Linux

Managing JBoss EAP/Wildfly using Jcliff

Managing JBoss EAP/Wildfly using Jcliff

Systems management can be a difficult task. Not only does one need to determine what the end state should be but, more importantly, how to ensure systems attain and remain at this state. Doing so in an automated fashion is just as critical, because there may be a large number of target instances. In regard to enterprise Java middleware application servers, these instances are typically configured using a set of XML based files. Although these files may be manually configured, most application servers have a command-line based tool or set of tools that abstracts the end user from having to worry about the underlying configuration. WebSphere Liberty includes a variety of tools to manage these resources, whereas JBoss contains the jboss-cli tool.

Although each tool accomplishes its utilitarian use case as it allows for proper server management, it does fail to adhere to one of the principles of automation and configuration management: idempotence. Ensuring the desired state does not equate to executing the same action with every iteration. Additional intelligence must be introduced. Along with idempotence, another core principle of configuration management is that values be expressed declaratively and stored in a version control system.

Jcliff is a Java-based utility that is built on top of the JBoss command-line interface and allows for the desired intent for the server configuration to be expressed declaratively, which in turn can be stored in a version control system. We’ll provide an overview of the Jcliff utility including inherent benefits, installation options, and several examples showcasing the use.

Continue reading “Managing JBoss EAP/Wildfly using Jcliff”

Share
Verifying signatures of Red Hat container images

Verifying signatures of Red Hat container images

Security-conscious organizations are accustomed to using digital signatures to validate application content from the Internet. A common example is RPM package signing. Red Hat Enterprise Linux (RHEL) validates signatures of RPM packages by default.

In the container world, a similar paradigm should be adhered to. In fact, all container images from Red Hat have been digitally signed and have been for several years. Many users are not aware of this because early container tooling was not designed to support digital signatures.

In this article, I’ll demonstrate how to configure a container engine to validate signatures of container images from the Red Hat registries for increased security of your containerized applications.

Continue reading “Verifying signatures of Red Hat container images”

Share
Introducing debuginfod, the elfutils debuginfo server

Introducing debuginfod, the elfutils debuginfo server

Because bugs are inevitable, developers need quick and easy access to the artifacts that debugging tools like Systemtap and GDB depend on, which are typically DWARF (Debugging With Attributed Record Formats) debuginfo or source files. Accessing these resources should not be an issue when debugging your own local build tree, but all too often they are not readily available.

For example, your distro might package debuginfo and source files separately from the executable you’re trying to debug and you may lack the permissions to install these packages. Or, perhaps you’re debugging within a container that was not built with these resources, or maybe you simply don’t want these files taking up space on your machine.

Debuginfo files are notorious for taking up large amounts of space, and it is not unusual for their size to be five to fifteen times that of the corresponding executable. debuginfod aims to resolve these problems.

Continue reading “Introducing debuginfod, the elfutils debuginfo server”

Share
Changes to CentOS: What CentOS Stream means for developers

Changes to CentOS: What CentOS Stream means for developers

Today Chris Wright, vice president and CTO at Red Hat, published a post describing how CentOS is changing and the opportunities it opens for developers in the Red Hat Enterprise Linux (RHEL) ecosystem. The net effect of this change is that, in addition to CentOS Linux 8, there is a new version of CentOS—CentOS Stream—which will provide a “rolling preview” of future Red Hat Enterprise Linux kernels and features. This is being announced in addition to the release of the traditional CentOS Linux 8, which is a downstream rebuild of the current RHEL release.

Continue reading Changes to CentOS: What CentOS Stream means for developers

Share
Using Let’s Encrypt with Apache httpd on Red Hat Enterprise Linux 7

Using Let’s Encrypt with Apache httpd on Red Hat Enterprise Linux 7

Getting an SSL certificate for your web server has traditionally been a something of an effort.  You need to correctly generate a weird thing called a certificate signing request (CSR), submit it to the web page of your chosen Certificate Authority (CA), wait for them to sign and generate a certificate, work out where to put the certificate to configure it for your web server—making sure you also configure any required intermediate CA certificates—and then restart the web server.  If you got all that right, you then need to enter a calendar entry so you’ll remember to go through the process again in (say) a year’s time. Even some of the biggest names in IT can mess up this process.

With new CAs like Let’s Encrypt, along with some supporting software, the rigmarole around SSL certificates becomes a thing of the past.  The technology behind this revolution is Automatic Certificate Management Environment (ACME), a new IETF standard (RFC 8555) client/server protocol which allows TLS certificates to be automatically obtained, deployed, and renewed. In this protocol, an “agent” running on the server that needs an SSL certificate will talk to to the CA’s ACME server over HTTP.

A popular method for using ACME on your Red Hat Enterprise Linux 7 server is certbot. Certbot is a standalone ACME agent that is configured out-of-the-box to work with Let’s Encrypt and can work with Apache httpd, Nginx, and a wide variety of other web (and non-web!) servers.  The certbot authors have an excellent guide describing how to set up certbot with httpd on RHEL7.

In this tutorial, I’ll show an alternative method—the mod_md module—which is an ACME agent implemented as a module for Apache httpd, tightly integrated with mod_ssl, and is supported today in Red Hat Enterprise Linux 7.  The mod_md module was implemented by Stefan Eissing—a prolific developer who also added HTTP/2 support to httpd—and contributed to the Apache Software Foundation, becoming a standard part of any new installation since httpd version 2.4.30.

Continue reading “Using Let’s Encrypt with Apache httpd on Red Hat Enterprise Linux 7”

Share
Quickly set up a LAMP stack on Red Hat Enterprise Linux 8

Quickly set up a LAMP stack on Red Hat Enterprise Linux 8

Have you tried Red Hat Enterprise Linux 8 (RHEL8) yet? Read on to learn how to quickly set up a LAMP stack on RHEL8 so you can play around with the new features built into the operating system.

A LAMP stack is made up of four main components and some glue. The first main component in a LAMP stack (the “L”) is Linux. In my example, I’m using Red Hat Enterprise Linux 8 for that, which gives me a secure operating system, a modern programming environment, and a user-friendly set of tools to control it.

Continue reading “Quickly set up a LAMP stack on Red Hat Enterprise Linux 8”

Share
Working with Red Hat Enterprise Linux Universal Base Images (UBI)

Working with Red Hat Enterprise Linux Universal Base Images (UBI)

If you’re like me—a developer who works with customers who rely on the tried-and-true Red Hat Enterprise Linux (RHEL), works with containerized applications, and also prefers to work with Fedora Linux as their desktop operating system—you’re excited by the announcement of the Universal Base Images (UBI). This article shows how UBI actually works, by building the container image for a simple PHP application.

With UBI, you can build and redistribute container images based on Red Hat Enterprise Linux without requiring a Red Hat subscription. Users of UBI-based container images do not need Red Hat subscriptions. No more extra work creating CentOS-based container images for your community projects or for your customers that prefer self-support.

I tested all these steps on my personal Fedora 29 system, and they should work on any Linux distribution. I am also a big fan of the new container tools such as Podman, which should be available to your favorite Linux distribution. If you are working on a Windows or MacOS system, you can replace the Podman commands with Docker.

Continue reading “Working with Red Hat Enterprise Linux Universal Base Images (UBI)”

Share