We Keep Coding

How to redirect jenkins.security.SecurityListener logs to a log file on a linux host

I have setup a logger on my jenkins server for jenkins.security.SecurityListener logs. I can view the logs in the webportal but I cannot find where the are stored on the server. I want to be able access these logs on the server.

When you are talking about seeings logs in webportal, are you talking about console output? In that case there are some options.
For jenkins build logs,By default logs should be made available in /var/log/jenkins/jenkins.log , unless customized in /etc/default/jenkins (for *.deb) or via /etc/sysconfig/jenkins (for */rpm).
Another option is to download them in your linux server using curl or wget command.
curl http://jenkinsUrl/job/<Build_Name>/<Build_Number>/consoleText -OutFile
another common location:
${JENKINS_HOME}/jobs/${JOB_NAME}/builds/${BUILD_NUMBER}/log
You can use plugins also to capture jenkins console logs and store them in any location in server as per your choice. Plugins are available for that.
Thanks,
Subhadeep

Spring boot on Aws ec2 instance

Spring boot demo app tried on localhost and successfully run the application. I even installed
gradle,jdk and other dependencies
easily on aws instance . Even though i ran ./gradlew bootRun of sample application successfully .
Like http:// localhost:8080 aws instane isn't working according to my path like http://myip:8080.
Let me know what exactly i am doing wrong with this and also to make sure i added custom tcp rule such as 8080 .

Besides adding custom tcp rule 8080, try to add the following rule into your security group.
Type: Custom ICMP Rule
Protocol: Echo Request
Port Range: N/A
Source: 0.0.0.0/0
And then try to ping YourIP in order to see if your EC2 machine can be reach from internet. If your EC2 ip is pingable, then I guess the reason why you cannot access http://myip:8080 is your spring boot failed to start in EC2.
You can ssh into your ec2 and investigate your jar. I don't know any clever method but my method is:
After ssh into the ec2 machine,
Find your jar name by ps -A -F . In my case I can find java -jar application.jar
Find your jar path by sudo find / -name application.jar . In my case I can find /var/app/current/application.jar
Then you can cd /var/app/current/ and java -jar application.jar . If you are lucky, you can find some hints from the spring boot log.

In order for this call to work there are a couple of prerequisites.I will try to make a short list, other things could arise depending on the environment.
Make sure the public IP address is the same as the one you know. This changes after each reboot. If you do not want this behavior you can use an elastic IP
The 8080 port is accessible from the Internet. Here are some steps to make sure this is the case: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/authorizing-access-to-an-instance.html

Installing Jenkins windows slave from https master

I am trying to install the slave on Windows from a linux master. When using the Java Web Start, I get an error that it can't load the resource http://jenkinsserver:8080/jenkins/jnlpJars/remoting.jar
This is because the jenkins server is using 8443. Is there a way to tell it to use the correct port?
When I try from command line:
java -jar slave.jar -jnlpUrl http://jenkinsserver:8443/jenkins/computer/Slave-it-jenkins-p2/slave-agent.jnlp -secret xxxx
I get a message that it is unable to access the jarfile slave.jar Is it possible to use Jenkins on https and install slaves?

Yes it is possible to execute the same over https , if you dont have the proper certificate then you can either download them from browser or you can also pass the argument --noCertifcateCheck to ignore the cert.
For the above issue via http can you please provide the detailed error stack that will help

First, you can configure your Jenkins port at Configure Jenkins menu http://your-jenkins-server/configure/. Check out the JENKINS URL at Jenkins Location
I had no problem configurating my Windows Slave using JNLP + service start. Just make sure that your JNLP port is set and open. You can set that port # Jenkins Global Security http://your-jenkins-server/configureSecurity/
I used the Jenkins documentation Installing Jenkins as Service in Windows Slaves as a guide.

Development with NGINX

I am developing web application using scala. Now it become rather big and I am going to split it to few separated services and glue it with nginx as reverse proxy.
While it was just a scala app it was able to distribute and run it as jar with few config files. But now there is nginx which usually installed as system app. What is the best way to work with nginx in portable manner, to have all app concentrated in one folder?
Should I have *.conf file with host and include reloading nginx in startup script?
Or maybe it will be usefull to have portable nginx binary?
This is for testing and experimental needs only. Production app deployed into server with preconfigured nginx.

Having used Nginx on Ubuntu quite a lot, I found that it is quite effective to keep .conf files with the project work, along with one or two shell scripts to install and configure them.
You didn't mention your OS, but I can share my experience with Ubuntu if that helps. This is more an OS admin topic than a Scala one per se.
For example, a script might symlink your scripts/myapp.conf file(s) something like this:
#!/bin/bash -e
cd $(dirname $0)
TGT=$PWD
cd /etc/nginx/sites-enabled
sudo rm -f myapp.conf
sudo ln -vs $TGT/scripts/myapp.conf myapp.conf
sudo service nginx reload

So you have separated services with nginx as reverse proxy in your production. And need to adapt nginx for test environment ?
If that is one or two machines setup, try not to overenginer setting, but just adapt nginx config manually (and scala server file) as needed (hostname, ports, path etc...).
Just my 2c.

How do I run my application as superuser from Eclipse?

I'm running in to an error when I try to run my server application from Eclipse. The error is java.net.BindException: Permission denied. I think this is because I am using port 443 to set up an SSL connection. I can get around this problem if I run my code on the command line using java and sudo. Is there a way to set up Eclipse so that when I hit the run button, my application is executed with sudo?

You can follow these steps to compile/debug applications as superuser.
Rename your java-application
sudo mv /usr/lib/jvm/java-6-openjdk/jre/bin/java /usr/lib/jvm/java-6-openjdk/jre/bin/java.ori
Create following script and store it as /usr/lib/jvm/java-6-openjdk/jre/bin/java
#!/bin/bash
# file: /usr/lib/jvm/java-6-openjdk/jre/bin/java
# descr: Starter for jdk. Runs jdk as root when
# cmd-line-arg "--run-as-root" is specified.
#
jre="/usr/lib/jvm/java-6-openjdk/jre/bin/java.ori"
run_as_root=false
args=
# Filter command-line argument
for arg in "$#"
do
case "$arg" in
--run-as-root) run_as_root=true
;;
*) args="$args $arg"
;;
esac
done
# Remove leading whitespaces
args=$(echo $args | sed -e 's/^[ \t]*//')
if $run_as_root
then
echo "WARNING: Running as root!"
gksu "$jre $args"
else
$jre $args
fi
Change the permissions to make it executable
sudo chmod 0755 /usr/lib/jvm/java-6-openjdk/jre/bin/java
Startup eclipse
Go to Window->Preferences->Java->Installed JREs
Duplicate java-6-openjdk to java-6-openjdk-root
Edit JRE and add "--run-as-root" as Default VM Argument
To run projects as root you need to follow these steps:
Go to Project->Properties->Java Build Path
Double-Click the JRE System Library and choose in Alternate JRE "java-6-openjdk-root"
Note: The idea is from http://www.eclipse.org/forums/index.php/mv/msg/87353/724852/#msg_724852

Assuming you are on Linux (*nix),
How about starting your eclipse session via a sudo command?
Such as
sudo ~/eclipse/eclipse
Now whatever you do from eclipse will have the sudo context?

As mentioned in this thread:
In order to open a port below 1024 on Unix/Linux systems you need to be
"root".
I also used the argument -Dorg.eclipse.equinox.http.jetty.port=8080 to change the listen port, but this seems to be ignored (according to the stacktrace)
Please use "-Dorg.osgi.service.http.port=8080".
As mentioned in HTTP Service:
org.osgi.service.http.port - specifies the port number to use for the http serving. The default value for this property is 80 (which requires root permission), as per the OSGi specification.
org.osgi.service.http.port.secure - specifies the port number to use for secure http serving. The default value for this property is 443 (which requires root permission), as per the OSGi specification.
Maybe if you try to modify that last property to a value above 1024 it could work without requiring any special privilege.

Another option would be to use iptables or ipfilter to forward port 80 to a port above 1024.
(Can someone contribute a link to a practical and easy-to-understand explanation ?)

A better answer, perhaps, if this serves your needs AND is possible, could be simple port redirection on your router.
Instead of trying to force your linux/unix to open a reserved port, when you are only developing this now (not installing) and you want to run it in a debugger,
set your router to redirect incoming (external) port 443 to a port that is more convenient for your current needs (say 4443).
I think most routers support this, and if yours doesn't it gives your mum a good christmas or birthday present idea!

I am writing C not Java but this should work in either case.
I use remote debug - define a "remote" connection to LOCALHOST which allows you to specify the user you will connect with, specify ROOT. Then define a Remote Application in debug configuration connection: LOCALHOST. Be sure to check "skip download to target path" at the bottom of the main tab as well as under the connection properties window.

You can use Remote Java Application mechanism for this.
Create Debug configuration for Remote Java Application
section in Run -> Debug configurations...
Set your project name
Choose Connection type as Standard (Socket Attach)
Configure Connection properties parameters for your binding
(for you it will be localhost and 443).
Set breakpoint in your app (e.g. at the beginning of the main method)
Run your app from terminal as superuser with following command: java -Xdebug -Xrunjdwp:transport=dt_socket,server=y,address=443 MyApp
Hit debug button in Eclipse for early created Remote Java Application
You code should be stopped on breakpoint in Eclipse!

If you use External tools (Run menu/External tools or an icon next to the Run/Debug icons on the toolbar), you can use any scripts or whatever you like. The scripts may give you elevated rights, or whatever.
On the other hand, this way debugging the application can become very hard, as neither the Run nor Debug commands get associated with this External tool configuration. Maybe it is possible to connect the Eclipse debugger of the application, but I don't know, how that is possible.

You may go this way
create a Makefile with javac calls
add the following line:
setcap 'cap_net_admin=+ep' Server
configure sudo to allow your Eclipse user to run setcap.
So you will have a transparent debugging (no sudo wrapper - gdb ok).
Cons: it is a local security breach.
Solution:
put this to /opt/my-stupid-eclipse
#!/bin/sh
setcap 'cap_net_admin=+ep cap_net_raw=+ep' $1
chmod +x this script and whitelist it on sudo config.
username ALL=(ALL) NOPASSWD: /opt/my-stupid-eclipse
Add it to your makefile, specify path to your Server binary.
Now you have pretty strange but secure script, that cannot be changed by other users... and still a little breach for replacing Server binary with any malicious code, that will gain caps, so no filename check/stricts will help.. can $1 be contaminated with bash commands, no? Guess, no.