Pages
Thursday, November 26, 2009
Retrieving a server public SSL key on Solaris 10 (such as GMail's)
Tuesday, November 24, 2009
Protecting workflow transitions in JIRA
- Define a new status: Waiting for feedback
- Define a new step: Waiting for feedback
- Create new transitions to and from this new workflow state.
Leveraging JIRA's powerful administration console the new workflow was defined in just a few minutes. Once done, I defined a new workflow scheme and associated to some of my new projects.
It was with some surprise that I realized that the new transition wasn't restricted to developers: it was there for everyone to trigger. Obviously, I'd overlooked something in the configuration so that I checked the permissions and everything seemed to be fine until I realized what was wrong: workflow transitions are protected by conditions. In my case, I required that only the issue assignee could trigger a transition.
Although the workflow was being used, creating a draft workflow was a no brainer. In the draft workflow I added the required condition:
Once done, I published the new workflow. JIRA quickly converted the existing issue to the new workflow and the error was corrected without even bringing the project down.
Sunday, November 22, 2009
Configuring Sendmail to Relay Messages from Other Servers
Index
Part 1. Configuring Sendmail on Solaris 10
Part 2. Configuring Sendmail to Masquerade Your Messages
Part 3. Configuring Sendmail to Relay Messages to Another Server
Part 4. Configuring Sendmail to Relay Messages from Other Servers
Introduction
In the previous post you've learnt how to configure Sendmail to relay messages to another server. Now, such a server should be probably be configured to accept incoming messages to relay from other servers. Solaris 10 Sendmail default configuration does not allow message relay and proper configuration must be applied to Sendmail.Configuring Relay for Hosts and Domains
The quickest way to have Sendmail relay messages for other domains is by modifying the /etc/mail/relay-domains file. Sendmail will relay mail for every domain listed in that file. If you want your server to relay messages for domain a.com, b.com and c.com, just insert the corresponding lines into /etc/mail/relay-domains and restart your Senmail instance:# cat /etc/mail/relay-domains
a.com
b.com
c.com
Configuring the Access Database
If you want to relay messages from specific hosts (as well as domains and networks) you can use the access database. The access database lists email addresses, network numbers and domain names and a rule. Available rules are:- OK: Accept mail even if other rules in the running ruleset would reject it.
- RELAY: Accept mail addressed to the indicated domain or received from the indicated
domain for relaying. - REJECT: Reject the sender or recipient with a general purpose message.
- DISCARD: Discard the message completely using the $#discard mailer.
- (A RFC-821 compliant error text): Return the error message.
If you want your Sendmail to relay mails for a domain or from some specific hosts, modify your /etc/mail/access accordingly:
your-domain RELAY
192.168.0 RELAY
another-domain RELAY
unwanted-host REJECT
Once done, you have to generate the access db with the following command:
# makemap hash /etc/mail/access.db < /etc/mail/access
Enabling the Access Database
To have your Sendmail use the access database, you must properly configure it adding the access_db feature to its configuration file:# cat your-file.mc
[...snip...]
FEATURE(`access_db')
[...snip...]
Restart your Sendmail and enjoy!
A Word of Warning: DNS Configuration
Sendmail often requires that host name you use in your configuration files (such as the access database) are properly configured in your name server, both for lookup and reverse lookup. I hope this will spare you some headache while debugging.Configuring Sendmail to Relay Messages to Another Server
Index
Part 1. Configuring Sendmail on Solaris 10
Part 2. Configuring Sendmail to Masquerade Your Messages
Part 3. Configuring Sendmail to Relay Messages to Another Server
Part 4. Configuring Sendmail to Relay Messages from Other Servers
Introduction
Sometimes you just need to configure your Sendmail to relay messages to another server. I often use such a configuration to centralize Sendmail configuration: if something had to change I would just need to change a reduced number of configuration files. For example, I made heavy use of Solaris Zones technology. Unless particular configuration is needed, whenever I create a new zone, I just configure its Sendmail to relay messages to another server (which is, incidentally, one of the preconfigured Sendmail zones we use).Setting Up a Sendmail Smart Host
Setting up Sendmail to relay messages to another server is pretty easy. Modify your configuration file and use the following macro:[...snip...]
define(`SMART_HOST', `your-smart-host')
[...snip...]
The smart host is the host this instance will relay messages to. This macro will be translated into a DS statement in your Sendmail configuration file. You should never modify .cf files directly: always compile .mc files! By the way, sometimes is useful to know .cf syntax if you need to interpret existing .cf files when you've lost the corresponding .mc files (something that should never pass to a seasoned System Administrator).
Configuring Sendmail to Masquerade Your Messages
Index
Part 1. Configuring Sendmail on Solaris 10
Part 2. Configuring Sendmail to Masquerade Your Messages
Part 3. Configuring Sendmail to Relay Messages to Another Server
Part 4. Configuring Sendmail to Relay Messages from Other Servers
Sendmail Masquerading
Now that you've got your Sendmail up and running it's time to do some tweaking. If you try and send mail from your host, you'll notice that messages are sent from an address such as your-user-name@hostname.your.domain. That's not probably what you want (that address isn't probably even reachable from the outside) and you'd rather like: your-user-name@your.domain. Fine, that feature is called masquerading. To masquerade outgoing mail you can use the MASQUERADE_AS and MASQUERADE_DOMAIN macros, as in the following example:divert(0)dnl
VERSIONID(`@(#)sendmail.mc 1.11 (Sun) 06/21/04')
OSTYPE(`solaris8')dnl
DOMAIN(`solaris-generic')dnl
define(`confFALLBACK_SMARTHOST', `mailhost$?m.$m$.')dnl
MASQUERADE_AS(`your-domain.com')dnl
FEATURE(`masquerade_envelope')dnl
FEATURE(`masquerade_entire_domain')dnl
FEATURE(`always_add_domain')dnl
MASQUERADE_DOMAIN(`your-domain.com')dnl
MAILER(`local')dnl
MAILER(`smtp')dnl
LOCAL_NET_CONFIG
R$* < @ $* .$m. > $* $#esmtp $@ $2.$m $: $1 < @ $2.$m. > $3
Restart your sendmail and the job is done.
Configuring Sendmail on Solaris 10
Index
Part 1. Configuring Sendmail on Solaris 10
Part 2. Configuring Sendmail to Masquerade Your Messages
Part 3. Configuring Sendmail to Relay Messages to Another Server
Part 4. Configuring Sendmail to Relay Messages from Other Servers
Introduction
Whoever tried to get Sendmail up and running will agree that taming Sendmail requires black magic. I won't even try to enter into Sendmail internal and details: I don't master it and conform with being able to configure my Solaris box (and zones) to fulfill my needs. Nevertheless, I'll admit that Sendmail has got its own spell and felt compelled to keep on reading on to discover what Sendmail is capable of.Verifying Sendmail State and Starting It Up
Solaris 10 Sendmail is configured as an SMF-managed service. To check sendmail status you can use:$ svcs \*sendmail\*
STATE STIME FMRI
online 14:19:23 svc:/network/smtp:sendmail
If Sendmail were not enabled, just use svcadm to bring it up:
# svcadm enable svc:/network/smtp:sendmail
Configuring Sendmail for Open Mode
Solaris 10 Sendmail configuration is such that Sendmail will only run in local mode, thus rejecting connections from other hosts. If you want to review Sendmail default Solaris 10 configuration, you can use:# svccfg -s svc:/network/smtp:sendmail listprop
[...snip...]
config/local_only boolean true
[...snip...]
If you're curios, SMF properties are used by SFM methods. A closer examination to Sendmail startup script in Solaris 10, indeed, reveals the following:
local=`/usr/bin/svcprop -p config/local_only $SMF_FMRI 2>/dev/null`
if [ $? = 0 -a "$local" = "true" ]; then
OPTIONS="$OPTIONS -C /etc/mail/local.cf"
fi
If you want to configure your Sendmail to work in open mode you can run the following:
# svccfg -s svc:/network/smtp:sendmail setprop config/local_only= boolean: false
# svcadm restart svc:/network/smtp:sendmail
Solaris 10 Default configuration
If you inspect the default sendmail.mc file for Solaris 10 you'll find the following:divert(0)dnl
VERSIONID(`@(#)sendmail.mc 1.11 (Sun) 06/21/04')
OSTYPE(`solaris8')dnl
DOMAIN(`solaris-generic')dnl
define(`confFALLBACK_SMARTHOST', `mailhost$?m.$m$.')dnl
MAILER(`local')dnl
MAILER(`smtp')dnl
LOCAL_NET_CONFIG
R$* < @ $* .$m. > $* $#esmtp $@ $2.$m $: $1 < @ $2.$m. > $3
Local and smtp mailers are on and you should be able to send mail, both locally and remotely, from such a host. Unless you configure your perform additional configuration, you won't be able to connect remotely to this instance, nor using such an instance as a mail relay. Naturally, some tweaking is usually required and it will be performed with the procedure described in the following sections.
Building a Configuration File for Sendmail
To build a configuration file for your Sendmail you can perform the following:- Temporarily disable your Sendmail:
# svcadm disable -t svc:/network/smtp:sendmail
- Go to Sendmail configuration templates directory:
# cd /etc/mail/cf/cf
- Start with a fresh file and write your configuration down:
# cp sendmail.mc your-file.mc
Compile your file:
# /usr/ccs/bin/make your-file.cf
Test your configuration:
# sendmail -C your-file.cf -v your-email-address </dev/null
Apply your configuration:
# cp your-file.cf /etc/mail/sendmail.cf
Restart and use Sendmail:
# svcadm enable svc:/network/smtp:sendmail
A good place to start for studying Solaris 10 Sendmail is Solaris System Administration Guide: Network Services (Chapter 13).
Thursday, November 19, 2009
Web Technologies on a Desktop Application - Portability Do Matter
What's the desktop application most commonly used? For a great majority of persons the answer is simple: the browser. The omnipresent browser has begun not to be perceived as an application anymore: instead, it's the container where web applications run.
Although there's still plenty of space for desktop applications,
they can't be thought as stand-alone any longer. Users continuously
rely on Internet as a source of information and desktop applications had to learn to use Internet as if it were a database.
Browsers and web developers probably learnt that before: Web
Services and the AJAX paradigm being just the last trends in the
industry. Vendors have been implementing similar technologies in their
SDKs and the boundary between web-technologies and general purpose
framework gets thinner day by day.
I just remember when JAX-* specifications were being integrated into
Java2 Enterprise Edition: nowadays you can hardly think of a Java
desktop application not leveraging JAX-WS or JAX-RS.
Many vendors have being trying to port web technologies on the desktop and the major players in this are are:
- Adobe, with Adobe AIR
- Sun Microsystems with JavaFX framework
- Google, with Google Gears
I've being intensively using Gears-powered applications just because
I'm a faithful Google applications user. I must say that I'm pretty
happy with it and that in this sense Google is probably making one step
more in this direction with its Google Chrome OS. Nowadays, although
Google Chrome still is a browser, it really acts as an environment for Google Gears applications.
As far as it concerns JavaFX, I've played a little with it with my
NetBeans and I must say that I'm impressed. Java SE and Java EE already
have all of the pieces you need to build rich internet applications and
JavaFX goes one step further: it's a platform that aims to support a
variety of devices (browsers, mobile phones, gaming consoles and so
forth).
Adobe AIR is impressive: although I never wrote any line of of code, I've seen some applications and, just as anything-Adobe, great hype is given to integration with Flex/Flash applications.
Which one should I go with?
Although every framework has got its own peculiar advantages, such a
decision depends on many factors, such as your needs and your
requirements.
One of the fundamental advantages of web applications is their
platform-independence (usually). Yes, there are many glitches depending
on the browser you're using but nowadays the situation is pretty
satisfactory, at least as far as it concerns an application
functionality. Such an independence is achieved by means of the
browser, which is the container in which such an application is
executed. Taking an application out of the browser is complex and in
that process you run the risk of reducing an application's portability.
That's the original sin of many frameworks, such as Adobe AIR.
I strongly believe in portability and that's something I'm
never going to sacrifice easily and when I do the requirement must be
compelling. That's why I always go with Java.
Let alone enterprise-level technologies supported by Java Enterprise Edition, Java gives you the basic tools you need such as:
- A powerful programming language.
- Support for Web Services (JAX-RPC and JAX-WS).
- Support for RESTful Web Services (JAX-RS)
- Support for AJAX.
- Integration with databases (JDBC, JPA)
The Java language itself has been recently enhanced by annotations
which are commonly used by specifications and frameworks (such as
Spring) to greatly reduce boilerplate code. EJB 3.0, JPA, JAX-RS,
JavaBeans Validation (JSR-303) are just examples of the
annotation-centric APIs you can use in a Java program just by applying
metadata to your class and letting the framework (or the container) do
the job. POJO-based and annotation based frameworks and APIs greatly
contributed to simplify the programming models previously used: whether
you're developing a web service, a web service client, an interaction
with a DB, an EJB, you're probably producing just POJOs. Reusing such
objects is straightforward: the boundary that existed between the
various kind of Java applications have blurred and nowadays is almost
null.
Moreover, in the incredibly vast ecosystem of Java libraries and
frameworks you're probably going to find everything you need to get the
job done.
Conclusion
When deciding the tools you're going to use to develop your next
application, always consider that there's someone out there who might
not be using your browser or your OS. If you haven't got compelling
reasons, don't shut the door in their face. Users do not understand, sometimes not even with reasons. And they'd just turn to another provider.
Tuesday, November 17, 2009
Apache HTTP Server Virtual Hosts (on Solaris)
With such a proxy/gateway you'll be able, for example:
- To serve different domains, subdomains or even specific URLs with just one Apache HTTP Server instance.
- To offer a gateway in the case you've got a reduced number of public IPs and you don't want to publish HTTP services on ports other than 80.
DNS configuration
First of all I substituted the old DNS record with a CNAME which points to this Apache HTTP Server instance. Now, whenever a client requests www.domainA.com, the connection will be established with the target Apache.Apache HTTP Server Startup
On (Open)Solaris, check if you've got an Apache HTTP Server instance running:STATE STIME FMRI
legacy_run Mar_13 lrc:/etc/rc3_d/S50apache
disabled Mar_13 svc:/network/http:apache2
If it isn't running, create a suitable configuration file in /etc/apache2:
# cp httpd.conf-example httpd.conf
Once the configuration file is created, the service should start normally:
# svcadm enable svc:/network/http:apache2
# svcs http:apache2
STATE STIME FMRI
online Nov_15 svc:/network/http:apache2
Apache HTTP Server Configuration
The last thing to do is creating virtual hosts:NameVirtualHost *
<VirtualHost *>
ServerName domainA.com
DocumentRoot /var/apache2/htdocs
</VirtualHost>
<VirtualHost *>
ServerName subdomain.domainA.es
ProxyPreserveHost On
ProxyPass / http://localhost:8083/
ProxyPassReverse / http://localhost:8083/
</VirtualHost>
In the previous fragment you can notice the following:
- the NameVirtualHost directive lets you configure Apache to listen on a specific address and port. In this case, any IP address and any port (*) have been configured.
- The VirtualHost sections let you define virtual hosts. Please note that the NameVirtualHost value and the VirtualHost value must be the same (in this case, *).
- The ServerName directive is used to assign the domain name a virtual host should serve.
- ProxyPreserveHost is used to tell Apache not to override the Host HTTP header when connecting to the proxied host.
- ProxyPass and ProxyPassReverse lets you map proxied URL spaces. In this case, everything (/) is sent to the proxied host (http://localhost:8083/).
Further Readings
If you want to go into deeper detail, please read the following:
- mod_proxy documentation
- Apache Virtual Hosts documentation
Sun xVM VirtualBox 3.0.12 has been released
- VMM: reduced IO-APIC overhead for 32 bits Windows NT/2000/XP/2003 guests; requires 64 bits support (VT-x only; bug #4392)
- VMM: fixed double timer interrupt delivery on old Linux kernels using IO-APIC (caused guest time to run at double speed; bug #3135)
- VMM: reinitialize VT-x and AMD-V after host suspend or hibernate; some BIOSes forget this (Windows hosts only; bug #5421)
- VMM: fix loading of saved state when RAM preallocation is enabled
- BIOS: ignore unknown shutdown codes instead of causing a guru meditation (bug #5389)
- GUI: never start a VM on a single click into the selector window (bug #2676)
- Serial: reduce the probability of lost bytes if the host end is connected to a raw file
- VMDK: fix handling of split image variants and fix a 3.0.10 regression (bug #5355)
- VRDP: fixed occasional VRDP server crash
- Network: even if the virtual network cable was disconnected, some guests were able to send / receive packets (E1000; bug #5366)
- Network: even if the virtual network cable was disconnected,
the PCNet card received some spurious packets which might confuse the
guest (bug #4496) - Shared folders: fixed changing case of file names (bug #2520)
- Windows Additions: fix crash in seamless mode (contributed by Huihong Luo)
- Linux Additions: fix writing to files opened in O_APPEND mode (bug #3805)
- Solaris Additions: fix regression in guest additions driver
which among other things caused lost guest property updates and
periodic error messages being written to the system log
If you want to update or if you want to give VirtualBox a test drive, download it now.
Friday, November 13, 2009
Fluendo DVD Player for Solaris has finally been released
Sunday, November 1, 2009
Jump Into the Past: a Duke 3D revival
"Damn! Those alien bas***ds are gonna pay for shooting up my ride."
Does this opening sentence sound familiar to you? Two days ago, after installing Duke Nukem 3D on my iPhone, I launched the game and was welcome by it.
I used to play with Duke on a PC powered with a Pentium 133 a long, long time ago. When I saw it on the App Store, by chance, I couldn't resist buying it and playing it again.
The port is really good, although still incomplete. The primary three episodes are there (L.A. Meltdown, I didn't even remember the name!) and the feeling is just the same. I noticed some graphical detriment that I wouldn't call minor:
mirror effects, for example, were things that made Duke 3D so cool,
back in the 90's. Playability on the iPhone isn't so good, either, in
my opinion. The user is given two choices: digital and analog controls.
Digital controls, whose screenshot is shown in the next picture,
is the easiest control to get accustomed to. By sliding your finger
onto four buttons you can control Duke's movements just as if you were using a joystick. While playing you still need to use additional buttons (such as jump or use): these buttons are located on the uppermost right corner of
the screen and they're sufficiently small so as you confuse them one another.
The analog controls, at first impression, seem more intuitive because the user is given two separate joysticks:
Nonetheless, I found these controls pretty hard to manage and quickly switched to using the digital ones exclusively.
If you're feeling some kind of longing for such an old game, Duke Nukem 3D can be purchased right now on the App Store at just 0.79 Eur. Much less than an espresso, here in Spain.