Archive for the ‘System Administration’ Category

Puppetmaster cert change

August 6th, 2014 No comments

Some day I will need this. Hat tip to Nan Liu.

From the puppet-users mailing list

Backup your puppet master ssl directory, so you can just retry if something didn’t go as planned.

# note all certificate alt names of the existing puppet master cert:
puppet cert -la | grep oldmaster
(alt names "DNS:puppet", "DNS:puppet-master", "DNS:puppet.mgmt", )
# remove your old puppet master cert.
puppet cert -c oldmaster
# search the ssl dir and it should not have any files with the oldmaster certname
# generate new master cert (same name as old one, but accept new_hostname in dns_alt_names):
puppet cert -g oldmaster --dns_alt_names=new_hostname,puppet,puppet-master,puppet.mgmt
# you may need to copy the files to some locations if you found files not removed after the cert clean step

At this point you can add a host entry on one of your agents and test via:
puppet agent -t –server new_hostname –noop

You should not have to touch any client cert, that’s only necessary if you need to change your CA cert which is a pain when it expires.



Categories: System Administration Tags:

rpmconf and vimdiff

August 5th, 2014 No comments

I was reading through the Foreman upgrade notes today and came across this gem:

rpmconf -a --frontend=vimdiff

Gives a great side-by-side view of all those .rpmnew files that get created as part of an install so you can reject, accept, or merge the differences. I like it.

Categories: System Administration Tags:

Living with Cisco Anyconnect on OSX

July 22nd, 2014 2 comments

Took me a bit to figure this out, but I needed to override the DNS settings forced upon me by the Cisco Anyconnect client. Unfortunately, $WORK is moving away from the IPSEC VPN in favor of the SSL VPN, so the native Mac client (where I could set DNS servers by hand in advanced settings) no longer works.

To override the settings handed down, I made use of the scutil command and crafted a short script to update the settings. I’ll probably expand the script to actually launch Anyconnect and wait for the tunnel to come up and apply the settings to make things easier on me, but in the meantime here’s the relevant bits.


sudo scutil <

2 TB Virtual Disks in VMware

July 17th, 2013 No comments

When creating a 2TB disk in VMware, if you want to take snapshots do not configure the disk as 2TB, but rather 2032GB to account for the overhead. See

HP Data Protector unable to backup file

March 20th, 2013 No comments

Occasionally, HP Data Protector will be unable to back up a file because of memory constraints. You will get a message something like:

Cannot read X bytes at offset YYYYY(:1): ([1450] Insufficient system resources exist to complete the requested service. ).

The solution lies here:

Categories: System Administration Tags:

Time conversion gymnastics in Python

February 5th, 2013 No comments

I was recently working with a sqlite3 database using the DATETIME(‘now’) SQL construct to save the time a row was updated. This results in a format of e.g. 2013-02-05 17:50:42, which is in UTC. In order to display this in local time, I did the following gymnastics:

import calendar,time
time.strftime("%Y-%m-%d %H:%M:%S", time.localtime(calendar.timegm(time.strptime(thetimefromdb, "%Y-%m-%d %H:%M:%S"))))

Is there a better way?

CentOS 6 Kickstart Encrypted Password

January 21st, 2013 No comments

To create the SHA256 encrypted password for a CentOS 6 kickstart file:

python -c 'import crypt; print(crypt.crypt("Password", "$6$Salt"))'

Juniper Network Connect on CentOS 6

January 15th, 2013 No comments

The best method for making this work seems to be a 32-bit firefox (even on 64-bit CentOS/RHEL). The trick is that the NC installer launches xterm directly to prompt for a root password – so the following RPMs should be installed before launching the SSL VPN site:

* xterm
* firefox.i686
* libXtst.i686
* libcurl.i686
* gtk2-engines.i686
* alsa-plugins-pulseaudio.i686
* PackageKit-gtk-module.i686