Category Archives: Java

Surprised by Github; their RSA SSH host key has been updated in the last week of March

Trying to push some new code to github, I’ve received the following thing:

PS D:\projects\SimpleBank> git push -u origin main -v
Pushing to github.com:andonescu/tpg-simple-bank.git
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
SHA256:uNiVztksCsDhcc0u9e8BujQXVUpKZIDTMczCvj3tD2s.
Please contact your system administrator.
Add correct host key in /c/Users/en_ia/.ssh/known_hosts to get rid of this message.
Offending RSA key in /c/Users/en_ia/.ssh/known_hosts:1
RSA host key for github.com has changed and you have requested strict checking.
Host key verification failed.
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

It looks like things have changed: https://github.blog/2023-03-23-we-updated-our-rsa-ssh-host-key/

To overpass this locally, the solution is simple (just to remove the old key):

ssh-keygen -R github.com

Java BackPressure Example generated with ChatGPT

Trying to play with chatGPT I requested to generate a java code that uses backpressure when running high intensive tasks.

This is what I’ve received, and I find it a good start point

import java.util.concurrent.*;

public class BackPressureExample {

private static final int MAX_QUEUE_SIZE = 10;
private static final int MAX_CONCURRENT_TASKS = 4;
private static final int NUM_TASKS = 20;

public static void main(String[] args) {
// Create a bounded blocking queue with a capacity of MAX_QUEUE_SIZE
BlockingQueue<Runnable> queue = new ArrayBlockingQueue<>(MAX_QUEUE_SIZE);

// Create a new executor service with a fixed pool of MAX_CONCURRENT_TASKS threads
ExecutorService executor = new ThreadPoolExecutor(MAX_CONCURRENT_TASKS, MAX_CONCURRENT_TASKS,
0L, TimeUnit.MILLISECONDS, queue);

// Submit NUM_TASKS tasks to the executor, with backpressure
for (int i = 0; i < NUM_TASKS; i++) {
try {
// Wait until there is available space in the queue
queue.put(new Task(i));
} catch (InterruptedException e) {
System.err.println("Task submission interrupted: " + e.getMessage());
}
}

// Shutdown the executor and wait for all tasks to complete
executor.shutdown();
try {
executor.awaitTermination(Long.MAX_VALUE, TimeUnit.NANOSECONDS);
} catch (InterruptedException e) {
System.err.println("Tasks interrupted: " + e.getMessage());
}
System.out.println("All tasks completed");
}

private static class Task implements Runnable {
private int id;

public Task(int id) {
this.id = id;
}

public void run() {
System.out.println("Task " + id + " started by thread " + Thread.currentThread().getName());
try {
// Perform some work
Thread.sleep(1000);
} catch (InterruptedException e) {
System.err.println("Task " + id + " interrupted: " + e.getMessage());
}
System.out.println("Task " + id + " completed by thread " + Thread.currentThread().getName());
}
}
}

How to Detect Memory Leaks in Java* +: Tips and Tricks

First thing: LOGS

JVM generates can generate 3 types of logs, to help you optimise the performance.

  1. GC log
  2. Thread Dump
  3. Heap Dump

Check GC algorithm

With Java 11+, G1 algorithm is the default one. For java8+ version, this new algorithm needs to be enabled explicitly.

Useful tools:

  • JConsole –
  • JFR
    Be aware that not all java versions 8+ are compatible with it.
  • https://gceasy.io/ – 5 Free Analysis/Month | No Credit Card Required – and it requires account
  • https://github.com/GCPlot/gcplot – this can be run on docker using the following command
    docker run -d -p 80:80 gcplot/gcplot
  • JVisualVM

Gitlab Step w/ Sonar

Once with running docker images inside a continuation integration pipeline, things got to a new level.

One improvement, we can see it for static code analysis, where there is no need of having a separate instance of sonar, we can have it on the fly.

So, to have a step for this scenario, the CI pipeline, will need to:

  • lunch a Sonar instance
  • maybe add some configurations/plugins
  • run static analysis with the sonar instance
  • using Sonar API to retrieve the entire coverage

    - docker run -d --name sonarqube-$CI_BUILD_ID sonarqube

# if we want to add a plugin just copy it to the running image / eg. sonar
    - wget https://github.com/gabrie-allaigre/sonar-gitlab-plugin/releases/download/3.0.2/sonar-gitlab-plugin-3.0.2.jar
    - docker cp sonar-gitlab-plugin-3.0.2.jar sonarqube-$CI_BUILD_ID:/opt/sonarqube/extensions/plugins/sonar-gitlab-plugin-3.0.2.jar
    - docker restart sonarqube-$CI_BUILD_ID

# normal step run test & sonar analysis, giving the path to the sonar instance
    - export SONAR_IP=`docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' sonarqube-$CI_BUILD_ID`
    - ./gradlew test sonarqube -Dsonar.host.url=http://$SONAR_IP:9000

The additional scripts used by this step are the following:

generate-sonar-token.sh

#!/bin/bash
# Inspired from  https://gist.github.com/cjus/1047794

SONAR_IP=$1
PROP=$2
NAME=$3

function jsonval {
    temp=`echo $json | sed 's/\\\\\//\//g' | sed 's/[{}]//g' | awk -v k="text" '{n=split($0,a,","); for (i=1; i<=n; i++) print a[i]}' | sed 's/\"\:\"/\|/g' | sed 's/[\,]/ /g' | sed 's/\"//g' | grep -w $PROP`
    echo ${temp##*|}
}

json=`curl -u admin:admin -d "name=$NAME" -H "Content-Type: application/x-www-form-urlencoded" -X POST http://$SONAR_IP:9000/api/user_tokens/generate`

data=`jsonval`

echo $data

And `validate-sonar.sh` uses two scripts (maybe with time I will update them)

  • The bash scripts calls a specific python script with the coverage details retrieved from SONAR
#!/bin/bash

SONAR_TOKEN=$1

SONAR_URL=$2

sonar=$(curl -u $SONAR_TOKEN: "$2/api/measures/component?component=d2&metricKeys=coverage")

echo $sonar

exitValue=$(python ci/sonar-coverage.py $sonar 2>&1)

echo $exitValue

exit $exitValue

The python script `sonar-coverage.py` will validate if the coverage retrieved from sonar fulfills or not, the expected value of the project

import json
import sys
from decimal import Decimal

resp = json.loads(sys.argv[1])

# extract the coverage value
val = Decimal(resp['component']['measures'][0]['value'])

if val >= 80:
    print 0
else:
    print 1

When the entire step is finished, it will be nice to do some cleanup.

  after_script:
    - docker stop sonarqube-$CI_BUILD_ID
    - docker rm sonarqube-$CI_BUILD_ID

java opts

Useful java opts used by my servers … with time, permSize value will increase

-Xms512m -Xmx1024m -XX:NewSize=256m -XX:MaxNewSize=256m -XX:PermSize=256m -XX:MaxPermSize=256m -XX:+DisableExplicitGC