SlideShare a Scribd company logo

Deployment of WebObjects applications on FreeBSD

W
WO Community

With the rise of cloud computing and the death of the Xserve, learn how you can deploy your WebObjects applications on a FreeBSD server.

Technology
1 of 49
Download to read offline
WO on FreeBSD Miguel Arroz Global Village Consulting, Inc. WOWODC 2011
WO on FreeBSD
FreeBSD overview • UNIX System • BSD License (of course!) • Supports x86, amd64, pc98 as Tier 1 • Distributed and installed via FTP, HTTP, CD/DVD, etc.
FreeBSD overview • Integration and consistency • The same team handles the Kernel and user-land tools • Release engineering team
Installation • Pseudo-graphical installation • Very fast, low footprint • Installs only the essential, the rest is up to you
Networking • Everything you would expect from an UNIX system • Reference (KAME) IPv6 implementation
Documentation • FreeBSD Handbook (free, on freebsd.org) • Mail-lists
Security • Most software installs with safe default configuration • Installing a port prints a message with security information if appropriate • Easy to configure daily scan for security advisors on OS and installed ports • http://security.freebsd.org/
Security The following files will be updated as part of updating to 7.1-RELEASE-p16: /usr/lib/libssl.a /usr/lib/libssl.so.5 /usr/lib/libssl_p.a /usr/src/crypto/openssl/ssl/s3_clnt.c /usr/src/sys/conf/newvers.sh WARNING: FreeBSD 7.1-RELEASE-p15 HAS PASSED ITS END-OF-LIFE DATE. Any security issues discovered after Tue Feb  1 00:00:00 WET 2011 will not have been corrected.
FreeBSD versions • Major versions • May break binary and source compatibility. • Used to introduce new features, deprecate or remove unused stuff.
FreeBSD versions • Minor versions: • Maintain binary and source compatibility (main goal) • Bug fixes, mostly • New features (usually, small ones) if baked enough
FreeBSD versions • Security advisors and erratas: • Released for all the currently supported versions • Very easy to install, specially if you use GENERIC kernel • Fix security vulnerabilities and show-stopper bugs • Don’t break binary or source compatibility • Never introduce new features • Kernel and OS source is updated too if installed
Release cycles • Security advisors and erratas are only made available for currently supported FreeBSD releases • The life-time of each release depends on a few factors
Minor versions .0 .1 .2 .3 .4 Major versions 8 8.0 8.1 8.2 7 7.0 7.1 7.2 7.3 7.4 6 6.0 6.1 6.2 6.3 …
Minor versions .0 .1 .2 .3 .4 Major versions 8 8.0 8.1-P1 8.2-P1 8.1 8.1-P2 8.2 7 7.0 7.1 7.2 7.3-P1 7.4-P2 7.3 7.3-P2 7.4-P1 7.4 7.3-P3 6 6.0 6.1 6.2 6.3 …
Minor versions New security advisor New minor version .0 .1 .2 .3 .4 New security advisor Major versions 8 8.0 8.3 8.1 8.2-P1 8.3-P1 8.2 8.1-P1 8.2-P2 8.1-P2 8.2-P3 8.1-P3 8.1-P4 7 7.0 7.1 7.2 7.3 7.4-P1 7.4 7.3-P1 7.4-P2 7.3-P2 7.4-P3 7.3-P3 7.4-P4 7.3-P4 7.3-P5 6 6.0 6.1 6.2 6.3 …
Updating • If using GENERIC kernel, errata or security advisor is trivial: • freebsd-update fetch • freebsd-update install • reboot • If stuff happens: • freebsd-update rollback
Updating • Put this on cron to be warned when there’s a patch to install: • @daily root freebsd-update cron • Minor and major version updates can be done remotely, but are more complex • Check FreeBSD Handbook (24.2 - FreeBSD Update) • May need to recompile installed software • May need console access
Installing software • Packages • Ports • Traditional UNIX way (configure, make, make install)
Packages • Binary distributions • Usually smaller than source archives • No compilation required • Much faster, specially when there are many dependencies • pkg_add -r <package>
Ports • Packages are compiled with conservative options (must run on all hardware). Ports can be tuned. • Ports allow compile-time options configuration. • Some software licenses force source-only distribution. • May apply local patches. • The source is with you.
Port Tree • The port tree stays in /usr/ports • Installation using portsnap: • portsnap fetch • portsnap extract • Updating: • portsnap fetch • portsnap update
Installing a Port • Browser for ports: http://www.freebsd.org/ports/ • Install port (typical): • cd /usr/ports/<path to port> • make install clean • make config to see configuration menu
Updating ports • The easiest way to upgrade a port and it’s dependencies is using one of these utilities: • portupgrade • portmanager • portmaster • See Handbook (4.5.4 - Upgrading Ports)
Port security scan • Install ports-mgmt/portaudit • After installing, FreeBSD makes daily security scans on installed ports and notifies you of any released security advisors.
Checking for a current audit database: Database created: Wed Apr 21 03:10:01 WEST 2010 Checking for packages with security vulnerabilities: Affected package: sudo-1.7.2.5 Type of problem: sudo -- Privilege escalation with sudoedit. Reference: <http://portaudit.FreeBSD.org/1a9f678d-48ca-11df-85f8-000c29a67389.html> Affected package: gtar-1.22 Type of problem: gtar -- buffer overflow in rmt client. Reference: <http://portaudit.FreeBSD.org/c175d72f-3773-11df-8bb8-0211d880e350.html> 2 problem(s) in your installed packages found. You are advised to update or deinstall the affected package(s) immediately.
Jails • OS-level virtualization system • More isolation than chroot, less isolation than VM • Jail has its own kernel structures, binded IPs and superuser • Can be used to test software or isolate deployed services • Can’t use a different kernel • No live-migration
BSD Hypervisor • http://wiki.freebsd.org/201105DevSummit? action=AttachFile&do=get&target=BHyVe.pdf
Status !  Guest –  FreeBSD/amd64 releases 7.2 and 8.1 –  SMP - up to 8 virtual cpus –  I/O - virtio or pci passthru –  Minor kernel patches required !  Host –  FreeBSD/amd64 release 8.1 –  Unmodified GENERIC kernel !  Hardware –  Requires hardware virtualization assist with Nested Page Tables –  Intel VT-x is supported –  AMD-V support in progress 3
Init scripts • Shares a lot with Mac OS X startup items • /etc/rc.conf - switches and configurations • /etc/rc.d/<servicename> <action> • /etc/rc.d/sshd restart • /usr/local/etc/rc.d/<servicename> <action> • Scripts can specify provided and required services
hostname="andromeda.example.com" defaultrouter="XXX.XXX.XXX.XXX" ifconfig_em0="inet X.X.X.X netmask X.X.X.X" ifconfig_em0_alias0="inet X.X.X.X netmask 255.255.255.255" ifconfig_em1="inet X.X.X.X netmask X.X.X.X" ifconfig_em1_alias0="inet X.X.X.X netmask 255.255.255.0" static_routes="service multicast" route_service="-net X.X.X.X/8 X.X.X.X" route_multicast="-net X.X.X.X X.X.X.X" sshd_enable="YES" ntpdate_enable="YES" ntpdate_flags="time.service.example.com" syslogd_enable="YES" syslogd_flags="-ss" ntpd_enable="NO"
WO on FreeBSD
Kernel Tuning • File /etc/sysctl.conf: # Increase the number of maximum open file descriptors kern.maxfiles=65535 # Enough space to cache the full java launch command line, # so that we can see it in "ps" output instead of [java] kern.ps_arg_cache_limit=1024 # Limits the number of logging lines per logging rule net.inet.ip.fw.verbose_limit=5
Java • Diablo distribution (Sun JVM) • Port java/diablo-jdk16 • Installation may include time-zone updaters and JCE Policy files • All files must be downloaded manually due to licensing • The port will guide you
Apache • Port www/apache22
WebObjects • Two ways to install the WO frameworks on FreeBSD: • Using the WOPort • Manually • http://wiki.objectstyle.org/confluence/display/WO/Deploying +on+FreeBSD+8.2+and+WebObjects+5.4.3
Dual-network configurations
DB Server DB Server DNS WWW Server Updates Private Public WWW Server The Internets! App Server WWW Server App Server App Server App Server
Why? • Security • Data between wotaskd and other components • Data (RR) between adaptors and apps • Broadcasted and other custom data between apps • Hide database and other services from the public network • Save public IPs
Why? • Ideally, you should only expose ports 80 and 443
Network configuration • em0 with private IP • em1 with public IP • Add as much services as you can to private network
Software configuration • On file /usr/local/etc/rc.d/wotaskd: • command_args="${log_args} -WOHost 10.1.2.3" • On JavaMonitor: • Add hosts using their private IPs • Add -WOHost argument with private IP to apps
WOHostUtilities • WO Apps need to make sure requests for stats, shutdown, refuse new sessions, etc, are legit • Those requests must not came from web server, and their source must be localhost. • Problem is… private IPs are not considered localhost IPs by Java.
WOHostUtilities • Use Wonder, set er.extensions.WOHostUtilities.localhostips er.extensions.WOHostUtilities.localhostips=(10.1.2.1,10.1.2.2,10.1.2.3)
SoftLayer • Dual network configuration by default • VPN access to the private network • Free IPv6 for every server • Amazing support staff
One small detail… • FreeBSD + Adaptec 5405 RAID card = pain • Must use firmware 17574 or newer. • SoftLayer use this cards, request updated firmware or older card.
MONTREAL 1/3 JULY 2011 Q&A

Recommended

Apache Cayenne for WO Devs
Apache Cayenne for WO DevsApache Cayenne for WO Devs
Apache Cayenne for WO Devs
WO Community
 
Practical ERSync
Practical ERSyncPractical ERSync
Practical ERSync
WO Community
 
COScheduler
COSchedulerCOScheduler
COScheduler
WO Community
 
Batching and Java EE (jdk.io)
Batching and Java EE (jdk.io)Batching and Java EE (jdk.io)
Batching and Java EE (jdk.io)
Ryan Cuprak
 
Node.js Development with Apache NetBeans
Node.js Development with Apache NetBeansNode.js Development with Apache NetBeans
Node.js Development with Apache NetBeans
Ryan Cuprak
 
Don't Wait! Develop Responsive Applications with Java EE7 Instead
Don't Wait! Develop Responsive Applications with Java EE7 InsteadDon't Wait! Develop Responsive Applications with Java EE7 Instead
Don't Wait! Develop Responsive Applications with Java EE7 Instead
WASdev Community
 
Preparing for java 9 modules upload
Preparing for java 9 modules uploadPreparing for java 9 modules upload
Preparing for java 9 modules upload
Ryan Cuprak
 
Faster Java EE Builds with Gradle
Faster Java EE Builds with GradleFaster Java EE Builds with Gradle
Faster Java EE Builds with Gradle
Ryan Cuprak
 

Recommended

Apache Cayenne for WO Devs
Apache Cayenne for WO DevsApache Cayenne for WO Devs
Apache Cayenne for WO Devs
WO Community
 
Practical ERSync
Practical ERSyncPractical ERSync
Practical ERSync
WO Community
 
COScheduler
COSchedulerCOScheduler
COScheduler
WO Community
 
Batching and Java EE (jdk.io)
Batching and Java EE (jdk.io)Batching and Java EE (jdk.io)
Batching and Java EE (jdk.io)
Ryan Cuprak
 
Node.js Development with Apache NetBeans
Node.js Development with Apache NetBeansNode.js Development with Apache NetBeans
Node.js Development with Apache NetBeans
Ryan Cuprak
 
Don't Wait! Develop Responsive Applications with Java EE7 Instead
Don't Wait! Develop Responsive Applications with Java EE7 InsteadDon't Wait! Develop Responsive Applications with Java EE7 Instead
Don't Wait! Develop Responsive Applications with Java EE7 Instead
WASdev Community
 
Preparing for java 9 modules upload
Preparing for java 9 modules uploadPreparing for java 9 modules upload
Preparing for java 9 modules upload
Ryan Cuprak
 
Faster Java EE Builds with Gradle
Faster Java EE Builds with GradleFaster Java EE Builds with Gradle
Faster Java EE Builds with Gradle
Ryan Cuprak
 
12 Things About WebLogic 12.1.3 #oow2014 #otnla15
12 Things About WebLogic 12.1.3 #oow2014 #otnla1512 Things About WebLogic 12.1.3 #oow2014 #otnla15
12 Things About WebLogic 12.1.3 #oow2014 #otnla15
Frank Munz
 
Java EE 8
Java EE 8Java EE 8
Java EE 8
Ryan Cuprak
 
Java EE 8 Update
Java EE 8 UpdateJava EE 8 Update
Java EE 8 Update
Ryan Cuprak
 
Faster Java EE Builds with Gradle
Faster Java EE Builds with GradleFaster Java EE Builds with Gradle
Faster Java EE Builds with Gradle
Ryan Cuprak
 
Gradle - Build System
Gradle - Build SystemGradle - Build System
Gradle - Build System
Jeevesh Pandey
 
Play Framework and Activator
Play Framework and ActivatorPlay Framework and Activator
Play Framework and Activator
Kevin Webber
 
Boost Development With Java EE7 On EAP7 (Demitris Andreadis)
Boost Development With Java EE7 On EAP7 (Demitris Andreadis)Boost Development With Java EE7 On EAP7 (Demitris Andreadis)
Boost Development With Java EE7 On EAP7 (Demitris Andreadis)
Red Hat Developers
 
Scala play-framework
Scala play-frameworkScala play-framework
Scala play-framework
Abdhesh Kumar
 
Developing Java EE Applications on IntelliJ IDEA with Oracle WebLogic 12c
Developing Java EE Applications on IntelliJ IDEA with Oracle WebLogic 12cDeveloping Java EE Applications on IntelliJ IDEA with Oracle WebLogic 12c
Developing Java EE Applications on IntelliJ IDEA with Oracle WebLogic 12c
Bruno Borges
 
JavaCro'14 - Scala and Java EE 7 Development Experiences – Peter Pilgrim
JavaCro'14 - Scala and Java EE 7 Development Experiences – Peter PilgrimJavaCro'14 - Scala and Java EE 7 Development Experiences – Peter Pilgrim
JavaCro'14 - Scala and Java EE 7 Development Experiences – Peter Pilgrim
HUJAK - Hrvatska udruga Java korisnika / Croatian Java User Association
 
WebLogic on ODA - Oracle Open World 2013
WebLogic on ODA - Oracle Open World 2013WebLogic on ODA - Oracle Open World 2013
WebLogic on ODA - Oracle Open World 2013
Michel Schildmeijer
 
AAI 2236-Using the New Java Concurrency Utilities with IBM WebSphere
AAI 2236-Using the New Java Concurrency Utilities with IBM WebSphereAAI 2236-Using the New Java Concurrency Utilities with IBM WebSphere
AAI 2236-Using the New Java Concurrency Utilities with IBM WebSphere
Kevin Sutter
 
the Spring 4 update
the Spring 4 updatethe Spring 4 update
the Spring 4 update
Joshua Long
 
WebLogic authentication debugging
WebLogic authentication debuggingWebLogic authentication debugging
WebLogic authentication debugging
Maarten Smeets
 
Oracle WebLogic 12c New Multitenancy features
Oracle WebLogic 12c New Multitenancy featuresOracle WebLogic 12c New Multitenancy features
Oracle WebLogic 12c New Multitenancy features
Michel Schildmeijer
 
Gwt and rpc use 2007 1
Gwt and rpc use 2007 1Gwt and rpc use 2007 1
Gwt and rpc use 2007 1
Sam Muhanguzi
 
Play framework
Play frameworkPlay framework
Play framework
Andrew Skiba
 
20151010 my sq-landjavav2a
20151010 my sq-landjavav2a20151010 my sq-landjavav2a
20151010 my sq-landjavav2a
Ivan Ma
 
Spring 4 on Java 8 by Juergen Hoeller
Spring 4 on Java 8 by Juergen HoellerSpring 4 on Java 8 by Juergen Hoeller
Spring 4 on Java 8 by Juergen Hoeller
ZeroTurnaround
 
Spring boot Introduction
Spring boot IntroductionSpring boot Introduction
Spring boot Introduction
Jeevesh Pandey
 
Intro to Kernel Debugging - Just make the crashing stop!
Intro to Kernel Debugging - Just make the crashing stop!Intro to Kernel Debugging - Just make the crashing stop!
Intro to Kernel Debugging - Just make the crashing stop!
All Things Open
 
Enterprise manager cloud control 12c(12.1) &agent安装图文指南
Enterprise manager cloud control 12c(12.1) &agent安装图文指南Enterprise manager cloud control 12c(12.1) &agent安装图文指南
Enterprise manager cloud control 12c(12.1) &agent安装图文指南
maclean liu
 

More Related Content

What's hot

12 Things About WebLogic 12.1.3 #oow2014 #otnla15
12 Things About WebLogic 12.1.3 #oow2014 #otnla1512 Things About WebLogic 12.1.3 #oow2014 #otnla15
12 Things About WebLogic 12.1.3 #oow2014 #otnla15
Frank Munz
 
Java EE 8
Java EE 8Java EE 8
Java EE 8
Ryan Cuprak
 
Java EE 8 Update
Java EE 8 UpdateJava EE 8 Update
Java EE 8 Update
Ryan Cuprak
 
Faster Java EE Builds with Gradle
Faster Java EE Builds with GradleFaster Java EE Builds with Gradle
Faster Java EE Builds with Gradle
Ryan Cuprak
 
Gradle - Build System
Gradle - Build SystemGradle - Build System
Gradle - Build System
Jeevesh Pandey
 
Play Framework and Activator
Play Framework and ActivatorPlay Framework and Activator
Play Framework and Activator
Kevin Webber
 
Boost Development With Java EE7 On EAP7 (Demitris Andreadis)
Boost Development With Java EE7 On EAP7 (Demitris Andreadis)Boost Development With Java EE7 On EAP7 (Demitris Andreadis)
Boost Development With Java EE7 On EAP7 (Demitris Andreadis)
Red Hat Developers
 
Scala play-framework
Scala play-frameworkScala play-framework
Scala play-framework
Abdhesh Kumar
 
Developing Java EE Applications on IntelliJ IDEA with Oracle WebLogic 12c
Developing Java EE Applications on IntelliJ IDEA with Oracle WebLogic 12cDeveloping Java EE Applications on IntelliJ IDEA with Oracle WebLogic 12c
Developing Java EE Applications on IntelliJ IDEA with Oracle WebLogic 12c
Bruno Borges
 
JavaCro'14 - Scala and Java EE 7 Development Experiences – Peter Pilgrim
JavaCro'14 - Scala and Java EE 7 Development Experiences – Peter PilgrimJavaCro'14 - Scala and Java EE 7 Development Experiences – Peter Pilgrim
JavaCro'14 - Scala and Java EE 7 Development Experiences – Peter Pilgrim
HUJAK - Hrvatska udruga Java korisnika / Croatian Java User Association
 
WebLogic on ODA - Oracle Open World 2013
WebLogic on ODA - Oracle Open World 2013WebLogic on ODA - Oracle Open World 2013
WebLogic on ODA - Oracle Open World 2013
Michel Schildmeijer
 
AAI 2236-Using the New Java Concurrency Utilities with IBM WebSphere
AAI 2236-Using the New Java Concurrency Utilities with IBM WebSphereAAI 2236-Using the New Java Concurrency Utilities with IBM WebSphere
AAI 2236-Using the New Java Concurrency Utilities with IBM WebSphere
Kevin Sutter
 
the Spring 4 update
the Spring 4 updatethe Spring 4 update
the Spring 4 update
Joshua Long
 
WebLogic authentication debugging
WebLogic authentication debuggingWebLogic authentication debugging
WebLogic authentication debugging
Maarten Smeets
 
Oracle WebLogic 12c New Multitenancy features
Oracle WebLogic 12c New Multitenancy featuresOracle WebLogic 12c New Multitenancy features
Oracle WebLogic 12c New Multitenancy features
Michel Schildmeijer
 
Gwt and rpc use 2007 1
Gwt and rpc use 2007 1Gwt and rpc use 2007 1
Gwt and rpc use 2007 1
Sam Muhanguzi
 
Play framework
Play frameworkPlay framework
Play framework
Andrew Skiba
 
20151010 my sq-landjavav2a
20151010 my sq-landjavav2a20151010 my sq-landjavav2a
20151010 my sq-landjavav2a
Ivan Ma
 
Spring 4 on Java 8 by Juergen Hoeller
Spring 4 on Java 8 by Juergen HoellerSpring 4 on Java 8 by Juergen Hoeller
Spring 4 on Java 8 by Juergen Hoeller
ZeroTurnaround
 
Spring boot Introduction
Spring boot IntroductionSpring boot Introduction
Spring boot Introduction
Jeevesh Pandey
 

What's hot (20)

12 Things About WebLogic 12.1.3 #oow2014 #otnla15
12 Things About WebLogic 12.1.3 #oow2014 #otnla1512 Things About WebLogic 12.1.3 #oow2014 #otnla15
12 Things About WebLogic 12.1.3 #oow2014 #otnla15
 
Java EE 8
Java EE 8Java EE 8
Java EE 8
 
Java EE 8 Update
Java EE 8 UpdateJava EE 8 Update
Java EE 8 Update
 
Faster Java EE Builds with Gradle
Faster Java EE Builds with GradleFaster Java EE Builds with Gradle
Faster Java EE Builds with Gradle
 
Gradle - Build System
Gradle - Build SystemGradle - Build System
Gradle - Build System
 
Play Framework and Activator
Play Framework and ActivatorPlay Framework and Activator
Play Framework and Activator
 
Boost Development With Java EE7 On EAP7 (Demitris Andreadis)
Boost Development With Java EE7 On EAP7 (Demitris Andreadis)Boost Development With Java EE7 On EAP7 (Demitris Andreadis)
Boost Development With Java EE7 On EAP7 (Demitris Andreadis)
 
Scala play-framework
Scala play-frameworkScala play-framework
Scala play-framework
 
Developing Java EE Applications on IntelliJ IDEA with Oracle WebLogic 12c
Developing Java EE Applications on IntelliJ IDEA with Oracle WebLogic 12cDeveloping Java EE Applications on IntelliJ IDEA with Oracle WebLogic 12c
Developing Java EE Applications on IntelliJ IDEA with Oracle WebLogic 12c
 
JavaCro'14 - Scala and Java EE 7 Development Experiences – Peter Pilgrim
JavaCro'14 - Scala and Java EE 7 Development Experiences – Peter PilgrimJavaCro'14 - Scala and Java EE 7 Development Experiences – Peter Pilgrim
JavaCro'14 - Scala and Java EE 7 Development Experiences – Peter Pilgrim
 
WebLogic on ODA - Oracle Open World 2013
WebLogic on ODA - Oracle Open World 2013WebLogic on ODA - Oracle Open World 2013
WebLogic on ODA - Oracle Open World 2013
 
AAI 2236-Using the New Java Concurrency Utilities with IBM WebSphere
AAI 2236-Using the New Java Concurrency Utilities with IBM WebSphereAAI 2236-Using the New Java Concurrency Utilities with IBM WebSphere
AAI 2236-Using the New Java Concurrency Utilities with IBM WebSphere
 
the Spring 4 update
the Spring 4 updatethe Spring 4 update
the Spring 4 update
 
WebLogic authentication debugging
WebLogic authentication debuggingWebLogic authentication debugging
WebLogic authentication debugging
 
Oracle WebLogic 12c New Multitenancy features
Oracle WebLogic 12c New Multitenancy featuresOracle WebLogic 12c New Multitenancy features
Oracle WebLogic 12c New Multitenancy features
 
Gwt and rpc use 2007 1
Gwt and rpc use 2007 1Gwt and rpc use 2007 1
Gwt and rpc use 2007 1
 
Play framework
Play frameworkPlay framework
Play framework
 
20151010 my sq-landjavav2a
20151010 my sq-landjavav2a20151010 my sq-landjavav2a
20151010 my sq-landjavav2a
 
Spring 4 on Java 8 by Juergen Hoeller
Spring 4 on Java 8 by Juergen HoellerSpring 4 on Java 8 by Juergen Hoeller
Spring 4 on Java 8 by Juergen Hoeller
 
Spring boot Introduction
Spring boot IntroductionSpring boot Introduction
Spring boot Introduction
 

Similar to Deployment of WebObjects applications on FreeBSD

Intro to Kernel Debugging - Just make the crashing stop!
Intro to Kernel Debugging - Just make the crashing stop!Intro to Kernel Debugging - Just make the crashing stop!
Intro to Kernel Debugging - Just make the crashing stop!
All Things Open
 
Enterprise manager cloud control 12c(12.1) &agent安装图文指南
Enterprise manager cloud control 12c(12.1) &agent安装图文指南Enterprise manager cloud control 12c(12.1) &agent安装图文指南
Enterprise manager cloud control 12c(12.1) &agent安装图文指南
maclean liu
 
Continuous Security: From tins to containers - now what!
Continuous Security: From tins to containers - now what!Continuous Security: From tins to containers - now what!
Continuous Security: From tins to containers - now what!
Michael Man
 
Running CentOS on the Facebook fleet
Running CentOS on the Facebook fleetRunning CentOS on the Facebook fleet
Running CentOS on the Facebook fleet
Davide Cavalca
 
Security Onion
Security OnionSecurity Onion
Security Onion
johndegruyter
 
WSO2Con USA 2015: Revolutionizing WSO2 PaaS with Kubernetes & App Factory
WSO2Con USA 2015: Revolutionizing WSO2 PaaS with Kubernetes & App FactoryWSO2Con USA 2015: Revolutionizing WSO2 PaaS with Kubernetes & App Factory
WSO2Con USA 2015: Revolutionizing WSO2 PaaS with Kubernetes & App Factory
WSO2
 
2022-05-03 SoC Interest Group Meeting - Deploying and testing firmware-softwa...
2022-05-03 SoC Interest Group Meeting - Deploying and testing firmware-softwa...2022-05-03 SoC Interest Group Meeting - Deploying and testing firmware-softwa...
2022-05-03 SoC Interest Group Meeting - Deploying and testing firmware-softwa...
xiso
 
Medooze MCU Video Multiconference Server Installation and configuration guide...
Medooze MCU Video Multiconference Server Installation and configuration guide...Medooze MCU Video Multiconference Server Installation and configuration guide...
Medooze MCU Video Multiconference Server Installation and configuration guide...
sreeharsha43
 
This one goes to 11!
This one goes to 11!This one goes to 11!
This one goes to 11!
APNIC
 
Revolutionizing WSO2 PaaS with Kubernetes & App Factory
Revolutionizing WSO2 PaaS with Kubernetes & App FactoryRevolutionizing WSO2 PaaS with Kubernetes & App Factory
Revolutionizing WSO2 PaaS with Kubernetes & App Factory
Imesh Gunaratne
 
Habitat talk at CodeMonsters Sofia, Bulgaria Nov 27 2018
Habitat talk at CodeMonsters Sofia, Bulgaria Nov 27 2018Habitat talk at CodeMonsters Sofia, Bulgaria Nov 27 2018
Habitat talk at CodeMonsters Sofia, Bulgaria Nov 27 2018
Mandi Walls
 
Instalando Cacti no CentOS 5
Instalando Cacti no CentOS 5Instalando Cacti no CentOS 5
Instalando Cacti no CentOS 5
Carlos Eduardo
 
Open source Android 10 on Orange Pi: Meth or Reality?
Open source Android 10 on Orange Pi: Meth or Reality?Open source Android 10 on Orange Pi: Meth or Reality?
Open source Android 10 on Orange Pi: Meth or Reality?
GlobalLogic Ukraine
 
FreeBSD is not Linux
FreeBSD is not LinuxFreeBSD is not Linux
FreeBSD is not Linux
Muhammad Moinur Rahman
 
Introduction to Docker
Introduction to DockerIntroduction to Docker
Introduction to Docker
Nissan Dookeran
 
#WeSpeakLinux Session
#WeSpeakLinux Session#WeSpeakLinux Session
#WeSpeakLinux Session
Kellyn Pot'Vin-Gorman
 
Freeradius edir
Freeradius edirFreeradius edir
Freeradius edir
Jonas Segovia Velazquez
 
GlassFish v3 Update Center
GlassFish v3 Update CenterGlassFish v3 Update Center
GlassFish v3 Update Center
Eduardo Pelegri-Llopart
 
OTRS
OTRSOTRS
OTRS
Muhammad Qazi
 
Using and Customizing the Android Framework / part 4 of Embedded Android Work...
Using and Customizing the Android Framework / part 4 of Embedded Android Work...Using and Customizing the Android Framework / part 4 of Embedded Android Work...
Using and Customizing the Android Framework / part 4 of Embedded Android Work...
Opersys inc.
 

Similar to Deployment of WebObjects applications on FreeBSD (20)

Intro to Kernel Debugging - Just make the crashing stop!
Intro to Kernel Debugging - Just make the crashing stop!Intro to Kernel Debugging - Just make the crashing stop!
Intro to Kernel Debugging - Just make the crashing stop!
 
Enterprise manager cloud control 12c(12.1) &agent安装图文指南
Enterprise manager cloud control 12c(12.1) &agent安装图文指南Enterprise manager cloud control 12c(12.1) &agent安装图文指南
Enterprise manager cloud control 12c(12.1) &agent安装图文指南
 
Continuous Security: From tins to containers - now what!
Continuous Security: From tins to containers - now what!Continuous Security: From tins to containers - now what!
Continuous Security: From tins to containers - now what!
 
Running CentOS on the Facebook fleet
Running CentOS on the Facebook fleetRunning CentOS on the Facebook fleet
Running CentOS on the Facebook fleet
 
Security Onion
Security OnionSecurity Onion
Security Onion
 
WSO2Con USA 2015: Revolutionizing WSO2 PaaS with Kubernetes & App Factory
WSO2Con USA 2015: Revolutionizing WSO2 PaaS with Kubernetes & App FactoryWSO2Con USA 2015: Revolutionizing WSO2 PaaS with Kubernetes & App Factory
WSO2Con USA 2015: Revolutionizing WSO2 PaaS with Kubernetes & App Factory
 
2022-05-03 SoC Interest Group Meeting - Deploying and testing firmware-softwa...
2022-05-03 SoC Interest Group Meeting - Deploying and testing firmware-softwa...2022-05-03 SoC Interest Group Meeting - Deploying and testing firmware-softwa...
2022-05-03 SoC Interest Group Meeting - Deploying and testing firmware-softwa...
 
Medooze MCU Video Multiconference Server Installation and configuration guide...
Medooze MCU Video Multiconference Server Installation and configuration guide...Medooze MCU Video Multiconference Server Installation and configuration guide...
Medooze MCU Video Multiconference Server Installation and configuration guide...
 
This one goes to 11!
This one goes to 11!This one goes to 11!
This one goes to 11!
 
Revolutionizing WSO2 PaaS with Kubernetes & App Factory
Revolutionizing WSO2 PaaS with Kubernetes & App FactoryRevolutionizing WSO2 PaaS with Kubernetes & App Factory
Revolutionizing WSO2 PaaS with Kubernetes & App Factory
 
Habitat talk at CodeMonsters Sofia, Bulgaria Nov 27 2018
Habitat talk at CodeMonsters Sofia, Bulgaria Nov 27 2018Habitat talk at CodeMonsters Sofia, Bulgaria Nov 27 2018
Habitat talk at CodeMonsters Sofia, Bulgaria Nov 27 2018
 
Instalando Cacti no CentOS 5
Instalando Cacti no CentOS 5Instalando Cacti no CentOS 5
Instalando Cacti no CentOS 5
 
Open source Android 10 on Orange Pi: Meth or Reality?
Open source Android 10 on Orange Pi: Meth or Reality?Open source Android 10 on Orange Pi: Meth or Reality?
Open source Android 10 on Orange Pi: Meth or Reality?
 
FreeBSD is not Linux
FreeBSD is not LinuxFreeBSD is not Linux
FreeBSD is not Linux
 
Introduction to Docker
Introduction to DockerIntroduction to Docker
Introduction to Docker
 
#WeSpeakLinux Session
#WeSpeakLinux Session#WeSpeakLinux Session
#WeSpeakLinux Session
 
Freeradius edir
Freeradius edirFreeradius edir
Freeradius edir
 
GlassFish v3 Update Center
GlassFish v3 Update CenterGlassFish v3 Update Center
GlassFish v3 Update Center
 
OTRS
OTRSOTRS
OTRS
 
Using and Customizing the Android Framework / part 4 of Embedded Android Work...
Using and Customizing the Android Framework / part 4 of Embedded Android Work...Using and Customizing the Android Framework / part 4 of Embedded Android Work...
Using and Customizing the Android Framework / part 4 of Embedded Android Work...
 

More from WO Community

KAAccessControl
KAAccessControlKAAccessControl
KAAccessControl
WO Community
 
In memory OLAP engine
In memory OLAP engineIn memory OLAP engine
In memory OLAP engine
WO Community
 
Using Nagios to monitor your WO systems
Using Nagios to monitor your WO systemsUsing Nagios to monitor your WO systems
Using Nagios to monitor your WO systems
WO Community
 
Build and deployment
Build and deploymentBuild and deployment
Build and deployment
WO Community
 
High availability
High availabilityHigh availability
High availability
WO Community
 
Reenabling SOAP using ERJaxWS
Reenabling SOAP using ERJaxWSReenabling SOAP using ERJaxWS
Reenabling SOAP using ERJaxWS
WO Community
 
Chaining the Beast - Testing Wonder Applications in the Real World
Chaining the Beast - Testing Wonder Applications in the Real WorldChaining the Beast - Testing Wonder Applications in the Real World
Chaining the Beast - Testing Wonder Applications in the Real World
WO Community
 
D2W Stateful Controllers
D2W Stateful ControllersD2W Stateful Controllers
D2W Stateful Controllers
WO Community
 
Deploying WO on Windows
Deploying WO on WindowsDeploying WO on Windows
Deploying WO on Windows
WO Community
 
Unit Testing with WOUnit
Unit Testing with WOUnitUnit Testing with WOUnit
Unit Testing with WOUnit
WO Community
 
Life outside WO
Life outside WOLife outside WO
Life outside WO
WO Community
 
Advanced Apache Cayenne
Advanced Apache CayenneAdvanced Apache Cayenne
Advanced Apache Cayenne
WO Community
 
Migrating existing Projects to Wonder
Migrating existing Projects to WonderMigrating existing Projects to Wonder
Migrating existing Projects to Wonder
WO Community
 
iOS for ERREST - alternative version
iOS for ERREST - alternative versioniOS for ERREST - alternative version
iOS for ERREST - alternative version
WO Community
 
iOS for ERREST
iOS for ERRESTiOS for ERREST
iOS for ERREST
WO Community
 
"Framework Principal" pattern
"Framework Principal" pattern"Framework Principal" pattern
"Framework Principal" pattern
WO Community
 
Filtering data with D2W
Filtering data with D2W Filtering data with D2W
Filtering data with D2W
WO Community
 
WOver
WOverWOver
WOver
WO Community
 
Localizing your apps for multibyte languages
Localizing your apps for multibyte languagesLocalizing your apps for multibyte languages
Localizing your apps for multibyte languages
WO Community
 
WOdka
WOdkaWOdka
WOdka
WO Community
 

More from WO Community (20)

KAAccessControl
KAAccessControlKAAccessControl
KAAccessControl
 
In memory OLAP engine
In memory OLAP engineIn memory OLAP engine
In memory OLAP engine
 
Using Nagios to monitor your WO systems
Using Nagios to monitor your WO systemsUsing Nagios to monitor your WO systems
Using Nagios to monitor your WO systems
 
Build and deployment
Build and deploymentBuild and deployment
Build and deployment
 
High availability
High availabilityHigh availability
High availability
 
Reenabling SOAP using ERJaxWS
Reenabling SOAP using ERJaxWSReenabling SOAP using ERJaxWS
Reenabling SOAP using ERJaxWS
 
Chaining the Beast - Testing Wonder Applications in the Real World
Chaining the Beast - Testing Wonder Applications in the Real WorldChaining the Beast - Testing Wonder Applications in the Real World
Chaining the Beast - Testing Wonder Applications in the Real World
 
D2W Stateful Controllers
D2W Stateful ControllersD2W Stateful Controllers
D2W Stateful Controllers
 
Deploying WO on Windows
Deploying WO on WindowsDeploying WO on Windows
Deploying WO on Windows
 
Unit Testing with WOUnit
Unit Testing with WOUnitUnit Testing with WOUnit
Unit Testing with WOUnit
 
Life outside WO
Life outside WOLife outside WO
Life outside WO
 
Advanced Apache Cayenne
Advanced Apache CayenneAdvanced Apache Cayenne
Advanced Apache Cayenne
 
Migrating existing Projects to Wonder
Migrating existing Projects to WonderMigrating existing Projects to Wonder
Migrating existing Projects to Wonder
 
iOS for ERREST - alternative version
iOS for ERREST - alternative versioniOS for ERREST - alternative version
iOS for ERREST - alternative version
 
iOS for ERREST
iOS for ERRESTiOS for ERREST
iOS for ERREST
 
"Framework Principal" pattern
"Framework Principal" pattern"Framework Principal" pattern
"Framework Principal" pattern
 
Filtering data with D2W
Filtering data with D2W Filtering data with D2W
Filtering data with D2W
 
WOver
WOverWOver
WOver
 
Localizing your apps for multibyte languages
Localizing your apps for multibyte languagesLocalizing your apps for multibyte languages
Localizing your apps for multibyte languages
 
WOdka
WOdkaWOdka
WOdka
 

Recently uploaded

zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
Alex Pruden
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
Ivanti
 
“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...
“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...
“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...
Edge AI and Vision Alliance
 
What is an RPA CoE? Session 1 – CoE Vision
What is an RPA CoE? Session 1 – CoE VisionWhat is an RPA CoE? Session 1 – CoE Vision
What is an RPA CoE? Session 1 – CoE Vision
DianaGray10
 
Taking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdfTaking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdf
ssuserfac0301
 
"Choosing proper type of scaling", Olena Syrota
"Choosing proper type of scaling", Olena Syrota"Choosing proper type of scaling", Olena Syrota
"Choosing proper type of scaling", Olena Syrota
Fwdays
 
AppSec PNW: Android and iOS Application Security with MobSF
AppSec PNW: Android and iOS Application Security with MobSFAppSec PNW: Android and iOS Application Security with MobSF
AppSec PNW: Android and iOS Application Security with MobSF
Ajin Abraham
 
Leveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and StandardsLeveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and Standards
Neo4j
 
Dandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity serverDandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity server
Antonios Katsarakis
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Safe Software
 
Essentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation ParametersEssentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation Parameters
Safe Software
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
Hiroshi SHIBATA
 
Northern Engraving | Nameplate Manufacturing Process - 2024
Northern Engraving | Nameplate Manufacturing Process - 2024Northern Engraving | Nameplate Manufacturing Process - 2024
Northern Engraving | Nameplate Manufacturing Process - 2024
Northern Engraving
 
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
Edge AI and Vision Alliance
 
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing InstancesEnergy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Alpen-Adria-Universität
 
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge GraphGraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
Neo4j
 
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
Jason Yip
 
Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Biomedical Knowledge Graphs for Data Scientists and BioinformaticiansBiomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Neo4j
 
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
Jason Packer
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
panagenda
 

Recently uploaded (20)

zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
 
“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...
“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...
“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...
 
What is an RPA CoE? Session 1 – CoE Vision
What is an RPA CoE? Session 1 – CoE VisionWhat is an RPA CoE? Session 1 – CoE Vision
What is an RPA CoE? Session 1 – CoE Vision
 
Taking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdfTaking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdf
 
"Choosing proper type of scaling", Olena Syrota
"Choosing proper type of scaling", Olena Syrota"Choosing proper type of scaling", Olena Syrota
"Choosing proper type of scaling", Olena Syrota
 
AppSec PNW: Android and iOS Application Security with MobSF
AppSec PNW: Android and iOS Application Security with MobSFAppSec PNW: Android and iOS Application Security with MobSF
AppSec PNW: Android and iOS Application Security with MobSF
 
Leveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and StandardsLeveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and Standards
 
Dandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity serverDandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity server
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
 
Essentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation ParametersEssentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation Parameters
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
 
Northern Engraving | Nameplate Manufacturing Process - 2024
Northern Engraving | Nameplate Manufacturing Process - 2024Northern Engraving | Nameplate Manufacturing Process - 2024
Northern Engraving | Nameplate Manufacturing Process - 2024
 
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
 
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing InstancesEnergy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
 
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge GraphGraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
 
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
 
Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Biomedical Knowledge Graphs for Data Scientists and BioinformaticiansBiomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians
 
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
 

Deployment of WebObjects applications on FreeBSD

  • 1. WO on FreeBSD Miguel Arroz Global Village Consulting, Inc. WOWODC 2011
  • 2.
  • 4. FreeBSD overview • UNIX System • BSD License (of course!) • Supports x86, amd64, pc98 as Tier 1 • Distributed and installed via FTP, HTTP, CD/DVD, etc.
  • 5. FreeBSD overview • Integration and consistency • The same team handles the Kernel and user-land tools • Release engineering team
  • 6. Installation • Pseudo-graphical installation • Very fast, low footprint • Installs only the essential, the rest is up to you
  • 7.
  • 8. Networking • Everything you would expect from an UNIX system • Reference (KAME) IPv6 implementation
  • 9. Documentation • FreeBSD Handbook (free, on freebsd.org) • Mail-lists
  • 10. Security • Most software installs with safe default configuration • Installing a port prints a message with security information if appropriate • Easy to configure daily scan for security advisors on OS and installed ports • http://security.freebsd.org/
  • 11. Security The following files will be updated as part of updating to 7.1-RELEASE-p16: /usr/lib/libssl.a /usr/lib/libssl.so.5 /usr/lib/libssl_p.a /usr/src/crypto/openssl/ssl/s3_clnt.c /usr/src/sys/conf/newvers.sh WARNING: FreeBSD 7.1-RELEASE-p15 HAS PASSED ITS END-OF-LIFE DATE. Any security issues discovered after Tue Feb  1 00:00:00 WET 2011 will not have been corrected.
  • 12. FreeBSD versions • Major versions • May break binary and source compatibility. • Used to introduce new features, deprecate or remove unused stuff.
  • 13. FreeBSD versions • Minor versions: • Maintain binary and source compatibility (main goal) • Bug fixes, mostly • New features (usually, small ones) if baked enough
  • 14. FreeBSD versions • Security advisors and erratas: • Released for all the currently supported versions • Very easy to install, specially if you use GENERIC kernel • Fix security vulnerabilities and show-stopper bugs • Don’t break binary or source compatibility • Never introduce new features • Kernel and OS source is updated too if installed
  • 15. Release cycles • Security advisors and erratas are only made available for currently supported FreeBSD releases • The life-time of each release depends on a few factors
  • 16. Minor versions .0 .1 .2 .3 .4 Major versions 8 8.0 8.1 8.2 7 7.0 7.1 7.2 7.3 7.4 6 6.0 6.1 6.2 6.3 …
  • 17. Minor versions .0 .1 .2 .3 .4 Major versions 8 8.0 8.1-P1 8.2-P1 8.1 8.1-P2 8.2 7 7.0 7.1 7.2 7.3-P1 7.4-P2 7.3 7.3-P2 7.4-P1 7.4 7.3-P3 6 6.0 6.1 6.2 6.3 …
  • 18. Minor versions New security advisor New minor version .0 .1 .2 .3 .4 New security advisor Major versions 8 8.0 8.3 8.1 8.2-P1 8.3-P1 8.2 8.1-P1 8.2-P2 8.1-P2 8.2-P3 8.1-P3 8.1-P4 7 7.0 7.1 7.2 7.3 7.4-P1 7.4 7.3-P1 7.4-P2 7.3-P2 7.4-P3 7.3-P3 7.4-P4 7.3-P4 7.3-P5 6 6.0 6.1 6.2 6.3 …
  • 19. Updating • If using GENERIC kernel, errata or security advisor is trivial: • freebsd-update fetch • freebsd-update install • reboot • If stuff happens: • freebsd-update rollback
  • 20. Updating • Put this on cron to be warned when there’s a patch to install: • @daily root freebsd-update cron • Minor and major version updates can be done remotely, but are more complex • Check FreeBSD Handbook (24.2 - FreeBSD Update) • May need to recompile installed software • May need console access
  • 21. Installing software • Packages • Ports • Traditional UNIX way (configure, make, make install)
  • 22. Packages • Binary distributions • Usually smaller than source archives • No compilation required • Much faster, specially when there are many dependencies • pkg_add -r <package>
  • 23. Ports • Packages are compiled with conservative options (must run on all hardware). Ports can be tuned. • Ports allow compile-time options configuration. • Some software licenses force source-only distribution. • May apply local patches. • The source is with you.
  • 24. Port Tree • The port tree stays in /usr/ports • Installation using portsnap: • portsnap fetch • portsnap extract • Updating: • portsnap fetch • portsnap update
  • 25. Installing a Port • Browser for ports: http://www.freebsd.org/ports/ • Install port (typical): • cd /usr/ports/<path to port> • make install clean • make config to see configuration menu
  • 26. Updating ports • The easiest way to upgrade a port and it’s dependencies is using one of these utilities: • portupgrade • portmanager • portmaster • See Handbook (4.5.4 - Upgrading Ports)
  • 27. Port security scan • Install ports-mgmt/portaudit • After installing, FreeBSD makes daily security scans on installed ports and notifies you of any released security advisors.
  • 28. Checking for a current audit database: Database created: Wed Apr 21 03:10:01 WEST 2010 Checking for packages with security vulnerabilities: Affected package: sudo-1.7.2.5 Type of problem: sudo -- Privilege escalation with sudoedit. Reference: <http://portaudit.FreeBSD.org/1a9f678d-48ca-11df-85f8-000c29a67389.html> Affected package: gtar-1.22 Type of problem: gtar -- buffer overflow in rmt client. Reference: <http://portaudit.FreeBSD.org/c175d72f-3773-11df-8bb8-0211d880e350.html> 2 problem(s) in your installed packages found. You are advised to update or deinstall the affected package(s) immediately.
  • 29. Jails • OS-level virtualization system • More isolation than chroot, less isolation than VM • Jail has its own kernel structures, binded IPs and superuser • Can be used to test software or isolate deployed services • Can’t use a different kernel • No live-migration
  • 30. BSD Hypervisor • http://wiki.freebsd.org/201105DevSummit? action=AttachFile&do=get&target=BHyVe.pdf
  • 31. Status !  Guest –  FreeBSD/amd64 releases 7.2 and 8.1 –  SMP - up to 8 virtual cpus –  I/O - virtio or pci passthru –  Minor kernel patches required !  Host –  FreeBSD/amd64 release 8.1 –  Unmodified GENERIC kernel !  Hardware –  Requires hardware virtualization assist with Nested Page Tables –  Intel VT-x is supported –  AMD-V support in progress 3
  • 32. Init scripts • Shares a lot with Mac OS X startup items • /etc/rc.conf - switches and configurations • /etc/rc.d/<servicename> <action> • /etc/rc.d/sshd restart • /usr/local/etc/rc.d/<servicename> <action> • Scripts can specify provided and required services
  • 33. hostname="andromeda.example.com" defaultrouter="XXX.XXX.XXX.XXX" ifconfig_em0="inet X.X.X.X netmask X.X.X.X" ifconfig_em0_alias0="inet X.X.X.X netmask 255.255.255.255" ifconfig_em1="inet X.X.X.X netmask X.X.X.X" ifconfig_em1_alias0="inet X.X.X.X netmask 255.255.255.0" static_routes="service multicast" route_service="-net X.X.X.X/8 X.X.X.X" route_multicast="-net X.X.X.X X.X.X.X" sshd_enable="YES" ntpdate_enable="YES" ntpdate_flags="time.service.example.com" syslogd_enable="YES" syslogd_flags="-ss" ntpd_enable="NO"
  • 35. Kernel Tuning • File /etc/sysctl.conf: # Increase the number of maximum open file descriptors kern.maxfiles=65535 # Enough space to cache the full java launch command line, # so that we can see it in "ps" output instead of [java] kern.ps_arg_cache_limit=1024 # Limits the number of logging lines per logging rule net.inet.ip.fw.verbose_limit=5
  • 36. Java • Diablo distribution (Sun JVM) • Port java/diablo-jdk16 • Installation may include time-zone updaters and JCE Policy files • All files must be downloaded manually due to licensing • The port will guide you
  • 37. Apache • Port www/apache22
  • 38. WebObjects • Two ways to install the WO frameworks on FreeBSD: • Using the WOPort • Manually • http://wiki.objectstyle.org/confluence/display/WO/Deploying +on+FreeBSD+8.2+and+WebObjects+5.4.3
  • 40. DB Server DB Server DNS WWW Server Updates Private Public WWW Server The Internets! App Server WWW Server App Server App Server App Server
  • 41. Why? • Security • Data between wotaskd and other components • Data (RR) between adaptors and apps • Broadcasted and other custom data between apps • Hide database and other services from the public network • Save public IPs
  • 42. Why? • Ideally, you should only expose ports 80 and 443
  • 43. Network configuration • em0 with private IP • em1 with public IP • Add as much services as you can to private network
  • 44. Software configuration • On file /usr/local/etc/rc.d/wotaskd: • command_args="${log_args} -WOHost 10.1.2.3" • On JavaMonitor: • Add hosts using their private IPs • Add -WOHost argument with private IP to apps
  • 45. WOHostUtilities • WO Apps need to make sure requests for stats, shutdown, refuse new sessions, etc, are legit • Those requests must not came from web server, and their source must be localhost. • Problem is… private IPs are not considered localhost IPs by Java.
  • 46. WOHostUtilities • Use Wonder, set er.extensions.WOHostUtilities.localhostips er.extensions.WOHostUtilities.localhostips=(10.1.2.1,10.1.2.2,10.1.2.3)
  • 47. SoftLayer • Dual network configuration by default • VPN access to the private network • Free IPv6 for every server • Amazing support staff
  • 48. One small detail… • FreeBSD + Adaptec 5405 RAID card = pain • Must use firmware 17574 or newer. • SoftLayer use this cards, request updated firmware or older card.
  • 49. MONTREAL 1/3 JULY 2011 Q&A