Linux

Adding an existing SSL certificate to an Alfresco install has been causing me issues for a while and after multiple attempts I have finally managed to find a simple solution.

First you need add 3 files to a working folder on your server.

server.key – The private key used for generating the certificate

server.crt – The certificate from your SSL provider (certificate authority)

server.ca.bundle – This is the root and intermediate certificate bundle available from your SSL provider (certificate authority). If the server.ca.bundle is not available as one file you should be able to get the root and intermediate(s) certificates separately and then you can concatenate them into one file (in the correct order).

First we use the openssl command to convert the above three files to a ‘PKCS12’  file.

openssl pkcs12 -export -in server.crt -inkey server.key -out server.p12 -name SERVER-FQDN -CAfile server.ca.bundle -caname root

Replace SERVER-FQDN with the certificate FQDN. You will be asked for a password when you run the command, use the same password as the existing Alfresco keystore.

Next we convert the ‘PKCS12’  file to a keystore that is the same format as Alfresco already uses.

keytool -importkeystore -deststorepass ALFRESCOKSPASS -destkeypass ALFRESCOKSPASS -destkeystore ssl.keystore  -deststoretype JCEKS -srckeystore server.p12 -srcstoretype PKCS12 -srcstorepass ALFRESCOKSPASS -alias SERVER-FQDN

If all has gone well with no errors you can copy the ssl.keystore file to your Alfresco keystore folder (backing up the original first). Restart the Alfresco service and confirm that the certificate is working in your browser.

Linux Software RAID Tips

After a sever build including a software raid setup let the RAID resync all the partions before continuing to configure or transfer large amounts of data to the server.

You can check the RAID status at any time with cat /proc/mdstat (centos).

Linux RAID resync speed is by default very slow at 1000KB/s, at this speed a modern 3Tb disk set takes approximately 10 days to finish. The rebuilt speed is defined in the config files :

/proc/sys/dev/raid/speed_limit_min
/proc/sys/dev/raid/speed_limit_max

As the names suggest speed_limit_min is a minimum goal speed by default 1000KB/s and speed_limit_max is a maximum goal speed my system has a default of 200000KB/s. To change the values in these files simply change the value in the files.

echo 50000 > /proc/sys/dev/raid/speed_limit_min
echo 100000 > /proc/sys/dev/raid/speed_limit_max

My system seemed to be able sustain a resync speed of around 100000KB/s so sensible values maybe  a speed_limit_min of 50000 and a speed_limit_max or 90000. If the minimum or maximum speed is set too high data transfer speed for other operations will be affected.

Once a week on Sunday at 1am my CentOS system is scheduled to resync the drives. Sometimes this is not a convenient time. To change the time edit the file /etc/crond.d/raid-check. To turn off the check completely.

This post will be updated regularly with helpful linux command line .

Running short of disk space?

Finding those large files tucked away in some dark corner of your machine is easy with this command.

cd /path/to/where/you/want
du -hsx * | sort -rh | head -10

• du command -h option : display sizes in human readable format (e.g., 1K, 234M, 2G).
• du command -s option : show only a total for each argument (summary).
• du command -x option : skip directories on different file systems.
• sort command -r option : reverse the result of comparisons.
• sort command -h option : compare human readable numbers. This is GNU sort specific option only.
• head command -10 OR -n 10 option : show the first 10 lines.

Finding a string in a file

Simple one this but I always seem to forget the switches

grep -H -r -i "redeem reward" /home/gerbil

• grep command -H option : do not print matching lines just file name
• grep command -r option : recursive
• grep command -i option : ignore case

Finding a string in a file with a specific extension

Grep specific file extensions for a string. The syntax for --exclude is identical.

grep pattern -r -i --include=\*.{cpp,h} rootdir

Stop crazy line overwriting when using putty terminal

shopt -s checkwinsize

This is my very first post, welcome to the techteam.us blog.

I specifically wanted to remove commented lines from a configuration file so I could see the wood for the trees. This is a useful little linux one liner will remove commented lines from a file with sed, in this case lines beginning with the ‘;’ character. Obviously the ; can be changed to any character you fancy.

sed -i ‘/^[;]/ d’ hamster.txt

As always backup the original file before trying this out.