Stuff I'm Up To

Technical Ramblings

Debian Upgrading from an ISO File — November 7, 2018

Debian Upgrading from an ISO File

Kind of an unusual situation, but I have a Debian jessie box that has a terrible <2MB Internet connection, no CD/DVD and the USB stick I have I don’t want to overwrite and make bootable – it already has things on it I need. But it does have the capacity to hold the Debian DVD ISO #1.

How do you upgrade Debian from an ISO without being bootable?

Mount the USB Sick

First mount the USB Drive into your stretch environment so you can use the ISO it contains. You may want to check the output of dmesg to see what device name your stick has been given.

$ sudo mkdir /mnt/usb
$ sudo mount /dev/sdb1 /mnt/usb

Now we can see the ISO in the /mnt/usb folder

$ sudo ls -lh /mnt/usb

total 12G
-r-------- 2 root root 3.4G Nov 7 11:25 debian-9.5.0-amd64-DVD-1.iso

Mount the ISO

We can then mount the ISO into another folder under /mnt

$ sudo mkdir /mnt/iso

$ sudo mount -t iso9660 -o loop /mnt/usb/debian-9.5.0-amd64-DVD-1.iso /mnt/iso

We have a mounted ISO

$ sudo ls -lh /mnt/iso

total 1.5M
-r--r--r-- 1 root root 146 Jul 14 11:27 autorun.inf
dr-xr-xr-x 1 root root 2.0K Jul 14 11:27 boot
...

Edit Your Installation Sources

Next we edit the file /etc/apt/sources.list so it only contains the path to our ISO to install from. Take a copy of the original one or just comment out the existing lines.

deb file:///mnt/iso stretch main contrib

You may also want to check any source list files under sources.list.d and move them out whilst you upgrade.

Carry Out the Upgrade

Just continue as you normally would using upgrade/dist-upgrade to deliver your new OS. Making sure you do an update first so you read your news sources file.

$ sudo apt-get update

$ sudo apt-get upgrade

$ sudo apt-get dist-upgrade

Because you’re not getting the install from the internet and apt isn’t able to trust the source, you will have to accept to install the upgrades by ignoring the security warning.

When you’re done make sure you uncomment/put back the sources.list to point at the internet and replace the version with the new one eg. change jessie to stretch.

Advertisements
Java Decompiler — November 6, 2018

Java Decompiler

Today I’ve been working on a problem where properties being loaded into our CRM system from a GIS DTF file are doing some strange updates. It appears that the vendor in their wisdom has decided to populate user defined fields that we already use!

The Loader is written in Java, I have a .jar file and can extract the .class files, but they’re all compiled.

A bit of searching reveals an online decompiler I can use: http://www.javadecompilers.com/jad

I started using it to decompile one .class file at a time and quickly became bored. So tried the whole .jar file. It happily decompiled the file and returned a single zip file containing the decompiled .class files as .javafiles.

Now I can scan the .java files to find out what other SQL calls they are making to fill other fields we might be using.

DBeaver – SQL GUI —

DBeaver – SQL GUI

I’ve used a few SQL GUI’s over the years, SQuirreL, DBVisualizer, HeidiSQL, MySQL Workbench, but the one that stands out recently is DBeaver.

It’s got a community and enterprise edition. The community does everything I need and connects to all the SQL servers we use, Microsoft SQL, MySQL, Postgres/PostGIS.

Being Java based it’s cross platform, so you can use it in Windows too.

RADIUS Testing — November 5, 2018

RADIUS Testing

We have a need to authenticate a couple of devices via our Wifi access points with a RADIUS server. Right now I wanted to test things out using a MAC address authentication process. But for some reason we can’t get it working on the AP’s.

How do I test the RADIUS authentication policies are correct?

I recall using a RADCHECK program in Windows many years ago and figured Linux would probably have something similar. Sure enough a quick search means I can install freeradius-utils which includes radtest and radclient.

I needed to pass a number of RADIUS attributes and values with my test call and this is how I did it:

$ cat << EOF | radclient -x [radisuserver] auth [supersecretkey]
User-Name = 6894244B56EB
User-Password = 6894244B56EB
NAS-Port-Type = 19
NAS-Port = 0
Calling-Station-Id = SSID
EOF

This spoofed an auth call to the RADIUS server using the specified MAC address as user name and password and pretended the call was from a NAS-Port-Type of Wireless - 802.1x (19). I got the table of values from here: https://www.juniper.net/documentation/en_US/junos/topics/concept/subscriber-management-nas-port-type-overview.html

Statement Option NAS-Port-Type Value Description
value

0–65535

Number that indicates either the IANA-assigned value for the RADIUS port type or a custom number-to-port type defined by the user
adsl-cap

12

Asymmetric DSL, carrierless amplitude phase (CAP) modulation
adsl-dmt

13

Asymmetric DSL, discrete multitone (DMT)
async

0

Asynchronous
cable

17

Cable
ethernet

15

Ethernet
fddi

21

Fiber Distributed Data Interface
g3-fax

10

G.3 Fax
hdlc-clear-channel

7

HDLC Clear Channel
iapp

25

Inter-Access Point Protocol (IAPP)
idsl

14

ISDN DSL
isdn-sync

2

ISDN Synchronous
isdn-v110

4

ISDN Async V.110
isdn-v120

3

ISDN Async V.120
piafs

6

Personal Handyphone System (PHS) Internet Access Forum Standard
sdsl

11

Symmetric DSL
sync

1

Synchronous
token-ring

20

Token Ring
virtual

5

Virtual
wireless

18

Other wireless
wireless-1x-ev

24

Wireless 1xEV
wireless-cdma2000

22

Wireless code division multiple access (CDMA) 2000
wireless-ieee80211

19

Wireless 802.11
wireless-umts

23

Wireless universal mobile telecommunications system (UMTS)
x25

8

X.25
x75

9

X.75
xdsl

16

DSL of unknown type

 

ESXi 6.0 to 6.5 Upgrade — October 14, 2018

ESXi 6.0 to 6.5 Upgrade

This weekend has turned out to be a challenge. Upgrading our VMware Horizon 7 estate to the latest release involved upgrading all the components from connection servers, security server, composer, vCenter and vSphere hosts.

Last weekend was upgrading the connection servers, security server and composer. This weekend is vCenter and the vSphere hosts.

99.9% of the skills required are really about how strong your Google Fu is!

hongkongphoeey

My skills include Google-fu and Duck-Jitsu, but I’m a Bing-do novice!

Continue reading

Jira Token Error, Leading to Fisheye + Crucible Failure — October 12, 2018

Jira Token Error, Leading to Fisheye + Crucible Failure

Today Jira fell over. Not sure why, but the result was a token error which refused to let my user or admin accounts ability to login properly. I managed to logon, but none of the dashboard or menu items worked as it had this persistent token error.

I ended up rebooting the server and restart the two services for Jira and Confluence.

These use the regular service start and stop with systemctl start jira and systemctl start confluence.

Crucible however, uses a start and stop sh script.

As root starting Crucible from

# /home/crucible/fecru-4.4.7/bin/start.sh

Caused some very strange behaviour.

First thing I noticed was that I had lost all of the configuration and it had reverted to a blank database and launched the setup program when I visited the URL! Something clearly wrong there.

Next I thought I’d run it as the crucible user I setup for this purpose.

# sudo -u crucible /home/crucible/fecru-4.4.7/bin/start.sh

Even worse! Now not only was it empty but the log had all kinds of permissions errors.

The clue was, but what log am I looking at? I ended up with logs in the ~/fecru-4.4.7/var/log folder AND in ~/instance/var/log folder, but with different dates. It looks like I spannered the install somehow as logs should only be in the instance folder. Although I ran the start.sh script it must have been as the root user and therefore created my config under fecru* NOT instance. When I then ran it as the crucible user using sudo it did the same, but all the files were owned by root and caused the permission errors.

The outcome showed that the problem related to running sudo and not maintaining the environment variable for FECRU_INST which points to the instance folder. I fixed this by running visudo and set the rule to keep certain environment variables – in the same way as I would for a proxy server.

Edit the line:

Defaults        env_keep += "ftp_proxy http_proxy https_proxy no_proxy FISHEYE_INST"

I then had to make sure I moved the config.xml file and data folder that had been erroneously created under fecru into instance.

# mv fecru-4.4.7/config.xml instance
# mv fecru-4.4.7/data instance

Now when I run sudo for the crucible user it keeps the environment setting pointing to the install path, the instance path and all contained files must belong to crucible:crucible so chmod them:

# chmod crucible:crucible instance/* -R

Finally starting crucible with:

# sudo -u crucible /home/crucible/fecru-4.4.7/bin/start.sh

All is good once again.

 

  • fecru = FishEye + CRUcible
Proxy Fun and Games — October 11, 2018

Proxy Fun and Games

I seem to spend most of may day trying to sort out issues regarding getting different applications through the corporate proxy server. I’m really hoping one day we can setup a transparent proxy if for no other reason than to make our development lives easier.

At present we need use a browser proxy script (http://wpad/wpad.dat) to determine which of the corporate proxy servers to use. We have an internet proxy and a Gov’t gateway proxy. Depending where the user is trying to go determines which proxy they must use.

The script works just fine for 99% of our user base.

However, when it comes to the other 1% there’s need to tell not just the browser what proxy to use, but in the development world we need to inform the various development tools how to use a proxy too. This is where the pain is.

We need to setup a proxy in several places eg. for the operating system, for the browser, for Git, for NPM/Yarn, for Composer, for Java…

Operating System

Windows

Open a CMD/PowerShell window with Administrative permissions

C:> netsh winhttp set proxy http://username:password@192.168.0.117:8080 "<local>"

You may not need the username and password here as the OS will send your Windows credentials.

The <local> means bypass the proxy for any local address. You may add into that for other specific servers eg. "<local>,server.domain.tld"

Also set the Environment variables for the proxy

Windows Key + R

control sysdm.cpl,,3

Click the environment settings and add in the following settings to your user variables.

http_proxy=http://username:password@192.168.0.117:8080
https_proxy=http://username:password@192.168.0.117:8080
all_proxy=http://username:password@192.168.0.117:8080
no_proxy=localhost,domain.local,192.168.56.2

Linux

$ sudo vi /etc/envronment

http_proxy=http://username:password@192.168.0.117:8080
https_proxy=http://username:password@192.168.0.117:8080
all_proxy=http://username:password@192.168.0.117:8080
no_proxy=localhost,domain.local,192.168.56.2

Git proxy settings

$ git config --global http.proxy http://username:password@192.168.0.117:8080

You’ll probably need to ensure this is set for the sudo environment too if you ever have the need to install global requirements with npm.

$ sudo git config --global http.proxy http://username:password@192.168.0.117:8080

NPM proxy settings

$ npm config set proxy http://username:password@192.168.0.117:8080

Again you’ll probably need to ensure it’s replicated into sudo.

$ sudo npm config set proxy http://username:password@192.168.0.117:8080

This actually writes to a file in your home folder called .npmrc which you can edit if you need to put in some backslashes to escape and special characters in your password. eg. c:\Users\myuser\.npmrc or ~/.npmrc and the sudo version will write it into the root users home folder.

Yarn proxy settings

As Yarn is essentially npm on steroids it works the same way but writes to ~/.yarnrc

$ yarn config set proxy http://username:password@192.168.0.117:8080
$ sudo yarn config set proxy http://username:password@192.168.0.117:8080

Composer proxy settings

Thankfully this is capable of using the Operating System proxy environment variables. So if you set them as above for Windows and/or Linux you should be good to go.

Java proxy settings

This has it’s own rules just like all the others. But you may also run into Java applications having their own proxy settings too. Such as gradle which has it’s own properties file to setup the proxy. They all seem to be a similar pattern though, edit a properties file and add in:

http.proxyHost=192.168.0.117
http.proxyPort=8080
http.nonProxyHosts=localhost|127.*|[::1]|*.domain.local

Typically this is done in the JRE’s lib/new.properties file so it applies to Java globally. eg. My net.properties file is located under c:\Program Files\Java\jdk1.80_151\lib and has plenty of helpful commented examples on how to set things.

Under Debian my net.properties is located under /usr/lib/jvm/java-1.8.0-openjdk-amd64/jre/lib

They can also be passed to the Java command line as -D parameters eg.

$ java -Dhttp.proxyHost=192.168.0.117 -Dhttp.proxyPort=8080 -Dhttp.nonProxyHosts="localhost|domain.local"

 

Opening another Window with electron-vue — October 9, 2018

Opening another Window with electron-vue

Having entered the world of Electron and mashing it together with Vue.js using electron-vue I needed to figure out how to open another window from Electron and still have vue active within it and better yet, still have the hot module reloading active in that new window whilst developing it.

It was whilst trawling the electron-vue github issue page that I came across a golden nugget of code that answered the very question for me.

https://github.com/SimulatedGREG/electron-vue/issues/401#issuecomment-330656658

Quoted:

First of all, you need to disable mode: 'history' in your vue-router, check in vue-router docs

Then do the following:

src/main/index.js example

ipc.on('showChart', function (e, data) {
  const modalPath = process.env.NODE_ENV === 'development'
    ? 'http://localhost:9080/#/showChart'
    : `file://${__dirname}/index.html#showChart`
  let win = new BrowserWindow({ width: 400, height: 320, webPreferences: {webSecurity: false} })
  win.on('close', function () { win = null })
  win.loadURL(modalPath)
})

In your router, use the exactly path to your url

src/renderer/router.js example

{
  path: '/showChart',
  name: 'showChart',
  component: require('your-router'),
},

 

Local Git Repository — October 6, 2018

Local Git Repository

When working on a project at home I don’t necessarily want to host my Git repo online and don’t feel the need for installing a Gitlab server on my home network, but I do want to backup my projects to my cloud backup.

I also would like to not backup all the vendor resources with my project. So I’d like to exclude the node_module folder and other .gitignore content.

Whilst googling around I discovered I could just use a folder as a repo. Most people tend to do this onto a network file share, but my needs were simple. All I wanted to do was include my Git repo within the folders that are automatically backed up to the cloud.

Continue reading

When this isn’t this and becomes that — October 2, 2018

When this isn’t this and becomes that

I recently tried to assist a colleague with an issue in JavaScript involving an undefined variable within a Vue.js app.

Now I have encountered this issue several times and never really gotten to the crux of the matter other than I know it’s because the context of this changes, depending on where you are in your code.

It was during this tongue twisting exercise that he found a useful document that gives an outline more elegantly than I could phrase.

https://gist.github.com/JacobBennett/7b32b4914311c0ac0f28a1fdc411b9a7

Since arrow functions provide a lexical this value, the this inside our function() refers to the window instead of our Vue object which breaks our current implementation! When attempting to get this.item, we will actually be looking at window.item which is currently undefined.

electron-vue —
Adding Crucible to Jira — October 1, 2018

Adding Crucible to Jira

Continuing the Jira and Confluence journey into Crucible I faced a challenge of adding it beneath the same reverse proxy setup.

My aim was to end up with a single host with multiple URL’s for each feature eg.

https://jira.domain.local – for Jira Software

https://jira.domain.local/confluence – for Confluence

https://jira.domain.local/crucible – for Crucible

The documentation on how to achieve this was a little fragmented and whilst it made sense I failed to get things working first time round.

Continue reading