Friday, March 30, 2018

Wildfly file upload and download with Primefaces

Sample application available here read BalusC comments

in pom.xml add this:

in web.xml add this:

    <filter-name>PrimeFaces FileUpload Filter</filter-name>
    <filter-name>PrimeFaces FileUpload Filter</filter-name>
    <servlet-name>Faces Servlet</servlet-name>

If you get this error:

io.undertow.server.RequestTooBigException: UT000020: Connection terminated as request was larger than 10485760

change the max-post-size parameter:

Configuration: Subsystems Subsystem: Web/HTTP - Undertow Settings: HTTP

<subsystem xmlns="urn:jboss:domain:undertow:5.0">
<buffer-cache name="default"/>
<server name="default-server">
<http-listener name="default" socket-binding="http" max-post-size="1000000000" redirect-socket="https" enable-http2="true"/>

Missing features: enable streaming for large files, show progress bar

Wednesday, March 28, 2018

Nexus 3 as a Docker GROUP around a proxy and 2 hosted repos

We want to provide this setup:

dockergroup repository, "covering" a dockerproxy repo (proxy to docker hub) and 2 hosted repos

Each repo will have its own http port!

1) create these blob stores dockergroup, dockerproxy, dockerhosted1, dockerhosted2 (it's better to have a separate blob store per repo.... beware, the dockergroup blobstore will always stay empty, all the actual store is done in the proxy and hosted repos)

2) create repo dockerproxy,format docker, HTTP port 8084, HTTPS 8484, Enable Docker V1 API, remote storage , Docker Index "User Docker Hub"

3) create repo dockerhosted1 (blob dockerhosted1, port http 8082 https 8482) and dockerhosted2 (blob dockerhosted2 port http 8083 https 8483)

4) create repo dockergroup (blob dockergroup, http 8085 https 8485) with members dockerproxy, dockerhosted1, dockerhosted2

Now when you want to PULL images, you should login into dockergroup (8085) or into dockerproxy (8084).
To PUSH images to your HOSTED, you have to login directly into the dockerhosted1 (8082) or dockerhosted2 (8083). PUSHing to the dockergroup will not work, he has no means to ROUTE the image to dockerhosted1 or dockerhosted2 based on some rule.... This is quite a pity indeed, it would be nice if a group had some routing facilities.

Nexus repository administration automation

On the whole, it doesn't seem Sonatype is taking it very seriously. As usual, documentation is scattered everywhere, some automation tools exist but who knows if they are even supported. I think most users simply do everything manually in the Nexus web console :o((((

http://localhost:8081/swagger-ui was working in 3.5 , now in 3.9 you must enter http://localhost:8081/swagger-ui/#/ (see )

If you want to automate the creation of repositories, swagger exposes you only "list repos" http://localhost:8081/swagger-ui/#!/repositories/getRepositories

Interesting articles :

Generic nexus-cli to manage Nexus in Groovy scripts

Interesting nexus-cli to manage Docker images in Nexus

Sunday, March 25, 2018

h2 remote

./ -tcpAllowOthers -webAllowOthers

Web Console server running at http://localhost:8082 (others can connect)
Failed to start a browser to open the URL http://localhost:8082: Browser detection failed and system property h2.browser not set
TCP server running at tcp://localhost:9092 (others can connect)
PG server running at pg://localhost:5435 (only local connections)

At this point you can connect remotely to the console (even if it says "localhost") and you can specify a remote tcp url in your datasource:


When using h2, don't forget to use

<property name="hibernate.dialect" value="org.hibernate.dialect.H2Dialect"/>

in your persistence.xml
(see )

VirtualBox Centos7 high CPU for VBoxClient process

The issue is reported here

Occasionally the VBoxClient eats 100% CPU forever - which affects greatly also the host performance - and the only way to stop it is to shut down the VM.

I have: disabled drag-and-drop, disabled shared folder and simply "kill -9" the process - this seems to cause no side effects.

Installing Docker Java and Wildfly on DigitalOcean Centos7 droplet

Login as root

yum check-update
curl -fsSL | sh
sudo usermod -aG docker centos
sudo systemctl start docker
sudo systemctl status docker
sudo systemctl enable docker
#make sure that user centos exists
sudo su - centos // then exit
#download and copy here the jdk
tar -xzvf jdk-8u161-linux-x64.tar.gz -C /opt/
alternatives --install /usr/bin/java java /opt/jdk1.8.0_161/bin/java 2
alternatives --config java
alternatives --install /usr/bin/jar jar /opt/jdk1.8.0_161/bin/jar 2
alternatives --install /usr/bin/javac javac /opt/jdk1.8.0_161/bin/javac 2
alternatives --set jar /opt/jdk1.8.0_161/bin/jar
alternatives --set javac /opt/jdk1.8.0_161/bin/javac
java -version

vi /etc/profile.d/

if ! echo ${PATH} | grep -q /opt/jdk1.8.0_161/bin ; then
   export PATH=/opt/jdk1.8.0_161/bin:${PATH}
if ! echo ${PATH} | grep -q /opt/jdk1.8.0_161/jre/bin ; then
   export PATH=/opt/jdk1.8.0_161/jre/bin:${PATH}
export JAVA_HOME=/opt/jdk1.8.0_161
export JRE_HOME=/opt/jdk1.8.0_161/jre
export CLASSPATH=.:/opt/jdk1.8.0_161/lib/tools.jar:/opt/jdk1.8.0_161/jre/lib/rt.jar

vi /etc/profile.d/java.csh

if ( "${path}" !~ */opt/jdk1.8.0_161/bin* ) then
   set path = ( /opt/jdk1.8.0_161/bin $path )
if ( "${path}" !~ */opt/jdk1.8.0_161/jre/bin* ) then
    set path = ( /opt/jdk1.8.0_161/jre/bin $path )
setenv JAVA_HOME /opt/jdk1.8.0_161
setenv JRE_HOME /opt/jdk1.8.0_161/jre
setenv CLASSPATH .:/opt/jdk1.8.0_161/lib/tools.jar:/opt/jdk1.8.0_161/jre/lib/rt.jar

chmod 755 /etc/profile.d/
chmod 755 /etc/profile.d/java.csh
curl -O
yum install unzip
unzip -d /opt/
vi /opt/wildfly-10.1.0.Final/bin/standalone.conf
vi /etc/profile
#set the right IP address
vi /opt/wildfly-10.1.0.Final/standalone/configuration/standalone.xml
cd /opt/wildfly-10.1.0.Final/bin/

chown -R centos:centos /opt/wildfly-10.1.0.Final/

su - centos
#start wildfly
cd /opt/wildfly-10.1.0.Final/bin

Create these entries in your /home/centos/.bash_profile

export WF_BIN=/opt/wildfly-10.1.0.Final/bin/
export WF_DEP=/opt/wildfly-10.1.0.Final/standalone/deployments/
export WF_TMP=/opt/wildfly-10.1.0.Final/standalone/tmp/
export WF_LOG=/opt/wildfly-10.1.0.Final/standalone/log/
alias STARTWF="cd $WF_BIN; nohup ./ 2>&1 > standalone.log &"

Saturday, March 24, 2018

Maven/Eclipse Horror Show

I have updated recently my Maven binaries, of course I forgot to change The "User Settings" property in Eclipse to point to the new location of the settings.xml.

Of course Eclipse silently fails to report the issue (unless you go and open the Maven tab in Preferences)

And all of a sudden nothing works and when I open my pom.xml I get this:

Project build error: Non-resolvable parent POM for org.wildfly.quickstarts:quickstart-parent:13.0.0-SNAPSHOT: Could not transfer artifact org.jboss:jboss-parent:pom:25 from/to jboss-enterprise-maven-repository ( NullPointerException and 'parent.relativePath' points at no local POM

Working with Maven and Eclipse I feel young again.... it feels like the 1985 - actually my Pascal compiler on Apple II was far more sophisticated that these modern products.

Thursday, March 22, 2018

WinSCP plugin for Far Manager no longer supported

I love Far Manager for its very quick, keyboard driven interface. It has been my favorite workhorse for at least 15 years.

Now unfortunately I can no longer use it to connect to a Centos VB with WinSCP plugin, I keep getting:

"expected key exchange group packet from server"

I discovered that now it's replaced by NetBox plugin:

Just do F11 (Plugin) , Netbox and you connect on port 2222 (forwarding of port 22 in VirtualBox) with centos/centos


Using Nexus 3 as a Docker registry Proxy

If you are behind a firewall, you need to open :

As explained here I run

docker run -d -p 8081:8081 -p 8082:8082 --name nexus sonatype/nexus3

You can open http://localhost:8081/ and login as admin/admin123

At this point, Docker is still not setup in Nexus:

In Nexus console, create a new Docker Proxy repo name "dockerproxy" , URL "", Docker index "use docker hub". Also, "enable docker v1 api" checkbox. Choose port HTTP 8082 (it will accept logins only on port 8082, not on 8081!)

You should be able to see its (empty for now) index here http://localhost:8081/service/rest/repository/browse/dockerproxy/

To configure your docker engine to communicate to the registry:

sudo vi /etc/docker/daemon.json

Add this line:

{"insecure-registries" : [ "localhost:8081", "localhost:8082" ]}

Restart Docker Daemon:

sudo systemctl daemon-reload

sudo systemctl restart docker

docker login localhost:8081

Username: admin
Error response from daemon: login attempt to http://localhost:8081/v2/ failed with status: 404 Not Found

docker login localhost:8082

Username: admin
Login Succeeded

Tag and push your first image:

#check your local images

docker images

#log into nexus registry

docker --debug=true login localhost:8082 -u admin -p admin123

sudo docker run localhost:8082/hello-world

You can also create a hosted Docker repository, better if you create a user pippo/pippo and give it access to the Repository,

then "docker login localhost:8082 -u pippo -p pippo" and to push something
docker tag <image>:<tag> localhost:8082/<image>:<tag> #example: docker tag service:1.2 localhost:8082/service:1.2

#push your tagged image to nexus
docker push localhost:8082/service:1.2


Check what happens in nexus, in request.log (in /nexus-data/log) I see all HTTP requests issued by docker: - - [21/Mar/2018:10:28:19 +0000] "GET /v2/ HTTP/1.1" 404 1783 8 "docker/18.03.0-ce-rc4 go/go1.9.4 git-commit/fbedb97 kernel/3.10.0-693.21.1.el7.x86_64 os/linux arch/amd64 UpstreamClient(Docker-Client/18.03.0-ce-rc4 \(linux\))"

Wednesday, March 21, 2018

Downgrade from Docker 18 to Docker 1.12

sudo yum remove docker docker-client docker-client-latest docker-common docker-latest docker-latest-logrotate docker-logrotate docker-selinux docker-engine-selinux docker-engine
yum list installed | grep docker

THIS IS NOT WORKING (it installs Docker 18 !!!)

sudo yum -y update
sudo yum -y install yum-utils
sudo yum-config-manager --add-repo
sudo yum -y update
# yum search --showduplicates docker-engine
sudo yum -y --nogpgcheck install docker-engine-1.12.6-1.el7.centos.x86_64
sudo systemctl enable docker
sudo systemctl start docker
yum list installed | grep docker
docker version

sudo yum remove docker docker-client docker-client-latest docker-common docker-latest docker-latest-logrotate docker-logrotate docker-selinux docker-engine-selinux docker-engine
yum list installed | grep docker
sudo yum install -y libtool-ltdl libseccomp
mkdir docker
cd docker
wget \
sudo rpm -ivh docker-engine-1.12.6-1.el7.centos.x86_64.rpm docker-engine-selinux-1.12.6-1.el7.centos.noarch.rpm
yum list installed | grep docker
sudo systemctl start docker
sudo systemctl enable docker
docker version

Upgrade docker to version 18 on Centos

For stability love I was sticking to docker 1.12....
Several new features are interesting, so I am upgrading...
This link
is really useful

This is what I have done:

docker version
sudo yum remove docker docker-common docker-selinux docker-engine
sudo yum remove docker docker-client docker-client-latest docker-common docker-latest docker-latest-logrotate docker-logrotate docker-selinux docker-engine-selinux docker-engine
sudo yum install -y yum-utils device-mapper-persistent-data lvm2
sudo yum-config-manager --add-repo
sudo yum-config-manager --enable docker-ce-edge
sudo yum-config-manager --enable docker-ce-test
sudo yum install docker-ce
docker version

Version: 18.03.0-ce-rc4
API version: 1.37
Go version: go1.9.4
Git commit: fbedb97
Built: Thu Mar 15 07:40:24 2018
OS/Arch: linux/amd64
Experimental: false
Orchestrator: swarm
Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?

oops I forgot to start and enable:

sudo systemctl start docker
sudo systemctl enable docker
Created symlink from /etc/systemd/system/ to /usr/lib/systemd/system/docker.service.

docker version

Version: 18.03.0-ce-rc4
API version: 1.37
Go version: go1.9.4
Git commit: fbedb97
Built: Thu Mar 15 07:40:24 2018
OS/Arch: linux/amd64
Experimental: false
Orchestrator: swarm

Version: 18.03.0-ce-rc4
API version: 1.37 (minimum version 1.12)
Go version: go1.9.4
Git commit: fbedb97
Built: Thu Mar 15 07:44:03 2018
OS/Arch: linux/amd64
Experimental: false

sudo systemctl status docker

[sudo] password for centos:
● docker.service - Docker Application Container Engine
Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled; vendor preset: disabled)
Active: active (running) since Wed 2018-03-21 09:58:07 CET; 1h 25min ago
Main PID: 19616 (dockerd)
Tasks: 47
Memory: 55.7M
CGroup: /system.slice/docker.service
├─19616 /usr/bin/dockerd
├─19631 docker-containerd --config /var/run/docker/containerd/containerd.toml
├─20235 /usr/bin/docker-proxy -proto tcp -host-ip -host-port 8081 -container-ip -container-port 8081
└─20241 docker-containerd-shim -namespace moby -workdir /var/lib/docker/containerd/daemon/io.containerd.runtime.v1.linux/moby/d510b3bfdff1a6ff247d08f101c463fa2c496ea52ff6f822c5cc8736b8d04b81 -addre...

Mar 21 09:58:04 localhost.localdomain dockerd[19616]: time="2018-03-21T09:58:04.569448393+01:00" level=info msg="[graphdriver] using prior storage driver: devicemapper"
Mar 21 09:58:05 localhost.localdomain dockerd[19616]: time="2018-03-21T09:58:05.554399630+01:00" level=info msg="Graph migration to content-addressability took 0.00 seconds"
Mar 21 09:58:05 localhost.localdomain dockerd[19616]: time="2018-03-21T09:58:05.559942092+01:00" level=info msg="Loading containers: start."
Mar 21 09:58:06 localhost.localdomain dockerd[19616]: time="2018-03-21T09:58:06.971793300+01:00" level=info msg="Default bridge (docker0) is assigned with an IP address Daemon opti...d IP address"
Mar 21 09:58:07 localhost.localdomain dockerd[19616]: time="2018-03-21T09:58:07.568225034+01:00" level=info msg="Loading containers: done."
Mar 21 09:58:07 localhost.localdomain dockerd[19616]: time="2018-03-21T09:58:07.634962555+01:00" level=info msg="Docker daemon" commit=fbedb97 graphdriver(s)=devicemapper version=18.03.0-ce-rc4
Mar 21 09:58:07 localhost.localdomain dockerd[19616]: time="2018-03-21T09:58:07.635202601+01:00" level=info msg="Daemon has completed initialization"
Mar 21 09:58:07 localhost.localdomain dockerd[19616]: time="2018-03-21T09:58:07.682479847+01:00" level=info msg="API listen on /var/run/docker.sock"
Mar 21 09:58:07 localhost.localdomain systemd[1]: Started Docker Application Container Engine.
Mar 21 10:04:44 localhost.localdomain dockerd[19616]: time="2018-03-21T10:04:44+01:00" level=info msg="shim docker-containerd-shim started" address="/containerd-shim/moby/d510b3bfdff1a6ff247d08f1...ks" pid=20241
Hint: Some lines were ellipsized, use -l to show in full.

Friday, March 16, 2018

Jenkins pipelines Jenkins code completion in Eclipse (doh! Who would have thought of using a IDE to write code! The new frontier is write pipeline code in a browser on a github tab.... next they will ask you to write pcode in hex format... then we will eat bananas on trees again)

picture 1: Jenkins developers discussing the use of Notepad to improve coding experience

picture 2: Jenkins developers celebrate their first successful Scripted pipeline

picture 3: Jenkins developers discover IDE

Thursday, March 15, 2018


ls -ltra /var/run/docker.sock
srw-rw----. 1 root docker 0 Feb 12 15:49 /var/run/docker.sock "s" stands for Unix socket

Communication between a Docker container and Docker daemon can happen via this socket (see Portainer and "docker in docker"
excellent explanation of the /var/run/docker.sock

This REST call via /var/run/docker.sock will create a cointainer:

docker pull nginx:latest
curl -H "Content-Type: application/json" -X POST --unix-socket /var/run/docker.sock -d '{"Image":"nginx"}' http://localhost/containers/create


This PRICELESS command, run on the host, can trace all the events handled by the docker daemon:

curl --unix-socket /var/run/docker.sock http://localhost/events

Jenkins console

interesting presentation (skip first 9 minutes)


println "I hacked you"
new File('/etc/passwd').text

println "${Jenkins.instance.root}"

"ls -ltr /".execute().text


on Jenkins CLI

the scripts by Sam

Sunday, March 11, 2018

dind docker in docker , permission denied on /var/run/docker.sock

Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get http://%2Fvar%2Frun%2Fdocker.sock/v1.33/version: dial unix /var/run/docker.sock: connect: permission denied

ls -alh /var/run/docker.sock
srw-rw----. 1 root docker 0 Mar 11 15:45 /var/run/docker.sock

doing "chmod 777 /var/run/docker.sock" doesn't help

on the host:

docker version
Version: 1.12.6
API version: 1.24

in the container:

docker version
Version: 17.10.0-ce
API version: 1.33

The problem went away by installing on the host the latest docker version as per

Thursday, March 1, 2018


Priceless wiki

#disable DAC (must be root), will only log rule violations
setenforce 0
#enable it
setenforce 1

#display info
cat /etc/selinux/config

DAC and MAC (discretionary and mandatory access control). First DAC is applied, then MAC (if DAC succeeds).
#list user, role, type, level
ls -Z myfile

Access Vector Cache (AVC)

#view SELinux-Linux user mappings
semanage login -l

#view the SELinux context for processes
ps -eZ

#view SELinux context associated to your user
id -Z

#label a file with a type (transient)
chcon -t

#permanent relabeling of file

#restore default context for process

In Apache, if you get this:

[Tue Feb 27 14:11:52.105495 2018] [core:error] [pid 41356] (13)Permission denied: [client] AH00035: access to /index.html denied (filesystem path '/path/to/home') because search permissions are missing on a component of the path


ps -efZ | grep http

and check the httpd process, on which TYPE (httpd_t) it's running:

system_u:system_r:httpd_t:s0 root 37203 1 0 Feb28 ? 00:00:03 /usr/sbin/httpd -DFOREGROUND
system_u:system_r:httpd_t:s0 apache 37206 37203 0 Feb28 ? 00:00:00 /usr/sbin/httpd -DFOREGROUND

then you have to change the type of your file to be served

ls -Z /path/to/index.html
-rw-r--r--. admrun admrun unconfined_u:object_r:default_t:s0 /path/to/index.html

then you do

chcon -t httpd_t /path/to/index.html

if you get

chcon: failed to change context of "/path/to/myfile" to "˜unconfined_u:object_r:httpd_t:s": Permission denied

it's because httpd_t is a PROCESS type, not a FILE type ( see )

see here complete documentation of types

However it's better to change the context for the folder rather than for the individual files:

# semanage fcontext -a -t httpd_sys_content_t "/path/to(/.*)?"
# restorecon -R -v /path/to

see also "man semanage-fcontext" and

in Puppet (pueah) you can use and a clause like:

selinux::fcontext { '/path/to':
path => '/path/to(/.*)?',
setype => 'httpd_sys_content_t',