LINUX CA Certificate Deployment

Creating an in house signing [aka CA] certificate is a common practice; this allows you to generate free cerficates for internal use. For Windows hosts distributing this CA certificate to all the clients and relevant servers can be accomplished using Active Directory GPOs. Certificate management on LINUX hosts on the other hand has always been a swamp of tedium where the certificates often need to be configured into each client or service. Recent distributions have eased this process considerably by including a quasi-standardized set of scripts and certificate store locations.

Ghostscript Font Testing

Viewing fonts on a screen and printing fonts to a printer are two different paths. Printing on LINUX almost always involves Postscript - of which PDF is a subtype - and the primary engine for creating or modifying Postscript is the Ghostscript package. Given the display path and the print path it is important to verify that a custom or third-party font is correctly installed and is working in Ghostscript.

Overrides With SSSD

LINUX has long been plagued with a rather lousy identity management scheme. Beyond the limitations of POSIX's getent and related calls [which can be very inefficient] the attempts to stub in network-aware identity services such as LDAP have only piled onto the rough edges. NSCD attempted to work around performance problems via caching - and did not do very well. Then was NSLCD the next evolution of NSCD which was better, but still inflexible. Identity management in more complex networks is a tedious business and what administrators need more than anything else is flexibility.

Some Random xsltproc Tips

The xsltproc command allows the processing of an XML document with an XSLT template.

xsltproc rentalouts.xslt rentalouts.xml

Text 1: Perform the transform "rentalouts.xslt" on the document "rentalouts.xml".

A lesser known feature of xsltproc is the ability to pass parameters - these become XSLT variables - to the transformation.

Paramiko's SFTPFile.truncate()

Paramiko is the go-to module for utilizing SSH/SFTP in Python. One one the best features of Paramiko is being able to being able to SFTPClient.open() a remote file and simply use it like you would use a local file. SFTPClient's open() returns an SFTPFile which is a file-like object that implements theoretically the same behavior as Python's native file object.

But the catch here is file-like. It is like a file, except when it is not like a file.

Testing A WINS Server

On a CIFS/SMB domain the WINS service is critical for proper function [some things use WINS, some things use DNS, it is terribly confusing, but it is what it is]. DNS is relatively easy to test and you will likely know right away if it isn't working. But before adding those new DCs to your dhcpd.conf file -

option netbios-name-servers 192.168.1.78, 192.168.1.79, 192.168.1.65;

... it would be nice to be equally confident WINS is operating as expected.

Remotely Restarting The Management Agents On ESXi 5.x

The ESXi management agents can be restarted from the host's console - which is not very convenient. Fortunately they can also be restarted remotely using the SSH & ESXi Shell services - but these are not enabled by default.

In Virtual Center select the host, then the Configuration tab. In the security section select Services and Properties in order to enable ESXi Shell and SSH. For both services perform a manuals start.

Uncoloring ls

By default on every recent shell the output of ls is colorized. This is a great feature - but it makes using terminals that use a non-standard [not(background==black)] color-scheme awkward.  Things just disappear;  try reading directory name displayed in yellow on a yellow background.  It is difficult.
How this colorization gets setup in openSUSE is that that the ls command is aliased to "ls --color=auto".  You can see this aliasing using the alias command.

Please No 169.254/16

When you bring up at new LINUX OS installation it will typically [at least in the case of CentOS] have a route of 169.254/16 on every interface. These routes are used to support the good and virtuous feature known as "zeroconf". Sometimes however you do not want that route noise - especially if the host is going to be operating as a router or firewall. Fortunately disabling this feature for this specific use-case is easy.

The Quest For The Lost Pointer

On the screen you have a pointer - it points at thing! It is used to point at, select [highlight], drag, and numerous other things. The mouse pointer has been there and looked more-or-less the same for decades now; my pointer in GNOME Shell looks and works almost identically to the pointer I had on my GEOS desktop (1986). It has stayed the same because it works.

Pages

Theme by Danetsoft and Danang Probo Sayekti inspired by Maksimer