Community and communication

April 27, 2010 · Posted in Quotes · Comments Off on Community and communication 

The words “community” and “communication” have the same root. Wherever you put a communications network, you put a community as well. And whenever you take away that network — confiscate it, outlaw it, crash it, raise its price beyond affordability — then you hurt that community.

from the book “The Hacker Crackdown”.

Enable security using user/pass on jxm-console

April 16, 2010 · Posted in JBoss · Comments Off on Enable security using user/pass on jxm-console 

jmx-console

The jmx-console is a administration tool of JBoss. Through it you can set-up the application, change values and start/stop the JBoss.

One of my servers had a Jboss running but without access control, it was a high security error because anyone in the network can login the console.

To fix this you have to edit the next files:

1. /jboss/server/default/deploy/jmx-console.war/WEB-INF/jboss-web.xml

<jboss-web>
   <!-- Uncomment the security-domain to enable security. You will
      need to edit the htmladaptor login configuration to setup the
      login modules used to authentication users.
      <security-domain>java:/jaas/jmx-console</security-domain>
   -->
</jboss-web>

and uncomment

<jboss-web>
   <!-- Uncomment the security-domain to enable security. You will
      need to edit the htmladaptor login configuration to setup the
      login modules used to authentication users.
   -->
      <security-domain>java:/jaas/jmx-console</security-domain>
</jboss-web>

2. in /jboss/server/default/deploy/jmx-console.war/WEB-INF/web.xml look for

<!-- A security constraint that restricts access to the HTML JMX console
   to users with the role JBossAdmin. Edit the roles to what you want and
   uncomment the WEB-INF/jboss-web.xml/security-domain element to enable
   secured access to the HTML JMX console.

   <security-constraint>
     <web-resource-collection>
       <web-resource-name>HtmlAdaptor</web-resource-name>
       <description>An example security config that only allows users with the
         role JBossAdmin to access the HTML JMX console web application
       </description>
       <url-pattern>/*</url-pattern>
       <http-method>GET</http-method>
       <http-method>POST</http-method>
     </web-resource-collection>
     <auth-constraint>
       <role-name>JBossAdmin</role-name>
     </auth-constraint>
   </security-constraint>
    -->

also uncomment

<!-- A security constraint that restricts access to the HTML JMX console
   to users with the role JBossAdmin. Edit the roles to what you want and
   uncomment the WEB-INF/jboss-web.xml/security-domain element to enable
   secured access to the HTML JMX console.
   -->
   <security-constraint>
     <web-resource-collection>
       <web-resource-name>HtmlAdaptor</web-resource-name>
       <description>An example security config that only allows users with the
         role JBossAdmin to access the HTML JMX console web application
       </description>
       <url-pattern>/*</url-pattern>
       <http-method>GET</http-method>
       <http-method>POST</http-method>
     </web-resource-collection>
     <auth-constraint>
       <role-name>JBossAdmin</role-name>
     </auth-constraint>
   </security-constraint>

3. Finally, to set the password of ‘admin’ user change in this file.  /jboss/server/default/conf/props/jmx-console-users.properties

admin=admin

for

admin=new_pass

Custom Glassfish Enterprise Installation

March 31, 2010 · Posted in Glassfish · Comments Off on Custom Glassfish Enterprise Installation 

A typical glassfish installation is easy to do, it’s just select the proper options but I need a custom installation with specific ports, non-default domain name and node-agent name.

The installation

I’ll install the Enterprise version with HADB because it has Sun support and it’s better for a server in production environment. It’s available to download for Solaris and Linux.

When the package is downloaded it’s time to unzip and install, I ‘ve chosen the console installation:

# unzip sjsas_ee-9_1-solaris-sparc-ifr-ml.zip
# cd installer-ifr
# ./setup -console

This launch the installation program, now we must do a installation with default options and set the user and admin passwords, I skip this part but there are a lot of guides on internet that explain it.

Customization

Now, we already have a glassfish installation with a default domain (domain1) but I want change its name to MYDOMAIN, the easiest way is to create a new domain (MYDOMAIN) and delete the default domain (domain1); also I need other ports. I made this script to do all, copy it and change the values for your case, the script creates the nodeagent too (called my-agent):

#!/bin/bash

ASADMIN=/opt/SUNWappserver/appserver/bin/asadmin

DOMAIN_NAME=MYDOMAIN
HOSTNAME=your_server_hostname
ADMIN_PORT=4840

HTTP_PORT=8080
IIOP_PORT=3700
JMS_PORT=7670
HTTP_SSL_PORT=8180
IIOP_SSL_PORT=3820
IIOP_MUTUALAUTH_PORT=3920
JMX_ADMIN_PORT=8680

$ASADMIN create-domain --profile enterprise --adminport $ADMIN_PORT --savemasterpassword=true --savelogin --domainproperties jms.port=$JMS_PORT:domain.jmxPort=$JMX_ADMIN_PORT:orb.listener.port=$IIOP_PORT:http.ssl.port=$HTTP_SSL_P
ORT:orb.ssl.port=$IIOP_SSL_PORT:orb.mutualauth.port=$IIOP_MUTUALAUTH_PORT $DOMAIN_NAME

$ASADMIN create-node-agent --host $HOSTNAME --port $ADMIN_PORT my-agent

Now delete the default domain:

# /opt/SUNWapp/appserver/bin/asadmin delete-domain domain1

To finish we lack only the instances, first we have to create a configuration for each instance. You can create it in Admin Console -> Configurations -> New…, I need four configurations for 4 instances (config-01, config-02, config-03, config-04).

Create and setup the configurations and then create the instances:

# /opt/SUNWappserver/appserver/bin/asadmin create-instance --port 4840 --nodeagent csact-agent --config config-01 instance01
# /opt/SUNWappserver/appserver/bin/asadmin create-instance --port 4840 --nodeagent csact-agent --config config-02 instance02
# /opt/SUNWappserver/appserver/bin/asadmin create-instance --port 4840 --nodeagent csact-agent --config config-03 instance03
# /opt/SUNWappserver/appserver/bin/asadmin create-instance --port 4840 --nodeagent csact-agent --config config-04 instance04

If all is ok you can start domain, node-agent and instances. The applications development is on your own ;).

Perl Manual (II): Before coding

August 6, 2009 · Posted in Doc, Perl · Comments Off on Perl Manual (II): Before coding 

Before start to write code you must make a list of steps to do it correctly. You can just open your favourite text editor, write few code lines and run; this would be fine if your need something short, quick and sweet, but if you are writing a script to use in a future or to another person or group you must follow some basic rules and strongly recommended:

  • Design the program flow
  • Make reusable parts
  • Document, document, document!

 
Comments
A comment is a note into the code what is not interpreted, the Perl interpreter just ignore it. The comments are used to add information about the code and the program.

In Perl the comments are written using the # symbol. Any text after # and to the end of line is a comment.

# This is a comment

Perl hasn’t got a multi-line comment mark, to comment several lines you can put a # at the beginning of each.

# Example of
#
Multi-line comment.
 
 
Templates

Create templates like a base for your scripts is a good habit, that way all of them will have a similar style.

In the template must be information about the author, date, version and what the script do. If you are creating a subroutine in the script you must comment parameters, return and a function description too.

A template example:

[Script Header]
#!/usr/bin/perl -w
#——————–
#Script Name:
#Script Version:
#Date:
#Author:
#Description:
#Revision History:
# 1.0/: original version
#——————–
[END of Script Header]

[Function Header]
#——————–
#Function
#Version:
#Input:
#Output:
#Description:
#——————–
[END of Function Header]

 
First Line

The first line of the script must starts with #! and the Perl interpreter path. It’s not essential to do it but it’s very recommended because indicates where the program can find the interpreter and you can pass runtime options to it.

For example, to run the script in warning mode (and the interpreter is in /usr/bin) the first line has to be:

#!/usr/bin/perl -w

This run the script activating several useful warnings. There are a lot of options, for more information the best way is read the Perl manpages.

 
To be continued…

In the next part of this manual we’ll write our first script (at last!)

My next move

August 5, 2009 · Posted in Andrade · Comments Off on My next move 

I’m thinking about leave Madrid and start a new time in other city, perhaps in Prague or Dublin. One reason to write this blog is to practice and improve my English and to force me to improve my Unix skills.

eath_150

Why Prague, why Dublin?

Well, really I don’t know. I know Prague and I love this city, it’s cheaper for living than Madrid and I’m seeing a lot of interesting job opportunities.

Dublin attract me for the languages: English and Gaelic (this celtic language is beautiful and sounds exotic), it’s near of my home, the people seems nice and warm and the country is very interesting. And for the Guinness too 😉

How?

In the next months I’m going to study English, certificate me in Solaris, Red Hat and Linux, gain new skills and save as much money as I can.

Perl Manual: Introduction

July 31, 2009 · Posted in Doc, Perl · Comments Off on Perl Manual: Introduction 

Perl is one of the most used and famed scripting language, it can be installed in almost all platforms and operating systems and it’s very versatile. It’s also free and there are a lot of websites with content Perl-related, CGI scripts for example. There are modules (or libraries) for the most varied programming tasks (mathematics functions, file compression/decompression, data encrypt, HTML and XML handling, networking, data base access, etc.).

Perl_Camel

The official web of Perl is http://www.perl.com and it has a lot of links to other useful information sources. Perl has a directory called CPAN (‘Comprehensive Perl Archive Network), with mirrors around the world, where you can find the main extension modules for this language.

Perl has the same virtues and flaws that the other scripting languages, like Python, Ruby, Tcl/Tk and, though less versatile, awk. The motto of Perl is “There’s more than one way to do it“, I believe it.
It’s a semi-interpreted/semi-compiled language, but we can consider it interpreted because don’t exist the intermediate compile and link stages, this make possible run the program just after write it.

In the next articles of this series I will try to explain the Perl basics for benefit from its efficiency and write speed.

Sysadmin Appreciation Day

July 31, 2009 · Posted in Events · Comments Off on Sysadmin Appreciation Day 

This blog has just been born and already has its first celebration: Today is the System Administrator Appreciation Day!

Congratulations for everyone in the club 🙂

00q7b7h6

Message for my users and workmates: I’m waiting for all your gifts and signs of gratitude for my hard work and dedication.

> boot andrade

July 29, 2009 · Posted in Andrade · Comments Off on > boot andrade 

andr

booting…

« Previous Page