SSH tunnel without password
SSH (Secure Shell) allows simple establishment of encrypted and authenticated connection between computers. Today i describe how easy it is do establish such SSH tunnels without using a password. You may need such connections when they have to be opened by daemons (e.g. Cron) without user interaction.
Two words on theory. Password-less connections have to be authenticated at least so strong like the password enabled one, so asymmetric cryptography which enables certificates comes into play. The clue is to have private and public keys and share your public key with domains which should be able identify you.
So therefore let’s start by generation a needed key-pair.
Generating Keys
It is possible to create key with pass-phrase and without (or empty pass-phrases). I prefer to not use pass phrase because it is asked every-time on later usage of a ssh. Even there are ways to gives the pass-phrase to ssh command, but it is more work, with no significant security benefits. So i do the following statement and do not enter any pass-phrase (just hit enter on question).
$ ssh-keygen -t rsa
This will create RSA key-pair as following files in ~/.ssh directory:
- id_rsa
- id_rsa.pub
Transfer Public keys
The best way to do it is to use ssh-copy-id program which is inside of many linux distributions.$ ssh-copy-id -i ~/.ssh/id_rsa.pub remote-user@remote-server.orgIn that case everything is done automatically and you are ready after that. But if ssh-copy-id is not available, you can copy keys manually e.g. like that.
$ cat ~/.ssh/*.pub | ssh remote-user@remote-server.org 'umask 077; cat >>.ssh/authorized_keys'Attention! On some linux distrs SSH2 searches for keys in ~/.ssh/authorized_keys2 . Not so in actual Debian (Lenny), but seems to be so in SuSe linux.
Test
Now remote login, scp and sftp can be used without password. Test it:# establish connection $ ssh remote-user@remote-server.org #or copy files secure and password-less. $ scp /home/user/some-file remote-user@remote-server.org:/some-path/dir/More information on SSH related man pages.
JBoss 5 GA on Debian linux
This short tutorial describes how to configure JBoss Application Server (Jboss GA 5.1.0) on a debian linux (Debian GNU/Linux 5.x “Lenny” ). Article starts with installation of java JDK and continues with JBoss installation and basic configuration according to standard file system hierarchy. Also init.d. scripts configuration is given here.Installing Java SDK
Nowadays installing Java environment on Debian is an easy task. I used JDK 1.6. Don’t confound JDK with JRE, because bare Java Runtime Environment is not enough for running JBoss. Debian Wiki maintains (hope) a list of available java .deb packages, which are easily can be installed with your preferred way. I prefer aptitude, but apt-get of course works too.$ aptitude install sun-java6-jdk #or by good old apt-get. $ apt-get install sun-java6-jdkInstallation is done after seconds. Now test your java installation with
$ java -version # Here example result on my configuration: java version "1.6.0_12" Java(TM) SE Runtime Environment (build 1.6.0_12-b04) Java HotSpot(TM) 64-Bit Server VM (build 11.2-b01, mixed mode)If you get something like this, you’re done and your java should be already in the PATH.
Installing JBoss AS
Now let’s install JBoss Application Server.Preparing
Normally you are not willing to start services (especially when they are accessed from outher machines) with root privileges. Therefore we have to define new user and group which will be used to manage JBoss. So next line will create new group and new user with this group.
$ groupadd jboss $ useradd -s /bin/bash -d /home/jboss -m -g jboss jbossThis jboss user has no password, so nobody can login with this username. If you consider to login with jboss user, password has to be set. Use passwd jboss command for that.
Download, Installation, filesystem layout
Now download desired Jboss version. I started with JBoss 5.1.0 GA, which can be download with:<pre>$ cd /tmp # swithch to temp dir $ wget http://sourceforge.net/projects/jboss/files/JBoss/JBoss-5.1.0.GA/jboss-5.1.0.GA.zip/downloadCheck also the whole list of verisons if interested. As you may noticed JBoss binaries are packaged with ZIP. So it is comfortable to use unzip tool. Maybe you have to install it first. But before you extract downloaded file, we have to decide, where exactly should JBoss files be placed on a file-system. Unfortunately JBoss is not quite conform to Linux File System Hierarchy Standard per default, so there are many possibilities for a location configuration. Some of you may want to place JBoss into /opt directory. But I prefer to split the installation a little bit and want to start by putting JBoss core files in /usr/local/, where local, unchangeable and read-only files usually placed. E.g. I use /usr/local/jboss/510 as JBoss 5.1.0 GA root. So let’s create that location and extract files into it.
mkdir /usr/local/jboss #create new jboss directroy chown jboss:jboss /usr/local/jboss #now its belongs touser jboss and group jboss su jboss mkdir /usr/local/jboss/510 cd /usr/local/jboss/510 unzip /tmp/jboss-5.1.0.GA.zipAt this moment you should have new working JBoss. If you want, test it with
bin/run.sh -b 0.0.0.0Where -b 0.0.0.0 means that JBoss is listening for every ip address of current machine. However at this stage the installed Jboss still brakes the Linux Filesystem Hierarchy Standard, so let’s improve this situation.
Read the rest of this entry »
Software RAID on Debian Linux
Wow, my last post here is month ago. But don’t worry I did not forget about my blog. There are just many thing happened in my life, all of them are time consuming
So there no reason to remove me from your RSS reader. Today i will share some thought on software RAID under linux with you.
RAID 1
Some days ago i installed RAID 1 on Debian Lenny (amd64 arch) without any troubles for now.
I just was following Jerry’s description which is enough detailed to make no mistakes except maybe one thing.
The Partitions used in the RAID /dev/md0/ should both enable boot flag if you want to boot from RAID.
This is worked for me.
Configuration
My configuration is the same as Jerry’s except partition sizes and chosed LVM. So boot is done form RAID partition /dev/md0. And SWAP is on RAID too, which is controversy solution but it the best one for me, of course availability of a system is primary goal. So how to check the state of raid after installation. The simplest is to look on /proc file-system with $cat /proc/mdstat. Here is my configuration.$cat /proc/mdstat Personalities : [raid1] md1 : active raid1 sda2[0] sdb2[1] 476560128 blocks [2/2] [UU] md0 : active raid1 sda1[0] sdb1[1] 497856 blocks [2/2] [UU] unused devices: <none>Here you see two RAID arrays md0 and md1. Also information about used devices and state are peresent. [UU] stand for “used” for every disc is used in a raid. On diskfailure you wold see something like [U_] and sdb2(F). Next example utilizes mdadm which is used by kernel in latest kernel versions. My is 2.6.26-2-amd64 (lenny default) Use of –detail or -D option with a device name gives more information. Here my example.
# mdadm --detail /dev/md1 /dev/md1: Version : 00.90 Creation Time : Wed Jan 6 00:51:37 2010 Raid Level : raid1 Array Size : 476560128 (454.48 GiB 488.00 GB) Used Dev Size : 476560128 (454.48 GiB 488.00 GB) Raid Devices : 2 Total Devices : 2 Preferred Minor : 1 Persistence : Superblock is persistent Update Time : Mon Jan 11 02:18:01 2010 State : clean Active Devices : 2 Working Devices : 2 Failed Devices : 0 Spare Devices : 0 UUID : fe3bbbfd:2c6963e7:9785a408:be715448 Events : 0.8 Number Major Minor RaidDevice State 0 8 2 0 active sync /dev/sda2 1 8 18 1 active sync /dev/sdb2
Read the rest of this entry »
Eclipse Ganymede and WSCompile incompatibility?
I found strange problem with WSCompile-1.6 task in Ganymede release of Eclipse (Version 3.4.1). The problem lies in WSCompile-Ant-Task. Buildscript execution freezes on the wscompile task. I describe that problem more detailed on techjava.de Please feel free to comment here or there if you know what died changed in Ganymede in ant scripts handling since Europe release and how to fix it.Extracting tar, gzip, bzip2, z
Sometimes you need to extract some files on Linux console. Here some examples how to do that.
tar
Tar archives are the most common way of distributing bundles of files under Linux or UNIX. A .tar file is simply a bundle of files packaged with GNU tar program. To extract such files use following:tar xf somearchive.tar tar xvf somearchive.tar
- Provide option f if you want to extract content of files. Tar (from tape archive) has long history and was intended to work with tape media, so when you omit f tar tries to work with tape device.
- v- stands for verbose. List all the files by extract process.
- x- Extract command
tar tf archive.tarFor more tar parameters see Man pages.
gzip
Often tar-files are also compressed. One of the most known compressed formats is GNU Zip (gzip). Tar bundeld and zipped file would normally have extension .tar.gz. To extract such files you can use tar with “z” option, which causes tar to automatically invoke gzip. Modify abow example and you get able to extract tar.gz files too.tar -xzf somearchive.tar.gzIn old tar version the “z” option is may be not available. In that case just use UNIX pipes:
gzip -dc target.tar.gz | tar xf -Meaning of gzip options
- d – Do decompress!
- c – write to console (So that tar can take it from there )
- t – Tests file integrity
- l – lists archive file information
bzip2
Sometimes you can find files ending with .tar.bz2. That are files packaged with bzip (a block-sorting file compressor). Use it like gzipbzip2 -dc target.tar.gz | tar xf -Options d,c,t have the same meaning. More on Man pages.
zcat
Some files have .tar.Z endings. They can be extracted byzcat somearchive.tar.Z | tar xf -Look in Man pages for more. Any questions? You are welcome to comment!
How to duplicate magento installation
In this article I explain how to create a copy of running Magento online shop . One of purposes of having duplicates is e.g. the need of developing or test environment. Test are very inmportant in magento. Many people do official Magento upgrades on productive environments and suffer form it. You don’t need to do so, use always test environment first!
However the copy procces of Magento shop has following main steps
- duplication of database schema
- duplication of core sources
- duplication of downloader sources
Database
First, let me say say, that it is good idea to not install two Magento instances to the same database. Magento in version 1.1.8 s has 198 database tables. Most of them are of type InnoDB and they are related with each other by checked foreign key constraints. That is background information.
So new database for every Magento instance save you from having headaches and this not only because having just two magento installation i one DB leads too approx. 400 tables in one database but more to avoid possible problems or side effects with constraints and Co. (e.g. ) . 
.
The easiest way to export the database is to use phpMyAdmin. Go to export dialog of original database, select “zipped” option, select tabbles, let other options on their defaults (See screen 1) and get zipped download. Switch to new database and upload the downloaded there in the import dialog.
Sound as a piece of cake, but sometimes the import of the SQL files will not work. I have already seen many different exceptions bu trying. Beginning with “SQL Syntax..” and ending with “constraint violation…”. In my opinion the purpose of problems is size of some tables and therefore of whole backup. There are few MyISAM tables that are full with (useless) log data. And the amount of this data makes problems to the import routine. Don’t export them first at time! they don’t have any constraint to other tables so you can import them on second or third turn. Alternative you can export only the DDL-Statement of this table not the data itself.
Here are tables you can omit in first step:
- log_url
- log_url_info
- log_visitor
- log_visitor_info
Core Sources
That is most easiest part. Just copy the source of magento to the new location, but don’t copy the following:- downloader dir
- any content of dirs inside of var but .htacces file.
- media/tmp dir
Magento Downloader
Warning! do not copy unchanged downloader to new location on the same server it may break your origin magento installation! Now I got your attention The problem is that downloder stores serverpath in many many configuration files. And if you don’t change the serverpath and starts updates on new shop copy, you will update the origin shop and not the new copy of it!
The server path of origin magento shop is stored in many many files in the downloader directory, you can’t change all of them manually. But you can do it automatically. If you have SSH access to your web-space following command will help you:
//shows all files with OLD_PATH element
find . -type f -exec grep -q "OLD_PATH" '{}' \; -print
//Replaces OLD_PATH string in all occurrences in every file to NEW_PATH
find . -type f -print | xargs sed -i -e ’s/OLD_PATH/NEW_PATH/g’
If you have only ftp access, then you can use [Alt+F7]-search in Total Commander. Then open each file with Notepad++ and then use “Search and Replace” functionality of Notepad++ on each file. Whole replacement willtake you max. 5 minutes.
Open Question
This article describes how to double the Magento instance once. The next question which i didn’t answered for me yet is how to make permanent mirroring of data from production environment to the test installation. Maybe someone has cool ideas?Disclaimer
Please consider that I can’t guarantee that everything described here will work in your environment as it worked for me. Please use this tutorial as incitement and adopt my methods to your own situation. Be sure that you don’t peril origin Magento installation or other data. Do regular backup befor you begin!Best related post plugin
Today I found very cool related post Plug-in which I want to share with you – dear Wordpress Blogger! The name of that plug-in is Microkid’s Related posts and I already like it much!
It differs from other “Related posts”-plug-ins, which are based on automatic content analysis. What ever the content analysis algorithms are and how ever the configuration options used, resulting related post lists are mostly just a bullsh$%. That’s is understandably, then these plug-ins have same problem like search engines and other content analysis tools . In the reality of our age (It is 2009 A.D.) – computers cannnot understand any semantic of human written articles.
So what is the solution for an good Related Post Plugin? Of cause simple to do it manually!
You say it much work? No!, with Micrkid’s Related posts Plugin, which provides very comfortable AJAX driven interface, it becomes fun! It’s becomes so easy and quick as providing tags. You decide what is related to the actual post by creating meaningful related post list. Try it out!
About Russians
Vyacheslav Nikonov