tag:blogger.com,1999:blog-707443968333600922024-03-27T02:37:28.438-04:00Kymera Tech TipsTech TipsKymera IT Services, LLChttp://www.blogger.com/profile/12991062346855725319noreply@blogger.comBlogger16125tag:blogger.com,1999:blog-70744396833360092.post-30487434951937354832015-03-31T13:36:00.000-04:002015-03-31T13:37:00.503-04:00Upgrading from Subversion 1.7 to 1.8<div dir="ltr"><div><div><div><div>I recently worked with an organization to upgrade their Subversion repository from 1.7 to 1.8. The steps involved, if everything goes according to plan, are:<br><br></div>1. Dump the repository:<br><br></div><span style="font-family:monospace,monospace"> svnadmin dump repo1_7 > repo1_7.dump</span><br><br></div> Or you can reduce the dump size and calculate the <a href="http://en.wikipedia.org/wiki/Delta_encoding">deltas</a> between revisions and only dump them:<br><br></div><div><span style="font-family:monospace,monospace"> svnadmin dump --deltas repo1_7 > repo1_7.dump</span><br><br></div><div>2. Create the new repository, which by default uses the fsfs file system:<br><br></div><div><font face="monospace,monospace"> </font>s<span style="font-family:monospace,monospace">vnadm<font>in create repo1_8</font></span><br><br></div><div>3. If you need to transfer the dump file to a new host you should take care of that first but then you need load the dump:<br><br></div><div><span style="font-family:monospace,monospace"> svnadmin load repo1_8 < repo1_7.dump</span><br></div><div><br></div><div><br>Now that would generally be it as far as the repository itself is concerned, unless you get errors. I got errors and it is not uncommon when upgrading. I ran into issue on step 3, loading the dump file. It ran for about 2,000+ revisions and then stopped with these errors:<br><span style="font-family:monospace,monospace"><font><br> Cannot accept non-LF line endings in 'svn:log' property</font></span><br><span style="font-family:monospace,monospace"><font> Cannot accept non-LF line endings in 'svn:ignore' property</font></span><br></div><div><br></div><div>This occurred because the repository contained the older ^M carriage return. This is no longer allowed after version 1.6 but the previous upgrades used the"--bypass-prop-validation" option when loading the repository which just delayed dealing with the issue. The fix for this is to replace the ^M line endings found in the repository. To do this you take your dump file you created in step 1 and use the following sed command to replace the ^M line endings.<br><br><code> sed -e '/^svn:log$/,/^PROPS-END$/ s/^M/ /' -e '/^svn:ignore$/,/^PROPS-END$/ s/^M/\n/' repo1_7.dump > repo1_7-fix.dump</code><br><br></div><div>Now I want to make note that the ^M in the command above is not created with Shift+6 and Shift+M. The ^M character is a carriage return control character that means 0D in hex. In order to create the character you can either type CTRL+V and CTRL+M or reference it as \x0D in the sed comman<code>d as shown below.<br></code><br><code><code> sed -e '/^svn:log$/,/^PROPS-END$/ s/\x0D/ /' -e '/^svn:ignore$/,/^PROPS-END$/ s/\x0D/\n/'</code></code><code><code> repo1_7.dump > repo1_7-fix.dump</code><br><br><br></code></div><div><code><font face="arial,helvetica,sans-serif">Once that command finishes you will have repaired copy of the dump file which should load now.<br></font></code></div></div> Kymera IT Services, LLChttp://www.blogger.com/profile/12991062346855725319noreply@blogger.com0tag:blogger.com,1999:blog-70744396833360092.post-31145342446509889492015-01-06T11:58:00.000-05:002015-01-06T11:59:19.375-05:00Configuring Jenkins to use HTTPS on CentOS 6.6<div dir="ltr"><div>These instructions are using Jenkins 1.595 from the Jenkins Yum repository <a href="http://pkg.jenkins-ci.org/redhat/" target="_blank">http://pkg.jenkins-ci.org/redhat/</a>. <br></div><div><ol><li>Create certificate for host with whatever tool you choose. Personally I like XCA but I don't have a PKI system in place.<br><br></li><li>Export PKCS12 certificate with chain.<br><br></li><li>Convert PKCS12 certifcate to java keystore using the following command: <br>keytool -importkeystore -srckeystore certificate.p12 -srcstoretype PKCS12 -destkeystore jenkinsstore<br><br></li><li>Copy the keystore to a permanent location (ex. /var/lib/jenkins).<br><br></li><li>Import your CA certificate into Java cacerts keystore: <br>keytool -import -file CA.crt -keystore /usr/java/latest/jre/lib/security/cacerts<br><br></li><li>Configure /etc/sysconfig/jenkins with the following settings:<br>JENKINS_JAVA_CMD="/usr/java/latest/bin/java"<br>JENKINS_JAVA_OPTIONS="-Djava.awt.headless=true -Xrs -Xmx1024m -XX:PermSize=512m -XX:MaxPermSize=512m"<br>JENKINS_HTTPS_PORT="8843"<br>JENKINS_HTTPS_KEYSTORE="/var/lib/jenkins/jenkinsstore"<br>JENKINS_HTTPS_KEYSTORE_PASSWORD="thePassword"<br>JENKINS_HTTPS_LISTEN_ADDRESS="0.0.0.0"<br><br></li><li>Configure iptables to redirect 443 to 8843 and to block tcp 8080 if you want to use the standard port 443:<br>-A INPUT -i eth0 -p tcp -m tcp --dport 8080 -j DROP<br>-A PREROUTING -i eth0 -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 8843<br><br></li><li>Start Jenkins:<br>service jenkins start</li></ol> </div></div> Kymera IT Services, LLChttp://www.blogger.com/profile/12991062346855725319noreply@blogger.com4tag:blogger.com,1999:blog-70744396833360092.post-67452967099634123502014-12-30T14:52:00.001-05:002014-12-30T15:31:26.349-05:00Quick OpenLDAP Setup on CentOS 6.6<div dir="ltr">
<ol>
<li>Install the necessary files:<br />
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204,204,204); margin: 0px 0px 0px 0.8ex; padding-left: 1ex;">
<span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;">yum install openldap openldap-clients openldap-servers</span></span></blockquote>
<span style="font-size: x-small;">
</span></li>
<span style="font-size: x-small;">
</span>
<li>Modify the following options in the /etc/openldap/slapd.d/cn\=config.ldif configuration file:<br />
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204,204,204); margin: 0px 0px 0px 0.8ex; padding-left: 1ex;">
<pre><span style="font-size: small;"><span style="font-family: "Courier New",Courier,monospace;">#olcAllows: bind_v2 </span></span></pre>
</blockquote>
<span style="font-size: small;"><span style="font-family: "Courier New",Courier,monospace;">
</span></span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204,204,204); margin: 0px 0px 0px 0.8ex; padding-left: 1ex;">
<pre><span style="font-size: small;"><span style="font-family: "Courier New",Courier,monospace;">olcIdleTimeout: 60</span></span></pre>
</blockquote>
<pre></pre>
</li>
<li>Generate the SSHA hash for the admin user:<br />
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204,204,204); margin: 0px 0px 0px 0.8ex; padding-left: 1ex;">
<pre><span style="font-family: "Courier New",Courier,monospace; font-size: x-small;">slappasswd -s password</span></pre>
</blockquote>
<pre>(example output: <span style="font-family: "Courier New",Courier,monospace;">{SSHA}abunchofhash</span>)
</pre>
</li>
<li>Modify the following configuration options in /etc/openldap/slapd.d/cn\=config/olcDatabase\=\{2\}bdb.ldif. The domain will be <a href="http://test.com/">test.com</a><br />
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204,204,204); margin: 0px 0px 0px 0.8ex; padding-left: 1ex;">
<pre><span style="font-size: small;"><span style="font-family: "Courier New",Courier,monospace;">olcSuffix: dc=test,dc=com
olcRootDN: cn=admin,dc=test,dc=com
olcRootPW: {SSHA}abunchofhash</span>
</span></pre>
</blockquote>
<pre></pre>
</li>
<li>Modify the olcAccess option in /etc/openldap/slapd.d/cn\=config/olcDatabase={1}monitor.ldif so the dn is correct:<br />
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204,204,204); margin: 0px 0px 0px 0.8ex; padding-left: 1ex;">
<span style="font-family: "Courier New",Courier,monospace;"><span style="font-size: x-small;">olcAccess: {0}to * by/ dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth"/<br />read by dn.base="cn=admin,dc=test,dc=com" read by * none</span></span></blockquote>
<pre></pre>
</li>
<li>Start the OpenLDAP server and configure it to start at boot time:<br />
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204,204,204); margin: 0px 0px 0px 0.8ex; padding-left: 1ex;">
<pre><span style="font-size: small;"><span style="font-family: "Courier New",Courier,monospace;">chkconfig slapd on</span><span style="font-family: "Courier New",Courier,monospace;">
service slapd start</span></span></pre>
</blockquote>
<pre></pre>
</li>
<li>Create an LDIF (LDAP Interchange Format) file with the configuration for our organization LDAP tree. Here we will create two organizational units one called People, where all users be a member of this ou, and another ou called Groups, which will be used to create groups for our organization. At the end of the file specify who is the RootDN for this LDAP tree (cn=admin,dc=example,dc=com). I named this file ldapconfig.ldif:<br />
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204,204,204); margin: 0px 0px 0px 0.8ex; padding-left: 1ex;">
<pre><span style="font-size: small;"><span style="font-family: "Courier New",Courier,monospace;"><span style="color: #212121;">dn: dc=test,dc=com</span>
objectclass: dcObject
objectclass: organization
o: Test Org
dc: test
dn: ou=Users,dc=test,dc=com
objectClass: organizationalUnit
objectClass: top
ou: Users
dn: ou=Groups,dc=test,dc=com
objectClass: organizationalUnit
objectClass: top
ou: Groups
dn: cn=admin,dc=test,dc=com
objectclass: organizationalRole
cn: admin</span></span></pre>
</blockquote>
</li>
<li>Apply our LDIF file and test if the LDAP tree is ready with the ldapsearch command:<br />
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204,204,204); margin: 0px 0px 0px 0.8ex; padding-left: 1ex;">
<pre><span style="font-size: small;"><span style="font-family: "Courier New",Courier,monospace;">ldapadd -x -D "cn=admin,dc=test,dc=com" -W -f ldapconfig.ldif</span></span></pre>
</blockquote>
<span style="font-size: small;"><span style="font-family: "Courier New",Courier,monospace;">
</span></span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204,204,204); margin: 0px 0px 0px 0.8ex; padding-left: 1ex;">
<pre><span style="font-size: small;"><span style="font-family: "Courier New",Courier,monospace;">ldapsearch -x -b 'dc=test,dc=com' '(objectclass=*)'</span></span></pre>
</blockquote>
</li>
<li>Create an ldap user by adding the below to an ldif file and running ldapadd as above:<br /><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204,204,204); margin: 0px 0px 0px 0.8ex; padding-left: 1ex;">
<span style="font-family: "Courier New",Courier,monospace;"><span style="font-size: x-small;">dn: uid=user1,ou=Users,dc=test,dc=com<br />objectclass: top<br />objectclass: person<br />objectclass: inetOrgPerson<br />objectclass: organizationalPerson<br />uid: user1<br />cn: User 1<br />sn: 1<br />givenName: User 1</span></span></blockquote>
<pre></pre>
</li>
<li>Assign a password for the user:<br /><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204,204,204); margin: 0px 0px 0px 0.8ex; padding-left: 1ex;">
<span style="font-family: "Courier New",Courier,monospace;"><span style="font-size: x-small;">ldappasswd -S -x -D "cn=admin,dc=test,dc=com" -W/ uid=user1,ou=People,dc=test,dc=com</span></span></blockquote>
<pre></pre>
</li>
<li>Create a group in the Groups organizational unit by adding the below to an ldif file and running ldapadd as above:<br />
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204,204,204); margin: 0px 0px 0px 0.8ex; padding-left: 1ex;">
<span style="font-family: "Courier New",Courier,monospace;"><span style="font-size: x-small;"><span style="color: #212121;">dn: cn=group1,ou=Groups,dc=test,dc=com</span><br />cn: group1</span><span style="font-size: x-small;"><br />objectclass: groupofnames<br />member: uid=user1,ou=Users,dc=test,dc=com</span></span></blockquote>
<pre></pre>
</li>
<li>To add a newly created user to the group after the initial creation create another ldif file and add the below text to it. Then modify the group with ldapmodify:<br /><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204,204,204); margin: 0px 0px 0px 0.8ex; padding-left: 1ex;">
<span style="font-family: "Courier New",Courier,monospace;"><span style="font-size: x-small;">dn: cn=group1,ou=Groups,dc=test,dc=com<br />changetype: modify<br />add: member<br />member: uid=user2,ou=Users,dc=test,dc=com</span></span></blockquote>
<br />
<span style="font-family: "Courier New",Courier,monospace;"><span style="font-size: x-small;">
</span><span style="font-size: x-small;">
</span></span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204,204,204); margin: 0px 0px 0px 0.8ex; padding-left: 1ex;">
<span style="font-family: "Courier New",Courier,monospace;"><span style="font-size: x-small;">ldapmodify -x -D "cn=admin,dc=test,dc=com" -W -f addto_group1.ldif</span></span></blockquote>
<pre></pre>
</li>
<li>To remove a user from a group create another ldif file and add the below text. Use ldapmodify to again modify the group:<br />
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204,204,204); margin: 0px 0px 0px 0.8ex; padding-left: 1ex;">
<span style="font-family: "Courier New",Courier,monospace;"><span style="font-size: x-small;">dn: cn=group1,ou=Groups,dc=test,dc=com<br />changetype: modify<br />delete: member<br />member: uid=user2,ou=Users,dc=test,dc=com</span></span></blockquote>
<br />
<span style="font-family: "Courier New",Courier,monospace;"><span style="font-size: x-small;">
</span></span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204,204,204); margin: 0px 0px 0px 0.8ex; padding-left: 1ex;">
<span style="font-family: "Courier New",Courier,monospace;"><span style="font-size: x-small;">ldapmodify -x -D "cn=admin,dc=test,dc=com" -W -f removefrom_group1.ldif</span></span></blockquote>
</li>
</ol>
</div>
Kymera IT Services, LLChttp://www.blogger.com/profile/12991062346855725319noreply@blogger.com10tag:blogger.com,1999:blog-70744396833360092.post-64414772057045912682013-09-13T13:17:00.001-04:002013-09-13T13:17:39.170-04:00Generating GPG Keys on CentOS 6<div dir="ltr">I recently ran into an issue where I was having problems creating a new set of GPG keys on a CentOS host that I was using. Here is the process that eventually worked for me.<div><br></div><div>1. Run the following gpg-agent command:</div> <div><br></div><div>gpg-agent --daemon --use-standard-socket --pinentry-program /usr/bin/pinentry-curses</div><div><br></div><div><br></div><div>2. Run the following rngd command to ensure there is enough entropy being generated:</div> <div><br></div><div>sudo rngd -r /dev/urandom<br><div><div><br></div><div><br></div><div style>3. Finally run the gpg command to generate the key:</div><div style><br></div><div style>gpg --gen-key</div><div style><br></div> <div style><br></div><div style>If you are running the gpg-agent as root you may run into other issue that prevent you from completing the process. It is best to run as a non-root user.</div><div style><br></div><div style> Nate</div> </div></div></div> Kymera IT Services, LLChttp://www.blogger.com/profile/12991062346855725319noreply@blogger.com6tag:blogger.com,1999:blog-70744396833360092.post-80558468116366646632013-02-22T22:05:00.001-05:002013-02-22T22:05:53.417-05:00Java Keystore Import Error<div dir="ltr">When trying I started recieveing the following error:<div><br></div><div>keytool error: java.lang.Exception: Input not an X.509 certificate<br> </div><div><br></div><div><br></div><div style>My certificate was in the .pem format and all that I had to do was convert the certificate using the following command:</div><div style><br></div><div style>openssl x509 -outform der -in mycert.pem -out mycert.der</div> <div style><br></div><div style><br></div><div style>Then I was able to import the certificate using:</div><div style><br></div><div style>keytool -keystore /location/of/keystore -import -alias mycertalias -file mycert.der<br> </div><div style><br></div><div style><br></div></div> Kymera IT Services, LLChttp://www.blogger.com/profile/12991062346855725319noreply@blogger.com2tag:blogger.com,1999:blog-70744396833360092.post-72793042111768928752013-01-23T15:00:00.001-05:002013-01-23T15:00:37.465-05:00XCA Certificate Authority<div dir="ltr"><font color="#000000">After much searching and testing various Linux GUI certificate authority applications I finally found one that works consistently and gives me all of the options that I need. I am not exactly sure how I missed it as it has been out for some time but XCA has turned out to be exactly what I was looking for. The biggest issue I had was creating certificates for Windows Servers in order to setup LDAPS. I had used TinyCA2, GnoMint, and various others. Both were either limited in their capabilities or failed to work consistently. I even tried to go setup full PKI systems like EJBCA and Windows Certificate Services but found them to be to difficult to pick up in the limited amount of time I had to learn how to use it.</font><div> <br></div><div style><div style><font face="sans-serif" color="#000000"><span style="line-height:18px">XCA uses a Qt based GUI interface that is well organized and full featured. I found the ability to create templates a great time saver when you have to crank out lots of certificates. Plus the ability to export to any format is also very handy as sometimes I never know what I need and I can never remember the correct openssl commands to convert to different formats.</span></font></div> <div style><font face="sans-serif" color="#000000"><span style="line-height:18px"><br></span></font></div><div style><a href="http://sourceforge.net/projects/xca/">http://sourceforge.net/projects/xca/</a><font face="sans-serif" color="#000000"><span style="line-height:18px"><br> </span></font></div><div style><a href="http://xca.sourceforge.net/" rel="noreferrer">http://xca.sourceforge.net/</a><br></div></div></div> Kymera IT Services, LLChttp://www.blogger.com/profile/12991062346855725319noreply@blogger.com2tag:blogger.com,1999:blog-70744396833360092.post-90928149252009295842013-01-23T14:21:00.001-05:002013-01-23T14:21:22.009-05:00Importing Key and Certificate into Java Keystore<div dir="ltr">For whatever reason I had a hell of a time trying to import the key and certificate from a third party CA into a Java keystore (JKS) that was used by a java web application. I just kept finding incorrect steps on how to do it and then after about 3 days of monkeying around with it I finally found what worked. <div> <br></div><div style>The first step was to export the key and certificate into PKCS12 format (either .pfx or .p12 file extension). The keytool treats the PKCS12 file as a keystore. If you are using Tomcat or some other Java application server you can actually use the file as a keystore without importing it into a JKS. The keytool gives you the ability to merge keystores which is what I ended up doing. After several attempts the below command was what I ended up with.</div> <div style><br></div><div style>keytool -importkeystore -destkeystore /certs/my.javakeystore -srckeystore certAndKey.p12 -srcstoretype PKCS12<br></div><div style><br></div><div style>I tried several times with the -alias option and it kept failing giving this error:</div> <div style><br></div><div style>keytool error: java.lang.Exception: Alias <alias1> does not exist<br></div><div style><br></div><div style>I found that the alias that is used initially is in the PKCS12 file. If the alias you are using does not match up to the alias, which I am assuming is the internal or friendly name, then it will fail. So if you leave the alias option off then it will import using the default alias that is sees in the PKCS12 file. In my case it was identical to one I had in my keystore already and it let me change the alias name during the import process.</div> </div> Kymera IT Services, LLChttp://www.blogger.com/profile/12991062346855725319noreply@blogger.com7tag:blogger.com,1999:blog-70744396833360092.post-19249312706212259912012-09-12T09:57:00.001-04:002012-09-12T09:57:30.427-04:00Setting GRUB2 Password on Debian Squeeze (6.0.5)To generate the hashed password run the following and enter the password you want to use:<div><br></div><div>grub-mkpasswd-pbkdf2</div><div><br></div><div>Example output:</div><div><br></div><div>grub.pbkdf2.sha512.10000.AKSDAKSDJ939302502NKJKANVKANVWIEN2034928345092835ADSIFUA09UFN23548098DF0SDFLKSJDRO0395203WELRFISDUF09U45</div> <div><br></div><div><br></div><div>Then edit /etc/grub.d/40_custom and append the following lines to the end of the file. I am using the user root here in this instance. It is not the same as the system's root account and you can create multiple accounts if you want with whatever names you wish. Make sure you replace the entry after root with your own output from the grub-mkpasswd-pbkdf2 command.</div> <div><br></div><div>set superusers="root"</div><div>password_pbkdf2 root grub.pbkdf2.sha512.10000.AKSDAKSDJ939302502NKJKANVKANVWIEN2034928345092835ADSIFUA09UFN23548098DF0SDFLKSJDRO0395203WELRFISDUF09U45</div><div> <br></div><div><br></div><div>Once you have saved that run update-grub and reboot your system. When it gets to the boot menu then you should try to edit the entries and see if it asks for your username and password in order to test the configuration.</div> <br> Kymera IT Services, LLChttp://www.blogger.com/profile/12991062346855725319noreply@blogger.com1tag:blogger.com,1999:blog-70744396833360092.post-61826390345152354572011-03-01T22:06:00.003-05:002011-03-01T22:17:28.085-05:00How to Add a Jailed User to the SFTP Only<span style="color: #333333; font-family: Helvetica, Arial, sans-serif; line-height: 17px;"></span><br />
<h3 style="color: black; line-height: normal; margin-bottom: 0.5em; margin-left: 0px; margin-right: 0px; margin-top: 1.5em; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><span style="color: #333333; font-family: Helvetica, Arial, sans-serif; line-height: 17px;"><span class="Apple-style-span" style="font-size: small; font-weight: normal;">*Note* These instructions work only with OpenSSH version 5.0 and newer.</span></span></h3><h3 style="color: black; line-height: normal; margin-bottom: 0.5em; margin-left: 0px; margin-right: 0px; margin-top: 1.5em; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><span style="color: #333333; font-family: Helvetica, Arial, sans-serif; font-size: small; line-height: 17px;"><span class="Apple-style-span" style="font-weight: normal;"></span><span class="Apple-style-span" style="font-weight: normal;">Now when you create users that need to be jailed, make sure they belong to the 'sftponly' group. For the user "denis" with the password "test", you will need to do the following steps.</span></span></h3><div style="background-color: initial; color: #333333; font-weight: normal; line-height: 13pt; margin-bottom: 10px; margin-left: 0px; margin-right: 0px; margin-top: 10px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><span style="color: #333333; font-family: Helvetica, Arial, sans-serif; line-height: 17px;">useradd denis<br />
usermod -g sftponly denis<br />
usermod -s /bin/false denis<br />
usermod -d /home/denis denis<br />
passwd denis</span></div><div style="background-color: initial; color: #333333; font-weight: normal; line-height: 13pt; margin-bottom: 10px; margin-left: 0px; margin-right: 0px; margin-top: 10px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><span style="color: #333333; font-family: Helvetica, Arial, sans-serif; line-height: 17px;"><br />
</span></div><h3 style="color: black; line-height: normal; margin-bottom: 0.5em; margin-left: 0px; margin-right: 0px; margin-top: 1.5em; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><span style="color: #333333; font-family: Helvetica, Arial, sans-serif; line-height: 17px;"><span style="font-size: small; font-weight: normal;"><a href="http://www.blogger.com/post-edit.g?blogID=70744396833360092&postID=6182639034515235457" name="12e03961d75bfdf4_HowtoAddaJailedUsertotheSFTPOnlyExtranet-AddtheUsertotheSSHDConfig"></a>Add the User to the SSHD Config</span></span></h3><div style="background-color: initial; color: #333333; font-weight: normal; line-height: 13pt; margin-bottom: 10px; margin-left: 0px; margin-right: 0px; margin-top: 10px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><span style="color: #333333; font-family: Helvetica, Arial, sans-serif; line-height: 17px;">nano /etc/ssh/sshd_config</span></div><div style="background-color: initial; color: #333333; font-weight: normal; line-height: 13pt; margin-bottom: 10px; margin-left: 0px; margin-right: 0px; margin-top: 10px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><span style="color: #333333; font-family: Helvetica, Arial, sans-serif; line-height: 17px;">Add the new user to the end of the list with AllowUser before their name.</span></div><div style="background-color: initial; color: #333333; font-weight: normal; line-height: 13pt; margin-bottom: 10px; margin-left: 0px; margin-right: 0px; margin-top: 10px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><span style="color: #333333; font-family: Helvetica, Arial, sans-serif; line-height: 17px;">Then restart sshd by running: <b>/etc/init.d/sshd restart</b></span></div><div style="background-color: initial; color: #333333; font-weight: normal; line-height: 13pt; margin-bottom: 10px; margin-left: 0px; margin-right: 0px; margin-top: 10px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><span style="color: #333333; font-family: Helvetica, Arial, sans-serif; line-height: 17px;"><b><br />
</b></span></div><h3 style="color: black; line-height: normal; margin-bottom: 0.5em; margin-left: 0px; margin-right: 0px; margin-top: 1.5em; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><span style="color: #333333; font-family: Helvetica, Arial, sans-serif; line-height: 17px;"><span style="font-size: small; font-weight: normal;"><a href="http://www.blogger.com/post-edit.g?blogID=70744396833360092&postID=6182639034515235457" name="12e03961d75bfdf4_HowtoAddaJailedUsertotheSFTPOnlyExtranet-Tosetupthejailrunthefollowingcommands"></a>To set up the jail run the following commands</span></span></h3><div style="background-color: initial; color: #333333; font-weight: normal; line-height: 13pt; margin-bottom: 10px; margin-left: 0px; margin-right: 0px; margin-top: 10px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px;"><span style="color: #333333; font-family: Helvetica, Arial, sans-serif; line-height: 17px;">chmod 755 /home/denis<br />
chown root:root /home/denis<br />
mkdir /home/denis/data<br />
chown denis:sftponly /home/denis/data</span></div>Kymera IT Services, LLChttp://www.blogger.com/profile/12991062346855725319noreply@blogger.com0tag:blogger.com,1999:blog-70744396833360092.post-33360699245029794482011-02-23T21:34:00.000-05:002011-02-23T21:35:21.927-05:00Setting up the atftpd server on Debian Squeeze<font class="Apple-style-span" face="arial, helvetica, sans-serif">I have recently had some issues trying to use tftpd server in conjunction with some of my Cisco equipment. I kept getting these errors regardless of actual permissions on the system:<br> <br></font><div><div><font class="Apple-style-span" face="arial, helvetica, sans-serif">%Error opening tftp://<a href="http://192.168.130.6/c1841-ipbase-mz.124-1c.bin">192.168.130.6/c1841-ipbase-mz.124-1c.bin</a> (Permission denied)</font></div> <div><font class="Apple-style-span" face="arial, helvetica, sans-serif"><br></font></div><div><font class="Apple-style-span" face="arial, helvetica, sans-serif">So I uninstalled that and installed the atftpd server package. That seemed to do the trick. I did have to change the default directory as I did already have a directory full of IOS files that I was just too lazy to move where the maintainers think I should put it. So here are the steps I took to get things working.</font></div> </div><div><font class="Apple-style-span" face="arial, helvetica, sans-serif"><br></font></div><div><meta http-equiv="content-type" content="text/html; charset=utf-8"><span class="Apple-style-span" style="font-size: 13px; line-height: 20px; "><font class="Apple-style-span" face="arial, helvetica, sans-serif">1. Install the atftpd package from the repository.</font></span></div> <div><span class="Apple-style-span" style="font-size: 13px; line-height: 20px; "><font class="Apple-style-span" face="arial, helvetica, sans-serif"><br></font></span></div><div><span class="Apple-style-span" style="font-size: 13px; line-height: 20px; "><font class="Apple-style-span" face="arial, helvetica, sans-serif">apt-get install atftpd</font></span></div> <div><span class="Apple-style-span" style="font-size: 13px; line-height: 20px; "><font class="Apple-style-span" face="arial, helvetica, sans-serif"><br></font></span></div><div><span class="Apple-style-span" style="font-size: 13px; line-height: 20px; "><font class="Apple-style-span" face="arial, helvetica, sans-serif"><br> </font></span></div><div><span class="Apple-style-span" style="line-height: 20px;"><font class="Apple-style-span" face="arial, helvetica, sans-serif">2. Add this line into /etc/inetd.conf:</font></span></div><div><span class="Apple-style-span" style="line-height: 20px;"><font class="Apple-style-span" face="arial, helvetica, sans-serif"><br> </font></span></div><div><div><span class="Apple-style-span" style="line-height: 20px;"><font class="Apple-style-span" face="arial, helvetica, sans-serif">tftp<span class="Apple-tab-span" style="white-space: pre; "> </span>dgram<span class="Apple-tab-span" style="white-space: pre; "> </span>udp4<span class="Apple-tab-span" style="white-space: pre; "> </span>wait<span class="Apple-tab-span" style="white-space: pre; "> </span>nobody /usr/sbin/tcpd /usr/sbin/in.tftpd --tftpd-timeout 300 --retry-timeout 5 --mcast-port 1758 --mcast-addr 239.239.239.0-255 --mcast-ttl 1 --maxthread 100 --verbose=5 /tftpboot</font></span></div> <div style="line-height: 20px; "><font class="Apple-style-span" face="arial, helvetica, sans-serif"><br></font></div><div style="line-height: 20px; "><font class="Apple-style-span" face="arial, helvetica, sans-serif"><br> </font></div><div style="line-height: 20px; "><font class="Apple-style-span" face="arial, helvetica, sans-serif">3. Create /tftpboot directory and change permissions to allow writing to the directory.</font></div><div style="line-height: 20px; "> <font class="Apple-style-span" face="arial, helvetica, sans-serif"><br></font></div><div style="line-height: 20px; "><font class="Apple-style-span" face="arial, helvetica, sans-serif">mkdir /tftpboot</font></div><div style="line-height: 20px; "> <font class="Apple-style-span" face="arial, helvetica, sans-serif">chmod 777 /tftpboot</font></div></div><div><span class="Apple-style-span" style="line-height: 20px; "><font class="Apple-style-span" face="arial, helvetica, sans-serif"><br> </font></span></div><div><span class="Apple-style-span" style="line-height: 20px; "><font class="Apple-style-span" face="arial, helvetica, sans-serif">4. Restart the inetd server. To restart the server on Debian run:</font></span></div> <div><span class="Apple-style-span" style="line-height: 20px; "><font class="Apple-style-span" face="arial, helvetica, sans-serif"><br></font></span></div><div><span class="Apple-style-span" style="line-height: 20px;"><font class="Apple-style-span" face="arial, helvetica, sans-serif">/etc/init.d/openbsd-inetd restart</font></span></div> <div><span class="Apple-style-span" style="line-height: 20px;"><font class="Apple-style-span" face="arial, helvetica, sans-serif"><br></font></span></div><div><span class="Apple-style-span" style="line-height: 20px;"><font class="Apple-style-span" face="arial, helvetica, sans-serif"><br> </font></span></div><div><span class="Apple-style-span" style="line-height: 20px;"><font class="Apple-style-span" face="arial, helvetica, sans-serif">After I followed those steps I was able to connect to the server from my Cisco equipment and transfer files both ways. </font></span></div> <div><span class="Apple-style-span" style="line-height: 20px;"><font class="Apple-style-span" face="arial, helvetica, sans-serif"><br></font></span></div><div><span class="Apple-style-span" style="line-height: 20px;"><font class="Apple-style-span" face="arial, helvetica, sans-serif">You may want to disable the server when you are not actively using it. To do this comment out the line you added to /etc/inetd.conf and restart or stop inetd.</font></span></div> <div><span class="Apple-style-span" style="line-height: 20px;"><font class="Apple-style-span" face="verdana, sans-serif"><br></font></span></div><div><font class="Apple-style-span" face="Verdana, Arial, Helvetica, sans-serif"><span class="Apple-style-span" style="line-height: 20px;"><br> </span></font></div> Kymera IT Services, LLChttp://www.blogger.com/profile/12991062346855725319noreply@blogger.com3tag:blogger.com,1999:blog-70744396833360092.post-71204341053323500262011-02-09T10:25:00.000-05:002011-02-09T10:26:01.077-05:00Changing umask setting for all users<span style="color:rgb(51, 51, 51);font-family:Helvetica, Arial, sans-serif;font-size:13px;line-height:17px"><p style="font-size:10pt;line-height:13pt;color:rgb(51, 51, 51);font-weight:normal;background-color:initial;margin-top:10px;margin-right:0px;margin-bottom:10px;margin-left:0px;padding-top:0px;padding-right:0px;padding-bottom:0px;padding-left:0px;background-repeat:initial initial"> In order to have the umask setting change for all users at login the umask setting in /etc/profile needs to be changed.</p><p style="font-size:10pt;line-height:13pt;color:rgb(51, 51, 51);font-weight:normal;background-color:initial;margin-top:10px;margin-right:0px;margin-bottom:10px;margin-left:0px;padding-top:0px;padding-right:0px;padding-bottom:0px;padding-left:0px;background-repeat:initial initial"> 1. Use text editor to edit /etc/profile. *Note: You need root access to edit this file.</p><p style="font-size:10pt;line-height:13pt;color:rgb(51, 51, 51);font-weight:normal;background-color:initial;margin-top:10px;margin-right:0px;margin-bottom:10px;margin-left:0px;padding-top:0px;padding-right:0px;padding-bottom:0px;padding-left:0px;background-repeat:initial initial"> <b><em>sudo nano -w /etc/profile</em></b></p><p style="font-size:10pt;line-height:13pt;color:rgb(51, 51, 51);font-weight:normal;background-color:initial;margin-top:10px;margin-right:0px;margin-bottom:10px;margin-left:0px;padding-top:0px;padding-right:0px;padding-bottom:0px;padding-left:0px;background-repeat:initial initial"> 2. Edit the umask line located at the end of the file. *Note: This example is setting the umask to allow the owner and group have read/write while others have no permissions.</p><p style="font-size:10pt;line-height:13pt;color:rgb(51, 51, 51);font-weight:normal;background-color:initial;margin-top:10px;margin-right:0px;margin-bottom:10px;margin-left:0px;padding-top:0px;padding-right:0px;padding-bottom:0px;padding-left:0px;background-repeat:initial initial"> <b><em>umask 007</em></b></p><p style="font-size:10pt;line-height:13pt;color:rgb(51, 51, 51);font-weight:normal;background-color:initial;margin-top:10px;margin-right:0px;margin-bottom:10px;margin-left:0px;padding-top:0px;padding-right:0px;padding-bottom:0px;padding-left:0px;background-repeat:initial initial"> 3. Type in <b>Crtl-X</b>, <b>Y</b>, and hit the <b>Enter</b> key to save and exit.</p></span> Kymera IT Services, LLChttp://www.blogger.com/profile/12991062346855725319noreply@blogger.com1tag:blogger.com,1999:blog-70744396833360092.post-92175555918277956062011-02-08T15:49:00.000-05:002011-02-08T15:50:00.646-05:00Changing Subversion revision times<span style="color:rgb(51, 51, 51);font-family:Helvetica, Arial, sans-serif;font-size:13px;line-height:17px"><div style="font-size:10pt;line-height:13pt"> <p style="font-size:10pt;line-height:13pt;color:rgb(51, 51, 51);font-weight:normal;background-color:initial;margin-top:10px;margin-right:0px;margin-bottom:10px;margin-left:0px;padding-top:0px;padding-right:0px;padding-bottom:0px;padding-left:0px;background-repeat:initial initial"> Occasionally revision entries in Subversion will not have a time/date included in the entry. In my experience they are not entered when filtering information from other repositories or converting other types of version control data to Subversion. If you are using Apache2 to handle the authentication errors will appear on the server's /var/log/httpd/error_log that look like this one:</p> <p style="font-size:10pt;line-height:13pt;color:rgb(51, 51, 51);font-weight:normal;background-color:initial;margin-top:10px;margin-right:0px;margin-bottom:10px;margin-left:0px;padding-top:0px;padding-right:0px;padding-bottom:0px;padding-left:0px;background-repeat:initial initial"> <b>[Thu Jan 13 07:31:32 2011] [error] [client 192.168.13.89] Could not access revision times. [500, #0]</b></p><p style="font-size:10pt;line-height:13pt;color:rgb(51, 51, 51);font-weight:normal;background-color:initial;margin-top:10px;margin-right:0px;margin-bottom:10px;margin-left:0px;padding-top:0px;padding-right:0px;padding-bottom:0px;padding-left:0px;background-repeat:initial initial"> *Note* This only appears to be an issue for users and systems that use SVNKit as their Subversion client as most people will still be able to connect with Eclipse and other clients to check in data. Hudson will usually have the most problems with this.</p> <p style="font-size:10pt;line-height:13pt;color:rgb(51, 51, 51);font-weight:normal;background-color:initial;margin-top:10px;margin-right:0px;margin-bottom:10px;margin-left:0px;padding-top:0px;padding-right:0px;padding-bottom:0px;padding-left:0px;background-repeat:initial initial"> <br></p><p style="font-size:10pt;line-height:13pt;color:rgb(51, 51, 51);font-weight:normal;background-color:initial;margin-top:10px;margin-right:0px;margin-bottom:10px;margin-left:0px;padding-top:0px;padding-right:0px;padding-bottom:0px;padding-left:0px;background-repeat:initial initial"> In order to correct the problem the entries with the missing dates will need to be located. This is easily done with the following command string which needs to be run on the Subversion server itself.</p><p style="font-size:10pt;line-height:13pt;color:rgb(51, 51, 51);font-weight:normal;background-color:initial;margin-top:10px;margin-right:0px;margin-bottom:10px;margin-left:0px;padding-top:0px;padding-right:0px;padding-bottom:0px;padding-left:0px;background-repeat:initial initial"> <b>svn log --xml -v -r {2010-12-01T00:00:00Z}:{2011-01-13T15:00:00Z} </b><b>file:///svn/repo</b></p><p style="font-size:10pt;line-height:13pt;color:rgb(51, 51, 51);font-weight:normal;background-color:initial;margin-top:10px;margin-right:0px;margin-bottom:10px;margin-left:0px;padding-top:0px;padding-right:0px;padding-bottom:0px;padding-left:0px;background-repeat:initial initial"> <br></p><p style="font-size:10pt;line-height:13pt;color:rgb(51, 51, 51);font-weight:normal;background-color:initial;margin-top:10px;margin-right:0px;margin-bottom:10px;margin-left:0px;padding-top:0px;padding-right:0px;padding-bottom:0px;padding-left:0px;background-repeat:initial initial"> If there is any issue related to the time on a revision then the following error will be shown when you run the above command.</p><p style="font-size:10pt;line-height:13pt;color:rgb(51, 51, 51);font-weight:normal;background-color:initial;margin-top:10px;margin-right:0px;margin-bottom:10px;margin-left:0px;padding-top:0px;padding-right:0px;padding-bottom:0px;padding-left:0px;background-repeat:initial initial"> <b><?xml version="1.0"?></b></p><p style="font-size:10pt;line-height:13pt;color:rgb(51, 51, 51);font-weight:normal;background-color:initial;margin-top:10px;margin-right:0px;margin-bottom:10px;margin-left:0px;padding-top:0px;padding-right:0px;padding-bottom:0px;padding-left:0px;background-repeat:initial initial"> <b><log></b></p><p style="font-size:10pt;line-height:13pt;color:rgb(51, 51, 51);font-weight:normal;background-color:initial;margin-top:10px;margin-right:0px;margin-bottom:10px;margin-left:0px;padding-top:0px;padding-right:0px;padding-bottom:0px;padding-left:0px;background-repeat:initial initial"> <b>svn: Failed to find time on revision 34534</b></p><p style="font-size:10pt;line-height:13pt;color:rgb(51, 51, 51);font-weight:normal;background-color:initial;margin-top:10px;margin-right:0px;margin-bottom:10px;margin-left:0px;padding-top:0px;padding-right:0px;padding-bottom:0px;padding-left:0px;background-repeat:initial initial"> <br></p><p style="font-size:10pt;line-height:13pt;color:rgb(51, 51, 51);font-weight:normal;background-color:initial;margin-top:10px;margin-right:0px;margin-bottom:10px;margin-left:0px;padding-top:0px;padding-right:0px;padding-bottom:0px;padding-left:0px;background-repeat:initial initial"> The first step in making the necessary corrections is to edit the /svn/repos/mosaic/hooks/post-revprop-change file so that it contains the following information.</p><p style="font-size:10pt;line-height:13pt;color:rgb(51, 51, 51);font-weight:normal;background-color:initial;margin-top:10px;margin-right:0px;margin-bottom:10px;margin-left:0px;padding-top:0px;padding-right:0px;padding-bottom:0px;padding-left:0px;background-repeat:initial initial"> <b>#!/bin/sh</b><br><b>exit 0</b></p><p style="font-size:10pt;line-height:13pt;color:rgb(51, 51, 51);font-weight:normal;background-color:initial;margin-top:10px;margin-right:0px;margin-bottom:10px;margin-left:0px;padding-top:0px;padding-right:0px;padding-bottom:0px;padding-left:0px;background-repeat:initial initial"> <b><br></b></p><p style="font-size:10pt;line-height:13pt;color:rgb(51, 51, 51);font-weight:normal;background-color:initial;margin-top:10px;margin-right:0px;margin-bottom:10px;margin-left:0px;padding-top:0px;padding-right:0px;padding-bottom:0px;padding-left:0px;background-repeat:initial initial"> If the previous steps had not be performed the hook files would have prevented this step from actually occurring. So to make the change to the revision entry the svn command is used on the server itself using the propset subcommand. When entering the date try to select a date that is in between the dates that proceed and follow this revision entry.</p> <p style="font-size:10pt;line-height:13pt;color:rgb(51, 51, 51);font-weight:normal;background-color:initial;margin-top:10px;margin-right:0px;margin-bottom:10px;margin-left:0px;padding-top:0px;padding-right:0px;padding-bottom:0px;padding-left:0px;background-repeat:initial initial"> svn propset -r34534 --revprop svn:date '2010-11-29T19:55:44.000220Z' file:///svn/repo</p><p style="font-size:10pt;line-height:13pt;color:rgb(51, 51, 51);font-weight:normal;background-color:initial;margin-top:10px;margin-right:0px;margin-bottom:10px;margin-left:0px;padding-top:0px;padding-right:0px;padding-bottom:0px;padding-left:0px;background-repeat:initial initial"> <br></p><p style="font-size:10pt;line-height:13pt;color:rgb(51, 51, 51);font-weight:normal;background-color:initial;margin-top:10px;margin-right:0px;margin-bottom:10px;margin-left:0px;padding-top:0px;padding-right:0px;padding-bottom:0px;padding-left:0px;background-repeat:initial initial"> If the command is successful then following message will appear.</p><p style="font-size:10pt;line-height:13pt;color:rgb(51, 51, 51);font-weight:normal;background-color:initial;margin-top:10px;margin-right:0px;margin-bottom:10px;margin-left:0px;padding-top:0px;padding-right:0px;padding-bottom:0px;padding-left:0px;background-repeat:initial initial"> <b>property 'svn:date' set on repository revision 34534</b></p><p style="font-size:10pt;line-height:13pt;color:rgb(51, 51, 51);font-weight:normal;background-color:initial;margin-top:10px;margin-right:0px;margin-bottom:10px;margin-left:0px;padding-top:0px;padding-right:0px;padding-bottom:0px;padding-left:0px;background-repeat:initial initial"> <br></p><p style="font-size:10pt;line-height:13pt;color:rgb(51, 51, 51);font-weight:normal;background-color:initial;margin-top:10px;margin-right:0px;margin-bottom:10px;margin-left:0px;padding-top:0px;padding-right:0px;padding-bottom:0px;padding-left:0px;background-repeat:initial initial"> After that re-run the svn log command to verify there are no further entries that will cause errors. If there are none that the Subversion server are registering then you should see all of the log entries for that time period displayed. This is not always a positive indication. It has been my experience that Subversion does not always register an error for all missing date entries. The best way to find out if there are any missing date entries is to copy the output of the svn log command to a searchable text document where <date></date> can be searched for. If there are no other missing dates in the log then the final steps are to reverse the changes made to hook files and return them to their previous state</p> </div></span> Kymera IT Services, LLChttp://www.blogger.com/profile/12991062346855725319noreply@blogger.com0tag:blogger.com,1999:blog-70744396833360092.post-58313409585861320322011-02-07T23:28:00.002-05:002011-02-07T23:40:55.195-05:00Setting InnoDB as the default MySQL Engine<div class="gmail_quote"><div class="gmail_quote">In order to set InnoDB as the default storage engine in MySQL version 5.0.x the process is simple.<br />
<div><br />
</div><div>Open the my.cnf file in a text editor such as vi. If the following line is in the config it should be commented out or deleted:</div><div><br />
</div><div><i>skip-innodb</i></div><div><br />
</div><div>Add this line under <i>[mysqld]</i> to make InnoDB the default engine:</div><div><br />
</div><div>default-table-type=innodb</div><div><br />
</div><div>Save the file and restart mysqld.</div><div><br />
</div><div>To verify that the default has been changed from MyISAM to InnoDB login to MySQL and run the following:</div><div><br />
</div><div><i>show engines;</i></div><div><i><br />
</i></div><div>You should see that InnoDB is now the default.</div><div><br />
</div><div><div><i>+------------+---------+----------------------------------------------------------------+</i></div><div><i>| Engine | Support | Comment |</i></div><div><i>+------------+---------+----------------------------------------------------------------+</i></div><div><i>| MyISAM | YES | Default engine as of MySQL 3.23 with great performance | </i></div><div><i>| MEMORY | YES | Hash based, stored in memory, useful for temporary tables | </i></div><div><i><b>| InnoDB | DEFAULT | Supports transactions, row-level locking, and foreign keys | </b></i></div><div><i>| BerkeleyDB | YES | Supports transactions and page-level locking | </i></div><div><i>| BLACKHOLE | NO | /dev/null storage engine (anything you write to it disappears) | </i></div><div><i>| EXAMPLE | NO | Example storage engine | </i></div><div><i>| ARCHIVE | NO | Archive storage engine | </i></div><div><i>| CSV | NO | CSV storage engine | </i></div><div><i>| ndbcluster | NO | Clustered, fault-tolerant, memory-based tables | </i></div><div><i>| FEDERATED | NO | Federated MySQL storage engine | </i></div><div><i>| MRG_MYISAM | YES | Collection of identical MyISAM tables | </i></div><div><i>| ISAM | NO | Obsolete storage engine | </i></div><div><i>+------------+---------+----------------------------------------------------------------+</i></div></div><div><br />
</div></div></div>Kymera IT Services, LLChttp://www.blogger.com/profile/12991062346855725319noreply@blogger.com1tag:blogger.com,1999:blog-70744396833360092.post-800586950049720792011-02-06T23:33:00.001-05:002011-02-06T23:33:24.456-05:00Increasing VMware virtual disks in Linux<div class="gmail_quote">The process of increasing a VMware virtual disk in Linux is fairly straight forward. I have VMware Workstation 7 installed and it comes with the tool vmware-vdiskmanager which is what I will use to grow the virtual disk. To perform a size increase of 300GB run the following command:<div> <br></div><div>vmware-vdiskmanager -x 300GB virtual-disk-name.vmdk</div> </div><br> Kymera IT Services, LLChttp://www.blogger.com/profile/12991062346855725319noreply@blogger.com0tag:blogger.com,1999:blog-70744396833360092.post-73805802905459938872011-02-06T23:31:00.000-05:002011-02-06T23:32:01.061-05:00Manually installing Sun JDK in Debian/Ubuntu<div class="gmail_quote"><span style="font-family:Verdana, Arial, Tahoma;font-size:12px"><div><span style="font-family:Verdana, Arial, Tahoma;font-size:12px">In order to manually install the JDK .bin file and change the default Java directory you need to do the following.</span></div> <div><span style="font-family:Verdana, Arial, Tahoma;font-size:12px"><br></span></div>1. Download the jdk-****.bin installer (I am using jdk-1.6.0_20-linux-i586.bin) to your download directory (I am using /home/myaccount/downloads)</span><div> <span style="font-family:Verdana, Arial, Tahoma;font-size:12px"><br></span></div><div><span style="font-family:Verdana, Arial, Tahoma;font-size:12px">2. Run:<br> <br>cd /opt</span></div><div><span style="font-family:Verdana, Arial, Tahoma;font-size:12px">sudo sh /home/myaccount/downloads/jdk-1.6.0_20-linux-i586.bin<br><br></span></div><div><span style="font-family:Verdana, Arial, Tahoma;font-size:12px">3. Hit the spacebar a few times and type <b>yes</b> when prompted.<br> <br>4. Run:</span></div><div><span style="font-family:Verdana, Arial, Tahoma;font-size:12px"><br></span></div><div><span style="font-family:Verdana, Arial, Tahoma;font-size:12px">update-alternatives --install /usr/bin/java java /opt/jdk1.6.0_20/bin/java 500<br> <br>update-alternatives --set java /opt/jdk1.6.0_20/bin/java<br><b>OR</b><br>update-alternatives --config java<br><br><b>**Note:</b> The --set option will not prompt you while the --config option will present you with a list of option.<br> <font face="arial"><span style="font-size:small"><br></span></font></span> </div> </div><br> Kymera IT Services, LLChttp://www.blogger.com/profile/12991062346855725319noreply@blogger.com0tag:blogger.com,1999:blog-70744396833360092.post-54453949945658544922011-02-06T23:25:00.002-05:002011-02-06T23:26:15.198-05:00Changing Hudson Context Path on CentOS<div class="gmail_quote">I have recently had to setup Hudson running on a CentOS server as well as some other web based applications. I found that in order to get Apache to proxy Hudson I had to change the context path for Hudson. <br />
<div><br />
</div><div>Now I simply used the Hudson repository for RedHat/Fedora/CentOS (<a href="http://hudson-ci.org/redhat/" target="_blank">http://hudson-ci.org/redhat/</a>) so I didn't just unpack Hudson on the system and go from there. That being said the installation files were spread across the file system. The file that needs to be edited in order to change the context path is: /etc/sysconfig/hudson </div><div><br />
</div><div>To change the context path simply add --prefix=/hudson to the value of that variable like this:</div><div><br />
</div><div><b>HUDSON_ARGS="--prefix=/hudson"</b></div><div><b><br />
</b></div><div><b><br />
</b></div><div>For more information on setting up Apache to proxy Hudson here are a couple of links that I found helpful though geared toward Ubuntu:</div><div><br />
</div><div><a href="http://wiki.hudson-ci.org/display/HUDSON/Running+Hudson+behind+Apache" target="_blank">http://wiki.hudson-ci.org/display/HUDSON/Running+Hudson+behind+Apache</a></div><div><a href="http://www.zzorn.net/2009/11/setting-up-hudson-on-port-80-on-debian.html" target="_blank">http://www.zzorn.net/2009/11/setting-up-hudson-on-port-80-on-debian.html</a></div></div>Kymera IT Services, LLChttp://www.blogger.com/profile/12991062346855725319noreply@blogger.com2