You can run the following command to list the content of your keystore file (and alias name):
keytool -v -list -keystore .keystoreIf you are looking for a specific alias, you can also specify it in the command:
keytool -list -keystore .keystore -alias fooIf the alias is not found, it will display an exception:
keytool error: java.lang.Exception: Alias does not exist
In Java, it turns out that field accessors get cached, and using accessors has side-effects. For example:
class A {
private static final int FOO = 5;
}
Field f = A.class.getDeclaredField("FOO");
f.setAccessible(true);
f.getInt(null); // succeeds
Field mf = Field.class.getDeclaredField("modifiers" );
mf.setAccessible(true);
f = A.class.getDeclaredField("FOO");
f.setAccessible(true);
mf.setInt(f, f.getModifiers() & ~Modifier.FINAL);
f.setInt(null, 6); // fails
whereas
class A {
private static final int FOO = 5;
}
Field mf = Field.class.getDeclaredField("modifiers" );
mf.setAccessible(true);
f = A.class.getDeclaredField("FOO");
f.setAccessible(true);
mf.setInt(f, f.getModifiers() & ~Modifier.FINAL);
f.setInt(null, 6); // succeeds
Here’s the relevant bit of the stack trace for the failure:
java.lang.IllegalAccessException: Can not set static final int field A.FOO to (int)6
at sun.reflect.UnsafeFieldAccessorImpl.throwFinalFieldIllegalAccessException(UnsafeFieldAccessorImpl.java:76)
at sun.reflect.UnsafeFieldAccessorImpl.throwFinalFieldIllegalAccessException(UnsafeFieldAccessorImpl.java:100)
at sun.reflect.UnsafeQualifiedStaticIntegerFieldAccessorImpl.setInt(UnsafeQualifiedStaticIntegerFieldAccessorImpl.java:129)
at java.lang.reflect.Field.setInt(Field.java:949)
These two reflective accesses are of course happening in very different parts of my code base, and I don’t really want to change the first to fix the second. Is there any way to change the second reflective access to ensure it succeeds in both cases?
I tried looking at the Field object, and it doesn’t have any methods that seem like they would help. In the debugger, I noticed overrideFieldAccessor is set on the second Field returned in the first example and doesn’t see the changes to the modifiers. I’m not sure what to do about it, though.
If it makes a difference, I’m using openjdk-8.
Solution:
If you want the modifier hack (don’t forget it is a total hack) to work, you need to change the modifiers private field before the first time you access the field.
So, before you do f.getInt(null);, you need to do:
mf.setInt(f, f.getModifiers() & ~Modifier.FINAL);
The reason is that only one internal FieldAccessor object is created for each field of a class (*), no matter how many different actual java.lang.reflect.Field objects you have. And the check for the final modifier is done once when it constructs the FieldAccessor implementation in the UnsafeFieldAccessorFactory.
When it is determined you can’t access final static fields (because, the setAccessible override doesn’t works but non-static final fields, but not for static final fields), it will keep failing for every subsequent reflection, even through a different Field object, because it keeps using the same FieldAccessor.
(*) barring synchronization issues; as the source code for Field mentions in a comment:
// NOTE that there is no synchronization used here. It is correct
(though not efficient) to generate more than one FieldAccessor for a
given Field.
{%- if salt['pillar.get']('elasticsearch:config') %}
/etc/elasticsearch/elasticsearch.yml:
file.managed:
- source: salt://elasticsearch/files/elasticsearch.yml
- user: root
- template: jinja
- require:
- sls: elasticsearch.pkg
- context:
config: {{ salt['pillar.get']('elasticsearch:config', '{}') }}
{%- endif %}
2. Create multiple directories if it does not exists
{% for dir in (data_dir, log_dir) %}
{% if dir %}
{{ dir }}:
file.directory:
- user: elasticsearch
- group: elasticsearch
- mode: 0700
- makedirs: True
- require_in:
- service: elasticsearch
{% endif %}
{% endfor %}
3. Retrieve a value from pillar:
{% set data_dir = salt['pillar.get']('elasticsearch:config:path.data') %}
4. Include a new state in existing state or add a new state:
a. Create/Edit init.sls file
Add the following lines
include: - elasticsearch.repo - elasticsearch.pkg
5. Append a iptables rule:
iptables_elasticsearch_rest_api:
iptables.append:
- table: filter
- chain: INPUT
- jump: ACCEPT
- match:
- state
- tcp
- comment
- comment: "Allow ElasticSearch REST API port"
- connstate: NEW
- dport: 9200
- proto: tcp
- save: True
(this appends the rule to the end of the iptables file to insert it before use iptables.insert module)
6. Insert iptables rule:
iptables_elasticsearch_rest_api:
iptables.insert:
- position: 2
- table: filter
- chain: INPUT
- jump: ACCEPT
- match:
- state
- tcp
- comment
- comment: "Allow ElasticSearch REST API port"
- connstate: NEW
- dport: 9200
- proto: tcp
- save: True
7. REplace the variables in pillar.yml with the Jinja template
/etc/elasticsearch/jvm.options:
file.managed:
- source: salt://elasticsearch/files/jvm.options
- user: root
- group: elasticsearch
- mode: 0660
- template: jinja
- watch_in:
- service: elasticsearch_service
- context:
jvm_opts: {{ salt['pillar.get']('elasticsearch:jvm_opts', '{}') }}
Then in elasticsearch/files/jvm.options add:
{% set heap_size = jvm_opts['heap_size'] %}
-Xms{{ heap_size }}
8. Install elasticsearch as the version declared in pillar
elasticsearch: #Define the major and minor version for ElasticSearch version: [5, 5]
Then in the pkg.sls you can install the package as follwos:
include:
- elasticsearch.repo
{% from "elasticsearch/map.jinja" import elasticsearch_map with context %}
{% from "elasticsearch/settings.sls" import elasticsearch with context %}
## Install ElasticSearch pkg with desired version
elasticsearch_pkg:
pkg.installed:
- name: {{ elasticsearch_map.pkg }}
{% if elasticsearch.version %}
- version: {{ elasticsearch.version[0] }}.{{ elasticsearch.version[1] }}*
{% endif %}
- require:
- sls: elasticsearch.repo
- failhard: True
failhard: True so that the state apply exits if there is any error in installing elasticsearch.
9. Reload Elasticsearch daemon after change in elasticsearch.service file
elasticsearch_daemon_reload:
module.run:
- name: service.systemctl_reload
- onchanges:
- file: /usr/lib/systemd/system/elasticsearch.service
10. Install the plugins mentioned in pillar
{% for name, repo in plugins_pillar.items() %}
elasticsearch-{{ name }}:
cmd.run:
- name: /usr/share/elasticsearch/bin/{{ plugin_bin }} install -b {{ repo }}
- require:
- sls: elasticsearch.install
- unless: test -x /usr/share/elasticsearch/plugins/{{ name }}
{% endfor %}
11. Enable and auto restart elasticsearch service after file changes.
elasticsearch_service:
service.running:
- name: elasticsearch
- enable: True
- watch:
- file: /etc/elasticsearch/elasticsearch.yml
- file: /etc/elasticsearch/jvm.options
- file: /usr/lib/systemd/system/elasticsearch.service
- require:
- pkg: elasticsearch
- failhard: True
12. Custom Error if no firewall package set
firewall_error:
test.fail_without_changes:
- name: "Please set firewall package as iptables or firewalld"
- failhard: True
13. Install openjdk
{% set settings = salt['grains.filter_by']({
'Debian': {
'package': 'openjdk-8-jdk',
},
'RedHat': {
'package': 'java-1.8.0-openjdk',
},
}) %}
## Install Openjdk
install_openjdk:
pkg:
- installed
- name: {{ settings.package }}
14. Install package firewalld
firewalld_install:
pkg.installed:
- name: firewalld
15. Adding firewall rules
elasticsearch_firewalld_rules:
firewalld.present:
- name: public
- ports:
- 22/tcp
- 9200/tcp
- 9300/tcp
- onlyif:
- rpm -q firewalld
- require:
- service: firewalld
16. Enable and start firewalld service
firewalld:
service.running:
- enable: True
- reload: True
- require:
- pkg: firewalld_install
A Passionate Techie 