Blogroll

Using pkgsrc on debian GNU/Linux

While I tend to appreciate debian GNU/Linux, its tendency to be quite late on software versionning is sometimes annoying. Also, as a pkgsrc developer, I am used to have greater control over the packages I install, for example regarding the options I'd like to include. For these reasons and a couple more, I sometimes choose to use pkgsrc along with apt to deal with particular packages. In this article, I'll show how to achieve that task.

EC2 VPN connection informations (updated)

For a mysterious reason, EC2 VPN connection informations are stored in XML within the JSON data retrieved by either boto or the awscli command line tool. Here's a quick python snippet to convert those datas in a convenient, easily parsable dict: Combining this piece of code with jinja2 could help you generate racoon (or whatever IPSec software you use) on the fly. Update here‘s a complete example of an automatic generation for racoon / ipsec configuration files using the previous snippet, along with jinja2.

Latency based Alias DNS record in Route53

Yes, I know I write a lot about AWS these days, but you know, obsession is my thing. So as I wrote earlier, I generate my CloudFormation templates using troposphere, and the one thing I had to finish today was to register a latency based Alias record on Route53 for an ELB. While Route53 GUI is fairly easy to use, I've been stuck on its programmatic emanation for quite a while, so here's a troposphere definition of such a CloudFormation object:

Rock your CloudFormation with troposphere and boto

So you're using AWS CloudFormation in order to bring up complex infrastructures; haven't you already told yourself that instead of writing down all those JSON lines by hand, you could bring more fun to your architect life? I did, and I found a way to programmatically design a whole architecture using troposphere and boto3. Simply put, troposphere gives you bindings in order to generate CloudFormation‘s JSON template, but hey, it's python, meaning that you can create loops, use conditions and even dynamically build objects.

Reserved Instances mystery solved

AWS is an amazing piece of cloud, but the documentation is not always clear. I've been scratching my head trying to understand how Reserved Instances pricing was applied to actual instances. First I was searching for a “Launch a Reserved Instance” button, or even “Associate this Reserved Instance”, but no, nothing. I found the official documentation to be quite evasive so I took my chance on the ##aws IRC channel on irc.

aws cli and jq filtering

Long time no see huh? ;) I'm diving into Amazon Web Services for some months now, and I must say I'm pretty impressed by the overall quality. Compared to the other “clouds” I've played with, it's the most mature and comprehensive by far. While writing a couple of tools to make my life easier, there's one piece that took me longer: filtering the output of the aws ec2 describe-instances command. The output is in JSON, which is quite nice you might say, and it is, but when it comes to interact with JSON in the command line, things can get a little messy.

nfs send error 65

Proceeding with my Christmas presents, I have refactored my ${HOME} lab. One of the goals was to migrate my public gateway to a diskless Soekris Net6501 my beloved wife offered me :) The overall PXE/NFS process is explained a billion times over the Internet, only particular point here is that I used dnsmasq instead of ISC DHCP. Nevertheless I came across an issue that took me way too long to understand; while the boot process seemed perfectly fine, at some point, after Setting up ttys, init hung and the kernel showed the following message:

Running snoopy on NetBSD

Snoopy is a pretty cool piece of software that can log every exec(3) call to syslog. When it comes to security, that feature can be really handy. Yesterday (Dec. 5), I commited security/snoopy to pkgsrc. The package comes with GNU/Linux related scripts in order to modify /etc/ld.so.preload so libsnoopy is loaded before libc and achieve its role. NetBSD doesn't have a ld.so.preload file, instead, we use a flexible /etc/ld.so.conf configuration file which has the following syntax:

Enable iSCSI support in NetBSD domU

Dynamic module loading via modload has a couple of issues with a NetBSD domU kernel, so it is not possible to modload iscsi.kmod. In order to enable in-kernel iSCSI support, you'll have to add the following lines to your kernel configuration and rebuild it: dmesg should show this line: You'll then be able to start iscsid and manage your targets using iscsictl.

Migrating Debian Wheezy to LMDE

My “mediacenter”, a small x86 machine plugged to the living-room TV was a diskless (PXE/NFS root) Debian Wheezy until the past week end. After having tried Linux Mint on a laptop of mine and being impressed by its integration quality, I decided to migrate my mediacenter to LMDE. I did not reinstalled the system, mainly because Mint does not support debootstrap, instead I followed a couple of HOWTOs I found on their forums: this one and this one.