Useful commands (and rarely used as well) during working with Debian packaging

I am working on deployment of our demo server, I am using puppet for most of deployment except this one, using Debian package instead... um... I don't really like it (and finally I found it dumb). I talked to myself, at least I can learn something new and here it is.

The post doesn't try to make clear on the use of these commands, it's more about notes for my future reference only... sorry!

1/ How to get change log version? (my dpkg-parsechangelog version 1.15.11)
Command: dpkg-parsechangelog give you all the changelog information, including version obviously but the point I want is to extract exactly and only version information. So i have to use it in conjunction with grep, sed

# dpkg-parsechangelog | grep Version | sed 's/Version: //g'

sed command is what I have learnt. sed uses with quotes, s/Version: looking for Version, /somecharacters to replace Version with somecharacters, and /g to look for string globally any occurrences will be replaced.

Here is the special case, I look for Version: but in replace I leave it empty so the next option /g goes right after /: sed 's/Version: //g'


Other examples in string manipulation

$ foo="1234567890"
$ echo -n $foo | tail -c 3

2/ If you want to know which process, program receiving, sending to which host and amount of data use these two commands below
On Recv: sudo watch -n .1 'netstat -tup | grep -E "^[t,u]cp[6]{0,1}" | sort -nr -k2'
On Send: sudo watch -n .1 'netstat -tup | grep -E "^[t,u]cp[6]{0,1}" | sort -nr -k3'

If you suspect that process is being triggered by another process: ps axf



3/ Want to know which file is opened in system, by which user and process id? # lsof



4/ Find out who is logged on and what they are doing
# w username
Ex: w root



5/ How to run specific sudo commands without a password

Use the NOPASSWD directive in /etc/sudoers file

Ex: add this line to /etc/sudoers file
user host = (root) NOPASSWD: /sbin/shutdown

user is the user you want to grant permission on host to run /sbin/shutdown command


Alternative way, you could add the line above to new file under /etc/sudoers.d/; ex: /etc/sudoers.d/shutdown

This way, you won't mess up the /etc/sudoers file, and separate different grants to commands/users



6/ Put your Bash function running in the background?

Use & at the end of your function call; it will be kept alive... forever! and you should set interval for your function to avoid processing consuming that might cause your system unstable

Ex:
function GetFreeMemInBackground {
          while true
          do
                    #do something here
                    sleep 60 # set interval in seconds for your function
          done
}

#then run your function in background
GetFreeMemInBackground &


You can also get the Process ID of your called function and keep it for use later, eg: you might want to kill it. The important point, you should get the process right after function call

GetFreeMemInBackground &

BackgroundFuncId=$!


Then kill it later:
kill $BackgroundFuncId > /dev/null 2>&1



7/ You want to get an output of a command and put into variable?
Simply put the command in "$()"

Ex: OUTPUT="$(ls -al)"

Quoting does matter to preserve multi-line values



8/ Want to know Free Memory in system
It is a combination of top, grep, awk

top -l 1 | grep PhysMem: | awk '{print $10}'

top -l 1: to get 1 sample of current system information

top -l 1 | grep PhysMem: 

then: top -l 1 | grep PhysMem: | awk '{print $10}': to print out the column 10th on the output of grep's output



9/ Want to have cool Terminal foreground and background color like this?

PS1 is all you need, PS1 defines how your terminal styles, colors, position of cursor, and information. You can get the output of command and put into PS1 as well. Like the snapshot above, you can see my cursor tells me current Free Memory in my system.

I have a function running in background, it runs every 60 seconds, get the free memory and put into temporary text file. Then PS1 will output that text file to cursor


Function to get Free Memory and put into text file

function GetFreeMemInBackground {

        while true

        do

                FreeMem="$(top -l 1 | grep PhysMem | awk '{print $6}')"

                echo $FreeMem > /Users/phuha/freemem.txt

                sleep 60

        done

}

GetFreeMemInBackground &

Another function to get Free Memory

function GetFreeMem {

        cat /Users/phuha/freemem.txt

}

Then PS1 gets the Free Memory info from function GetFreeMem

PS1='[FreeMem: `GetFreeMem`] '${userColor}'\u: '${pathColor}'\w'${themes[$(((RANDOM % 23)))]}'\n\$ '

10/ Install Java 8 on Debian

su -
echo "deb http://ppa.launchpad.net/webupd8team/java/ubuntu trusty main" | tee /etc/apt/sources.list.d/webupd8team-java.list
echo "deb-src http://ppa.launchpad.net/webupd8team/java/ubuntu trusty main" | tee -a /etc/apt/sources.list.d/webupd8team-java.list
apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys EEA14886
apt-get update
apt-get install oracle-java8-installer
exit

Ref:
http://www.tecmint.com/command-line-tools-to-monitor-linux-performance/
http://www.binarytides.com/linux-commands-monitor-network/
http://www.cyberciti.biz/tips/top-linux-monitoring-tools.html
http://www.grymoire.com/Unix/Sed.html#uh-30
http://askubuntu.com/questions/159007/how-do-i-run-specific-sudo-commands-without-a-password
http://bash.cyberciti.biz/guide/Putting_functions_in_background
https://wiki.archlinux.org/index.php/Color_Bash_Prompt
http://www.webupd8.org/2014/03/how-to-install-oracle-java-8-in-debian.html
http://tldp.org/LDP/abs/html/string-manipulation.html

JackRabbit Access Control

While researching JackRabbit Access Control I struggled with a lot of new concepts then I found this article is very useful, one thing left for me is to read it patiently

Summary: TBC

The original source: http://wiki.apache.org/jackrabbit/AccessControl

The 'cached' version of source:

Basic privileges:

• jcr:read The privilege to retrieve a node and get its properties and their values.
• jcr:modifyProperties The privilege to create, remove and modify the values of the properties of a node.
• jcr:addChildNodes The privilege to create child nodes of a node.
• jcr:removeNode The privilege to remove a node.
• jcr:removeChildNodes The privilege to remove child nodes of a node.
• jcr:write An aggregate privilege that contains: jcr:read, jcr:modifyProperties, jcr:addChildNodes, jcr:removeNode, jcr:removeChildNodes
• jcr:all An aggregate privilege that contains all available permissions, including jcr:read, jcr:write and the advanced permssions.

Resource-based ACLs

Advantages:

• fully supported by the JCR API / specification
• very widely available ACL model (eg. file systems)
• simple resource inheritance
• default mechanism in Jackrabbit, no configuration needed

Disadvantages:

• cannot assign ACLs to non-existent nodes
• cumbersome when many users need un-groupable ACLs on a few resources (e.g. "subscriptions"), lots of ACL entries per resource
• permissions are stored right inside the content (can be cumbersome for backups, etc.)

Resource-based ACLs are stored per resource/node in a special child node rep:policy. This one will have a list of rep:GrantACE child nodes (usually named allow, allow0,...) for grant access control entries and rep:DenyACE child nodes (usually named deny, deny0,...) for deny access control entries.

Each ACE node has a rep:principalName STRING property pointing to the user or group this ACE belongs to, and a rep:privileges NAME multi-value property, containing all the privileges of this ACE.

Example for your examination (for both cases: Resource-based, and Principal-based)

AccessControlManager aMgr = session.getAccessControlManager();

// create a privilege set with jcr:all
Privilege[] privileges = new Privilege[] { aMgr.privilegeFromName(Privilege.JCR_ALL) };
AccessControlList acl;
try {
    // get first applicable policy (for nodes w/o a policy)
    acl = aMgr.getApplicablePolicies(path).nextAccessControlPolicy();
} catch (NoSuchElementException e) {
    // else node already has a policy, get that one
    acl = aMgr.getPolicies(path)[0];
}
// remove all existing entries
for (AccessControlEntry e : acl.getAccessControlEntries()) {
    acl.removeAccessControlEntry(e);
}
// add a new one for the special "everyone" principal
acl.addAccessControlEntry(EveryonePrincipal.getInstance(), privileges);

// the policy must be re-set
aMgr.setPolicy(path, acl);

// and the session must be saved for the changes to be applied
session.save();

Principal-based ACLs

Advantages:

• permissions can be assigned to non-existent nodes
• permissions are stored separately from the content (good for content replication, backup etc.)
• good for having many users with un-groupable ACLs (e.g. "subscriptions"); resources don't get filled up with ACL entries

Disadvantages:

• additional Jackrabbit API has to be used for setting ACLs
• modeling resource inheritance requires more ACLs than resource-based

An access control list (rep:ACL) is stored for each user and group (this is transparent, currently it's mirroring the users's home path at /rep:accesscontrol//rep:policy/). This consists of entries (rep:ACE), which are either allow (rep:GrantACE) or deny (rep:DenyACE) entries.

The rep:ACE nodetype (used by both resource- and principal-based ACLs) defines the following two properties for principal-based usage. These exact same names need to be used as restrictions when using the Jackrabbit API (JackrabbitAccessControlList.addEntry()):

• rep:nodePath defines the (base) path of a subtree the ACL applies to (mandatory, PATH property)
• rep:glob defines a glob pattern to restrict the subtree, both child nodes & properties (only a path matching is done) (optional, STRING property)

For the glob pattern, see http://jackrabbit.apache.org/api/2.2/org/apache/jackrabbit/core/security/authorization/GlobPattern.html (NodePath is the rep:nodePath and restriction is the rep:glob).

// usual entry point into the Jackrabbit API
JackrabbitSession js = (JackrabbitSession) session;

// get user/principal for whom to read/set ACLs

// Note: the ACL security API works using Java Principals as high-level abstraction and does not
// assume the users are actually stored in the JCR with the Jackrabbit UserManagement; an example
// are external users provided by a custom LoginModule via LDAP
PrincipalManager pMgr = js.getPrincipalManager();
Principal principal = pMgr.getPrincipal(session.getUserID());

// alternatively: get the current user as Authorizable from the user management
// (there is a one-to-one mapping between Authorizables and Principals)
User user = ((User) js.getUserManager().getAuthorizable(session.getUserID()));
Principal principal = user.getPrincipal();

// get the Jackrabbit access control manager
JackrabbitAccessControlManager acMgr = (JackrabbitAccessControlManager) session.getAccessControlManager();

JackrabbitAccessControlPolicy[] ps = acMgr.getPolicies(principal); // or getApplicablePolicies()
JackrabbitAccessControlList list = (JackrabbitAccessControlList) ps[0];

// list entries
JackrabbitAccessControlEntry[] entries = (JackrabbitAccessControlEntry[]) list.getAccessControlEntries();
JackrabbitAccessControlEntry entry = entries[0];

// remove entry
list.removeAccessControlEntry(entry);

// add entry
Privilege[] privileges = new Privileges[] { acMgr.privilegeFromName(Privilege.JCR_READ) };
Map restrictions = new HashMap();
ValueFactory vf = session.getValueFactory();
restrictions.put("rep:nodePath", vf.createValue("/some/path", PropertyType.PATH));
restrictions.put("rep:glob", vf.createValue("*"));
list.addEntry(principal, privileges, true /* allow or deny */, restrictions);

// reorder entries
list.orderBefore(entry, entry2);

// finally set policy again & save
acMgr.setPolicy(list.getPath(), list);
session.save();

How to add Observer to Magnolia CMS

JCR Node Manipulation Observation: When you want to monitor any actions taken on your JCR node, eg: Create, Update, Read, Delete... It's very easy to do it in Magnolia CMS

Magnolia has mechanism to manage observation, it's Observation module. You can find this module in Magnolia\Configuration app

In there, you can add your observer (class), and register any actions as your wish, workspace, node type, path, including sub-nodes? and other options. There are already many built-in observers in there for your reference

And your observation class should extend BaseRepositoryCommand, and look like below

Java Programming: Back to 2005 - Troubleshooting build issues

I didn't build any Java project far far away... from 2005, when I got my first job. Now, I'm coming back managing Java project... it's 2nd Java project that I have ever managed, this is very interesting project, and I decide to... play a role of developer

I try to build the project and I'm struggling with it!! So the motivation for this post is simple... taking notes of what I learn

I built my project, It was successful, without any errors message! I ran it, successful too... perfect! But it's weird, I cannot debug my project! I set the breakpoint, but it was not working!

My colleague, after few minutes troubleshooting, and we found the issues:

1/ The main project dependency pointing to module's version that is different from the current version that I have set in the module. So the main project is always pointing to the old Jar, not module's project

Although, before that we tried to 'MVN Clean', 'Update dependencies' for each project, it's still the same. The only way to solve the problem is going to main project POM and update the correct module's version

2/ I had learnt also that there were a Problem window in the Eclipse IDE, where I can see all the issues and I had to clean it up to make sure my project works correctly

3/ There were also Server window, where I can see my web project instance, and its dependent modules inside. If there were any problem with build, there should be missing modules inside that web instance. So you have to make sure all the dependent modules should be built and present in the web instance

Very first IonicFramework Hello World! app

Initially, I just want to test the new approach: recording my study/practice, and review it back in future and in case if I forget something the clip will help to remind me. Finally turn out, I think... why don't I publish it to my blog also? That's main reason you see this post :)

Okay, now we start!

Ref source: http://ionicframework.com/

1/ Install the Node.js

Download and install the Node/NPM

Do the Hello World demo

2/ Install the Cordova and Ionic

You gonna get error here! You need to change to ROOT permission

The installation is done, it seems OK!

I just finished the registration!

Um... it seems my project already get up! Now I need to run it only

But still would want to save these commands for further use

$ sudo npm install -g ionic cordova 

$ ionic start [project] 

$ cd [project] 

$ ionic login 

$ ionic upload

I would go on and on with the Tips here

- Just issue command: ionic serve in myApp folder. It's awesome!!!

- But that's server tided to localhost. I would run in public IP, and check if I able to access it from my mobile... wait a minute! Oh god! How do I change the default IP preset before. Great! just ionic help serve - you get all the helps you need

- Let run the app in public IP: ionic serve --address 192.168.80.34

- Now check the access from mobile.... NO THING HAPPEN!! I NEED TO ASK MY FRIEND FOR A HELP. He is able to login, but no content just and tags OR probably the firewall issue, okay talk about it later... move on!

- Um... seems like I just created another app neat inside the myApp lol :D

- Move on... this is interesting app, try this: ionic start myApp sidemenu, but the folder myApp already exist, try another name.. please

ionic start mySideMenuApp sidemenu

Oh My Godness!!!! I love it! You see!

- Now, let's try the other parts!!

Whooooopies......... ionic platform add ios, and then ionic build ios does all the stuffs!!! for you!

- Let check if that's true ;) um... that's not TRUE, you need to download the emulator yourself, let's do it! Btw, do we need changing to ROOT? probably NO :( - It's required for any new Node Package installation!!!!

Okay, go back to launch the new app.... um - I don't have xcode 6, that is required. I have now to install XCode 6...patient

It's not going to the right way now! um.... Okay we stop here! Hopefully, after upgrading to XCode6, it will work fine for me!

Cheers!!! See you next time! Pray for me, able to get it up and run!