rsyslog and Puppet

I found the following article that takes a minimalist approach at managing syslog with Puppet:

Create a local mirror of Ubuntu packages using apt-mirror

Sometimes, having a local mirror of Ubuntu packages can be useful. Not only this can save tons of network bandwidth when installing an Ubuntu system multiple times. An example of this are testing, development and QA environments that rely on virtual machines. When installing a new Ubuntu system, just point the installer to the local Ubuntu mirror and you’ll save time and reduce your WAN/Internet traffic considerably.

In order to create and keep a local mirror of Ubuntu, you can use apt-mirror which is available in the universe repository. And, for the record, this post is heavily based on another one — Ubuntu – Set Up A Local Mirror.

Ubuntu, as many other Linux distributions, retrieve packages for installation over HTTP. Therefore, the first thing to do is to install Apache, if not already installed. And, at the same time, let’s install apt-mirror too:

$ sudo apt-get install apache2 apt-mirror

Next step consists of configuring apt-mirror. The configuration is very similar to /etc/apt/sources.list. apt-mirror reads its configuration from /etc/apt/mirror.list. By default, it mirrors packages for the architecture on which it’s running, but you’ll likely want it to mirror packages for x86_64 and i386 systems. Also, beware of the size of the local mirror: mirroring all the repositories can consume quite a lot of disk space in the local system (30GB or even more). It’s a good idea to mirror those repositories that you need. Here’s an example of my /etc/apt/mirror.list:

############# config ##################
# set base_path    /var/spool/apt-mirror
# set mirror_path  $base_path/mirror
# set skel_path    $base_path/skel
# set var_path     $base_path/var
# set cleanscript $var_path/
# set defaultarch  
# set postmirror_script $var_path/
# set run_postmirror 0
set nthreads     20
set _tilde 0
############# end config ##############

deb-amd64 trusty main restricted
deb-amd64 trusty-security main restricted
deb-amd64 trusty-updates main restricted
deb-i386 trusty main restricted
deb-i386 trusty-security main restricted
deb-i386 trusty-updates main restricted


This configuration requests 20 download threads, and mirrors the main and restricted repositories for x86_64 and i386 systems exclusively.

To initiate the mirror process, just run:

$ sudo apt-mirror

This will spawn workers threads that will mirror the configured repositories into /var/spool/apt-mirror.

In order to serve this mirror via Apache, just create a symlink into the root Apache directory:

$ sudo ln -s /var/spool/apt-mirror/mirror/ /var/www/html/ubuntu

It might also be a good idea to remove or rename /var/www/html/index.html so that one can browse the repository using a Web browser.

And finally, you can configure cron to run apt-mirror periodically. For example, by adding the following line to your crontab:

@daily /usr/bin/apt-mirror

How to configure MAAS to be able to boot KVM virtual machines

In order to allow MAAS to be able to boot KVM virtual machines (via libvirt), these are the steps that one has to follow. They are intended for a Ubuntu system, but you can easily figure out how to make them work on Fedora or CentOS:

$ sudo apt-get install libvirt-bin

When adding nodes to MAAS that run as KVM virtual machines, the node configuration in MAAS will have to be updated to properly reflect the power type. In this case, the power type will be virsh. The virsh power type requires two fields: the “address” and the “power ID”. The “address” is just a libvirt URL. For example, qemu:///system for accessing libvirt on the local host, or qemu+ssh://root@hostname/system to access libvirt as root over SSH. The “power ID” field is just the virtual machine name or identifier.

In order to use SSH to access libvirt from MAAS, an SSH private key will have to be generated, and the public key uploaded to the host where the libvirt server is running:

$ sudo mkdir -p /home/maas
sudo chown maas:maas /home/maas
sudo chsh -s /bin/bash maas
sudo -u maas ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/maas/.ssh/id_rsa): 
Created directory '/home/maas/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/maas/.ssh/id_rsa.
Your public key has been saved in /home/maas/.ssh/

Finally, add the public key to /root/.ssh/authorized_keys2 where the libvirt server is running, so that virsh can SSH into it without a password:

$ sudo -u maas ssh-copy-id root@hostname

Finally, as the maas user, test the connection:

$ sudo -u maas virsh -c qemu+ssh://root@hostname/system list -all

Automating Cisco AnyConnect Secure Mobility Client on Mac OS X

Do you hate having to manually enter the password in order to connect to a Cisco VPN? Well, I do. And I have found that instead of relying on the Cisco AnyConnect Security Mobility Client GUI application, one can use the command-line counterpart to automate VPN login.

Provided that you can log into your VPN using the graphical client, you can automate VPN login by using the following shell script:

cat >
/opt/cisco/anyconnect/bin/vpn -s << EOF
# chmod +x

To connect:

# ./
Cisco AnyConnect Secure Mobility Client (version 3.1.05152) .

Copyright (c) 2004 - 2013 Cisco Systems, Inc.  All Rights Reserved.

  >> state: Disconnected
  >> state: Disconnected
  >> notice: Ready to connect.
  >> registered with local VPN subsystem.
  >> contacting host ( for login information...
  >> notice: Contacting

  >> notice: Please respond to banner.

Welcome to VPN.

  >> state: Connecting
  >> notice: Establishing VPN session...
  >> notice: Checking for profile updates...
  >> notice: Checking for product updates...
  >> notice: Checking for customization updates...
  >> notice: Performing any required updates...
  >> state: Connecting
  >> notice: Establishing VPN session...
  >> notice: Establishing VPN - Initiating connection...
  >> notice: Establishing VPN - Examining system...
  >> notice: Establishing VPN - Activating VPN adapter...
  >> notice: Establishing VPN - Configuring system...
  >> notice: Establishing VPN...
  >> state: Connected
VPN> goodbye...
  >> note: VPN Connection is still active.

To disconnect:

# /opt/cisco/anyconnect/bin/vpn/disconnect