Category Archives: Admin

JMX at JBoss 6/7

Lost quite a few hours on allowing a JMX console for a JBoss 6.4.13 (tested on series 7, too) until I figured out a winning combination of JAVA_OPTS and other settings that allow JMX to be remotely accessible. Here’s a bin/standalone.conf recipe for insecure access, once you have this sorted, move on to secure JMX access:

  • somewhere at the top of the file add this:

    JBOSS_MODULES_SYSTEM_PKGS=”org.jboss.logmanager”

  • at the end of the file, set the rest

    JAVA_OPTS=”$JAVA_OPTS -Dcom.sun.management.jmxremote”
    JAVA_OPTS=”$JAVA_OPTS -Dcom.sun.management.jmxremote.port=9934″ <!– pick a port, you can use the same for jmxremote.rmi.port –>
    JAVA_OPTS=”$JAVA_OPTS -Dcom.sun.management.jmxremote.rmi.port=9934″ JAVA_OPTS=”$JAVA_OPTS -Dcom.sun.management.jmxremote.ssl=false” JAVA_OPTS=”$JAVA_OPTS -Dcom.sun.management.jmxremote.authenticate=false” JAVA_OPTS=”$JAVA_OPTS -Dcom.sun.management.jmxremote.local.only=false” JAVA_OPTS=”$JAVA_OPTS -Djava.rmi.server.hostname=123.123.123.123″ <!– put your IP here, not your hostname –>

Rocket.Chat at Simulakrum

Users in the appropriate group in Simulakrum directory can use Rocket.Chat now. Rocket.Chat works from within a browser, and allows for very fast and quality multi-user video-conferences, desktop display, and many other useful functions. It is using a jitsi-based server in the background.

Rocket.Chat is the second multi-user video-conferencing tool available for Simulakrum – HipChat, the Atlassian’s proprietary commercial solution that integrates well Jira and Confluence, is also currently available at Simulakrum’s. Ask for the access to those tools if you don’t have the access already.

docker-registry at simulakrum

If docker on a systemd-infected system complains that it cannot log into docker-registry at simulakrum.org, add the following into docker.service file:

:~# grep simulakrum /etc/systemd/system/multi-user.target.wants/docker.service
ExecStart=/usr/bin/dockerd –insecure-registry docker-registry.simulakrum.org -H fd://

and then reload the systemd and restart docker daemon:

systemctl daemon-reload
systemctl restart docker.service

If the same things happens in a FreeBSD, add the same switch into the following file:

root@beastie:~ # grep simulakrum /usr/local/etc/rc.d/docker
daemon -p /var/run/docker.pid ${command} -d -e jail –insecure-registry docker-registry.simulakrum.org -s zfs -g ${docker_dir} -D >/var/log/docker.log 2>/var/log/docker.log

and then restart the docker daemon:

root@beastie:~ # /usr/local/etc/rc.d/docker restart
Stopping docker…
Starting docker…
root@beastie:~ #

More changes at simulakrum.org

Simulakrum moved from OpenBSD’s OpenLDAP 2.3 to a fancy CentOS’ 389 DirectoryServer. Let me know if your account is not working.

Password manager is upgraded to a recent snapshot of 1.8, and there is no more a possibility of self-served adding to the LDAP.

Owncloud moved from ownCloud 8 on Fedora 22 to Owncloud 9 on CentOS 7. Let me know if there are things missing.

Enjoy

Docker “connectivity on endpoint” issue

I had a rough time with Docker’s messages saying “connectivity on endpoint” (AKA “your port is already used by something else”) messages a few hours ago. The log on the upgraded Ubuntu looked somewhat like:

...
 Aug 2 00:28:30 continuum rc.local[6885]: /usr/bin/docker: Error response from daemon: driver failed programming external connectivity on endpoint apache (0d941233cf3651b560252498b3be9cdf8fe0e5c89ab2c6443a44ece3a3ee27d1): Error starting userland proxy: listen tcp 192.168.43.31:9000: bind: cannot assign requested address.
 Aug 2 00:40:10 continuum dockerd[6719]: time="2016-08-02T00:40:10.227947585+02:00" level=error msg="Handler for POST /v1.24/containers/6e818fdc7e048321b0afd1b5e2355772a3bc488deb95bc26d94e25b3ca7a867e/start returned error: driver failed programming external connectivity on endpoint confluence (ee8261d117a81f8ad1af2214f693c04eb3ec3749bb91ff339f11c9366eb38c69): Error starting userland proxy: listen tcp 192.168.43.114:9909: bind: cannot assign requested address"
 Aug 2 00:40:10 continuum rc.local[6731]: /usr/bin/docker: Error response from daemon: driver failed programming external connectivity on endpoint confluence (ee8261d117a81f8ad1af2214f693c04eb3ec3749bb91ff339f11c9366eb38c69): Error starting userland proxy: listen tcp 192.168.43.114:9909: bind: cannot assign requested address.
 Aug 2 00:40:12 continuum dockerd[6719]: time="2016-08-02T00:40:12.211933605+02:00" level=error msg="Handler for POST /v1.24/containers/26d7d02a14fe0b037dd9099edf49f4365432023b03af1e7bb68994185a36976b/start returned error: driver failed programming external connectivity on endpoint jira (4651cf8fca76c6c3ce3a0eee28877bc9d996250918127a41ffbe95222c74684c): Error starting userland proxy: listen tcp...

I thought the upgrade from 14.04 LTS to 16.04 LTS did it, because it was a hell of its own kind, but apparently everything was there, and the forums weren’t clear enough.

It ended up to be my tainted /etc/networks/interfaces file, where my aliased IPs wouldn’t start normally for a reason still unknown to me. I did rewrite those aliases in order to make sure it was tidy, but it wouldn’t start normally until I moved those aliases of an interface directly beneath the “auto p4p3…” directive for the parent interface.

As soon as I cleared those, the next reboot again took only 20-ish seconds, and the docker containers started as expected.

New Confluence available at Simulakrum

New Confluence 5.9.7 is now available to the members of the appropriate groups in LDAP. There was an issue with Confluence-in-Docker in the installation phase where Confluence would reach the “Insert license key” step, and then simply spin in a vicious circle.

Found a workaround for that – simply do not attempt to add SSL keys to Confluence during the installation, but reach it through an openssh tunnel (make sure you reach it as “127.0.0.1”) finish the installation, and then add SLL, LDAP and other necessities.

The steps are: Continue reading

Jenkins in a container

The jenkins.simulakrum.org server is now running from within a Docker container. Migration was flawless and done from scratch in less than 30 minutes. The reason was that Ubuntu would fail to restart a native jenkins service if another Docker container would use a port, albeit on a different IP. After being fed up with constant joggling between solutions for that, I decided it would be faster to simply “dockerise” Jenkins, too, and have it confined in a container for good.
Continue reading

slapi_attr_is_last_mod

Had to move 389-ds from a docker container running under a CentOS 7 to docker container running under Ubuntu 14.04 LTS. An exotic message appeared once I tried to run the dirsrv from within the new container:

/usr/sbin/ns-slapd: undefined symbol: slapi_attr_is_last_mod

Apparently, the user that last used the dirsrv left some inconsistencies (though I used “-rltzuv” for rsync).

The thing that helped was to erase and re-install. Have you tried to turn it off and on again?

Joomla’s rewrite rules break server-status

I’ve noticed that we’d lost all of the munin monitoring for Joomla-based sites after switching on Joomla‘s internal URL rewriting. The default rules in the recommended .htaccess file block the access to the Apache’s server-status page. A simple:

# allow status
RewriteCond %{REQUEST_URI} !=/server-status

just above the last rule there fixes this problem.