JADDOG

Coldfusion was the first programming language that actually did something with. I haven’t been writing it too much latley (yay django) but I still have code written in coldfusion that is faithfully running. I love open source and saw a while back that railo was going open source and being shipped with jboss. Went to the Railo site recently and found that Railo 3.1 had in fact been released so I thought I’d give it a spin. Rail 3.1 is downloadable with a copy of resin. I’d not ever heard of resin, seems like a lighter-weight java app server kind like jboss. Hope that’s not too far off base from what it really is. So here’s my experience getting Railo 3.1 to run on CentOS 5.3.

When you first download you need to compile… Found a post that said to download the railo-resin-no-jre and get sun’s jre, of course after I tried it with the jre and couldn’t get mod_coucho to compile. So in the root of what I unpacked (this assumes that you’ve installed things to build with):

$ ./configure –with-java-home=/usr/java/jre1.6.0_15

Got a warning on java JNI not existing. Couldn’t figure it out quicly but I think this is just performance related. Skipping it for now as I don’t need the performance yet. After configuring I ran make and make install. Going to use apache, the main compile didn’t seem to compile the apache module so did that. (this is the piece that failed when I tried to use the included jre) Also copied it to apache’s modules dir.

$ cd modules/c/src/apache2/
$ make all
$ cp .libs/mod_caucho.so /etc/httpd/modules

Now configure apache to use railo. I use virtual hosts heavily so went ahead a configured a couple to test with.

/etc/httpd/conf.d/railo.conf

LoadModule caucho_module modules/mod_caucho.so
DirectoryIndex index.cfm index.php index.htm index.html index.html.var
ResinConfigServer localhost 6800
<VirtualHost *>
ServerName site1.local
</VirtualHost>
<VirtualHost *>
ServerName site2.local
</VirtualHost>
<Location /caucho-status>
SetHandler caucho-status
</Location>

The resin config file had defaults that would use virtual hosting if you just create the proper directory structure. This is done in the root of what was unpacked.

$ mkdir -p hosts/site1.local/webapps/ROOT
$ mkdir -p hosts/site2.local/webapps/ROOT

I also stuck an index.cfm file in each root directory for testing… just a cfoutput with #now()# in it and a site identifier. The hosts/${domainname}/webapps/ROOT structure I think is the standard directory resin expects to do the virtual hosting. Finally start resin.

$ bin/httpd.sh start

I’ve used all the defaults here. There’s some docs on the virtual hosting stuff here. My next step is to integrate it with my existing server setup to see if I can customize this to the point I’d consider replacing AdobeCF with RailoCF. I’ve already tested a simple app written in CF7 on it. No problems.

I’m writing a kerberos enabled tool at work. The primary interface is the web ui which we will forward our kerberos tickets to apache and use gssapi to authenticate. The secondary interface is a cli that we use to push data into the server. In interest of kinit letting us login though the web ui or the cli without having to type our password again I wanted the cli to also be able to pass the nessesary headers to apache for a password-less authentication. I’m not the most experienced programmer at kerb implementations so I figured I’d just figure it out and learn how to do it. I found there was a distinct lack of tutorials on how to implement a kerberos client. So here’s my experience.

Pre-established kerberos infrastructure would include you being able to kinit and have firefox login to a kerberos enabled website using your ticket. If you have a valid service principal and you have a valid ticket make sure that firefox knows the domain is trusted. Visit about:config and set network.negotiate-auth.trusted-uris to the trusted domain you’re logging into. Don’t use a widecard. So use example.com, not *.example.com. For example sake I’ll use HTTP/myhost.example.com and myuser@EXAMPLE.COM as my principals.

From here I would recommend using python-kerberos. I was browsing the code of another kerberos enabled cli app today. It implemented krbV and I think the server side also did. I also think this was a custom implementation that did not match gssapi’s implementation. From here the code is quite simple using python-kerberos, here’s a quick little example using httplib.

import kerberos
import httplib

# setup kerb
_ignore, ctx = authGSSClientInit(‘HTTP@myhost.example.com’, gssflags=GSS_C_DELEG_FLAG|GSS_C_MUTUAL_FLAG|GSS_C_SEQUENCE_FLAG)
_ignore = authGSSClientStep(ctx, ”)
tgt = authGSSClientResponse(ctx)

# setup http connection
servername, port = (‘myhost.exmple.com’, 443)
h = httplib.HTTPSConnection(servername, port)
h.connect()

# Setup Headers
http_conn.putrequest(“GET”, “/XMLRPC/”)
if tgt:
h.putheader(‘Authorization’, ‘Negotiate %s’ % tgt)
h.endheaders()

# Make http call
resp = http_conn.getresponse()
if resp.status != 200:
print “Error: %s” % str(resp.status)
return None

#Check for kerb header
krb_reply = resp.getheader(‘WWW-Authenticate’)
if not krb_reply:
print “Server did not send kerberos reply”
return None

# print html contents
print resp.read()

There’s all kinds of validation and such missing here. This just worked so I figured I post it for reference. The _ignore variables get populated with a 1 or a 0. You can read more about those in the python-kerberos docs. There is another example in the python-kerberos package that is more in depth on using these properly and validating other things. I think my biggest problem ended up being the choice of syntax and flags to pass to authGSSClientInit. My next issue is that I’d like to pump this through xmlrpclib instead of httplib. Though, I think that there are some better examples out there on how to add the header to xmlrpclib. Hope this simple snip helps someone with getting a proof of concept runnning.

Earlier this year my laptop battery died. I had to remove it from my laptop to get my laptop to even boot. Through quite a fiasco I hope the battery is on the way and I’ll have it soon. I’ve been without for over a month now. In the mean time my system clock needs updating every time I boot. I guess the laptop needs the battery to keep the system time accurate when the machine is not running. For a while my machine would boot with the date as Feb 06 2009 10pm. Today it seems that my clock boots to Feb 17 2009 10pm. When I forget to run ntpdate to update my system clock all my git commit timestamps are wrong.

Today is the second time I’ve have to fix my dates so I’m blogging this fix so it’s easier to find when/if I ever need it again:

git filter-branch --env-filter \
    'if [ $GIT_COMMIT = 119f9ecf58069b265ab22f1f97d2b648faf932e0 ]
     then
         export GIT_AUTHOR_DATE="Fri Jan 2 21:38:53 2009 -0800"
         export GIT_COMMITTER_DATE="Sat May 19 01:01:01 2007 -0700"
     fi'

http://stackoverflow.com/questions/454734/how-can-one-change-the-timestamp-of-an-old-commit-in-git

I just thrown the above command into a little bash script and called it fix. If you run this more than once you’ll get an error:

$ ./fix
Namespace refs/original/ not empty

To fix the broken “fix” script just rm -rf the directory it’s refering to:

$ rm -rf .git/refs/original/*
$ ./fix
Rewrite 6b37ac946f9b2af3a0e66657038a1c4cafaeab89 (63/63)
Ref ‘refs/heads/master’ was rewritten

As I’m writing this I’m told my manager has tried to ping me in irc to tell me my new battery is in. I didn’t get the message because my client has disconnected for some reason. Now I will have a new battery, hopefully no system time problem and a new irc problem. Such is life.

It’s been a great experience spending the past couple days with the Fedora community. Lots of leaning and meeting new people. We even got some snow while in Boston. I’m in the van on the way home, just another 8 hours or so to go… Here’s a photo I took on the way home from FUDPub last night. I have a good one on my camera still of snow covered Boston too. I’ll try and remeber to add that one to this post later.

I had fun the past couple days working with django-cms. During my time with the current release (svn r41) I noticed that django-cms 2.0 is planned. So I figured I’d try it out and document my experience. Maybe a couple tickets or bug requests will come of my little endeavor. I’m using Fedora 10, python 2.5.2 and Django 1.0. I’m following the instructions loosely at http://trac.django-cms.org/trac/wiki/GettingStarted and http://trac.django-cms.org/trac/wiki/ServingMediaFiles. Here’s the steps I got through tonight and the results I came up with.

I started with pulling down the code from the repo.

$ svn co http://svn.django-cms.org/branches/django-cms2

Got revision 177 today. Start a fresh django project. Change dir into the project folder and soft link in the cms and mptt directories from the svn checkout. Also make a media directory in the project directory and inside the media directory link the cms media so the admin can see it later.

$ django-admin.py startproject djangocms2
$ ln -s ../svn/django-cms2/cms/
$ ln -s ../svn/django-cms2/mptt/
$ ln -s ../cms/media/cms/

Here’s a diff of the changes I made to the default settings.py and url.py files. django-cms2.diffs

I also had to make one modification to the django-cms code to get the admin media working right for the page object. Diff for that is in that file too. Didn’t really spend the time to figure if the fix I made fits into the conventions django-cms is using, just got it working for now. So now go ahead and sync the db and run the dev server:

$ ./manage.py syncdb
$ ./manage.py runserver

Results:
As expected http://localhost:8000/ gave me an error. This is ok. I got this error in the current release too. Resolution in the current release was to go create a page. I first updated my site object in the django admin, this is important. Django-cms 2.0 seems to be dependent on the sites infrastructure. At http://127.0.0.1:8000/admin/sites/site/1/ I updated domain name to ‘localhost:8000′ and display name to ‘Localhost Test Server’

Next I tried to create a page. At http://127.0.0.1:8000/admin/cms/page/add/ I set the title to ‘Home’ and the slug populated automagically with ‘home’. Hit save and got a template error. Django-cms 2.0 doesn’t have a base template the same way the current version does. Create a templates directory in your project directory and copy the index.html template in the example site to this templates directory.

This seems like a good stopping point. Cms is configured and you can see a page by this point. I’ll be working with the cms to find what features are setup beyond this point and hope to make another post when I have more to share.

So I’ve been testing my wp plug-in for some time now. I don’t really expect that anyone is waiting on… but FWIW here’s an update.

I’ve got the code working correctly in a test copy of wp but not in my live copy of wp. So I’m going to pull down a copy of my live blog and dig deeper.

My move has put a damper on having time lately to mess with the plug-in. So if you are following the plug-in drop a comment. Otherwise I’ll assume this blog continues to be for my journaling pleasure and those that I tell to look at something in particular.