AWS: S3 Cross-Region Replication configuration and objects DeleteMarkers replication

17 July 2019
 

 At this moment I’m configuring a new CDN for our project. Will use CloudFront and Cloudflare here so need to create two dedicated buckets with different names – cdn.cfr.example.com => CloudFront and cdn.cfl.example.com => Cloudflare. To avoid coping data each time to both buckets – an AWS S3 Cross-Region Replication can be used, so data… Read More »

NGINX: multi-branch deployment with Ansible, NGINX map and HTTP Headers

26 June 2019
 

 We have a standard LEMP setup NGINX, PHP-FPM. Application – Yii-framework, deployed from Jenkins using Ansible role with the synchronize module on backend hosts in a /data/projects/prjectname/frontend/web,  directory which is set as a root for an NGINX virtual host. The task is to have the ability to deploy the same application on the same backend… Read More »

SonarQube: the “SCM provider autodetection failed” error

19 June 2019
 

 We have a fresh SonarQube installation (see details in the SonarQube: running tests from Jenkins Pipeline from Docker post). The issue But in its dashboard there is always an error: SCM provider autodetection failed. Please use “sonar.scm.provider” to define SCM of your project, or disable the SCM Sensor in the project settings. Also, it’s displayed… Read More »

SonarQube: running tests from Jenkins Pipeline from Docker

18 June 2019
 

 The task is to run our backend PHP tests using SonarQube from a jenkins Pipeline job. Jenkins running in Docker and all its builds also uses Docker. The main issue I faced during this setup was the fact that SonarQube’s container inside spawns another process with Elastisearch (while Docker concept says “1 service per one… Read More »

Jenkins: running PHPUnit from Codeception by a Pull Request in Github and Allure-reports

6 June 2019
 

 The task is to create a Jenkins Scripted Pipeline job to run PHPUnit with our PHP-based backend unit-tests. To run PHPUnit Codeception will be used. This Jenkins job must be triggered from a Github repository after creating Pull Request so will use Github Pull-Request Builder plugin here. To view generated reports – Allure Jenkins plugin… Read More »

AWS: IAM users keys rotation, EC2 IAM Roles and Jenkins

30 May 2019
 

 Today I checked our IAM-users and “suddenly” recalled that it’s good to update their credentials sometimes: Well, that’s good to do but here is a question: it’s simple enough to set an expire for keys in IAM, but what to do with all scripts which are used in our Jenkins and which are using those… Read More »

OpenVPN: Let’s Encrypt DNS verification on AWS Route53 and OpenVPN Access Server SSL certificate auto update

24 May 2019
 

 In addition to the OpenVPN: SSL and hostname configuration post about OpenVPN Access Server, set up and configuration. So, three months passed and it’s time to renew Let’s Encrypt SSL certificate (see. Prometheus: Alertmanager и blackbox-exporter — проверка срока действия SSL и нотификация в Slack, Rus). I could use a well-know for me scheme with… Read More »

Debian: unattended-upgrades – automatic upgrades installation with email notifications via AWS SES

23 May 2019
 

 A unattended-upgrades package performs automated upgrades installation on Debian/Ubuntu systems. It’s a Python script (1500 lines) located at /usr/bin/unattended-upgrade (and /usr/bin/unattended-upgrades is a symlink to the /usr/bin/unattended-upgrade). CentsOS/RHEL analog – yum-cron. Install it: The main config file is /etc/apt/apt.conf.d/50unattended-upgrades where upgrade types, email settings etc can be configured. Upgrades related schedules are done in the… Read More »

AWS: VPC peering DNS resolution and DNS settings for OpenVPN Access Server

17 May 2019
 

 We have a VPC with OpenVPN Access Server running. This VPC is connected with other VPCs in our AWS account. The issue is that currently when a user is connected to VPN for the DNS resolution into EC2 instances private IPswe are using dnsmasq service on the VPN-host which has a /etc/dnsmasq.hosts file where are manually… Read More »