Docker Portainer

January 31st, 2017 No comments

Managing docker through the cli can sometimes be a pain. Portainer is the management interface I use know to make life a little easier. You can run it on your local docker by issueing the following command:

docker run -d --privileged -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data -p --restart always --name portainer portainer/portainer

You might also want to enable the remote management api over tcp. edit /etc/default/docker and add the following:

DOCKER_OPTS='-H tcp:// -H unix:///var/run/docker.sock'

restart the docker daemon afterwards:

sudo service docker restart

To remove dangling volumes I use the following script:

docker volume rm $(docker volume ls -qf dangling=true)
Categories: Linux Tags:

NetBeans plugin migration

January 11th, 2017 No comments

After installing the latest version of NetBeans I found that my old plugins were not migrated. I did the following to migrate them:

Run the new version of NetBeans and tell it to import my old stuff. Then close it again.

Copy the modules directory in ~/.netbeans/ to ~/.netbeans/

cp -avn ~/.netbeans/<old version>/modules ~/.netbeans/<new version>

Copy additional items from ~/.netbeans/config/Modules

cp -avn ~/.netbeans/<old version>/config/Modules/* ~/.netbeans/<new version>/config/Modules

That did the trick for me though it might not always work depending on the version you are migrating from and to.

Categories: Coding Tags:

Git Cheat Sheet

November 25th, 2016 No comments

Small cheat sheet of git commands I frequently use.

Cloning a repository

git clone <remote-url>

Revert changes in working copy

git checkout .

Revert changes in a single file

git checkout <file>

Revert all local commits

git reset

Remove untracked files and directories

git clean -fd

Show stash diff

git stash show -p <stash-id>

Clear all stashes

git stash clear

Show remotes

git remote -v

Switch branch

git checkout <branch>

Show local unpushed commits

git log origin/master..HEAD

Show local unpushed commit diff

git diff origin/master..HEAD

Undo commit

git reset HEAD~
Categories: Linux, Uncategorized Tags:

Self Signed Certificate Script

November 18th, 2016 No comments

Just a small script to generate self signed certificates.

if [[ $EUID -ne 0  ]]; then
    echo "This script must be run as root" 1>&2
    exit 1
if [ "$#" -ne 1 ]; then
        echo "No site name supplied e.g. jenkins"
openssl genrsa -des3 -passout pass:x -out $1.pass.key 2048
openssl rsa -passin pass:x -in $1.pass.key -out $1.key
rm $1.pass.key
openssl req -new -key $1.key -out $1.csr
openssl x509 -req -days 365 -in $1.csr -signkey $1.key -out $1.crt
Categories: Linux Tags:

Atom plugin installation from command line

November 15th, 2016 No comments

Once you have set up your atom editor it is nice if you can store the list of installed plugins so you can easily reinstall or share with friends. Here are the commands to do so from the command line:


apm list --installed --bare > packages.txt


apm install --packages-file packages.txt


Categories: Coding Tags:

Java custom validation with predicate annotation

October 14th, 2016 No comments

Just two small classes I wrote to be able to do some easy validation when you need to have more contextual information when validating an entity. This will allow you to do that easily while preventing the rewriting of boilerplate code.

The annotation:

import java.lang.annotation.Documented;
import java.lang.annotation.Retention;
import java.lang.annotation.Target;
import static java.lang.annotation.ElementType.*;
import static java.lang.annotation.RetentionPolicy.*;
import java.lang.annotation.Repeatable;
import javax.validation.Constraint;
import javax.validation.Payload;
@Constraint(validatedBy = PredicateValidator.class)
public @interface Predicate {
	String message() default "{predicate.invalid}";
	Class<?>[] groups() default {};
	Class<? extends Payload>[] payload() default {};
	String name();
	public @interface List {
		Predicate[] value();

The validator:

import java.util.HashMap;
import java.util.Map;
import javax.validation.ConstraintValidator;
import javax.validation.ConstraintValidatorContext;
public class PredicateValidator implements ConstraintValidator<Predicate, Object> {
	private static final Map<String, java.util.function.Predicate> PREDICATES = new HashMap<>();
	private java.util.function.Predicate predicate;
	public void initialize(Predicate predicate) {
		if (!PREDICATES.containsKey( {
			throw new IllegalArgumentException("No predicate with name " + + " found");
		this.predicate = PREDICATES.get(;
	public boolean isValid(Object value, ConstraintValidatorContext context) {
		return predicate.test(value);
	public static void addPredicate(String name, java.util.function.Predicate p) {
		PREDICATES.put(name, p);

And a small example:

import java.util.Objects;
@Predicate(name = "myPredicate")
@Predicate(name = "myPredicate2")
public class Pojo {
	static {
		PredicateValidator.addPredicate("myPredicate", obj -> {
			Pojo p = (Pojo) obj;
			System.out.println("Test 1");
			return Objects.equals(p.getValueOne(), p.getValueTwo());
		PredicateValidator.addPredicate("myPredicate2", obj -> {
			Pojo p = (Pojo) obj;
			System.out.println("Test 2");
			return Objects.equals(p.getValueOne(), p.getValueTwo());
	private String valueOne;
	private String valueTwo;
	public String getValueOne() {
		return valueOne;
	public void setValueOne(String valueOne) {
		this.valueOne = valueOne;
	public String getValueTwo() {
		return valueTwo;
	public void setValueTwo(String valueTwo) {
		this.valueTwo = valueTwo;

Import pem certificate into jks

June 30th, 2016 No comments

The trick is to export it to pkcs12 so that it can be imported by the java keytool.
Other ways of importing caused verification failures on the intermediate certificates for me.

openssl pkcs12 -export -out keystore.p12 -inkey certificate.pem -in certificate.pem
keytool -importkeystore -destkeystore keystore.jks -srcstoretype PKCS12 -srckeystore keystore.p12
# Change alias: keytool -changealias -alias 1 -keystore keystore.jks -keypass <pass> -destalias <destalias>
# Add intermediate certificates:
# openssl x509 -in root.crt -outform der -out root.der
# openssl x509 -in intermediate.crt -outform der -out intermediate.der
# keytool -import -trustcacerts -alias root -file root.der -keystore keystore.jks
# keytool -import -trustcacerts -alias root -file intermediate.der -keystore intermediate.jks

When used in Tomcat this would become something like the following:

    <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
               maxThreads="150" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS"
               keystoreFile="/path/to/keystore.jks" keystorePass="<keystorePass>" keyAlias="<alias_for_the_key>" />
Categories: Uncategorized Tags:

Raspberry Pi – RAID 1 with NFS

June 18th, 2016 No comments

I decided to give my Raspberry Pi a new life and installed the latest version of Raspbian.
I also ordered two similar usb sticks of the same size to make a raid 1 (mirrored) device with mdadm which I want to export with NFS.
Note that you should be knowing what you are doing since any of these steps might lead to data loss.

# Short session as root
sudo -i
# Determine where the usb sticks are.
fdisk -l
# Remove existing partitions and create the new Linux partitions. Combination of the following commands: p, d, n and w
fdisk /dev/<usb-device1>
fdisk /dev/<usb-device2>
# Install adm. When asked about installing it to the root os answer with 'none' since we will keep booting from the sd card.
apt-get install mdadm
mdadm --create --verbose /dev/md0 --level=mirror --raid-devices=2 /dev/<usb1-partition1> /dev/<usb2-partition1>
# Check if everything is ok.
mdadm --detail /dev/md0
# Write stuff to the mdadm config
mdadm --detail --scan >> /etc/mdadm/mdadm.conf
# Create the fs (-m 0 = no reserved blocks)
mkfs.ext4 -m 0 /dev/md0
mkdir /mnt/raid
mount /dev/md0 /mnt/raid
# I copied the directories I wanted to move over to the raid device (/var, /tmp, /opt, /root)
# copy var without the symlinks use the same command for the other directories.
find /var -depth -type f -o -type d | cpio -pamVd /mnt/raid
# Determine the uuid of the raid device to be used in fstab
blkid /dev/md0

Edit fstab to mount everything from the raid device.

UUID="<your_raid_uuid>"        /mnt/raid       ext4    defaults,noatime        0       2
/mnt/raid/var   /var            none    defaults,bind           0       0
/mnt/raid/tmp   /tmp            none    defaults,bind           0       0
/mnt/raid/root  /root           none    defaults,bind           0       0
/mnt/raid/home  /home           none    defaults,bind           0       0
/mnt/raid/opt   /opt            none    defaults,bind           0       0

Next I installed nfs and created a dir for the nfs shares.

apt-get install nfs-kernel-server
# Don't forget to start rpcbind. Otherwise you will have strange problems connecting to your nfs share from other machines. (Connection timed out most probably)
service start rpcbind
mkdir /mnt/raid/share
mkdir /export
cd /export
ln -s /mnt/raid/share

Edited /etc/exports

/export/share ,sync,no_subtree_check)
# export everything. Restart nfs to be certain our changes made it.
exportfs -r
service nfs-kernel-server restart

Well that’s it for now. I will be testing this to see how it holds up on my Raspberry.

Categories: Linux Tags:

Encrypting an external drive

July 26th, 2015 No comments

I wanted to encrypt the disks that I use to regularly make a backup so I can put it offsite without that nagging thought that just about anyone can read it’s contents when it gets stolen/lost.

Find out the name of the disk you want to encrypt. I usually use a ‘sudo fdisk -l’ to find out which disk. In my case /dev/sdc3 so I will use that in this example. Substitute with your own unless you want to lose data.

Make sure your disk is not mounted:

sudo umount /dev/sdc3

It is good practice to fill the disk with some initial garbage to make any decryption attempts harder.

sudo dd if=/dev/urandom of=/dev/sdc3

Initial creation:

# Login as root
sudo -i
# Install cryptsetup
apt-get install cryptsetup
# I am using a passphrase to setup the encryption you could optionally use a keyfile. Check out the manual for more info.
cryptsetup -y create crypt /dev/sdc3
# Create an ext4 filesystem. (-m 0 -> No reserved blocks for root, this is an external disk)
mkfs.ext4 -m 0 /dev/mapper/crypt
# Create a directory to mount to and mount
mkdir /mnt/crypt && mount /dev/mapper/crypt /mnt/crypt


sudo cryptsetup create crypt /dev/sdc3
sudo mount /dev/mapper/crypt /mnt/crypt

That did it for me. I just wanted a small barrier to chase away curious people.

Categories: Debian, Ubuntu Tags: ,

Tomcat – High CPU Breakdown

June 5th, 2015 No comments

Determine the process id (PID) of the process that has high CPU load.

The culprit:

16397 tomcat    24   0 2809m 1.2g  26m S 197.4 14.8 112:28.42 java

Use top, ps or the java jps tool. I used jps here.

sudo -u tomcat jps -l


16397 org.apache.catalina.startup.Bootstrap

We then try to create a thread dump with the java jstack tool.

sudo jstack 16397 > stacktrace.dmp


16397: Unable to open socket file: target process not responding or HotSpot VM not loaded
The -F option can be used when the target process is not responding
sudo jstack -F 16397 > stacktrace.dmp

If that is also not working you can try quitting the process.

sudo -u tomcat kill -QUIT 16397

You will need to check the logs to see the stacktrace.

You can then check out the running threads and their state. I found that some threads were in a blocking state due to a few java.lang.OutOfMEmoryError errors.

To get more detailed information we can also use the jmap command to do a little deeper digging.

sudo jmap -dump:file=thread_dump.16379.dmp -F 16397
Categories: Linux Tags: