[SOLVED] Configuring chrooted bind and rndc-confgen Hangs Not Generating a Key

I am putting together a chrooted installation of named and ran into a problem whereby attempting to generate an rndc.key with rndc-confgen just hangs, never returning and not generating a key.

After doing some searching I discovered that I needed to run the command as follows:

rndc-confgen -a -r /dev/urandom  -t /var/named/chroot

Which outputs the following, generating the key file that I expected.

wrote key file "/etc/rndc.key"
wrote key file "/var/named/chroot/etc/rndc.key"

Using the Eclipse Memory Analyzer (MAT) Remotely on Large Heap Dumps

Sometime your java applilcation will fail and generate an enormous heap dump.  One that may be too large to be able to transfer to your local machine and to analyze for lack of RAM, time or both.

One solution is to install the MAT tool on the remote server and generate an HTML output of the analysis to download and view locally.  This saves the headache of attempting to get X Windows installed on the remote machine and get all of the ssh tunneling sorted out (which is of course an option as well).

First, download and install the stand-alone Eclipse RCP Application.  Then transfer to your server and unpack.  Then determine how large the heap dump is and, if necessary, modify the MemoryAnalyzer.ini file to instantiate a JVM with enough RAM for your heap dump.

In this example, I have an 11GB heap dump and have modified the last two lines (adding -Xms)

-startup
plugins/org.eclipse.equinox.launcher_1.3.100.v20150511-1540.jar
--launcher.library
plugins/org.eclipse.equinox.launcher.gtk.linux.x86_64_1.1.300.v20150602-1417
-vmargs
-Xmx16g
-Xms16g

Do an initial run to parse the heap dump.  This will generate intermediary data that can be used by subsequent runs to make future analysis faster.

./ParseHeapDump.sh /path/to/heap-dump

After that completes, you can run any of a number of different analysis on the data.  The following is an illustration of how to search for memory leak suspects.

./ParseHeapDump.sh /path/to/heap-dump org.eclipse.mat.api:suspects

Additional reports:

org.eclipse.mat.api:suspects
org.eclipse.mat.api:overview
org.eclipse.mat.api:top_components

To give creadit where it is due, this is basically a copy of a post by Ashwin Jayaprakash, but I wanted to capture it here as well.

Quick-Start and Minimal Cheat Sheet for Chef and Test Kitchen

Following is a quick-start for getting a Chef and Test Kitchen environment set up to start writing and testing Chef cookbooks.  This is an work in progress, so please if you find something that is incorrect or does not work as expected, send me an e-mail.

Development Environment Set-up:

Unless you are a Ruby developer and already have a complete environmenet set-up the easiest thing to do is to install the Chef Development Kit, https://downloads.chef.io/chef-dk/.

After downloading and installing the package add a CHEF_HOME and RUBY_HOME var pointed to the embedded version of Ruby that comes with the Chef SDK.

  export CHEF_HOME=/opt/chefdk
  export RUBY_HOME=/opt/chefdk/embedded
  PATH=”$CHEF_HOME/bin:$RUBY_HOME/bin:$PATH”

Building Cookbooks:

Generate the cookbook skeleton:

$ chef generate cookbook <name-of-cookbook>

Then cd into that directory and initialize the cookbook:

$ kitchen init –create-gemfile

You will also want to run bundle install, which will require your user to have sudo permissions.

$ bundle install

Run kitchen converge to verify before starting dev.

$ kitchen converge <name-of-vm>

Create a recipe

$ chef generate recipe <name-of-recipe>

[Optional] To use attributes, first create the attributes directory structure

$ chef generate attribute default

Some helpful Tips:

1.  Answer the following questions for each new cookbook you are going to create.  It will help you focus the purpose of the cookbook:

. Name
. Purpose
. Success criteria
. App/Service
. Required steps

2.  Creating template files:

$ chef generate template <name-of-file>

    . Sample variable to be added to a template:
      <%= node[‘hostname’] %>

3.  Available host variables.  You can see all of the variables available to be used in templates by logging in to a chef managed VM and issuing the following command:

$ kitchen login <name-of-vm>

$ ohia | less

4.  Add a IP to a kitchen VM so that additional kitchen VMs can talk to each other.  Add the following to your .kitchen.yml file.

platforms:
  – name: centos-7.1
    driver:
      network:
      – [“private_network”, {type: “dhcp”}]

or

platforms:
  – name: centos-7.1
    driver:
      network:
      – [“private_network”, {ip: “192.168.33.10”}]

When specifying an IP, check the vboxnet0 interface on the host machine to see what network the VirtualBox host is configured and pick an IP in that range.

In my case, I had to make sure that only one machine was configured under ‘platform’, or that each had a network configuration.

Also, I had to have ‘require_chef_omnibus: true’ under the vagrant driver as follows:

driver:
  name: vagrant
  require_chef_omnibus: true

5.  Debugging Attributes:  Using the ‘pp’ module you can format the output of the node.debug(‘<attribute-name>’).

Add the following to a recipe, and run it with kitchen converge:

require ‘pp’

node.default[‘ipaddress’] = ‘1.1.1.1’
pp node.debug_value(‘ipaddress’)

Perl One-Liner for Replacing Multiple Lines of a Text file With Multiple Lines of Text

When executing ‘search-and-replace’ commands on ASCII under Linux, Unix (or *nix) operating systems, sed works or most cases and makes for reasonably straightforward reading of the script.

If  you want to replace multiple lines of text with multiple lines of text, following is a perl one-liner that does the trick and is much easier to wrangle than trying to do it in sed.

perl -i -pe "BEGIN{undef $/;} s:${EXISTING_LINES}:${REPLACEMENT_TEXT}:smg" file.txt

Creating a Samba Share and Configuring an Access Control List for a Shared Directory Under Linux

Often administrators would like to configure a Samba share that enables users to have the same access to any files within the share.  Without some additional configuration, directories and files created by one user will not have the r/w permissions for other users that have access to that same share.

The end goal is to have a Samba share in which any new files are created with r/w permissions for a specific group to which all of the members of the share belong.

The first step is to determine whether the current running kernel supports ACL.  To do this we check the configuration file that was used to build the kernel, looking for config keys that contain the string ‘POSIX_ACL’.

Determine the version of your current kernel

uname -a
Linux leviathan 2.6.32-358.2.1.el6.x86_64 #1 SMP Wed Mar 13 00:26:49 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux

Then grep the config file for your kernel

grep POSIX_ACL /boot/config-2.6.32-358.2.1.el6.x86_64 
CONFIG_EXT2_FS_POSIX_ACL=y
CONFIG_EXT3_FS_POSIX_ACL=y
CONFIG_EXT4_FS_POSIX_ACL=y
CONFIG_FS_POSIX_ACL=y
CONFIG_XFS_POSIX_ACL=y
CONFIG_BTRFS_FS_POSIX_ACL=y
CONFIG_TMPFS_POSIX_ACL=y
CONFIG_JFFS2_FS_POSIX_ACL=y

If the configuration for the filesystem type that you are using on the disk on which you want to configure the share indicates ‘y’, then you can continue to the next step.  If not, you will need to recompile your kernel with ACL support.

Next, check the configuration entry in /etc/fstab for the filesystem that we want to use.

/dev/sda1               /usr/local2/            ext3    defaults        1 2

In this case, our filesystem is not yet configured to use acl as it is not noted after the ‘defaults’ option.

Edit /etc/fstab and change that option to read ‘defaults,acl’ as follows:

/dev/sda1               /usr/local2/            ext3    defaults,acl        1 2

Unmount, and then re-mount the filesystem.

Next, ensure that you already have a group configured for the users in question and that those users belong to that group.  For this example our group will be ‘sharegroup’

Then, create the directory that you want to share via Samba and set the permissins and acl for it.

mkdir /usr/local2/share

Change the group ownership, permissions, and set the sgid flag.

chgrp sharegroup /usr/local2/share
chmod g+w share
chmod g+x share
chmod g+s share

Now we set the acl for the directory.  The following sets the default group to ‘sharegroup’ with permissions of ‘rwx’.

setfacl -m d:g:sharegroup:rwx share/

The last thing to do is to set up the share in Samba.  Edit /etc/samba/smb.conf

[share]
        comment =  Shared Directory
        path = /usr/local2/share
        valid users = user1 user2
        browseable = yes
        writeable = yes
        create mask = 2664
        directory mask = 2775

The key configurations are the create and directory mask which will ensure that files are created with the proper group permissions to enable all of the users the desired access.

Restart samba and you are finished.

If you copy an existing directory into the share directory you will need to modify the permissions so that it is available to all of the users who have access to that share.

Add sgid permissions to all of the sub directories:

find ./new_dir -type d -exec chmod g+s {} \;

Add executable permissions for the group to all of the sub directories:

find ./new_dir -type d -exec chmod g+x {} \;

Add write permissions to all files and directories in the new dir:

chmod -R g+w ./new_dir

Updating all of the pom.xml Version Numbers in a Multi-Module Maven Project

To update the versions of all of the poms in a multiple module project use the versions-maven plugin.

To update

mvn versions:set -DnewVersion=1.4.0-SNAPSHOT

Will modify all of the versions of each of the poms to the version specified.  It will create a pom.xml.versionsBackup for each pom file that it modified.  You can then examine each to make sure that it is as you intended.

If you want, you can revert your change with

mvn versions:revert

If you are satisfied with the change, you can commit the change with

mvn versions:commit

Use awk to Print from nth element to the End of the Line

If you want to extract from the nth token to the end of the line, following is how you can do that with awk:

Given a source file with the following:

line1 -- 01   0011 1
line2 -- 01   0011 2
line3 -- 01   0011 3
line4 -- 01   0011 4
line5 -- 01   0011 5
line6 -- 01   0011 6
line7 -- 01   0011 7
line8 -- 01   0011 8
line9 -- 01   0011 9
line10 -- 01   0011 10

If you want remove the 1st, 2nd, and 3rd items from the list, you can use awk to set those fields to an empty value as follows

awk '{$1=$2=$3=""; print $0}' test.out

Which will result in:

   0011 1
   0011 2
   0011 3
   0011 4
   0011 5
   0011 6
   0011 7
   0011 8
   0011 9
   0011 10

JVM Option for Increasing the Default Number of Lines in the StackTrace

By default (Java 1.6 or greater), the JVM will output, at most, 1024 lines of the stack trace.

In the situation where you have some recursion problem or some infinite loop that results in a stack overflow error you will need to increase this value with a JVM option to see the origin of your crash.

To do so, add the following option to the java command

$ java -XX:MaxJavaStackTraceDepth=-1 -jar some.jar some.package.Class  etc, etc,

-1 indicates no limit.  Any positive integer indicates the limit to the number of lines in the stack trace.  0 means exactly what it means and will output 0 lines.

A great resource for java options.

Debugging Maven Tests by Connecting an IDE to the Maven JVM

In some instances you cannot reproduce a failure or condition running a test in an IDE that manifests itself when you run it on your build server or via maven on the command line.

In that case, it is very helpful to be able to remotely attach your IDE to the running maven process and then step through the code.

To do so you will need to:

Execute maven on  the command line as follows (adding any additional -D args as required by your project):

mvn -Dmaven.surefire.debug test -pl module-in-question

This will run the maven automatically pausing the JVM awaiting for a remote debugger to connect to port 5005.  If you want to have it listen on a different port you can pass it in as follows:

mvn -Dmaven.surefire.debug="-Xdebug  -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8081 -Xnoagent -Djava.compiler=NONE" test -pl module-in-question

Create a debugging run profile in either Eclipse or IntelliJ or your favorite IDE configured to connect to a JVM listening on the specified port.

Then once you have run maven on the command line, simply execute the run configuration in your IDE and debug your application as usual.

If need be, you can run the maven JVM on the cli such that maven does not fork the tests as follows:

mvnDebug -DforkCount=0 test