Renewing Puppet CA and puppet master certificates

My two Puppet deployments are just about to turn 5 years old, and as such, the CA and puppet master certificates are just about to expire. The documentation online seem to suggest the only way to renew these certs is by deleting the /var/lib/puppet/ssl directory and getting Puppet to renew them. This would mean renewing all the certificates of all the nodes at the same time. Even the official Puppet docs suggest this is the way too.( ) The way I will describe renews the CA certificate and puppetmaster certificate in a way which is still trusted by every existing host. First, copy the important files to a new directory # mkdir /root/puppet_renewal # cd /root/puppet_renewal # mkdir /root/puppet_renewal/ca # mkdir /root/puppet_renewal/puppetmaster # mkdir /root/puppet_renewal/puppetmaster/private_keys # mkdir /root/puppet_renewal/puppetmaster/certs # cp /var/lib/puppet/ssl/ca/ca_key.pem /root/puppet_renewal/ca #

Ubuntu Precise Pangolin 12.04 issues

In no particular order, things I have found different with Precise 12.04 compared with previous versions: idmapd has changed the location of the Pipefs-Directory. If your uid is generic, and name resolution doesn't seem to work when using NFS4 on Precise, make sure your Pipefs-Directory is set to: Pipefs-Directory = /run/rpc_pipefs It used to be Pipefs-Directory = /var/lib/nfs/rpc_pipefs More as I find them!

Suspend and boot problems - X220 and Oneiric 11.10

My brand new Lenovo X220 on Ubuntu Oneiric 11.10 had this weird problem where it would boot occasionally into Ubuntu, but other times it would start booting, but reboot before it hit grub or Xorg. Upon reboot, it would go to grub, but hang there waiting for me to hit enter (i.e. didn't auto boot). Suspend didn't work either. It would always suspend, but upon opening the lid, it would reboot, and hang at grub (just like the booting problem). I initially thought it was due to the Active Protection System that stops the hard drive from being damaged -  and wanted to turn it off (due to having an SSD). I also played with CPU and PCI power management settings in the BIOS. Nothing worked. I then researched kernel options that could work. I found the kernel option for disabling extended C-States. This worked great! 5 days so far without a single reboot either booting or coming out of suspend. To do it: Edit /etc/default/grub (as root) GRUB_CMDLINE_LINUX="intel_idle.m

2gb deb package limit

I have been creating Matlab 2011b deb packages for my Ubuntu fleet, and have encountered problems as apt currently doesn't like packages > 2gb. You get errors like: size mismatch and something went wrong and negative sizes during the download and install of the deb package. There is currently open bugs dealing with fixing it, but in the mean time, I have figured out a nice way to get around it. Change the default compression! Instead of: dpkg-deb -b <folder> <deb package name> try dpkg-deb -Zlzma -b <folder> <deb package name> It shrunk my 2.4gb deb package to 1.95gb, and hence doesn't fall foul of the 2gb size limit!

OpenGL on Ubuntu

Trying to install Geant4 on a Ubuntu VM, and enable the OpenGL extensions Complains about missing OpenGL during configure 1) apt-get install libx11-dev mesa-common-dev 2) Point Geant4 to /usr for OpenGL (file is actually at /usr/include/GL/gl.h)


So I'm trying out RHEL6 to install on my new NFS server. All is going well, until it comes to getting LDAP user information. The new setup on RHEL6 is to use the SSS daemon. It is configured using authconfig. My LDAP database requires TLS, and simple binding to get any user information, including just NSS related stuff. So, I thought that would mean just running this command: authconfig --enableshadow --enablesssd --disablesssdauth --enablecache --enablelocauthorize --update This results in: [domain/LDAP] id_provider = ldap #auth_provider = ldap ldap_schema = rfc2307 ldap_uri = ldap://***** ldap_search_base = ***** ldap_default_bind_dn = ***** ldap_default_authtok_type = password ldap_default_authtok = ****** ldap_tls_reqcert = demand cache_credentials = true enumerate = true entry_cache_timeout = 5400 ldap_tls_cacert = /etc/pki/tls/certs/ca-bundle.crt But, doing a /etc/init.d/sssd restart doesn't make user information work. id username yields an

Compiling tun.ko for Android - OpenVPN

I have a Xoom, and a Galaxy S, and need to be able to compile my own tun.ko for the kernel version I have. As you all know, if the kernel version of the module you are trying to insert isn't the same, it won't insert, and will give you errors like: <3>[95175.874872] tun: version magic ' SMP preempt mod_unload ARMv7 ' should be ' SMP preempt mod_unload ARMv7 ' in dmesg. We need to compile the module for the right version of the kernel Download the Kernel source - normally from . The Xoom can be found at , and the Galaxy S can be found at . Use $ pwd    /scratch/xoom $ git clone  to clone the Xoom kernel source Copy your old kernel config from your device $ pwd    /scratch/xoom $ adb pull /proc/config.gz $ gunzip co