Enabling and Disabling Trim for 3rd Party SSDs in OSX

A few years ago I purchased a 2012 Mac mini that came with the super slow 5400 RPM 1TB disk. The cost of purchasing the system with an SSD was what I considered to be outrageous so I opted to install a 3rd party SSD (Samsung EVO drive) with great success using Carbon Copy Cloner. What I soon realizes is that OSX does not support trim for 3rd party SSDs by default.

What is Trim? Trim is the process by which the OS performs garbage collection of space that is no longer in use on the SSD to keep space available and the drive performant. There is a way within OSX to enable trim for 3rd party SSDs, however before enabling it be advised that it will enable it for all drives attached and taking a backup or using time machine would be a reasonable step just in case something goes sideways. Also worth noting is that enabling or disabling trim will require a reboot.

To enable trim on 3rd party SSDs in 10.11 and newer run the following command in terminal:

sudo trimforce enable

If you no longer want to have trim enabled you can simply run this command to disable it:

sudo trimforce disable

Adding Puppet Forge Modules as Git Submodules

Locate Module on the Forge

Locate the module in question on the forge. The next step is to identify any other unmet dependancies for the forge module and make note of them as well. For example the Chocolatey forge module requires windows_env and powershell as dependancies. Typically googling for the module author, module name, and the word Puppet will turn up the appropriate github result.

 

Add The Submodule

Adding the submodule is done via the CLI on your local instance.

Generally speaking the path within the Puppet will be modules/<module name>

 

The below example is for Chocolatey:

 

 

Init and Update The Submodule

Once you have added the git submodule you will need to initialize and update it using the following commands:

 

Commit to Origin

The next step in the process is to commit the changes to our Github instance. Depending on the preferred workflow of the team this can either be done as a Pull Request or committed straight into prod.

 

Pulling to Puppet Master

Pull production to the production environment. This will not initialize or update the module, this will simply update the git module. The steps below will initialize and update the submodule within the production master.

Working With Certificates and OpenSSL

In 2018 SSL is a fact of life everywhere. Below are a couple of common useful tips:

 

Generating a CSR and key from a bash script:

 

#!/bin/bash
#Written By rich.staats@metaltoad.com
#Last Modified April 20, 2016
#Auto-Generate CSR and Key file for SHA-256 SSL Certs

#Required Site Info
sitename=$1
commonname=$sitename

#Check for Site Name, If missing error output will be displayed
if [ -z "$sitename" ]
then
	echo "Error! No site name provided, please provide a sitename after typing newcert.sh. ex: newcert.sh mysite.com"
	exit 99
fi

#Generate CSR and Key
openssl req -new -newkey rsa:2048 -nodes -sha256 -keyout ~/$sitename.key -out ~/$sitename.csr

#Show CSR to copy and Paste
echo "Your request completed successfully, copy the CSR below and use a certificate provider to generate an SSL certificate from this CSR"
cat ~/$sitename.csr

Comparing a newly issues crt to its keyfile to ensure they match:

openssl x509 -noout -modulus -in mydomain.com.crt | openssl md5
openssl rsa -noout -modulus -in mydomain.com.key | openssl md5

The output from these should be a matching MD5 string, if the values do not match you have a cert/key mismatch.

Converting crt and key to pfx:

openssl pkcs12 -export -out mydomain.com.pfx -inkey mydomain.com.key -in mydomain.com.crt