« Posts under Fedora

*nix commands I can’t do without

Unix/Linux/*nix survival 101

Let me start with the obvious: I’m definitely not a unix guru by any means. I do however use it on a daily basis for basic build/development oriented tasks, so I know enough to get by. Since my friend just installed his first ever linux distribution (CentOS, Huzzah!), I thought I’d write something up on some common unix commands that help me get through the day.

grep [command flags] [search text] [filename]

grep (global | regular expression | print) is the file text search command. Give it a regular expression and it will print out what it finds in the file indicated by filename. Here’s an example:

[root@bedrock some_jboss_folder]$ grep html readme.html
<!DOCTYPE html PUBLIC “-//W3C//DTD HTML 4.01 Transitional//EN”>
<meta content=”text/html” http-equiv=”content-type”>
<a href=”http://docs.jboss.org/html”>here</a>.</li>
<li><a href=”http://www.jboss.org/index.html?module=bb”>JBoss
Server  is licensed under the <a href=”lgpl.html”>LGPL</a>,

Some useful flags include -R (recurse into sub directories), -c (show just the total match count), -m NUM (return the NUM number of results), and -i (ignore upper/lower case).

ps aux | grep [search text]

This is a command you can use to get information about what processes the kernel is currently running. Adding the pipe after the ps command feeds the listing results to the grep search command. This is particularly useful when you want to look for a specific set of procs run by a user or script. Here’s an example:

[root@bedrock ~]$ ps aux | grep jboss
jboss 10910 0.0 0.1 4884 1176 ? S Feb04 0:00 /bin/sh /server/jboss/bin/run.sh -c services -b -Djava.net.preferIPv4Stack=true
jboss 10932 0.2 36.4 1089728 371456 ? Sl Feb04 31:43 java -Dprogram.name=run.sh -Xms128m -Xmx512m -XX:MaxPermSize=256m -Dorg.jboss.resolver.warning=true -Dsun.rmi.dgc.client.gcInterval=3600000 -Dsun.rmi.dgc.server.gcInterval=3600000 -Djava.net.preferIPv4Stack=true -Djava.endorsed.dirs=/server/jboss/lib/endorsed -classpath /server/jboss/bin/run.jar org.jboss.Main -c services -b -Djava.net.preferIPv4Stack=true
500 20300 0.0 0.0 4200 700 pts/0 S+ 20:43 0:00 grep jboss

ps (process status) fetches a list of running pocsses. ax flags the command to return a listing of all procs. u flags to also list the user that the proc is running as. I use the grep to figure out if a jboss server is up and running, and sometimes to see what input parameters it used on startup – like what ip it bound to : “-b”. The results above lists first the user and process id, and then information about the proc.

netstat -ntalp | grep [search text]

This command must be run as root, but it lets you get a listing of network ports that are currently in use. This is particularly useful when trying to figure out port conflicts or to see if a particular server is listening on the correct port.

[root@bedrock ~]# netstat -ntalp | grep java
tcp 0 0* LISTEN 10932/java
tcp 0 0* LISTEN 10932/java
tcp 0 0* LISTEN 10932/java
tcp 0 0* LISTEN 10932/java
tcp 0 0* LISTEN 10932/java
tcp 0 0* LISTEN 10932/java

You can grep for port, ip/domain, status etc.

kill [signal flag] [process id]

This is the standard “kill process”, “terminate it dead” command. Usually when a proc refuses to shut down and all hell is breaking loose, and you can’t take no for an answer, signal flag “-9” will insta kill the proc. You can get the process id from the “ps aux | grep” command.

root@bedrock jboss]$ kill -9 10932

Here I took the process id from the jboss script that was running from the ps aux | grep command example listed above. Use ps aux to figure out which process id you want to terminate.

./run.sh [args]

This is the standard syntax for invoking a script, assuming you have run privileges. In windows you’d just type in the name of the script, but in unix you should prefix the script name with “./”.

As Dave Cheney explains in a comment:

    The reason you have to put “./” as a prefix to a script in your current working directory is the search path for executable programs does not (generally) include “.”
    To the shell, “.” expands to the current directory so ./run.sh is equivalent to /home/kevin/run.sh (for example). As you have provided a full absolute path, the shell will not have to try the prefixes available in your $PATH environment.

So essentially, by adding the “./” before the script name you feed the shell a fully qualified executable path to the script you want to run, that way it doesn’t have to guess where your script is. So if the script is named run.sh and your current working directory is in a folder named bin, you can invoke it like this:

root@bedrock bin]$ run.sh -c services -b -Djava.net.preferIPv4Stack=true

If your script takes parameters, you can pass them into the script after the script name.

tail [-f or -NUM] [path to file]

tail is a command that outputs the contents of a file to the terminal window. If you use the “-f” flag, it’ll continuously read the file as its contents grows. If you feed it a line count like “-1000” it will output the 1000 most recent line entries of the file. We’ll say something like – “Hey, I’m gonna tail the logs while the server starts up”. This means we’re monitoring the logs using this tail command. And knowing is half the battle.

Musk explains a better alternative that allow you to drop out of follow and search:

    You do not need tail use less +F or press Shift-F while in less and it will follow the currently choosen file if content is added.

    Example: log.txt

    less +F log.txt and you will have the same behaviour as when using tail -f log.txt except that you can use CTRL+C to drop out of follow mode and then use the search features available in less.

chown -R [group].[user]

This changes a file or directory’s owners to a new group/owner. The -R flag tell is to recurse the command into sub directories.

root@bedrock jboss]$ chown -R jboss.jboss

This command will work assuming there is a group and user named jboss, and it will change all files and folders in the current directory and lower to jboss.

chmod -R [permissions] [filename/expression]

This will set the permissions for the implied files to the new set of permissions listed. The mode can be indicated as either a string explanation of what each group can do or a 4 octal digit equivalent number.

[root@bedrock some_jboss_folder $ chmod ug=rwx,o=rw readme.html
[root@bedrock some_jboss_folder $ chmod 0775 readme.html

In the first example, we set the file owner (u) and group (g) to allow read (r), write (w) and execute (x). Then we set everyone else’s (o) permissions to read and write only, no execute. In the second example, we set it to 0775, which is the octal digit representation of the first command. 0777 will set read/write/exectue permissions allowed to everyone, its the same as ugo=rwx.

vi [filename]

Basic text editor *nix usually ships with. It will open up the indicated file in read mode, and if it doesn’t exist will let you create a new text file without saving to disk. To enter editor mode, hit the Insert key, you can then edit the file. After you make your edits, hit the Escape key to get into command line mode. If you want to save the file, enter “:w”. If you then want to quit, type in “:q”.

[root@bedrock some_jboss_folder ]$ vi readme.txt
<li>lib/ – the same
static library jars with a few jars, as most have moved to top level common/lib</li>
“readme.txtl” 718L, 36365C written

ping -c [ip/domain]

Pings an ip or domain with a packet of data. Unlike the windows cousin, you have to either pass in the number of times to ping (-c NUM) or hit control+c to stop pinging.

[root@bedrock some_jboss_folder ]$ ping -c 4 localhost
PING localhost.localdomain ( 56(84) bytes of data.
64 bytes from localhost.localdomain ( icmp_seq=1 ttl=64 time=0.040 ms
64 bytes from localhost.localdomain ( icmp_seq=2 ttl=64 time=0.046 ms
64 bytes from localhost.localdomain ( icmp_seq=3 ttl=64 time=0.033 ms
64 bytes from localhost.localdomain ( icmp_seq=4 ttl=64 time=0.048 ms

— localhost.localdomain ping statistics —
4 packets transmitted, 4 received, 0% packet loss, time 3000ms
rtt min/avg/max/mdev = 0.033/0.041/0.048/0.009 ms


This command takes over your terminal window and fills it with a listing of all the procs that are currently running, along with instruction crunching information. Hitting the < and > will scroll you through the results. q will quit top, returning you to the linux prompt. This is what it looks like:

top – 23:12:30 up 40 days, 16:38, 1 user, load average: 0.06, 0.02, 0.00
Tasks: 158 total, 1 running, 121 sleeping, 36 stopped, 0 zombie
Cpu(s): 0.0%us, 0.2%sy, 0.0%ni, 99.8%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
Mem: 1018232k total, 1003040k used, 15192k free, 138436k buffers
Swap: 2064376k total, 30236k used, 2034140k free, 312912k cached

2165 smmsp 20 0 9208 748 640 S 0.0 0.1 0:00.40 sendmail
1359 rpcuser 20 0 2988 560 556 S 0.0 0.1 0:00.03 rpc.statd
1346 rpc 20 0 2404 556 504 S 0.0 0.1 0:02.62 rpcbind
1 root 20 0 2012 624 560 S 0.0 0.1 0:04.71 init

man [command name]

If you need more detail on a specific command, you can get help from the unix manual by invoking man:

[root@bedrock ~]# man top
TOP(1) Linux Userâs Manual TOP(1)

top – display Linux tasks

top -hv | -bcHisS -d delay -n iterations -p pid [, pid …]

The traditional switches â-â and whitespace are optional.

The top program provides a dynamic real-time view of a running system. It can display system summary informa-
tion as well as a list of tasks currently being managed by the Linux kernel. The types of system summary
information shown and the types, order and size of information displayed for tasks are all user configurable
and that configuration can be made persistent across restarts.

ls [list flag] [path to directory]

This prints out a listing of the indicted directory’s contents, or the current directory if no path is supplied. -l lists one file/directory per line of output, and -a lists everything including files that start with a period.

[root@bedrock ~]# ls -la
total 168
drwxr-x—. 10 root root 4096 2009-11-20 23:09 .
drwxr-xr-x. 30 root root 4096 2010-02-07 22:32 ..
-rw——-. 1 root root 1675 2009-11-11 18:55 anaconda-ks.cfg
-rw——-. 1 root root 21354 2010-02-10 03:39 .bash_history
-rw-r–r–. 1 root root 18 2009-03-30 07:51 .bash_logout
-rw-r–r–. 1 root root 176 2009-03-30 07:51 .bash_profile
-rw-r–r–. 1 root root 176 2004-09-22 23:59 .bashrc
drwx——. 3 root root 4096 2009-11-12 02:17 .config
-rw-r–r–. 1 root root 100 2004-09-22 23:59 .cshrc
drwx——. 3 root root 4096 2009-11-11 19:06 .dbus

cat [filename1] [filename2] > [outputfile]

cat lets you concatenate and output the contents of a file of multiple files to the terminal window, or write it to a file if you include the “>” operator. Thanks Kevin. Here’s an example:


[root@bedrock ~]# vi test.txt
concatenate me!
this is a test


[root@bedrock ~]# vi concatenate.txt
a file that needs to be concatenated



[root@bedrock ~]# cat test.txt concatenate.txt > output.txt

The result

[root@bedrock ~]# more output.txt
concatenate me!
this is a test
a file that needs to be concatenated


sed -i ’s/[some_text/other_text]/’ [filename]/

sed – stream editor for filtering and transforming text (blatantly stolen from “man sed”‘s documentation). This command will replace “some_text” with “other_text” in the file indicated. One occurrence per line is replaced. Thanks for this one Silvery.

Consider the file “test.txt”:

[root@bedrock jboss]# more test.txt
this is a file
this ia another file
lets faceroll files

And this is what happens when we run sed on it:

[root@bedrock jboss]# sed -i ‘s/file/folder/’ test.txt
[root@bedrock jboss]# more test.txt
this is a folder
this ia another folder
lets faceroll folders
[root@bedrock jboss]#


more/less – enables you to view the contents of a file within a page on the screen. Once you are browsing the contents, you can hit “s” or “f” to scroll multiple lines of text. “v” will fire up an editor at the current line you’re working on. If you have a large list of files and want to check them one page at a time, you could try “ls | less”. Thanks again Kevin.


Clears the visible screen of text, starting your prompt at the top of the window.

mkdir [directory name]

This command simply creates a directory with default permissions and ownership.

cp -R [source] [destination directory]

Copies a file/folder from one location into another. -R flags to copy recursively.

mv [source] [destination directory]

Renames a source directory or folder to a new location/name.

rm -Rf [folder/file]

Deletes a file. -R flags to delete recursively. When invoked on a directory it would normally go line by line asking you if you want to delete such-and-such file, use the “f” flag to force delete and skip the file by file questions.

cd [path to new directory]

cd changes the current directory to the path indicated. A “..” means to move up one directory. If the path begins with “/” it means start from the disk root folder. Anything else implies a relative path to the new folder.

– -color=auto

In his comment, Ryan Fox points out:

    The `- -color=auto` option adds colour to the output of some commands, like ls or grep. In ls, the colours change depending on the file type, permissions, etc. In grep, it will highlight the text that matched your regex.

Here’s an example:

[root@bedrock jboss]# ps aux | grep jboss – -color=auto
root 5215 0.0 0.0 4200 712 pts/1 S+ 05:56 0:00 grep jboss –color=auto
jboss 10910 0.0 0.1 4884 1176 ? S Feb04 0:00 /bin/sh /server/jboss/bin/run.sh -c services -b

Open ended

I’m sure there must be other useful commands I have missed. If anyone has any other suggestions to add/edit these entries, please feel free to comment and I’ll update accordingly.

Install Fedora


“Fedora is a Linux-based operating system that showcases the latest in free and open source software. Fedora is always free for anyone to use, modify, and distribute. It is built by people across the globe who work together as a community: the Fedora Project. The Fedora Project is open and anyone is welcome to join.” – from the Fedora homepage

I’m using this to run jboss 5.1, postgres, mysql and all my other goodies. Why Fedora? No real reason in particular, other than I wanted to have experience working with more than one flavor of linux, since I use CentOS at work. CentOS is more of an enterprise OS, it’s objective being to provide a free version of the higher end Red Hat Enterprise Server, minus a big chunk of the costs. Back to fedora – basically its the experimental-ish, advanced stomping grounds for Red Hat Enterprise Linux. Red Hat only supports its own branded version of linux, while Fedora is more of a community driven project, with releases churned out every 6 months.

I’m currently using Fedora 11, even though Fedora 12 is already out as I type this. I’m not sure if im going to update anytime soon, as OS upgrades can always be scary and stuff can be expected to break or stop working.

Installing fedora

Setting up Fedora is fairly straight forward. Download it, burn it onto a DVD, stick it into computer you want to install on, and reboot. If you are set up to boot from the disc media, it will run the Fedora installer program thing and give you a few options. I wound up performing a full install and created new hard disk partitions, essentially wiping everything and starting from scratch. You will create a root account password during the setup – remember to write it down for future use, you will be making lots of admin level type of changes in the near future.

Once you are installed, you’ll need to know how to log in as the root user:

[user@bedrock ~]# su –

you will be prompted for the root password, enter it and you’ll be in.

[root@bedrock ~]#

Now you’re ready to start linuxing. Enjoy!

Set up multiple IPs on a single NIC

Why multiple IP’s on a single Network Interface Card?

If you want to run different instances of the jboss application server on the same linux machine you will need to figure out how you want to avoid port conflitcs. You can either change each instance’s ports on a per instance basis or you can instead set up a separate ip address for each instance and preserve all the default ports that jboss ships with.

For example, jboss by default runs off port 8080, and also consumes a number of other ports such as 8083 for RMI, 1098 for the JNP server, 1099 for something else etc. If you configure the profile xml files (/jboss-install-dir/server/configured-instance/conf/profile.xml), you can change these port configs to instead map to 8180, 8183, 1198, 1199 etc, offsetting each instance’s port use by 100 so they don’t step all over each other when the servers are running.

The other way is to have jboss startup and bind to a totally separate hostname/ip address, one hostname/ip set up for each server instance. This way you don’t have to worry about breaking out all the port numbers and shifting them by digits so they don’t overlap instances.

Essentially this is the setup we are looking for:

Adapter    IP Address    Type
eth0    Primary
eth0:0    Alias 1

Ok, how do I start?

First, create the ethernet alias configuration script:

[root@bedrock ~]# cd /etc/sysconfig/network-scripts
[root@bedrock sysconfig]# vi ifcfg-eth0:0

paste the config, editing the IPADDR field to the static ip

NAME="System eth0:0"

verify the new config:

[root@bedrock sysconfig]# more ifcfg-eth0:0

restart network

[root@bedrock sysconfig]# service network restart

I found that rebooting the box will cause problems because the OS does not always initialize the ethernet alias on reboot, even though the command is there: “ONBOOT=yes”. run ifconfig to see if your alias is running:

[root@bedrock ~]# ifconfig

eth0      Link encap:Ethernet  HWaddr 00:00:00:00:00:00
          inet addr:  Bcast:  Mask:
          RX packets:133920 errors:0 dropped:0 overruns:0 frame:0
          TX packets:111651 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:16169402 (15.4 MiB)  TX bytes:14998262 (14.3 MiB)

lo        Link encap:Local Loopback
          inet addr:  Mask:
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:168963 errors:0 dropped:0 overruns:0 frame:0
          TX packets:168963 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:88273577 (84.1 MiB)  TX bytes:88273577 (84.1 MiB)

if the alias is correctly running you will see an entry that looks something like this:

eth0:0    Link encap:Ethernet  HWaddr 00:00:00:00:00:00
          inet addr:  Bcast:  Mask:

To get around this, have your setup initialize the ethernet alias at the end of startup – edit your rc.local file:

[root@bedrock ~]# vi /etc/rc.d/rc.local

Add the ifup eth0:0 command somewhere in here:

# This script will be executed *after* all the other init scripts.
# You can put your own initialization stuff in here if you don't
# want to do the full Sys V style init stuff.

touch /var/lock/subsys/local

ifup eth0:0

save the changes, and then when you reboot, the ethernet alias we just created will initialize and jboss will be able to bind to the new ip without a hitch.

How to bind Jboss to a particular IP on startup

Slight tangent, but seems relevant since I’ve noticed some people snooping around for this info. If you set up multiple ips/domains on your linux box and want to bind a particular jboss instance to one of the available ips or domains, you can do so by adding a startup parameter to the jboss startup script. This is what my jboss service run script looks like while its running:

/server/jboss/bin/run.sh -c services -b -Djava.net.preferIPv4Stack=true

Of course, the service script wraps the run.sh script that ships with jboss (located as /jboss/bin/run.sh). That script looks like this when its running:

java -Dprogram.name=run.sh -Xms128m -Xmx512m -XX:MaxPermSize=256m -Dorg.jboss.resolver.warning=true -Dsun.rmi.dgc.client.gcInterval=3600000 -Dsun.rmi.dgc.server.gcInterval=3600000 -Djava.net.preferIPv4Stack=true -Djava.endorsed.dirs=/server/jboss/lib/endorsed -classpath /server/jboss/bin/run.jar org.jboss.Main -c services -b -Djava.net.preferIPv4Stack

If you startup jboss with the “-b” flag, jboss will attempt to bind the following ip/domain listed. In the scripts above, it binds to If you I had the dns set up I could also bind it to a resolvable domain name like this: -b jboss.mydomain.com.

In practice, you would set up one jboss service script for each configured instance you want to run, and hardcode into the instance run script the bind address you want it to use.

Take a look at a this jboss service script I use. It’s very similar to the one jboss ships with, but I added a few params and made it so on boot, it would move the old logs and time stamp them.

Xenocafe.com: Bind Multiple IP Addresses to a Single Network Interface Card (NIC)
Fedora documentation on ethernet configuration

Set up IP Tables

IP Tables is software that ships with most linux OS’s and is used as a firewall to control the flow of traffic in and out of the machine. Its design is meant to allow for chaining rules so that rules that appear farther down take precedence over the rules that appear at the top. Editing these rules can be a bit scary, and there is usually a gui tool that can be used to configure this. In fact the file itself recommends use of the visual tool for creating rules. In case you have a healthy dose of confidence, here’s how to open up ports manually with a text editor.

[root@bedrock ~]# vi /etc/sysconfig/iptables

You’ll see a bunch of text. I’m not 100% sure what each line means but I understand that its somehow based of a chained set of rules that modify/allow/affect all network traffic. We’re going to add 2 rules here:

-A INPUT -m state --state NEW -m tcp -p tcp --dport 5432 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 8080 -j ACCEPT

You’ll want to add these near other ACCEPT commands are placed. Location is important because of the way the rules chain. Don’t quote me on that. Basically, these are rules that open up and allow network access across 2 ports – 8080 and 5432, jboss and postgres respectively. Finally, you’re going to need to restart iptables for the changes to take effect:

[root@bedrock ~]# service iptables restart

Install mod_jk

Use mod_jk to bridge apache and Jboss

mod_jk is an apache extension that you can use to redirect incoming http requests to an application server. It lets you configure multiple applications servers by virtual host urls, and provides a means of setting up load balancing preferences between application servers. It’s very useful because it lets apache do what it does best – serve up http requests. Well, its good at serving up html too but apache will usually do a much better job of handling load balancing that most application servers. Let the web server handle http, and let the application server handle the business logic number crunching.

mod_jk 1.2.x is supposedly better than 2.0. Why? Ok, now that I understand why, on with installing mod_jk 1.2.x

Build/Install mod_jk

To start, make sure apache and mod_jk are installed. you can use the yum installer to make sure you have apache 2 installed. you might need to also make sure you have the http-devel package installed if you are going to build mod_jk binaries.

[root@bedrock native]# yum install httpd-devel

This should install the current version of apache. We’re going to also have to download the connectors and build them since there are no binary distributions available for fedora. Download the source code here.

Once its downloaded, untar and gunzip the file:

[root@bedrock native]# tar -zxvf tomcat-connectors-1.2.28-src.tar.gz

cd into the uncompressed folder, and compile the package

[root@bedrock native]# cd native
[root@bedrock native]# ./configure –with-apxs=/usr/sbin/apxs (or where ever the apxs/apxs2 is)
[root@bedrock native]# make
[root@bedrock native]# make install

Configure mod_jk

Now that it’s built, we can set up apache to use mod_jk. We’ll need to add/modify the mod-jk.conf file first:

[root@bedrock conf]# vi /etc/httpd/conf.d/mod-jk.conf

You an get the full text file from the jboss wiki. Normally, declarations like these go in the http.conf file, but apache these days has a felxible configuration architecture that allows you to break up configuration as long as its listed in the “/etc/httpd/conf.d/” directory. If you have that mod-jk.conf file in there, you’ll want to edit this mod-jk.conf file in order to configure the exact way you want mod_jk to handle your hosts/ip/port setup.

# Load mod_jk module
# Specify the filename of the mod_jk lib
LoadModule jk_module modules/mod_jk.so

# Where to find workers.properties
JkWorkersFile conf/workers.properties

<Location /jkstatus>
	JkMount status
	Order deny,allow
	#Deny from all
	Allow from .domain.com

# for virtual hosts, specify the alias by ip

# and map them to domains to listen for
# the JKAutoAlias maps an alias you can map in uriworkermap.properties
  ServerName first.domain.com

	JkMount               /* myapp1
	JkAutoAlias           /myapp1

  ServerName second.domain.com

	JkMount               /* myapp2
	kAutoAlias           /myapp2

You will also want to configure your workers and uriworkermap property files:

[root@bedrock conf]# vi /etc/httpd/conf.d/workers.properties

# Define the list of workers that will be used

# Define myapp1
# modify the host as your host IP or DNS name.
# more info here: http://tomcat.apache.org/connectors-doc/reference/workers.html
worker.myapp1.prepost_timeout=10000 #Not required if using ping_mode=A
worker.myapp1.connect_timeout=10000 #Not required if using ping_mode=A
worker.myapp1.ping_mode=A #As of mod_jk 1.2.27

# Define myapp2
# modify the host as your host IP or DNS name.
worker.myapp2.prepost_timeout=10000 #Not required if using ping_mode=A
worker.myapp2.connect_timeout=10000 #Not required if using ping_mode=A
worker.myapp2.ping_mode=A #As of mod_jk 1.2.27

You will want to fine tune this to your particular setup. The full connector property reference can be found on the apache connectors website.

Next you’ll want to map the host contexts for your particular configuration. Remember the JKAutoAlias we configured earlier in the VirtualHost config? We’ll want to map those virtual aliases to actual contexts, and worker nodes in uriworkermap.properties:

# Simple uriworkers.properties config
# Mount the Servlet context to the ajp13 worker



In this notation we have to add each context twice, one to map the root of the context, and a second one to map everything underneath – that’s what the * at the end of the second mapping refers to.

Don’t forget that you can debug the mod_jk setup by tailing the apache logs:

[root@bedrock conf.d]# tail -500 /var/log/httpd/mod_jk.log


[root@bedrock conf.d]# tail -500 /var/log/httpd/error.log

Complete files

Download Tomcat-Apache Mod_jk connectors
how to untar/build mod_jk src distributions
documentation on how to configure mod_jk to work with jboss
the Apache connector property reference guid
the apache workers.property reference guide

Configre Sendmail

If you need a simple MTA that will send mail across the internet, sendmail is a commonly used provider. It ships with most linux distributions and can be configured with relative ease. The other competing out of the box solution is postifix. Which on to pick? Probably postfix, but I was in a hurry and dived in to how to configure sendmail first. I guess eventually I’ll get around to setting up postfix.

Open up the sendmail configuration file:

[root@bedrock ~]# vi /etc/mail/sendmail.mc

Uncomment the flag that bars accepting unresolvable domains:

dnl # We strongly recommend not accepting unresolvable domains if you want to
dnl # protect yourself from spam. However, the laptop and users on computers
dnl # that do not have 24x7 DNS do need this.
dnl #
dnl # FEATURE(`accept_unresolvable_domains')dnl
dnl #


FEATURE(`accept_unresolvable_domains') dnl

comment out the localhost mapping so sendmail will listen to all lookups

dnl # The following causes sendmail to only listen on the IPv4 loopback address
dnl # and not on any other network devices. Remove the loopback
dnl # address restriction to accept email from the internet or intranet.
dnl #
DAEMON_OPTIONS(`Port=smtp,Addr=, Name=MTA')dnl


dnl # DAEMON_OPTIONS(`Port=smtp,Addr=, Name=MTA') dnl

This will allow sendmail to relay emails generated from domains that can’t be resolved. Like a computer on your network with an IP address, and no domain name attached to it. Flagging this means it will accept requests from anyone that tells it to send email. This is something spammers would love to abuse so we can stop them by setting up who is allowed to generate emails –

[root@bedrock ~]# vi /etc/mail/access

# By default we allow relaying from localhost...
Connect:localhost.localdomain RELAY
Connect:localhost RELAY
Connect: RELAY
192.168.1 RELAY

Assuming I only want anything on my local network (ie: 192.168.1.x) to be allowed to send email, I can add that last line to configure sendmail to allow emails from my network to relay messages to the outside world.

Now, I should be able to use this smtp server to send email to anyone I want. Don’t break any laws. You’ve been warned.

Setting up a Subversion server

Subversion is a code repository management system that is very similar to CVS, with some additional features that make it a more complete solution. Here’s a short list:

  • svn is able to track changes to files when they change names. CVS will break all historical information when this happens, effectively baring the ability to roll back any items when the containing folder is renamed.
  • with svn commits are implemented as atomic, transactional units of work while cvs does not. With CVS, if there is a large commit happening, and the internet connection is interrupted or something goes wrong, the repository can corrupt causing all kinds of mayhem, leaving the repo in a strange, sometimes unusable state. Not likely to happen, but not something anyone would want to spend a few hours fixing either.
  • svn supports more than just text files. CVS was designed only to support text so images, pdfs, and binary data when diff’d (compared “line by line” to detect differences) between 2 versions, the binary representation comes out all garbled looking and ends up usually a pretty useless action

If you end up upgrading to svn, you’ll need to change all your ant build scripts to make sure they use svn to build and compile, and that you update the repository information and users to the new setup. SVN uses apache and allows for a lot of coll features out of the box like being able to browse your repository from the web, much in thanks to apache because svn uses the http protocol combined with webdav to allow for file uploads, authentication, stuff like that. There is also a lot of community support as well as third party plugins for both svn and IDE platforms like eclipse and netbeanz etc.

So here’s how to set it up:

make sure subversion is installed

[root@bedrock ~]# yum install subversion
[root@bedrock ~]# yum install mod_dav_svn

create your repository

[root@bedrock ~]# mkdir /svn/repos/your_repository

create your svn repository

[root@bedrock ~]# svnadmin create /svn/repos/your_repository

set the permissions

[root@bedrock ~]# chown –R apache:apache /svn

fix the SUSElinux permissions stuff

[root@bedrock ~]# chcon -h system_u:object_r:httpd_sys_content_t /svn
[root@bedrock ~]# chcon -R -h root:object_r:httpd_sys_content_t /svn

set up the apache location configuration

[root@bedrock ~]# vi /etc/httpd/conf.d/subversion.conf

<Location /svn>
   DAV svn

   # any "/svn/repoX" URL will map to a repository /svn/repos/repoX
   SVNParentPath /svn/repos

#   Limit write permission to list of valid users.
#     Require SSL connection for password protection.
#     SSLRequireSSL

      AuthType Basic
      AuthName "Openscope SVN Repository"
      AuthUserFile /svn/authentication/passwords
      Require valid-user

#      AuthzSVNAccessFile /svn/authentication/svnauth

set up the subversion users

[root@bedrock ~]# htpasswd -cb /svn/authentication/passwords user1 password1
[root@bedrock ~]# htpasswd -b /svn/authentication/passwords user2 password2

Note: the switch -c creates the password file, -b flags to batch process the password from the command line (won’t prompt the user for a password). More about how to use htpassword here.

restart the apache service

[root@bedrock ~]# service httpd restart

you should be good to go.

Set up postgres

Most linux oses come with postgres and mysql out of the box. If yours doesn’t or you want to run a newer version than the the one your os comes with you should be able to install it using the yum installer. Fedora 11 comes with a visual installer you can use to pick and choose what rpms you want running on your machine. Once you have postgres installed on your box you’ll want to initialize some dbs stuff:

[root@bedrock ~]# service postgresql initdb

open up postgres to listen to domains other than localhost:

[root@bedrock ~]# vi /var/lib/pgsql/data/pg_hba.conf

# connect from anywhere but use a cleartext password
host    all         all             password

There are a lot of flexible options you can use to configure permissions for logging into the database, ip restrictions, usernames, domains, authentication policies, its quite extensive. The pg_hba.conf file has a lot of examples you can gloss over and apply as you like. Once you’ve figured this out you’ll want to fire up the service:

[root@bedrock ~]# service postgresql start

also make sure the postgres service is flagged to fire up on boot:

[root@bedrock ~]# ntsysv

Then you’ll want to log into the database and set up some permissions:

[root@bedrock ~]# psql -d template1 -U postgres

Welcome to psql 8.3.8, the PostgreSQL interactive terminal.

Type:  copyright for distribution terms
       h for help with SQL commands
       ? for help with psql commands
       g or terminate with semicolon to execute query
       q to quit

template1=# create database new_database_dev;
template1=# grant all privileges on database new_database_dev to admin;

template1=# create user developer with password 'somepassword';

template1=# alter user developer with password 'password';

and that’s it, you should be ready to work with your new postgres database.

Untar a file

Short and sweet:

tar -zxvf foo.tar

this will extract the tar’d files into the current working directory.

Most tar balls will ask you to do something like the following in order to build the contents for your target platform:

make install

Some builds will require some kind of different variant of the above – for example the apache mod_jk build will ask you to run the following ./configure command with some additional flags:

For the impatient Apache admins:
$> cd native
$> ./configure --with-apxs=/usr/sbin/apxs (or where ever the apxs/apxs2 is)
$> make
$> su -c 'make install'

Make sure to read all documentation so you don’t end up creating binaries that can’t run on your platform.