AWS Certification and Training

Cloud has been a hot topic for more than 10 years, but I started my cloud adventure only recently, mainly focusing on managing infrastructure on AWS.

In the current situation, staying at home can be boring, and I must find a goal for myself out of work. So I prepared for the AWS Certified Solutions Architect – Associate exam and passed it this week.

Well, it’s kind of work-related, but I have more meaningful goals for work than that. Certification systems are games designed by software/hardware vendors or training institutes to fortify and grow their ecosystems. Instead of playing computer games, I played this one. It’s healthier than computer games and may help me expand my knowledge a little.

Continue reading AWS Certification and Training

DHCP Does Not Set Default Gateway

We are using a DHCP CNI plugin to setup networking for Kubernetes pods. On a node (CentOS) that looked just like other nodes, we noticed that the pods were not getting their default gateways set (they don’t have a default route).

After spending a lot of time checking configurations of DHCP server, switches, and the way the nodes had been connected, we concluded that the problem was with the node itself.

Continue reading DHCP Does Not Set Default Gateway

Taking Markdown Notes with Visual Studio Code

There are numerous note-taking solutions on the web, and never-ending discussions comparing the pros/cons of them. One easily gets lost when searching for an ideal solution for themselves. You hate Evernote because it’s too bloated. But sometimes you don’t like little editors like Typora either, because they lack some features you want.

After spending days and nights looking for the right note-taking app for myself, I thought hard about what I really wanted.

Continue reading Taking Markdown Notes with Visual Studio Code

A Journey into Time

This post is about how misconfigured time can affect the Linux operating system and lead to unexpected results. Also I’ll share some thoughts on how to get it right. In this specific example, the Linux distribution is CentOS 7.

Components Involved

  • RTC – real time clock. It is sometimes called hardware clock, can be set in BIOS setup screen or from the OS.
  • System clock – the software clock maintained by OS kernel.
  • chrony – successor to ntpd that keeps the system clock in sync.
  • memcached – software that keeps its own time.
Continue reading A Journey into Time

curl SSL connect error – NSS error -5961

I got this error when I wanted to clone a git repo over HTTPS:

# git clone https://git.my.org/projects/test.git
Initialized empty Git repository in /tmp/test/.git/
error:  while accessing https://git.my.org/projects/test.git/info/refs

If I access the server with curl there’s error too:

# curl -v --insecure https://git.my.org
* About to connect() to git.my.org port 443 (#0)
*   Trying 192.168.4.97... connected
* Connected to git.my.org (192.168.4.97) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* warning: ignoring value of ssl.verifyhost
* NSS error -5961
* Closing connection #0
* SSL connect error
curl: (35) SSL connect error

That was a CentOS 6 box and it had not been updated for quite some time. The curl version:

# curl --version
curl 7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.19.1 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2
Protocols: tftp ftp telnet dict ldap ldaps http file https ftps scp sftp
Features: GSS-Negotiate IDN IPv6 Largefile NTLM SSL libz

I fixed it by updating nss lib and curl:

# yum update -y nss curl libcurl

Note that both nss and curl need to be updated. After the update:

# curl --version
curl 7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.27.1 zlib/1.2.3 libidn/1.18 libssh2/1.4.2
Protocols: tftp ftp telnet dict ldap ldaps http file https ftps scp sftp
Features: GSS-Negotiate IDN IPv6 Largefile NTLM SSL libz