Thursday, 31 October 2019

Freemarker and java.time

I noticed that Freemarker1 does not yet support the Java SE 8 Date and Time2. I noticed this, because I tried it. It just tries to parse the toString() and it fails.

<dependency>
<groupId>no.api.freemarker</groupId>
<artifactId>freemarker-java8</artifactId>
<version>1.1.5</version>
</dependency>

Of course, it's not native support, you still have to call specific methods to parse this. But it works in my case.

It means I have to change some of my templates around, as described below:

Published Date ${blog.createDate?datetime} Instead should be: Published Date${blog.createDate.format()}

References

[1] FreeMarker Java Template Engine
https://freemarker.apache.org/
[2] Java Technical Details - Java SE 8 Date and Time
https://www.oracle.com/technical-resources/articles/java/jf14-date-time.html
[3] GitHUb - Java library adding support for the Java 8 java.time api to FreeMarker.
https://github.com/lazee/freemarker-java-8

Thursday, 24 October 2019

Git Worktrees

Since git 2.8 it is possible to work with "Worktrees". These are extra maps you can use to checkout a branch. This is instead of changing your current working directory contents by checking out a different branch (and by extention messing up your build targets and artifacts and stuff).

At work, unfortunately, we are using Fedora Core 25 (a little old, but we are sure to update any day now).

So I decided to install git from source1. Apparently we're already up to version 2.23.0

At home, I do not use worktrees2, and I managed to avoid it at work too. But the situation has progressed in such a fashion that the branches are starting to differ soo much that a reset maven profiles/clean/rebuild/redeploy is required when switching branches, costing me valuable development time.

Creating a new worktree from the master

git worktree add -b feature_branch ../new_folder

Creating a new worktree from the master from an existing branch

Use --detach instead of -b branch to create a worktree without a branch.

Gebruik --detach ipv -b branch om een losgekoppelde worktree aan te maken zonder een branch.

Removal of a worktree

rm -rf ../new_folder && git worktree prune

It all seems easy enough.

For some reason the new git also enables me to simply checkout the svn repo (we're still using SVN at the moment) without any pains like in the past (for example bombing out because it takes too long). Perhaps something has changed in our SVN setup, I don't know.

References

[1] Git - see kernel.org link on the page
[2] Git - manpage worktree
https://git-scm.com/docs/git-worktree
StackOverflow - What would I use git-worktree for?
http://stackoverflow.com/questions/31935776/what-would-i-use-git-worktree-for
Atomic Object - Parallelize Development Using Git Worktrees
https://spin.atomicobject.com/2016/06/26/parallelize-development-git-worktrees/
Atlassian - Six cool features of the Git 2.x series
https://developer.atlassian.com/blog/2015/10/cool-features-git-2.x/
GAUI.SI - Git worktree feature
https://www.gaui.is/git-worktree-feature/

Thursday, 17 October 2019

Hello, production

Recently saw this blogpost1 among incoming tweets, and it's good enough to mention here.

References

[1] Pete Hodgson - Hello, production
https://blog.thepete.net/blog/2019/10/04/hello-production/

Friday, 11 October 2019

Ref: Filtering a Stream of Optionals in Java

Recently got a little annoyed that I always have to combine a filter with Optional::isPresent with a map with Optional::get.

A quick search on the Internets, found a good resource about how this can be done, and in the future should be done.

See the references. Let me know if you have something better.

References

Baeldung - Filtering a Stream of Optionals in Java
https://www.baeldung.com/java-filter-stream-of-optional

Thursday, 3 October 2019

Automating Importing Let's Encrypt Certificates into Payara/Glassfish

In this blogpost I mentioned a python script that automatically renews certificates for payara2. Unfortunately, it's not quite a perfect fit for me, as I do not run payara on port 80, which the script requires.

My setup has an nginx running on port 80, that basically forwards all requests to the https version of the website.

So I could simply turn off nginx, re-certify and turn nginx back on.

This simple bash script is as follows:

Running it will give you:

\$ source renew_letsencrypt_certificates.sh
---- Starting.
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/www.mrbear.org.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator standalone, Installer None
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for www.mrbear.org
Waiting for verification...
Cleaning up challenges

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
new certificate deployed without reload, fullchain is
/etc/letsencrypt/live/www.mrbear.org/fullchain.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Congratulations, all renewals succeeded. The following certs have been renewed:
/etc/letsencrypt/live/www.mrbear.org/fullchain.pem (success)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
/home/payara/payara5/glassfish/domains/production/config/keystore.jks
Private key with alias [s1as] added to keystore /home/payara/payara5/glassfish/domains/production/config/keystore.jks.
---- Disabling http listener...
server.network-config.network-listeners.network-listener.http-listener-2.enabled=false
Command set executed successfully.
---- Enabling http listener...
server.network-config.network-listeners.network-listener.http-listener-2.enabled=true
Command set executed successfully.
---- Done.

And your certificate is renewed. I am most pleased that this is soo easy in Payara/Glassfish.

In order to properly automate this, the master password must be stored somehow, and it's possible to do this via the --passwordfile=passwordfile.txt commandline parameter.

I found a good blogpost on how to do this at .Lost in Coding3.

And also the blogpost on [4] to get me started on how to do this.

Verifying that the keystore contains the appropriate stuff, can be done as follows:

# keytool -list -keystore /home/payara/payara5/glassfish/domains/production/config/keystore.jks
Keystore type: jks
Keystore provider: SUN

glassfish-instance, Jan 22, 2019, PrivateKeyEntry,
Certificate fingerprint (SHA1): WZ:B6:4N:8V:AT:YP:QC:9N:VT:HA:WI:NQ:B[:V8:0W:YT:B8:AW:YT:VQ
s1as, Sep 25, 2019, PrivateKeyEntry,
Certificate fingerprint (SHA1): N8:5Y:AN:SV:N8:9W:4T:Y7:9W:V9:W4:VT:8Y:WV:4N:W4:VT:FB:8S:4E

keytool -list -v -keystore /home/payara/payara5/glassfish/domains/production/config/keystore.jks

Or for a specific alias:

keytool -list -v -keystore /home/payara/payara5/glassfish/domains/production/config/keystore.jks -alias s1as

References

[1] Enabling SSL in Payara with certificate from Let's Encrypt.
https://randomthoughtsonjavaprogramming.blogspot.com/2019/01/enabling-ssl-in-payara-with-certificate.html
[2] github - Let's encrypt script to retrieve and upload keys/certificates to Payara
https://gist.github.com/ratcashdev/1b09877d37e02ef5170bf9e60c377f34
[3] .Lost in Coding - Configure Payara Server passwords in Docker