# Apache OpenOffice for OpenIndiana (Hipster)

It’s been a long while since I’ve blogged anything on the OpenIndiana front – just a quick update regarding the recent announcement of an Apache OpenOffice package for the OpenIndiana rapid development branch, a.k.a. Hipster.

Installation from the current Hipster repository is straightforward, and aside from a rather long launch time (in the order of tens of seconds, something which definitely needs to be looked at), it opens an existing LibreOffice Writer document with absolutely no problems, retaining the customised footers, background images, and the proprietary PostScript fonts (once installed):

Great work from the various contributing developers to make this happen, and an important component of building a Nuxeo DM server based on illumos.

(EDIT: It appears there are issues with being able to save newly-created ODT-format files, whereas editing and saving existing files appears to be okay. Stay tuned.)

# heliod web server: fast then, still fast today

Quick post – as an update to my post here, Jyri Virkki has published a comprehensive set of benchmarks, comparing heliod’s out-of-the-box performance to all the other current popular HTTP servers out there. Considering the last public comparison I could find of what was then Sun Java System Web server vs Apache was in 2007, these new results are highly interesting:

“heliod had the highest throughput at every point tested in these runs. It is slightly faster than nginx at sequential requests (one client) and then pulls away.

“heliod is also quite efficient in CPU consumption. Up to four concurrent clients it is the lightest user of CPU cycles even though it produced higher throughput than all the others. At higher concurrencies, it used slightly more CPU than nginx/lighttpd although it makes up for it with far higher throughput.

“heliod was also the only server able to saturate the gigabit connection (at over 97% utilization). Given that there is 62% idle CPU left at that point, I suspect if I had more bandwidth heliod might be able to score even higher on this machine.

“These results should not be much of a surprise… after all heliod is not new, it is the same code that has been setting benchmark records for over ten years (it just wasn’t open source back then). Fast then, still fast today.

You can read the total run of tests plus information graphs at Jyri’s blog entry: http://173.255.252.27/jyri/articles/.

Incidentally, I came across a blog post from someone who was also apparently on the Sun Java System Web Server group at Sun, who states:

“Since Oracle no longer offers updates to individual users, and refuses to respond to requests for information about how an individual can acquire the updates, I have elected to stop writing about the server. If the moribund Open Web Server gets branched I will happily contribute to the pool of knowledge that exists for it.”

# System hard freezes with the AMD FX-8350

As an update to my post here, I observed seemingly random freezes on my system upgraded with the AMD FX-8350. The behaviour encountered was a total freeze of the desktop environment, no response to local keyboard nor mouse, no response to attempting to launch a virtual console, no reponse to pings over the network, and no ability to log in remotely. The only way to restore system operation was to perform a hard reset. Interestingly I could also consistently crash the system running a GraphicsMagick benchmark. Additionally, the freezes were OS-agnostic, occurring under both OpenIndiana and Ubuntu Linux.

Looking around online you can find several posts from folks on AMD Bulldozer rigs with very similar issues (such as detailed here), including a few from people who have rather alarmingly downgraded to a Phenom or Intel CPU as a “fix”, after having received advice to alternately update the motherboard BIOS, faff around with multiple BIOS settings, test and replace the RAM, power supply and hard disk, RMA-ing the new CPU (!?), and on and on and on. Most of this didn’t really add up, and similarly my problems were encountered on a system that was hitherto generally stable using an older-generation CPU (the Phenom II X6 in my case).

To cut a long story short, this quite simply turned out to be the motherboard not stably supporting the FX-8350. Although the ASRock 870iCafe 2.0 is an AM3+ compatible part and advertised as being “8 Core Ready” (to the point of specifically claiming compatibility with the FX-8350), the reality is that the latest BIOS release was in December of 2011 – a major red flag. After upgrading my motherboard to a Gigabyte GA-990FXA-UD3 with the recent F9 BIOS, the system is now stable. And yes, this is using the original PSU, RAM, graphics card etc.

For the OpenIndiana readers, the GA-990FXA-UD3 works fine, although don’t expect USB3.0 support:

# AMD “Piledriver” FX-8350 on OpenIndiana

I’ve recently acquired a brand-spanking-new AMD FX-8350 CPU as an upgrade to my Phenom II X6 box. All the recent benchmarks of this CPU seem to fairly consistently point to it being a multithreaded monster. Plus, AMD has dropped the price of the new FX CPUs compared to the original Bulldozer architecture parts – and the icing on the cake is that the upgrade path is as simple as performing a BIOS update on my budget ASRock motherboard, and swapping out the old CPU for the new. Bliss!

So, given that AMD’s Piledriver archtecture might be a bit of an unknown as far as compatibility with Illumos and OpenIndiana goes, how does it fare? Well, the system seems to boot fine and run: here is the CPU as detected by Peter Tribble’s Solview app:

8 cores, running at 4.0GHz – good. Let’s throw half a dozen VMs its way and see what happens:

CPU utilization as measured by Solview is in the foreground. I should mention that this is also with a couple of OpenIndiana Zones running: GlassFish serving up a wiki, and a local BIND resolver.

In the time since I’ve installed the CPU I’ve experienced a couple of system freezes, so I’ve disabled core power saving features in BIOS to see if that changes anything. Yes, this is a new CPU architecture on a development build of an OS, but all in all, it’s working fairly well. Assuming I can iron out any stability issues, the FX-8350 is easily an incredible bargain.

Update 1: After further investigating the system hanging issues, it’s not limited to OpenIndiana, and is also encountered with Ubuntu Linux installed. Further updates to happen as I get to the bottom of this 🙂

Update 2: See here.

# HP ProLiant ML110 G7 server – a short review

I’ve recently acquired an HP ProLiant ML110 G7 tower server for evaluating for use in a small business environment, specifically running OpenIndiana. Following are a few short notes regarding my impressions of the box.

Pros:

Price-wise, for the base spec model, in my case with the Intel Xeon E3-1220 CPU, it’s an incredible bargain (and even more so bearing in the mind the below pros). Consider that even with an 8GB RAM upgrade and dual 1TB drives it’s not that much more than say a well-specced Dell business desktop PC.

It’s built like a tank. Nothing chintzy about the materials, nothing flexes, wobbles, rattles. In short, it oozes build quality.

There is ECC RAM support – ideal for extra peace of mind when using ZFS storage arrays. On that note, OpenIndiana oi_151a7 installs and runs just fine, with no driver nor hardware issues out of the box. Installing KVM on OpenIndiana, and installing and booting guest VMs poses no problem – it “just works”.

Dual Gigabit Ethernet ports are standard.

A Lights Out Manager is also included as standard. Sadly, the remote console functionality is a paid extra, but the included remote power management and monitoring functionality is quite impressive.

Cons:

Remote console, remote virtual media and other LOM options are sadly licensed extras. Unless you pay extra for this expect to potentially be making site visits from time to time. Kinda wish HP would just throw this in with the LOM as standard – Sun did, for instance.

There is nothing much in the way of physical redundancy for the server in its base spec.

One review made mention of the ML110’s quiet operation and how it would not be noticed in an office environment. Well, unless your office happens to be on the factory floor of an air conditioning manufacturing plant, you’re going to notice this thing…

Maximum physical RAM capacity is 16GB, which is a tad on the small size.

And although I haven’t checked, extending the warranty out from the standard one year period would probably cost a fair bit.

# heliod – Oracle iPlanet Web Server forked as open source

Prior to the Oracle acquisition, I used to be a fan of Sun Microsystems’ web server product, Sun Java System Web Server. It had serious enterprise lineage, a terrific web admin BUI which beat the pants off Apache, and was free, free, freeeee. Needless to say, that all changed once Oracle bungled onto the scene, along with a whole bunch of other stuff.

A little known fact however is that Sun had open-sourced the core of their web server prior to Oracle taking over, releasing it as the Sun Open Web Server. But other than a few headlines at the time of the announcement (such as here) everything went very quiet shortly after – and no doubt I am sure due to Oracle not wanting to advertise the zero-cost availability of the guts of their “re-branded” megabucks flagship web server, now known as Oracle iPlanet Web Server.

So, imagine my surprise to find that one of the original engineers behind Sun Open Web Server (Jyri Virkki) has forked the code open-sourced those three or so years ago and is now actively developing it. Yes, it lives, and is known as heliod web server:

http://173.255.252.27/jyri/articles/index.php/web-server/

Francois Dion has a great write-up here as well:

http://solarisdesktop.blogspot.co.nz/2012/09/netscape-sun-oracle-no-heliod-web-server.html

Attempting to launch heliod on OpenIndiana oi_151a x86, I was met with the following error:

$./bin/startserv ld.so.1: parsexml: fatal: libicui18n.so.3: open failed: No such file or directory ./bin/startserv: line 63: 12686: Killed failure: temporary directory is not writable by user root  This is due to the library/icu package not being present – so install it if it’s missing and it’ll start up fine: $ ./bin/startserv &
[1]	3692
dave@mymachine:/opt/heliod/https-testserver$heliod Web Server 0.1 B03/08/2011 21:59 info: CORE3016: daemon is running info: HTTP3072: http-listener-1: http://mymachine:80 ready to accept requests info: CORE3274: successful server startup  # Mac OS X killed the Linux desktop? I must have missed the memo (and so did Google)… Bizarre little opinion piece by Miguel de Icaza proclaiming the death of the Linux desktop. A little excerpt: True story. The hard disk that hosted my /home directory on my Linux machine failed so I had to replace it with a new one. Since this machine lives under my desk, I had to unplug all the cables, get it out, swap the hard drives and plug everything back again. Pretty standard stuff. Plug AC, plug keyboard, plug mouse but when I got to the speakers cable, I just skipped it. Why bother setting up the audio? It will likely break again and will force me to go on a hunting expedition to find out more than I ever wanted to know about the new audio system and the driver technology we are using….” Here’s my true story. I have a number of Ubuntu Linux desktops, and all are a joy to use. Ubuntu Linux has been fast and stable. The Unity interface is quite lovely (after some initial reservations). Software package installation is incredibly slick (and has been for years), and I couldn’t be happier with the quality of desktop applications. And I’ve never had a problem with audio support either for that matter. I switched from Mac OS late in 2007, partly because the money I was paying for the privilege wasn’t delivering in the areas where Ubuntu excels – and its ties to proprietary hardware (or beyond proprietary as Scott McNealy would say) generally make it a proposition for the well moneyed. I’ve maintained hundreds and hundreds of desktop Windows and Mac OS computers in my time, so I’ve got a fairly good handle on the pros and cons of each, especially with regard to stability and ease of use. Is Ubuntu a superior desktop OS to Windows? No question. Even if Microsoft were to drop the price of Windows to zero (as if) it would still be an average product. Is Ubuntu comparable to Mac OS X, for common productivity and entertainment activities? Absolutely, especially in its current LTS incarnation. So: I’m not sure where I’m going wrong, but Ubuntu has been nothing short of a fantastic desktop OS for me. The irony is that I don’t use it on the server, preferring Illumos/OpenIndiana due to a number of compelling advantages from its OpenSolaris roots. Why does the author feel the need to make negative comparisons to Mac OS? Why even bring up the old bugbear of Linux on the desktop at all? I think I hear an axe being ground. Incidentally, Google apparently didn’t get the author’s memo either… http://www.zdnet.com/the-truth-about-goobuntu-googles-in-house-desktop-ubuntu-linux-7000003462/ # LDAP secondary group memberships with OpenDJ and Ubuntu 12.04 As a follow-up to this post, let’s now configure OpenDJ and Ubuntu to use LDAP for assigning secondary groups to user accounts. This is a quick guide intended for testing only, and we are assuming the setup here has been followed. One change is that we are using Ubuntu 12.04 x86 as the client system. First, let’s create a new test group in OpenDJ. We assign it the structural object class namedObject, and the auxiliary object class posixGroup. The group GID number is 130, and we add a memberUid entry, with the UID of an existing LDAP account: Now, on our test Ubuntu 12.04 x86 client, we modify /etc/ldap.conf, adding the following entry: nss_schema rfc2307bis  This enables rfc2307bis LDAP schema support for PAM (OpenDJ uses the rfc2307bis schema by default). Next, again in /etc/ldap.conf we uncomment the nss_base_group setting in the section headed with the comment “RFC2307bis naming contexts”, and give it the value as shown: nss_base_group ou=Groups,dc=example,dc=co,dc=nz  Obviously you would modify the domain components to suit. We now restart the nscd service, and verify that the secondary group information can be retrieved for an LDAP user: itadmin@turrican2:/etc$ sudo /etc/init.d/nscd restart
* Restarting Name Service Cache Daemon nscd                             [ OK ]
itadmin@turrican2:/etc$itadmin@turrican2:/etc$ id davek
uid=1004(davek) gid=50(staff) groups=130(testgroup),50(staff)


We can see that the secondary group testgroup with the GID number of 130 is successfully retrieved from LDAP for this user.

# Enable secure LDAP container based authentication with JSPWiki

A quick follow up on my post here. I will describe below the steps needed to enable secure LDAP authentication (both LDAPS and HTTPS). This is not intended for production use, obviously.

I’m using the same platform and environment described here, and also using this as the starting point for the following.

Verify that the LDAPS connection handler is enabled in OpenDJ

This can be checked using the OpenDJ Control Panel GUI, and modified if necessary using the CLI dsconfig utility.

Switch to the secure LDAP port in the GlassFish JSPWiki security realm

Make sure you are using the ldaps:// URL prefix, and specify the secure port number (1636 in this example):

Enable security for the relevant GlassFish HTTP network listener port

Our JSPWiki application is listening over port 8080, configured in GlassFish under http-listener-1. Enable security for this port:

Enable HTTPS connections to JSPWiki

This is performed via modification of the JSPWiki web.xml file. In a default state, the web.xml file contains the following entries which enable the use of SSL connections:

<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>


Ensure these exist in web.xml under the container managed authentication section.

Export the OpenDJ SSL certificate and import it into the JSPWiki JKS keystore

The keytool CLI utility is used for this step.

First, we export the OpenDJ certificate (which has a default alias of server-cert) to a file:

dave@mymachine:~/OpenDJ/config$pfexec keytool -export -alias "server-cert" -keystore ~/OpenDJ/config/keystore -file /tmp/server-cert.cer Enter keystore password: Certificate stored in file </tmp/server-cert.cer>  Next, we import the certificate file into the keystore of the GlassFish domain running our instance of JSPWiki, which in this example is at /opt/glassfishv3/glassfish/domains/domain1/config/cacerts.jks: dave@mymachine:~/OpenDJ/config$ pfexec keytool -import -v -trustcacerts -alias "server-cert" -keystore /opt/glassfishv3/glassfish/domains/domain1/config/cacerts.jks -file /tmp/server-cert.cer
Owner: CN=mymachine, O=OpenDS Self-Signed Certificate
Issuer: CN=mymachine, O=OpenDS Self-Signed Certificate
Serial number:
Valid from:
Certificate fingerprints:
MD5:
SHA1:
Signature algorithm name: SHA1withRSA
Version: 3
Trust this certificate? [no]:  yes
[Storing /opt/glassfishv3/glassfish/domains/domain1/config/cacerts.jks]


Modify the jspwiki.baseURL value

This is required as the URL prefix will have changed from http:// to https://. This modification is performed in the jspwiki.properties file.

Assuming my existing jspwiki.baseURL value is:

http://192.168.1.1:8080/ITProjects/


This would need to be changed to:

https://192.168.1.1:8080/ITProjects/


Restart the GlassFish domain, and test LDAP logins…

# Importing Firefox RSS bookmarks into Thunderbird

(This guide has been updated for Thunderbird version 31.2.0, running on Ubuntu 14.04.)

Although I’ve tended to use Firefox to subscribe to RSS feeds via its Live Bookmarks feature, turns out Thunderbird can import Firefox bookmarks with the help of a third-party add-on. In this way, you can use Thunderbird to subscribe to any number of your existing Firefox bookmarked RSS feeds, without otherwise having to manually subscribe to each one in turn.

Install the add-on in the normal way, and restart Firefox. After restarting, go to “Bookmarks -> Show All Bookmarks” where you will observe new “OPML” entries under the “Import and Backup” menu. We want to select the “Export OPML…” command:

I have used the following export settings:

Save the resulting .opml file somewhere convenient.

I have noticed that the OPML file in its present state doesn’t appear to successfully import a flat listing of RSS feeds into Thunderbird, without first performing the following edits. Our unmodified example .opml file contains the following (we’ve only got a few RSS feeds to export for this particular example):

<?xml version="1.0" encoding="UTF-8"?>
<opml version="1.0">
<title><![CDATA[Live Bookmarks OPML Export]]></title>
<dateCreated>Tue Oct 15 2013 00:38:07 GMT+1300 (NZDT)</dateCreated>
<body>
</outline>
<outline text="Bookmarks Toolbar">
</outline><outline text="Unfiled Bookmarks">
</outline></body>
</opml>


We can see here references to the “Bookmarks Menu”, “Bookmarks Toolbar” and “Unfiled Bookmarks” folders, with accompanying opening and closing outline tags. These references and their attendant tags can be removed, leaving just the feed information intact. For example, compare the above example with the following modified file:

<?xml version="1.0" encoding="UTF-8"?>
<opml version="1.0">
<title><![CDATA[Live Bookmarks OPML Export]]></title>
<dateCreated>Tue Oct 15 2013 00:38:07 GMT+1300 (NZDT)</dateCreated>
<body>
</body>
</opml>


The file is then ready to be imported into Thunderbird.

Next, in Thunderbird go to the “Account Settings…” window, and add another account. The account type should be set to “Feed Accout…”:

Accept the default account name, and finish the process:

Now, go back to the Thunderbird “Account Settings…” window where you will see the newly added account. Select the account, and click on the “Manage Subscriptions…” button.

Here we will finally import our Firefox RSS feed bookmarks. Click on the “Import” button, and locate the OPML file you exported and modified: