Thursday, August 20, 2015

JMS - Setting Up And Accessing A Remote Glassfish 4 and OpenMQ JMS Queue via ORB

This is a complete guide to setup JMS queue with Glassfish 4 and the setting required to access the JMS queue with a remote standalone client.

Download Glassfish


1. Download latest Glassfish at https://glassfish.java.net/download.html

2. Follow the instruction at the download page to install Glassfish 4. (Mainly unzip the package and run ./asadmin start-domain). To stop Glassfish server, you can run ./asadmin stop-domain

3. You may want to enable remote admin. Simply run ./asadmin enable-secure-admin

4. After installation, you can access the admin webpage with http://hostname:4848



Check ORB Configuration


Since we are using ORB (Object Request Broker) for remote JMS connectivity, we will take a look at the ORB setup in Glassfish 4.

1. Go to Configurations -> server-config -> ORB -> IIOP Listeners -> orb-listener-1



2. From the above screenshot, you can see that the default listening port is 3700 and we will need this port number for later configuration with JNDI properties.

3. We will be using the default setting of ORB configuration

Check JMS Host Configuration


Now, let's take a look at the JMS Host configuration. JMS host represents a Message Queue broker and I will be using Embedded type as JMS Service Type (MQ broker is co-located in the same JVM as the GlassFish server instance it services and the JMS service uses lazy initialization to start the broker when the first JMS operation is requested instead of immediately when the GlassFish instance is started)

1. Go to Configurations ->server-config -> Java Message Service



2. Note that the Default JMS Host is default_JMS_host. This is usually sufficient and the setting of default_JMS_host is as follow



3. In actual fact, this define the host and port of the Message Queue broker. The Host will be localhost because we are accessing the JMS queue via ORB. The Port is ${JMS_PROVIDER_PORT}. It is actually defined at System Properties (See Below) and the default value is 7676



4. We will be using the default setting for JMS Hosts configuration

Create JMS Physical Destinations


The Message Queue broker uses physical destination to route delivered message and deliver to consumer. We need to create at least 1 Physical Destination for our JMS queue.

1. Go to server (Admin Server) -> JMS Physical Destinations tab



2. Click New

3. Fill in the information (mostly default except Name and Type) and click save.

Note:
a. Name: A name which uniquely identify the physical destination
b. Type: As I am creating a Queue, the Physical Destination Type is javax.jms.Queue.



Create Connection Factories


We need a JMS connection factory that allow an application to create other JMS objects

1. Go to Resources -> JMS Resources -> Connection Factories



2. Click New

3. Fill in the information (mostly default except JNDI Name and Resource Type) and click save

Note:
a. JNDI Name: A name which uniquely identify the connection factory
b. Resource Type: As I am creating a Queue, the Resource Type is javax.jms.QueueConnectionFactory



Create a Destination Resources


We need a JMS destination resource to provide information about the actual physical destination information of the queue.

1. Go to Resources -> JMS Resources -> Destination Resources



2. Click New

3. Fill in the information (mostly default except JNDI Name, Physical Destination Name and Resource Type)

Note:
a. JNDI Name: A name which uniquely identify the destination resource
b: Physical Destination Name: Use the Physical Destination which we had created previously
c. Resource Type: As I am create a Queue, the Resource Type is javax.jms.Queue



Setting Up JNDI Properties for Remote Queue Access


The above should get your JMS Message Broker and Queue up and running. Definitely, you can use telnet to verify if the server/port is running

a. For ORB, use telnet hostname 3700
b. For JMS Message Broker, use telnet hostname 7676

Next, the following JNDI properties (put them into a jndi.properties file) will allow you to perform remote connection to the JMS queue

java.naming.factory.initial: com.sun.enterprise.naming.SerialInitContextFactory
java.naming.factory.url.pkgs: com.sun.enterprise.naming
java.naming.factory.state: com.sun.corba.ee.impl.presentation.rmi.JNDIStateFactoryImpl
org.omg.CORBA.ORBInitialHost={hostname or IP of your remote client}
org.omg.CORBA.ORBInitialPort=3700

You need to ensure the following jar files are included in the JAVA CLASSPATH

a. {Glassfish 4 installation Path}/mq/lib/jms.jar
b. {Glassfish 4 installation Path}/glassfish/lib/gf-client.jar

With the above, you can use your preferred programming language to write a standalone client (use the Connection Factory and Destination Resource JNDI Name which we had created as JNDI lookup) and connect to your JMS queue remotely.

Reference:

1. Glassfish 4.0 Administration Guide



Sunday, July 5, 2015

Chrome Brower Goes Out Off Screen

If you Chrome goes "Off Screen", that is, out of the monitor screen and you have no way to drag it back by a mouse, you can try the following (From Sunny Balanga)
  1. Press Alt + Space: This opens the the “Window Menu.”
  2. Choose “move” either by clicking on the option if you can see the menu, or by hitting the “M” key.
  3. Hit one of the “arrow” keys, the one with a direction opposite to where your browser window has gone (mine went to the right, so I hit the “left arrow” key) enough times until you can see the enough of the browser to be able to drage it.
  4. Drag the browser to the desired position.
  5. Close the browser (this is important in order to ensure that this new position of the browser is saved and will be the position of the browser the next time you open it. Skipping this step means that the last saved position is “off screen”. Should the brower close improperly, it will re-open in the last saved position, that is “off screen” and this procedure will need to be repeated.)
  6. Re-open you browser and proceed normally.
The above is copied from http://www.sunnybalanga.com/2011/06/09/chrome-broweser-goes-off-screen-fixed-resolved/ and it works for me.

Monday, June 8, 2015

SSH - Key-based Authentication

SSH has many way to authenticate user, and commonly, password based authentication is used.

Password based authentication is easy to setup and use, however, it poses a lot of security challenges.

An alternate way to log into SSH enabled system is key-based authentication. Key based authenticate makes use of public key infrastructure where a public and private key pair is used for authentication. While the private key should be held in secret by the user, the public key will be uploaded to the SSH remote server for authentication.

Below are the steps to enable key based authentication for a User A to log into remote server via SSH as User B

1. As User A, use ssh-keygen to generate a pair of authentication key without a pass phase

$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/userA/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/userA/.ssh/id_rsa.
Your public key has been saved in /home/userA/.ssh/id_rsa.pub.
The key fingerprint is:
62:41:ee:b9:a4:da:ed:d8:11:a4:9f:ea:15:2a:22:7e userA@abc.example.com

2. Create a .ssh folder for User B (You will be required to log in with User B password)

$ ssh userB@abc.example.com mkdir -p .ssh
userB@abc.example.com's password:

3. Append User A new public key to User B .ssh/authorized_keys (You will be required to log in with User B password)

$ cat ~/.ssh/id_rsa.pub | ssh userB@abc.example.com 'cat >> .ssh/authorized_keys'
userB@abc.example.com's password:

4. Test key based authentication SSH login for user B (if setup successfully, no password is required to be entered)

$ ssh userB@abc.example.com
Last login: Mon Dec 21 12:31:16 2014 from abc.example.com
$

Monday, May 18, 2015

Linux - Using debugfs to Recover Deleted File

debugfs is a very useful tool to debug ext2/ext3/ext4 file system. If your file is deleted, it could be possible to recover it via debugfs if the file's file descriptor is still be opened by some process.

Disclaimer: debugfs is some low level process that could be used to examine and modify the underlying file system. That also means, any mistake may trash your file system.

Prerequisite

1. Check whether the file descriptor is still being opened by some process

cat /proc/locks | grep {pid}  -- this will list the locks holds by {pid}

ls -al /proc/{pid}/fd/  -- this will list the file descriptor currently opened by {pid}

Note: You could use ps -ef to display the pid of the desired process.

2. Identify the inode number of the delete file.

The easiest way to know the inode number of a file is

ls -i

Example ls -i

$ ls -i example.txt
6710909 example.txt

The inode number for example.txt is 671909

Another way is to use lsof

Example of lsof

$ ps -ef | grep vi
root     24216 22841  0 10:41 pts/2    00:00:00 vi example.txt

$ lsof -p 24216 
COMMAND   PID USER   FD   TYPE DEVICE     SIZE    NODE NAME
vi      24518 root    4u   REG    8,2    12288 6710944 /tmp/.example.txt.swp

The inode number for /tmp/.example.txt.swp is 6710944

3. Identify the filesystem where the inode is from. 

The easiest way is to use the following command

df -h /your/path

Example

$ df -h /tmp
Filesystem            Size  Used Avail Use% Mounted on
/dev/sda2              57G   20G   34G  37% /

My /tmp is located at /dev/sda2

Using of debugfs to recover the file from inode

1) To use debugfs, you need to first open the file system

debugfs {your_filesystem}

Example

$ debugfs /dev/sda2
debugfs 1.39 (29-May-2006)
debugfs:

2) Use cat command to view the content of the inode

cat < inode_number >

Example
debugfs:  cat <6710909>
hello world
lalal

3. Use dump_inode to dump the inode content to a file

dump_inode  < inode_number > /path/to/file

Example

debugfs:  dump_inode <6710909> /tmp/inode_example.txt

4. Check the content of the inode dump. 

You can use ls and cat command to do this.

Example

$ ls -ali *example*
6710909 -rw-r--r-- 1 root root 18 Dec 16 10:54 example.txt
6710944 -rw-r--r-- 1 root root 18 Dec 16 11:07 inode_example.txt

$ cat inode_example.txt
hello world
lalal
$ cat example.txt
hello world
lalal

As you can see, both files have the identical content. However, you should note that these 2 files have 2 different inode number.

I am still finding a way to restore the dump inode file to the orginal inode number. That is, restore inode_example.txt back to inode number 6710909. If you have some idea, please feel free to tell me.









Saturday, April 11, 2015

Linux - LD_LIBRARY_PATH has no effect if setuid/setgid flag is turned on for executable

If you ever encounter an error "library not found" when running a executable, and, you are very sure that you had setup LD_LIBRARY_PATH correctly, you may want to check if setuid/setgid flag is turned on for the executable.

If you are not sure what is setuid and setgid flag, below are from Wikipedia setuid Topic

setuid and setgid (short for "set user ID upon execution" and "set group ID upon execution", respectively)[1] are Unix access rights flags that allow users to run an executable with the permissions of the executable's owner or group respectively and to change behaviour in directories. They are often used to allow users on a computer system to run programs with temporarily elevated privileges in order to perform a specific task. While the assumed user id or group id privileges provided are not always elevated, at a minimum they are specific.
Now, the reason why executable with setgid/setgid flag turned on does not seem to pick up LD_LIBRARY_PATH environment setting is mentioned in the ld man page Environment section


LD_LIBRARY_PATH

A colon-separated list of directories in which to search for ELF libraries at execution-time. Similar to the PATH environment variable. Ignored in set-user-ID and set-group-ID programs.


So, this simply means that when setuid/setgid flag is turned on, the ld will ignore whatever value set in user LD_LIBRARY_PATH environment variable and use system default library path.

This is mainly for security reason. When setuid/setgid is used, it provides elevated privilege to run an executable. To prevent invoking user to have any way to alter the process, LD_LIBRARY_PATH is ignored.




Monday, March 23, 2015

Windows 7 - Windows 7 hangs on Classpnp.sys during boot up

If you encounter the following in Windows 7

1. After a Windows update, the machine restarted and hang on the Windows logo
2. Since it hangs at the Windows logo, you restart the machine and tries to boot up via Safe Mode (F8 during start up). But soon, you realize that it hangs when reading Classpnp.sys driver

This may be due to Windows update (mainly AHCI/IDE driver update) causes a break to the compatibility of your current hardware, or even, you have a lose hard disk cable.

To solved this issue, do the following

1. Shutdown your machine and restart.
2. Enter BIOS menu (F12, F2, DEL, etc.. depend on your machine manufacturer)
3. Go to Advanced -> SATA Controller Mode (This also depends on your machine manufacturer. Try to find SATA Controller configuration setting)
4. Change from AHCI to Compatibility
5. Save the configuration and restart the machine.

Reference
1. https://www.chrisnewland.com/solved-windows-7-hang-on-boot-classpnpsys-64

Thursday, February 5, 2015

Lotus Note - Mail folder modification does not synchronize to server

Under normal expectation, the changes made in your local mail folder (ie, mark as read, move mail to folder, add new folder, etc..) should be synchronized to the server so that additional mail clients (such as another Lotus Note mail client in a remote desktop) should pick up such modification.

If the above is not happening (ie, your remote desktop Inbox filled with unread message while you are very sure that you have read your email from a local machine), you may have a "Send Document To Server" replication setting turned off.

To fix this, do the following

1. Open Local Lotus Note client (the one you mostly use to make modification), access to your Inbox
2. Click on File -> Application -> Properties
3. Click on Replication Settings
4. Make sure "Send document to server" check box is checked