John Willis: March 2014

3/27/2014

Dell XPS 15, PXE booting over USB NIC

it is not intuitive a USB NIC does not provide PXE support...

note: this works w/wds for windows, should work w/cobbler for linux, netboot w/osx, or dhcp w/tftp

rather the BIOS must support a USB NIC by including a BIOS device driver for initializing and using the USB NIC, before that device can be used by a BIOS PXE procedure for network booting

because the USB NIC is connected through a USB host controller, that USB host controller must also have a BIOS device driver and the USB host controller must be started before the USB NIC can be started

USB host controllers are internal and fixed, they do not change, they are built into the notebook, so only one device driver needs to be included in the BIOS for the USB host controller built into the notebook

USB NIC devices are external and varied, they can come from many manufacturers and can be built using many different USB NIC chipsets, so there are many possible BIOS device drivers, the BIOS usually only contains a small number of USB NIC device drivers -- there is no Universal BIOS device driver for all USB NIC devices

but like virtual machine technology "older" and more "commonly available" USB NIC devices that have been in the market place for a long time, or have looser licensing rules for including their reference device driver code in System BIOSes, tend to be "more likely" to be supported

PXE booting, or booting off the network, implies a device is ready to be used by the BIOS procedure for obtaining a network address, downloading a network bootstrap program (nbp) and then a network enabled boot program that runs in minimal available memory (a kernel, winpe, ect..)

when installing an operating systems like Windows 7 using PXE booting, at some point the USB NIC will be reset to transition away from using the PXE booted program to using a native installer -- like the winpe environment

the native installer then needs to restart the USB host controller, followed by the USB NIC - native install time drivers for the installer program must be provided, or the installer will fail to complete installation

Windows 7 includes native support for USB 2.0 host controllers, and its installer generally includes support for USB 2.0 host controllers, USB NIC drivers for the install and after install Windows 7 environments must be provided by the USB NIC vendors

Windows 7 does not include native support for USB 3.0 host controllers and will fail to install if a USB NIC is connected to a USB 3.0 host controller, even though USB 2.0 devices are generally compatible with USB 3.0 ports.. it is the operating system which will fail to restart the USB 3.0 host controller during install that will disconnect the USB NIC

Windows 8 includes native support for USB 3.0 host controllers

notebooks generally still come equipped with multiple USB 3.0 ports and at least (one) USB 2.0 port just for such occasions, they are either plainly labeled as USB 3.0 and USB 2.0 or the USB 3.0 ports will have an extra "ss" in tiny letters to distinguish them as "super speed" (aka USB 3.0) capable -- the "one" port without the tiny "ss" letters will be the USB 2.0 port

the XPS 15 9530 notebook is generally the same as the Precision M3800 notebook, except for the secondary GPU and the choice of high resolution display, while the XPS is a "gamers" consumer class machine and has Windows 8 supported device drivers (only) the M3800 is an "enterprise" business class machine and has Windows 7 and Windows 8 supported device drivers available

secondary GPU device drivers can be obtained after install from their manufacturers websites

cons to installing Windows 7 on an XPS include, if using the ultra high resolution screen the DPI may need to be scaled to 125 percent to be able to see the tiny pixels, and Windows 8 includes a separate DPI mode for each screen - if sharing a desktop with a second monitor, each can run at a different DPI, this is not the case when using Windows 7 there is only one DPI mode for all screens

PXE booting requires using a "started" Ethernet port, sometimes called "initialized" -- but generally means "its ready" to provide "service" to the BIOS

the BIOS of this laptop has had three revisions A01, A02, A03 (so far 3-31-2014)

the pxe supported usb to ethernet device chipsets can be determined by looking at the updates and their change logs

A01 -
SmscUsbNet - USB2.0-to-LAN dongle - StarTech USB21000S2
OemGigaLan - USB 2.0 Ethernet Adapter - Dell Part# : 331-9318 "guess"

A02 -
SmscUsbNet - USB2.0-to-LAN dongle - StarTech USB21000S2
OemGigaLan - USB 2.0 Ethernet Adapter - Dell Part# : 331-9318 "guess"

A03 -
SmscUsbNet - USB2.0-to-LAN dongle - StarTech USB21000S2
OemGigaLan - USB 2.0 Ethernet Adapter - Dell Part# : 331-9318 "guess"
RtkUsbUndi - USB3.0-to-LAN dongle Anker RTL8153 Chipset "guess"

# update 3-31-2014:
# the Startech USB21000S2 is confirmed to PXE in BIOS "Legacy" mode
# on the A02 version of the BIOS

be forewarned:

the USB 2.0 NIC types should work with PXE boot installing Windows 7, however the USB 3.0 NIC types would only be appropriate for PXE boot installing Windows 8; for the reasons mentioned before, Windows 7 does not include host controller support for USB 3.0 ports - thus even if the USB 3.0 device would work in a USB 2.0 port, you would still be constrained by the speed of the USB 2.0 port (480 mbps) versus the speeds in a USB 3.0 port (4800 mbps)

i have also obtained a Anker RTL8153 USB 3.0 NIC and may try that after upgrading the BIOS from A02 to A03 with Windows 7 (on a 2.0 port) and Windows 8 (on a 3.0 port)

-- when I do I will update this page

Dell XPS 9530 System BIOS A03

Enhancements

- Improved System BIOS stability.

- Support Realtek USB-to-LAN dongle(REL8153-VB) PXE boot.

Realtek Announces 8153 Low Power Consumption USB Ethernet Controller Solutions

RTL8153

Startech makes a usb to ethernet adapter based on the [Smsc LAN7500] chipset

Microchip who makes the Smsc LAN7500 chip makes UNDI driver source code available
LAN95xx and LAN7500 UEFI PXE (UNDI) Driver

the source code file has a similar name to the reference in the bios [ SmscUsbNetDriver.efi ]

to pxe boot the laptop must have secure boot disabled, legacy support enabled and [network] in the boot order

this is no longer theory, a StarTech USB21000S2 adapter was been ordered and tested and performed exactly as expected.

Legacy mode does not enumerate the device, but upon boot order selecting [network] it detects and runs the built in BIOS device driver for starting the USB NIC and proceeds to PXE boot using it

UEFI mode does enumerate it and offer it up as an IPv4 or IPv6 device, however selecting either has not successfully worked for PXE boot, it appears either there is something else in the BIOS that needs additional configuration, or that the BIOS procedure for UEFI is not working, determining if it is the BIOS driver for the USB NIC or the BIOS procedure for UEFI PXE will have to wait until i can test an additional USB NIC device, like the Anker RTL8153

The XPS laptop and Venue tablets appear to share many commonalities:

Dell Announces New XPS Ultrabooks and Venue Tablets

Dell has a page that recommends the Smsc LAN7500 usb to ethernet dongle, and used to sell it direct, but does not appear to sell it any longer, or is out of stock, this was for the xps 13 laptop - but it appears to also apply to the xps 15 9530

Dell XPS Driver CABs are now available

For XPS 13 (L321x) only:

USB to NIC Dongle :

Since the XPS 13 does not have an Onboard NIC, a USB to NIC dongle needs to be used for deploying an OS.

SMSC LAN 7500:

If you are using a USB NIC based on the SMSC LAN 7500 chipset, the A09 WinPE CAB and XPS 13 driver pack includes drivers for this device.

The Startech USB21000S2 USB NIC uses the LAN7500 chipset and is available from Dell.

The XPS 13 with BIOS A05 or higher, supports PXE boot with LAN7500 chipset based USB NICs.

Note: If you chose to use a different USB to NIC dongle for network based Operating System deployment, you will need to inject the specific driver for such device in WinPE.

useful links:
Imaging requirements for the Latitude 10 (ST2) from Windows Server 2008
MDT 2010 - Automated Dell XPS 13 Deployment
How do you PXE boot a Venue 8 or 11 Pro
Imaging requirements and process for the Dell Venue 8 Pro 5830 Tablet
Imaging Recommendations for the Dell Venue 11 Pro 5130/7130/7139
Dell Driver CAB files for Enterprise Client OS Deployment
MSFN - USB to Ethernet Adapters and PXE
Supporting PXE over USB Deployment Scenarios for tablets and ultrabooks

Startech USB21000S2 sources:
B&H Video - StarTech USB 2.0 to Gigabit Ethernet NIC Network Adapter
NewEgg - StarTech USB 2.0 to Gigabit Ethernet NIC Network Adapter
TigerDirect - StarTech.com USB to Gigabit Ethernet NIC
Amazon - StarTech USB 2.0 to Gigabit Ethernet NIC Network Adapter
CDW - StarTech.com USB 2.0 to Gigabit Ethernet NIC

LAN7500 another source:
NewEgg - SIIG JU-NE0311-S1 USB 2.0 Gigabit Ethernet Adapter
Dell - USB 2 to Gigabit Ethernet (PXE) Euro

Realtek RTL8153 sources:
Amazon - Anker® USB 3.0 to Gigabit Ethernet LAN with RTL8153
SybaUSA - Gigabit Ethernet USB 3.0 Adapter: SI-ADA24037
Amazon - SYBA SI-ADA24037 Gigabit Ethernet USB 3.0 Adapter
NewEgg - SYBA SI-ADA24037 Gigabit Ethernet USB 3.0 Adapter

the Dell XPS 15 9350 laptop does not have a built-in ethernet port

the Dell Model D3000 superdock has an ethernet port, it is not supported by the BIOS in the XPS 15 9350, for PXE booting, it has a DisplayLink Network Adapter NCM, Action Star Enterprise Co., Ltd. ethernet NIC attached to the end of a USB bus

3/26/2014

VirtualBox, Speeding up a guest VM

virtualbox is a virtual machine technology that runs on many host operating systems

virtualbox offers a number of "device types" for storage controller

IDE slowest
SATA fast
SCSI faster
SAS fastest

choosing the fastest supported by an guest operating system can substantially speed up the vm

rules of thumb:
IDE for XP
buslogic SCSI for old Linux
lsilogic SCSI for 2003 or Vista and 2008
lsi-sas for Windows 7 and later

[ always make sure the "Host I/O" option is "checked" ]

existing virtual disks can be moved from one controller type to another

[ avoiding the infamous STOP 0x7B ]

for windows a new controller should be added to the vm while it is shutdown
boot from the original controller, let pnp install a driver for the new controller
shutdown and move the boot volume and all other volumes to the new controller

use IDE for CD/DVD mounting and to control the favored boot device order

for linux if after adding a new controller type
the boot kernel complains it cannot find any volumes

Reading all physical volumes
No volume groups found
Volume group "VolGroup00" not found
(Unable to access resume device (/dev/VolGroup00/LogVol01)
mount could not find filesystem '/dev/root'

a new controller should be added to the vm while it is shutdown
boot from the original controller and use mkinitrd to build a new initrd

See how-to-migrate-rhel5-kvm-to-hyper-v for a mkinitrd demonstration

3/23/2014

Teamviewer, Speeding up Video

# Teamviewer (remote web session) connecting to a host appears slow and barely responsive

on W7 and W2008r2, some graphics chips like the G200E will not perform well with hardware acceleration enabled, on W8, W2012r2, hardware acceleration is automatically disabled for the duration of an RDP or Web session and re-enabled after the session terminates

to disable video hardware acceleration manually on W7 or W2008r2, read on

note: you cannot do this while connected using RDP, you can do this while connected using Teamviewer, or while standing in front of the server using the local video console (or using iLO), RDP will [grey out] the link to disable the option (counter-intuitive uselessness.. )

# On the remote (session server) right click on the desktop, select "Screen resolution"

# "Advanced settings", "Troubleshoot", "Change settings"

# Change the hardware acceleration from "Full" to "None", click "Ok"

3/19/2014

Coldfusion on Linux, Too many open Files

if your

# /opt/coldfusion9/logs/cfserver.log

file is filling up quite suddenly

it might be because the jvm is dependent on the operating system for opening files

the operating system has a global limit

a typical CF9 server runs this many open files idle:

lsof -c coldfusion | wc -l
812

the user account the jvm process runs under has a user limit

(if the user account your coldfusion server runs under is called 'coldfusion' you can checkit by 'switch user' to that account, if it is a different account like apache or httpd, you can 'switch user' to that account and run the following commands)

# su - coldfusion

this will list the "hard" limit

# ulimit -Hn
1024

this will list the "soft" limit

# ulimit -Sn
1024

you can raise the limit for an account by:

# vi /etc/security/limits.conf

add lines:

coldfusion nofile 65536
coldfusion nofile 65536

or raise them for everyone:

* nofile 65536
* nofile 65536

you will probably have to restart the jvm process running the jrun severlet container holding the coldfusion process, or just reboot the server to make sure it gets the new more liberal restrictions

3/18/2014

ColdFusion on Linux, Out Of Memory

if you get an "Out of Memory" error or "Too Many Files Open" error when running coldfusion on linux

it could be and is likely to be

/opt/coldfusion9/logs/cfserver.log

has grown to larger than 500 MB

especially long queries can trip the timeout limits set in the server settings and any monitoring you have turned on, exacerbating the problem by filling the log up even faster

on linux the cfserver.log file cannot be limited or rotated by the coldfusion process itself because it is attached to the standard out of the original process which spawn all the service threads

it is appropriate to use the native linux "logrotate" service

# man page logrotate

/usr/sbin/logrotate

/etc/logrotate.conf
/etc/logrotate.d

/etc/cron.hourly
/etc/cron.daily
/etc/cron.weekly
/etc/cron.monthly

by default the logrotate service is called by the master logrotate cron task in /etc/cron.daily

it sources the /etc/logrotate.conf for global default behavior, which includes all of the files in the

/etc/logrotate.d directory

generally there is one file named after the service whose logs that file explains how to rotate

logrotate can truncate log files, or perform a service shutdown and restart, after copying and optionally compressing and emailing the log files

to run logrotate more often use

# crontab -e

with a custom task

0 * * * * /usr/sbin/logrotate -f /etc/logrotate.d/coldfusion

to test a logrotate configuration file, force a premature logrotate

/usr/sbin/logrotate --force -f /etc/logrotate.d/coldfusion

logrotate can "decide" to rotate based on size, or by last time run as indicated by a files date stamp

you may try rotating the cfserver.log file by the logrotate "copytruncate" directive

you may try rotating the cfserver.log file by the "postrotate" command to stop and start

if you use the "postrotate" option it may not restart coldfusion with all of the environment variables

http://rachaelandtom.info/content/coldfusion-forgets-use-utf-8-files-after-logs-rotated

/opt/coldfusion9/logs/cfserver.log {
  missingok
  rotate 5
  size=250M
  compress
  postrotate
         /sbin/runuser -s /bin/bash root -c "export LANG=en_GB.UTF-8 ;

/etc/init.d/coldfusion_9 restart"

 endscript

}

Coldfusion on Linux, Slow to Start

# check the name resolution of your hostname from the server
hostname

# if the IP address returned is wrong, its likely /etc/resolv.conf doesn't have a domain line
nslookup hostname

# startup could take as long as 568 seconds ~ 10 minutes (10 seconds is normal, 10 min is not)
service start coldfusion

# shutdown could take longer
service stop coldfusion

the reason is the coldfusion process runs inside of a jrun webapp service, which runs inside a java virtual machine

when the jrun process starts up it performs a JNDI query to find the hosts public IP address

if the resolv.conf does not have a domain directive, it will begin "guessing" the fully qualified name by appending any search directive suggestions, against all of the available nameservers

this can take a really long time, to "timeout" which will be logged in either

/opt/coldfusion9/logs/cfserver.log
/opt/coldfusion9/runtime/logs/jrun-server.log

the jrun service will not quit trying until its exhausted all possibilities, and the coldfusion webapp will not be loaded and started until jrun gives up, and any DNS server could return a false positive to direct the client to an error page

[QuickFix] put an entry in /etc/hosts for the IP address and hostname

[BetterFix] put a domain line in /etc/resolv.conf to fully resolve the FQDN of the host in DNS

[BestFix] make sure the FQDN is registered in a DNS server and is resolvable by the host

3/15/2014

How to Migrate a rhel5 kvm to hyper-v

# make a directory for the virtual machine on the hyper-v 2012 vhost
mkdir C:\RHEL5-VM

# smb mount the KVM file system
net use \\kvm-server.mydomain.com\kvm-disk-share z:

# change to the mounted file system
cd \\kvm-server.mydomain.com\kvm-disk-share

# copy the KVM disk to the Hyper-V server
copy rhel5.disk C:\RHEL5-VM

# unmount the smb mounted KVM file system
net use \\kvm-server.mydomain.com\kvm-disk-share /delete

# download the vhdtool from Microsoft
http://archive.msdn.microsoft.com/vhdtool/

# append a vhd header to the raw disk file
PS C:\disks> .\VHDTool.exe /convert .\rhel5.disk

# rename the raw disk file as a .vhd file
PS C:\disks> ren .\rhel5.disk .\rhel5.vhd

# the following is a known problem after RHEL5.9

Reading all physical volumes
No volume groups found
Volume group "VolGroup00" not found
(Unable to access resume device (/dev/VolGroup00/LogVol01)
mount could not find filesystem '/dev/root'

Kernel Panic

#the following is the known solution after RHEL5.9

Booting after updating from RHEL 5.8 to 5.9 on Hyper V guest fails with a kernel panic.
Updated February 11 2013 at 11:48 PM

https://access.redhat.com/site/solutions/298243

Resolution

# download the rhel5 install media from rhn.redhat.com

# configure the settings for the vm to boot from the .iso image

#boot to : linux rescue

# chroot to the mounted filesystem
chroot /mnt/sysimage

# add following in /etc/modprobe.conf

alias eth0 hv_netvsc
alias scsi_hostadapter hv_storvsc

# run following command to create a new initrd file with Hyper-V modules.

mkinitrd /boot/initrd-2.6.18-348.1.1.el5.img 2.6.18-348.1.1.el5 --preload hv_storvsc --preload hv_vmbus --preload hv_utils -f

Configure X server to run under Hyper-V

# edit the /etc/X11/xorg.conf file

# change Section "Device" Driver to "vesa"

# change Section "Screen" DefaultDepth to 16

# change SubSection "Display" Depth to 16

# reboot to commit changes to disk
shutdown -r now

# remove the install media from the virtual cdrom drive

3/13/2014

How to Use a CAS with Active Directory

# reconfig authentication handlers
cd /opt/cas-server-3.4.11/cas-server-webapp/src/main/webapp/WEB-INF
vi deployerConfigContext.xml

# replace this this section
<property name="authenticationHandlers">
<list>

<bean class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"
    p:httpClient-ref="httpClient" />

<bean class="org.jasig.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler" />
</list>
</property>

# with this
<property name="authenticationHandlers">
<list>
<bean class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"
p:httpClient-ref="httpClient" />
<bean class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler"
p:filter="sAMAccountName=%u"
p:searchBase="DC=my,DC=domain,DC=com"
p:contextSource-ref="contextSource"
p:ignorePartialResultException="true"/>
</list>
</property>

# replace this section
<bean id="attributeRepository"
class="org.jasig.services.persondir.support.StubPersonAttributeDao">
<property name="backingMap">
<map>
<entry key="uid" value="uid" />
<entry key="eduPersonAffiliation" value="eduPersonAffiliation" />
<entry key="groupMembership" value="groupMembership" />
</map>
</property>
</bean>

# with this
<bean id="attributeRepository"
class="org.jasig.services.persondir.support.ldap.LdapPersonAttributeDao">
<property name="baseDN" value="DC=my,DC=domain,DC=com"/>
<property name="contextSource" ref="contextSource"/>
<property name="requireAllQueryAttributes" value="true"/>
<property name="queryAttributeMapping">
<map>
<entry key="username" value="sAMAccountName"/>
</map>
</property>
<property name="resultAttributeMapping">
<map>
<entry key="cn" value="Name"/>
</map>
</property>
</bean>

# add the following before the </beans> tag
<bean id="contextSource" class="org.springframework.ldap.core.support.LdapContextSource">
<property name="pooled" value="false"/>
<property name="url" value="ldaps://192.168.2.215:3269" />
<property name="userDn" value="username@my.domain.com"/>
<property name="password" value="**********"/>
<property name="baseEnvironmentProperties">
<map>
<entry key="com.sun.jndi.ldap.connect.timeout" value="3000" />
<entry key="com.sun.jndi.ldap.read.timeout" value="3000" />
<entry key="java.naming.security.authentication" value="simple" />
</map>
</property>
</bean>

# reconfig source code dependencies
cd /opt/cas-server-3.4.11/cas-server-webapp
vi pom.xml

# add the following after the <dependencies> tag
<dependency>
<groupId>${project.groupId}</groupId>
<artifactId>cas-server-support-ldap</artifactId>
<version>${project.version}</version>
</dependency>

# recompile the jasig cas-server webapp
cd /opt/cas-server-3.4.11
mvn install

# [ if it fails to compile, run "mvn install" again, it often completes without error ]

# copy the webapp (war) file into place
cp /opt/cas-server-3.4.11/cas-server-webapp/target/cas.war /usr/share/tomcat5/webapps
chown root.tomcat cas.war
service tomcat5 restart

# the directory validates a username, using its password
https://localhost:8443/cas/

Log In Successful

cd /var/log/tomcat5/catalina.out
tail catalina.out

ACTION: TICKET_GRANTING_TICKET_CREATED
APPLICATION: CAS
WHEN: Tue Mar 11 23:59:08 CDT 2014
CLIENT IP ADDRESS: 192.168.2.12
SERVER IP ADDRESS: 192.168.2.219

How to Install a JaSig CAS on RHEL5

Install RHEL5 x86_64
Subscribe to Red Hat Network for updates
Subscribe to "Supplementary" software channel through RHN

# subscribe to epel
rpm -Uvh http://dl.fedoraproject.org/pub/epel/5/x86_64/epel-release-5-4.noarch.rpm

# install sun java
yum install java-1.6.0-sun java-1.6.0-sun-devel java-1.6.0-sun-jdbc java-1.6.0-sun-src

# config for x86_64 versions
alternatives --config java
alternatives --config javac

# install tomcat5
yum install tomcat5 tomcat-native tomcat5-jsp-2.0-api tomcat5-server-lib tomcat5-common-lib tomcat5-servlet-2.4-api tomcast5-webapps tomcat5-admin-webapps

# generate a self-signed certificate
cd /usr/share/tomcat5
keytool -genkey -alias tomcat -keystore ./keystore -keyalg RSA
<What is your first and last name? use "localhost.localdomain" >
<use the password "changeit" twice, and set the passphrase to "changeit">

# configure tomcat5 to listen on port 8443 for an https protocol connection
cd /usr/share/tomcat5/conf
vi server.xml

# uncomment this section 
<Connector port="8443" maxHttpHeaderSize="8192"
           maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
           enableLookups="false" disableUploadTimeout="true"
           acceptCount="100" scheme="https" secure="true"
           clientAuth="false" sslProtocol="TLS" />

# change it to this
<Connector port="8443" maxHttpHeaderSize="8192"
           maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
           enableLookups="false" disableUploadTimeout="true"
           acceptCount="100" scheme="https" secure="true"
           clientAuth="false" sslProtocol="TLS"
           keystoreFile="keystore"
           keystorePass="changeit" />

# add an exception for the self-signed certificate, to view the tomcat admin page
https://localhost:8443/admin

# install the maven build tool
cd ~
wget http://mirrors.gigenet.com/apache/maven/maven-3/3.0.5/binaries/apache-maven-3.0.5-bin.tar.gz
su -c "tar -zxvf apache-maven-3.0.5-bin.tar.gz -C /opt/"
su -c "vi /etc/profile.d/maven.sh"

# add the following lines to maven.sh
export M2_HOME=/opt/apache-maven-3.0.5
export M2=$M2_HOME/bin
PATH=$M2:$PATH

# maven often runs out of resources while compiling, make them larger
su -c "vi /etc/mavenrc"

# add the following line to mavenrc
MAVEN_OPTS="-Xms256m -Xmx1024m -Xss1024k"

# [ exit the current shell or start a new shell to use the new profile settings ]

# compile the jasig cas-server webapp, disabling the tests during compile
cd ~
wget http://downloads.jasig.org/cas/cas-server-3.4.11-release.tar.gz
su -c "tar -zxvf cas-server-3.4.11-release.tar.gz -C /opt/"
cd /opt/cas-server-3.4.11
mvn -Dmaven.test.skip=true package install

# [ if it fails to compile, run "mvn install" again, it often completes without error ]

# copy the webapp (war) file into place
cp /opt/cas-server-3.4.11/cas-server-webapp/target/cas.war /usr/share/tomcat5/webapps
chown root.tomcat cas.war
service tomcat5 restart

# the demo validates a username, using the username, as its password
https://localhost:8443/cas/
admin
admin

Log In Successful

# other considerations
/usr/share/tomcat5/webapps/cas/WEB-INF/classes/log4j.xml

# or consider this before compiling the cas server
/opt/cas-server-3.5.2.1/cas-server-webapp/src/main/webapp/WEB-INF/classes/log5j.xml

the default location for creating cas.log and perfStats.log would be /usr/share/tomcat5

if not directed to the /usr/share/tomcat5/logs directory

[ catalina.out will log permission denied errors ]

# change this
     <appender name="cas" class="org.apache.log4j.RollingFileAppender">
        <param name="File" value="cas.log" />
        <param name="MaxFileSize" value="512KB" />
        <param name="MaxBackupIndex" value="3" />
        <layout class="org.apache.log4j.PatternLayout">
            <param name="ConversionPattern" value="%d %p [%c] - %m%n"/>
        </layout>
    </appender>

# change to this
    <appender name="cas" class="org.apache.log4j.RollingFileAppender">
        <param name="File" value="logs/cas.log" />
        <param name="MaxFileSize" value="512KB" />
        <param name="MaxBackupIndex" value="3" />
        <layout class="org.apache.log4j.PatternLayout">
            <param name="ConversionPattern" value="%d %p [%c] - %m%n"/>
        </layout>
    </appender>

# change this
    
    <appender name="fileAppender" class="org.apache.log4j.FileAppender">
        <param name="File" value="perfStats.log"/>
        <layout class="org.apache.log4j.PatternLayout">
            <param name="ConversionPattern" value="%m%n"/>
        </layout>
    </appender>

# change to this
    
    <appender name="fileAppender" class="org.apache.log4j.FileAppender">
        <param name="File" value="logs/perfStats.log"/>
        <layout class="org.apache.log4j.PatternLayout">
            <param name="ConversionPattern" value="%m%n"/>
        </layout>
    </appender>

# consider deploying apache as a front end
# configure iptables to permit port 80, 443

yum install httpd mod_ssl

vi /etc/httpd/conf/http.conf

# insert this at the bottom

<VirtualHost *:80>
RewriteEngine On
RewriteRule ^/.*$ https://localhost/cas [L,R]
</VirtualHost>

vi /etc/httpd/conf.d/proxy_ajp.conf

# insert this at the bottom
ProxyPass /cas ajp://localhost:8009/cas

3/03/2014

Rise of the Pocket and Folio computer

Hand computer sounds so disdainful. As if it were a dishrag to be discarded, I much prefer the term "Pocket Computer".

But that conjurs visions of an antiquated PDA (personal data assistant) like the PalmPilot.

Thing was it was barely more than a calculator with a matrix display. For the day an HP48SX calculator was far more innovative and useful.

This is actually a modern day replica of the original made in the "Retro-style" to appeal to those of us who can still recall holding one in the palm of their hand.

SmartDeploy

I don't think I blog enough about some of the truly cool tools I get to use at work.

Well I say use.. but "figure out" is more accurate.. then I pass them along to the rest of the team for daily use.

SmartDeploy is a Windows toolkit for assembling boot media to deploy customized install images on Laptops, Desktops or Servers.

Its a really cool software suite that is simple to install. You download a binary and double click to install and it suggests/offers to install the Windows Automated Install Kit (WAIK) so that it can work with you to create WinPE media to perform a SysPrep or captured images to your target hardware "platform".

It's got a lot of facets and features to it.

After install you'll immediately notice Four new shortcuts pinned to your Start Menu


Start Menu

I've slightly relabeled them here but they carry the gist of what they do with the new labels:

1. Build a VM Wizard - will automatically build a VM for example in VMWare Player
2. Capture VM Wizard - will automatically Capture a Microsoft [.wim] format copy of that VM
3. Make NetBoot Media Wizard - will automatically create a WinPE environment (with) an embedded SmartDeploy control panel to pre-process and merge an unattend.xml file into WinPE and add a "Platform Pack" to support network and storage for that target hardware platform

Windows Deployment Services is merely Microsofts implementation of the NetBoot PXE standard process of starting Netbootable platforms across a network with an Installation environment.

The Platform Manager is probably the nicest piece of their innovation.

The Platform Manager is a simple File walker/virtual installer that creates a file called a "Platform Pack" which is essentially a "bundle" of Third Party drivers unpacked and preinstalled in the platform pack file, made up of files obtained from a Third Party for that hardware "platform".

A hardware "platform" could be for a specific laptop model for Dell, or for a laptop model for HP.

These platform pack files all end in three letter suffixes .ppk for "platform pack" or "platform package"

There is enormously more to the platform pack "system" than I'm letting on.. the SmartDeploy control panel built into every WinPE boot media also has "WMI" query tool and can query the target platform before installation to ask "who are you? answer > DELL" or "what are you? answer > Model 360 laptop which can be used to "Navigate" a single driver pack which includes drivers for multiple hardware platforms to find a specific set of drivers for install and post install boot up.

And for "first tier" supported systems.. mostly the laptops.. they have "prebuilt" driver pack files you can download from their website.. just point your browser.. click and download. At no cost as long as you have an existing general support contract. Or you can make your own using the Platform Manager. You can even browse what they have available before you buy. And requesting a new first tier supported platform pack is no cost.. and generally provided within the same day if not within hours.

"Second tier" are more like "Servers" which might require some special support assistance to create.. for an extra consulting fee.

"Third Tier" I gather is more for home grown "whiteboxes" as custom as you'd like to get... Embedded Point of Sales systems perhaps?

Additionally, SmartDeploy let's you add "Tasks" in one of several phases while booting the WinPE environment on the target:

1. PREINSTALL - before the system is partitioned and and image is laid down
2. POSTINSTALL - after the system is imaged
3. FIRSTBOOT - upon first startup, while running as the system computer account
4. FIRSTLOGIN - upon first user login one time

The Netboot media is how we use it.. but you can also make .ISO images for burning later (or using as virtual media in say an HP iLO situation) or USB flash media for booting SmartDeploy on the target

The SmartDeploy system includes network resources so you can reference a .wim install image stored on a network, or locally on a hard drive or USB media and it includes the ability to "Take an Image" of a target platform... performing an ad-hoc capture before install.

Recently we were looking at deploying a Hyper-V cluster and needed a reliable deployment system that let us create our images on a remote system.. refresh as often as we'd like, then capture and deploy to a blade farm/microsoft failover cluster. We found SmartDeploy already had a platform pack for deploying to Hyper-V virtual machines.. which is essentially installing the Integration services to smarten up a Hyper-V VM instance so that it "knows" its on a Hyper-V host and to take full advantage of that fact. that may seem a small task.. but when you are use to installing Windows from an ISO then repeatedly download and installing Updates and Service packs forever and a day.. it speeds things up immeasurably.

Something that I haven't stressed enough is this is a complete sysprep compliant system that doesn't violate any of Microsoft's rules about generalizing or the oobe experience. It's fully integrated with that system and puts a very functional, very organized face on top of a usually very complex topic.

Though it doesn't support Linux or other "black box" file systems opaque to the Microsoft tools.. I can just barely see the possiblity of including something like Macrium in the environment which does and in that way get a very functional two for one tool.

It does include a VNC remote console feature and some type of "Cloud" system to direct traffic.. but I don't see it as functional as the extremely simple Teamviewer product at this time.

Fixer Upper

I read a lot about health and fitness, exercising and the things your suppose to do right by your body.

Attention being what it is, sometimes my mind drifts, more often than not after having to pull a few allnighters.. that inevitably turn into all week allnighters.

Well, February was one of those unending nights.. and now its time to set some things right again.

In a way its a good thing because it throws me out of my mind space and to get back in I have to self assess and study the "airlock" as it were to let myself back in.. its not as simple as "Open the Pod Bay Doors Hal.." or "Open Says Me.."

To wit..

Supplements, what am I currently taking and consider of value?

That's a good question and one that needs examination from time to time.

I read a few web sources like Examine.com and Bloodsugar101.com which currently say the most common things are found deficit in with no regards to special cases or diseases are Vitamin D3, Vitamin K2 and some way of controlling or avoiding sugar.

It kind of goes without saying as well that we're all Calcium deficient, Magnesium deficient and don't really try to moderate high calorie foods with fiber at the same time.. we've drifted into large portions to give us that stuffed bulk feeling without mixing in the fiber.. partially out of guilt.. and the "clean your plate" way of thinking.

So I've generally tried to start my day with a small portion of high calorie Mixed Nuts and water.. followed by a huge Salad at lunch topped with chicken. And then some kind of low carb final meal of the day.

To my way of thinking Carbs.. if you must should be consumed early in the day.. and preferably mixed in with a lot of non-digestible fiber.. or not at all. And if its a dessert, only after the meal has partially insulated you and our digestive system has begun to shun more calories.. what is they say about sleep.. the most important part comes first? I tend to think that way about eating.. vitamins and minerals, proteins and fats first.. then the optional.. high cholesterol spiking sugars.

And while I wail about Carbs.. only with lots of pure water.. our kidney's need a break when trying to flush all that gunk out of our systems.. have a heart.. please.

I just don't see anything biologically beneficial from pure raw sugars these days.. they are sweet,, addictive.. and brain numbing.. I would never say I don't eat them.. but they are a handicap.. more of a burden when you think about what they are doing to us.

We have enzymes and feedback loops to handle and shun excess fat consumption.. but we're as transparent as glass when you pour raw sugar into our guts.. in a way we have to be.. unfortunately we're not good filter paper either.. anything that looks like glucose chemically tends to pour straight into the blood stream. Its really scary how fast sugar can raise blood glucose and crowd out anything else like vitamins, minerals, proteins, blood cells.. the molarity of the blood stream is finite and mechanical.. if you stuff it with something useless.. you by default choke off everything else.. empty calories my foot! They are anything but "empty" they fill our arteries and veins to "bursting" levels like motor oil in a fuel line. Its no wonder blood pressure rises after dessert.

So exercise.. yeah I do that.. for stress relief as much as anything else. But its hard not to wimp out and go run on the track or do cardio.. another "vice".. cardio is "easy" you can build up a sweat and feel you've accomplished something pretty quickly.. but from what I've read its really "not that good for you.." especially the older you get. Amping up the AMPK in our cells tends to prevent muscle recovery and "slim" you down not just from fat loss.. but real muscle loss too.. which is scary. Rather load bearing exercise seems to be more healthy, just not as fun. And enough that it isn't just "stunt lifting" but real work.

As for what to do about muscle and bone loss as we get older. In my case I've had some success with following Doctors orders.. taking Calcium supplements.. taking whey and taking some Creatine.

Some recent interests include Niagen the NADH+ booster and B6 or p5p.. and for older folks it seems MethylCobamin and Folate are just so neglected.. we forget about them.

Ultimately I'd like to investigate Alpha Lipoic Acid and L-Cartinine and if my blood sugars ever warrant it from my Doctor Metformin and Acarbose.

Well that's whats up with me.

John Willis