Yes, I know I write a lot about AWS these days, but you know, obsession is my thing.

So as I wrote earlier, I generate my CloudFormation templates using troposphere, and the one thing I had to finish today was to register a latency based Alias record on Route53 for an ELB. While Route53 GUI is fairly easy to use, I’ve been stuck on its programmatic emanation for quite a while, so here’s a troposphere definition of such a CloudFormation object:

So you’re using AWS CloudFormation in order to bring up complex infrastructures; haven’t you already told yourself that instead of writing down all those JSON lines by hand, you could bring more fun to your architect life? I did, and I found a way to programmatically design a whole architecture using troposphere and boto3. Simply put, troposphere gives you bindings in order to generate CloudFormation’s JSON template, but hey, it’s python, meaning that you can create loops, use conditions and even dynamically build objects.

AWS is an amazing piece of cloud, but the documentation is not always clear. I’ve been scratching my head trying to understand how Reserved Instances pricing was applied to actual instances. First I was searching for a “Launch a Reserved Instance” button, or even “Associate this Reserved Instance”, but no, nothing. I found the official documentation to be quite evasive so I took my chance on the ##aws IRC channel on irc.freenode.net; there I found a very friendly community that explained me (and many more after me) the simple truth: It’s all automagic!

Long time no see huh? ;)

I’m diving into Amazon Web Services for some months now, and I must say I’m pretty impressed by the overall quality. Compared to the other “clouds” I’ve played with, it’s the most mature and comprehensive by far.

While writing a couple of tools to make my life easier, there’s one piece that took me longer: filtering the output of the aws ec2 describe-instances command. The output is in JSON, which is quite nice you might say, and it is, but when it comes to interact with JSON in the command line, things can get a little messy.

Proceeding with my Christmas presents, I have refactored my ${HOME} lab. One of the goals was to migrate my public gateway to a diskless Soekris Net6501 my beloved wife offered me :)

The overall PXE/NFS process is explained a billion times over the Internet, only particular point here is that I used dnsmasq instead of ISC DHCP.

Nevertheless I came across an issue that took me way too long to understand; while the boot process seemed perfectly fine, at some point, after Setting up ttys, init hung and the kernel showed the following message:

Snoopy is a pretty cool piece of software that can log every exec(3) call to syslog. When it comes to security, that feature can be really handy.

Yesterday (Dec. 5), I commited security/snoopy to pkgsrc. The package comes with GNU/Linux related scripts in order to modify /etc/ld.so.preload so libsnoopy is loaded before libc and achieve its role. NetBSD doesn’t have a ld.so.preload file, instead, we use a flexible /etc/ld.so.conf configuration file which has the following syntax:

Dynamic module loading via modload has a couple of issues with a NetBSD domU kernel, so it is not possible to modload iscsi.kmod.

In order to enable in-kernel iSCSI support, you’ll have to add the following lines to your kernel configuration and rebuild it:

dmesg should show this line:

You’ll then be able to start iscsid and manage your targets using iscsictl.

My “mediacenter”, a small x86 machine plugged to the living-room TV was a diskless (PXE/NFS root) Debian Wheezy until the past week end. After having tried Linux Mint on a laptop of mine and being impressed by its integration quality, I decided to migrate my mediacenter to LMDE.

I did not reinstalled the system, mainly because Mint does not support debootstrap, instead I followed a couple of HOWTOs I found on their forums: this one and this one.

At ${DAYWORK}, I happen to use IBM’s cloud: SoftLayer. It has all the features you’d expect from such a platform, and can instantiate pretty much any major GNU/Linux distribution you’d think of; but here’s the thing, we also use NetBSD for some infrastructure services, and as you’d guess, there’s no NetBSD support at all on SoftLayer.

I had to reverse some bits of their provisioning system to understand how to achieve NetBSD installation, but most of all, automatic provisioning.

I recently had the need to mount an UFS2 (NetBSD) partition under GNU/Linux, and while this is surprising, a standard Linux distro, Debian in my case, is not able to mount it in read/write mode.

I came across this project https://github.com/DanielO/fuse-ufs2 which has basic UFS2 read/write support. It is not very stable, I made it crash a couple of times while using vim on the mounted partition, but it does support simple operations like cp, rm and such.