Devopslife

Straight to the point

Find out which role is used when an AWS CLI command is called

This is very useful if you are running an AWS command on an ec2 instance which is using an IAM role or instance profile and you would like to verify if it is using the intended role.  

aws sts get-caller-identity

$ aws sts get-caller-identity
{
    "Account": "0123456789",
    "UserId": "ABCDxxx:i-abc123",
    "Arn": "arn:aws:sts::0123456789:assumed-role/ECS_Opsworks_DefaultRole/i-abc123"
}

Access denied when using GRANT ALL ON *.* in AWS RDS Mysql

I was totally unaware about the fact that even a master account doesn’t have all the privileges in an RDS database(MySQL) until I got stuck with this issue. Today, I was asked to create a secondary admin user in one of our production DB with all privileges. The MySQL DB instance was running in AWS RDS. I tried the following command

mysql> GRANT ALL ON *.* TO 'admin_sync'@'%';
ERROR 1045 (28000): Access denied for user 'admin'@'%' (using password: YES)

I got the above error while trying to grant all privileges. I was sure about the command because the same command was working fine for non-RDS mysql instances. Few minutes of googling has given me the fix.

 mysql> GRANT ALL ON `%`.* TO [email protected]`%`;

Query OK, 0 rows affected (0.00 sec)

 

In order to protect the instance itself, RDS doesn’t allow even the master account to access to the mysql database. The mysql.* tables are considered off-limits here since I don’t have access to the mysql.* tables which are restricted by Amazon.  I can’t grant permissions on *.* since that would match MySQL, and `%`.* appears to not match those system tables.

So, the quick fix is to use `%`.* instead of *.*. 

The _ and % wildcards are permitted when specifying DB names in GRANT statements that grant privileges at the global or database levels.

 

References

https://dev.mysql.com/doc/refman/8.0/en/grant.html

http://www.fidian.com/problems-only-tyler-has/using-grant-all-with-amazons-mysql-rds

Simulate upstream proxy timeout using nodejs

This is something that I have came across while tuning an nginx server which has multiple tomcat instances as upstream. We were trying to adjust the read timeout of the upstream proxies. It is hard to simulate this by stopping the backend as it will throw a 503 bad gateway. So, for simulating this, we used a nodejs script.


/*server.js*/
const http = require('http');
const hostname = '0.0.0.0';
const port = 8080;
function test(res) {
console.log("Inside test");
}
const server = http.createServer(function(req, res) {
console.log("Starting");
setTimeout(test, 20000);
});

server.listen(port, hostname, function() {
console.log('Server running at http://'+ hostname + ':' + port + '/');
});

Fix 404 error for permalinks while using SSL in wordpress

This was an issue I have faced while setting up this blog. I was getting 404 errors for all the post links in this blog when selecting the non default permalink structure with SSL. 

First thing I tried was to regenerate the .htaccess file. Removed the existing .htaccess file in the WordPress root folder. Regenerated the file by switching  the permalink again. That didnt worked for me. The fix was something with the web sever level. Finally, I found the fix. 

The directory tag is required in ssl virtual host config of apache same as of http port 80, to allow override redirect rules using .htaccess of wordpress.

Example


    <Directory /var/www/html/devopslife.io/>
        DirectoryIndex index.php
        AllowOverride All
        Order allow,deny
        Allow from all
    </Directory>
</VirtualHost>

Thanks to this digitalocean thread 

Monitor ECS agent uptime using crontab and SNS

The Amazon ECS container agent allows container instances to connect to your cluster. If this agent is down for some reason, deployments to the service won’t be reflected in the instance and can cause discrepancy.
Here is a one-liner to check if ECS agent container is running. If it is not running, we are making use of AWS SNS service to send a notification to a topic.
if [ -z $(docker ps -f “name=ecs-agent” -f “status=running” -q) ]; then /usr/bin/aws –region=us-east-1 sns publish –topic-arn “arn:aws:sns:us-east-1:123456789012:Topicname” –message “ECS Agent is not running in $HOSTNAME.”; fi
Make sure that the instance role has permissions to publish to the required topic and the topic is already configured.

Get any user’s public key from github

This is useful when you are giving SSH access to a server. Basically, we have to append the public key to ~/.ssh/authorized_keys.

curl https://github.com/<username>.keys | tee -a ~/.ssh/authorized_keys

Replace the with real github username.

Custom error code in nginx

In some cases, we might need to throw a custom/different error code for a specific issue. For example, we can throw a different error to the end user even if the backend node is down. We can do that in nginx as in the example below.
server {
    listen       8080;
    server_name  devopslife.io;
    error_page   502 503 504 =204 /temperror;
    location /temperror {
      return 204;
    }
  }
Now the user will only see a 204 even if its 503 in real

Start a temporary webserver using python SimpleHTTPServer

To start a HTTP server on port 8000 (which is the default port), simple type:

python -m SimpleHTTPServer

The PWD(present working directory) by which the command is executed will be served via HTTP. If we want to use custom port, use

 

python -m SimpleHTTPServer <portnumber>

For eg python -m SimpleHTTPServer 8080

 

 

« Older posts

© 2019 Devopslife

Theme by Anders NorenUp ↑