Category Archives: DevOps

VMWare扩展及压缩虚拟磁盘

Posted on by No Comments ↓

1、扩展虚拟磁盘
1.1A我的xp虚拟机一共只有10G,我需要扩展到20G(要关虚拟机)

"D:\Program files\VMware\VMware Workstation\vmware-vdiskmanager.exe" -x 20GB "D:\VirtualMashines\VMware\WinXP\WinXP.vmdk"

1.1BVMWare10以后,可以直接在管理工具中
虚拟机-》设置-》硬盘-》实用工具-》扩展

1.2扩展后,开启虚拟机,自己到磁盘管理器中分配空间即可。

2、压缩WinXP虚拟磁盘(vmware-tools)
2.1管理工具(关闭虚拟机)
虚拟机-》设置-》硬盘-》实用工具-》碎片整理

2.2开启虚拟机
系统托盘图标-》vmware-tools-》压缩

3、压缩WinXP虚拟磁盘(vmware-vdiskmanager)
3.1需要到微软官网下载sdelete工具,然后在虚拟机中运行:

sdelete -z

3.2关闭虚拟机,运行:

"D:\Program files\VMware\VMware Workstation\vmware-vdiskmanager.exe" -k "D:\VirtualMashines\VMware\WinXP\WinXP.vmdk"

4、压缩Debian虚拟磁盘:
4.1A在虚拟机中运行zerofree命令,需要将分区挂载为只读模式

apt-get install zerofree
umount /etc/home
zerofree /dev/sda6

4.1B在虚拟机中运行dd命令,需要将分区挂载为读写模式

dd if=/dev/zero of=/bigemptyfile
rm bigemptyfile

4.2关闭虚拟机,运行:

"D:\Program files\VMware\VMware Workstation\vmware-vdiskmanager.exe" -k "D:\VirtualMashines\VMware\Debian8\Debian8.vmdk"

5、压缩FreeBSD虚拟磁盘:
5.1A在虚拟机中运行dd命令,需要将分区挂载为读写模式

dd if=/dev/zero of=bigemptyfile bs=1m
rm bigemptyfile

5.1B在虚拟机中运行dd命令,需要将分区挂载为读写模式(适用于影片空闲空间较小)

cat /dev/zero > bigemptyfile;sync;sleep 1;sync;
rm -f bigemptyfile

5.2关闭虚拟机,运行:

"D:\Program files\VMware\VMware Workstation\vmware-vdiskmanager.exe" -k "D:\VirtualMashines\VMware\FreeBSD10\Debian8.vmdk"

Tomcat7安装为Windows Service

Posted on by No Comments ↓

Tomcat7采用服务模式运行,主要靠两个EXE和一个BAT文件:
Tomcat7w.exe用于配置、监控服务
Tomcat7.exe用于服务的安装、卸载、更新、运行、停止等
service.bat提供了一些预设的脚本方便大家安装卸载服务

1、Tomcat7w.exe //XX//ServiceName

#服务配置界面
Tomcat7w //ES//ServiceName
#服务监控
Tomcat7w //MS//ServiceName

2、Tomcat7.exe //XX//ServiceName

#命令行运行服务
Tomcat7 //TS//ServiceName
#启动服务
Tomcat7 //RS//ServiceName
#关闭服务
Tomcat7 //SS//ServiceName
#更新服务参数
Tomcat7 //US//ServiceName
#安装服务
Tomcat7 //IS//ServiceName
#删除服务
Tomcat7 //DS//ServiceName

其他可用参数有:

ParameterName Default Description
–Description Service name description (maximum 1024 characters)
–DisplayName ServiceName Service display name
–Install procrun.exe //RS//ServiceName Install image
–Startup manual Service startup mode can be either auto or manual
++DependsOn List of services that this service depend on. Dependent services
are separated using either # or ; characters
++Environment List of environment variables that will be provided to the service
in the form key=value. They are separated using either
# or ; characters. If you need to use either the #
or ; character within a value then the entire value must be
enclosed inside single quotes.
–User User account used for running executable. It is used only for
StartMode java or exe and enables running applications
as service under account without LogonAsService privilege.
–Password Password for user account set by –User parameter
–JavaHome JAVA_HOME Set a different JAVA_HOME than defined by JAVA_HOME environment
variable
–Jvm auto Use either auto (i.e. find the JVM from the Windows registry)
or specify the full path to the jvm.dll.
You can use the environment variable expansion here.
++JvmOptions -Xrs List of options in the form of -D or -X that will be
passed to the JVM. The options are separated using either
# or ; characters. (Not used in exe mode.)
–Classpath Set the Java classpath. (Not used in exe mode.)
–JvmMs Initial memory pool size in MB. (Not used in exe mode.)
–JvmMx Maximum memory pool size in MB. (Not used in exe mode.)
–JvmSs Thread stack size in KB. (Not used in exe mode.)
–StartMode One of jvm, Java or exe. The modes are:

  • jvm – start Java in-process. Depends on jvm.dll, see –Jvm.
  • Java – same as exe, but automatically uses the default Java
    executable, i.e. %JAVA_HOME%\bin\java.exe. Make sure JAVA_HOME is set
    correctly, or use –JavaHome to provide the correct location.
    If neither is set, procrun will try to find the default JDK (not JRE)
    from the Windows registry.
  • exe – run the image as a separate process
–StartImage Executable that will be run. Only applies to exe mode.
–StartPath Working path for the start image executable.
–StartClass Main Class that contains the startup method. Applies to the jvm and
Java modes. (Not used in exe mode.)
–StartMethod main Method name if differs then main
++StartParams List of parameters that will be passed to either StartImage or
StartClass. Parameters are separated using either # or
; character.
–StopMode One of jvm, Java or exe. See –StartMode
for further details.
–StopImage Executable that will be run on Stop service signal. Only applies to
exe mode.
–StopPath Working path for the stop image executable. Does not apply to jvm
mode.
–StopClass Main Class that will be used on Stop service signal. Applies to the
jvm and Java modes.
–StopMethod main Method name if differs then main
++StopParams List of parameters that will be passed to either StopImage or
StopClass. Parameters are separated using either # or
; character.
–StopTimeout No Timeout Defines the timeout in seconds that procrun waits for service to
exit gracefully.
–LogPath %SystemRoot%\System32\LogFiles\Apache Defines the path for logging. Creates the directory if necessary.
–LogPrefix commons-daemon Defines the service log filename prefix. The log file is created in the
LogPath directory with .YEAR-MONTH-DAY.log suffix
–LogLevel Info Defines the logging level and can be either Error,
Info, Warn or Debug. (Case insensitive).
–StdOutput Redirected stdout filename.
If named auto then file is created inside LogPath with the
name service-stdout.YEAR-MONTH-DAY.log.
–StdError Redirected stderr filename.
If named auto then file is created inside LogPath with the
name service-stderr.YEAR-MONTH-DAY.log.
–PidFile Defines the file name for storing the running process id. Actual file is
created in the LogPath directory

3、service.bat安装卸载服务

service.bat install/uninstall/remove ServiceName

4、启动关闭服务

net start ServiceName
net stop ServiceName

MuleESB3发布到Tomcat

Posted on by No Comments ↓

今天把Mule ESB集成到Tomcat时,出现了下面的错误:

Already in lifecycle phase 'start', cannot fire the same phase twice

解决方法:
把MuleESB官方网站建议的:

<listener-class>org.mule.config.builders.MuleXmlBuilderContextListener</listener-class>

替换为:

<listener-class>org.mule.config.builders.DeployableMuleXmlContextListener</listener-class>

就可以了

自签名证书HTTPS

Posted on by No Comments ↓

1、生成自签名的CA私钥及自签名证书,并导出为der、p12、jks格式

set OPENSSL_CONF=C:\ProgramerTools\OpenSSL-Win64\bin\openssl.cfg

#生成私钥
openssl genrsa 1024 > NMyCA1024.key

#生成自签名证书
openssl req -new -x509 -nodes -key NMyCA1024.key -days 1095 -subj "/C=CN/ST=ShangHai/L=ShangHai/O=NEOHOPE/OU=Development/CN=NMyCA1024" > NMyCA1024.pem

#转der格式,生成trust store
openssl x509 -outform der -in NMyCA1024.pem -out NMyCA1024.crt
keytool -import -trustcacerts -file NMyCA1024.crt -keystore NMyCA1024_trust.jks -storepass 123456

#转p12格式,生成key sotre
openssl pkcs12 -export -out NMyCA1024.p12 -in NMyCA1024.pem -inkey NMyCA1024.key
keytool -importkeystore -srckeystore NMyCA1024.p12 -srcstoretype PKCS12 -deststoretype  JKS -destkeystore NMyCA1024_key.jks

2、生成网站私钥,并生成CA签名的证书,并导出为der、p12、jks格式

#生成私钥
openssl genrsa 1024 > server.key

#从CA请求证书
openssl req -new -key server.key -subj "/C=CN/ST=ShangHai/L=ShangHai/O=NEOHOPE/OU=Development/CN=127.0.0.1" > server.csr

#生成CA签名的证书
openssl x509 -req -in server.csr -CA NMyCA1024.pem -CAkey NMyCA1024.key -CAcreateserial -days 365 > serversigned.crt

#生成trust store
keytool -import -trustcacerts -file serversigned.crt -keystore serversigned_trust.jks -storepass 123456

#转p12格式,生成key sotre
openssl pkcs12 -export -out serversigned.p12 -in serversigned.crt -inkey server.key
keytool -importkeystore -srckeystore serversigned.p12 -srcstoretype PKCS12 -deststoretype  JKS -destkeystore serversigned_key.jks

3、在server端使用serversigned.p12或serversigned_key.jks

4、在浏览器端,导入NMyCA1024.crt为CA根证书,浏览器就可以正常打开HTTPS网站了

5、如果是要用Java Client端进行认证,则需要将CA证书导入到对应JDK或JRE的CA列表中,用serversigned_trust.jks就可以正常访问了

keytool -import -trustcacerts -file NMyCA1024.crt -alias NMyCA1024 -keystore %JRE_HOME%\lib\security\cacerts -storepass changeit

openssl获取网站证书及验证证书链

Posted on by No Comments ↓

1、获取网站证书信息

set OPENSSL_CONF=C:\ProgramerTools\OpenSSL-Win64\bin\openssl.cfg
#获取淘宝证书信息
openssl s_client -showcerts -connect www.taobao.com:443
#获取淘宝ssl2证书信息
openssl s_client -showcerts -ssl2 -connect www.taobao.com:443

2、验证证书链
比如,我有一个自签名的三层证书系统:
NMyCA1024(RootCA,自签名认证)
NMySubCA1024(NMySubCA1024是是中级CA,是NMyCA1024认证过的)
Server(Server是服务器证书,是NMySubCA1024认证过的)

可以用如下方法验证证书链:

#会告诉你这是一个自签名证书
openssl verify NMyCA1024.pem

#L1中方的是NMyCA1024的证书
openssl verify -CAfile L1.pem NMySubCA1024.pem

#L2中方的是NMyCA1024及NMySubCA1024的证书
openssl verify -CAfile L2.pem Server.pem

#只用中级证书,会导致证书链不完整,无法通过验证
openssl verify -CAfile NMySubCA1024.pem Server.pem

JKS密码验证

Posted on by No Comments ↓

下面的程序用来验证JKS的文件及密码是否正确

public static URL getStoreURL(String storePath) throws IOException
{
	URL url = null;
	// First see if this is a URL
	try
	{
		url = new URL(storePath);
	}
	catch (MalformedURLException e)
	{
		// Not a URL or a protocol without a handler so...
		// next try to locate this as file path
		File tst = new File(storePath);
		if (tst.exists() == true)
		{
			url = tst.toURL();
		} else
		{
			// not a file either, lastly try to locate this as a classpath
			// resource
			if (url == null)
			{
				ClassLoader loader = Thread.currentThread().getContextClassLoader();
				url = loader.getResource(storePath);
			}
		}
	}
	// Fail if no valid key store was located
	if (url == null)
	{
		String msg = "Failed to find url=" + storePath + " as a URL, file or resource";
		throw new MalformedURLException(msg);
	}
	return url;
}

public static KeyStore loadKeyStore(String storeType, URL storePathURL, String storePassword) throws Exception
{
	KeyStore keyStore = null;
	String provider = null;
	String providerName = null;

	if (provider != null)
	{
		keyStore = KeyStore.getInstance(storeType, provider);
	} else
		if (providerName != null)
		{
			keyStore = KeyStore.getInstance(storeType, providerName);
		} else
		{
			keyStore = KeyStore.getInstance(storeType);
		}
	if (storePathURL == null) { throw new Exception("Can not find store file for url because store url is null."); }
	// now that keystore instance created, need to load data from file
	InputStream keyStoreInputStream = null;
	try
	{
		keyStoreInputStream = storePathURL.openStream();
		// is ok for password to be null, as will just be used to check
		// integrity of store
		char[] password = storePassword != null ? storePassword.toCharArray() : null;
		keyStore.load(keyStoreInputStream, password);
	}
	finally
	{
		if (keyStoreInputStream != null)
		{
			try
			{
				keyStoreInputStream.close();
			}
			catch (IOException e)
			{
				// no op
			}
			keyStoreInputStream = null;
		}
	}
	return keyStore;
}

public static String verifyP12(String p12Path,String p12Pwd)
{
            String ret = "验证成功";
            try
            {
	URL ksURL = getStoreURL(p12Path);
                if(ksURL==null)throw new Exception(p12Path+"文件未找到");
                    
	loadKeyStore("PKCS12",ksURL,p12Pwd);
            }
            catch(Exception ex)
            {
                ret = ex.getMessage();
                ex.printStackTrace();
            }
            return ret;
}

public static String verifyJks(String jksPath,String jksPwd)
{
            String ret = "验证成功";
            try
            {
	URL ksURL = getStoreURL(jksPath);
	loadKeyStore("JKS",ksURL,jksPwd);
                
                if(ksURL==null)throw new Exception(jksPath+"文件未找到");
            }
            catch(Exception ex)
            {
                ret = ex.getMessage();
                ex.printStackTrace();
            }
            
            return ret;
}

AXIS2客户端支持TLS

Posted on by No Comments ↓

只要设置下面几个环境变量就好啦;)

public static final String TRUST_STORE_PASSWORD = "javax.net.ssl.trustStorePassword";
public static final String TRUST_STORE = "javax.net.ssl.trustStore";
public static final String TRUST_STORE_TYPE = "javax.net.ssl.trustStoreType";
public static final String KEY_STORE_TYPE = "javax.net.ssl.keyStoreType";
public static final String KEY_STORE_PASSWORD = "javax.net.ssl.keyStorePassword";
public static final String KEY_STORE = "javax.net.ssl.keyStore";

openssl生成key

Posted on by No Comments ↓

生成私钥及自签名证书(自签名这样就可以咯)

set OPENSSL_CONF=%OPENSSL_HOME%\bin\openssl.cfg
openssl genrsa 1024 > test.key
openssl req -new -x509 -nodes -key test.key -days 1095 -subj "/C=CN/ST=ShangHai/L=ShangHai/O=NEOHOPE/OU=Development/CN=NMyCA1024" > test.pem

生成私钥、证书请求及自签名证书(通常是把csr文件发给第三方机构申请证书,这里仍然是自签名)

set OPENSSL_CONF=%OPENSSL_HOME%\bin\openssl.cfg
openssl genrsa -out test1.key 1024
openssl req -new -key test.key -out test1.csr -subj -subj "/C=CN/ST=ShangHai/L=ShangHai/O=NEOHOPE/OU=Development/CN=NMyCA1024"
openssl x509 -req -days 3650 -in test1.csr -signkey test1.key -out test1.pem

这里请注意,自签名证书的话,上面两种方式是一样的。但这里只有一层,也就是没有CA的存在,如果需要CA及服务器两层的话,就要:
1、生成CA的私钥及证书
2、生成服务器私钥及证书
3、用CA的私钥对服务器证书签名
4、所有客户端信任CA证书

pem转为p12(私钥+证书)

set OPENSSL_CONF=%OPENSSL_HOME%\bin\openssl.cfg
openssl pkcs12 -export -out test.p12 -in test.pem -inkey test.key

pem转为jks的truststore(ca证书)

keytool -import -v -trustcacerts -file test.pem -keystore test.jks -storepass 123456 -alias caRoot
keytool -list -v -keystore test.jks -storepass 123456

p12转为jks的keystore(私钥+证书)

keytool -importkeystore -srckeystore test.p12 -destkeystore test1.jks -srcstoretype PKCS12 -deststoretype JKS -srcstorepass 123456 -deststorepass 123456
keytool -list -v -keystore test1.jks -storepass 123456

这里请注意,jks与p12的密码要设成一样的,否则有些时候会无法使用。