Monthly Archives: May 2019

AWS: IAM users keys rotation, EC2 IAM Roles and Jenkins

30 May 2019
 

 Today I checked our IAM-users and “suddenly” recalled that it’s good to update their credentials sometimes: Well, that’s good to do but here is a question: it’s simple enough to set an expire for keys in IAM, but what to do with all scripts which are used in our Jenkins and which are using those… Read More »

OpenVPN: Let’s Encrypt DNS verification on AWS Route53 and OpenVPN Access Server SSL certificate auto update

24 May 2019
 

 In addition to the OpenVPN: SSL and hostname configuration post about OpenVPN Access Server, set up and configuration. So, three months passed and it’s time to renew Let’s Encrypt SSL certificate (see. Prometheus: Alertmanager и blackbox-exporter — проверка срока действия SSL и нотификация в Slack, Rus). I could use a well-know for me scheme with… Read More »

Debian: unattended-upgrades – automatic upgrades installation with email notifications via AWS SES

23 May 2019
 

 A unattended-upgrades package performs automated upgrades installation on Debian/Ubuntu systems. It’s a Python script (1500 lines) located at /usr/bin/unattended-upgrade (and /usr/bin/unattended-upgrades is a symlink to the /usr/bin/unattended-upgrade). CentsOS/RHEL analog – yum-cron. Install it: [simterm] $ sudo apt -y install unattended-upgrades [/simterm] The main config file is /etc/apt/apt.conf.d/50unattended-upgrades where upgrade types, email settings etc can be… Read More »

AWS: VPC peering DNS resolution and DNS settings for OpenVPN Access Server

17 May 2019
 

 We have a VPC with OpenVPN Access Server running. This VPC is connected with other VPCs in our AWS account. The issue is that currently when a user is connected to VPN for the DNS resolution into EC2 instances private IPswe are using dnsmasq service on the VPN-host which has a /etc/dnsmasq.hosts file where are manually… Read More »

AWS: MariaDB RDS – kill: You are not owner of thread

14 May 2019
 

 We have AWS RDS with MariaDB. The error below and its solution aren’t specific to AWS RDS and MariaDB. The next error appears during attempt to kill() a thread in MySQL: [simterm] MariaDB [(none)]> kill 759; ERROR 1095 (HY000): You are not owner of thread 759 [/simterm] The solution is to use the mysql.rds_kill() procedure… Read More »

TestRail: reset admin password

13 May 2019
 

 We have a TestRail installation but suddenly lose its Admin user password. The Reset Password says that “Email sending failed” although email was configured and users are able to get emails from the server. Also, the log /var/www/testrail.example.com/logs/log-2019-05-13.php didn’t says anything so will reset password in another way – by update this TestRail MySQL database… Read More »

Bitwarden: an organization’s password manager self-hosted version installation on an AWS EC2

1 May 2019
 

 We consider Bitwarden as a passwords keeper for our project with the main goal to have an ability to have separated access to secrets by user roles and/or ACLs. I.e. Pass or KeePass are good for self-usage by one person but they have no main things – a normal web-interface and role-based access to data.… Read More »