SlideShare uma empresa Scribd logo

Deployment of WebObjects applications on FreeBSD

W
WO Community

With the rise of cloud computing and the death of the Xserve, learn how you can deploy your WebObjects applications on a FreeBSD server.

Tecnologia
1 de 49
Baixar para ler offline
WO on FreeBSD Miguel Arroz Global Village Consulting, Inc. WOWODC 2011
WO on FreeBSD
FreeBSD overview • UNIX System • BSD License (of course!) • Supports x86, amd64, pc98 as Tier 1 • Distributed and installed via FTP, HTTP, CD/DVD, etc.
FreeBSD overview • Integration and consistency • The same team handles the Kernel and user-land tools • Release engineering team
Installation • Pseudo-graphical installation • Very fast, low footprint • Installs only the essential, the rest is up to you
Networking • Everything you would expect from an UNIX system • Reference (KAME) IPv6 implementation
Documentation • FreeBSD Handbook (free, on freebsd.org) • Mail-lists
Security • Most software installs with safe default configuration • Installing a port prints a message with security information if appropriate • Easy to configure daily scan for security advisors on OS and installed ports • http://security.freebsd.org/
Security The following files will be updated as part of updating to 7.1-RELEASE-p16: /usr/lib/libssl.a /usr/lib/libssl.so.5 /usr/lib/libssl_p.a /usr/src/crypto/openssl/ssl/s3_clnt.c /usr/src/sys/conf/newvers.sh WARNING: FreeBSD 7.1-RELEASE-p15 HAS PASSED ITS END-OF-LIFE DATE. Any security issues discovered after Tue Feb  1 00:00:00 WET 2011 will not have been corrected.
FreeBSD versions • Major versions • May break binary and source compatibility. • Used to introduce new features, deprecate or remove unused stuff.
FreeBSD versions • Minor versions: • Maintain binary and source compatibility (main goal) • Bug fixes, mostly • New features (usually, small ones) if baked enough
FreeBSD versions • Security advisors and erratas: • Released for all the currently supported versions • Very easy to install, specially if you use GENERIC kernel • Fix security vulnerabilities and show-stopper bugs • Don’t break binary or source compatibility • Never introduce new features • Kernel and OS source is updated too if installed
Release cycles • Security advisors and erratas are only made available for currently supported FreeBSD releases • The life-time of each release depends on a few factors
Minor versions .0 .1 .2 .3 .4 Major versions 8 8.0 8.1 8.2 7 7.0 7.1 7.2 7.3 7.4 6 6.0 6.1 6.2 6.3 …
Minor versions .0 .1 .2 .3 .4 Major versions 8 8.0 8.1-P1 8.2-P1 8.1 8.1-P2 8.2 7 7.0 7.1 7.2 7.3-P1 7.4-P2 7.3 7.3-P2 7.4-P1 7.4 7.3-P3 6 6.0 6.1 6.2 6.3 …
Minor versions New security advisor New minor version .0 .1 .2 .3 .4 New security advisor Major versions 8 8.0 8.3 8.1 8.2-P1 8.3-P1 8.2 8.1-P1 8.2-P2 8.1-P2 8.2-P3 8.1-P3 8.1-P4 7 7.0 7.1 7.2 7.3 7.4-P1 7.4 7.3-P1 7.4-P2 7.3-P2 7.4-P3 7.3-P3 7.4-P4 7.3-P4 7.3-P5 6 6.0 6.1 6.2 6.3 …
Updating • If using GENERIC kernel, errata or security advisor is trivial: • freebsd-update fetch • freebsd-update install • reboot • If stuff happens: • freebsd-update rollback
Updating • Put this on cron to be warned when there’s a patch to install: • @daily root freebsd-update cron • Minor and major version updates can be done remotely, but are more complex • Check FreeBSD Handbook (24.2 - FreeBSD Update) • May need to recompile installed software • May need console access
Installing software • Packages • Ports • Traditional UNIX way (configure, make, make install)
Packages • Binary distributions • Usually smaller than source archives • No compilation required • Much faster, specially when there are many dependencies • pkg_add -r <package>
Ports • Packages are compiled with conservative options (must run on all hardware). Ports can be tuned. • Ports allow compile-time options configuration. • Some software licenses force source-only distribution. • May apply local patches. • The source is with you.
Port Tree • The port tree stays in /usr/ports • Installation using portsnap: • portsnap fetch • portsnap extract • Updating: • portsnap fetch • portsnap update
Installing a Port • Browser for ports: http://www.freebsd.org/ports/ • Install port (typical): • cd /usr/ports/<path to port> • make install clean • make config to see configuration menu
Updating ports • The easiest way to upgrade a port and it’s dependencies is using one of these utilities: • portupgrade • portmanager • portmaster • See Handbook (4.5.4 - Upgrading Ports)
Port security scan • Install ports-mgmt/portaudit • After installing, FreeBSD makes daily security scans on installed ports and notifies you of any released security advisors.
Checking for a current audit database: Database created: Wed Apr 21 03:10:01 WEST 2010 Checking for packages with security vulnerabilities: Affected package: sudo-1.7.2.5 Type of problem: sudo -- Privilege escalation with sudoedit. Reference: <http://portaudit.FreeBSD.org/1a9f678d-48ca-11df-85f8-000c29a67389.html> Affected package: gtar-1.22 Type of problem: gtar -- buffer overflow in rmt client. Reference: <http://portaudit.FreeBSD.org/c175d72f-3773-11df-8bb8-0211d880e350.html> 2 problem(s) in your installed packages found. You are advised to update or deinstall the affected package(s) immediately.
Jails • OS-level virtualization system • More isolation than chroot, less isolation than VM • Jail has its own kernel structures, binded IPs and superuser • Can be used to test software or isolate deployed services • Can’t use a different kernel • No live-migration
BSD Hypervisor • http://wiki.freebsd.org/201105DevSummit? action=AttachFile&do=get&target=BHyVe.pdf
Status !  Guest –  FreeBSD/amd64 releases 7.2 and 8.1 –  SMP - up to 8 virtual cpus –  I/O - virtio or pci passthru –  Minor kernel patches required !  Host –  FreeBSD/amd64 release 8.1 –  Unmodified GENERIC kernel !  Hardware –  Requires hardware virtualization assist with Nested Page Tables –  Intel VT-x is supported –  AMD-V support in progress 3
Init scripts • Shares a lot with Mac OS X startup items • /etc/rc.conf - switches and configurations • /etc/rc.d/<servicename> <action> • /etc/rc.d/sshd restart • /usr/local/etc/rc.d/<servicename> <action> • Scripts can specify provided and required services
hostname="andromeda.example.com" defaultrouter="XXX.XXX.XXX.XXX" ifconfig_em0="inet X.X.X.X netmask X.X.X.X" ifconfig_em0_alias0="inet X.X.X.X netmask 255.255.255.255" ifconfig_em1="inet X.X.X.X netmask X.X.X.X" ifconfig_em1_alias0="inet X.X.X.X netmask 255.255.255.0" static_routes="service multicast" route_service="-net X.X.X.X/8 X.X.X.X" route_multicast="-net X.X.X.X X.X.X.X" sshd_enable="YES" ntpdate_enable="YES" ntpdate_flags="time.service.example.com" syslogd_enable="YES" syslogd_flags="-ss" ntpd_enable="NO"
WO on FreeBSD
Kernel Tuning • File /etc/sysctl.conf: # Increase the number of maximum open file descriptors kern.maxfiles=65535 # Enough space to cache the full java launch command line, # so that we can see it in "ps" output instead of [java] kern.ps_arg_cache_limit=1024 # Limits the number of logging lines per logging rule net.inet.ip.fw.verbose_limit=5
Java • Diablo distribution (Sun JVM) • Port java/diablo-jdk16 • Installation may include time-zone updaters and JCE Policy files • All files must be downloaded manually due to licensing • The port will guide you
Apache • Port www/apache22
WebObjects • Two ways to install the WO frameworks on FreeBSD: • Using the WOPort • Manually • http://wiki.objectstyle.org/confluence/display/WO/Deploying +on+FreeBSD+8.2+and+WebObjects+5.4.3
Dual-network configurations
DB Server DB Server DNS WWW Server Updates Private Public WWW Server The Internets! App Server WWW Server App Server App Server App Server
Why? • Security • Data between wotaskd and other components • Data (RR) between adaptors and apps • Broadcasted and other custom data between apps • Hide database and other services from the public network • Save public IPs
Why? • Ideally, you should only expose ports 80 and 443
Network configuration • em0 with private IP • em1 with public IP • Add as much services as you can to private network
Software configuration • On file /usr/local/etc/rc.d/wotaskd: • command_args="${log_args} -WOHost 10.1.2.3" • On JavaMonitor: • Add hosts using their private IPs • Add -WOHost argument with private IP to apps
WOHostUtilities • WO Apps need to make sure requests for stats, shutdown, refuse new sessions, etc, are legit • Those requests must not came from web server, and their source must be localhost. • Problem is… private IPs are not considered localhost IPs by Java.
WOHostUtilities • Use Wonder, set er.extensions.WOHostUtilities.localhostips er.extensions.WOHostUtilities.localhostips=(10.1.2.1,10.1.2.2,10.1.2.3)
SoftLayer • Dual network configuration by default • VPN access to the private network • Free IPv6 for every server • Amazing support staff
One small detail… • FreeBSD + Adaptec 5405 RAID card = pain • Must use firmware 17574 or newer. • SoftLayer use this cards, request updated firmware or older card.
MONTREAL 1/3 JULY 2011 Q&A

Recomendados

Apache Cayenne for WO Devs
Apache Cayenne for WO DevsApache Cayenne for WO Devs
Apache Cayenne for WO DevsWO Community
 
Practical ERSync
Practical ERSyncPractical ERSync
Practical ERSyncWO Community
 
COScheduler
COSchedulerCOScheduler
COSchedulerWO Community
 
Batching and Java EE (jdk.io)
Batching and Java EE (jdk.io)Batching and Java EE (jdk.io)
Batching and Java EE (jdk.io)Ryan Cuprak
 
Node.js Development with Apache NetBeans
Node.js Development with Apache NetBeansNode.js Development with Apache NetBeans
Node.js Development with Apache NetBeansRyan Cuprak
 
Don't Wait! Develop Responsive Applications with Java EE7 Instead
Don't Wait! Develop Responsive Applications with Java EE7 InsteadDon't Wait! Develop Responsive Applications with Java EE7 Instead
Don't Wait! Develop Responsive Applications with Java EE7 InsteadWASdev Community
 
Preparing for java 9 modules upload
Preparing for java 9 modules uploadPreparing for java 9 modules upload
Preparing for java 9 modules uploadRyan Cuprak
 
Faster Java EE Builds with Gradle
Faster Java EE Builds with GradleFaster Java EE Builds with Gradle
Faster Java EE Builds with GradleRyan Cuprak
 

Recomendados

Apache Cayenne for WO Devs
Apache Cayenne for WO DevsApache Cayenne for WO Devs
Apache Cayenne for WO DevsWO Community
 
Practical ERSync
Practical ERSyncPractical ERSync
Practical ERSyncWO Community
 
COScheduler
COSchedulerCOScheduler
COSchedulerWO Community
 
Batching and Java EE (jdk.io)
Batching and Java EE (jdk.io)Batching and Java EE (jdk.io)
Batching and Java EE (jdk.io)Ryan Cuprak
 
Node.js Development with Apache NetBeans
Node.js Development with Apache NetBeansNode.js Development with Apache NetBeans
Node.js Development with Apache NetBeansRyan Cuprak
 
Don't Wait! Develop Responsive Applications with Java EE7 Instead
Don't Wait! Develop Responsive Applications with Java EE7 InsteadDon't Wait! Develop Responsive Applications with Java EE7 Instead
Don't Wait! Develop Responsive Applications with Java EE7 InsteadWASdev Community
 
Preparing for java 9 modules upload
Preparing for java 9 modules uploadPreparing for java 9 modules upload
Preparing for java 9 modules uploadRyan Cuprak
 
Faster Java EE Builds with Gradle
Faster Java EE Builds with GradleFaster Java EE Builds with Gradle
Faster Java EE Builds with GradleRyan Cuprak
 
12 Things About WebLogic 12.1.3 #oow2014 #otnla15
12 Things About WebLogic 12.1.3 #oow2014 #otnla1512 Things About WebLogic 12.1.3 #oow2014 #otnla15
12 Things About WebLogic 12.1.3 #oow2014 #otnla15Frank Munz
 
Java EE 8
Java EE 8Java EE 8
Java EE 8Ryan Cuprak
 
Java EE 8 Update
Java EE 8 UpdateJava EE 8 Update
Java EE 8 UpdateRyan Cuprak
 
Faster Java EE Builds with Gradle
Faster Java EE Builds with GradleFaster Java EE Builds with Gradle
Faster Java EE Builds with GradleRyan Cuprak
 
Gradle - Build System
Gradle - Build SystemGradle - Build System
Gradle - Build SystemJeevesh Pandey
 
Play Framework and Activator
Play Framework and ActivatorPlay Framework and Activator
Play Framework and ActivatorKevin Webber
 
Boost Development With Java EE7 On EAP7 (Demitris Andreadis)
Boost Development With Java EE7 On EAP7 (Demitris Andreadis)Boost Development With Java EE7 On EAP7 (Demitris Andreadis)
Boost Development With Java EE7 On EAP7 (Demitris Andreadis)Red Hat Developers
 
Scala play-framework
Scala play-frameworkScala play-framework
Scala play-frameworkAbdhesh Kumar
 
Developing Java EE Applications on IntelliJ IDEA with Oracle WebLogic 12c
Developing Java EE Applications on IntelliJ IDEA with Oracle WebLogic 12cDeveloping Java EE Applications on IntelliJ IDEA with Oracle WebLogic 12c
Developing Java EE Applications on IntelliJ IDEA with Oracle WebLogic 12cBruno Borges
 
JavaCro'14 - Scala and Java EE 7 Development Experiences – Peter Pilgrim
JavaCro'14 - Scala and Java EE 7 Development Experiences – Peter PilgrimJavaCro'14 - Scala and Java EE 7 Development Experiences – Peter Pilgrim
JavaCro'14 - Scala and Java EE 7 Development Experiences – Peter PilgrimHUJAK - Hrvatska udruga Java korisnika / Croatian Java User Association
 
WebLogic on ODA - Oracle Open World 2013
WebLogic on ODA - Oracle Open World 2013WebLogic on ODA - Oracle Open World 2013
WebLogic on ODA - Oracle Open World 2013Michel Schildmeijer
 
AAI 2236-Using the New Java Concurrency Utilities with IBM WebSphere
AAI 2236-Using the New Java Concurrency Utilities with IBM WebSphereAAI 2236-Using the New Java Concurrency Utilities with IBM WebSphere
AAI 2236-Using the New Java Concurrency Utilities with IBM WebSphereKevin Sutter
 
the Spring 4 update
the Spring 4 updatethe Spring 4 update
the Spring 4 updateJoshua Long
 
WebLogic authentication debugging
WebLogic authentication debuggingWebLogic authentication debugging
WebLogic authentication debuggingMaarten Smeets
 
Oracle WebLogic 12c New Multitenancy features
Oracle WebLogic 12c New Multitenancy featuresOracle WebLogic 12c New Multitenancy features
Oracle WebLogic 12c New Multitenancy featuresMichel Schildmeijer
 
Gwt and rpc use 2007 1
Gwt and rpc use 2007 1Gwt and rpc use 2007 1
Gwt and rpc use 2007 1Sam Muhanguzi
 
Play framework
Play frameworkPlay framework
Play frameworkAndrew Skiba
 
20151010 my sq-landjavav2a
20151010 my sq-landjavav2a20151010 my sq-landjavav2a
20151010 my sq-landjavav2aIvan Ma
 
Spring 4 on Java 8 by Juergen Hoeller
Spring 4 on Java 8 by Juergen HoellerSpring 4 on Java 8 by Juergen Hoeller
Spring 4 on Java 8 by Juergen HoellerZeroTurnaround
 
Spring boot Introduction
Spring boot IntroductionSpring boot Introduction
Spring boot IntroductionJeevesh Pandey
 
Intro to Kernel Debugging - Just make the crashing stop!
Intro to Kernel Debugging - Just make the crashing stop!Intro to Kernel Debugging - Just make the crashing stop!
Intro to Kernel Debugging - Just make the crashing stop!All Things Open
 
Enterprise manager cloud control 12c(12.1) &agent安装图文指南
Enterprise manager cloud control 12c(12.1) &agent安装图文指南Enterprise manager cloud control 12c(12.1) &agent安装图文指南
Enterprise manager cloud control 12c(12.1) &agent安装图文指南maclean liu
 

Mais conteúdo relacionado

Mais procurados

12 Things About WebLogic 12.1.3 #oow2014 #otnla15
12 Things About WebLogic 12.1.3 #oow2014 #otnla1512 Things About WebLogic 12.1.3 #oow2014 #otnla15
12 Things About WebLogic 12.1.3 #oow2014 #otnla15Frank Munz
 
Java EE 8 Update
Java EE 8 UpdateJava EE 8 Update
Java EE 8 UpdateRyan Cuprak
 
Faster Java EE Builds with Gradle
Faster Java EE Builds with GradleFaster Java EE Builds with Gradle
Faster Java EE Builds with GradleRyan Cuprak
 
Play Framework and Activator
Play Framework and ActivatorPlay Framework and Activator
Play Framework and ActivatorKevin Webber
 
Boost Development With Java EE7 On EAP7 (Demitris Andreadis)
Boost Development With Java EE7 On EAP7 (Demitris Andreadis)Boost Development With Java EE7 On EAP7 (Demitris Andreadis)
Boost Development With Java EE7 On EAP7 (Demitris Andreadis)Red Hat Developers
 
Scala play-framework
Scala play-frameworkScala play-framework
Scala play-frameworkAbdhesh Kumar
 
Developing Java EE Applications on IntelliJ IDEA with Oracle WebLogic 12c
Developing Java EE Applications on IntelliJ IDEA with Oracle WebLogic 12cDeveloping Java EE Applications on IntelliJ IDEA with Oracle WebLogic 12c
Developing Java EE Applications on IntelliJ IDEA with Oracle WebLogic 12cBruno Borges
 
WebLogic on ODA - Oracle Open World 2013
WebLogic on ODA - Oracle Open World 2013WebLogic on ODA - Oracle Open World 2013
WebLogic on ODA - Oracle Open World 2013Michel Schildmeijer
 
AAI 2236-Using the New Java Concurrency Utilities with IBM WebSphere
AAI 2236-Using the New Java Concurrency Utilities with IBM WebSphereAAI 2236-Using the New Java Concurrency Utilities with IBM WebSphere
AAI 2236-Using the New Java Concurrency Utilities with IBM WebSphereKevin Sutter
 
the Spring 4 update
the Spring 4 updatethe Spring 4 update
the Spring 4 updateJoshua Long
 
WebLogic authentication debugging
WebLogic authentication debuggingWebLogic authentication debugging
WebLogic authentication debuggingMaarten Smeets
 
Oracle WebLogic 12c New Multitenancy features
Oracle WebLogic 12c New Multitenancy featuresOracle WebLogic 12c New Multitenancy features
Oracle WebLogic 12c New Multitenancy featuresMichel Schildmeijer
 
Gwt and rpc use 2007 1
Gwt and rpc use 2007 1Gwt and rpc use 2007 1
Gwt and rpc use 2007 1Sam Muhanguzi
 
20151010 my sq-landjavav2a
20151010 my sq-landjavav2a20151010 my sq-landjavav2a
20151010 my sq-landjavav2aIvan Ma
 
Spring 4 on Java 8 by Juergen Hoeller
Spring 4 on Java 8 by Juergen HoellerSpring 4 on Java 8 by Juergen Hoeller
Spring 4 on Java 8 by Juergen HoellerZeroTurnaround
 
Spring boot Introduction
Spring boot IntroductionSpring boot Introduction
Spring boot IntroductionJeevesh Pandey
 

Mais procurados (20)

12 Things About WebLogic 12.1.3 #oow2014 #otnla15
12 Things About WebLogic 12.1.3 #oow2014 #otnla1512 Things About WebLogic 12.1.3 #oow2014 #otnla15
12 Things About WebLogic 12.1.3 #oow2014 #otnla15
 
Java EE 8
Java EE 8Java EE 8
Java EE 8
 
Java EE 8 Update
Java EE 8 UpdateJava EE 8 Update
Java EE 8 Update
 
Faster Java EE Builds with Gradle
Faster Java EE Builds with GradleFaster Java EE Builds with Gradle
Faster Java EE Builds with Gradle
 
Gradle - Build System
Gradle - Build SystemGradle - Build System
Gradle - Build System
 
Play Framework and Activator
Play Framework and ActivatorPlay Framework and Activator
Play Framework and Activator
 
Boost Development With Java EE7 On EAP7 (Demitris Andreadis)
Boost Development With Java EE7 On EAP7 (Demitris Andreadis)Boost Development With Java EE7 On EAP7 (Demitris Andreadis)
Boost Development With Java EE7 On EAP7 (Demitris Andreadis)
 
Scala play-framework
Scala play-frameworkScala play-framework
Scala play-framework
 
Developing Java EE Applications on IntelliJ IDEA with Oracle WebLogic 12c
Developing Java EE Applications on IntelliJ IDEA with Oracle WebLogic 12cDeveloping Java EE Applications on IntelliJ IDEA with Oracle WebLogic 12c
Developing Java EE Applications on IntelliJ IDEA with Oracle WebLogic 12c
 
JavaCro'14 - Scala and Java EE 7 Development Experiences – Peter Pilgrim
JavaCro'14 - Scala and Java EE 7 Development Experiences – Peter PilgrimJavaCro'14 - Scala and Java EE 7 Development Experiences – Peter Pilgrim
JavaCro'14 - Scala and Java EE 7 Development Experiences – Peter Pilgrim
 
WebLogic on ODA - Oracle Open World 2013
WebLogic on ODA - Oracle Open World 2013WebLogic on ODA - Oracle Open World 2013
WebLogic on ODA - Oracle Open World 2013
 
AAI 2236-Using the New Java Concurrency Utilities with IBM WebSphere
AAI 2236-Using the New Java Concurrency Utilities with IBM WebSphereAAI 2236-Using the New Java Concurrency Utilities with IBM WebSphere
AAI 2236-Using the New Java Concurrency Utilities with IBM WebSphere
 
the Spring 4 update
the Spring 4 updatethe Spring 4 update
the Spring 4 update
 
WebLogic authentication debugging
WebLogic authentication debuggingWebLogic authentication debugging
WebLogic authentication debugging
 
Oracle WebLogic 12c New Multitenancy features
Oracle WebLogic 12c New Multitenancy featuresOracle WebLogic 12c New Multitenancy features
Oracle WebLogic 12c New Multitenancy features
 
Gwt and rpc use 2007 1
Gwt and rpc use 2007 1Gwt and rpc use 2007 1
Gwt and rpc use 2007 1
 
Play framework
Play frameworkPlay framework
Play framework
 
20151010 my sq-landjavav2a
20151010 my sq-landjavav2a20151010 my sq-landjavav2a
20151010 my sq-landjavav2a
 
Spring 4 on Java 8 by Juergen Hoeller
Spring 4 on Java 8 by Juergen HoellerSpring 4 on Java 8 by Juergen Hoeller
Spring 4 on Java 8 by Juergen Hoeller
 
Spring boot Introduction
Spring boot IntroductionSpring boot Introduction
Spring boot Introduction
 

Semelhante a Deployment of WebObjects applications on FreeBSD

Intro to Kernel Debugging - Just make the crashing stop!
Intro to Kernel Debugging - Just make the crashing stop!Intro to Kernel Debugging - Just make the crashing stop!
Intro to Kernel Debugging - Just make the crashing stop!All Things Open
 
Enterprise manager cloud control 12c(12.1) &agent安装图文指南
Enterprise manager cloud control 12c(12.1) &agent安装图文指南Enterprise manager cloud control 12c(12.1) &agent安装图文指南
Enterprise manager cloud control 12c(12.1) &agent安装图文指南maclean liu
 
Continuous Security: From tins to containers - now what!
Continuous Security: From tins to containers - now what!Continuous Security: From tins to containers - now what!
Continuous Security: From tins to containers - now what!Michael Man
 
Running CentOS on the Facebook fleet
Running CentOS on the Facebook fleetRunning CentOS on the Facebook fleet
Running CentOS on the Facebook fleetDavide Cavalca
 
WSO2Con USA 2015: Revolutionizing WSO2 PaaS with Kubernetes & App Factory
WSO2Con USA 2015: Revolutionizing WSO2 PaaS with Kubernetes & App FactoryWSO2Con USA 2015: Revolutionizing WSO2 PaaS with Kubernetes & App Factory
WSO2Con USA 2015: Revolutionizing WSO2 PaaS with Kubernetes & App FactoryWSO2
 
2022-05-03 SoC Interest Group Meeting - Deploying and testing firmware-softwa...
2022-05-03 SoC Interest Group Meeting - Deploying and testing firmware-softwa...2022-05-03 SoC Interest Group Meeting - Deploying and testing firmware-softwa...
2022-05-03 SoC Interest Group Meeting - Deploying and testing firmware-softwa...xiso
 
Medooze MCU Video Multiconference Server Installation and configuration guide...
Medooze MCU Video Multiconference Server Installation and configuration guide...Medooze MCU Video Multiconference Server Installation and configuration guide...
Medooze MCU Video Multiconference Server Installation and configuration guide...sreeharsha43
 
This one goes to 11!
This one goes to 11!This one goes to 11!
This one goes to 11!APNIC
 
Revolutionizing WSO2 PaaS with Kubernetes & App Factory
Revolutionizing WSO2 PaaS with Kubernetes & App FactoryRevolutionizing WSO2 PaaS with Kubernetes & App Factory
Revolutionizing WSO2 PaaS with Kubernetes & App FactoryImesh Gunaratne
 
Habitat talk at CodeMonsters Sofia, Bulgaria Nov 27 2018
Habitat talk at CodeMonsters Sofia, Bulgaria Nov 27 2018Habitat talk at CodeMonsters Sofia, Bulgaria Nov 27 2018
Habitat talk at CodeMonsters Sofia, Bulgaria Nov 27 2018Mandi Walls
 
Instalando Cacti no CentOS 5
Instalando Cacti no CentOS 5Instalando Cacti no CentOS 5
Instalando Cacti no CentOS 5Carlos Eduardo
 
Open source Android 10 on Orange Pi: Meth or Reality?
Open source Android 10 on Orange Pi: Meth or Reality?Open source Android 10 on Orange Pi: Meth or Reality?
Open source Android 10 on Orange Pi: Meth or Reality?GlobalLogic Ukraine
 
Using and Customizing the Android Framework / part 4 of Embedded Android Work...
Using and Customizing the Android Framework / part 4 of Embedded Android Work...Using and Customizing the Android Framework / part 4 of Embedded Android Work...
Using and Customizing the Android Framework / part 4 of Embedded Android Work...Opersys inc.
 

Semelhante a Deployment of WebObjects applications on FreeBSD (20)

Intro to Kernel Debugging - Just make the crashing stop!
Intro to Kernel Debugging - Just make the crashing stop!Intro to Kernel Debugging - Just make the crashing stop!
Intro to Kernel Debugging - Just make the crashing stop!
 
Enterprise manager cloud control 12c(12.1) &agent安装图文指南
Enterprise manager cloud control 12c(12.1) &agent安装图文指南Enterprise manager cloud control 12c(12.1) &agent安装图文指南
Enterprise manager cloud control 12c(12.1) &agent安装图文指南
 
Continuous Security: From tins to containers - now what!
Continuous Security: From tins to containers - now what!Continuous Security: From tins to containers - now what!
Continuous Security: From tins to containers - now what!
 
Running CentOS on the Facebook fleet
Running CentOS on the Facebook fleetRunning CentOS on the Facebook fleet
Running CentOS on the Facebook fleet
 
Security Onion
Security OnionSecurity Onion
Security Onion
 
WSO2Con USA 2015: Revolutionizing WSO2 PaaS with Kubernetes & App Factory
WSO2Con USA 2015: Revolutionizing WSO2 PaaS with Kubernetes & App FactoryWSO2Con USA 2015: Revolutionizing WSO2 PaaS with Kubernetes & App Factory
WSO2Con USA 2015: Revolutionizing WSO2 PaaS with Kubernetes & App Factory
 
2022-05-03 SoC Interest Group Meeting - Deploying and testing firmware-softwa...
2022-05-03 SoC Interest Group Meeting - Deploying and testing firmware-softwa...2022-05-03 SoC Interest Group Meeting - Deploying and testing firmware-softwa...
2022-05-03 SoC Interest Group Meeting - Deploying and testing firmware-softwa...
 
Medooze MCU Video Multiconference Server Installation and configuration guide...
Medooze MCU Video Multiconference Server Installation and configuration guide...Medooze MCU Video Multiconference Server Installation and configuration guide...
Medooze MCU Video Multiconference Server Installation and configuration guide...
 
This one goes to 11!
This one goes to 11!This one goes to 11!
This one goes to 11!
 
Revolutionizing WSO2 PaaS with Kubernetes & App Factory
Revolutionizing WSO2 PaaS with Kubernetes & App FactoryRevolutionizing WSO2 PaaS with Kubernetes & App Factory
Revolutionizing WSO2 PaaS with Kubernetes & App Factory
 
Habitat talk at CodeMonsters Sofia, Bulgaria Nov 27 2018
Habitat talk at CodeMonsters Sofia, Bulgaria Nov 27 2018Habitat talk at CodeMonsters Sofia, Bulgaria Nov 27 2018
Habitat talk at CodeMonsters Sofia, Bulgaria Nov 27 2018
 
Instalando Cacti no CentOS 5
Instalando Cacti no CentOS 5Instalando Cacti no CentOS 5
Instalando Cacti no CentOS 5
 
Open source Android 10 on Orange Pi: Meth or Reality?
Open source Android 10 on Orange Pi: Meth or Reality?Open source Android 10 on Orange Pi: Meth or Reality?
Open source Android 10 on Orange Pi: Meth or Reality?
 
FreeBSD is not Linux
FreeBSD is not LinuxFreeBSD is not Linux
FreeBSD is not Linux
 
Introduction to Docker
Introduction to DockerIntroduction to Docker
Introduction to Docker
 
#WeSpeakLinux Session
#WeSpeakLinux Session#WeSpeakLinux Session
#WeSpeakLinux Session
 
Freeradius edir
Freeradius edirFreeradius edir
Freeradius edir
 
GlassFish v3 Update Center
GlassFish v3 Update CenterGlassFish v3 Update Center
GlassFish v3 Update Center
 
OTRS
OTRSOTRS
OTRS
 
Using and Customizing the Android Framework / part 4 of Embedded Android Work...
Using and Customizing the Android Framework / part 4 of Embedded Android Work...Using and Customizing the Android Framework / part 4 of Embedded Android Work...
Using and Customizing the Android Framework / part 4 of Embedded Android Work...
 

Mais de WO Community

In memory OLAP engine
In memory OLAP engineIn memory OLAP engine
In memory OLAP engineWO Community
 
Using Nagios to monitor your WO systems
Using Nagios to monitor your WO systemsUsing Nagios to monitor your WO systems
Using Nagios to monitor your WO systemsWO Community
 
Build and deployment
Build and deploymentBuild and deployment
Build and deploymentWO Community
 
Reenabling SOAP using ERJaxWS
Reenabling SOAP using ERJaxWSReenabling SOAP using ERJaxWS
Reenabling SOAP using ERJaxWSWO Community
 
Chaining the Beast - Testing Wonder Applications in the Real World
Chaining the Beast - Testing Wonder Applications in the Real WorldChaining the Beast - Testing Wonder Applications in the Real World
Chaining the Beast - Testing Wonder Applications in the Real WorldWO Community
 
D2W Stateful Controllers
D2W Stateful ControllersD2W Stateful Controllers
D2W Stateful ControllersWO Community
 
Deploying WO on Windows
Deploying WO on WindowsDeploying WO on Windows
Deploying WO on WindowsWO Community
 
Unit Testing with WOUnit
Unit Testing with WOUnitUnit Testing with WOUnit
Unit Testing with WOUnitWO Community
 
Advanced Apache Cayenne
Advanced Apache CayenneAdvanced Apache Cayenne
Advanced Apache CayenneWO Community
 
Migrating existing Projects to Wonder
Migrating existing Projects to WonderMigrating existing Projects to Wonder
Migrating existing Projects to WonderWO Community
 
iOS for ERREST - alternative version
iOS for ERREST - alternative versioniOS for ERREST - alternative version
iOS for ERREST - alternative versionWO Community
 
"Framework Principal" pattern
"Framework Principal" pattern"Framework Principal" pattern
"Framework Principal" patternWO Community
 
Filtering data with D2W
Filtering data with D2W Filtering data with D2W
Filtering data with D2W WO Community
 
Localizing your apps for multibyte languages
Localizing your apps for multibyte languagesLocalizing your apps for multibyte languages
Localizing your apps for multibyte languagesWO Community
 

Mais de WO Community (20)

KAAccessControl
KAAccessControlKAAccessControl
KAAccessControl
 
In memory OLAP engine
In memory OLAP engineIn memory OLAP engine
In memory OLAP engine
 
Using Nagios to monitor your WO systems
Using Nagios to monitor your WO systemsUsing Nagios to monitor your WO systems
Using Nagios to monitor your WO systems
 
Build and deployment
Build and deploymentBuild and deployment
Build and deployment
 
High availability
High availabilityHigh availability
High availability
 
Reenabling SOAP using ERJaxWS
Reenabling SOAP using ERJaxWSReenabling SOAP using ERJaxWS
Reenabling SOAP using ERJaxWS
 
Chaining the Beast - Testing Wonder Applications in the Real World
Chaining the Beast - Testing Wonder Applications in the Real WorldChaining the Beast - Testing Wonder Applications in the Real World
Chaining the Beast - Testing Wonder Applications in the Real World
 
D2W Stateful Controllers
D2W Stateful ControllersD2W Stateful Controllers
D2W Stateful Controllers
 
Deploying WO on Windows
Deploying WO on WindowsDeploying WO on Windows
Deploying WO on Windows
 
Unit Testing with WOUnit
Unit Testing with WOUnitUnit Testing with WOUnit
Unit Testing with WOUnit
 
Life outside WO
Life outside WOLife outside WO
Life outside WO
 
Advanced Apache Cayenne
Advanced Apache CayenneAdvanced Apache Cayenne
Advanced Apache Cayenne
 
Migrating existing Projects to Wonder
Migrating existing Projects to WonderMigrating existing Projects to Wonder
Migrating existing Projects to Wonder
 
iOS for ERREST - alternative version
iOS for ERREST - alternative versioniOS for ERREST - alternative version
iOS for ERREST - alternative version
 
iOS for ERREST
iOS for ERRESTiOS for ERREST
iOS for ERREST
 
"Framework Principal" pattern
"Framework Principal" pattern"Framework Principal" pattern
"Framework Principal" pattern
 
Filtering data with D2W
Filtering data with D2W Filtering data with D2W
Filtering data with D2W
 
WOver
WOverWOver
WOver
 
Localizing your apps for multibyte languages
Localizing your apps for multibyte languagesLocalizing your apps for multibyte languages
Localizing your apps for multibyte languages
 
WOdka
WOdkaWOdka
WOdka
 

Último

08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 

Último (20)

08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 

Deployment of WebObjects applications on FreeBSD

  • 1. WO on FreeBSD Miguel Arroz Global Village Consulting, Inc. WOWODC 2011
  • 2.
  • 4. FreeBSD overview • UNIX System • BSD License (of course!) • Supports x86, amd64, pc98 as Tier 1 • Distributed and installed via FTP, HTTP, CD/DVD, etc.
  • 5. FreeBSD overview • Integration and consistency • The same team handles the Kernel and user-land tools • Release engineering team
  • 6. Installation • Pseudo-graphical installation • Very fast, low footprint • Installs only the essential, the rest is up to you
  • 7.
  • 8. Networking • Everything you would expect from an UNIX system • Reference (KAME) IPv6 implementation
  • 9. Documentation • FreeBSD Handbook (free, on freebsd.org) • Mail-lists
  • 10. Security • Most software installs with safe default configuration • Installing a port prints a message with security information if appropriate • Easy to configure daily scan for security advisors on OS and installed ports • http://security.freebsd.org/
  • 11. Security The following files will be updated as part of updating to 7.1-RELEASE-p16: /usr/lib/libssl.a /usr/lib/libssl.so.5 /usr/lib/libssl_p.a /usr/src/crypto/openssl/ssl/s3_clnt.c /usr/src/sys/conf/newvers.sh WARNING: FreeBSD 7.1-RELEASE-p15 HAS PASSED ITS END-OF-LIFE DATE. Any security issues discovered after Tue Feb  1 00:00:00 WET 2011 will not have been corrected.
  • 12. FreeBSD versions • Major versions • May break binary and source compatibility. • Used to introduce new features, deprecate or remove unused stuff.
  • 13. FreeBSD versions • Minor versions: • Maintain binary and source compatibility (main goal) • Bug fixes, mostly • New features (usually, small ones) if baked enough
  • 14. FreeBSD versions • Security advisors and erratas: • Released for all the currently supported versions • Very easy to install, specially if you use GENERIC kernel • Fix security vulnerabilities and show-stopper bugs • Don’t break binary or source compatibility • Never introduce new features • Kernel and OS source is updated too if installed
  • 15. Release cycles • Security advisors and erratas are only made available for currently supported FreeBSD releases • The life-time of each release depends on a few factors
  • 16. Minor versions .0 .1 .2 .3 .4 Major versions 8 8.0 8.1 8.2 7 7.0 7.1 7.2 7.3 7.4 6 6.0 6.1 6.2 6.3 …
  • 17. Minor versions .0 .1 .2 .3 .4 Major versions 8 8.0 8.1-P1 8.2-P1 8.1 8.1-P2 8.2 7 7.0 7.1 7.2 7.3-P1 7.4-P2 7.3 7.3-P2 7.4-P1 7.4 7.3-P3 6 6.0 6.1 6.2 6.3 …
  • 18. Minor versions New security advisor New minor version .0 .1 .2 .3 .4 New security advisor Major versions 8 8.0 8.3 8.1 8.2-P1 8.3-P1 8.2 8.1-P1 8.2-P2 8.1-P2 8.2-P3 8.1-P3 8.1-P4 7 7.0 7.1 7.2 7.3 7.4-P1 7.4 7.3-P1 7.4-P2 7.3-P2 7.4-P3 7.3-P3 7.4-P4 7.3-P4 7.3-P5 6 6.0 6.1 6.2 6.3 …
  • 19. Updating • If using GENERIC kernel, errata or security advisor is trivial: • freebsd-update fetch • freebsd-update install • reboot • If stuff happens: • freebsd-update rollback
  • 20. Updating • Put this on cron to be warned when there’s a patch to install: • @daily root freebsd-update cron • Minor and major version updates can be done remotely, but are more complex • Check FreeBSD Handbook (24.2 - FreeBSD Update) • May need to recompile installed software • May need console access
  • 21. Installing software • Packages • Ports • Traditional UNIX way (configure, make, make install)
  • 22. Packages • Binary distributions • Usually smaller than source archives • No compilation required • Much faster, specially when there are many dependencies • pkg_add -r <package>
  • 23. Ports • Packages are compiled with conservative options (must run on all hardware). Ports can be tuned. • Ports allow compile-time options configuration. • Some software licenses force source-only distribution. • May apply local patches. • The source is with you.
  • 24. Port Tree • The port tree stays in /usr/ports • Installation using portsnap: • portsnap fetch • portsnap extract • Updating: • portsnap fetch • portsnap update
  • 25. Installing a Port • Browser for ports: http://www.freebsd.org/ports/ • Install port (typical): • cd /usr/ports/<path to port> • make install clean • make config to see configuration menu
  • 26. Updating ports • The easiest way to upgrade a port and it’s dependencies is using one of these utilities: • portupgrade • portmanager • portmaster • See Handbook (4.5.4 - Upgrading Ports)
  • 27. Port security scan • Install ports-mgmt/portaudit • After installing, FreeBSD makes daily security scans on installed ports and notifies you of any released security advisors.
  • 28. Checking for a current audit database: Database created: Wed Apr 21 03:10:01 WEST 2010 Checking for packages with security vulnerabilities: Affected package: sudo-1.7.2.5 Type of problem: sudo -- Privilege escalation with sudoedit. Reference: <http://portaudit.FreeBSD.org/1a9f678d-48ca-11df-85f8-000c29a67389.html> Affected package: gtar-1.22 Type of problem: gtar -- buffer overflow in rmt client. Reference: <http://portaudit.FreeBSD.org/c175d72f-3773-11df-8bb8-0211d880e350.html> 2 problem(s) in your installed packages found. You are advised to update or deinstall the affected package(s) immediately.
  • 29. Jails • OS-level virtualization system • More isolation than chroot, less isolation than VM • Jail has its own kernel structures, binded IPs and superuser • Can be used to test software or isolate deployed services • Can’t use a different kernel • No live-migration
  • 30. BSD Hypervisor • http://wiki.freebsd.org/201105DevSummit? action=AttachFile&do=get&target=BHyVe.pdf
  • 31. Status !  Guest –  FreeBSD/amd64 releases 7.2 and 8.1 –  SMP - up to 8 virtual cpus –  I/O - virtio or pci passthru –  Minor kernel patches required !  Host –  FreeBSD/amd64 release 8.1 –  Unmodified GENERIC kernel !  Hardware –  Requires hardware virtualization assist with Nested Page Tables –  Intel VT-x is supported –  AMD-V support in progress 3
  • 32. Init scripts • Shares a lot with Mac OS X startup items • /etc/rc.conf - switches and configurations • /etc/rc.d/<servicename> <action> • /etc/rc.d/sshd restart • /usr/local/etc/rc.d/<servicename> <action> • Scripts can specify provided and required services
  • 33. hostname="andromeda.example.com" defaultrouter="XXX.XXX.XXX.XXX" ifconfig_em0="inet X.X.X.X netmask X.X.X.X" ifconfig_em0_alias0="inet X.X.X.X netmask 255.255.255.255" ifconfig_em1="inet X.X.X.X netmask X.X.X.X" ifconfig_em1_alias0="inet X.X.X.X netmask 255.255.255.0" static_routes="service multicast" route_service="-net X.X.X.X/8 X.X.X.X" route_multicast="-net X.X.X.X X.X.X.X" sshd_enable="YES" ntpdate_enable="YES" ntpdate_flags="time.service.example.com" syslogd_enable="YES" syslogd_flags="-ss" ntpd_enable="NO"
  • 35. Kernel Tuning • File /etc/sysctl.conf: # Increase the number of maximum open file descriptors kern.maxfiles=65535 # Enough space to cache the full java launch command line, # so that we can see it in "ps" output instead of [java] kern.ps_arg_cache_limit=1024 # Limits the number of logging lines per logging rule net.inet.ip.fw.verbose_limit=5
  • 36. Java • Diablo distribution (Sun JVM) • Port java/diablo-jdk16 • Installation may include time-zone updaters and JCE Policy files • All files must be downloaded manually due to licensing • The port will guide you
  • 37. Apache • Port www/apache22
  • 38. WebObjects • Two ways to install the WO frameworks on FreeBSD: • Using the WOPort • Manually • http://wiki.objectstyle.org/confluence/display/WO/Deploying +on+FreeBSD+8.2+and+WebObjects+5.4.3
  • 40. DB Server DB Server DNS WWW Server Updates Private Public WWW Server The Internets! App Server WWW Server App Server App Server App Server
  • 41. Why? • Security • Data between wotaskd and other components • Data (RR) between adaptors and apps • Broadcasted and other custom data between apps • Hide database and other services from the public network • Save public IPs
  • 42. Why? • Ideally, you should only expose ports 80 and 443
  • 43. Network configuration • em0 with private IP • em1 with public IP • Add as much services as you can to private network
  • 44. Software configuration • On file /usr/local/etc/rc.d/wotaskd: • command_args="${log_args} -WOHost 10.1.2.3" • On JavaMonitor: • Add hosts using their private IPs • Add -WOHost argument with private IP to apps
  • 45. WOHostUtilities • WO Apps need to make sure requests for stats, shutdown, refuse new sessions, etc, are legit • Those requests must not came from web server, and their source must be localhost. • Problem is… private IPs are not considered localhost IPs by Java.
  • 46. WOHostUtilities • Use Wonder, set er.extensions.WOHostUtilities.localhostips er.extensions.WOHostUtilities.localhostips=(10.1.2.1,10.1.2.2,10.1.2.3)
  • 47. SoftLayer • Dual network configuration by default • VPN access to the private network • Free IPv6 for every server • Amazing support staff
  • 48. One small detail… • FreeBSD + Adaptec 5405 RAID card = pain • Must use firmware 17574 or newer. • SoftLayer use this cards, request updated firmware or older card.
  • 49. MONTREAL 1/3 JULY 2011 Q&A