How to add a systemctl service to a Ubuntu server

I have lately been using Vert.x for simple web servers/services, and found running them directly on my server was just as convenient as trying to set up Docker...

As you may know Vert.x is a framework for writing reactive applications than runs on the Java Virtual Machine (JVM). Either you can install the Vert.x framework on your server and run your application in a Vert.x context, or you can package everything (both your own code and the framework) in a single (fat) jar and run it directly.

Run command:

 sudo java -jar myjarfile.jar

This command will run the service, but it will be terminated as soon as you exit out of the terminal window. To make it run as a service follow the steps below.

Note that a JVM needs to be installed on your server. To install Oracle Java 8 on Ubuntu follow this guide.

Create a folder for the files that make up your service

The "standard" folder for your own services on a Ubuntu server would normally be /usr/local, but you can use a different folder if this better suits your needs.
Use the commands in the code section below to create a folder for your service.

 cd /usr/local  
 sudo mkdir myservice  
 cd myservice  

Add the files for your site/service

Adding the files that makes up your service depends on how you work when you are doing your development. I usually write and test my code locally, storing my files in a git repository. I then use git from the command line to update site content.

Command to install git client on Ubuntu:

 sudo apt-get install git  

Command to clone your git repository to the server:

 git clone https://<username>@<server>/<path-to-repo.git>

Note that when you clone a repository the repository will be cloned to the current directory.

Command to retrieve updates from  your git repository.

 git pull https://<username>@<server>/<path-to-repo.git>




Create a bash script for starting your service

To create the bash script I usually prefer nano.

 sudo nano runmyservice.sh

This is the file that eventually starts your service. To start a JVM, use something similar to the command below.

 #!/bin/bash  
 cd /usr/local/myservice/<name-of-repo-folder>
 java -jar ./<name-of-jar>.jar  

Make the script executable:

 chmod 755 ./runmyservice.sh  

Add a service file for your service

You must then create a service-file in the /lib/systemd/system directory.

 cd /lib/systemd/system
 sudo nano myservice.service

Add the following text:

 [Unit]  
 Description=MyService
 [Service]  
 ExecStart=/usr/local/myservice/runmyservice.sh  
 Type=simple  
 User=root
 Restart=always
 [Install]  
 WantedBy=multi-user.target

This file is what enables systemctl to start, stop and generally handle your service.

Enable your service so that it starts when the server starts

 sudo systemctl enable myservice.service

You can now operate your service using systemctl.

Some useful commands

Start service

 sudo systemctl start myservice.service

Stop service

 sudo systemctl stop myservice.service

How to implement SHA2 certificates for Domino 9.0.1 FP3+

Requirements

To implement SHA-2 certificates on a Domino server you need the following:

• Domino server version 9.0.1 FP3 or higher
  The server we will install the certificate on.
• Notes client (preferably admin client) version 9.0.1 FP3 or higher
  Used for generation of the certificate. 
• kyrtool.exe
  The new keyring tool for generating Domino keyring files
• OpenSSL for Windows

Preparations

Install OpenSSL for Windows

OpenSSL can be downloaded from the following site:

https://slproweb.com/products/Win32OpenSSL.html

You can download the 32 or the 64 bit version (up to you). The "light" version is good enough.

The installation is straight forward. After the installation set the som needed environment variables using the following commands:

C:\CertFolder>set OPENSSL_CONF=c:\OpenSSL-Win64\bin\openssl.cfg

C:\CertFolder>set RANDFILE=C:\Users\ove\Desktop\.rnd 

For convenience you can also add the OpenSSL install folder to your PATH.

Download kyrtool.exe

Kyrtool.exe is especially written to handle SHA-2 certificates on a Domino 9.0.1 FP3+ server. You need to download the tool from the page below.

http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Lotus&product=ibm/Lotus/Lotus+Domino&release=9.0.1.2&platform=All&function=fixId&fixids=KYRTool_9x_ClientServer

Copy the downloaded file to the program directory for your Notes client. The program needs the Notes DLL's to work.

Procedure

Generate a keyring file

We need a keyring file to store the keys and certificates. 

Note that even if you could create this file on your Domino server the server may crash when trying. Use your Notes client!

Command:

C:\IBM\Notes>kyrtool create -k C:\CertFolder\<keyring file name.kyr> -p <keyring password>

Generate a "key" for the server

Use OpenSSL to generate a key that identifies your server.

Command:

C:\CertFolder>c:\OpenSSL-Win64\bin\openssl.exe genrsa -out <keyfilename>.key 4096

Generating RSA private key, 4096 bit long modulus
............................................................................................................................++
..........................................................................................++
e is 65537 (0x10001)

After the key is created you can watch it's content.

Command:

C:\CertFolder>type <keyfilename>.key
-----BEGIN RSA PRIVATE KEY-----
MIIJKgIBAAKCAgEAwygi8FlxJOsKlVS/4AbVZpvY3TQ+hEAEsCqZu9yVg9Je7fUo
1h159HleuANfyms1tCg8nYCblXa+lj42pYgz+IfdcoyUuuv7E6vZAm7PDNBeTjN/
xD/PbXeh6HCWPPHznYxv/dE1YSck4b4BtjqH5AG6512LBmqLq8nSDFDi7E7e5Hwa
...
...
2VCtlxqeztqM66LkqDL4QWmazvrSdLiSxmJn8gr9tpM4CkpUiYvaq9pqB6kQ241n
QBrnngktGz6t06xvcjRz3PKhZkGS2jXJ79dMn+JV34WlZNC6vyzwBymJuwDppeEa
jVBhLeSJvYiZenjOfBscxZp8YxmFALzk4QKUhFLgIYeRkgNp/tt41XAb1oIPKAgm
Hks1Xrl1UOhOCcpsQjMkDVIB1U9VxQG1pE2pEigzoHDxicEqrq1U6w/6kjb9SQ==
-----END RSA PRIVATE KEY-----

Create a certificate signing request (CSR)

Command:

C:\CertFolder>c:\OpenSSL-Win64\bin\openssl.exe req -new -sha256 -key <keyfilename>.key -out <keyfilename>.csr 

Details for your certificate are required. You need to provide at least the following:

D:\IBM>d:\ibm\domino\kyrtool import all -k d:\IBM\v-man.kyr -i d:\IBM\star_v-man_no.pem

• Country code
• Locality name (city)
• Organization name
• Common name (server fully qualified host name)
• Email address (common email address for company)

Generate a signed certificate for the CSR

The is the part where you buy a certificate from a Certificate Authority (like DigiPlex, RapidSSL or Verisign). Most often they let you decide on a suitable certificate. You must then pay for the certificate before they let you generate a certificate by:

• Specify the server where the certificate is to be used (Domino)
• Pasting in the CSR

The generation may take a while, so be patient...

When the certificate is ready for download also remember to download the root and intermediate certificates for your new certificate. They are needed in the keyring file to form the trust chain.

Try to download the certificates in PEM format (*.pem). Preferably all the certificates in one file.

Add the certificates to the generated keyring file

Collect all the certificates and the key file in the same txt-file

The simplest way to make the keyring work is to install all certificates at the same time. To accomplish this we need to add all the certificates and key (the one we generated for the server) to a file.

The certificates are nothing else than a text-file, so use Notepad++ or similar to add them all to the same file. The following files must be present:

• The server key
• The signed certificate
  The certificate you got from the Certificate Authority.
• The intermediate certifiate
  Note that there may be more than one of these...
• The trusted root certificate

Add the key/certificates to the keyring file

Install the key/certificates to the keyring file using the following command:

C:\CertFolder>d:\ibm\notes\kyrtool import all -k C:\CertFolder\<keyring>.kyr -i C:\CertFolder\<filename_for_all_certs.txt>

NOTE! Use absolute paths or you will get a "file not found" error!

You should see the following output:

Using keyring path 'C:\CerfFolder\<keyring>.kyr'
Successfully read 4096 bit RSA private key
SECIssUpdateKeyringPrivateKey succeeded
SECIssUpdateKeyringLeafCert succeeded 

Verify the content of the keyring

To verify the content of the keyring file enter the following commands.

To list the certificates:

C:\CertFolder>c:\ibm\notes\kyrtool.exe show certs -k C:\CertFolder\<keyring>.kyr

To list the keys:

C:\CertFolder>C:\ibm\notes\kyrtool.exe show keys -k C:\CertFolder\<keyring>.kyr

Both commands will list the certificates/keys.

Install the certificate on a Domino server

Activate HTTPS for server

By default Domino does not accept requests on the HTTPS port (443). You can activate this by setting the field "SSL port status" to "Enabled" in the server document, in the pane "Ports - Internet ports - Web".
After this change the Domino server has to be restarted.

Copy the keyring file to the Domino data directory

Copy the keyring file you created to the Domino data directory. Remember to also copy the "<keyring>.sth" file. This file stores the password for the keyring file and is needed for the certificate to work.

Edit the internet site document

This procedure assumes that you have activated "Internet sites" for the server in the server document.

Edit the internet site document that will use this certificate.

• Enter the name of the keyring file in the "Key file name" field under the "Security" pane.
• Add the fully qualified host name and the IP address to the field "Host names or addresses mapped to this site".
  Note that for SSL/HTTPS to work each site that use SSL/HTTP need to be assigned a unique IP address.

When done editing, restart the HTTP task using the following command:

restart task http

Test your implementation using your web browser (of course).

Good luck!

Installing MongoDB 3.2.x (or current MongoDB) on Ubuntu 15.04/15.10

Installing MongoDB on a Unbuntu 15.04/15.10 server should in theory be trivial enough. Unfortunately this turned out to not be the case...

MongoDB has created a "howto" (available here) for Ubuntu, but it won't work as it fails to set up a systemctl service unit. From the command below it is not possible to list the mongod.service unit. It is simply missing, thus it cannot be started...

inforte@mean01:/etc$ sudo systemctl list-units --type=service

UNIT                               LOAD   ACTIVE SUB     DESCRIPTION

lvm2-pvscan@8:17.service           loaded active exited  LVM2 PV scan on device 8:17

mongod.service                     loaded active running LSB: An object/document-oriented database

networking.service                 loaded active exited  LSB: Raise network interfaces.

The official statement from the folks at MongoDB is that they support Ubuntu LTS releases, which would leave me with MongoDB version 2.6.something.
Or I could wait for the next LTS, but sometimes 3 months just seem to be a very looong time...

After searching the net for a solution to this I came across this posting on Stack Overflow:

http://stackoverflow.com/questions/29879231/upgrade-to-ubuntu-15-04-from-14-10-breaks-mongo-how-to-fix

To bad the wrong answer is listed, cause the fix is really simple. Just follow the link on LukePolo's answer.

The trick is simply to install using the debian instruction.

Free Docker eBooks from "The New Stack"

If you're curious about Docker or containers and microservices in general, "The New Stack" is currently in the process of writing a series on ebooks on the subject.

2 of the books are already available and can be downloaded from here.

How to update node.js (at least on on a MacBook pro)

For some time ago I installed node.js on my MacBook Pro. Beeing a side-project I did not have enough time to play much with it...

Tonight I however found that it was time to take a look at the Polymer Starter Kit. The kit is enabled for use with Yeoman. Since Yeoman proudly states that they are "THE WEB'S SCAFFOLDING TOOL FOR MODERN WEBAPPS" it seemed like a good starting point.

Yeoman had to be installed, and Node Package Manager was the tool for the job. I quickly realized that I had to update npm:

$ sudo npm install -g npm

Then it was time to install Yeoman:

$ sudo npm install -g yo

Error messages (!?!?!?) rolled over my console...

After googling the error I found that my node.js install was way to old. Since I am using a regular .dmg install I could of course just download a newer installable from the node.js home page.

At the time however the following command seemed like a much nicer way to go:

$ sudo npm cache clean -f

npm WARN using --force I sure hope you know what you are doing.

$ sudo npm install -g n  

/usr/local/bin/n -> /usr/local/lib/node_modules/n/bin/n 

n@1.3.0 /usr/local/lib/node_modules/n

$ sudo n stable

After  installing node -v revealed that my node.js installation was updated to versjon 0.12.4.

Nice!!

XPages and SelectItem pecularities

I am always striving towards best practices when coding. This is not to say that I always know what is the best practice (often far from it) but when it comes to XPages I prefer Java over SSJS.

This struggle makes me often use a lot of extra (evening) time trying to find out how to do something the Java way. And this occasion was no exception.

Lately I have been working on an XPage which had a combobox for selecting between last year, current year or next year. All of course Integer values. Since hard coding values is not allowed (really, it isn't!) I had to generate values by code.

And here's the code:

package no.inforte.test;

import java.io.Serializable;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.List;
import javax.faces.model.SelectItem;

public class YearBean implements Serializable {

    private static final long serialVersionUID = 1L;

    public List<SelectItem> getYears() {
        int thisYear = Calendar.getInstance().get(Calendar.YEAR);

        List<SelectItem> selectItems = new ArrayList<SelectItem>();

        selectItems.add(new SelectItem(new Integer(thisYear - 1), new Integer(thisYear - 1).toString()));
        selectItems.add(new SelectItem(new Integer(thisYear), new Integer(thisYear).toString()));
        selectItems.add(new SelectItem(new Integer(thisYear + 1), new Integer(thisYear + 1).toString()));
        return selectItems;
    }
}

And an excerpt from my xpage showing how to access the values using Expression Language (EL):

    <xp:comboBox
        id="comboYear"
        value="#{yearBean.currentYear}"
        style="width:100%">
        <xp:selectItems>
            <xp:this.value><![CDATA[${javascript:yearBean.years}]]></xp:this.value>
        </xp:selectItems>
        <xp:this.converter>
            <xp:convertNumber
                type="number"
                integerOnly="true">
            </xp:convertNumber>
        </xp:this.converter>
    </xp:comboBox>

The page shows up perfectly and 2013, 2014 and 2015 are available for selection.

Pick one and submit: Boom! Error! (what the...)

How come I get "Validation Error: Value is not valid"?

I started digging for documentation on what kind of values the <xp:selectitems> expect.

The help file itself was of no use. It simply explains how to "pipe-separated" strings for values...

But:
OpenNTF has released a XPages Control Documentation as part of the XPages Extension Library.
There is also a Domino Designer javadoc describing all the classes backing XPages.

Trying to squeeze out what was the problem with my page from this information however did only partly succeed. Neither did a Google search...

Suddenly (and I don't know how) it came to me that perhaps the number converter <xp:NumberConverter> really expects something floating-point-ish...


I changed my code accordingly:

package no.inforte.test;

import java.io.Serializable;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.List;
import javax.faces.model.SelectItem;

public class YearBean implements Serializable {

    private static final long serialVersionUID = 1L;

    public List<SelectItem> getYears() {
        int thisYear = Calendar.getInstance().get(Calendar.YEAR);

        List<SelectItem> selectItems = new ArrayList<SelectItem>();

        selectItems.add(new SelectItem(new Double(thisYear - 1), new Integer(thisYear - 1).toString()));
        selectItems.add(new SelectItem(new Double(thisYear), new Integer(thisYear).toString()));
        selectItems.add(new SelectItem(new Double(thisYear + 1), new Integer(thisYear + 1).toString()));
        return selectItems;
    }
}

Note! The only change is that the SelectItem is now equipped with Double values.

And voila! Now it works without the validation error! :-)

My thoughts on IBM Connect 2014

IBM Connect 2014 is history. I am writing this on the flight back to Norway and everyday life.

This post is not about all the new stuff IBM presented for us. All of that is probably fully covered in numerous articles and blogs already. Rather I will try to describe my impressions and thoughts. 

The IBM message

During the conference it became very clear to me what IBM has tried to tell us all the past 4-5 years; "Jump on the Connections bandwagon or we will have to leave you behind!"

This would have sounded like craziness some years ago but now it makes perfect sense! Connections has become a fabulous piece of software and the Social Business Toolkit makes it easier to contribute to it than ever before, almost whatever platform you're contributing from.

My goals 

 

Inspiration

 IBM Connect is actually all about inspiration. Meeting other people sharing the same interests and passion as yourself creates loads of positive energy. Seeing all the cool stuff speakers are presenting makes you wanna go home and do the same.

 

Making community friends

To keep this inspiration I found I had to get to know some of you better. Not only as bloggers (or whatever you all are doing for the community) but as persons with a name and a face. I'm not saying I got to know you personally (Connect was to short for that) but going to the same sessions, smalltalk during breaks etc. felt rewarding and will help me keep that inspiration in the year to come.
For this I thank you all!

Certification

Since IBM just started using Pearson Vue as their certification partner all assessment and certification test were available free of charge during the conference. This is a great idea and something I hope IBM will continue to do going forward.
My last AD certification was 8, and thus I tried to pass the AD 9A and 9B tests. I failed at 9B, but at least it got me started...

Sessions  

 

Opening General Session

If I return next year I will probably stay in bed or do some shopping instead of attending the OGS. Russel Maher states in his blog about the subject "Now the entire OGS is just one long promotional video interrupted by an actual commercial?". And he is darn right!
Sad...

XPages sessions

As a Notes/Domino old-timer another objective for Connect was learning more about Xpages. Spending half of my time at work doing Domino administration hasn't actually made me an expert.
Thus I wanted to attend so many sessions about Xpages as possible, which I did.
And mostly they all were very good! The speakers were well prepared, provided extensive slide material making it easy to follow up on back home, good examples etc.
No wonder IBM calls you Champs! Well deserved! Kudos!

I mostly attended sessions in the AD track. What annoyed me was that several the intresting sessions was scheduled at the same time, thus making me choose. Other times I found that there in fact were no sessions I really felt like attend... I hope this was not intentional and that IBM will pay more attention to this next year.

OpenNTF BOF

OpenNTF held a birds-of-a-feather (BOF) where we got to discuss plans for 2014 with members of the board. Can't tell you much plans now as need some decicions first. But it looks promising and will be very interesting!
Another topic discussed was how we could persuade IBM to make a XWork (Domino) community server, free to use for non-commercial purposes. This would possibly attract more developers to the platform and give students a viable alternative to Glassfish, JBoss and all the other application servers out there. We all signed a piece of paper that was handed over to IBM during the "Meet the product managers" session.

 

Domino development BOF

Another favorite session of mine was the Domino Development (BOF205 hosted by Pete Janzen and Martin Donnelly) where the core developers for Domino, Designer and Xpages met hard core developers from the community. Demands from the community like "give us a Designer based on a newer version of Eclipse", "open source more parts of the Domino server", "modernize the java API" and "get rid of the java.policy" was debated. Really interesting!

Solutions Showcase

I didn't get to spend much time in the Solutions Showcase this year. I did go to the OpenNTF booth, however, where Nathan Freeman gave me a demonstration of the new wrapper for the Domino Java API project. I must say the work done in this project is simply awesome!

Except for this I actually were most impressed by the Whitsell Consulting booth. They told me they were a small company (10 employees) selling nothing but their consulting services. No products, just heads! Really cool!

Next year...

I hope IBM takes our evaluations (and conserns) into account when planning for Connect 2015. To much of this commerial and non-technical babble will eventually scare off us hard core developers and administrators. As my colleague Arnstein stated; "Next year I may consider Google IO instead..."