Getting Graylog onto the internet

A while back I had made a small post about getting Graylog running on Windows. It was fun, as it’s just JAVA so you know it should be portable, and other than some weird disk access thing it does seem to run fine.

Of course, the next step is to create a dashboard to replace what I used on wp-statistics, as it was crashing taking up 100% of my CPU, and exceeding PHP’s 12GB of RAM per process limit. You know things are messed up when I’m replacing you with not one, but 2 Java apps! (Graylog & Opensearch).

magical dashboard

It’s by no means perfect, but the guide How to se -up graylog geoip configuration, is all around great to have. The rest of it is me learning how to do aggregate searches, and simple lists, to see latest hits, 404’s and count the pages and build a graph.

Again, this is all good, now for the real question, how to get this onto the Internet?!

The firs thing to do is enable cors.. It’s for being on the internet!

http_enable_cors = true

Next enable the external URI name

http_external_uri = https://dash.board.com/

And now the changes I had to make in my haproxy config

frontend http-in
        acl host_graylog hdr(host) -i dash.board.com
        http-request set-uri %[path,regsub(/api/api,/api)] if host_graylog
        use_backend graylog if host_graylog

backend graylog
        option forwardfor
        http-request add-header X-Forwarded-Host %[req.hdr(host)]

        acl bad_ct path_end .js
        http-response set-header Content-Type application/javascript if bad_ct

        http-request set-header X-Graylog-Server-URL http://192.168.33.5:9000
        server graylog 192.168.23.33:9000 maxconn 20 check

I kind of wish I saved the logs while going crazy but YES for some reason it’ll try to reference itself as /api/api. I don’t know why, so I had to do some uri regex to fix that. Neat!

Next for some reason Graylog responds that all .js (javascript) files are actually text. Chrome doesn’t allow that to work, so yes you need to set the content type header to “application/javascript” for Chrome to be happy.

I had wasted over an hour with this and couldn’t get it working. So, I walked away for a few hours, and it suddenly was working. I think Cloudflare was doing some caching against it.

This is probably too terse to be really useful, and I lost all the pages I was reading about setting stuff in haproxy as I was doing that incognito. Oops. I picked this config out of fragments from five other people’s stuff. There is other considerations to host it on a subdirectory of a public site, but I just wanted to K.I.S.S.

Running Graylog on Windows

For those who don’t know Graylog is a neat little event logging aggregate & search utility. Of course when I say ‘little’ its kinda on the massive size. It’s one of them new age web two-point-oh things, that of course has a few interesting dependencies.

  • MongoDB
  • OpenSearch

While I was looking at doing a deployment elsewhere, I went to get the latest versions directly from the vendors instead of relying on apt/yum/whatever. And much to my surprise, both Mongo & OpenSearch both have native Win64 versions! What a great time! Of course these will change, but for now

I’ve stashed a copy over on archive.org if anyone is insane enough to try this. One thing as of Graylog 5.xx is that it does say to stick with a MongoDB v6. So that’s what I did.

MongoDB

One thing to keep in mind is that the MongoDB is used for the configuration of the cluster, as Graylog is usually configured in a HA cluster, but there doesn’t need to be such an emphasis on the MongoDB as the size of the database isn’t so massive.

MongoDB Compass

MongDB has a nice UI Compass, for exploring stuff. Although browsing around you’ll see it really is just system config stuff. So you won’t be needing some 100GB array for this stuff, more so VM’s for clustering it out if you want to go all high availability.

There isn’t much to say about the MongoDB install, just set it to a drive that you want.

Of course set it up as a service, make the user if needed/desired (I did!). I went one step further and compressed the data directory since it’s on NTFS. I don’t think it mattered too much, its been a few days and it’s only 300MB give or take. The graylog dataset is very tiny as mentioned it’s just the configuration, so it wont be that much.

After the install is done, start the service, and you can then launch Compass, and you should be able to connect to your local database. And that’s it!

OpenSearch

OpenSearch is where all the ‘magic’ happens, where the data gets written, along with where your searches through the logs run. If you want to emphasis something, this is it.

OpenSearch didn’t have an install program, rather just a batch file to run and start it. There is a opensearch-service.bat file to install the service.

Install the opensearch service

There are a few config changes I had to make:

cluster.name: graylog
http.port: 9200
plugins.security.disabled: true

After those changes to config\opensearch.yml you can install and run the service. You can then hit the service via http as http://127.0.0.1:9200 and you should get something similar to this.

OpenSearch up and running

Graylog

As you may have seen from the downloads there is no Windows version of Graylog available for download. HOWEVER it’s a JAVA app. So other than one weird Unixisim of where to keep the config file, it’s just a java thing.

I did need a Linux install to set the required passwords. Although for this sake I used the admin/admin for maximum security, so you can always just work this diff into the server.conf file.

--- graylog.conf.example        2023-11-15 09:05:28.000000000 +0000
+++ server.conf 2023-11-30 21:53:13.580405300 +0000
@@ -54,10 +54,10 @@
 # Generate one by using for example: pwgen -N 1 -s 96
 # ATTENTION: This value must be the same on all Graylog nodes in the cluster.
 # Changing this value after installation will render all user sessions and encrypted values in the database invalid. (e.g. encrypted access tokens)
-password_secret =
+password_secret = ihEUzuJNJOOIVYaNB29ZHZimi438NxKKzSys5UH6O9CoE7jfsrygCbuzzLzkK6hk0xdDb6e8wyAmTNhD7g9JMNZHXr1q40Ps

 # The default root user is named 'admin'
-#root_username = admin
+root_username = admin

 # You MUST specify a hash password for the root user (which you only need to initially set up the
 # system and in case you lose connectivity to your authentication backend)
@@ -65,7 +65,7 @@
 # modify it in this file.
 # Create one by using for example: echo -n yourpassword | shasum -a 256
 # and put the resulting hash value into the following line
-root_password_sha2 =
+root_password_sha2 = 8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918

 # The email address of the root user.
 # Default is empty
@@ -102,7 +102,7 @@
 # If the port is omitted, Graylog will use port 9000 by default.
 #
 # Default: 127.0.0.1:9000
-#http_bind_address = 127.0.0.1:9000
+http_bind_address = 192.168.1.5:9000
 #http_bind_address = [2001:db8::1]:9000

 #### HTTP publish URI
@@ -192,6 +192,7 @@
 #
 # Default: http://127.0.0.1:9200
 #elasticsearch_hosts = http://node1:9200,http://user:password@node2:19200
+elasticsearch_hosts = http://127.0.0.1:9200

 # Maximum number of attempts to connect to elasticsearch on boot for the version probe.
 #
@@ -489,7 +490,9 @@
 #auto_restart_inputs = true

 # Enable the message journal.
-message_journal_enabled = true
+# message_journal_enabled = true
+# https://github.com/Graylog2/graylog2-server/issues/12949#issuecomment-1219146839
+message_journal_enabled = false

 # The directory which will be used to store the message journal. The directory must be exclusively used by Graylog and
 # must not contain any other files than the ones created by Graylog itself.

There is a few weird things in this config, The first one being the bind address to the external NIC, the elasticsearch_hosts being set to http as we ended up removing the SSL as Graylog didn’t like the self signed certs. However, since it’s all loopback traffic on the same machine, it does seem a bit silly to be encrypting to yourself. The other weird gotcha was message_journal_enabled, which fails after a few hours on both WSLv1 & a Win64 native. I don’t know why but it’s a common problem on non EXT2FS based filesystems, and sadly the solution everywhere is just turn it off.

Starting Graylog is kind of easy once you work out the CLI from the Linux script, using the JVM from OpenSearch. Take note of the log4j2, the one from that big deal vulnerability in all the fancy web apps.

\opensearch\jdk\bin\java.exe -Dlog4j2.formatMsgNoLookups=true ^
 -Djdk.tls.acknowledgeCloseNotify=true ^
 -Xms1g -Xmx1g -XX:+UseG1GC ^
 -XX:-OmitStackTraceInFastThrow ^
 -jar graylog.jar server -f server.conf ^
 -p graylog.pid 

I run this manually. With any luck you’ll see it connect to the databases and go live!

2023-12-02 15:37:37,749 INFO : org.mongodb.driver.cluster - Monitor thread successfully connected to server with description ServerDescription{address=localhost:27017, type=STANDALONE, state=CONNECTED, ok=true, minWireVersion=0, maxWireVersion=17, maxDocumentSize=16777216, logicalSessionTimeoutMinutes=30, roundTripTimeNanos=29209200}
2023-12-02 15:37:45,518 INFO : org.graylog2.storage.providers.ElasticsearchVersionProvider - Elasticsearch cluster is running OpenSearch:2.11.0
2023-12-02 15:37:48,593 INFO : org.graylog2.bootstrap.ServerBootstrap - Graylog server 5.2.1+4337e8c starting up
2023-12-02 15:37:48,594 INFO : org.graylog2.bootstrap.ServerBootstrap - JRE: Eclipse Adoptium 17.0.8 on Windows 10 10.0
2023-12-02 15:37:48,594 INFO : org.graylog2.bootstrap.ServerBootstrap - Deployment: unknown
2023-12-02 15:37:48,595 INFO : org.graylog2.bootstrap.ServerBootstrap - OS: Windows 10
2023-12-02 15:37:48,595 INFO : org.graylog2.bootstrap.ServerBootstrap - Arch: amd64
2023-12-02 15:37:48,694 INFO : org.graylog2.bootstrap.ServerBootstrap - Running 67 migrations...

And from there you ought to be ready to run!?

I don’t want to re-install but it should offer a chance to setup the self signed certificate maintenance, and then you are dumped into the system. One nice thing on Windows is you can create UDP 514 Syslog captures with no silly port reflection. Although you could run them in WSLv1 or VM’s entirely by having all of this as native Win64 makes the memory and performance overhead much lower.

Apache

I use graylog to capture my blog’s Apache stats.

In my apache site config under the logging I added this:

LogFormat "{ \"version\": \"1.1\", \"host\": \"%V\", \"short_message\": \"%r\", \"timestamp\": %{%s}t, \"level\": 6, \"_user_agent\": \"%{User-Agent}i\", \"_source_ip\": \"%a\", \"_duration_usec\": %D, \"_duration_sec\": %T, \"_request_size_byte\": %O, \"_http_status_orig\": %s, \"_http_status\": %>s, \"_http_request_path\": \"%U\", \"_http_request\": \"%U%q\", \"_http_method\": \"%m\", \"_http_referer\": \"%{Referer}i\", \"_from_apache\": \"true\" }" graylog_access

CustomLog "|/usr/bin/nc -u 127.0.0.1 12201" graylog_access

Of course, keeping in mind that I do front with Cloudflare, so the source_ip will probably be different for you. Netcat does the job nicely, and since it’s WSLv1 all the TCP/IP is unified so it can intermix just fine.

GELF UDP

Setting up the input as the stock boring GELF-UDP was a snap, and in no time apache is now sending the access log to Graylog in GELF, and all is well. It’s great!

I know that my setup is.. far from normal, and I do have quite a few VM’s but this old machine is more than capable of hosting this site, a few others, along with the overhead of Graylog.

IBM Xeon workstation

Would I recommend this in production? I have to think that since so much of this is now available on native Win64 that at least 2/3rd of it is capable. I’m not to worried about the potential of Graylog dropping data if the host is interrupted as everything else is here. I can understand if other people have very different thoughts on that. Not everyone wants to run a 90’s datacentre on some old machine tucked under the Christmas Tree, but I guess I’m weird enough to do so.

I suppose the where to go from here, is to get everything else logging to graylog so I can build dashboards, and reports. But that sounds like a lot of work, and at the moment I think this is a good enough place to stop. I should add that it’s been running for nearly 2 days now, so that’s good enough for prime time right? RIGHT?!

Minecraft on the loongson-3A4000 / Lemote A1901

It runs!

This was a bit more work than I had anticipated. However flygoat had done much of the legwork for me. The first thing to get is flygoat’s mc-loongson.zip. I made a local download as I suspect many will not have QQ or WeChat (Or don’t want to admit to the government that you are downloading this…).

I’m not sure if it’s a MIPS thing or a UOS thing, but it had Java 11.0.4 in by default, which is CRAZY slow

$ /usr/lib/jvm/java-1.11.0-openjdk-mips64el/bin/java -version
openjdk version "11.0.4" 2019-07-16
OpenJDK Runtime Environment (build 11.0.4+11-post-Debian-1deb10u1)
OpenJDK 64-Bit Zero VM (build 11.0.4+11-post-Debian-1deb10u1, interpreted mode)

I installed version 8, but they are ‘in parallel’ in different directories… I guess it’s the .net hell drift all over again. Although to be fair I’ve only dealt with vendor installed java on Linux where it’s all fixed to single versions.

/usr/lib/jvm/java-1.11.0-openjdk-mips64el/bin/java --module-path /usr/share/openjfx/lib --add-modules=javafx.controls,javafx.fxml,javafx.base,javafx.media,javafx.web,javafx.swing -jar HMCL-3.2.139.jar

One annoying thing is that it cannot find JavaFX over and over despite it being installed, so I had to manually add the ‘module-path’. This is the syntax for version 11, I’m not all that sure on the version 8 syntax.

$ /usr/lib/jvm/java-8-openjdk-mips64el/bin/java -version
openjdk version "1.8.0"
OpenJDK Runtime Environment (Loongson 8.1.3-mips64r2-uos) (build 1.8.0-1.8.0.212-2deepin-b00)
OpenJDK 64-Bit Server VM (build 25.71-b00, mixed mode)

I changed the /etc/alternatives/java to point to version 8, which although causes the launcher to crash launching the actual exe, it’s trivial enough to change it to version 8. Although the command is… unwieldy but save it to a shell script.

I’m sure it won’t paste well, but here we go.. and it’s in my homedir sooo here we go!

/usr/lib/jvm/java-8-openjdk-mips64el/bin/java “-Dminecraft.client.jar=.minecraft/versions/1.15.2/1.15.2.jar” “-Duser.home=null” -XX:+UnlockExperimentalVMOptions -XX:+UseG1GC “-XX:G1NewSizePercent=20” “-XX:G1ReservePercent=20” “-XX:MaxGCPauseMillis=50” “-XX:G1HeapRegionSize=16M” -XX:-UseAdaptiveSizePolicy -XX:-OmitStackTraceInFastThrow -Xmn128m -Xmx7936m “-Dfml.ignoreInvalidMinecraftCertificates=true” “-Dfml.ignorePatchDiscrepancies=true” “-Djava.library.path=/home/neozeed/mc-loongson/.minecraft/versions/1.15.2/1.15.2-natives” “-Dminecraft.launcher.brand=HMCL” “-Dminecraft.launcher.version=3.2.139” -cp /home/neozeed/mc-loongson/.minecraft/libraries/com/mojang/patchy/1.1/patchy-1.1.jar:/home/neozeed/mc-loongson/.minecraft/libraries/oshi-project/oshi-core/1.1/oshi-core-1.1.jar:/home/neozeed/mc-loongson/.minecraft/libraries/net/java/dev/jna/jna/4.4.0/jna-4.4.0.jar:/home/neozeed/mc-loongson/.minecraft/libraries/net/java/dev/jna/platform/3.4.0/platform-3.4.0.jar:/home/neozeed/mc-loongson/.minecraft/libraries/com/ibm/icu/icu4j/66.1/icu4j-66.1.jar:/home/neozeed/mc-loongson/.minecraft/libraries/com/mojang/javabridge/1.0.22/javabridge-1.0.22.jar:/home/neozeed/mc-loongson/.minecraft/libraries/net/sf/jopt-simple/jopt-simple/5.0.3/jopt-simple-5.0.3.jar:/home/neozeed/mc-loongson/.minecraft/libraries/io/netty/netty-all/4.1.25.Final/netty-all-4.1.25.Final.jar:/home/neozeed/mc-loongson/.minecraft/libraries/com/google/guava/guava/21.0/guava-21.0.jar:/home/neozeed/mc-loongson/.minecraft/libraries/org/apache/commons/commons-lang3/3.5/commons-lang3-3.5.jar:/home/neozeed/mc-loongson/.minecraft/libraries/commons-io/commons-io/2.5/commons-io-2.5.jar:/home/neozeed/mc-loongson/.minecraft/libraries/commons-codec/commons-codec/1.10/commons-codec-1.10.jar:/home/neozeed/mc-loongson/.minecraft/libraries/net/java/jinput/jinput/2.0.5/jinput-2.0.5.jar:/home/neozeed/mc-loongson/.minecraft/libraries/net/java/jutils/jutils/1.0.0/jutils-1.0.0.jar:/home/neozeed/mc-loongson/.minecraft/libraries/com/mojang/brigadier/1.0.17/brigadier-1.0.17.jar:/home/neozeed/mc-loongson/.minecraft/libraries/com/mojang/datafixerupper/4.0.26/datafixerupper-4.0.26.jar:/home/neozeed/mc-loongson/.minecraft/libraries/com/google/code/gson/gson/2.8.0/gson-2.8.0.jar:/home/neozeed/mc-loongson/.minecraft/libraries/com/mojang/authlib/1.6.25/authlib-1.6.25.jar:/home/neozeed/mc-loongson/.minecraft/libraries/org/apache/commons/commons-compress/1.8.1/commons-compress-1.8.1.jar:/home/neozeed/mc-loongson/.minecraft/libraries/org/apache/httpcomponents/httpclient/4.3.3/httpclient-4.3.3.jar:/home/neozeed/mc-loongson/.minecraft/libraries/commons-logging/commons-logging/1.1.3/commons-logging-1.1.3.jar:/home/neozeed/mc-loongson/.minecraft/libraries/org/apache/httpcomponents/httpcore/4.3.2/httpcore-4.3.2.jar:/home/neozeed/mc-loongson/.minecraft/libraries/it/unimi/dsi/fastutil/8.2.1/fastutil-8.2.1.jar:/home/neozeed/mc-loongson/.minecraft/libraries/org/apache/logging/log4j/log4j-api/2.8.1/log4j-api-2.8.1.jar:/home/neozeed/mc-loongson/.minecraft/libraries/org/apache/logging/log4j/log4j-core/2.8.1/log4j-core-2.8.1.jar:/home/neozeed/mc-loongson/.minecraft/libraries/org/lwjgl/lwjgl/3.2.2/lwjgl-3.2.2.jar:/home/neozeed/mc-loongson/.minecraft/libraries/org/lwjgl/lwjgl-jemalloc/3.2.2/lwjgl-jemalloc-3.2.2.jar:/home/neozeed/mc-loongson/.minecraft/libraries/org/lwjgl/lwjgl-openal/3.2.2/lwjgl-openal-3.2.2.jar:/home/neozeed/mc-loongson/.minecraft/libraries/org/lwjgl/lwjgl-opengl/3.2.2/lwjgl-opengl-3.2.2.jar:/home/neozeed/mc-loongson/.minecraft/libraries/org/lwjgl/lwjgl-glfw/3.2.2/lwjgl-glfw-3.2.2.jar:/home/neozeed/mc-loongson/.minecraft/libraries/org/lwjgl/lwjgl-stb/3.2.2/lwjgl-stb-3.2.2.jar:/home/neozeed/mc-loongson/.minecraft/libraries/org/lwjgl/lwjgl-tinyfd/3.2.2/lwjgl-tinyfd-3.2.2.jar:/home/neozeed/mc-loongson/.minecraft/libraries/com/mojang/text2speech/1.11.3/text2speech-1.11.3.jar:/home/neozeed/mc-loongson/.minecraft/libraries/com/ibm/icu/icu4j-core-mojang/51.2/icu4j-core-mojang-51.2.jar:/home/neozeed/mc-loongson/.minecraft/libraries/org/lwjgl/lwjgl/3.2.2/lwjgl-3.2.2.jar:/home/neozeed/mc-loongson/.minecraft/libraries/org/lwjgl/lwjgl-jemalloc/3.2.2/lwjgl-jemalloc-3.2.2.jar:/home/neozeed/mc-loongson/.minecraft/libraries/org/lwjgl/lwjgl-openal/3.2.2/lwjgl-openal-3.2.2.jar:/home/neozeed/mc-loongson/.minecraft/libraries/org/lwjgl/lwjgl-opengl/3.2.2/lwjgl-opengl-3.2.2.jar:/home/neozeed/mc-loongson/.minecraft/libraries/org/lwjgl/lwjgl-glfw/3.2.2/lwjgl-glfw-3.2.2.jar:/home/neozeed/mc-loongson/.minecraft/libraries/org/lwjgl/lwjgl-stb/3.2.2/lwjgl-stb-3.2.2.jar:/home/neozeed/mc-loongson/.minecraft/libraries/org/lwjgl/lwjgl-tinyfd/3.2.2/lwjgl-tinyfd-3.2.2.jar:/home/neozeed/mc-loongson/.minecraft/versions/1.15.2/1.15.2.jar “-Djava.library.path=/home/neozeed/mc-loongson/.minecraft/versions/1.15.2/1.15.2-natives” “-Dminecraft.launcher.brand=HMCL” “-Dminecraft.launcher.version=3.2.139” -cp /home/neozeed/mc-loongson/.minecraft/libraries/com/mojang/patchy/1.1/patchy-1.1.jar:/home/neozeed/mc-loongson/.minecraft/libraries/oshi-project/oshi-core/1.1/oshi-core-1.1.jar:/home/neozeed/mc-loongson/.minecraft/libraries/net/java/dev/jna/jna/4.4.0/jna-4.4.0.jar:/home/neozeed/mc-loongson/.minecraft/libraries/net/java/dev/jna/platform/3.4.0/platform-3.4.0.jar:/home/neozeed/mc-loongson/.minecraft/libraries/com/ibm/icu/icu4j/66.1/icu4j-66.1.jar:/home/neozeed/mc-loongson/.minecraft/libraries/com/mojang/javabridge/1.0.22/javabridge-1.0.22.jar:/home/neozeed/mc-loongson/.minecraft/libraries/net/sf/jopt-simple/jopt-simple/5.0.3/jopt-simple-5.0.3.jar:/home/neozeed/mc-loongson/.minecraft/libraries/io/netty/netty-all/4.1.25.Final/netty-all-4.1.25.Final.jar:/home/neozeed/mc-loongson/.minecraft/libraries/com/google/guava/guava/21.0/guava-21.0.jar:/home/neozeed/mc-loongson/.minecraft/libraries/org/apache/commons/commons-lang3/3.5/commons-lang3-3.5.jar:/home/neozeed/mc-loongson/.minecraft/libraries/commons-io/commons-io/2.5/commons-io-2.5.jar:/home/neozeed/mc-loongson/.minecraft/libraries/commons-codec/commons-codec/1.10/commons-codec-1.10.jar:/home/neozeed/mc-loongson/.minecraft/libraries/net/java/jinput/jinput/2.0.5/jinput-2.0.5.jar:/home/neozeed/mc-loongson/.minecraft/libraries/net/java/jutils/jutils/1.0.0/jutils-1.0.0.jar:/home/neozeed/mc-loongson/.minecraft/libraries/com/mojang/brigadier/1.0.17/brigadier-1.0.17.jar:/home/neozeed/mc-loongson/.minecraft/libraries/com/mojang/datafixerupper/4.0.26/datafixerupper-4.0.26.jar:/home/neozeed/mc-loongson/.minecraft/libraries/com/google/code/gson/gson/2.8.0/gson-2.8.0.jar:/home/neozeed/mc-loongson/.minecraft/libraries/com/mojang/authlib/1.6.25/authlib-1.6.25.jar:/home/neozeed/mc-loongson/.minecraft/libraries/org/apache/commons/commons-compress/1.8.1/commons-compress-1.8.1.jar:/home/neozeed/mc-loongson/.minecraft/libraries/org/apache/httpcomponents/httpclient/4.3.3/httpclient-4.3.3.jar:/home/neozeed/mc-loongson/.minecraft/libraries/commons-logging/commons-logging/1.1.3/commons-logging-1.1.3.jar:/home/neozeed/mc-loongson/.minecraft/libraries/org/apache/httpcomponents/httpcore/4.3.2/httpcore-4.3.2.jar:/home/neozeed/mc-loongson/.minecraft/libraries/it/unimi/dsi/fastutil/8.2.1/fastutil-8.2.1.jar:/home/neozeed/mc-loongson/.minecraft/libraries/org/apache/logging/log4j/log4j-api/2.8.1/log4j-api-2.8.1.jar:/home/neozeed/mc-loongson/.minecraft/libraries/org/apache/logging/log4j/log4j-core/2.8.1/log4j-core-2.8.1.jar:/home/neozeed/mc-loongson/.minecraft/libraries/org/lwjgl/lwjgl/3.2.2/lwjgl-3.2.2.jar:/home/neozeed/mc-loongson/.minecraft/libraries/org/lwjgl/lwjgl-jemalloc/3.2.2/lwjgl-jemalloc-3.2.2.jar:/home/neozeed/mc-loongson/.minecraft/libraries/org/lwjgl/lwjgl-openal/3.2.2/lwjgl-openal-3.2.2.jar:/home/neozeed/mc-loongson/.minecraft/libraries/org/lwjgl/lwjgl-opengl/3.2.2/lwjgl-opengl-3.2.2.jar:/home/neozeed/mc-loongson/.minecraft/libraries/org/lwjgl/lwjgl-glfw/3.2.2/lwjgl-glfw-3.2.2.jar:/home/neozeed/mc-loongson/.minecraft/libraries/org/lwjgl/lwjgl-stb/3.2.2/lwjgl-stb-3.2.2.jar:/home/neozeed/mc-loongson/.minecraft/libraries/org/lwjgl/lwjgl-tinyfd/3.2.2/lwjgl-tinyfd-3.2.2.jar:/home/neozeed/mc-loongson/.minecraft/libraries/com/mojang/text2speech/1.11.3/text2speech-1.11.3.jar:/home/neozeed/mc-loongson/.minecraft/libraries/com/ibm/icu/icu4j-core-mojang/51.2/icu4j-core-mojang-51.2.jar:/home/neozeed/mc-loongson/.minecraft/libraries/org/lwjgl/lwjgl/3.2.2/lwjgl-3.2.2.jar:/home/neozeed/mc-loongson/.minecraft/libraries/org/lwjgl/lwjgl-jemalloc/3.2.2/lwjgl-jemalloc-3.2.2.jar:/home/neozeed/mc-loongson/.minecraft/libraries/org/lwjgl/lwjgl-openal/3.2.2/lwjgl-openal-3.2.2.jar:/home/neozeed/mc-loongson/.minecraft/libraries/org/lwjgl/lwjgl-opengl/3.2.2/lwjgl-opengl-3.2.2.jar:/home/neozeed/mc-loongson/.minecraft/libraries/org/lwjgl/lwjgl-glfw/3.2.2/lwjgl-glfw-3.2.2.jar:/home/neozeed/mc-loongson/.minecraft/libraries/org/lwjgl/lwjgl-stb/3.2.2/lwjgl-stb-3.2.2.jar:/home/neozeed/mc-loongson/.minecraft/libraries/org/lwjgl/lwjgl-tinyfd/3.2.2/lwjgl-tinyfd-3.2.2.jar:/home/neozeed/mc-loongson/.minecraft/versions/1.15.2/1.15.2.jar net.minecraft.client.main.Main –username USERNAME –version “HMCL 3.2.139” –gameDir /home/neozeed/mc-loongson/.minecraft –assetsDir /home/neozeed/mc-loongson/.minecraft/assets –assetIndex 1.16 –uuid UUID –accessToken TOOOOKENNNNNN –userType mojang –versionType “HMCL 3.2.139” –width 854 –height 480

Naturally you’ll need your own username, token, uuid..

One thing is for sure, setting the graphics to higher details gives better performance. I suspect that it’s a matter of pushing more of the rendering to hardware, out of software mode.

I have it set to Fabulous! graphics, render distance of 25 chunks, no vysnc, clouds fast, mipmap level 2.

While it does take a while to load up, join the server, and do the initial world loading, you can watch all 4 cores run at 100%, but once it’s loaded in, it’s down to a single core at 100%, and the other 3 are hovering around 10-25%. So once jit’d and loaded in it seems to run okay.

They are jackhammering downstairs and I could make this 1 minute clip in a brief moment of peace. This is before I figured out that the more acceleration you give Minecraft, the faster it runs with the GPU doing the heavy lifting (I think).

Is this the machine for the Minecraft enthusiast? Hardly, but Minecraft is the Java success story, where a platform like this, a fringe non mainstream platform will run a commercial app. This is where the real portability of binutils/gcc/libc and Linux prove to be the winning platform.

Adding an Xserve RAID

Xserve Raid

So yeah, I wanted to get a ‘real’ SAN for a while, but they always cost too much.  So I just decided to look for something older, like a MSA-1000, which are surprisingly still expensive.  Failing that I thought about how I could get that MacPro 2010 for ~$300 so I said what the heck and picked up a super cheap 7TB fully loaded out Xserve RAID.

I got a PCI-133 LSI Logic “LSI7202XP” Fiber Channel card for my G5, as I figured that this stuff was of the same era, may as well configure it with a PowerPC.

Configure the LSI

After setting the LSI to 2GB and in point to point mode, the system needed a reboot, and it would report a link on the FC adapter. Great.

To actually configure the array, you need the Xserve RAID admin tool, along with a working copy of Java on your machine.  I downloaded version 1.5.1 which is thankfully still on Apple’s site. It runs fine from OS X 10.5, although the readme does make mention of 10.2, so perhaps it’d run there, although I didn’t feel like booting into 10.2 to find out.  By default the password for read only access is ‘public’ and for admin control it’s ‘private’. Yes just like SNMP community strings.

Finding the array

You need to connect the Xserve RAID to an Ethernet network.  I’ve only used the MSA’s and they let you configure them over the FC, but no so with Apple, it’s a Bonjour enabled service, so you don’t have to setup the Ethernet, just plug it in, and that’ll be good enough.

Creating the array is straight forward, however the SAN with it’s two controllers aren’t redundant, rather it’s really 2 SAN’s in one chassis with a left & right hand side.

A new disk appears!

So the solution is to use 2 connectors to the dual card, I have 2 DAC cables so I’m set.

But for now it’s just more so messing with the unit.  I’ll probably just set it in JBOD mode, and pass it up to something like Solaris 10 with ZFS exports.

Messing with the Microsoft JDBC Driver

Write once, debug everywhere!

Ugh so I was forced to setup something with JDBC. It’s been like forever since I have messed with Java in forever. So I thought I’d try something simple first. I found this very simple program to query against the NorthWind database from here.

// Import the SQL Server JDBC Driver classes 
import java.sql.*;

class Example 
{  
       public static void main(String args[]) 
       {  
       try  
       { 
            // Load the SQLServerDriver class, build the 
            // connection string, and get a connection 
            Class.forName("com.microsoft.sqlserver.jdbc.SQLServerDriver"); 
            String connectionUrl = "jdbc:sqlserver://ServerName;" + 
                                    "database=northwind;" + 
                                    "user=UserName;" + 
                                    "password=Password"; 
            Connection con = DriverManager.getConnection(connectionUrl); 
            System.out.println("Connected.");

            // Create and execute an SQL statement that returns some data.  
            String SQL = "SELECT CustomerID, ContactName FROM Customers";  
            Statement stmt = con.createStatement();  
            ResultSet rs = stmt.executeQuery(SQL);

            // Iterate through the data in the result set and display it.  
            while (rs.next())  
            {  
               System.out.println(rs.getString(1) + " " + rs.getString(2));  
            }

       }  
       catch(Exception e)  
       { 
            System.out.println(e.getMessage()); 
            System.exit(0);  
       } 
    } 
}

As you can see it’s pretty simple.  The server I’m using is on the default instance so I don’t need the instance name.  So first thing off, compile the program, and run it, right?

# ./javac sql.java
# ./java Example
com.microsoft.sqlserver.jdbc.SQLServerDriver

Well that’s great.  No doubt we actually need a driver from Microsoft, which surprisingly wasn’t too hard to find.  I’m sure the link will drift over the years, but right now here is the Microsoft JDBC Driver 6.2 for SQL Server.  From what I remember you would just use the jar flag, and be on your way.

# ./java -jar mssql-jdbc-6.2.2.jre8.jar Example
no main manifest attribute, in mssql-jdbc-6.2.2.jre8.jar

Great.  What’s this crap?

Well it turns out that you now need a Manifest.txt file.  Oh and the best part is that it needs a blank line at the end of the file.  So much time spent trying to figure that one out.

Manifest-Version: 1.0
Class-Path: mssql-jdbc-6.2.2.jre8.jar
Main-Class: Example

Ok, now to make my life easier I’m just going to throw this thing into a jar.

jar -cfm Example.jar Manifest.txt Example.class mssql-jdbc-6.2.2.jre8.jar

and now we get to the real fun, trying to get it to run.  My main testing SQL server is an ancient SQL Server 7.0 SP4 which I really need to just finally get around to upgrading.  While it’s served it’s time as a good base test instance, time has finally come to that point where nothing is going to talk to it anymore.  But while I was crazy enough to try to talk to it I got this fun error:

WARNING: ConnectionID:1 Prelogin error: host ServerName port 1433 Unexpected end of prelogin response after 0 bytes read

I guess the hint is the Prelogin, as it’s failing the higher security checks for the authentication.  So I quickly installed a 2003 server along with SQL Server 2005.  And oddly enough it was lacking the Northwind database, but I did find this great site, northwinddatabase.codeplex.com with a handy SQL script to generate the database.

Update the java file to point to the new server, and …

# ./java -jar Example.jar
Connected.
ALFKI Maria Anders
ANATR Ana Trujillo
ANTON Antonio Moreno
AROUT Thomas Hardy
….
WILMK Matti Karttunen
WOLZA Zbyszek Piestrzeniewicz

And there we go!  Hurrah!

Fun with Apache, (mod_proxy, mod_rewrite), stunnel, And AltaVista Personal search

As you may remember from my prior attempt at using Altavista Search I ran out of space, and found out it only serves pages on 127.0.0.1:6688 and is pretty much hardcoded to do so.  It’s a “fine” hyrid java 1.01 application, with the bulk of it being java.  I finally got around to setting up a VM, and unpacking all of the utzoo archives, and indexing them.  I should have done something about the IO because this took too long (KVM).

SIXTEEN HOURS!!!

SIXTEEN HOURS!!!

So to cheat the system, I installed stunnel as a simple https to http proxy, which let me access my search VM anywhere.  However it still embedded 127.0.0.1 in all the pages.

via stunnel

via stunnel

Enter an Apache reverse proxy to talk to stunnel to talk to AltaVista search!

First to enable a few modules:

a2enmod substitute
a2enmod proxy
a2enmod ssl
a2enmod proxy_http
a2enmod rewrite

And adding this into the config:

SSLProxyEngine On
ProxyPass “/altavista/” “https://10.12.0.16”
ProxyPassReverse “/altavista/” “https://10.12.0.16/”
ProxyRequests Off
RewriteEngine On
SetOutputFilter INFLATE;SUBSTITUTE;DEFLATE
AddOutputFilterByType SUBSTITUTE text/html
Substitute “s/1997/2016/ni”
Substitute “s/97/16/ni”
Substitute “s|127.0.0.1:6688|debian7/altavista|n”
Substitute “s|file:///C:\Program Files\DIGITAL\AltaVista Search\My Computer\images\|http://debian7/images/|n”
Substitute “s|launch=app||n”
Substitute “s|<a href=http://debian7/altavista/?pg=q&what=0&fmt=d|<!—|n”
Substitute “s|><strong>|—>|n”
Substitute “s|</strong></a>||n”
Substitute “s|>u:\|->u:\|n”

This let me redirect all of those requests into a VM called debian7 on the /altavista path.  I also copied the images to the apache server, and now I get something that looks correct!

Apache in the mix!

Apache in the mix!

I cut the results short… But here is a search of something simple:

About 16598 documents match your query.

About 16598 documents match your query.

I also killed all the ‘working URL’s that simply open a desktop application on the index ‘server’.  Naturally it was a personal service, but as a server this isn’t any good.  As such you can’t click on any search results now.  I need something else to figure out how to take the result blocks like “u:\b128\comp\databases\2852” and turn them into URL’s.

Also, as much as I want to re-index I would be best to cut off the headers, or most of them so the preview lines make sense.  Xref, Path, even From & Newsgroups don’t interest me.

I hate to leave it as ‘good enough’ but if anyone has a solution…. I’ll be glad to make this wonderful resource available!

Installing Microsoft Java on Windows 2000 SP4

So yeah, I’m using some old crap software, and it wants MS Java. Great. Ive installed Windows 2000 + SP4, IE6, and then to install MS Java and I get this error:

protected system component?

protected system component?

The Microsoft VM you are attempting to install is a protected system component and can only be updated with a later release of the operating system or service pack.

Well as far as I know, msjavx86-5.0.3810.0 is the last release of MS Java, so what to do?

Apparently all you have to do is rename it to ‘msjavwu.exe’ and it’ll install.

MS Java on IE6

MS Java in action

And there we go, Microsoft Java is working.

Thanks to the java test site that I’ve used over the years:

http://hp.vector.co.jp/authors/VA012735/applet/applets_en.htm

Hosting Minecraft as an experiment

So in the latest gamer news, everyone is freaking out about Valve allowing mod developers charge.  It’s amazing how quickly it’s fragmented the community in what was at 2 days before a Valve/GabeN worshiping reddit. (here/here/here/here and a rebuttal)

In the middle of all of this I saw this comment in passing:

Remember how that made me leave Mojang?

Remember how that made me leave Mojang?

So yeah, I never followed the whole Minecraft community thing, but apparently people were hosting servers, then asking users to pay for using mods, and even for using basic items.  And since most people who love Minecraft out there are kids, they were paying with their parents credit cards all over the place for server time, and server mods and whatnot, the parents would find out, and them blame Mojang over the entire thing.  So they banned paying servers (at least from what I understood).

So out of curiosity, since I’ve only really played single player, I thought I’d see how hard it is to run a Minecraft server.

First I’m going to create a Debian 7 VM on my ESXi server.  Nothing too fancy, I have an 8 core box with 8GB of ram, so I was thinking 2 vCPU’s and 384MB of ram, and a 4GB disk.  I mean it’s a simple game, how much can it need, right?

Turns out, it wants a LOT more.

So the install of the OS went pretty smooth, then I have to install Java, which is pretty simple:

apt-get install default-jdk

With that done, the next thing to do is download the server jar file from the download site, or for the purpose of my test, I’m using version 1.8.4.

When I went to run it however, I saw the recommended flags:

java -Xmx1024M -Xms1024M -jar minecraft_server.jar nogui

Ouch.  Yes this thing does expect 1GB of ram.  Ok, so I have to RAM and CPU to spare, so I went ahead and gave it 2GB (since I installed the x86 version of Debian..) and 4 vCPUs.

The next thing for me to do was to set it up on the internet, since I’m not in the office.  I have a VM out on the internet, with an OpenVPN back to my ESXi box for my email.  So without trashing my nat I could get xinetd do the dirty work with this simple entry:

 

root@VPS:/etc/xinetd.d# cat minecraft 
service minecraft
{
    disable         = no
    type            = UNLISTED
    socket_type     = stream
    protocol        = tcp
    user            = nobody
    wait            = no
    redirect        = 192.168.1.139 25565
    port            = 25565
}

Then restart xinetd like this:

 /etc/init.d/xinetd restart

Now with Minecraft running on my ESXi server, and my VPS now configured to forward traffic to the ESXi box over the OpenVPN connection I was all set to go!

And I was able to connect, and all was ‘good’.  But then checking the server…

htop on my Minecraft server

htop on my Minecraft server

545Mb of RAM!  And this is with one user!  And look @ the CPU.  Wow no kidding!

And then I noticed something else, the email performance went from OK to horrible.  I spent a lot of time playing with MTU’s receive and send buffers, and other ‘magic’ trying to get something working.  Since my ESXi server doesn’t have a direct internet connection (yuck) I’m in a shared office so it’s not only behind NAT, but I have a DLINK that I use behind their NAT.  And while the UDP protocol ‘works’, changing it to TCP gave me a 5x speed increase.

Very unexpected.

My own world..

My own world..

And not to forget, some helpful stuff for the server:

How do you shut down safely, from the console?

stop

What is the best way to run the server?

Probably behind screen. I started it from /etc/rc.local like this:

/usr/bin/screen -dmS minecraft /usr/local/minecraft/start.sh

start.sh is simply:

#!/bin/sh
cd /usr/local/minecraft/
java -Xmx1024M -Xms1024M -jar minecraft_server.jar nogui

How do I connect to the console?

screen -r minecraft

Remember in this case we gave the screen session a name so it’s easy to find.

How do I disconnect from the console

CONTROL+A+D

Why am I doing this?

I have no idea why. Honestly I find crafting in a game kind of tedious, but setting up a VPN, server and whatnot is more fun to me.

How about network performance?  Since it’s just me, I thought I should look inside the tunnel for a minute and see how big the capture file is:

# tcpdump -s 1520 -w 1.cap -n -i tun0 port 25565 & sleep 60;kill %1

This will run tcpdump for a minute on the default minecraft port, then after 60 seconds end the capture.

# ls -alh *.cap
-rw-r--r-- 1 root root 1.6M Apr 26 16:00 1.cap

Wow that was bigger than I thought. No wonder Minecraft people are always crying about latency! That translates to 213,33 Kbps or 0.21 Mbps.

Can it be compressed?

# gzip 1.cap
# ls -alh *.cap.gz
-rw-r--r-- 1 root root 680K Apr 26 16:00 1.cap.gz

Which then translates into 91,11 Kbps or 0.09 Mbps. Why people don’t compress their network stuff is beyond me, but then again what do I know?

I guess the next step would be to combine this with stunnel, which not only can encrypt the traffic, but compress it as well.

Microsoft Java

J++

I’ve been meaning to write something about the whole Microsoft foray into the Java language, and where we are today as a result. I know in 2012 it is hard to imagine a world where Java wasn’t just ignored or marginalized (don’t even pretend that Oracle buying out SUN didn’t drive people away) but rather there was a lot of excitement built around Java, and all the language companies were getting behind Java.  Yes this included Borland, and of course Microsoft.  And not to be left out of making a compiler, but Microsoft also wrote their own JVM, or Java virtual machine runtime.  Even more un Microsoft like, is that they provided Internet Explorer and their java on the Macintosh!

“Microsoft is offering a real Mac program at an incredibly attractive price: free. Plus, it comes with a few nifty tools you won’t find at http://www.netscape.com/: A good Java virtual machine and just-in-time compiler, which allows you to run Java applets anywhere, not just in your browser, and even a small but robust Web server.”MacWEEK “Microsoft may have won the browser war”

Joanna Pearlstein February 28, 1997

In this brief period of cross platforming products, Microsoft also had Internet explorer for the SUN, and HP workstations (Solaris/HPUX).Even back in 1997 – 1998 Microsoft was going strong on Java, to the point they were re-writing their website to use as much java/javascript as possible, they had even created DHTML the underpinnings for what we call AJAX today.  Microsoft however didn’t capitalize a new server platform and branding for their J++, but rather relied on NT 4.0 and IIS.  Not that this was ‘bad’ or unexpected, but notice that they considered this a lesson learned in marketing and pushed for a .net server although the car people had their win to rename it to 2003.The other thing of course, was that from the 1.0 to 1.1 specification of Java, Microsoft didn’t wait for SUN to fix the language, they instead took it upon themselves to do so, and of course added in lots of Windows only functionality. This of course led to the protracted lawsuit that won Sun a nice chunk of cash, and pushed Microsoft out of the Java business. Not to have had all that effort wasted, Microsoft then took the JVM and retooled it into the .net platform that we all know and love today.  And while SUN was busy trying to make Java the new business COBOL, Microsoft has been making the .net platform business cobol, by letting people choose what language they wish to use, even… COBOL (from Fujitsu IIRC).Installing J++

So on the weekend I came across this book on “Web programming” which I’d usually laugh at for being obsolete and ignore, but it proudly mentions that the included CD includes the ‘publishers’ version of J++ 1.0!  So I checked the book, and yes the CD is still there! So for the 2-3 people that care, I even packaged this fifteen year old oddity. It’s demanding requirements are NT 4.0, or Windows 95 with sixteen (Yes sixteen!) megabytes of ram, and 100MB of free disk space.  Personally I just installed it in a blank NT 4.0 unpatched VM. It’ll install IE 3 along with it, and version 1.00.6211 of the Microsoft JVM.

Naturally even emulated, on a 3Ghz CPU with a gigabytes worth of RAM it runs and compiles quite quickly.

Hello!

I know it isn’t much  to look at, and the download is small it is quite neat for the age/size… But yes, even ‘modern’ java can run “well behaved” J++ apps..

Running my J++ 1.0 hello program

As part of the trial though Microsoft had to pull everything with the JVM in it, and that included IE 3.0 “full”, 4.0 and 5.0/5.5 .. Even Windows 2000 sp3, and prior had to go.  Yes this is also why Office 97 & SQL 7 are gone from the MSDN downloads.  Maybe its my nostalgia but I really did like the 1997-1998 era and their applications.  The only reason I “upgraded” out of Outlook 98 was that 2003 can connect to Exchange 2003/2007 servers with a built in HTTP connection so I don’t have to VPN to send/receive email.

I nearly forgot about this ancient page with some applettes. Amazingly they still run.. Since my experience with Java has been largely write once, debug everywhere…