DevOps with OpenShift

August 23, 2017, 9:22 am

reblogging the from the excellent friend and mentor Jan:
https://jvzoggel.com/2017/08/23/free-ebook-devops-with-openshift/

Also interesting the OpenShift for Developers:

↧

Getting started with OpenShift

August 26, 2017, 12:09 pm

≫ Next: Wildfly quickstarts

≪ Previous: DevOps with OpenShift

you can try installing on your local machine: install Vagrant https://www.vagrantup.com/downloads.html

install virtualbox https://www.virtualbox.org/wiki/Downloads

clone this github repo https://github.com/openshift/origin and vagrant up... good luck! On Windows the clone fails because of a filename too long issue (hello Microsoft???? ) .

Another way is to test directly on AWS:

https://aws.amazon.com/about-aws/whats-new/2016/06/red-hat-openshift-on-the-aws-cloud-quick-start-reference-deployment/ , go through the AWS guide "red-hat-openshift-on-the-aws-cloud"https://s3.amazonaws.com/quickstart-reference/openshift/doc/red-hat-openshift-on-the-aws-cloud.pdf and discover that this quickstart is no longer available (hello, Amazon??? Why don't you tell it on the home page?? ).

Check out on https://aws.amazon.com/quickstart/ for available quickstarts - there is no Openshift quickstart! This world is a chaos, a Cambrian explosion of products which end up in a total mess, fish with wings and trunks like elephants, and survive only one generation or the space of a few months.

About AWS, I discover another document https://access.redhat.com/documentation/en-us/reference_architectures/2017/html/deploying_openshift_container_platform_3.5_on_amazon_web_services/ but it's a bit long reading...

Anyway in the meantime I discover that the Vagrantfile VirtualBox approach has been DROPPED https://blog.openshift.com/goodbye-openshift-all-in-one-vm-hello-minishift/ in favour of Minishift (one more extinct species, whose fossil debris still clutter the digital space...)... too bad that the online book "OpenShift for developers" has not been updated, and I have wasted 3 hours of my life to discover that the "all in one" approach is dead...Grant Shipley and Graham Dumpleton, how about taking care of your creation?

↧

Wildfly quickstarts

August 27, 2017, 9:54 pm

≫ Next: Spring Framwork Essentials course by Ken Kousen in Safari Books Online

≪ Previous: Getting started with OpenShift

Wildfly Example galore here: https://github.com/wildfly/quickstart

JBOss EAP example galore here https://github.com/jboss-developer/jboss-eap-quickstarts

Latest Wildfly documentation https://docs.jboss.org/author/display/WFLY/Documentation. Wildfly can be downloaded here http://wildfly.org/downloads/

Excellent book here

This book can be useful: Advanced Java EE Development with WildFly

For Eclipse Oxygen, you might want to install (EClipse Marketplace) the JBoss Tools https://tools.jboss.org/

https://developer.jboss.org/wiki/MavenRepository

Interesting book Wildfly cookbook https://www.packtpub.com/networking-and-servers/wildfly-cookbook

↧

Spring Framwork Essentials course by Ken Kousen in Safari Books Online

September 1, 2017, 1:03 pm

≫ Next: Dependency trees in Nexus and Maven: who uses what ?

≪ Previous: Wildfly quickstarts

Here is the code https://github.com/kousen/Spring-Framework-Essentials

Ken is a very talented teacher, who focuses on concepts rather than sheer data. Highly recommended.

The course is available only if you register in Safari Books Online https://www.safaribooksonline.com/, but there is a short term FREE evaluation account (no credit car required).

↧

Dependency trees in Nexus and Maven: who uses what ?

September 6, 2017, 12:05 am

≫ Next: Software Vulnerability Control with Sonatype products

≪ Previous: Spring Framwork Essentials course by Ken Kousen in Safari Books Online

Nexus plugin to display who uses a given artifact https://github.com/saleemshafi/nexus-artifact-usage-plugin (apparently the same info is built-in in Apache Archiva https://stackoverflow.com/questions/19392236/who-is-using-my-maven-artifact ). As suggested in SO, you should build a über-POM containing all your projects, then generate the dependency tree.

Useful commands:

mvn dependency:tree -DoutputType=graphml -DoutputFile=dependency.graphml

(use also --debug in case of errors)

Here the documentation on Dependency Management in Maven https://maven.apache.org/guides/introduction/introduction-to-dependency-mechanism.html

Transitive Dependencies

↧

Software Vulnerability Control with Sonatype products

September 7, 2017, 5:36 pm

≫ Next: Nexus and Maven (ST): setup

≪ Previous: Dependency trees in Nexus and Maven: who uses what ?

Interesting introductory vide on the topic of Security in Software Supply Chain https://vimeo.com/217179090

Software Factory | Sonatype from Sonatype Nexus on Vimeo.

Software Supply Chain
Continuous Integration
Continuous Delivery
Release Automation Tool
DevOps Native Software Development
Nexus Firewall
Public repositories: Maven Central,

Sonar Security Rules: https://docs.sonarqube.org/display/SONAR/Security-related+rules

Software Weakness

Software Vulnerability

http://cwe.mitre.org/ Common Weakness Enumeration (common software security weaknesses) - very educational FAQ on Software Weakness here http://cwe.mitre.org/about/faq.html#A.1

https://www.first.org/cvss/ CVSS Common Vulnerability Scoring System, scores explained: https://www.first.org/cvss/specification-document

https://www.sonatype.com/nexus-lifecycle-tour-software-supply-chain-automation-sonatype Nexus lifecycle

https://nvd.nist.gov/ NVD is National Vulnerability Database - try searching for Bouncy Castle

Using "Application Health Check" to scan vulnerabilities:

I have read the devsecops Gartner report https://www.sonatype.com/devsecops also available here https://cdn2.hubspot.net/hubfs/1958393/White_Papers/devsecops_how_to_seamlessly__315283.pdf?t=1482418124868

Very interesting also the https://www.sonatype.com/ssc2017?hsCtaTracking=d915532d-28ac-4818-a2db-d4e8feb07036%7C61ff62a0-da6f-47d1-9591-c89200a00454 2017 State of the Open Software

See also the famous https://storage.googleapis.com/google-code-archive-downloads/v2/code.google.com/owasptop10/OWASP%20Top%2010%20-%202013.pdf OWASP top 10 web application security risks. Number A9 says: "Components, such as libraries, frameworks, and other software modules, almost always run with full privileges. If a vulnerable component is exploited, such an attack can facilitate serious data loss or server takeover. Applications using components with known vulnerabilities may undermine application defenses and enable a range of possible attacks and impacts."

Repository Health Check RHC demo video here https://sonatype.wistia.com/medias/77jh7h47av

Result of a WebGoat Health Check https://clm.sonatype.com/reports/Sonatype/71fe66f5c3b540f09caa9ebf1f103e7a-8fae0/

Comparison of Free and Opensource Software Licenses https://en.wikipedia.org/wiki/Comparison_of_free_and_open-source_software_licenses

↧

Nexus and Maven (ST): setup

September 9, 2017, 1:44 am

≫ Next: Nexus Repository Migration

≪ Previous: Software Vulnerability Control with Sonatype products

I have installed Maven (ST) in /home/centos/apache-maven-3.5.0/.

My m2 repo is in /home/centos/.m2/repository

To test the m2 repo, I "git clone https://github.com/gabrielf/maven-samples", then "mvn package"

"ls /home/centos/.m2/repository" shows that stuff is actually pulled from the maven central repo https://repo.maven.apache.org/maven2/ , you should see plenty of this in the logs :

"Downloading: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-resources-plugin/2.5/maven-resources-plugin-2.5.jar"

I edit the settings in /home/centos/apache-maven-3.5.0/conf/settings.xml to incorporate this setup https://books.sonatype.com/nexus-book/3.0/reference/maven.html#maven-sect-single-group

I have installed Nexus in /home/centos/nexus30/. Make sure you increase the file descriptors before you start.

"cd /home/centos/nexus30/nexus-3.5.1-02/bin/" and "./nexus start".

Login at http://localhost:8081 using admin/admin123 , go to http://localhost:8081/#admin/repository/repositories and check that "maven central" is already preconfigured with http://localhost:8081/repository/maven-central/ URL. You can browse the Nexus content at http://localhost:8081/#browse/browse/components:maven-central (it should be empty at this stage)

Clear the local Maven (ST) repo "rm -rf /home/centos/.m2/repository/*" and run again "mvn package". This time Maven should retrieve the artifacts from Nexus:

Downloaded: http://localhost:8081/repository/maven-public/org/apache/maven/plugins/maven-resources-plugin/2.5/maven-resources-plugin-2.5.pom

Browsing again http://localhost:8081/#browse/browse/components:maven-central should show that all artifacts are cached in Nexus.

In case of issues, check the logs /home/centos/nexus30/sonatype-work/nexus3/log (nexus.log, request.log, jvm.log) for details.

PS: (ST) stands for STINKS . Maven STINKS like a wet rotten dirty skunk. Use Gradle instead.

↧

Nexus Repository Migration

September 10, 2017, 12:06 pm

≫ Next: All Day DevOps on October 24, 2017 starting at 8:00am GMT

≪ Previous: Nexus and Maven (ST): setup

MIGRATING FROM 2.12.1 TO 2.14.5

Migrating from Nexus Repository Manager OSS 2.12.1-01 to the latest 3.0 version:

http://www.sonatype.org/nexus/2016/05/11/migrating-to-nexus-repository-3-easy-peasy/

https://www.youtube.com/watch?v=ba4VtpusRxo

beware: upgrade agent is part of 2.14 only! You should first upgrade to 2.14 then migrate to 3.0, as shown here https://www.youtube.com/watch?v=q6qkj8UiSRY

Very detailed instructions here https://help.sonatype.com/display/NXRM3/Upgrading

Download old releases here https://support.sonatype.com/hc/en-us/articles/218238798-Nexus-Repository-Manager-OSS-Download-Archives

I have installed Nexus 2.12 here: /home/centos/nexus2/nexus-2.12.0-01/bin


cd /home/centos/nexus2/nexus-2.12.0-01/bin
./nexus start

The URL is http://localhost:8081/nexus/ (in 3.X it's simply http://localhost:8081 )

In maven's settings.xml I had this


<mirror>
<!--This sends everything else to /public -->
<id>nexus</id>
<mirrorOf>*</mirrorOf>
<url>http://localhost:8081/repository/maven-public/</url>
</mirror>

this was valid for 3.5, in 2.12 the URL should be changed to http://localhost:8081/nexus/content/repositories/central/

I run a sample "mvn package" from "https://github.com/gabrielf/maven-samples" and I can observe that the repository "Maven Central" is filled with stuff: http://localhost:8081/nexus/service/local/feeds/recentlyCachedReleaseArtifacts, then I select the "Central" repo, "Browse Index" and I can see stuff in it (junit, hamcrest, codehaus...)

I want now to upgrade from 2.12.1 to 2.14.5 https://support.sonatype.com/hc/en-us/articles/213464198, which is the supported version to late upgrade to 3.5

I extract the 2.14.5 zip file in a temporary location and I copy the nexus-2.14.5-02 folder (NOT the sonatype-work folder!!!) to /home/centos/nexus2, so that the nexus-2.12 and nexus-2.14 share the same sonatype-work folder.


[centos@localhost nexus2]$ pwd
/home/centos/nexus2

[centos@localhost nexus2]$ ls -ltra
total 4
drwxr-xr-x.  8 centos centos  113 Dec 16  2015 nexus-2.12.0-01
drwxr-xr-x.  3 centos centos   37 Dec 16  2015 sonatype-work
drwxr-xr-x.  8 centos centos  113 Jul 25 12:39 nexus-2.14.5-02
drwx------. 33 centos centos 4096 Sep 10 19:28 ..
drwxrwxr-x.  5 centos centos   73 Sep 10 19:34 .

apparently the sonatype-work format is binary compatible among the 2.12 and 2.14.5 versions.

I stop nexus, make a backup copy of the conf folder:


cd /home/centos/nexus2
cp -R nexus-2.12.0-01/conf/ nexus-2.12.0-01/confBACKUP

apparently no further manual steps are required https://support.sonatype.com/hc/en-us/articles/213464338-Sonatype-Nexus-Upgrade-and-Compatibility-Notes

and now I start the new version of Nexus


cd nexus-2.14.5-02/bin
./nexus start

At a quick look, the content of the repository and an extra user I had created are preserved in the migration...

MIGRATING TO 3.5

Now I start nexus 3.5 side by side, on the same host, making sure I use a different number:


cd /home/centos/nexus3
grep -R 8081 *
nexus-3.5.1-02/etc/nexus-default.properties:application-port=8081

and I change that port to 18081


cd /home/centos/nexus3/nexus-3.5.1-02/bin
./nexus start

localhost:18081

things are working. I delete all pre-existing repositories

I follow all the steps as in https://help.sonatype.com/display/NXRM3/Upgrading and things work perfectly - using the "download" method (slowest)

I have tested the 3 methods and they all work, of course the file copy (hard link or not) is much faster than HTTP. If you wonder what a hard link is, read here https://askubuntu.com/questions/108771/what-is-the-difference-between-a-hard-link-and-a-symbolic-link

↧

All Day DevOps on October 24, 2017 starting at 8:00am GMT

September 21, 2017, 7:26 pm

≫ Next: JBoss CLI sucks

≪ Previous: Nexus Repository Migration

https://www.alldaydevops.com

register here https://www.alldaydevops.com/register

you can even watch the recorded session later (2016 recordings are available on their side...)

↧

JBoss CLI sucks

September 21, 2017, 7:53 pm

≫ Next: Cool Tools (from JBoss Hacks)

≪ Previous: All Day DevOps on October 24, 2017 starting at 8:00am GMT

Frankly the CLI hurts the eyes... someone should make it a bit more groovish... oh in fact here there is a guide how to do it http://www.mastertheboss.com/jboss-server/jboss-script/managing-wildfly-with-groovy-shell but it's a bit raw...

some recipes here:

https://docs.jboss.org/author/display/AS71/CLI+Recipes

at the end of the book "WildFly Configuration, Deployment, and Administration - Second Edition" there is also a useful CLI cheat sheet.

↧

Cool Tools (from JBoss Hacks)

September 22, 2017, 4:04 pm

≫ Next: Installing Docker on CentOS 7

≪ Previous: JBoss CLI sucks

be aware that the Kindle edition is royally scr...wed up, missing ALL the sample script in the text... what a pity... maybe the PDF version available here http://www.itbuzzpress.com/ebooks/jboss-org-hacks.html is better, no idea.

https://github.com/mgm3746/garbagecat to analyze gc logs

http://fastthread.io/index.jsp thread dump analysis

https://github.com/rparree/jboss-bash-completion jboss/wildfly bash completion

http://hawt.io/ web console rich of managing plugins

http://byteman.jboss.org/index.html byteman , bytecode manipulation tool

https://hub.docker.com/r/jboss/wildfly/ dockerhub wildfly image

https://developers.redhat.com/jboss-docker/?referrer=jbd docker jboss images

https://docs.jboss.org/wildfly/plugins/maven/latest/ wildfly maven plugin

Jboss Forge examples available here https://github.com/fmarchioni/jbosshacks

Wildfly Swarm Project Generator http://wildfly-swarm.io/generator/

https://developers.redhat.com/products/rhamt/download/ windup / migration tool to migrate from other AS to JBoss

↧

Installing Docker on CentOS 7

September 23, 2017, 10:24 am

≫ Next: Books: Docker in Action

≪ Previous: Cool Tools (from JBoss Hacks)

from the excellent guide https://docs.docker.com/engine/installation/linux/docker-ce/centos/

sudo yum remove docker docker-common docker-selinux docker-engine
sudo yum install -y yum-utils   device-mapper-persistent-data   lvm2
sudo yum-config-manager --add-repo  https://download.docker.com/linux/centos/docker-ce.repo
sudo yum-config-manager --enable docker-ce-edge
sudo yum-config-manager --enable docker-ce-test
sudo yum install docker-ce
yum list docker-ce.x86_64  --showduplicates | sort -r
sudo systemctl start docker
sudo docker run hello-world
sudo docker run -it ubuntu bash
sudo yum makecache fast
sudo groupadd docker
echo $USER
sudo usermod -aG docker $USER
#(perform logout/login here)
groups
#"centos docker"
sudo systemctl enable docker
#"Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service."
sudo chkconfig docker on
env | grep DOCKER_HOST
#DOCKER_HOST should not be defined if you want to connect to local daemon
#to restart daemon:
sudo service docker restart

useful commands (from the presentation below):

https://www.youtube.com/watch?v=VeiUjkiqo9E&feature=youtu.be

docker ps -a
docker version
docker info
docker images

docker run ubuntu echo "hello world"

docker run -i -t ubuntu
exit

docker diff 82af4da88bd7
docker rm 042cbb043587

docker run -d ubuntu /bin/sh -c "while true; do echo hello world; date; sleep 2; done"
docker logs 7939ad46d57c
docker attach 7939ad46d57c
docker stop 7939ad46d57c

docker inspect 7939ad46d57c

docker commit -m "installed apache" 7939ad46d57c mynamespace/myimage
docker images

#login into https://hub.docker.com
docker login
docker push mynamespace/myimage

docker rmi 77bde6a39eda

#execute the Dockerfile in myfolder and build a new image
docker build -t mynamespace/myimage github.com/myrepo/myfolder

#run assigning a non default port
docker run -d -p :8000 mynamespace/myimage

here the link to shipyard https://github.com/shipyard/shipyard

↧

Books: Docker in Action

September 25, 2017, 6:58 pm

≫ Next: Maven deploy-file fr batch upload

≪ Previous: Installing Docker on CentOS 7

It's an excellent book, highly recommended, Jeff Nickoloff is a great author.

Here some notes from the exercises

docker run dockerinaction/hello_world

docker help

Usage: docker COMMAND

A self-sufficient runtime for containers

Options:
--config string Location of client config files (default "/home/centos/.docker")
-D, --debug Enable debug mode
--help Print usage
-H, --host list Daemon socket(s) to connect to
-l, --log-level string Set the logging level ("debug"|"info"|"warn"|"error"|"fatal") (default "info")
--tls Use TLS; implied by --tlsverify
--tlscacert string Trust certs signed only by this CA (default "/home/centos/.docker/ca.pem")
--tlscert string Path to TLS certificate file (default "/home/centos/.docker/cert.pem")
--tlskey string Path to TLS key file (default "/home/centos/.docker/key.pem")
--tlsverify Use TLS and verify the remote
-v, --version Print version information and quit

Management Commands:
config Manage Docker configs
container Manage containers
image Manage images
network Manage networks
node Manage Swarm nodes
plugin Manage plugins
secret Manage Docker secrets
service Manage services
stack Manage Docker stacks
swarm Manage Swarm
system Manage Docker
volume Manage volumes

Commands:
attach Attach local standard input, output, and error streams to a running container
build Build an image from a Dockerfile
commit Create a new image from a container's changes
cp Copy files/folders between a container and the local filesystem
create Create a new container
diff Inspect changes to files or directories on a container's filesystem
events Get real time events from the server
exec Run a command in a running container
export Export a container's filesystem as a tar archive
history Show the history of an image
images List images
import Import the contents from a tarball to create a filesystem image
info Display system-wide information
inspect Return low-level information on Docker objects
kill Kill one or more running containers
load Load an image from a tar archive or STDIN
login Log in to a Docker registry
logout Log out from a Docker registry
logs Fetch the logs of a container
pause Pause all processes within one or more containers
port List port mappings or a specific mapping for the container
ps List containers
pull Pull an image or a repository from a registry
push Push an image or a repository to a registry
rename Rename a container
restart Restart one or more containers
rm Remove one or more containers
rmi Remove one or more images
run Run a command in a new container
save Save one or more images to a tar archive (streamed to STDOUT by default)
search Search the Docker Hub for images
start Start one or more stopped containers
stats Display a live stream of container(s) resource usage statistics
stop Stop one or more running containers
tag Create a tag TARGET_IMAGE that refers to SOURCE_IMAGE
top Display the running processes of a container
unpause Unpause all processes within one or more containers
update Update configuration of one or more containers
version Show the Docker version information
wait Block until one or more containers stop, then print their exit codes

Run 'docker COMMAND --help' for more information on a command.

interesting demo of Portainerhttps://portainer.io/overview.html#demo , I have installed and run locally to manage my environment

docker run --detach --name web nginx:latest

docker run --interactive --tty --link web:web --name web_test busybox:latest /bin/sh

wget -O - http://web:80/

exit
(CTRL-P CTRL-Q to run interactively a process and then detach)

#this example is WRONG in the book!
docker run -d --name mailer dockerinaction/ch2_mailer

docker run -it --name agent --link web:insideweb --link mailer:insidemailer dockerinaction/ch2_agent

#connect to a running instance in interactive mode
docker start -i "CID"

docker restart web
docker restart mailer
docker restart agent

docker run -d --name namespaceA busybox:latest /bin/sh -c "sleep 30000"
docker run -d --name namespaceB busybox:latest /bin/sh -c "nc -l -p 0.0.0.0:80"

docker exec namespaceA ps
docker exec namespaceB ps

#creating a conflict by NOT using namespaces
docker run -d --name webConflict nginx:latest
docker logs webConflict
docker exec webConflict nginx -g 'daemon off;'

#avoiding conflicts by using namespaces
docker run -d --name webA nginx:latest
docker logs webA
docker run -d --name webB nginx:latest
docker logs webB


docker rename webA webPippo

#create is like run, but it's created in stopped state
CID=$(docker create nginx)
echo $CID

docker create --cidfile /tmp/web.cid nginx

#running 3 containers linked to each other - in reverse order
MAILER_CID=$(docker run -d dockerinaction/ch2_mailer)
WEB_CID=$(docker run -d nginx)
AGENT_CID=$(docker run -d --link $WEB_CID:insideweb --link $MAILER_CID:insidemailer dockerinaction/ch2_agent)

#check status of container
docker inspect $CID


docker search postgres


docker pull busybox:latest
docker save -o myfile.tar busybox:latest
docker rmi busybox
docker load -i myfile.tar

↧

Maven deploy-file fr batch upload

September 27, 2017, 12:54 pm

≫ Next: Installing Openshift Origin on your CentOS 7 VM

≪ Previous: Books: Docker in Action

Unfortunately in the Nexus 3.5 and 3.6 version there is no batch upload of artifacts (in Nexus 2.X it was much easier: just rsync your Maven repo and "rebuild index"

http://maven.apache.org/plugins/maven-deploy-plugin/deploy-file-mojo.html

git clone https://github.com/gabrielf/maven-samples

git clone https://github.com/ronbadur/maven-artifacts-uploader

I start nexus with https://github.com/sonatype/docker-nexus3

sample command:

mvn -e -X deploy:deploy-file -q -DpomFile=/home/centos/myrepo/org/vafer/jdependency/1.1/jdependency-1.1.pom -Dfile=/home/centos/myrepo/org/vafer/jdependency/1.1/jdependency-1.1.jar -DrepositoryId=nexus -Durl=http://localhost:8081/repository/maven-releases/ -Dpackaging=jar

maven's settings.xml should contain

<server>
<id>nexus</id>
<username>admin</username>
<password>admin123</password>
</server>

If you get "ReasonPhrase: Repository does not allow updating assets: maven-releases." , make sure you set "allow redeploy" in the Deployment policy"

If you get "Cannot deploy artifact from the local repository:" it's because your source file is inside the .m2/repository folder - which is forbidden

↧

Installing Openshift Origin on your CentOS 7 VM

September 28, 2017, 12:57 pm

≫ Next: CentOS VM in VirtualBox connection to Internet

≪ Previous: Maven deploy-file fr batch upload

sudo yum install centos-release-openshift-origin

sudo yum install wget git net-tools bind-utils iptables-services bridge-utils bash-completion origin-clients

sudo oc cluster up

at this point, you get a terrifying

-- Checking Docker daemon configuration ... FAIL
   Error: did not detect an --insecure-registry argument on the Docker daemon
   Solution:

     Ensure that the Docker daemon is running with the following argument:
      --insecure-registry 172.30.0.0/16

after some googling, I start with :

oc cluster up --skip-registry-check=true

Starting OpenShift using openshift/origin:v3.6.0 ...
OpenShift server started.

The server is accessible via web console at:
    https://127.0.0.1:8443

You are logged in as:
    User:     developer
    Password: 

To login as administrator:
    oc login -u system:admin

I open the console at https://127.0.0.1:8443 (add security exception) and login with system/admin

go to overview

If you see an error in the logs "Could not resolve host: github.com", you are screwed !
Haha no, just "sudo systemctl restart docker" , then "oc start-build --from-build=yourbuildid"

create a new project, java, wildfly, copy git url, create project pvproject01

oc login https://127.0.0.1:8443

system/admin

oc project pvproject01

oc status

If you get this

[centos@localhost ~]$ oc cluster up --skip-registry-check=true 
-- Checking OpenShift client ... OK
-- Checking Docker client ... OK
-- Checking Docker version ... FAIL
   Error: Minor number must not contain leading zeroes "09"

it simply means that OpenShift developers are morons, and you have to wait the next release 1.5 for a fix. What a pathetic mess.

↧

CentOS VM in VirtualBox connection to Internet

October 1, 2017, 1:43 am

≫ Next: I have deleted my Facebook account

≪ Previous: Installing Openshift Origin on your CentOS 7 VM

Panic, my new CentOS VM was unable to connect to internet, no clue what I had done wrong.

Eventually this post gave me the solution https://superuser.com/a/1053605/95314

This is how the Network section is setup (pardon my German)

sudo vi /etc/sysconfig/network-scripts/ifcfg-enp0s3

I am adding

DNS1=8.8.8.8
DNS2=8.8.4.4

and changing this to yes

ONBOOT=yes

and "sudo reboot now"

Now I can happily ping google.com

↧

I have deleted my Facebook account

October 3, 2017, 12:36 pm

≫ Next: Nexus 2.14 not starting "No such file or directory"

≪ Previous: CentOS VM in VirtualBox connection to Internet

I was wasting way too much time simply browsing through a lot of endless chatter, sometimes almost neurotically/compulsively.

And some times I found myself intervening in other people conversations, gratuitously. And sometimes also polemically.

I feel now a liberated person, I have more free time and I have regained control of the time spent on a PC.

Also, I believe that true friendship can only stem from shared experiences, common values and ideals, and you can't really know someone via an interposed screen and keyboard. So, real friends stay in contact by email; the rest, I don't really care, just like they don't care about me.

Haha I will open a Facebook Closed Group for those who are intoxicated with Facebook - Alcoholic Anonymous style.

Incidentally, group therapies like AA really work - I have quit smoking thanks to a similar group. Maybe the idea of a group therapy to stop wasting a life on internet can be very effective.

↧

Nexus 2.14 not starting "No such file or directory"

October 4, 2017, 3:44 am

≫ Next: Nexus Repository Health Check (RHC) unauthorized proxy

≪ Previous: I have deleted my Facebook account

scary, all of a sudden I get in the wrapper.log file:

jvm 1 | wrapper | Unable to start JVM: No such file or directory (2)

this is really unimpressive, a decent coder would AT LEAST tell you "WHICH file or directory" could not be found.... but most developers are just selfish jerks who don't care about operations.

I edit the "bin/nexus" script to put a "set -x" at the beginning, and I discover that the command used to execute the wrapper is

/u01/app/admrun/nexus-java/bin/../bin/jsw/linux-x86-64/wrapper /u01/app/admrun/nexus-java/bin/../bin/jsw/conf/wrapper.conf wrapper.syslog.ident=nexus wrapper.pidfile=/u01/app/admrun/nexus-java/bin/../bin/jsw/linux-x86-64/nexus.pid wrapper.daemonize=TRUE

if you run the command with wrapper.daemonize=FALSE you can see the errors directly in the console - which is easier to debug.

useful post here https://stackoverflow.com/questions/29355815/error-in-sonar-startup-unable-to-start-jvm-no-such-file-or-directory-2

there I discover that there is an extra parameter wrapper.java.command, and in fact in wrapper.conf I see

# Set the JVM executable
# (modify this to absolute path if you need a Java that is not on the OS path)
wrapper.java.command=java

in fact, I don't have "java" in my path:

which java
/usr/bin/which: no java in (/usr/local/bin:/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/sbin:/u01/app/admrun/bin)

I try to set it to "wrapper.java.command=/u01/app/java/jdk1.8.0_45/bin/java" and it magically works

All this is really, really sad. A start script should CLEARLY validate all preconditions and give a very explanatory message stating what is wrong and how to fix it. Pathetic.

↧

Nexus Repository Health Check (RHC) unauthorized proxy

October 5, 2017, 1:56 am

≫ Next: Adam Bien The Great, and how to monitor health of a Docker Container

≪ Previous: Nexus 2.14 not starting "No such file or directory"

"The components in the repository were inspected, but their identity could not be confirmed. This may have happened for the following reasons:

The repository does not contain enough identified components for the results to be meaningful
The components were built from source instead of pulled from the Central Repository
The components were obtained from a repository other than the Central Repository
"

The connection to the Sonatype server is at rhc.sonatype.com port 443, that is IP address 207.223.241.78, which corresponds also to clm.sonatype.com and insight.sonatype.com

Apparently for the PRO version it's rhc-pro.sonatype.com 443 which is 207.223.241.78

Apparently one can have only ONE health check every 24 hours.

Incidentally, if you are using a proxy, and you are not authenticated, you get this error message

org.apache.http.impl.execchain.TunnelRefusedException pxpool-1-thread-4 CONNECT refused by proxy: HTTP/1.1 407 Proxy Authentication Required

with this stacktrace

java.lang.Throwable.(String) 1
java.lang.Exception.(String) 1
org.apache.http.HttpException.(String) 1
org.apache.http.impl.execchain.TunnelRefusedException.(String, HttpResponse) 1
org.apache.http.impl.execchain.MainClientExec.createTunnelToTarget(AuthState, HttpClientConnection, HttpRoute, HttpRequest, HttpClientContext) 1
org.apache.http.impl.execchain.MainClientExec.establishRoute(AuthState, HttpClientConnection, HttpRoute, HttpRequest, HttpClientContext) 1
org.apache.http.impl.execchain.MainClientExec.execute(HttpRoute, HttpRequestWrapper, HttpClientContext, HttpExecutionAware) 1
org.apache.http.impl.execchain.ProtocolExec.execute(HttpRoute, HttpRequestWrapper, HttpClientContext, HttpExecutionAware) 1
org.apache.http.impl.execchain.RetryExec.execute(HttpRoute, HttpRequestWrapper, HttpClientContext, HttpExecutionAware) 1
org.apache.http.impl.execchain.RedirectExec.execute(HttpRoute, HttpRequestWrapper, HttpClientContext, HttpExecutionAware) 1
org.apache.http.impl.client.InternalHttpClient.doExecute(HttpHost, HttpRequest, HttpContext) 1
org.apache.http.impl.client.CloseableHttpClient.execute(HttpUriRequest, HttpContext) 1
org.apache.http.impl.client.CloseableHttpClient.execute(HttpUriRequest) 1
org.apache.http.impl.client.CloseableHttpClient.execute(HttpUriRequest) 1
com.sonatype.nexus.plugins.healthcheck.service.impl.InsightServiceImpl.execute(HttpUriRequest) 1
com.sonatype.nexus.plugins.healthcheck.service.impl.InsightServiceImpl.doGet(String) 1
com.sonatype.nexus.plugins.healthcheck.service.impl.InsightServiceImpl.getNextRunDeltas(String) 1
com.sonatype.nexus.plugins.healthcheck.task.HealthCheckTask.doDeltaCheck(String) 1
com.sonatype.nexus.plugins.healthcheck.task.HealthCheckTask.doRunSafe() 1
com.sonatype.nexus.plugins.healthcheck.task.HealthCheckTask.doRun() 1
org.sonatype.nexus.scheduling.AbstractNexusTask.call() 1
org.sonatype.scheduling.DefaultScheduledTask.call() 1
org.sonatype.nexus.threads.MDCAwareCallable.call() 1
org.apache.shiro.subject.support.SubjectCallable.doCall(Callable) 1
org.apache.shiro.subject.support.SubjectCallable.call() 1
java.util.concurrent.FutureTask.run() 1
java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor$ScheduledFutureTask) 1
java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run() 1
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor$Worker) 1
java.util.concurrent.ThreadPoolExecutor$Worker.run() 1
java.lang.Thread.run() 1

So https://support.microsoft.com/en-us/help/248020/iis-5-0-error-message-http-1-1-407-proxy-authentication-required you have to talk to the proxy administrator

↧

Adam Bien The Great, and how to monitor health of a Docker Container

October 5, 2017, 5:48 pm

≫ Next: Fixing a currupt (or corrupted? ) USB drive

≪ Previous: Nexus Repository Health Check (RHC) unauthorized proxy

git clone https://github.com/AdamBien/airhacks.git

git clone https://github.com/AdamBien/docklands.git

docker build -t airhacks/payara-ping .


Sending build context to Docker daemon  14.85kB
Step 1/5 : FROM airhacks/payara
latest: Pulling from airhacks/payara
785fe1d06b2d: Pull complete 
b6ea41613b27: Pull complete 
164939690f71: Pull complete 
5cd0a8d28e0b: Pull complete 
1fa1008aa8f7: Pull complete 
4fe8b3142e9d: Pull complete 
Digest: sha256:f550a096b325f467155a462069bddd54f8d365fdb285271b9b2fdbfec4464018
Status: Downloaded newer image for airhacks/payara:latest
 ---> d2d4659c3fbb
Step 2/5 : MAINTAINER Adam Bien, adam-bien.com
 ---> Running in 36c695b80088
 ---> 8d417d79b693
Removing intermediate container 36c695b80088
Step 3/5 : COPY ping.war ${DEPLOYMENT_DIR}
 ---> 3b2a6278d76e
Step 4/5 : ENV WAR ping.war
 ---> Running in fa4484344c05
 ---> 14d72ab44a73
Removing intermediate container fa4484344c05
Step 5/5 : HEALTHCHECK --interval=15s CMD curl --fail http://localhost:8080/ping/resources/pings/echo/+ || exit 1
 ---> Running in 26f9dd4b7d01
 ---> d97945495493
Removing intermediate container 26f9dd4b7d01
Successfully built d97945495493
Successfully tagged airhacks/payara-ping:latest

What does a "docker build -t bla" do? https://docs.docker.com/engine/reference/commandline/build/#options"This will build like the previous example, but it will then tag the resulting image. "

https://hub.docker.com/r/airhacks/payara-ping/

docker inspect payara-ping

docker exec -it payara-ping /bin/bash

cd ../domains/domain1/autodeploy/

↧

MIGRATING FROM 2.12.1 TO 2.14.5

MIGRATING TO 3.5

Latest Images