friday, April 11, 2014

UPS under Linux

The following steps are tested on Fedora 20, but generally should work on every other system with few modifications.

Step1. Install NUT


yum install nut*

Step2. Configure UPS

Execute
nut-scanner
It should output something like this:
[nutdev1]
driver = "blazer_usb"
port = "auto"
vendorid = "0001"
productid = "0000"
product = "STD UPS MON V1.0"
bus = "006"

Add the nut-scanner output to the end of /etc/ups/ups.conf file. You can change the [nutdev1] to something more meaningful e.g. [myUps1] or [InformGuardUPS]. In the examples bellow we will use the default name [nutdev1].

Change /etc/ups/upsd.conf and add "LISTEN 127.0.0.1 3493" (without quotes)

Change /etc/ups/upsd.users and add a new admin user

[admin]
password = mypassword
actions = SET
instcmds = ALL

Change /etc/ups/upsmon.conf and add following lines:

RUN_AS_USER root
MONITOR nutdev1@localhost 1 admin mypassword master


Step3. Manually test everything

upsdrvctl start
The command should output something similar to:
Network UPS Tools - Generic HID driver 0.34 (2.4.1)
USB communication driver 0.31
Using subdriver: MGE HID 1.12
Detected EATON - Ellipse MAX 1100 [ADKK22008]
If you face a problem like "libusb couldn't open usb device /dev/usb/XXXXXX: permission denied", then use google to find a way how to solve it nicely. I used very brutal method:
chmod -R 777 /dev/bus/usb/
Then try to start UPS driver again Start the upsd:
upsd
And the result should be similar to:
Network UPS Tools upsd 2.4.1
listening on 127.0.0.1 port 3493
listening on ::1 port 3493
Connected to UPS [eaton]: usbhid-ups-eaton
List your ups names with
upsc -L
Try to query the UPS status with.
upsc nutdev1@localhost
or just
upsc nutdev1
Depending on your UPS capabilities it should return various variables and their values. See http://www.networkupstools.org/docs/user-manual.chunked/apcs01.html for more details. If you want to check if is it working on battery right now execute
upsc nutdev1 ups.status
and the output should be OL (online) or OB (on battery), LB (low battery), etc. You can also play around with some of the UPS commands/settings
upscmd nutdev1 beeper.toggle

After that reboot the system (or stop all daemons)



Step4. Starts UPS daemons automatically

Execute following commands:
systemctl enable nut-server
systemctl start nut-server
systemctl enable nut-monitor.service
systemctl start nut-monitor.service
Restart the system, and if check if everything is ok, by executing the UPS status with upsc command. Now the UPS monitoring system is configured and in case of power loss, the computer will shutdown, when the UPS battery is low. If you don't want to shutdown the computer before the 'battery low' signal follow proceed with the step

Step5. Fine tuning

This step is optional, but gives you more control over the UPS events handling. If you want to trunoff the computer before the low battery signal, then use following steps:
1. Edit /etc/ups/upsmon.conf and add following lines:
NOTIFYCMD /usr/sbin/upssched
NOTIFYFLAG ONLINE     EXEC
NOTIFYFLAG ONBATT     EXEC
NOTIFYFLAG LOWBATT    EXEC
NOTIFYFLAG FSD        EXEC
NOTIFYFLAG COMMOK     EXEC
NOTIFYFLAG COMMBAD    EXEC
NOTIFYFLAG SHUTDOWN   EXEC
NOTIFYFLAG REPLBATT   EXEC
NOTIFYFLAG NOCOMM     EXEC
NOTIFYFLAG NOPARENT   EXEC
2. Edit /etc/ups/upssched.conf and add following lines (it will allow you shutdown the computer after 15 seconds, after working on battery)
PIPEFN /var/run/nut/upssched.pipe
LOCKFN /var/run/nut/upssched.pipe
AT ONBATT * START-TIMER executeShutdown 15
AT ONLINE * CANCEL-TIMER executeShutdown
AT ONBATT * EXECUTE onBattery
AT ONLINE * EXECUTE onLine
AT NOCOMM * EXECUTE noComm
AT COMMBAD * EXECUTE commBad
AT COMMOK * EXECUTE commOk
3. Edit /usr/bin/upssched-cmd (see the exact file name from /usr/bin/upssched-cmd variable CMDSCRIPT) and add executeShutdown section similar to:
case $1 in
        upsgone)
                logger -t upssched-cmd "The UPS has been gone for awhile"
                ;;
        executeShutdown)
                shutdown -h now
                ;;
        onBattery)
                logger -t upssched-cmd "UPS is on battery!"
                ;;
        onLine)
                logger -t upssched-cmd "UPS is back online!"
                ;;
        noComm)
                logger -t upssched-cmd "No communication with the UPS device"
                ;;
        commBad)
                logger -t upssched-cmd "Communication with UPS device lost"
                ;;
        commOk)
                logger -t upssched-cmd "Communication with UPS device restored"
                ;;
        *)
                logger -t upssched-cmd "Unrecognized command: $1"
                ;;
esac

Tuesday, April 08, 2014

PermGen space leaks

The causes of PermGen space leaks:
  1. Thread left running after web-app undeployment - the context class loader of the thread is usually the class loader of the web application, so it contains all webapp classes.
  2. Using ThreadLocal with thread created by the web server - web app class is assigned to web server thread (e.g. HTTP worker thread) - the web app class holds a reference to the classloader, even if the web app is undeployed.
  3. Database driver leak - every database driver should register in  java.sql.DriverManager
    the web-app must deregister it from the there, otherwise it hold a reference to the web-app class loader, if the web app is undeploye

Wednesday, February 26, 2014

Fedora 20 remote desktop (vncserver)

In order to enable VNC access to Fedora 20 you must install vino
yum install vino
gsettings list-recursively org.gnome.Vino
Will give you all available vino configurations Not all VNC clients supports encrypted connections, so you may need to disable it.
gsettings set org.gnome.Vino require-encryption false
Also disable the prompt when somebody tries to connect
gsettings set org.gnome.Vino prompt-enabled false
Login in gnome shell go to Settings > Share and enable Screen sharing