Monday, September 27, 2021

scripts to copy publicly available files from Alfresco

There was a requirement to back up all the files in an Alfresco repository to a filesystem. A google shared drive mounted using rclone was used in this case. 

Caveat - rclone mounted gdrive is excruciatingly slow when there are a large number of files in the destination folder, even when using your own client id. It's much better to use some other remote mount like a remote local drive or something like that, and then upload from there to google drive. 

Anyway, the scripts and sql used in this case are listed at https://github.com/hn-88/bashDLalf
which uses the grep -v method to remove lines containing specific substrings.

(We did not use these bulk scripts because only a sample "site" was configured on our installation. And this Alfresco Bulk Export tool needed the Alfresco war file to be modified etc, which I was hesitant to do.)

Edit: 5 May 2022 - Got an email from Google, "OAuth out-of-band (OOB) flow will be deprecated on October 3, 2022, to protect users from phishing and app impersonation attacks." ... "Apps using OOB in testing mode will not be affected." ... etc. 

The client ID I had created for rclone was indicated in the email. So, I deleted that client ID, since I'm currently not using it. 

Sunday, September 26, 2021

mysql timeouts with DBeaver

When doing custom queries on a remote MySQL server, DBeaver was timing out and I would need to "Invalidate/Reconnect" the connection every time. Found this old discussion about it, in my case the solution was to change the timeout from 20000 to 2000000 in the menu item
Database -> Driver Manager -> MySQL -> Driver properties tab



Tuesday, September 07, 2021

website connection issues - most probably client-side DNS misconfiguration

One of our websites was not responding when trying to connect with Chrome incognito tab from offices behind a Sophos network security appliance. Interestingly, the error message shown was "xx.yy.zz.kk refused to connect" with the relevant IP address being an Airtel address and not a github/cloudflare address as it should be, since the website was hosted on github with cloudflare proxying. 

Most probably this was due to some sort of misconfigured DNS, I guess, since V reported that it was working after the alt DNS IP 8.8.8.8 was added along with cyberoam's IP address (which was primary DNS) in the wireless router.

But the fact that only incognito tabs had this issue was interesting. Maybe due to this - in incognito mode, Chrome seems to be connecting to dns in a different manner, which seemed to have the issue - https://blog.google/products/chrome/more-intuitive-privacy-and-security-controls-chrome/

Friday, September 03, 2021

fresh moodle installation

Earlier, I had just duplicated moodle installations by backing up and restoring. Now a fresh install, for which:

  1. Set up the moodle files using git as in my previous post.

  2. Logged on to the database server, and created the required database and user as mentioned in the documentation - not as a single command, which doesn't seem to work, but as separate commands. Since the user is not on localhost, it is currently set up as 'username'@'%'
    mysql> CREATE DATABASE moodle DEFAULT CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
    mysql> CREATE USER moodleuser@'%' IDENTIFIED BY 'yourpassword';
    mysql> GRANT SELECT,INSERT,UPDATE,DELETE,CREATE,CREATE TEMPORARY TABLES,DROP,INDEX,ALTER ON moodle.* TO moodleuser@'%';



  3. Caveat - must log in as root with mysql -u root -p before doing the above, since other mysql users don't have all the required permissions. In this case, the root user's password was similar to the other user's password.

  4. Ran the installation from the CLI. The first time I ran it, www-data user could not write to that directory. So, changed the permissions to allow group write -
    chmod g+w the_git_dir
    cd the_git_dir
    sudo -u www-data php admin/cli/install.php

    This took quite a while - around 5 minutes - for all the database table creation etc. So, probably it would have been wiser for me to do this in a screen session. 

  5. Then made the site available via apache, with a letsencrypt certificate:
    cd /etc/apache2/sites-available
    sudo cp anothersite.conf thissite.conf
    sudo nano thissite.conf
    sudo a2ensite thissite.conf
    sudo systemctl reload apache2
    sudo certbot --apache


delete a user in mysql

I had created a user in mysql but was unable to run scripts as that user. Reason was that special characters were present in the password, which we should avoid. So, deleted and re-created. 

mysql -u root -h servername.tld -p mysql
SELECT User,Host FROM mysql.user;
REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'whicheveruser'@'localhost';
DROP USER 'whicheveruser'@'localhost';