https://helidon.io/docs/latest/#/microprofile/01_introduction
Quickstart Helidon SE https://helidon.io/docs/latest/#/guides/02_quickstart-se
Quickstart Helidon MP https://helidon.io/docs/latest/#/guides/03_quickstart-mp
"MicroProfile is a collection of enterprise Java APIs that should feel familiar to Java EE developers. MicroProfile includes existing APIs such as JAX-RS, JSON-P and CDI, and adds additional APIs in areas such as configuration, metrics, fault tolerance and more."
More on MP https://helidon.io/docs/latest/#/microprofile/01_introduction
Friday, June 28, 2019
Saturday, June 22, 2019
maven-install-plugin copies files to your local .m2 repo
http://maven.apache.org/plugins/maven-install-plugin/usage.html
you can run this command from anywhere, no need for a pom.xml:
$ mvn install:install-file -Dfile=/c/pierre/downloads/apache-maven-3.5.3-bin.zip -DgroupId=pippo -DartifactId=pluto -Dpackaging=zip -Dversion=3.0
[INFO] Scanning for projects...
[INFO]
[INFO] ------------------< org.apache.maven:standalone-pom >-------------------
[INFO] Building Maven Stub Project (No POM) 1
[INFO] --------------------------------[ pom ]---------------------------------
[INFO]
[INFO] --- maven-install-plugin:2.4:install-file (default-cli) @ standalone-pom ---
[INFO] Installing C:\pierre\downloads\apache-maven-3.5.3-bin.zip to c:\pierre\.m2\repository\pippo\pluto\3.0\pluto-3.0.zip
[INFO] Installing C:\Users\pierl\AppData\Local\Temp\mvninstall5440042488979291271.pom to c:\pierre\.m2\repository\pippo\pluto\3.0\pluto-3.0.pom
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 0.689 s
[INFO] Finished at: 2019-06-22T16:08:57+02:00
[INFO] ------------------------------------------------------------------------
and the generated pom.xml is
you can run this command from anywhere, no need for a pom.xml:
$ mvn install:install-file -Dfile=/c/pierre/downloads/apache-maven-3.5.3-bin.zip -DgroupId=pippo -DartifactId=pluto -Dpackaging=zip -Dversion=3.0
[INFO] Scanning for projects...
[INFO]
[INFO] ------------------< org.apache.maven:standalone-pom >-------------------
[INFO] Building Maven Stub Project (No POM) 1
[INFO] --------------------------------[ pom ]---------------------------------
[INFO]
[INFO] --- maven-install-plugin:2.4:install-file (default-cli) @ standalone-pom ---
[INFO] Installing C:\pierre\downloads\apache-maven-3.5.3-bin.zip to c:\pierre\.m2\repository\pippo\pluto\3.0\pluto-3.0.zip
[INFO] Installing C:\Users\pierl\AppData\Local\Temp\mvninstall5440042488979291271.pom to c:\pierre\.m2\repository\pippo\pluto\3.0\pluto-3.0.pom
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 0.689 s
[INFO] Finished at: 2019-06-22T16:08:57+02:00
[INFO] ------------------------------------------------------------------------
and the generated pom.xml is
<?xml version="1.0" encoding="UTF-8"?>
<project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd" xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<modelVersion>4.0.0</modelVersion>
<groupId>pippo</groupId>
<artifactId>pluto</artifactId>
<version>3.0</version>
<packaging>zip</packaging>
<description>POM was created from install:install-file</description>
</project>
Wednesday, June 19, 2019
Spring Boot 2 HTTPS
see also https://www.baeldung.com/spring-boot-https-self-signed-certificate
https://better-coding.com/enabling-https-in-spring-boot-application/
generate the self-signed certificate:
keytool -genkeypair -alias baeldung -keyalg RSA -keysize 2048 -storetype PKCS12 -keystore baeldung.p12 -validity 3650
and store it in src/main/resources/keystore folder
in applications.properties:
https://better-coding.com/enabling-https-in-spring-boot-application/
generate the self-signed certificate:
keytool -genkeypair -alias baeldung -keyalg RSA -keysize 2048 -storetype PKCS12 -keystore baeldung.p12 -validity 3650
and store it in src/main/resources/keystore folder
in applications.properties:
server.port=8443 management.endpoints.web.exposure.include=* management.endpoint.shutdown.enabled=true # The format used for the keystore. It could be set to JKS in case it is a JKS file server.ssl.key-store-type=PKCS12 # The path to the keystore containing the certificate #server.ssl.key-store=classpath:keystore/baeldung.p12 server.ssl.key-store=src/main/resources/keystore/baeldung.p12 # The password used to generate the certificate server.ssl.key-store-password=password # The alias mapped to the certificate server.ssl.key-alias=baeldung server.ssl.key-password=password #trust store location trust.store=classpath:keystore/baeldung.p12 #trust store password trust.store.password=password
maven common plugins
For a very good overall tutorial on Maven, read this https://www.baeldung.com/maven
For a list of most plugins https://maven.apache.org/plugins/
https://www.baeldung.com/executable-jar-with-maven
maven-dependency-plugin
maven-jar-plugin
maven-assembly-plugin
maven-shade-plugin
com.jolira.onejar-maven-plugin
spring-boot-maven-plugin
tomcat7-maven-plugin
https://www.baeldung.com/maven-profiles
maven-help-plugin
https://www.baeldung.com/maven-dependency-latest-version
versions-maven-plugin
https://www.baeldung.com/maven-enforcer-plugin
maven-enforcer-plugin
https://www.mojohaus.org/build-helper-maven-plugin/usage.html
build-helper-maven-plugin
https://www.baeldung.com/maven-release-nexus
https://www.baeldung.com/install-local-jar-with-maven/
maven-install-plugin
maven-deploy-plugin
maven-release-plugin
nexus-staging-maven-plugin
https://www.baeldung.com/integration-testing-with-the-maven-cargo-plugin
maven-surefire-plugin
For a list of most plugins https://maven.apache.org/plugins/
https://www.baeldung.com/executable-jar-with-maven
maven-dependency-plugin
maven-jar-plugin
maven-assembly-plugin
maven-shade-plugin
com.jolira.onejar-maven-plugin
spring-boot-maven-plugin
tomcat7-maven-plugin
https://www.baeldung.com/maven-profiles
maven-help-plugin
https://www.baeldung.com/maven-dependency-latest-version
versions-maven-plugin
https://www.baeldung.com/maven-enforcer-plugin
maven-enforcer-plugin
https://www.mojohaus.org/build-helper-maven-plugin/usage.html
build-helper-maven-plugin
https://www.baeldung.com/maven-release-nexus
https://www.baeldung.com/install-local-jar-with-maven/
maven-install-plugin
maven-deploy-plugin
maven-release-plugin
nexus-staging-maven-plugin
https://www.baeldung.com/integration-testing-with-the-maven-cargo-plugin
maven-surefire-plugin
Monday, June 17, 2019
Spring certification
https://d1fto35gcfffzn.cloudfront.net/academy/Spring-Professional-Certification-Study-Guide.pdf
buy exam here https://academy.pivotal.io/confirm-course?courseid=EDU-1120-APP
Udemy courses
https://www.udemy.com/spring-framework-4-course-and-core-spring-certification/
https://www.udemy.com/course/spring-framework-5-beginner-to-guru/
Mock exam https://www.certification-questions.com/spring-dumps/professional.html
buy exam here https://academy.pivotal.io/confirm-course?courseid=EDU-1120-APP
Udemy courses
https://www.udemy.com/spring-framework-4-course-and-core-spring-certification/
https://www.udemy.com/course/spring-framework-5-beginner-to-guru/
Mock exam https://www.certification-questions.com/spring-dumps/professional.html
Sunday, June 16, 2019
Spring bean lifecycles and BeanPostProcessor
import org.springframework.beans.factory.DisposableBean;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.stereotype.Component;
import javax.annotation.PostConstruct;
import javax.annotation.PreDestroy;
@Component
public class MyComponent implements InitializingBean, DisposableBean {
@Override
public void afterPropertiesSet() throws Exception {
System.out.println("afterPropertiesSet from InitializingBean");
}
@PostConstruct
public void onPostConstruct() {
System.out.println("onPostConstruct");
}
@PreDestroy
public void onPreDestroy() {
System.out.println("onPreDestroy");
}
@Override
public void destroy() throws Exception {
System.out.println("destroy from DisposableBean ");
}
}
the sequence is:
onPostConstruct
afterPropertiesSet from InitializingBean
onPreDestroy
destroy from DisposableBean
and you can intercept instantiatio of every bean with a BPP :
import org.springframework.beans.BeansException;
import org.springframework.beans.factory.config.BeanPostProcessor;
import org.springframework.context.annotation.Configuration;
@Configuration
public class CustomBeanPostProcessor implements BeanPostProcessor {
public CustomBeanPostProcessor() {
System.out.println("0. Spring calls constructor");
}
@Override
public Object postProcessBeforeInitialization(Object bean, String beanName)
throws BeansException {
System.out.println(bean.getClass() + " " + beanName);
return bean;
}
@Override
public Object postProcessAfterInitialization(Object bean, String beanName)
throws BeansException {
System.out.println(bean.getClass() + " " + beanName);
return bean;
}
}
fstab and UUID for device identification, docker and friends
https://help.ubuntu.com/community/Fstab
on my VirtualBox Centos7:
cat /etc/fstab
/dev/mapper/cl-root / xfs defaults 0 0
UUID=70139d85-209e-4997-9d06-af6659221021 /boot xfs defaults 0 0
/dev/mapper/cl-swap swap swap defaults 0 0
this is:
[Device] [Mount Point] [File System Type] [Options] [Dump] [Pass]
ls -l /dev/disk/by-uuid/
total 0
lrwxrwxrwx. 1 root root 9 Jun 14 17:41 2019-05-13-13-58-35-65 -> ../../sr0
lrwxrwxrwx. 1 root root 10 Jun 14 17:41 27882150-dbcf-44a5-8461-a7e16020ee6f -> ../../dm-1
lrwxrwxrwx. 1 root root 10 Jun 14 17:41 70139d85-209e-4997-9d06-af6659221021 -> ../../sda1
lrwxrwxrwx. 1 root root 10 Jun 14 17:41 96e9a0f9-2b77-4cfc-be6e-f4c982e57123 -> ../../dm-0
lrwxrwxrwx. 1 root root 10 Jun 15 19:08 fdad3ac1-1c70-4371-8f9e-72ab7f0167df -> ../../dm-3
blkid
/dev/sr0: UUID="2019-05-13-13-58-35-65" LABEL="VBox_GAs_6.0.8" TYPE="iso9660"
on the host VM:
mount | sort
on the docker centos7 container:
mount | sort
one can notice lot of differences in the VM and the container mounts, notably all the cgroup in docker are ro while in vm they are rw. Some mounts "/dev/mapper/cl-root on /etc/*" in docker
What is tmpfs? https://en.wikipedia.org/wiki/Tmpfs
What is xfs? https://en.wikipedia.org/wiki/XFS
What is FUSE (fusectl) ? https://en.wikipedia.org/wiki/Filesystem_in_Userspace#Examples
on my VirtualBox Centos7:
cat /etc/fstab
/dev/mapper/cl-root / xfs defaults 0 0
UUID=70139d85-209e-4997-9d06-af6659221021 /boot xfs defaults 0 0
/dev/mapper/cl-swap swap swap defaults 0 0
this is:
[Device] [Mount Point] [File System Type] [Options] [Dump] [Pass]
ls -l /dev/disk/by-uuid/
total 0
lrwxrwxrwx. 1 root root 9 Jun 14 17:41 2019-05-13-13-58-35-65 -> ../../sr0
lrwxrwxrwx. 1 root root 10 Jun 14 17:41 27882150-dbcf-44a5-8461-a7e16020ee6f -> ../../dm-1
lrwxrwxrwx. 1 root root 10 Jun 14 17:41 70139d85-209e-4997-9d06-af6659221021 -> ../../sda1
lrwxrwxrwx. 1 root root 10 Jun 14 17:41 96e9a0f9-2b77-4cfc-be6e-f4c982e57123 -> ../../dm-0
lrwxrwxrwx. 1 root root 10 Jun 15 19:08 fdad3ac1-1c70-4371-8f9e-72ab7f0167df -> ../../dm-3
blkid
/dev/sr0: UUID="2019-05-13-13-58-35-65" LABEL="VBox_GAs_6.0.8" TYPE="iso9660"
on the host VM:
mount | sort
cgroup on /sys/fs/cgroup/blkio type cgroup (rw,nosuid,nodev,noexec,relatime,blkio) cgroup on /sys/fs/cgroup/cpu,cpuacct type cgroup (rw,nosuid,nodev,noexec,relatime,cpuacct,cpu) cgroup on /sys/fs/cgroup/cpuset type cgroup (rw,nosuid,nodev,noexec,relatime,cpuset) cgroup on /sys/fs/cgroup/devices type cgroup (rw,nosuid,nodev,noexec,relatime,devices) cgroup on /sys/fs/cgroup/freezer type cgroup (rw,nosuid,nodev,noexec,relatime,freezer) cgroup on /sys/fs/cgroup/hugetlb type cgroup (rw,nosuid,nodev,noexec,relatime,hugetlb) cgroup on /sys/fs/cgroup/memory type cgroup (rw,nosuid,nodev,noexec,relatime,memory) cgroup on /sys/fs/cgroup/net_cls,net_prio type cgroup (rw,nosuid,nodev,noexec,relatime,net_prio,net_cls) cgroup on /sys/fs/cgroup/perf_event type cgroup (rw,nosuid,nodev,noexec,relatime,perf_event) cgroup on /sys/fs/cgroup/pids type cgroup (rw,nosuid,nodev,noexec,relatime,pids) cgroup on /sys/fs/cgroup/systemd type cgroup (rw,nosuid,nodev,noexec,relatime,xattr,release_agent=/usr/lib/systemd/systemd-cgroups-agent,name=systemd) configfs on /sys/kernel/config type configfs (rw,relatime) debugfs on /sys/kernel/debug type debugfs (rw,relatime) /dev/mapper/cl-root on / type xfs (rw,relatime,seclabel,attr2,inode64,noquota) /dev/mapper/docker-253:0-34242903-3869b9e3d61005155d7ce7222280b67d4c034537b462d76016409d74c39c403b on /var/lib/docker/devicemapper/mnt/3869b9e3d61005155d7ce7222280b67d4c034537b462d76016409d74c39c403b type xfs (rw,relatime,seclabel,nouuid,attr2,inode64,logbsize=64k,sunit=128,swidth=128,noquota) devpts on /dev/pts type devpts (rw,nosuid,noexec,relatime,seclabel,gid=5,mode=620,ptmxmode=000) /dev/sda1 on /boot type xfs (rw,relatime,seclabel,attr2,inode64,noquota) /dev/sr0 on /run/media/centos/VBox_GAs_6.0.8 type iso9660 (ro,nosuid,nodev,relatime,uid=1000,gid=1000,iocharset=utf8,mode=0400,dmode=0500,uhelper=udisks2) devtmpfs on /dev type devtmpfs (rw,nosuid,seclabel,size=3989408k,nr_inodes=997352,mode=755) fusectl on /sys/fs/fuse/connections type fusectl (rw,relatime) gvfsd-fuse on /run/user/1000/gvfs type fuse.gvfsd-fuse (rw,nosuid,nodev,relatime,user_id=1000,group_id=1000) hugetlbfs on /dev/hugepages type hugetlbfs (rw,relatime,seclabel) mqueue on /dev/mqueue type mqueue (rw,relatime,seclabel) nfsd on /proc/fs/nfsd type nfsd (rw,relatime) proc on /proc type proc (rw,nosuid,nodev,noexec,relatime) proc on /run/docker/netns/9c46943f17e7 type proc (rw,nosuid,nodev,noexec,relatime) pstore on /sys/fs/pstore type pstore (rw,nosuid,nodev,noexec,relatime) securityfs on /sys/kernel/security type securityfs (rw,nosuid,nodev,noexec,relatime) selinuxfs on /sys/fs/selinux type selinuxfs (rw,relatime) shm on /var/lib/docker/containers/55284026cd2880cf08c45e66754fcf8011c9cf3227f1564022afad7807cbee27/mounts/shm type tmpfs (rw,nosuid,nodev,noexec,relatime,seclabel,size=65536k) sunrpc on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw,relatime) sysfs on /sys type sysfs (rw,nosuid,nodev,noexec,relatime,seclabel) systemd-1 on /proc/sys/fs/binfmt_misc type autofs (rw,relatime,fd=31,pgrp=1,timeout=0,minproto=5,maxproto=5,direct,pipe_ino=13854) tmpfs on /dev/shm type tmpfs (rw,nosuid,nodev,seclabel) tmpfs on /run type tmpfs (rw,nosuid,nodev,seclabel,mode=755) tmpfs on /run/user/1000 type tmpfs (rw,nosuid,nodev,relatime,seclabel,size=801028k,mode=700,uid=1000,gid=1000) tmpfs on /sys/fs/cgroup type tmpfs (ro,nosuid,nodev,noexec,seclabel,mode=755)
on the docker centos7 container:
mount | sort
/dev/mapper/cl-root on /etc/hostname type xfs (rw,relatime,seclabel,attr2,inode64,noquota) /dev/mapper/cl-root on /etc/hosts type xfs (rw,relatime,seclabel,attr2,inode64,noquota) /dev/mapper/cl-root on /etc/resolv.conf type xfs (rw,relatime,seclabel,attr2,inode64,noquota) /dev/mapper/docker-253:0-34242903-3869b9e3d61005155d7ce7222280b67d4c034537b462d76016409d74c39c403b on / type xfs (rw,relatime,seclabel,nouuid,attr2,inode64,logbsize=64k,sunit=128,swidth=128,noquota) cgroup on /sys/fs/cgroup/blkio type cgroup (ro,nosuid,nodev,noexec,relatime,blkio) cgroup on /sys/fs/cgroup/cpu,cpuacct type cgroup (ro,nosuid,nodev,noexec,relatime,cpuacct,cpu) cgroup on /sys/fs/cgroup/cpuset type cgroup (ro,nosuid,nodev,noexec,relatime,cpuset) cgroup on /sys/fs/cgroup/devices type cgroup (ro,nosuid,nodev,noexec,relatime,devices) cgroup on /sys/fs/cgroup/freezer type cgroup (ro,nosuid,nodev,noexec,relatime,freezer) cgroup on /sys/fs/cgroup/hugetlb type cgroup (ro,nosuid,nodev,noexec,relatime,hugetlb) cgroup on /sys/fs/cgroup/memory type cgroup (ro,nosuid,nodev,noexec,relatime,memory) cgroup on /sys/fs/cgroup/net_cls,net_prio type cgroup (ro,nosuid,nodev,noexec,relatime,net_prio,net_cls) cgroup on /sys/fs/cgroup/perf_event type cgroup (ro,nosuid,nodev,noexec,relatime,perf_event) cgroup on /sys/fs/cgroup/pids type cgroup (ro,nosuid,nodev,noexec,relatime,pids) cgroup on /sys/fs/cgroup/systemd type cgroup (ro,nosuid,nodev,noexec,relatime,xattr,release_agent=/usr/lib/systemd/systemd-cgroups-agent,name=systemd) devpts on /dev/console type devpts (rw,nosuid,noexec,relatime,seclabel,gid=5,mode=620,ptmxmode=666) devpts on /dev/pts type devpts (rw,nosuid,noexec,relatime,seclabel,gid=5,mode=620,ptmxmode=666) mqueue on /dev/mqueue type mqueue (rw,nosuid,nodev,noexec,relatime,seclabel) proc on /proc type proc (rw,nosuid,nodev,noexec,relatime) proc on /proc/bus type proc (ro,relatime) proc on /proc/fs type proc (ro,relatime) proc on /proc/irq type proc (ro,relatime) proc on /proc/sys type proc (ro,relatime) proc on /proc/sysrq-trigger type proc (ro,relatime) shm on /dev/shm type tmpfs (rw,nosuid,nodev,noexec,relatime,seclabel,size=65536k) sysfs on /sys type sysfs (ro,nosuid,nodev,noexec,relatime,seclabel) tmpfs on /dev type tmpfs (rw,nosuid,seclabel,size=65536k,mode=755) tmpfs on /proc/acpi type tmpfs (ro,relatime,seclabel) tmpfs on /proc/asound type tmpfs (ro,relatime,seclabel) tmpfs on /proc/kcore type tmpfs (rw,nosuid,seclabel,size=65536k,mode=755) tmpfs on /proc/keys type tmpfs (rw,nosuid,seclabel,size=65536k,mode=755) tmpfs on /proc/sched_debug type tmpfs (rw,nosuid,seclabel,size=65536k,mode=755) tmpfs on /proc/scsi type tmpfs (ro,relatime,seclabel) tmpfs on /proc/timer_list type tmpfs (rw,nosuid,seclabel,size=65536k,mode=755) tmpfs on /proc/timer_stats type tmpfs (rw,nosuid,seclabel,size=65536k,mode=755) tmpfs on /sys/firmware type tmpfs (ro,relatime,seclabel) tmpfs on /sys/fs/cgroup type tmpfs (ro,nosuid,nodev,noexec,relatime,seclabel,mode=755)
one can notice lot of differences in the VM and the container mounts, notably all the cgroup in docker are ro while in vm they are rw. Some mounts "/dev/mapper/cl-root on /etc/*" in docker
What is tmpfs? https://en.wikipedia.org/wiki/Tmpfs
What is xfs? https://en.wikipedia.org/wiki/XFS
What is FUSE (fusectl) ? https://en.wikipedia.org/wiki/Filesystem_in_Userspace#Examples
Friday, June 14, 2019
bash comparison and validation of string
trying to understand Bash syntax is really wasted time.... just copy/paste working examples
array=("pippo pluto topolino")
value=pluto
[[ " ${array[@]} " =~ " ${value} " ]] && echo "YES" || echo "NO"
if [[ " ${array[@]} " =~ " ${value} " ]]; then echo trovato; fi
pippo="ciao"
[[ $pippo = "ciao" ]] && echo "1yes"
[[ "ciao" = "ciao" ]] && echo "2yes"
x="valid"
if [ "$x" = "valid" ]; then
echo "x has the value 'valid'"
fi
[[ "$x" = "valid" ]] && echo "x is valid"
[ "$x" == "valid" ] && echo "x has the value 'valid'"
[ "$x" == "valid" ] && echo "i am valid" || echo "i am invalid"
Tuesday, June 11, 2019
Java SSL server and client
https://www.baeldung.com/java-ssl-handshake-failures
this article is inspiring but it contains several errors/omissions.
The actually working code with detailed keytool commands is here https://github.com/vernetto/ssltests
Ultimate resource to learn SSL handshake is https://tls.ulfheim.net/
this article is inspiring but it contains several errors/omissions.
The actually working code with detailed keytool commands is here https://github.com/vernetto/ssltests
Ultimate resource to learn SSL handshake is https://tls.ulfheim.net/
Sunday, June 9, 2019
shell testing
I have never seen in my life a bash shell being covered by automated tests.
I have thought of using Java and Mockito and Junit5, but it's not very straightforward to run shells from Java (in 2019.... maybe in 2 years it will be normal).
But I think it would be an excellent idea.
This is an inspiring article https://www.leadingagile.com/2018/10/unit-testing-shell-scriptspart-one/
This is the shunit2 framework:
https://github.com/kward/shunit2/
Here the reference manual for shell scripting http://www.gnu.org/savannah-checkouts/gnu/bash/manual/bash.html but it's a bit too academic.
https://www.tldp.org/LDP/abs/html/index.html this one is richer of examples
PS shell scripting sucks
I have thought of using Java and Mockito and Junit5, but it's not very straightforward to run shells from Java (in 2019.... maybe in 2 years it will be normal).
But I think it would be an excellent idea.
This is an inspiring article https://www.leadingagile.com/2018/10/unit-testing-shell-scriptspart-one/
This is the shunit2 framework:
https://github.com/kward/shunit2/
Here the reference manual for shell scripting http://www.gnu.org/savannah-checkouts/gnu/bash/manual/bash.html but it's a bit too academic.
https://www.tldp.org/LDP/abs/html/index.html this one is richer of examples
PS shell scripting sucks
CRI-O
https://cri-o.io/
CRI-O = "Container Runtime Interface" "Open Container Initiative"
"a lightweight alternative to using Docker as the runtime for kubernetes"
https://www.quora.com/How-is-CRI-O-different-from-Docker-technology
"The CRI-O Container Engine is a implementation of a CRI (Kubernetes Container Runtime interface) that dedicated to Kubernetes. It implements only the features necessary to implement the CRI. Basically whatever Kubernetes needs. The goal to be as simple as possible and to never ever break Kubernetes. CRI-O is only for running containers in production. It runs OCI containers based on OCI images, which basically says it can run any container image sitting at Docker.io, Quay.IO, or any other container registry. It also launches OCI containers with runc.
Docker has a whole bunch of different technology, but I am guessing you are asking about the Docker daemon. Docker daemon is a general purpose container engine that implements API for launching OCI Container using the same runc that CRI-O uses. Docker daemon supports multiple different orchestrators including the Docker Client, Docker Swarm, Kubernetes, Mesosphere. It also supports everything from playing with containers to building containers.
The team behind CRI-O believes that building containers and developing and playing with containers should be done by different tools than the container engine that is used by Kubernetes. The CRI-O team has developed the Podman and Buildah container engines for developing/playing with containers and building container images.
Since these three tasks are done separately CRI-O can run with much tighter security than is required for building and developing containers."
CRI-O and kubeadm
https://katacoda.com/courses/kubernetes/getting-started-with-kubeadm-crio
What is a "pause" container and a "PID namespace sharing" ? https://www.ianlewis.org/en/almighty-pause-container
What is Weave ? https://www.weave.works/docs/cloud/latest/overview/
What is a Nodeport ? https://kubernetes.io/docs/concepts/services-networking/service/#nodeport
CRI-O = "Container Runtime Interface" "Open Container Initiative"
"a lightweight alternative to using Docker as the runtime for kubernetes"
https://www.quora.com/How-is-CRI-O-different-from-Docker-technology
"The CRI-O Container Engine is a implementation of a CRI (Kubernetes Container Runtime interface) that dedicated to Kubernetes. It implements only the features necessary to implement the CRI. Basically whatever Kubernetes needs. The goal to be as simple as possible and to never ever break Kubernetes. CRI-O is only for running containers in production. It runs OCI containers based on OCI images, which basically says it can run any container image sitting at Docker.io, Quay.IO, or any other container registry. It also launches OCI containers with runc.
Docker has a whole bunch of different technology, but I am guessing you are asking about the Docker daemon. Docker daemon is a general purpose container engine that implements API for launching OCI Container using the same runc that CRI-O uses. Docker daemon supports multiple different orchestrators including the Docker Client, Docker Swarm, Kubernetes, Mesosphere. It also supports everything from playing with containers to building containers.
The team behind CRI-O believes that building containers and developing and playing with containers should be done by different tools than the container engine that is used by Kubernetes. The CRI-O team has developed the Podman and Buildah container engines for developing/playing with containers and building container images.
Since these three tasks are done separately CRI-O can run with much tighter security than is required for building and developing containers."
CRI-O and kubeadm
https://katacoda.com/courses/kubernetes/getting-started-with-kubeadm-crio
What is a "pause" container and a "PID namespace sharing" ? https://www.ianlewis.org/en/almighty-pause-container
What is Weave ? https://www.weave.works/docs/cloud/latest/overview/
What is a Nodeport ? https://kubernetes.io/docs/concepts/services-networking/service/#nodeport
Saturday, June 8, 2019
Cloud-Native Applications in Java
excellent book covering basically EVERYTHING about the Java Cloud ecosystem.
Jakarta EE microprofiles, some readings
https://openliberty.io/blog/2018/06/08/java-microservices-microprofile.html
https://jakarta.ee/about/
https://www.amazon.com/Hands-Cloud-Native-Microservices-Jakarta-microservices-ebook/dp/B07NDBQPLF/ref=sr_1_4?__mk_de_DE=%C3%85M%C3%85%C5%BD%C3%95%C3%91&keywords=microprofiles&qid=1558959093&s=books&sr=1-4
https://jakarta.ee/about/
https://www.amazon.com/Hands-Cloud-Native-Microservices-Jakarta-microservices-ebook/dp/B07NDBQPLF/ref=sr_1_4?__mk_de_DE=%C3%85M%C3%85%C5%BD%C3%95%C3%91&keywords=microprofiles&qid=1558959093&s=books&sr=1-4
RHEL6 legacy services
just upgrade to RHEL7 please.... or RHEL8...
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/deployment_guide/ch-services_and_daemons
change keyboard to Swiss German:
vi /etc/sysconfig/keyboard
shutdown -r now
cat /etc/inittab should tell you id:5:initdefault: which is the default runlevel
runlevel checks current runlevel
system-config-services UI utility to configure services
service bla status
services are defined in /etc/rc.d/init.d/
ls /etc/xinetd.d here other services https://en.wikipedia.org/wiki/Xinetd
ntsysv to enable/disable services to startup ( ntsysv --level 35 will edit runlevel 3 and 5)
chkconfig --list or chkconfig --list httpd
chkconfig httpd on or chkconfig httpd on --level 35
chkconfig httpd off or chkconfig httpd off --level 35
service --status-all
service httpd start
/var/lock/subsys/ -> " lock files created by their init scripts" see here
before start:
if [ ! -f /var/lock/subsys/servicename ]; then
start # start service here
fi
at the end of start:
touch /var/lock/subsys/servicename
at the end of stop:
rm -f /var/lock/subsys/servicename
WARNING: stale files could linger if abrupt shutdown -> always check also existence of PID (must write PID file)
What happens at boot?
/etc/rc.d/rc.sysinit
/etc/inittab
/etc/rc.d/rcN.d (N = current runlevel)
Template for service scripts is in /usr/share/doc/initscripts-*/sysvinitfiles
sudo stat /proc/1/exe -> /sbin/init
stat /sbin/init -> /lib/systemd/systemd
/sbin/init --version
/etc/rc.d/init.d/functions
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/deployment_guide/ch-services_and_daemons
change keyboard to Swiss German:
vi /etc/sysconfig/keyboard
KEYTABLE=”de_CH-latin1″ MODEL=”pc105+inet” LAYOUT=”de_CH” KEYBOARDTYPE=”pc”
shutdown -r now
cat /etc/inittab should tell you id:5:initdefault: which is the default runlevel
runlevel checks current runlevel
system-config-services UI utility to configure services
service bla status
services are defined in /etc/rc.d/init.d/
ls /etc/xinetd.d here other services https://en.wikipedia.org/wiki/Xinetd
ntsysv to enable/disable services to startup ( ntsysv --level 35 will edit runlevel 3 and 5)
chkconfig --list or chkconfig --list httpd
chkconfig httpd on or chkconfig httpd on --level 35
chkconfig httpd off or chkconfig httpd off --level 35
service --status-all
service httpd start
/var/lock/subsys/ -> " lock files created by their init scripts" see here
before start:
if [ ! -f /var/lock/subsys/servicename ]; then
start # start service here
fi
at the end of start:
touch /var/lock/subsys/servicename
at the end of stop:
rm -f /var/lock/subsys/servicename
WARNING: stale files could linger if abrupt shutdown -> always check also existence of PID (must write PID file)
What happens at boot?
/etc/rc.d/rc.sysinit
/etc/inittab
/etc/rc.d/rcN.d (N = current runlevel)
Template for service scripts is in /usr/share/doc/initscripts-*/sysvinitfiles
sudo stat /proc/1/exe -> /sbin/init
stat /sbin/init -> /lib/systemd/systemd
/sbin/init --version
/etc/rc.d/init.d/functions
Thursday, June 6, 2019
SSL renegotiation and resumption
"Resumption and renegotiation are rather opposites. Resumption restarts a previous TLS session in a new TCP connection, using the same TLS parameters. Renegotiation continues an existing TLS session in the same TCP connection, but changes some of the parameters.
"
in Fiddler, check for the renegotiation_info field in the CONNECT requestsmethods
https://www.ssllabs.com/ssltest/
Secure Renegotiation Supported
Secure Client-Initiated Renegotiation Yes
Insecure Client-Initiated Renegotiation No
Session resumption (caching) Yes
Session resumption (tickets) No
check DisableRenegoOnClient link
https://www.salt.ky/disabling-tlsssl-renegotiation-in-configuration-manager-2012/ and https://support.microsoft.com/en-us/help/977377/microsoft-security-advisory-vulnerability-in-tls-ssl-could-allow-spoof
"Modify the key to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\DisableRenegoOnClient | DWORD=0"
https://backstage.forgerock.com/knowledge/kb/article/a28022128 -Djdk.tls.rejectClientInitiatedRenegotiation=true
-Dsun.security.ssl.allowUnsafeRenegotiation=true ( see https://www.oracle.com/technetwork/java/javase/tlsreadme2-176330.html on why this is a bad idea)
Doc on Session Resumption https://spacehost.de/tls-session-resumption-caching-tickets/
jdk.tls.useExtendedMasterSecret=false
jdk.tls.allowLegacyResumption=true
jdk.tls.allowLegacyMasterSecret=true
Here more explanation on Resumption and Renegotiation
To understand JSSE in general read this guide https://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/JSSERefGuide.html
"
in Fiddler, check for the renegotiation_info field in the CONNECT requestsmethods
https://www.ssllabs.com/ssltest/
Secure Renegotiation Supported
Secure Client-Initiated Renegotiation Yes
Insecure Client-Initiated Renegotiation No
Session resumption (caching) Yes
Session resumption (tickets) No
check DisableRenegoOnClient link
https://www.salt.ky/disabling-tlsssl-renegotiation-in-configuration-manager-2012/ and https://support.microsoft.com/en-us/help/977377/microsoft-security-advisory-vulnerability-in-tls-ssl-could-allow-spoof
"Modify the key to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\DisableRenegoOnClient | DWORD=0"
https://backstage.forgerock.com/knowledge/kb/article/a28022128 -Djdk.tls.rejectClientInitiatedRenegotiation=true
-Dsun.security.ssl.allowUnsafeRenegotiation=true ( see https://www.oracle.com/technetwork/java/javase/tlsreadme2-176330.html on why this is a bad idea)
Doc on Session Resumption https://spacehost.de/tls-session-resumption-caching-tickets/
jdk.tls.useExtendedMasterSecret=false
jdk.tls.allowLegacyResumption=true
jdk.tls.allowLegacyMasterSecret=true
Here more explanation on Resumption and Renegotiation
To understand JSSE in general read this guide https://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/JSSERefGuide.html
viewing https handshakes in fiddler
https://textslashplain.com/2015/10/12/viewing-https-handshakes-in-fiddler/
https://stackoverflow.com/questions/12323944/fiddler-httpmethod-get-put-post-delete-column
Right-click the column bar and select Customize columns....
Collection: Miscellaneous
Field Name: RequestMethod
https://gumroad.com/l/dwf2/IntroSale
https://stackoverflow.com/questions/12323944/fiddler-httpmethod-get-put-post-delete-column
Right-click the column bar and select Customize columns....
Collection: Miscellaneous
Field Name: RequestMethod
https://gumroad.com/l/dwf2/IntroSale
Subscribe to:
Posts (Atom)
