Thursday, November 29, 2018

Nexus repo validates Docker images on production.cloudflare.docker.com

In Nexus logs I find a lot of calls to production.cloudflare.docker.com:



2018-11-05 14:13:43,416+0100 DEBUG [qtp72695066-56] ADV org.sonatype.nexus.httpclient.outbound - https://production.cloudflare.docker.com/registry-v2/docker/registry/v2/blobs/sha256/4f/4fe2ade4980c2dda4fc95858ebb981489baec8c1e4bd282ab1c3560be8ff9bde/data?verify=1541426623-n%2BHbbRXN3Rr4k6Bxofrsv6tRVFw%3D > GET /registry-v2/docker/registry/v2/blobs/sha256/4f/4fe2ade4980c2dda4fc95858ebb981489baec8c1e4bd282ab1c3560be8ff9bde/data?verify=1541426623-n%2BHbbRXN3Rr4k6Bxofrsv6tRVFw%3D HTTP/1.1
2018-11-05 14:13:43,416+0100 DEBUG [qtp72695066-56] ADV org.sonatype.nexus.internal.httpclient.SharedHttpClientConnectionManager - Connection request: [route: {tls}->http://ourproxy:8080->https://production.cloudflare.docker.com:443][total kept alive: 1; route allocated: 0 of 20; total allocated: 3 of 200]
2018-11-05 14:13:43,417+0100 DEBUG [qtp72695066-56] ADV org.sonatype.nexus.internal.httpclient.SharedHttpClientConnectionManager - Connection leased: [id: 18][route: {tls}->http://ourproxy:8080->https://production.cloudflare.docker.com:443][total kept alive: 1; route allocated: 1 of 20; total allocated: 4 of 200]
2018-11-05 14:13:43,475+0100 DEBUG [qtp72695066-4467] ADV org.sonatype.nexus.httpclient.outbound - https://auth.docker.io/token?service=registry.docker.io&scope=repository:library/alpine:pull < HTTP/1.1 200 OK @ 129.8 ms 2018-11-05 14:13:43,475+0100 DEBUG [qtp72695066-4467] ADV org.sonatype.nexus.repository.docker.internal.DockerProxyFacetImpl - Response: HttpResponseProxy{HTTP/1.1 200 OK [Content-Type: application/json, Date: Mon, 05 Nov 2018 13:13:43 GMT, Transfer-Encoding: chunked, Strict-Transport-Security: max-age=31536000, Connection: Keep-Alive] ResponseEntityProxy{[Content-Type: application/json,Chunked: true]}}


we access internet via a Proxy Server ourproxy, which doesn't whitelist production.cloudflare.docker.com

each of them creates a file in $NEXUS_DATA/tmp/docker-content-validation-failures with an "access denied" message from ourproxy

Here https://forums.docker.com/t/corporate-firewall-remote-error-tls-handshake-failure/52965 they say we should also whitelist production.cloudflare.docker.com

I have no idea if the "docker pull" will fail, or if this "validation" can be disabled...




See also https://support.sonatype.com/hc/en-us/articles/115015442847-Whitelisting-Docker-Hub-Hosts-for-Firewalls-and-HTTP-Proxy-Servers

Nexus repository location of license

If you move your Nexus repository to a new machine, it's quite annoying to have to reinstall the license file.

The trick is to clone the folder ~/.java/.userPrefs, specifically the license is embedded in

~/.java/.userPrefs/com/sonatype/nexus/professional/prefs.xml

and it's common for Nexus2 and Nexus3

I had searched everywhere for a .lic file, to no avail of course.


This is also documented here https://support.sonatype.com/hc/en-us/articles/115000779668-Methods-to-Install-a-Nexus-Repository-Manager-3-License

java showSettings

This is a priceless feature to display all the settings of the JVM, together with -XX:+PrintCommandLineFlags it can show a world of hidden stuff.


java -XX:+PrintCommandLineFlags -version
-XX:InitialHeapSize=261069952 -XX:MaxHeapSize=4177119232 -XX:+PrintCommandLineFlags -XX:+UseCompressedClassPointers -XX:+UseCompressedOops -XX:+UseParallelGC 
openjdk version "1.8.0_191"
OpenJDK Runtime Environment (build 1.8.0_191-b12)
OpenJDK 64-Bit Server VM (build 25.191-b12, mixed mode)





java -XshowSettings:all -version


  
VM settings:
    Max. Heap Size (Estimated): 3.46G
    Ergonomics Machine Class: server
    Using VM: OpenJDK 64-Bit Server VM

Property settings:
    awt.toolkit = sun.awt.X11.XToolkit
    file.encoding = UTF-8
    file.encoding.pkg = sun.io
    file.separator = /
    java.awt.graphicsenv = sun.awt.X11GraphicsEnvironment
    java.awt.printerjob = sun.print.PSPrinterJob
    java.class.path = .
    java.class.version = 52.0
    java.endorsed.dirs = /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.191.b12-0.el6_10.x86_64/jre/lib/endorsed
    java.ext.dirs = /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.191.b12-0.el6_10.x86_64/jre/lib/ext
        /usr/java/packages/lib/ext
    java.home = /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.191.b12-0.el6_10.x86_64/jre
    java.io.tmpdir = /tmp
    java.library.path = /usr/java/packages/lib/amd64
        /usr/lib64
        /lib64
        /lib
        /usr/lib
    java.runtime.name = OpenJDK Runtime Environment
    java.runtime.version = 1.8.0_191-b12
    java.specification.name = Java Platform API Specification
    java.specification.vendor = Oracle Corporation
    java.specification.version = 1.8
    java.vendor = Oracle Corporation
    java.vendor.url = http://java.oracle.com/
    java.vendor.url.bug = http://bugreport.sun.com/bugreport/
    java.version = 1.8.0_191
    java.vm.info = mixed mode
    java.vm.name = OpenJDK 64-Bit Server VM
    java.vm.specification.name = Java Virtual Machine Specification
    java.vm.specification.vendor = Oracle Corporation
    java.vm.specification.version = 1.8
    java.vm.vendor = Oracle Corporation
    java.vm.version = 25.191-b12
    line.separator = \n 
    os.arch = amd64
    os.name = Linux
    os.version = 2.6.32-754.el6.x86_64
    path.separator = :
    sun.arch.data.model = 64
    sun.boot.class.path = /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.191.b12-0.el6_10.x86_64/jre/lib/resources.jar
        /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.191.b12-0.el6_10.x86_64/jre/lib/rt.jar
        /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.191.b12-0.el6_10.x86_64/jre/lib/sunrsasign.jar
        /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.191.b12-0.el6_10.x86_64/jre/lib/jsse.jar
        /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.191.b12-0.el6_10.x86_64/jre/lib/jce.jar
        /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.191.b12-0.el6_10.x86_64/jre/lib/charsets.jar
        /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.191.b12-0.el6_10.x86_64/jre/lib/jfr.jar
        /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.191.b12-0.el6_10.x86_64/jre/classes
    sun.boot.library.path = /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.191.b12-0.el6_10.x86_64/jre/lib/amd64
    sun.cpu.endian = little
    sun.cpu.isalist = 
    sun.io.unicode.encoding = UnicodeLittle
    sun.java.launcher = SUN_STANDARD
    sun.jnu.encoding = UTF-8
    sun.management.compiler = HotSpot 64-Bit Tiered Compilers
    sun.os.patch.level = unknown
    user.country = US
    user.dir = /root
    user.home = /root
    user.language = en
    user.name = root
    user.timezone = 

Locale settings:
    default locale = English
    default display locale = English (United States)
    default format locale = English (United States)
    available locales = , ar, ar_AE, ar_BH, ar_DZ, ar_EG, ar_IQ, ar_JO, 
        ar_KW, ar_LB, ar_LY, ar_MA, ar_OM, ar_QA, ar_SA, ar_SD, 
        ar_SY, ar_TN, ar_YE, be, be_BY, bg, bg_BG, ca, 
        ca_ES, cs, cs_CZ, da, da_DK, de, de_AT, de_CH, 
        de_DE, de_GR, de_LU, el, el_CY, el_GR, en, en_AU, 
        en_CA, en_GB, en_IE, en_IN, en_MT, en_NZ, en_PH, en_SG, 
        en_US, en_ZA, es, es_AR, es_BO, es_CL, es_CO, es_CR, 
        es_CU, es_DO, es_EC, es_ES, es_GT, es_HN, es_MX, es_NI, 
        es_PA, es_PE, es_PR, es_PY, es_SV, es_US, es_UY, es_VE, 
        et, et_EE, fi, fi_FI, fr, fr_BE, fr_CA, fr_CH, 
        fr_FR, fr_LU, ga, ga_IE, hi, hi_IN, hr, hr_HR, 
        hu, hu_HU, in, in_ID, is, is_IS, it, it_CH, 
        it_IT, iw, iw_IL, ja, ja_JP, ja_JP_JP_#u-ca-japanese, ko, ko_KR, 
        lt, lt_LT, lv, lv_LV, mk, mk_MK, ms, ms_MY, 
        mt, mt_MT, nl, nl_BE, nl_NL, no, no_NO, no_NO_NY, 
        pl, pl_PL, pt, pt_BR, pt_PT, ro, ro_RO, ru, 
        ru_RU, sk, sk_SK, sl, sl_SI, sq, sq_AL, sr, 
        sr_BA, sr_BA_#Latn, sr_CS, sr_ME, sr_ME_#Latn, sr_RS, sr_RS_#Latn, sr__#Latn, 
        sv, sv_SE, th, th_TH, th_TH_TH_#u-nu-thai, tr, tr_TR, uk, 
        uk_UA, vi, vi_VN, zh, zh_CN, zh_HK, zh_SG, zh_TW
        
openjdk version "1.8.0_191"
OpenJDK Runtime Environment (build 1.8.0_191-b12)
OpenJDK 64-Bit Server VM (build 25.191-b12, mixed mode)








Monday, November 26, 2018

Java and JGit

The Jgit library makes it REALLY easy to work with Git repositories.

Here a log of examples https://github.com/centic9/jgit-cookbook

https://www.baeldung.com/jgit

Just create a basic Spring boot application, add dependency

<dependency>
 <groupId>org.eclipse.jgit</groupId>
 <artifactId>org.eclipse.jgit</artifactId>
 <version>5.1.3.201810200350-r</version>
</dependency>


and use this code

package com.example.jgittest;

import java.io.File;
import java.io.PrintWriter;

import org.eclipse.jgit.api.AddCommand;
import org.eclipse.jgit.api.CommitCommand;
import org.eclipse.jgit.api.Git;
import org.eclipse.jgit.lib.Repository;
import org.springframework.boot.CommandLineRunner;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;

@SpringBootApplication
public class JgittestApplication  implements CommandLineRunner {

 public static void main(String[] args) {
  SpringApplication.run(JgittestApplication.class, args);
 }
 @Override
 public void run(String... args) throws Exception {
  File directory1 = new File("c:\\temp\\one");
  Git git1 = Git.init().setDirectory(directory1).call();
  File newFile = new File(directory1, "pippo.txt");
  PrintWriter out = new PrintWriter(newFile);
  out.println("hello pippo");
  out.close();
  Repository rep1 = git1.getRepository();
  AddCommand add = git1.add();
  add.addFilepattern("pippo.txt");
  System.out.println("adding pippo.txt");
  add.call();
  CommitCommand commit = git1.commit();
  System.out.println("committing pippo.txt");
  commit.setMessage("initial commit").call();
  
  File directory2 = new File("c:\\temp\\two");
  if (!directory2.exists()) {
   Git git2 = Git.cloneRepository().setURI("https://github.com/eclipse/jgit.git").setDirectory(directory2).call();
  }
  
  
 }
}



Saturday, November 24, 2018

Velocity and rendering JSONObjects or Java Beans

You can use a Velocity template to render either a JsonNode or its corresponding Java bean,
without changing the velocity template.

Code is available https://github.com/vernetto/velocityjson here (the .wm file location is hardcoded with a Widows machine, sorry!)



and the full code is visible here https://github.com/vernetto/velocityjson/blob/master/src/main/java/com/example/demo/VelocityApplication.java

BEWARE the velocity template is stored under the resources folder

The only funny thing is that in the JsonNode the values retain the ""

Wednesday, November 14, 2018

Jboss CLI, change individual attributes of a security domain without having to remove and add the domain from scratch

Jboss CLI, change individual attributes of a security domain without having to remove and add the domain from scratch


If you need for instance to update the baseFilter of the AdvancedAdLdap module:



In the custom cli, execute this command:



/subsystem=security/security-domain=SPNEGO/authentication=classic/login-module=AdvancedAdLdap:write-attribute(name=module-options.baseFilter,value="(sAMAccountName={0})")





and the baseFilter is updated:

<security-domain name="SPNEGO" cache-type="default">
 <authentication>
  <login-module code="SPNEGO" flag="requisite">
   <module-option name="password-stacking" value="useFirstPass"/>
   <module-option name="serverSecurityDomain" value="host"/>
  </login-module>
  <login-module code="AdvancedAdLdap" flag="required">
   <module-option name="password-stacking" value="useFirstPass"/>
   <module-option name="bindDN" value="BLA"/>
   <module-option name="bindCredential" value="BLA"/>
   <module-option name="java.naming.provider.url" value="BLA"/>
   <module-option name="baseCtxDN" value="BLA"/>
   <module-option name="baseFilter" value="(sAMAccountName={0})"/>
   <module-option name="roleAttributeID" value="memberOf"/>
   <module-option name="rolesCtxDN" value="BLA"/>
   <module-option name="roleAttributeIsDN" value="true"/>
   <module-option name="roleNameAttributeID" value="cn"/>
   <module-option name="searchScope" value="SUBTREE_SCOPE"/>
   <module-option name="recurseRoles" value="true"/>
  </login-module>
  <login-module code="org.jboss.security.auth.spi.RoleMappingLoginModule" flag="optional">
   <module-option name="rolesProperties" value="${jboss.server.config.dir}/bla-war/roles.properties"/>
   <module-option name="replaceRole" value="false"/>
  </login-module>
 </authentication>
</security-domain>


Tuesday, November 6, 2018

Centos 7 gnome-shell high CPU on VirtualBox

top shows very high CPU usage. and UI is very very slow.

googling around, they say it's probably doing "software" rendering. it makes sense because CPU goes higher when I move something on the screen

in /var/log/Xorg.0.log I find this:

(EE) Failed to load module "vboxvideo" (module does not exist, 0)
(II) AIGLX: Screen 0 is not DRI2 capable
(EE) AIGLX: reverting to software rendering


To investigate, I run
sudo glxinfo
sudo lshw -C video
sudo yum list | grep libnvidia
sudo yum list | grep libegl


the output of glxinfo is

name of display: :0
display: :0  screen: 0
direct rendering: Yes
server glx vendor string: Chromium
server glx version string: 1.3 Chromium
server glx extensions:
    GLX_ARB_get_proc_address, GLX_ARB_multisample, 
    GLX_EXT_texture_from_pixmap, GLX_SGIX_fbconfig
client glx vendor string: Chromium
client glx version string: 1.3 Chromium
client glx extensions:
    GLX_ARB_get_proc_address, GLX_ARB_multisample, 
    GLX_EXT_texture_from_pixmap, GLX_SGIX_fbconfig
GLX version: 1.3
GLX extensions:
    GLX_ARB_get_proc_address, GLX_ARB_multisample, 
    GLX_EXT_texture_from_pixmap, GLX_SGIX_fbconfig
OpenGL vendor string: Humper
OpenGL renderer string: Chromium
OpenGL version string: 2.1 Chromium 1.9
OpenGL shading language version string: 4.30 - Build 10.18.15.4248
OpenGL extensions:
    GL_ARB_depth_texture, GL_ARB_draw_buffers, GL_ARB_fragment_program, 
    GL_ARB_fragment_shader, GL_ARB_multisample, GL_ARB_multitexture, 
    GL_ARB_occlusion_query, GL_ARB_pixel_buffer_object, 
    GL_ARB_point_parameters, GL_ARB_point_sprite, GL_ARB_shader_objects, 
    GL_ARB_shading_language_100, GL_ARB_shadow, GL_ARB_texture_border_clamp, 
    GL_ARB_texture_compression, GL_ARB_texture_cube_map, 
    GL_ARB_texture_env_add, GL_ARB_texture_env_combine, 
    GL_ARB_texture_env_crossbar, GL_ARB_texture_env_dot3, 
    GL_ARB_texture_float, GL_ARB_texture_mirrored_repeat, 
    GL_ARB_texture_non_power_of_two, GL_ARB_texture_rectangle, 
    GL_ARB_transpose_matrix, GL_ARB_vertex_buffer_object, 
    GL_ARB_vertex_program, GL_ARB_vertex_shader, GL_ARB_window_pos, 
    GL_CR_bounding_box, GL_CR_cursor_position, GL_CR_head_spu_name, 
    GL_CR_performance_info, GL_CR_print_string, GL_CR_readback_barrier_size, 
    GL_CR_saveframe, GL_CR_server_id_sharing, GL_CR_server_matrix, 
    GL_CR_state_parameter, GL_CR_synchronization, GL_CR_tile_info, 
    GL_CR_tilesort_info, GL_CR_window_size, GL_EXT_blend_color, 
    GL_EXT_blend_equation_separate, GL_EXT_blend_func_separate, 
    GL_EXT_blend_minmax, GL_EXT_blend_subtract, GL_EXT_clip_volume_hint, 
    GL_EXT_compiled_vertex_array, GL_EXT_draw_range_elements, 
    GL_EXT_fog_coord, GL_EXT_framebuffer_blit, GL_EXT_framebuffer_object, 
    GL_EXT_multi_draw_arrays, GL_EXT_secondary_color, GL_EXT_shadow_funcs, 
    GL_EXT_stencil_two_side, GL_EXT_stencil_two_side, GL_EXT_stencil_wrap, 
    GL_EXT_texture3D, GL_EXT_texture_compression_s3tc, 
    GL_EXT_texture_edge_clamp, GL_EXT_texture_env_add, 
    GL_EXT_texture_env_combine, GL_EXT_texture_filter_anisotropic, 
    GL_EXT_texture_lod_bias, GL_EXT_texture_rectangle, GL_EXT_texture_sRGB, 
    GL_IBM_texture_mirrored_repeat, GL_NV_texgen_reflection, 
    GL_SGIS_generate_mipmap, GL_SGIS_texture_edge_clamp

1 GLX Visuals
    visual  x   bf lv rg d st  colorbuffer  sr ax dp st accumbuffer  ms  cav
  id dep cl sp  sz l  ci b ro  r  g  b  a F gb bf th cl  r  g  b  a ns b eat
----------------------------------------------------------------------------
0x021 24 tc  0  32  0 r  y y   8  8  8  8 .  .  0 24  8 16 16 16 16  0 0 None

1 GLXFBConfigs:
    visual  x   bf lv rg d st  colorbuffer  sr ax dp st accumbuffer  ms  cav
  id dep cl sp  sz l  ci b ro  r  g  b  a F gb bf th cl  r  g  b  a ns b eat
----------------------------------------------------------------------------
0x021 24 tc  0  32  0 r  y .   8  8  8  8 .  .  0 24  8  0  0  0  0  1 1 None

On VirtualBox, 3D acceleration is enabled.

So far no clue... the world of Linux Video drivers is amazingly complex... too complex for a simple human like me...



Monday, November 5, 2018

Message Digest Performance

If I use the dependency groupId=commons-codec artifactId=commons-codec I get a huge performance hit on the method:

sun.security.provider.MD5.implCompress(byte[], int)


the code is:


import org.apache.commons.codec.digest.DigestUtils;
import java.io.File;
import java.io.FileInputStream;

FileInputStream fis = new FileInputStream(file);
String md5 = DigestUtils.md5Hex(fis);
fis.close();


If I use sha2 https://www.baeldung.com/sha-256-hashing-java



Thursday, November 1, 2018

Spring Shell is very cool

If you are fed up with UI-oriented applications (like, say, Messus (a.k.a. Nexus) ) you can always try to embed a Spring-powered shell, so as to have a powerful scripting cli.

Just follow this example

https://docs.spring.io/spring-shell/docs/2.0.0.RELEASE/reference/htmlsingle/

and in a few clicks you have a functional shell.

BEWARE: baeldung has an example, but it's based on the old API. You will search in vain for Bootstrap class under org/springframework/shell

spring-shell-starter
spring-shell-core
spring-shell-standard
spring-shell-standard-commands
spring-shell-shell1-adapter
spring-shell-jcommander-adapter
spring-shell-table