VI Basic Commands for UNIX in Nutshell

by

In this chapter, we will explore vi – the excellent Unix editor. There are many ways to edit text files in Unix; however, one of the best is using screen-oriented editors like vi who allow you to see context lines around a line that needs editing.

VIM, or Vi IMproved (commonly shortened to vim) is an improved version of the vi editor. It has rapidly grown in popularity because it can be used as both a command line and graphical interface text-editor with more features than standard vi that you might not find elsewhere like syntax highlighting and multitasking capabilities.

  • It’s usually available on all the flavors of Unix system.
  • Its implementations are very similar across the board.
  • It requires very few resources.
  • It is more user-friendly than other editors such as the ed or the ex.

VI Basic Commands for UNIX in Nutshell

Vi has 3 basic modes of operation: command (default), input, last line mode.

VI Editor Command mode

In command mode, you can run commands to search, copy, move, remove text.

VI Editor Input mode

In input mode, you can insert text into the file. Everything you type will be interpreted as text. many ways how to activate input mode (vi is case sensitive):

  • i – Inserts text before the cursor.
  • I – Inserts text at the beginning of the line.
  • o – Opens a new blank line below the cursor.
  • O – Opens a new blank line above the cursor.
  • a – Appends text after the cursor.
  • A – Appends text at the end of the line.

VI Editor Last line mode

To get into the last line mode type ‘:’ only from command mode. After type ‘:’ you will see a colon character appear at the beginning of the last line of your vi editor. It means vi is ready for type a “last line command”. To end vi type ‘q’ from last line mode.
You can return to command mode from input or last line mode pressing Esc.

Moving the Cursor

Key Cursor movement
w Forward one word.
b Back one word.
e To the end of the current word.
$ To the end of the line.
0(zero) To the beginning of the line.
^ To the first non-whitespace character on the line.
G Goes to the last line of the file.
IG Goes to the first line of the file.
Ctrl + F Pages forward one screen.
Ctrl + B Pages back one screen.
Ctrl + D Scrolls down one-half screen.
Ctrl + U Scrolls up one-half screen.
Ctrl + L Refreshes the screen.

Text-Deletion Commands

Command Function
R Overwrites or replaces characters on the line at and to the right of cursor. To terminate press Esc.
C Changes or overwrites characters from cursor to the end of the line.
s Substitutes a string for a character at the cursor.
x Deletes a character at the cursor.
dw Deletes a word or part of the word to the right of the cursor.
dd Deletes the line containing the cursor.
D Deletes the line from the cursor to the right end of the line.
:n, nd Deletes lines n-n. Example :2,80d deletes lines 2-80.

Text-Changing Commands

Command Function
cw Changes or overwrites characters at the cursor location to the end of that word.
r Replaces the character at the cursor with one other character.
J Join the current line and the line below.
xp Transposes the character at the cursor and the character to the right of the cursor.
~ Changes the case of the letter, either uppercase or lowercase, at the cursor.
u Undo the previous command.
. Repeats the previous command.

Text-Replacing Commands

Command Function
/string Searches forward for the string from the cursor.
?string Searches backward for the string.
n Searches for the next occurrence of the string. Use this command after searching for a string.
N Searches for the previous occurrence of the string. Use this command after searching for a string.
:%s/old/new/g Searches for the old string and replaces it iwth the new string globally.

Copy and Paste Commands

Command Function
yy Yanks a copy of the line
p Puts yanked or deleted text under the line containing the cursor.
P Put
:n,n co n Copies lines n-n and puts them after line n. Example: 1, 5 co 8 copies lines 1-5 and puts them after line 8.
:n,n m n Moves lines n-n to line n.
Example: 1,5 m 8 moves lines 1-5 to line 8.

File Save and Quit Commands

Command Function
:w Saves the file with changes by writing to the disk
:w new_file Writes the contents of the buffer to new_file.
wq Saves the changed file and quits editor vi.
😡 Saves the changed file and quits editor vi.
ZZ Saves the changed file and quits editor vi.
:q! Quits without saving changes.

Customizing vi Session

Command Function
:set nu Shows line numbers.
:set nonu Hides line numbers.
:set ic Instructs searches to ignore cases.
:set noic Instructs searches to be case-sensitive.
set list Display invisible characters.
:set showmode Display the current mode of operation.
:set noshowmode Turns off the mode of operation display.
:set Displays all the vi variables that are set.
:set all Display all vi variables and their values.

Customizing vi Session
To automatic customization for all vi sessions do the following steps:

  • Create a file in your home directory named ‘ . exrc’
  • Enter any of the set variables into the ‘ . exrc’ file.
  • Enter each ‘set variable’ command on one line.

Vi reads ‘exrc’ file every time before starting vi sessions.

Command Function
:set nu Shows line numbers.
:set nonu Hides line numbers.
:set ic Instructs searches to ignore case.
:set noic Instructs searches to be case-sensitive.
set list Display invisible characters.
:set showmode Display the current mode of operation.
:set noshowmode Turns off the mode of operation display.
:set Displays all the vi variables that are set.
:set all Display all vi variables and their values.

Bash How to Add to Array

by

Bash How to Add to Array

If you want to add a new item to the end of the array without specifying an index use:

~]$ my_array=()
~]$ my_array+=("Arch")
~]$ echo ${my_array[@]}
Arch

In our previous article Bash How to Print Array, we have already seen the array creation, accessing the array elements and getting the count of array.

The array is created and can be verified as follows:

$ declare -p my_array
declare -a my_array=([0]="Arch")

Now we add another element to the my_array:

my_array+=("Debian")
declare -p my_array
declare -a my_array=([0]="Arch" [1]="Debian")

Using declare to check the BASH variables

Now in order to find out the number of elements within our array, you can use “#” to get the index count, The indexed elements count are as follows for 2 element array:

echo ${#my_array[@]}
2

To add the elements to the end of the array you can use this technique demonstrated as follows:

As your array is sequential list, To insert the element to the last index, This is done by getting the total count of elements and adding that as the index:

my_array[${#my_array[@]}]="Fedora"

Now the 3rd element “Fedora” is inserted to the end of array

echo ${my_array[@]}
Arch Debian Fedora

as you already understood that “${#my_array[@]}” gets the length of the array.

Using this technique you can append arrays and also assign them to a new array as demonstrated in the following example:

new_array=(${my_array[@]} "Ubuntu")
echo ${new_array[@]}
Arch Debian Fedora Ubuntu

This is how the elements inside the new array are stored:

declare -p new_array
declare -a new_array=([0]="Arch" [1]="Debian" [2]="Fedora" [3]="Ubuntu")

What is Fork Bomb and How to Avoid It

by

What is Fork Bomb and How to Avoid It

The fork bomb is a recursive bash function. It is a DoS attack against linux operating system. Definition of fork bomb:

:(){ :|:& };:

What do all these symbols mean?

  • :() – defines function called “:”
  • :|: – recursive sends output to “:”
  • & – puts function to background
  • ; – terminate the function definition
  • : – at the end calls the function

Be careful this example may crush your computer. We can prevent against fork bomb limiting the number of processes for user (or group of users) in file /etc/security/limits.conf.

For example, we want to limit the number of process to 300:

likeIT hard nproc 30

“likeIT” is name of user. If you want to apply this limitation to the group, use “@groupName”.

There is an example of the whole configuration file:

Let’s explain some important keywords from /etc/security/limits.conf file:

[domain] [type] [item] [value]

The domain can be:

  • a user name
  • a group name – use @group syntax

Type can have these two values:

  • soft – for enforcing the soft limits
  • hard – for enforcing hard limits

Item can be:

  • core – limit the core file size (KB)
  • fsize – maximum filesize (KB)
  • cpu – max CPU time (MIN)
  • nproc – max number of processes

Apple: How to Work with Terminal in Mac

by

Apple: How to Work with Terminal in Mac

The iOS operating system is basically modified UNIX with beautiful graphics. This means that if you need something to set up or automate, you can use the command line the UNIX shell.

The shell is available on Apple iMac and MacBooks. On the iPhones and iPads, the command line is hidden.

How to start a MAC terminal?

Click the launchpad on the bottom bar, find the terminal icon and launch it.

First commands

This command displays the current work directory you are in.

pwd

Since the iOS is de facto unix, the entire file system complies with the File Hierarchy Standard (FHS) that specifies the tree directory. At the top of the tree there is a “/” symbol. Under “/” are individual directories and files in tree structure.

Use this command to list the contents of the directory in which you are currently:

ls -l

The first column shows the type (d = directory) and system rights (r = read, w = write, x = execute) in the triad in the following order: owner, group, all. The third column shows who the owner is. The column shows the group that owns the given file. The sixth column shows the time of the last modification and the seventh file name.

Use this command to change the current work directory (to /home):

cd /home

If you specify this command without parameters, the cd command is set to the current home directory that you specify in the $HOME variable.

Do you want to view the contents of any Mac shell variable? For example, $HOME? It is simple:

echo $HOME

How to use terminal: basic advice

Hint#1: Arrow up to view the last commands.

Hint#2: Using Ctrl A, you will get to the top of the line by pressing Ctrl E at the end of the line.

Hint#3: Hold down the left mouse button to select the text and then right-click on the menu to select “copy” or “paste” as needed.

Hint#4: Magic button “home”: command Ctrl C to interrupt the execution of the current command and get back to the command prompt. For example, you can try this by entering a yes command on the terminal, which causes the ypsilon to endlessly. You interrupt this infinite program with Ctrl C.

Most useful commands in terminal

Overview of hard disk usage
This command displays the current use of disks that are “assembled” to your computer:

df -aH

Option H means human-readable output. By selecting and specifying that we want to display all mounted drives.

Which folder does the disk space take?
Use the cd command to set up the folder you want to see how much it takes. You can check the entire file system using the cd /. Using this command, you will be able to print out in a comprehensible manner how much you deal with:

du -sh /* 2>/dev/null

The beaked twin determines that we do not want to see any error messages.

What does MAC do now? Which processes are most active?

This command displays the most active processes.

top

Each process also has a PID (Process ID), according to which the process can be uniquely identified and, for example, shut down. Use the q button to finish the top.

How to find and destroy a particular process by name?

This command looks for the command bash – the command line you are running:

ps aux | grep bash | grep -v grep

The second column indicates the PID. In my case, it is 2335. Use this command to exit the program. beware, the terminal will disappear! Muhaha 😀

kill 2335

What is currently happening in the system? What bothers MAC?
With this command, you are constantly monitoring what the system says:

tail -f /var/log/system.log

To quit tail command, use Ctrl C

Where do I Find Bash

by

Where do I Find Bash

You can find bash as an executable program located in standard binary directories of your operating system.

If you are using an operating system which does not contain bash pre-installed (FreeBSD, Windows), you can download and build source code from gnu.org. Windows users can use Cygwin.

Bash supports two distinct operation modes: interactive and non-interactive mode. In interactive mode, the bash waits for you for entering commands. In non-interactive mode, the bash executes commands from the script file without waiting for the user’s commands.

Assuming you have bash installed, you can run bash from the terminal. Most terminals are pre-configured to start the shell program. To find out where is your bash located enter the following command:

echo $SHELL

Output: /bin/bash

Another way how to get path to bash:

echo $BASH

Output: /bin/bash

If you are not sure if you are using bash, enter:

echo $0

Output: -bash

$0 prints the program name, in our case it is actually running shell.

Linux: File System Hierarchy

by

Linux: File System Hierarchy

In this tutorial is described Filesystem Hierarchy Standard (FHS), which specifies required directories. The root directory is “/” and it should contain only the subdirectories.

/bin

  • Contains binaries which can be executed from the command line (ls, grep, mkdir…)
  • Programs that can be used by users (system, admin, normal users)
  • It can be in single-user mode

/boot

  • Contains everything required for the boot process
  • Kernel
  • Grant Unified Boot-loader
  • LILO (LInux LOader)

/sbin

  • Binaries
  • Program used by system and admin
  • Normal users can use programs in /bin if they are allowed
  • Usually, normal users do not have this directory in $PATH variable

/dev

  • Files of all devices
  • Created during installation operating system.
  • Create new devices: /dev/MAKEDEV
File Description
Sda First SCSI drive on the SCSI/SATA bus
md0 First group of meta discs (RAID)
ttyS0 First serial port
lp0 First parallel printer
null bin for bits
random Deterministic random bits
urandom Non-deterministic random bits

/etc

File Description
passwd Users information
fstab Partition and storage mounting information
rc or rc.d or rcX.d Run commands – commands that runs when OS starts

/home

  • The home directory for users
  • All data and system settings of users
  • Can be divided into groups (school, office, financial)

/root

  • Home directory for user root
  • Normal users don’t have permissions.

/lib

  • Libraries for programs
  • /lib/modules: kernel modules, network controls, file system control

/tmp

  • Temporary files
  • Used by running programs

/mnt

  • Mounting temporary file systems
  • File systems from /etc/fstab are mounted during start OS
  • Network file systems
  • /media: DVD, USB

/usr

  • Programs, libraries installed from OS distribution
  • Accessible for everyone
  • /usr/
Directory Description
local Software installed by admin on local device
X11R6 Files of Windows OS
bin Almost all commands for users
sbin Usually server’s programs
include Header files for C language
lib Stable libraries
  • /usr/share/
Directory Description
X11 Files of Windows OS
dict Glossary
man Manual pages
doc Documentation
info Information files
src source files

/var
Contains files that are changed when OS is running.

Subdirectory Description
log Logging files
run Run-time variable data
spool Program using queue (mails, printers)
mail Mailbox
local variable data from /usr/local
lib Holds dynamic data libraries/files
lock Lock files. Indicates that resource (database, file) is in use and should not be accessed by another process.

/opt
Third-party software

/proc

  • Created by OS kernel
  • Information about system
  • Stored only in RAM
  • Does not use any disc space
  • Every process has a subdirectory (by PID)
Subdirectory Description
/PID/status Stats about process
/PID/cmdline How was the process started and what input arguments
/PID/maps Region of contiguous virtual memory in a process or thread
/PID/environ Environment of process
  • Interesting files
File Description
cpuinfo Information about CPU
meminfo Usage of memory
version Kernel version
cmdline Kernel’s parameters from the boot loader
devices List of drivers for the kernel
interrupts Which interrupts are used and how many times
ioports list of currently registered port regions used for input or output communication.
dma ISA Direct Memory Access channel
kcore Image of physical system memory
cmdline Kernel’s parameters from the boot loader
cmdline Kernel’s parameters from the boot loader

/lost+found

  • Recovered or damaged data after a crash.
  • Each partition has its own /last+found directory.

How To Restart Jenkins Safely

by

Jenkins provides the Frontend User interface and the API to access the jenkins servers and API calls also can be sent from the URL

Process to restart jenkins server safely

Here is our jenkins server hosted on our url: http://jenkins.linuxcent.com:8080

And the API request to restart Jenkins safely is to run http://YourJenkins-url-or-ip/safeRestart
http://jenkins.linuxcent.com:8080/safeRestart
See the below screenshot for more information.

This option is reliable as the restart operation will wait for the currently running jobs to complete and then proceed with restart

Safe Restart jenkins from UI API

Force restart option in jenkins

http://jenkins.linuxcent.com:8080/restart
This option will restart the Jenkins forcefully and the currently running jobs will be subjected for force termination.
Forcefully Restart jenkins from UI API

Restart jenkins server from commandline

Through the command you can initiate the restart command, but this will be a forceful restart of Jenkins server.

It will be stopping and starting the jenkins server from commandline, although you can run the stop and then start with same results.

[vamshi@jenkins jenkins]$ sudo systemctl restart jenkins

On older systemv servers you can also initiate the restart using service command

[vamshi@jenkins jenkins]$ sudo service jenkins restart

How do you restart Jenkins?

Go to the Jenkins installation, open the cmd and run:

  • To stop: jenkins.exe stop.
  • To start: jenkins.exe start.
  • To restart: jenkins.exe restart.

Is the command used to restart Jenkins manually?

To restart Jenkins manually, you can use either of the following commands (by entering their URL in a browser). jenkins_url/safeRestart – Allows all running jobs to complete. … jenkins_url/restart – Forces a restart without waiting for builds to complete.

What is the command to restart Jenkins service on Windows?

  • To stop: jenkins.exe stop.
  • To start: jenkins.exe start.
  • To restart: jenkins.exe restart.

How long does it take to restart Jenkins?

I also restarted the Jenkins service and it worked. It did take 3-4 minutes after I restarted the service for the page to load up, though. So make sure you’re patient before moving on to something else.

How do I restart Jenkins in Kubernetes?

Just kubectl delete pods -l run=jenkins-ci – Will delete all pods with this label (your jenkins containers). Since they are under Deployment, it will re-create the containers. Network routing will be adjusted automatically (again because of the label selector).

How do I set Jenkins to restart itself?

Jenkins -> Manage Jenkins -> Manage Plugins -> Search for Safe Restart -> Install it. Then Restart Safely appear on the Dashboard.

How do I start Jenkins on port 8080?

  • Go to the directory where you installed Jenkins (by default, it’s under Program Files/Jenkins)
  • Open the Jenkins.xml configuration file.
  • Search –httpPort=8080 and replace the 8080 with the new port number that you wish.
  • Restart Jenkins for changes to take effect.

How do I start Jenkins on Mac?

Terminal and Start / Stop daemon
Start Jenkins: sudo launchctl load /Library/LaunchDaemons/org.jenkins-ci.plist.
Stop Jenkins: sudo launchctl unload /Library/LaunchDaemons/org.jenkins-ci.plist.

How do I run Jenkins job daily?

The steps for schedule jobs in Jenkins:

  • click on “Configure” of the job requirement.
  • scroll down to “Build Triggers” – subtitle.
  • Click on the checkBox of Build periodically.

How do I open Jenkins?

To start Jenkins from command line

  1. Open command prompt.
  2. Go to the directory where your war file is placed and run the following command: java -jar jenkins.war.

How to get the docker container ip ?

by

The metadata information from the docker containers can be extracted using the docker inspect command.
We see the demonstration as follows:

The docker engine api is based around the golang templates and the commands use extensive formatting around the json function definitions.

[vamshi@node01 ~]$ docker inspect <container-name | container-id> -f '{{ .NetworkSettings.IPAddress }}'
172.17.0.2
[vamshi@node01 ~]$ docker inspect my-container --format='{{ .NetworkSettings.IPAddress }}'
172.17.0.2

RBACs in kubernetes

by

The kubernetes provides a Role based Access controls as a immediate mechanism as a security measure.

The roles are the grouping of PolicyRules and the capabilities and limitations within a namespace.
The Identities (or) Subjects are the users/ServiceAccounts which are assigned Roles which constitute a RBACs.
This process is acheived by referencing a role from RoleBinding to create RBACs.

In kubernetes there is Role and RoleBindings and the ClusterRole and ClusterRoleBinding.

There is no concept of a deny permission in the RBACs.

The Role and the Subject combined together defines a RoleBinding.

Now lets look at each of the terms in detail.

Subjects:

  • user
  • group
  • serviceAccount

Resources:

  • configmaps
  • pods
  • services

Verbs:

  • create
  • delete
  • get
  • list
  • patch
  • proxy
  • update
  • watch

You Create a kind:Role with a name and then binding with roleRef it to Subject by creating a kind: RoleBinding

[vamshi@master01 k8s]$ kubectl describe serviceaccounts builduser01 
Name:                builduser01
Namespace:           default
Labels:              
Annotations:         
Image pull secrets:  
Mountable secrets:   builduser01-token-rmjsd
Tokens:              builduser01-token-rmjsd
Events:

The role builduser-role has the permissions to all the resources to create, delete, get, list, patch, update and watch.

[vamshi@master01 k8s]$ kubectl describe role builduser-role
Name: builduser-role
Labels:
Annotations: kubectl.kubernetes.io/last-applied-configuration:
{"apiVersion":"rbac.authorization.k8s.io/v1","kind":"Role","metadata":{"annotations":{},"name":"builduser-role","namespace":"default"},"ru...
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
* [] [] [create delete get list patch update watch]

Using this you can limit the user access to your cluster

View the current clusterbindings on your kubernetes custer

[vamshi@master01 :~] kubectl get clusterrolebinding
NAME                                                   AGE
cluster-admin                                          2d2h
kubeadm:kubelet-bootstrap                              2d2h
kubeadm:node-autoapprove-bootstrap                     2d2h
kubeadm:node-autoapprove-certificate-rotation          2d2h
kubeadm:node-proxier                                   2d2h
minikube-rbac                                          2d2h
storage-provisioner                                    2d2h
system:basic-user                                      2d2h

The clusterrole describes the Resources and the verbs that are accessible the user.

[vamshi@linux-r5z3:~] kubectl describe clusterrole cluster-admin
Name:         cluster-admin
Labels:       kubernetes.io/bootstrapping=rbac-defaults
Annotations:  rbac.authorization.kubernetes.io/autoupdate: true
PolicyRule:
  Resources  Non-Resource URLs  Resource Names  Verbs
  ---------  -----------------  --------------  -----
  *.*        []                 []              [*]
             [*]                []              [*]

Listing the roles on Kubernetes:

[vamshi@master01 :~] kubectl get roles --all-namespaces
NAMESPACE     NAME                                             AGE
kube-public   kubeadm:bootstrap-signer-clusterinfo             2d2h
kube-public   system:controller:bootstrap-signer               2d2h
kube-system   extension-apiserver-authentication-reader        2d2h
kube-system   kube-proxy                                       2d2h
kube-system   kubeadm:kubelet-config-1.15                      2d2h
kube-system   kubeadm:nodes-kubeadm-config                     2d2h
kube-system   system::leader-locking-kube-controller-manager   2d2h
kube-system   system::leader-locking-kube-scheduler            2d2h
kube-system   system:controller:bootstrap-signer               2d2h
kube-system   system:controller:cloud-provider                 2d2h
kube-system   system:controller:token-cleaner                  2d2h

We can further examine the rolebindings on the for the name: system::leader-locking-kube-scheduler which is being associated with the service account kube-scheduler.

[vamshi@master01 :~]  kubectl describe rolebindings system::leader-locking-kube-scheduler -n kube-system
Name:         system::leader-locking-kube-scheduler
Labels:       kubernetes.io/bootstrapping=rbac-defaults
Annotations:  rbac.authorization.kubernetes.io/autoupdate: true
Role:
  Kind:  Role
  Name:  system::leader-locking-kube-scheduler
Subjects:
  Kind            Name                   Namespace
  ----            ----                   ---------
  User            system:kube-scheduler  
  ServiceAccount  kube-scheduler         kube-system

There is a category of the api groups which contains the following api tags:

apiextensions.k8s.io, apps, autoscaling, batch, Binding, certificates.k8s.io, events.k8s.io, extensions, networking.k8s.io, PodTemplate, policy, scheduling.k8s.io, Secret, storage.k8s.io

The complete roles available in Kubernetes are as follows:

APIService, CertificateSigningRequest, ClusterRole, ClusterRoleBinding, ComponentStatus, ConfigMap, ControllerRevision, CronJob, CSIDriver, CSINode, CustomResourceDefinition, DaemonSet, Deployment, Endpoints, Event, HorizontalPodAutoscaler, Ingress, Job, Lease, LimitRange, LocalSubjectAccessReview, MutatingWebhookConfiguration, Namespace, NetworkPolicy, Node, PersistentVolume, PersistentVolumeClaim, Pod, PodDisruptionBudget, PodSecurityPolicy, PriorityClass, ReplicaSet, ReplicationController, ResourceQuota, Role, RoleBinding, RuntimeClass, SelfSubjectAccessReview, SelfSubjectRulesReview, Service, ServiceAccount, StatefulSet, StorageClass, SubjectAccessReview, TokenReview, ValidatingWebhookConfiguration and VolumeAttachment

Generate SSL certificates using openssl

by

Generate SSL certificates using openssl with a Certificate Signing Request

The file ca.key and ca.crt are the Certificate Authority

We will be generating the .key and .csr (Certificate Signing Request) files from the below command.

[root@node01 ssl]# openssl req -new -sha256 -newkey rsa:2048 -nodes -keyout linuxcent.com.key -days 365 -out linuxcent.com.csr -sha256 -subj "/C=IN/ST=TG/L=My Location/O=Company Ltd./OU=IT/CN=linuxcent.com/subjectAltName=DNS.1=linuxcent.com"

The resultant files are a PEM certificate request .csr and a Private .key file. Now that we have successfully generated the .csr, we approach a Certificate Authority, Upload our CSR, and purchase the signer certificates along with Intermediate Chain keys for a given Number of days, typically done for 365 Days.

The -days flag is optional, and can be skipped as we are only generating a Signing Request.

Here we can use the openssl command to verify the .csr file that is generated as shown below:

[root@node01 ssl]# openssl req -in linuxcent.com.csr -noout -text
Certificate Request:
Data:
Version: 0 (0x0)
Subject: C=IN, ST=TG, L=MY Location, O=Company Ltd., OU=IT, CN=linuxcent.com/subjectAltName=DNS.1=linuxcent.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:00:e4:b4:24:d7:22:ec:5d:c1:37:8c:d1:a0:62:17:
96:24:77:8d:75:4e:d5:74:15:4d:61:e0:8b:66:d6:
                Exponent: 65537 (0x10001)
        Attributes:
            a0:00
    Signature Algorithm: sha256WithRSAEncryption
         87:ef:83:b2:a6:f5:3a:f3:6f:1c:e4:02:ec:bf:5d:75:64:1d:

- OUTPUT TRUNCATED --

In the next section we shall see How the .csr can be signed by a CA to generate a .crt PEM certificate

Signing a .csr with a Certificate Authority [Demo Purpose] – Sample CA files

Here is the process of Generating a Selfsigned certificate(Not to be used on public facing sites)

Now we will using the root ca.key and ca.crt to digitally sign this .csr and generate a .crt PEM certificate

x509 is a Certificate Data Management and Certificate Signing Utility

This generally takes the private key as input, and signs the certificate requests and Converting the certificate to various formats

[root@node01 ssl]# openssl x509 -req -in linuxcent.com.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out linuxcent.com.crt -days 365 -sha256

-subj "/C=IN/ST=TG/L=My Location/O=Company Ltd./OU=IT/CN=linuxcent.com/subjectAltName=DNS.1=linuxcent.com"

We have generated the .crt file from the .csr

[root@node01 ssl]# ls linuxcent.com.crt linuxcent.com.key 
linuxcent.com.crt linuxcent.com.key

We have successfully generated the linuxcent.com.key file and linuxcent.com.crt, and digitally self signed with the root CA key and certificates.

Generating Self Signed SSL certificates using openssl x509

The x509 is the certificate signing utility we will be using here.\ to generate a PEM certificate

Below is the complete command to generate the ssl self signed certificate.

openssl req -x509 -days 365 -sha1 -newkey rsa:2048 -nodes -keyout linuxcent.com.key -out linuxcent.com.crt -sha256 -subj "/C=IN/ST=State/L=My Location/O=Company Ltd./OU=IT/CN=linuxcent.com/subjectAltName=DNS.1=linuxcent.com"

The Days parameter can be specified to any number of days depending on your requirement

The Self signed certificates are mostly commonly used within the internal network or among small group of familiar individuals like an office for specific purposes and not advised to be used out in the public domain as the browser does not identify the certificate authenticity or the ingenuity of the concerned website. The Self-signed certificates are not validated with any third party until and unless you import them to the browsers previously.

Generating a Wildcard certificate Request.

[root@node01 ssl]# openssl req -new -sha256 -newkey rsa:2048 -nodes -keyout linuxcent.com.key -out linuxcent.com.csr -sha256 -subj "/C=IN/ST=TG/L=My Location/O=Company Ltd./OU=IT/CN=linuxcent.com/subjectAltName=DNS.1=*.linuxcent.com, linuxcent.com"

Mentioning the Alternate Domain as *.linuxcent.com will create a wildcard .CSR

The SANs often seen in shortform to SubjectAltName allows us to secure multiple subdomains using a SSL certificate

The CA signing process of the wildcard is identical and obviously costs more.

Puppet: Error: Could not parse for environment : Illegal class reference

by

The following errors appear due to missing of certain modules.

Error: Could not parse for environment production: Illegal class reference

To resolve this error you need to install the relevant puppet module from the module-repository.

For example :

Error: 'module' has no 'info' action.  See `puppet help module`.

[vamshi@node01 manifests]$ puppet module install puppetlabs-stdlib

Notice: Preparing to install into /home/vamshi/.puppetlabs/etc/code/modules ...

Notice: Created target directory /home/vamshi/.puppetlabs/etc/code/modules

Notice: Downloading from https://forgeapi.puppet.com ...

Notice: Installing -- do not interrupt ...

/home/vamshi/.puppetlabs/etc/code/modules

└── puppetlabs-stdlib (v6.3.0)