Freedom IT Limited

RedHat

  • Installing Extra CA Certificates

    For Redhat / CentOS / Oracle Linux
    Install the certificate in your enviroment using the update-ca-trust command
     
    For Example, Let's Encrypt Certificate(s) trust chain:
     
    1. Download Active PEM certificate from: https://letsencrypt.org/certificates/ and put it in /etc/pki/ca-trust/source/anchors
      Run: # update-ca-trust
    2. Also, you might need to run: # update-ca-trust enable to enable the dynamic generation of the ca-bundle file. By default, it's a static file from the RPM installed.
    3. (man update-ca-trust is your friend!)

  • RHEL/CentOS 7.3+ Bond & Bridge Networking

    To create a bridge over bonded network interfaces in RHEL/CentOS 7.3 and above use the following nmcli commands:
     
     
    # nmcli c add type bridge ifname bridge0 con-name bridge-bridge0
    # nmcli c add type bond ifname bond0 con-name bridge-slave-bond0 master bridge-bridge0 type bond_type
    # nmcli c add type ethernet ifname interface1 con-name bond-slave-interface1 master bond0
    # nmcli c add type ethernet ifname interface2 con-name bond-slave-interface2 master bond0
     
    Notes:
    1. Make sure you use the correct/appropriate bond_type (see this page for details regarding bonding and KVM hosts and guests network connectivity: https://access.redhat.com/solutions/67546)
    2. Bonding apparently works (better?) than Teaming on a KVM host.
    3. Original set of instructions found at the bottom of 'Bug 1183420' on RedHat Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1183420

  • Update/Reset UniFi Admin Password Manually

    Ubiquiti's stringent password requirements, when running the first-time-wizard, can be a pain on their UniFI controller. When installing the controller for the first time, satisfy the requirements when the wizard asks you to, knowing that you can run the following cmds to get the password back to something you actually want :-)
     
    Linux-based Ubiquiti Unifi Wireless Controller
     
    ♦ To create a salted, hashed password, do one of the following
     
    • For Ubuntu/Debian based distros, use the mkpasswd utility ('whois' pkg on Debian/Ubuntu): 
      mkpasswd -m sha-512
    • For RHEL/CentOS/Fedora/ based distros, use python: 
      python -c 'import crypt,getpass;pw=getpass.getpass(); print(crypt.crypt(pw), crypt.mksalt(crypt.METHOD_SHA512) if (pw==getpass.getpass("Confirm: ")) else exit())'
     
    ♦ To show the list of admins/users:
    mongo --port 27117 ace --eval "db.admin.find().forEach(printjson);"
     
     
    ♦ To update the password in the mongodb database for UniFI (replacing [USERNAME] with the appropriate username and [HASHED_PASSWORD] with the result from the password generation utility).:
    mongo --port 27117 ace --eval 'db.admin.update( { "name" : "[USERNAME]"}, { $set : { "x_shadow" : "[HASHED_PASSWORD]" } } )'