While I tend to appreciate debian GNU/Linux, its tendency to be quite late on software versionning is sometimes annoying. Also, as a pkgsrc developer, I am used to have greater control over the packages I install, for example regarding the options I’d like to include.
For these reasons and a couple more, I sometimes choose to use pkgsrc along with apt to deal with particular packages. In this article, I’ll show how to achieve that task.
Blogroll
For a mysterious reason, EC2 VPN connection informations are stored in XML within the JSON data retrieved by either boto or the awscli command line tool.
Here’s a quick python snippet to convert those datas in a convenient, easily parsable dict:
Combining this piece of code with jinja2 could help you generate racoon (or whatever IPSec software you use) on the fly.
Update
here’s a complete example of an automatic generation for racoon / ipsec configuration files using the previous snippet, along with jinja2.
Yes, I know I write a lot about AWS these days, but you know, obsession is my thing.
So as I wrote earlier, I generate my CloudFormation templates using troposphere, and the one thing I had to finish today was to register a latency based Alias record on Route53 for an ELB. While Route53 GUI is fairly easy to use, I’ve been stuck on its programmatic emanation for quite a while, so here’s a troposphere definition of such a CloudFormation object:
So you’re using AWS CloudFormation in order to bring up complex infrastructures; haven’t you already told yourself that instead of writing down all those JSON lines by hand, you could bring more fun to your architect life? I did, and I found a way to programmatically design a whole architecture using troposphere and boto3. Simply put, troposphere gives you bindings in order to generate CloudFormation’s JSON template, but hey, it’s python, meaning that you can create loops, use conditions and even dynamically build objects.
AWS is an amazing piece of cloud, but the documentation is not always clear. I’ve been scratching my head trying to understand how Reserved Instances pricing was applied to actual instances. First I was searching for a “Launch a Reserved Instance” button, or even “Associate this Reserved Instance”, but no, nothing. I found the official documentation to be quite evasive so I took my chance on the ##aws IRC channel on irc.
Long time no see huh? ;)
I’m diving into Amazon Web Services for some months now, and I must say I’m pretty impressed by the overall quality. Compared to the other “clouds” I’ve played with, it’s the most mature and comprehensive by far.
While writing a couple of tools to make my life easier, there’s one piece that took me longer: filtering the output of the aws ec2 describe-instances command. The output is in JSON, which is quite nice you might say, and it is, but when it comes to interact with JSON in the command line, things can get a little messy.
Proceeding with my Christmas presents, I have refactored my ${HOME} lab. One of the goals was to migrate my public gateway to a diskless Soekris Net6501 my beloved wife offered me :)
The overall PXE/NFS process is explained a billion times over the Internet, only particular point here is that I used dnsmasq instead of ISC DHCP.
Nevertheless I came across an issue that took me way too long to understand; while the boot process seemed perfectly fine, at some point, after Setting up ttys, init hung and the kernel showed the following message:
Snoopy is a pretty cool piece of software that can log every exec(3) call to syslog. When it comes to security, that feature can be really handy.
Yesterday (Dec. 5), I commited security/snoopy to pkgsrc. The package comes with GNU/Linux related scripts in order to modify /etc/ld.so.preload so libsnoopy is loaded before libc and achieve its role. NetBSD doesn’t have a ld.so.preload file, instead, we use a flexible /etc/ld.so.conf configuration file which has the following syntax:
Dynamic module loading via modload has a couple of issues with a NetBSD domU kernel, so it is not possible to modload iscsi.kmod.
In order to enable in-kernel iSCSI support, you’ll have to add the following lines to your kernel configuration and rebuild it:
dmesg should show this line:
You’ll then be able to start iscsid and manage your targets using iscsictl.
My “mediacenter”, a small x86 machine plugged to the living-room TV was a diskless (PXE/NFS root) Debian Wheezy until the past week end. After having tried Linux Mint on a laptop of mine and being impressed by its integration quality, I decided to migrate my mediacenter to LMDE.
I did not reinstalled the system, mainly because Mint does not support debootstrap, instead I followed a couple of HOWTOs I found on their forums: this one and this one.