In the first part – Kubernetes: part 1 – architecture and main components overview – we did a quick glance about Kubernetes. Also, check the third part – Kubernetes: part 3 – AWS EKS overview and manual EKS cluster set up. The next thing I’d like to play with is to manually create a cluster… Read More »
We have a PHP-application with the AWS RDS MariaDB as a backend. On the previously used 10.0 version all was good, but right after we upgraded to the MariaDB 10.2 – got errors during tests: PDOException: SQLSTATE[22001]: String data, right truncated: 1406 Data too long for column ‘name’ at row 1 in /data/projects/projectname/vendor/yiisoft/yii2/db/Command.php:1290 The first… Read More »
At this moment I’m configuring a new CDN for our project. Will use CloudFront and Cloudflare here so need to create two dedicated buckets with different names – cdn.cfr.example.com => CloudFront and cdn.cfl.example.com => Cloudflare. To avoid coping data each time to both buckets – an AWS S3 Cross-Region Replication can be used, so data… Read More »
Today I checked our IAM-users and “suddenly” recalled that it’s good to update their credentials sometimes: Well, that’s good to do but here is a question: it’s simple enough to set an expire for keys in IAM, but what to do with all scripts which are used in our Jenkins and which are using those… Read More »
A unattended-upgrades package performs automated upgrades installation on Debian/Ubuntu systems. It’s a Python script (1500 lines) located at /usr/bin/unattended-upgrade (and /usr/bin/unattended-upgrades is a symlink to the /usr/bin/unattended-upgrade). CentsOS/RHEL analog – yum-cron. Install it: [simterm] $ sudo apt -y install unattended-upgrades [/simterm] The main config file is /etc/apt/apt.conf.d/50unattended-upgrades where upgrade types, email settings etc can be… Read More »
Previously we used cloud-based Sentry version but then reached emails limit and our backend-team left without those notifications which are critical for their work. A self-hosted version was planned a long time ago so now we have a chance to spin it up. The post below describes how to start self-hosted Sentry on an AWS… Read More »
We have a VPC with OpenVPN Access Server running. This VPC is connected with other VPCs in our AWS account. The issue is that currently when a user is connected to VPN for the DNS resolution into EC2 instances private IPswe are using dnsmasq service on the VPN-host which has a /etc/dnsmasq.hosts file where are manually… Read More »
We have AWS RDS with MariaDB. The error below and its solution aren’t specific to AWS RDS and MariaDB. The next error appears during attempt to kill() a thread in MySQL: [simterm] MariaDB [(none)]> kill 759; ERROR 1095 (HY000): You are not owner of thread 759 [/simterm] The solution is to use the mysql.rds_kill() procedure… Read More »
We consider Bitwarden as a passwords keeper for our project with the main goal to have an ability to have separated access to secrets by user roles and/or ACLs. I.e. Pass or KeePass are good for self-usage by one person but they have no main things – a normal web-interface and role-based access to data.… Read More »
I’m sure that using MFA (Multi-Factor Authentication) today is oblivious. For 2FA (2-Factor Authentication) the most used method is TOTP – Time-based One-time Password, when alongside with the common login:password also needs to enter a code generated by a device or software. The most known implementation is Google Authenticator but also there is a… Read More »