I am running the this on corretto 8 running on amazon linux 2/2.3.13..
it gets the error as "An error occurred during the execution of command [app-deploy] - [CheckProcFileForJavaApllication]. Stop ruuning the command. Error: There is no profile and .jar file at the root level of your source bundle.
The commands while deployment are prestep
cd $WORKSPACE
echo "Downloading the tagged zip file"
/usr/local/bin/s3cmd get s3://prod-bucket/directory/java-app/$tag.zip
mv $tag.zip vet.zip
unzip vet.zip
rm vet.zip
Post step command
mkdir my_folder;
cp -R .ebextensions my_folder;
cp Procfile.txt my_folder;
cp version.txt my_folder;
cp target/edddpub-parser-0.0.1-SNAPSHOT.jar my_folder;
zip -r my_dir.zip my_folder;
It used to work on Linux1 but i want to run it on Linux2
Below is my zip structure:
.ebextensions
5dantarceDownload
6danttraceInstallAndPost
7crowdsrtike_linux2
nginx_restart_post_hook
.platform
nginx
conf.d
myconf.conf
linux2 is vastly different from linux1 and is incompatible with it. Yo may probably need to fully re-design your application to work with linux2. Please check AWS docs:
Migrating your Elastic Beanstalk Linux application to Amazon Linux 2
Related
As one of the hardening tasks defined for Tomcat, I'm supposed to change the output of $CATALINA_HOME/bin/version.sh to output bogus values.
This seemed pretty straight-forward from what I could find. All of the articles essentially pointed towards: extract ServerInfo.properties from catalina.jar, modify it, recommit it, and restart Tomcat.
In the stateless container world though, I have to extract it, modify it, recommit it, START tomcat. If I restart the container after tomcat is started, the container dies. Here are the steps I tried in my container entrypoint shell script:
jar -xf /opt/tomcat/lib/catalina.jar org/apache/catalina/util/ServerInfo.properties
sed -i 's#server.info=.*#server.info=Server#' /opt/tomcat/org/apache/catalina/util/ServerInfo.properties
sed -i 's#server.number=.*#server.info=0.0#' /opt/tomcat/org/apache/catalina/util/ServerInfo.properties
jar -uf /opt/tomcat/lib/catalina.jar org/apache/catalina/util/ServerInfo.properties
However, in 9.0.45, the recommit back to catalina.jar throws an error:
jar: Package org.apache.catalina.ssi missing from ModulePackages class file attribute
Investigating this, I found this article: jar: Package org.apache.catalina.ssi missing from ModulePackages class file attribute
...which essentially said it's a bug in newer versions of tomcat and the guy who got around it used 7zip instead of jar. So I modified my code with the following:
mkdir -p /opt/tomcat/test
pushd /opt/tomcat/test
7z x -y /opt/tomcat/lib/catalina.jar:org/apache/catalina/util/ServerInfo.properties
sed -i 's#server.info=.*#server.info=Server#' /opt/tomcat/test/ServerInfo.properties
sed -i 's#server.number=.*#server.info=0.0#' /opt/tomcat/test/ServerInfo.properties
7z u /opt/tomcat/lib/catalina.jar:org/apache/catalina/util/ServerInfo.properties /opt/tomcat/test/ServerInfo.properties
popd
...while this did work in-so-far as I can tell (the ServerInfo.properties file in the backup location (test) did successfully get modified and I received a success indicator from 7zip in the container console log output for the recommit), after tomcat starts and I run version.sh, it still reports the actual verison.
To reiterate, these changes are being applied before tomcat is ever started so even though all of the documentation says to restart tomcat after-the-change, I'm expecting that I shouldn't have to restart tomcat (again, since this operation kills the container and wipes any interactive container changes (stateless)).
EDIT 1:
In an effort to confirm, after the container is started, I've exec'd into the container to verify that the entrypoint script was successful. I manually extracted the file out of catalina.jar and verified that the operations did appear to be successful because the interactively-extracted ServerInfo.properties from catalina.jar does reflect the changes (so the process appears to have worked) but running $CATALINA_HOME/bin/version.sh still shows the actual version...
There is another option which is much easier and works just fine.
Alternatively, the version number can be changed by creating the file CATALINA_BASE/lib/org/apache/catalina/util/ServerInfo.properties with content as follows...
https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html#web.xml
You don't need to replace anything in catalina.jar
Just create this extra config file as follows, that is enough.
mkdir -p "${CATALINA_HOME}/lib/org/apache/catalina/util"
echo "server.info=X" > "${CATALINA_HOME}/lib/org/apache/catalina/util/ServerInfo.properties"
## proceed with tomcat start...
Bonus
Remove server info from HTTP headers in server responses (also check this).
## turn off server info and stacktraces on error pages
file="${CATALINA_HOME}"/conf/server.xml
xmlstarlet edit -L \
--delete "//Connector[starts-with(#protocol, 'HTTP')]/#server" \
--insert "//Connector[starts-with(#protocol, 'HTTP')]" -t attr -n "server" -v "X" \
--delete "//Valve[#className='org.apache.catalina.valves.ErrorReportValve']" \
--subnode "/Server/Service[#name='Catalina']/Engine[#name='Catalina']/Host[#name='localhost']" -t elem -n "Valve" \
--insert "/Server/Service[#name='Catalina']/Engine[#name='Catalina']/Host[#name='localhost']/Valve[not(#className)]" -t attr -n "className" -v "org.apache.catalina.valves.ErrorReportValve" \
--insert "//Valve[#className='org.apache.catalina.valves.ErrorReportValve']" -t attr -n "showReport" -v "false" \
--insert "//Valve[#className='org.apache.catalina.valves.ErrorReportValve']" -t attr -n "showServerInfo" -v "false" \
${file}
The problem
I installed and configured Tomcat on my Linux Mint for use in IntelliJ.
In the configuration process, I gave permissions, for security reasons, to a new user group (named tomcat) and to another new user (also named tomcat).
I did it because of some tutorials like the one from Digital Ocean that says:
For security reasons, you should NOT run tomcat using root user. We shall create a non-login user called tomcat (in group tomcat) to run the server.
So, i executed:
$ sudo chgrp -R tomcat /opt/tomcat
$ sudo chmod -R g+r conf
$ sudo chmod g+x conf
$ sudo chown -R tomcat webapps/ work/ temp/ logs/
So my folder looks like this:
However, when I run Tomcat, I get the following error:
org.apache.catalina.startup.ContextConfig.beforeStart Exception fixing docBase for context [/edi]
java.io.IOException: Unable to create the directory [/opt/tomcat/apache-tomcat-9.0.33/webapps/edi]
What i've tried
As the error implies that it is something related to user permissions, I gave permission to everyone in the folder /opt/tomcat/apache-tomcat-9.0.33 using:
$ sudo chmod -R 777
The doubt
I would like to know what I can do to keep the permission settings for security and at the same time run Tomcat via IntelliJ.
Can I force IntelliJ to run with the user tomcat? If so, how can I do it?
While performing some Java related operation for Mendix on docker image "openjdk:8-jre" , I am getting an error: "System.UnauthorizedAccessException: Access to the file or directory '/usr/local/openjdk-8/bin/java' is denied."
Note: Command I am executing is not being executed manually, but I am using Gitlab for CICD for my project and one of the script is executing this Java related command.
A bit about Mendix : This is a platform I used for building my app. I am trying to build a deployable package on this docker image using following command.
mono /modeler/mxbuild.exe --output="Automation" --java-home =$JAVA_HOME --java-exe-path=$JAVA_HOME/bin/java Automation.mpr
I tried to execute following two commands before executing java command:
su
chmod 777 $JAVA_HOME/bin/java
chown -R root:root $JAVA_HOME
Not able to figure out why permission is getting denied .
I’m trying to install JDK on Centos, but I’m getting an error:
[root#www opt]# rpm -ivh /opt/jdk-7u51-linux-x64.rpm
Preparing... ########################################### [100%]
1:jdk ########################################### [100%]
error: unpacking of archive failed on file /usr/java/jdk1.7.0_51/db/lib/derbyLocale_zh_CN.jar;533ab42a: cpio: read
Where can be problem?
Thanks
Can you please check the md5sum of the downloaded file against these values here: http://www.oracle.com/technetwork/java/javase/downloads/java-se-binaries-checksum-1956892.html ?
If the md5sum does not check, it must be a broken download.
A short answer: try downloading and installing again.
A longer answer:
Even though you are getting this, the jdk is getting installed. Sort of. This seems to be an error in the packaging but it is not fatal. Here is the output from my machine. In the example I cat'd the release file so you can see what CentOS I'm using and did an md5sum on the rpm I'm using. You'll notice that it doesn't match the md5sum from the Oracle site link (provided above by Kristof).
Next, I did an ls on the target directory for the jdk /usr/java/ so you can see that it is empty. Then ran the rpm install and did another ls to show that some files are there.
Of course, this defeats the purpose of using rpm, because the install information is not going to go into the rpm database. If I query the database it doesn't come up and it's missing the links that usually get installed pointing to 'latest' and 'default'
So I took a guess that maybe there is a mirror that might have a bad rpm and went to the Oracle site and downloaded the file again. I gave it a different name so that I can compare the two files. This time it was successful.
In the screen shot below you can see the two files. The newest download being the one I called jdk-7u51-linux-x86_64.rpm. You can see the md5sum shows the files are different, but on the new file, the md5 matches the Oracle site. I removed the directory that was created by the failed install and then ran the rpm -ivh command and it completed successfully. The ls on the /usr/java directory shows all the correct stuff and querying the rpm database shows it was installed. Hope this helps!
You can do it with simple script which you can find here
It's for Centos rpm, but you can edit script and change rpm to tar.gz for example
Also you can change version or env in variables bellow
BASE_URL="technetwork/java/javase/downloads"
BASE_URL_OUTPUT="$(curl -s -L0 http://www.oracle.com/${BASE_URL}/)"
JAVA_ENVIRONMENT="JDK"
JAVA_BASE_VERSION=8
DOWNLOAD_SITE="$(echo $BASE_URL_OUTPUT | grep -m 1 -io "${JAVA_ENVIRONMENT}${JAVA_BASE_VERSION}-downloads-[0-9]*.html" -- | tail -1)"
echo "DOWNLOAD_SITE="$DOWNLOAD_SITE
DOWNLOAD_LINK_OUTPUT="$(curl -s -L -j -H "Cookie: oraclelicense=accept-securebackup-cookie" http://www.oracle.com/${BASE_URL}/${DOWNLOAD_SITE} | grep -io "filepath.*${JAVA_ENVIRONMENT}-[${JAVA_BASE_VERSION}].*linux[-_]x64[._].*\(rpm\)" -- | cut -d '"' -f 3 | tail -1)"
echo "DOWNLOAD_LINK_OUTPUT="$DOWNLOAD_LINK_OUTPUT
curl -L -o java_rpm_packet.rpm -b "oraclelicense=a" $DOWNLOAD_LINK_OUTPUT
and install with
yum localinstall -y java_rpm_packet.rpm
I am trying to build RPM for my java code.RPM build and install sections works fine.But,later i have added a shell script in %post section to run shell script file that creates some files and starts the java application.The file gets copied fine.But, in %post section I get the failed dependencies bin/sh error.I am building the rpm on linux machine and target machines are centOS.I have also tried AutoReqProv: no in spec file.I am not running the install as a root user.also,target machines are not expected to have ANT(iam using it to build the java code-this might be not related to the problem) on them.I am attaching the code below.Default location of installation is in tmp folder.( for testing).
Summary: test Summary: test
Name: test
Version: 1
Release: 1
License: Restricted
Group: Applications/System
BuildRoot: ~/rpm/BUILD/helloworld-root
URL: http://mycompany.net/helloworld.tar
Vendor: Mycompany
Packager: Mycompany
Prefix: /tmp
BuildArchitectures: x86_64
%description
Hello World
%prep
pwd
%build
pwd
echo "changing directory"
echo $RPM_BUILD_ROOT
cd %{_sourcedir}
pwd
ant -f testbuild.xml
%install
pwd
echo "in install"
echo $RPM_BUILD_ROOT
rm -rf $RPM_BUILD_ROOT
mkdir -p $RPM_BUILD_ROOT/tmp/test/
cd $RPM_BUILD_ROOT/tmp/test/
tar -xf %{_builddir}/test.tar
%post
sh /tmp/test/createdb.sh
%clean
%files
/tmp/test
%changelog
i have also searched on google but couldn't find how to run shell script from spec.with oust post section, I have tried to run through command line it executes fine.I appreciate the help if somebody can point where the problem is?
%post -p /bin/bash
That will give your post script a terminal to run bash commands and all that you are doing into it.