To create a network bridge with netplan you have to create a file
network:
version: 2
ethernets:
enp6s0:
dhcp4: true
bridges:
br0:
interfaces: [enp6s0]
dhcp4: true
optional: false
macaddress: <some mac>
Make sure to place a mac address in and replace the interface name enp6s0 with yours.
Then run sudo netplan apply.
The machine gets a new IP from dhcp so make sure you have it configured in your dhcp before or have a local console 😉
Here a simple docker-compose.yml file to get kong community up and running. It is configured to use postgresql that persists data to a local docker volume. All ports are mapped to localhost only and log goes to stdout/stderr.
version: '3.4'
services:
kong-db:
image: 'postgres:10.1'
ports:
- 127.0.0.1:5432:5432
environment:
POSTGRES_USER: kong
POSTGRES_PASSWORD: kong
POSTGRES_DB: kong
PGDATA: /var/lib/postgresql/data/pgdata
volumes:
- db-volume:/var/lib/postgresql/data/pgdata
healthcheck:
test: 'echo "select 1" | psql -U kong kong || exit 1'
interval: 1m
timeout: 3s
retries: 3
restart: unless-stopped
kong:
image: 'kong:0.11.2'
ports:
- 127.0.0.1:8000:8000
- 127.0.0.1:8443:8443
- 127.0.0.1:8001:8001
- 127.0.0.1:8444:8444
environment:
KONG_DATABASE: postgres
KONG_PG_HOST: kong-db
KONG_PG_DATABASE: kong
KONG_PG_USER: kong
KONG_PG_PASSWORD: kong
KONG_PROXY_ACCESS_LOG: /dev/stdout
KONG_ADMIN_ACCESS_LOG: /dev/stdout
KONG_PROXY_ERROR_LOG: /dev/stderr
KONG_ADMIN_ERROR_LOG: /dev/stderr
links:
- kong-db
# uncomment following line to run migrations for a new database
# command: kong migrations up -v
depends_on:
- kong-db
healthcheck:
test: 'curl -f http://localhost:8001/status || exit 1'
interval: 1m
timeout: 3s
retries: 3
restart: unless-stopped
volumes:
db-volume:
Attention: The kong container fails to start unless migrations are not run on the connected database. To do this simply uncomment the marked line and start the containers. With the command set the container will execute database migrations and stop with exit code 0. After that the line can be commented out again. Then you can start kong with the given file.
When using IntelliJ IDEA with Spring Boot on a Mac make sure you have the entry
127.0.0.1 <hostname>.local
in your /etc/hosts file. Replace <hostname> with your Mac’s name. Also make sure that the result of the command ‘hostname’ is in your /etc/hosts file as well pointing to your local address.
After years of development Oracle has released Java 9. It is available to download from the Oracle page as usual. Here is the EOL message for Java 8:
End of Public Updates for Oracle JDK 8
Oracle will not post further updates of Java SE 8 to its public download sites for commercial use after September 2018. Customers who need continued access to critical bug fixes and security fixes as well as general maintenance for Java SE 8 or previous versions can get long term support through Oracle Java SE Advanced, Oracle Java SE Advanced Desktop, or Oracle Java SE Suite. For more information, and details on how to receive longer term support for Oracle JDK 8, please see the Oracle Java SE Support Roadmap.
In my former post i described a way how to create self signed SSL certificates with an own certificate authority. These certificates didn’t work in latest chrome versions so I updated my scripts to create valid certificates for chrome. This time I only create wildcard certificates because creating one for every subdomain was annoying.
#!/bin/bash if [ -e ca.key ]; then echo "ca.key already exists" exit 1 fi openssl genrsa -out ca.key 4096 openssl req -new -x509 -days 3650 -key ca.key -out ca.crt \ -subj "/C=AT/ST=Vienna/L=Vienna/O=Coffeebeans/CN=Coffeebeans Domain Validation Secure Server CA/emailAddress=office@coffeebeans.at"
#!/bin/bash NAME=star.$1 if [ "star." == $NAME ]; then echo "usage: $0 <domain.name>" exit 1 fi if [ -e $NAME.key ]; then echo "$NAME.key already exists" exit 1 fi if [ ! -e ca.crt ]; then echo "no ca certificate created" exit 1 fi CONFIG=$(cat <<-EOF [ca] default_ca=CA_default [CA_default] dir=./ca database=\$dir/index.txt new_certs_dir=\$dir/newcerts serial=\$dir/serial private_key=./ca.key certificate=./ca.crt default_days=3650 default_md=sha256 policy=policy_anything copy_extensions=copyall [policy_anything] countryName=optional stateOrProvinceName=optional localityName=optional organizationName=optional organizationalUnitName=optional commonName=supplied emailAddress=optional [req] default_bits=4096 prompt=no default_md=sha256 req_extensions=req_ext distinguished_name=dn [ dn ] C=AT ST=Vienna L=Vienna OU=Domain Control Validated emailAddress=office@coffeebeans.at CN=*.$1 [ req_ext ] subjectAltName=@alt_names [ alt_names ] DNS.1=$1 DNS.2=*.$1 EOF ) # PREPARE echo "$CONFIG" > config.txt if [ ! -d ./ca ]; then mkdir -p ./ca/newcerts touch ./ca/index.txt fi openssl genrsa -out $NAME.key 4096 openssl req -new -key $NAME.key -out $NAME.csr -config config.txt openssl ca -create_serial -batch -in $NAME.csr -out $NAME.crt -config config.txt # CLEANUP rm -f *.csr config.txt chmod 644 *.key *.crt
I also tried to use these certificates in postfix which did NOT work. To create files for postfix see my former post.
I tried to rim robo3t-1.1.1-linux-x86_64 downloaded from https://robomongo.org/ and got the following error when trying to run it:
This application failed to start because it could not find or load the Qt platform plugin "xcb" in "". Available platform plugins are: xcb. Reinstalling the application may fix this problem. Aborted
Trying to install xcb via apt install xcb doesn’t change the behavior. Then I found a solution by removing all libstdc++* files from the lib directory in the extracted directory:
rm lib/libstdc++*
Distributor ID: Ubuntu
Description: Ubuntu 16.04.3 LTS
Release: 16.04
Codename: xenial
Docker version 17.06.0-ce, build 02c1d87
openshift-origin-server-v3.6.0-c4dd4cf-linux-64bit
I followed the steps under https://docs.openshift.org/latest/getting_started/administrators.html#downloading-the-binary and got the error in the title. To fix this you have to add “–exec-opt native.cgroupdriver=systemd” to ExecStart of docker. The best way to do this is to add a addin file /etc/systemd/system/docker.service.d/override.conf with following content:
[Service] ExecStart= ExecStart=/usr/bin/dockerd -H fd:// --exec-opt native.cgroupdriver=systemd
Then reload systemd and restart docker:
sudo systemctl daemon-reload sudo systemctl restart docker
Simple way to create self-signed SSL certificates.
#!/bin/bash # usage: ./create-ca.sh if [ -e ca.key ]; then echo "ca.key already exists" exit 1 fi openssl genrsa -out ca.key 4096 openssl req -new -x509 -days 3650 -key ca.key -out ca.crt \ -subj "/C=AT/ST=Vienna/L=Vienna/O=coffeebeans.at/OU=IT/CN=coffeebeans.at/emailAddress=office@coffeebeans.at"
#!/bin/bash # usage: ./create-key.sh CN NAME=$1 SERIAL=`ls -l *.key | wc -l` if [ $SERIAL -lt 10 ]; then SERIAL="0$SERIAL" fi if [ -e $NAME.key ]; then echo "$NAME.key already exists" exit 1 fi if [ ! -e ca.crt ]; then echo "no ca certificate created" exit 1 fi echo "creating key for $NAME with serial $SERIAL" openssl genrsa -out $NAME.key 4096 openssl req -new -key $NAME.key -out $NAME.csr \ -subj "/C=AT/ST=Vienna/L=Vienna/O=coffeebeans.at/OU=IT/CN=$NAME/emailAddress=office@coffeebeans.at" openssl x509 -req -days 3650 -CA ca.crt -CAkey ca.key \ -set_serial $SERIAL -in $NAME.csr -out $NAME.crt rm *.csr
sudo mkdir /etc/systemd/system/docker.service.d cat /etc/systemd/system/docker.service.d/http-proxy.conf [Service] Environment="HTTP_PROXY=http://proxy-address:8080/" Environment="HTTPS_PROXY=http://proxy-address:8080/" Environment="NO_PROXY=localhost,127.0.0.1,.localdomain" sudo systemctl daemon-reload sudo systemctl restart docker
found an interesting page about some base principals you should remember when building an application: https://12factor.net/de/