[JMETER] could not initialise key store java.io.ioexception: >> illegal option: -ext

could not initialise key store java.io.ioexception: >> illegal option: -ext in

This issue is because of wrong Java version . Use JDK 7 ( jdk1.7.X) . 

Netcat ( NC ) for checking the network connectivity

Netcat is a goof network debugging tool . It can read and write the data through network.Both TCP and UDP supported. We mostly face issues with firewalls while we hosting our application in servers. In AWS also there are security settings for restricting the network access. But we need to check whether a port is accessible from public internet. netcat will be very useful to check this.

Suppose we are hosting a web server with port 80. We installed server properly and accessible from same system but not from the network. So we need to test whether request is coming till the server and any web server configuration causing the issue.To test this first stop the webserver then run the command "nc -l 80"

This will open 80 port ( TCP) in current system's IP. Then try to telnet from remote host to webservers 80 port. If it succeeds then you will get connection accpetd message in terminal where we ran "nc -l 80 " command.

Jenkins: FAILED: svn: E175002: OPTIONS

Today I faced some issues in Jenkins ver 1.602, Here I am telling how I resolved this issue

Jenkins: Jenkins ver. 1.602

Exception: Caused by: javax.net.ssl.SSLException: Received fatal alert: protocol_version

Solution

1. First upgrade subversion installed in O.S

   for this I added yum repo 

      vi /etc/yum.repos.d/wandisco-svn.repo

 [WandiscoSVN]
name=Wandisco SVN Repo
baseurl=http://opensource.wandisco.com/centos/6/svn-1.8/RPMS/$basearch/
enabled=1
gpgcheck=0
Reference: http://tecadmin.net/install-subversion-1-8-on-centos-rhel/

2.  Do an svn checkout with non interactive mode.

mkdir test
cd test
svn co --non-interactive --username your_name https://svn.server.com/repository/trunk


You can see the below four files getting created under .subversion/auth folder in home directory
svn.simple
svn.ssl.client-passphrase
svn.ssl.server
svn.username


3. Downgrade the subversion plugin in jenkins

4. start tomcat with following parameter in CATALINA_OPTS in catalina.sh

JK Mount and JK Unmount

Mod_JK

This is the one of the common module which most of the Java application server administrators had worked. I think it is the one which is mostly used with  tomcat and jboss.

Here is a good tutorial for mod_jk

http://www.ramkitech.com/2012/03/virtual-host-apache-httpd-server-tomcat.html

I am adding to the above.

There are some scenario that some of the path we need to exclude from jkmount




JkMount  /*  abc
JkUnMount  /static abc


Here in first line all the request for / is passing to abc worker but a context /static is removing from abc that should be serve from local apache.

LDAP server configuration - Part-1

Directory Service

It is a software which stores the information of network entities like users, servers etc. It can store any kind of information in the form of attribute and its value.

LDAP

Mostly we are using this term something like addressing a database which stores information. But it is a protocol to communicate with directory services or information directory. It supports TCP/IP so we can use this in network. Mostly we will call this LDAP information directory service as LDAP server, which supports ldap queries to store and retrieve data.

Is LDAP server is just like a database? . It acts as a database for storing information but it is more optimized for read operation because modification to LDAP entities will be very less but read operation will be very high.


LDAP server is mostly using for authentication purpose.

What is the advantage of using LDAP server for authentivation

1. LDAP is a protocol . Since it is a standard most of the platform support it.
2. Most of the applications are LDAP ready because they don't need to worry in handling user database in their application
3. Security, There are Access Control List  (ACL) to restrict the entity access .
4. There are lot of LDAP server vendors both in commercial and open-source.Installation of these are very easy.
5. Replication option is there to store the data in remote location for security purpose.


You want cross platform support?, Change of data less frequent? More read operation?   if answer is yes then LDAP server will be the best place to store the information.

Structure of  LDAP Directory Tree.

 Its structure is just like an inverted rooted tree similar to DNS or linux directory structure.Each entry in LDAP tree is uniquely identified by Distinguished Name or will call DN. Mostly we are reading this DN from leaf node to root. I will explain how it is in later portion.


Suppose I am creating ldap server for company example.com

In the above picture the first box ( dc=example,dc=com) is the Base DN for this ldap.
There are multiple format for defining the base DN. But here I used the DNS name format. So Base DN is the top level of the ldap tree.

Suppose we have number of employees in our company . So in LDAP , as we discussed earlier it will be stored in another category or as a node named OU. OU stands for organizational unit. Mostly OU is using for defining a broad categories like ou=users, ou=computers,ou=groups, etc. OU can be further be divided . Suppose we have users in US and UK the the structure will be go like this

 So DN which identifies the users in US will be like .

ou=US,ou=users,dc=example,dc=com
 
See how it is, from individual entry back to words the root of tree.

For "ou=gourps" what will be the DN?  it will be ou=groups,dc=example,dc=com.


An entry in the ldap contains set of attributes which is uniquely identified by DN. There is one term called RDN ( Relative Distinguished Name) . It is nothing but a relative path to an entity based on another DN.

consider the case ou=UK,ou=users,dc=example,dc=com. This a DN and ou=UK, ou=users  is a RDN based on the base DN dc=example,dc=com. Simply like absolute path and relative path in file system.


In LDAP we can store almost data in a format of attribute and value. For example for a user named "John Smith" there will be multiple details related to him like Name, Address, Email etc. all these can be stored in LDAP.

 Here is a sample ldap entry for a user John Smith.

dn: uid=jsmith,ou=people,dc=example,dc=com
objectClass: inetOrgPerson
objectClass: posixAccount
cn: John Smith
givenName: John
sn: Smith
mail: jsmith@example.com
telephoneNumber: +999999999
title: Test Engineer
uid: jsmith
uidNumber: 10000
gidNumber: 100
homeDirectory: /home/jsmith
loginShell: /bin/bash

in this example these are the attribute we need store in the  LDAP.
So look at the first line it defines the DN for user John Smith, But here uid is taken to build DN . This uid just like a user name ( not the uid , gid in linux ).


Here we can see objectClass: inetOrgPerson,  objectClass: posixAccount. The object class defines these atrributes.Which means to use an attribute in LDAP we need to include corresponding object class in the LDAP entry.

 
Configuring LDAP server will be explained in next part

Apache Benchmark load generating tool for website testers.

Apache Benchmark is a good tool for generating load in our website. This is useful while we doing performance testing.

To Install: 

Download apache from  http://www.apache.org/dist/httpd/binaries/win32/httpd-2.0.65-win32-x86-no_ssl.msi and install. For linux you can use command "yum install httpd" .

To Run:


Go to the path where apache installed. In linux the command path will be populated automatically

Use command "ab" with required parameters.


Example : ab -n 20 -c 5 http://localhost:8080/

C:\Program Files\Apache Group\Apache2\bin>ab -n 20 -c 5 http://localhost:8080/
This is ApacheBench, Version 2.0.41-dev <$Revision: 1.121.2.12 $> apache-2.0
Copyright (c) 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Copyright (c) 2006 The Apache Software Foundation, http://www.apache.org/
Benchmarking localhost (be patient).....done

Server Software:        Apache-Coyote/1.1
Server Hostname:        localhost
Server Port:            8080
Document Path:          /
Document Length:        11430 bytes
Concurrency Level:      5
Time taken for tests:   0.46875 seconds
Complete requests:      20
Failed requests:        0
Write errors:           0
Total transferred:      231420 bytes
HTML transferred:       228600 bytes
Requests per second:    426.67 [#/sec] (mean)
Time per request:       11.719 [ms] (mean)
Time per request:       2.344 [ms] (mean, across all concurrent requests)
Transfer rate:          4800.00 [Kbytes/sec] received
Connection Times (ms)
              min  mean[+/-sd] median   max
Connect:        0    0   3.4      0      15
Processing:     0    6   7.7      0      15
Waiting:        0    3   6.2      0      15
Total:          0    7   7.7     15      15
WARNING: The median and mean for the total time are not within a normal deviatio
n
        These results are probably not that reliable.
Percentage of the requests served within a certain time (ms)
  50%     15
  66%     15
  75%     15
  80%     15
  90%     15
  95%     15
  98%     15
  99%     15
 100%     15 (longest request)

To get other  parameters just run command ab.


C:\Program Files\Apache Group\Apache2\bin>ap
'ap' is not recognized as an internal or external command,
operable program or batch file.

C:\Program Files\Apache Group\Apache2\bin>ab
ab: wrong number of arguments
Usage: ab [options] [http://]hostname[:port]/path
Options are:
    -n requests     Number of requests to perform
    -c concurrency  Number of multiple requests to make
    -t timelimit    Seconds to max. wait for responses
    -p postfile     File containing data to POST
    -T content-type Content-type header for POSTing
    -v verbosity    How much troubleshooting info to print
    -w              Print out results in HTML tables
    -i              Use HEAD instead of GET
    -x attributes   String to insert as table attributes
    -y attributes   String to insert as tr attributes
    -z attributes   String to insert as td or th attributes
    -C attribute    Add cookie, eg. 'Apache=1234. (repeatable)
    -H attribute    Add Arbitrary header line, eg. 'Accept-Encoding: gzip'
                    Inserted after all normal header lines. (repeatable)
    -A attribute    Add Basic WWW Authentication, the attributes
                    are a colon separated username and password.
    -P attribute    Add Basic Proxy Authentication, the attributes
                    are a colon separated username and password.
    -X proxy:port   Proxyserver and port number to use
    -V              Print version number and exit
    -k              Use HTTP KeepAlive feature
    -d              Do not show percentiles served table.
    -S              Do not show confidence estimators and warnings.
    -g filename     Output collected data to gnuplot format file.
    -e filename     Output CSV file with percentages served
    -h              Display usage information (this message)

Multiple SSL certificate support in apache with single IP - (SNI)

We mostly work on apache SSL and observed that we require multiple IP address for hosting multiple SSL websites ( with different SSL certificates). Here I found one TLS extension for apache named SNI stands for Server Name Indication. Using this we can host multiple SSL website in a single apache with single IP address.


Configuration:


NameVirtualHost *:443

SSLStrictSNIVHostCheck off


 ServerAdmin web1@example.com
 DocumentRoot /var/www/html/web1
 ServerName web1.com
 SSLEngine ON
 SSLCertificateFile /etc/httpd/certs/web1/server.crt
 SSLCertificateKeyFile /etc/httpd/certs/web1/server.key
 ErrorLog /var/www/vhosts/web1/logs/error.log
 CustomLog /var/www/vhosts/web1/logs/access.log common

 ServerAdmin web2@example.com
 DocumentRoot /var/www/html/web2
 ServerName web2.com
 SSLEngine ON
 SSLCertificateFile /etc/httpd/certs/web2/server.crt
 SSLCertificateKeyFile /etc/httpd/certs/web2/server.key
 ErrorLog /var/www/vhosts/web2/logs/error.log
 CustomLog /var/www/vhosts/web2/logs/access.log common