Docker Compose gives us the ability to define services, ports, volumes, and networks in a single file. This file provides a convenient and unified view into what would otherwise be a long list of docker commands. In this article, you will run the Spring Boot based spring-music app in a Docker container using docker-compose.
Spring Boot is an easy way to create production grade Spring based web applications. In this article, I want to illustrate how easily a Spring Boot application can be deployed to run as a Docker container. Specifically, we will build the spring-music project into a single executable jar that will then be copied into a … Docker: Running a Spring Boot based app in a Docker container
The recommended way to run a Gradle build is with the Gradle wrapper. You can check the current version of your wrapper with the command: $ ./gradlew –version If you are working with an older Gradle version and want to upgrade to take advantage of new features, you can use the ‘wrapper’ task specifying the … Gradle: Upgrading the Gradle wrapper version
Docker Compose gives us the ability to define and orchestrate multiple containers in order to construct a service. In this article, we will use Docker Compose to create a MongoDB server and then another container that is used exclusively as a MongoDB client. While it is entirely possible to manually create these containers, links, and … Docker: Using docker-compose to link a MongoDB server and client
In order to communicate with MongoDB using its default TCP protocol on port 27017, you will need a MongoDB client. There are many language bindings available, but in this article we’ll focus on the client available from the “mongodb-org-shell” Debian package.
Update Oct 2020: multi-stage builds now provide a standard way to leverage a fat build image, while allowing your published image to remain small. This article is still useful for comparing base image sizes. GoLang applications are a great architectural fit for a Docker container because of their single binary executable. But you need to … Docker: Base image when deploying a GoLang binary in a container
Update: For the latest version of this article compatible with Ubuntu 22.04 and Go 1.19, see my newer article here. The Go programming language has gotten considerable momentum, and the fact that it compiles down to machine code has made it popular in containers like Docker where a single executable binary fits the execution model perfectly. This article … GoLang: Installing the Go Programming language on Ubuntu 16.04
If you have Bash console commands that you type out frequently, consider creating an alias. By simply adding a “.bash_aliases” files in your home directory, you can easily define shortcuts to frequent commands. For example, if you frequently list all the files in a directory reverse sorted by date, you may end up typing “ls … Ubuntu: Creating an alias for common commands under bash
If you have issues with the Nautilus default file browser window not being resizable after it has been maximized, first try holding down “alt” while holding down the mouse button and dragging inside the window. If that does not work, you can use “wmctrl” from the console to fix the issue.
Although in modern architectures you typically see Spring Boot executable jars running as the primary process of a container, there are still many deployment scenarios where running the jar as a service at boot time is required. With Ubuntu 14.04, we can use SysV to run a Spring Boot application at boot time. This will … Java: Spring Boot application as a service using SysV on Ubuntu 14.04
Although in modern architectures you typically see Spring Boot executable jars running as the primary process of a container, there are still many deployment scenarios where running the jar as a service at boot time is required. With Ubuntu 16.04, we can use the built-in systemd supervisor to run a Spring Boot application at boot … Java: Spring Boot application as a service using systemd on Ubuntu 16.04
Cloud Foundry deployed Java applications can send log events to stdout/stderr and then a bound syslog drain can send this to a logging solution like ELK for ingestion. One area that has always been tricky when dealing with logging is multi-line Java stack traces. By default, because each line in the stack trace has a … CloudFoundry: Extracting Java multiline exception stack traces from Logback and Log4j2 using Logstash
Logstash provides a powerful mechanism for listening to various input sources, filtering and extracting the fields, and then sending events to a persistence store like ElasticSearch. Installing Logstash on Ubuntu is well documented, so in this article I will focus on Ubuntu specific steps required for Logstash 6.x on Ubuntu 16.04.
The two most common logging implementations used in conjunction with Spring/Spring Boot are Logback and Log4j2. In the recent past, a developer had a great deal of discretion on the format and files used for logging. But in the modern world of container deployment and scale, these logs typically feed enterprise logging solutions which requires … Java: Collapsing multiline stack traces into a single log event using Spring backed by Logback or Log4j2
Update Jan 2019: Now using CredHub instead of ‘–vars-store’ (which will be deprecated in CF 3) Even if you are developing a service or application that will ultimately be deployed to a private Cloud Foundry instance, having a local CF instance for development work is still an ideal development workflow. There is a local CF … CloudFoundry: Deploy Cloud Foundry locally using BOSH Lite on Ubuntu
BOSH is a project that unifies release, deployment, and lifecycle management of cloud based software. In this article I will describe how to install BOSH unto VirtualBox. This implementation is often called “BOSH Lite” because it internally uses containers to emulate VMs.
Update Jan 2019: Instead of these instructions, please see my newer article for local BOSH installation on VirtualBox using CLI v2. BOSH is a project that unifies release, deployment, and lifecycle management of cloud based software. The BOSH CLI v1 is now older and has been replaced with CLI v2, so if you want … CloudFoundry: Install BOSH CLI v1 and BOSH Lite on Ubuntu
The Cloud Foundry CLI makes it easy to authenticate into a target API endpoint to consume the Cloud Controller API (CAPI). The “cf login” command allows you to pass or interactively provide the user, password, org, and space. Once logged in, if you want to run raw commands, the “cf curl” can execute a request … CloudFoundry: Authenticating and running CF API commands using curl
The Windows Zabbix Agent provides a native interface to the Windows Performance Counters. and Event Log. This means that with minimal overhead, and no additional shells out to Powerscript or the command line, you can collect any of the metrics available from PerfMon or Event Viewer.
For most Cloud Foundry applications and services, you can avoid downtime for maintenance with a combination of following best practices for 12 factor app development and taking advantage of Cloud Foundry’s scaling and flexible routing to implement Blue-Green deployment. But there will still be times where an application, service, or shared backend component does not … CloudFoundry: Beyond the maintenance page, delivering a response during service unavailability
One of the goals of Continuous Deployment (CD) is an automated deployment and patching process. And as your organization becomes more efficient at deployment and velocity increases, you want to ensure that availability is maintained while keeping risk to a minimum. Cloud Foundry supports route mapping that allows you to stand up a new live … CloudFoundry: Using Blue-Green deloyment and route mapping for continuous deployment
The JRE comes preloaded with a set of trusted root authorities, but if you are working with self-signed certificates, or SAN server certificates that were signed using your own Certificate Authority then you are going to need to add these certificates to your trusted keystore. If your Java application attempts to communicate via TLS to … Java: Loading self-signed, CA, and SAN certificates into a Java Keystore
There are numerous articles I’ve written where a certificate is a prerequisite for deploying a piece of infrastructure. This article will guide you through generating a self-signed certificate with SAN (Subject Alternative Name) and SAN wildcard entries, replacing the deprecated usage of CN=<FQDN>. In addition to the operational benefits of managing SAN, it is also … Ubuntu: Creating a self-signed SAN certificate using OpenSSL
There are numerous articles I’ve written where a certificate is a prerequisite for deploying a piece of infrastructure. This article will guide you through creating a trusted CA (Certificate Authority), and then using that to sign a server certificate that supports SAN (Subject Alternative Name). Operationally, having your own trusted CA is advantageous over a … Ubuntu: Creating a trusted CA and SAN certificate using OpenSSL
Postfix is a open source mail transfer agent. If communication the upstream mail relay is disrupted, email will build up in the pending mail queue until the root cause is resolved.
It is common in secure production datacenters for internal hosts to be forced to go through a reverse proxy for public internet access. The same concept can be applied to apt package management, where setting up a centralized package proxy enables caching as well as security controls. In a datacenter where you could have hundreds … Ubuntu: A centralized apt package cache using Apt-Cacher-NG
It is common in secure production datacenters for internal hosts to be forced to go through a reverse proxy (e.g. Squid) for public internet access. The same concept can be applied to apt package management, where setting up a centralized package proxy enables caching as well as security controls. In a datacenter where you could … Ubuntu: A centralized apt package cache using squid-deb-proxy
Getting a local project into a public repository on GitHub only takes a few steps. This is well documented on a GitHub help page. In this article, I’ll go through getting a local project called “myproject1” into a public GitHub repository.
An essential part of the standard build process for Java applications is having a repository where project artifacts are stored. Artifact curation provides the ability to manage dependencies, quickly rollback releases, support compatibility of downstream projects, do QA promotion from test to production, support a continuous build pipeline, and provides auditability. Archiva from the Apache … Maven: Installing a private Maven repository on Ubuntu using Apache Archiva
JAXB provides a framework for two-way binding between XML and Java structures, making it easy for developers to serialize and deserialize their XML into Java objects. Decorating a class with @XmlElement and @XmlAttribute annotations is all it usually takes to build a rich domain model from XML, but sometimes you get into a situation where … Java: Using XMLAdapter to process custom datatypes using JAXB
Having your production servers go through a proxy like Squid for internet access can be an architectural best practice that provides network security as well as caching efficiencies. In a previous article, I showed how you can enforce whitelists for specific domains when using HTTP/HTTPS. Now let’s do the same thing for FTP connections, proxying … Squid: Enabling whitelisted FTP proxying using Squid
If a Java class file is compiled with a higher supported version than is currently being run, you will get the ‘bad class file’, ‘class file has the wrong version XX.0, should be XX.0’ error message. For example, if the .class file was compiled as a Java 1.8 class file on a Jenkins continuous integration … Java: Determining the Java version used to compile a class, ‘class file has the wrong version’
In this short article, I’ll provide some Maven commands that I’ve found helpful. Run single class from src/main/java mvn exec:java -Dexec.mainClass=this.is.MyClass -Dexec.args=”myarg1 ‘my second arg’ myarg3″ Run unit test from src/test/java, all methods decorated with @Test mvn test -Dtest=this.is.MyTestClass Run unit test from src/test/java, only methods decorated with @Test and that start with ‘testDatabase’ … Java: Using Maven from the console for running classes, unit tests, checking dependencies
The Meltdown vulnerability affects Intel and some ARM (but not AMD) processor chips and can allow unprivileged access to memory in the kernel and other processes. Canonical has committed to kernel patches to address this issue and they are now available from the both the updates and security official Ubuntu repositories. In this article, I’ll step through patching an … Ubuntu: Testing the official released kernel patches for Meltdown CVE-2017-5754
The Meltdown vulnerability affects Intel and some ARM (but not AMD) processor chips and can allow unprivileged access to memory in the kernel and other processes. Canonical has committed to kernel patches to address this issue by January 9, 2018 and the first candidate kernel patches have now been released for Xenial and Trusty LTS. UPDATE Jan 11 … Ubuntu: Testing the first candidate kernel patches for Meltdown CVE-2017-5754
The Meltdown vulnerability affects Intel and some ARM (but not AMD) processor chips and can allow unprivileged access to memory in the kernel and other processes. Canonical has committed to kernel patches to address this issue by January 9, 2018. A paper coming out of Graz University of Technology in Austria and written by Daniel Gruss, Moritz Lipp, Michael … Ubuntu: Testing the KAISER kernel patch for Meltdown CVE-2017-5754
The Meltdown vulnerability affects Intel and some ARM (but not AMD) processor chips and can allow unprivileged access to memory in the kernel and other processes. Canonical has committed to kernel patches to address this issue by January 9, 2018. If you need to check your system, or perhaps have already patched your systems but want to … Ubuntu: Determine system vulnerability for Meltdown CVE-2017-5754
The Spectre vulnerability affects Intel, AMD, and ARM processor chips (each to various degrees) and can allow unprivileged access to memory in the kernel and other processes. Canonical has committed to kernel patches to address this issue by January 9, 2018. If you need to check your system, or perhaps have already patched your systems … Ubuntu: Determine system vulnerability for Spectre CVE-2017-5715 CVE-2017-5753
Enabling the use of real-time JVM monitoring tools like jconsole and VisualVM can be extremely beneficial when troubleshooting issues. These tools work by enabling a JMX/RMI communication channel to the JVM. These are typically thought of as local development tools, but they can also be used on remote CF containers running Java. In this article, … CloudFoundry: Enabling Java JMX/RMI access for remote containers
Java thread and heap dumps are valuable tools for troubleshooting local development, but they can also be used on remote CF containers running a JVM. In this article, we’ll go through various method of gathering this data from a Cloud Foundry container and then tools for analyzing this data. Now matter how uniform your environments, … CloudFoundry: Java thread and heap dump analysis on remote containers