Jenkins is a very nice solution to a number needs outside of automated builds. Use as a general batch solution is feasible at smaller scales. This has further improved recently with the credentials plugin. This makes it pretty easy to setup jobs which use certificates to access subversion instead of requiring a specific persons credentials which require a much more regular change. Of course, this works best when an organization has the infrastructure to securely manage certificates.
[2014/05/20] Works! It seems easiest to setup 2 separate Apache Virtual servers though; one with Basic Auth and the other with Certificate auth.
Related to general batch processing, the Elastic Axis plugin is a great solution. This is a perfect fit for when you have load balanced servers implementing an application and you need to run a job on any one but only one of them. You can take an application node offline and Jenkins/Elastic Axis will happily pick an available node out of the remaining configured nodes.
My wish list for Jenkins includes a few enhancements which would improve some things to a large extent - this mainly revolves around new/improved support for high availability, multiple masters with fail-over and a clear/clean clustering solution. A database backed job store might be a big plus depending on how the previously mentioned features were implemented. I would love to be able to easily integrate Jenkins into our DR environment but as it stands it is a more manual integration.
Monday, October 7, 2013
Java security manager policy mechanism and non-trivial applications
We have a "pest" bothering us and to deal with the issue we decided to implement multiple security mechanisms. The mechanism I am currently working on revolves around the age old Java security manager policy. This really should be done at initial design/implementation if it is done at all. A multitude of open source libraries isn't making this easy. Not complaining mind you - just wishing that security was part of the initial requirements for all open source libraries. Unfortunately, there are some pretty popular libraries which are somewhat troublesome and securing them is a bit disconcerting. I can't comment on what libraries I am referencing out of security concerns and respect for my employer. I will say that this is making my recommendation for complete removal of the libraries much easier to justify.
The general process to getting the security manager working with an existing application is:
* start application server with security manager enabled
* access application while monitoring logs
* when a failure occurs; update the policy file based on data in the log, clear logs and start this process over again
The app server logging is pretty good; it almost always contains 'denied' in the message and many times the remainder of the content can be cut/pasted nearly as is into the policy file. There are times that debugging isn't easy; as when there are problems with components which start up early and/or eat exceptions instead of logging.
I would not bother trying to debug the security manager polices by setting
The general process to getting the security manager working with an existing application is:
* start application server with security manager enabled
* access application while monitoring logs
* when a failure occurs; update the policy file based on data in the log, clear logs and start this process over again
The app server logging is pretty good; it almost always contains 'denied' in the message and many times the remainder of the content can be cut/pasted nearly as is into the policy file. There are times that debugging isn't easy; as when there are problems with components which start up early and/or eat exceptions instead of logging.
I would not bother trying to debug the security manager polices by setting
-Djava.security.debug=allthat just generates way too much useless data. I think that
-Djava.security.debug=policy,accessis a better setting which gives a good amount of data to help in resolving failures and understanding what the application is accessing.
Tuesday, September 3, 2013
Welding - Stainless Steel (gasless) fluxcore wire .035 - muffler project
I decided to weld on my new muffler. It was not very easy finding information on stainless steel (gasless) fluxcore MIG wire. I finally found a source with some reasonable options for this small project.
http://www.use-enco.com/1/1/44828-308lfco-035-01-welders-choice-stainless-steel-gasless-mig-welding-wire.html
These folks did a nice job; delivery was prompt and hassle free. The selection and cost seemed reasonable for such a small quantity of wire.
I am pretty new to welding and am self-taught so this was an interesting project overall. My impression is that the wire could work pretty well with the right setup. I didn't really have a good way to dial in the best settings and I think my stab at the setup was a bit on the low side. I ran settings which were about the same as for plain fluxcore wire of the same size. I was trying to be somewhat careful because I had to run an extension cord to the welder and I was only running off 110v since I have yet to install a 220v outlet.
For prep, I did run a wire wheel and grinder over the area on the old exhaust where I would be joining the pieces. I cleaned the new exhaust and some of the connector pieces with some acetone to get rid of the oil/grease/etc residue. Left plenty of time for the vapors to clear.
For the actual welding, I ended up laying down a very thick bead and it may have been a bit on the cold side (as a followup, this was true on another stainless project I tried - I think installing the 220v outlet would be wise if doing much of this). It was hard to tell how much was wire/setup versus lack of skill since I did most of this laying under the truck which probably isn't the best thing to do as a new welder. I have a lot more respect for folks who do this kind of work - regardless of their skill level. It certainly was taxing physically and mentally in the heat with the safety gear.
Note: I did put a welding blanket over the gas tank though - better safe than sorry. I also covered myself with it at times as well. The blanket was in addition to my welding jacket and leather smock. Be careful with the welding helmet on; peripheral vision is minimal and I head butted the rotor a good number of times.
Someday I hope to have a garage with a small vehicle lift; projects like this would be more enjoyable that way. It was still a good learning experience though.
Hope this inspires someone to try something new. Learn from the experience but be content even if the result isn't perfect.
http://www.use-enco.com/1/1/44828-308lfco-035-01-welders-choice-stainless-steel-gasless-mig-welding-wire.html
These folks did a nice job; delivery was prompt and hassle free. The selection and cost seemed reasonable for such a small quantity of wire.
I am pretty new to welding and am self-taught so this was an interesting project overall. My impression is that the wire could work pretty well with the right setup. I didn't really have a good way to dial in the best settings and I think my stab at the setup was a bit on the low side. I ran settings which were about the same as for plain fluxcore wire of the same size. I was trying to be somewhat careful because I had to run an extension cord to the welder and I was only running off 110v since I have yet to install a 220v outlet.
For prep, I did run a wire wheel and grinder over the area on the old exhaust where I would be joining the pieces. I cleaned the new exhaust and some of the connector pieces with some acetone to get rid of the oil/grease/etc residue. Left plenty of time for the vapors to clear.
For the actual welding, I ended up laying down a very thick bead and it may have been a bit on the cold side (as a followup, this was true on another stainless project I tried - I think installing the 220v outlet would be wise if doing much of this). It was hard to tell how much was wire/setup versus lack of skill since I did most of this laying under the truck which probably isn't the best thing to do as a new welder. I have a lot more respect for folks who do this kind of work - regardless of their skill level. It certainly was taxing physically and mentally in the heat with the safety gear.
Note: I did put a welding blanket over the gas tank though - better safe than sorry. I also covered myself with it at times as well. The blanket was in addition to my welding jacket and leather smock. Be careful with the welding helmet on; peripheral vision is minimal and I head butted the rotor a good number of times.
Someday I hope to have a garage with a small vehicle lift; projects like this would be more enjoyable that way. It was still a good learning experience though.
Hope this inspires someone to try something new. Learn from the experience but be content even if the result isn't perfect.
Subscribe to:
Posts (Atom)