Thin Light – Passion for the web

Taking Markdown Notes with Visual Studio Code

There are numerous note-taking solutions on the web, and never-ending discussions comparing the pros/cons of them. One easily gets lost when searching for an ideal solution for themselves. You hate Evernote because it’s too bloated. But sometimes you don’t like little editors like Typora either, because they lack some features you want.

After spending days and nights looking for the right note-taking app for myself, I thought hard about what I really wanted.

A Journey into Time

This post is about how misconfigured time can affect the Linux operating system and lead to unexpected results. Also I’ll share some thoughts on how to get it right. In this specific example, the Linux distribution is CentOS 7.

Components Involved

RTC – real time clock. It is sometimes called hardware clock, can be set in BIOS setup screen or from the OS.
System clock – the software clock maintained by OS kernel.
chrony – successor to ntpd that keeps the system clock in sync.
memcached – software that keeps its own time.

curl SSL connect error – NSS error -5961

I got this error when I wanted to clone a git repo over HTTPS:

# git clone https://git.my.org/projects/test.git
Initialized empty Git repository in /tmp/test/.git/
error:  while accessing https://git.my.org/projects/test.git/info/refs

If I access the server with curl there’s error too:

# curl -v --insecure https://git.my.org
* About to connect() to git.my.org port 443 (#0)
*   Trying 192.168.4.97... connected
* Connected to git.my.org (192.168.4.97) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* warning: ignoring value of ssl.verifyhost
* NSS error -5961
* Closing connection #0
* SSL connect error
curl: (35) SSL connect error

That was a CentOS 6 box and it had not been updated for quite some time. The curl version:

# curl --version
curl 7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.19.1 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2
Protocols: tftp ftp telnet dict ldap ldaps http file https ftps scp sftp
Features: GSS-Negotiate IDN IPv6 Largefile NTLM SSL libz

I fixed it by updating nss lib and curl:

# yum update -y nss curl libcurl

Note that both nss and curl need to be updated. After the update:

# curl --version
curl 7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.27.1 zlib/1.2.3 libidn/1.18 libssh2/1.4.2
Protocols: tftp ftp telnet dict ldap ldaps http file https ftps scp sftp
Features: GSS-Negotiate IDN IPv6 Largefile NTLM SSL libz

Foreman and Puppet 5 – the Hard Way

As of this writing Puppet 5 isn’t supported by Foreman’s latest version (1.15.2) yet. I saw some discussions or tickets in the community about Puppet 5 but I can’t wait for a new release. I want to integrate Foreman with a separately installed Puppet 5 for several reasons:

Continue reading Foreman and Puppet 5 – the Hard Way

Postfix – Replace Sender Address and Add Reply-to Header

We have a network in which a bunch of servers send out lots of notification emails and all these emails are relayed to the outside world through a single Postifx server (by setting relayhost variable in main.cf on the servers). Sometimes developers don’t pay enough attention and address the emails as from some domain that is not of our network, and such emails tend to be classified as spam by the receivers’ email provider.

Continue reading Postfix – Replace Sender Address and Add Reply-to Header

Getting Started with Cobbler

I’m not a full-time system administrator and my knowledge is really limited in this domain, especially when it comes close to hardware. But I need to re-install several servers in a data center without physically accessing them. They’re using CentOS 6 now, and I want clean installs of CentOS 7.

I started looking into Cobbler. To avoid making the physical servers inaccessible through network, I played a while with Cobbler in some VirtualBox VMs in my MacBook and here are some notes.

Continue reading Getting Started with Cobbler