Category Archives: linux

Lightweight Docker Swarm Environment

In the following short tutorial I want to show how to setup a lightweight and easy to manage docker-swarm environment. This environment is an alternative to the mostly heavyweight solutions like Rancher or Googles Kubernetes. For developers and companies that are not compelled to operate over 1000 machines on 4 different continents, this can be a clever alternative.

The docker-swarm environment, I am demonstrating here, uses Docker Engine CLI commands entered into a terminal. But as we’ll see, this environment also includes a very nice UI front end. You should be able to install Docker on networked machines and be comfortable with running commands in the shell of your choice.

Continue reading

How to Setup a Private Docker Registry

In this short tutorial I will show how to setup a private Docker registry. A private registry can be helpful if you want to distribute docker images in a large developer team or provide docker images to your customers. The tutorial assumes that you have a server with a docker daemon running in your network environment or internet. The goal is to push locally build docker images to the docker registry, so that other team members or customers can pull those images without the need to build the images from a Docker file. In the Imixs-Workflow Project we use such a private registry to support our customers with custom docker images. Continue reading

Deploy Gitbucket on Wildfly

When trying to deploy the Gitbucket project into wildfly I go tthe following error message:

WARN [org.jboss.modules] (ServerService Thread Pool -- 81) Failed to define class liquibase.serializer.core.yaml.YamlSerializer$LiquibaseRepresenter in Module "deployment.gitbucket.war:main" from Service Module Loader: java.lang.NoClassDefFoundError: Failed to link liquibase/serializer/core/yaml/YamlSerializer$LiquibaseRepresenter (Module "deployment.gitbucket.war:main" from Service Module Loader): org/yaml/snakeyaml/representer/Representer ...

This is a known issue and discussed here.

You can fix it if you add the file ‘jboss-deployment-structure.xml’ into the WEB-INF/ folder with the following content:

<jboss-deployment-structure>
  <deployment>
    <dependencies>
      <system export="true">
        <paths>
          <path name="com/sun/net/ssl/internal/ssl" />
          <path name="com/sun/net/ssl" />
        </paths>
      </system>
      <!-- add snakeyaml dependency -->
      <module name="org.yaml.snakeyaml"/>
    </dependencies>
  </deployment>
</jboss-deployment-structure>

How to install:

The following is a short install guide how to modify the gitbucket.war downloaded form the project release page:

1.) Download latest version from release page:

wget https://github.com/gitbucket/gitbucket/releases/download/4.7.1/gitbucket.war

change the version if needed

2.) unzip the war file

unzip gitbucket.war -d tmp/gitbucket.war

3.) create the ‘jboss-deployment-structure.xml’ file and add the content as explained above. Than copy the file into the WEB-INF folder

cp jboss-deployment-structure.xml /tmp/gitbucket.war/WEB-INF/

4.) create the doDeploy file

touch tmp/gitbucket.war/gitbucket.war.dodeploy

5.) start deployment by moving the folder to the wildfly deploy directory

cd tmp/
mv gitbucket.war /opt/wildfly/standalone/deployments/

Install Script

You can use also my install script from here to install gitbucket on Wildfly 9.x & 10.x under Linux.

/bin/bash wildfly-install.sh [INSTALLDIR] [GITBUCKET-VERSION]

You can specify the install directory of your wilfly installation and the gitbucket version.

Example:

/bin/bash wildfly-install.sh [INSTALLDIR] [GITBUCKET-VERSION]

Note: The script must be run as root. The script assumes that wildfly is running with the user ‘wildfly’. You can change this in your script if needed.

WildFly Undertow – How to Configure a Request Dump

If you need to debug the request headers send to Wildfly application server you can configure a Request-Dumper. There for change the standalone.xml file and add a filter-ref and filter configuration into the subsystem section of undertow. See the following example:

... 
<subsystem xmlns="urn:jboss:domain:undertow:2.0">
....
 <server name="default-server">
       ...
      <host name="default-host" alias="localhost">
          .....
          <filter-ref name="request-dumper"/>
      </host>
 </server>
....
<filters>
    .....
    <filter name="request-dumper" class-name="io.undertow.server.handlers.RequestDumpingHandler" module="io.undertow.core" />
</filters

This will print out all the request information send by a browser.

Eclipse Mars on Debian Jessie with Gnome 3

After downloading the new Eclipse IDE Mars I was disappointed of the corrupted design. Several dialog pages did not work as expected or were empty until the dialog window was resized.

eclipse_mars_properties_dialog_bpmn

As Eclipse release 4.5 (Mars)  is based on GTK 3, the problem in my case was the missing library “gtk3-engines-oxygen”. This it the so called Oxygen widget theme for GTK3-based applications like the Eclipse Mars release.

After installing the missing library with apt:

apt-get install gtk3-engines-oxygen

the Eclipse Mars Release works perfect!

eclipse_mars_gtk_screen_11

Customize Eclipse them Jeeeyul’s Eclipse Themes

A very nice plug-in for Eclipse is the ‘Jeeeyul’s Eclipse Themes‘.  This plug-in provides a set of cool themes for eclipse and also a cool editor to customize the theme individually.

Adjusting the window margins

Another annoying thing in Eclipse GTK with Gnome is the small margin between to windows so you cant grasp the space with the mouse to resize the view.This problem can also be solved directly with the Jeeeyul’s plug-in:

In the ‘General’ section of the Jeeeyul’s Themes section you can change the “Winddow Pacing”. Disable the option ‘Cast Shadow’ and set ‘Part Stack Spacing’ to 5 and ‘Margins’ to 0. After that you need to restart Eclipse.

Alternative: Disable GTK3

An alternative is to simply deactivate GTK3 for Eclipse Mars. You need to set the environment variable ‘SWT_GTK3’ to ‘0’.

I am using the following bash start script to launch Eclipse Mars:

#!/bin/bash
cd /opt/eclipse-jee-mars/
export SWT_GTK3=0
./eclipse

See also the comments below.

 

Using “curl” to request the Imixs-Workflow Rest API

The command line tool ‘curl’ is useful in cases when you just want to check some REST APIs from a console. You can find a lot of information about how to use curl on curl.haxx.se.

If you want to test the Imixs Rest API you need in most cases a basic authentification against the Workflow Server. This is an example how to send username/password along with a GET request:

curl --user admin:mypassword http://localhost:8080/imixs-microservice/workflow/worklist

This examples returns the worklist for the User ‘admin’ from a Imixs-Workflow Rest Service running on localhost port 8080.

If you don’t specify the media type Imixs-Workflow will return an HTML output. You can see this also in your Browser. But Imixs-Workflow also supports the media types JSON and XML. To request the same URL in JSON you can add a Header parameter like this:

curl --user admin:mypassword -H "Accept: application/json" http://localhost:8080/imixs-microservice/workflow/worklist

or if you want to get the same response in XML format:

curl --user admin:mypassword -H "Accept: application/xml" http://localhost:8080/imixs-microservice/workflow/worklist

If you know the UniqueID of a workitem, which is included in the worklist result you can also request a single Workitem from the Imixs-Workflow. See the following curl example to request a workitem in JSON format:

curl --user admin:adminadmin -H "Accept: application/json" http://localhost:8080/imixs-microservice/workflow/workitem/14b65352f58-259f4f9b

This example returns the content of the Workitem with the UniqueID ’14b65352f58-259f4f9b’. You can also restrict the result to a subset of properties when you add the query parameter ‘items’:

curl --user admin:adminadmin -H "Accept: application/json" http://localhost:8080/imixs-microservice/workflow/workitem/14b65352f58-259f4f9b?items=txtname;$processid

See the Imixs-Workflow RestAPI for more information.

If you want to test what is possible with Imixs-Workflow REST API and curl you can try the Imixs-Microservice. Imixs-Microservice provides a full featured Workflow System based on a REST API. Imixs-Microservice also supports Docker so you do not need to install a Application Server by your self.

Debian freezes randomly

Since about one year I own a ultrabook ‘Wortmann Terra Mobile 1450 II’ which I run on Linux.  The system contains a Intel Core i7-351U chip set and 8GB RAM. But this system shows a very strange problem on Linux (and as I guess maybe also on other operating systems): randomly the system freezes.

When the system freezes no mouse , no keyboard, no REISUB was possible. The screen is corrupted and did not update. The only key board functionality which is still possible is Fn+F9 (switch display on/off). So the only possibility was to to switch off the system hard.

The freeze occurs when the system runs on battery as also when it is plugged. It looked as if the errors occurs more frequently at high memory usage.

The memory…

A memory check (with memtest86+) indicates no problem. Therefore, I thought it had to do something with the kernel. See also the discussion here. But updating every week a new kernel version and playing around with several kernel boot options the problem still occurs.

Back to the idea that the problem comes from the RAM I installed the tool ‘memtester’. With this tool you can test memory when linux is running. For Example I started a test to check 7GB RAM with the following command:

memtester 7G 1

And now I was able to force the freeze. During such a test each time my system freezes. Also when I booted in kernel recovery mode the same situation – system freezes! So this indicated to me that the problem is with the memory.

The solution

If the memory seems to be ok in general (memtest86+ indicates no errors) but the system freezes in situations with heavy  memory usage (memtester) then it may have something to do with overclocking the memory?

In my BIOS settings () I found the following setting:

->Chipset
-> System Agent (SA) Configuration
-> Memory Configuration
-> Memory Frequency Limiter

This was defined as ‘AUTO’. What ever this means I changed the value to lowest available setting of ‘1067’ (other values where 1600, 1867, … up to 2667). With this setting I can not see any substantial impairment of the speed. But from now on my system runs without any more freezes!

So if you are also faced with the problem of random freezes, first try to control the overclocking of your memory. I hope this will help you too.

After all the last question is: Is my hardware to fast for linux or is linux to fast for my hardware 😉

 

WordPress – try to lock out hackers

WordPress is really a nice software. I use it for websites and blogs. The problem is that WordPress is so common used in the net that hackers aggressive try to enter your site and inject eval php code. This is really terrible and I suffered some times ago because such a hackers attach against main own web sites.

After all I think two things can help to lock out hackers from wordpress.

1) Wordfence Plugin

The Wordfence Plugin is – in my eyes  – really good software. You should install this plugin to understand if your wordpress is under attack.

2) Protect your directories

The important thing running WordPress is to protect your directories. Never allow the apache server to write into the WordPress instalation directory. I know this is for most people an essential feature because this allows to easily update WordPress, install Plugins and Themes. But this also allows hackers to inject bad php code into your installation. And the most secure way to protect your wordpress installation is to disallow the apache server to write into the installation code.

For Linux servers this means:

In your apache web directory create a folder for your WordPress installation and reduce the directory access to a minimum which means only your own linux user account should be the owner and allowed to change content.

ls -l /var/www/
drwxr-xr-x 5 youraccount youraccount 4096 Apr 16 21:12 wordpress

As you can see the apache user (e.g. www-data) can only read but not change directories. Any changes on the wp-config.php or the installation of plugins or themes can still be made by direct ssh access (in this example) from the user ‘youraccount’.

The only exception could be the wp-content/uploads folder which need to be writable from apache when you try to upload an image.

There are a lot of additional tipps and tricks how to protect your WordPress. But I think protecting the WordPress installation from modification by the apache server is the best way.