viernes, 10 de mayo de 2019

[EN] AWS - An UnauthorizedOperation and encrypted message

Have you ever tried to perform a change from the aws command-line and all you got was an error like

"An error occurred (UnauthorizedOperation) when calling the XXXXXX operation: You are not authorized to perform this operation. Encoded authorization failure message"

and an encrypted string afterwards? Well, don't panic. It's just a "normal" error, but in this case the output is encrypted for security; aws api does so becasue it throws some sensible information and they don't want anyone else but you to get it. 

How to decrypt that info? Easy; you need an allow policy on STS for the action DecodeAuthorizationMessage. If you already got permission, you don't need to create the policy, but if you need to just copy and paste it

    "Version": "2012-10-17",
    "Statement": [
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": "sts:DecodeAuthorizationMessage",
            "Resource": "*"

Once the policy has been applied, you can decrypt the error with

> aws sts decode-authorization-message --encoded-message Error_Message_Encrypted_String --output table

where Error_Message_Encrypted_String would be the message you got.

Hope that helps!

miércoles, 17 de abril de 2019

[EN] Setting open descriptors on Ubuntu18.04

Hello! this is a tricky question; many times you are used to do something in an special way but suddenly, one day it doesn't work. That's what happened to me with open file descriptors on Ubuntu 18.04.
 By default this Ubuntu release has

esther@host:~# sudo ulimit -n

which may be very little if you plan to run, for example, an nginx server. If you want to change that value, you have to

1) edit /etc/sysctl.conf and add

fs.file-max = 65535
fs.nr_open = 65535

at the end of the file

2) edit /etc/security/limits.conf and add at the end

* soft     nproc          65535   
* hard     nproc          65535  
* soft     nofile         65535  
* hard     nofile         65535
root soft     nproc          65535   
root hard     nproc          65535  
root soft     nofile         65535  
root hard     nofile         65535

3) check that 

session    required

which is the default configuration for the pam.d service; if you need to update any of those two files, restart the pam.d service.

If you have done all of those changes, reload them and check if still have the same values

esther@host:~# sudo sysctl -p
esther@host:~# sudo ulimit -n

shows the default value, make one last change on /etc/systemd/user.conf and set


Save and restart... and check it again ;)

martes, 2 de abril de 2019

[EN] rc.local on Ubuntu 18.x

On Ubuntu 18.04/18.10 I have missed the rc.local file that had helped me a few (thousand) times. Have you missed it too? By default, the file does not exit, but the service behind is present, so not everything is lost.
If you want to enable this feature on your Ubuntu, you are just few steps away.

First of all, let's create the file and set the correct perms

> touch /etc/rc.local
> chmod +x /etc/rc.local

and then let's give it the correct format

> echo "#!/bin/bash
exit 0" > /etc/rc.local

and it will work. You can check the state of the service as well with

> systemctl status rc-local

and start/stop it if you want to make any test.

martes, 26 de marzo de 2019

[EN] High CPU -> Ubuntu + Docker + Jenkins

Sometimes, suddenly a Jenkins environment can turn upside down and take all the CPU resources even when no job is being processed. Any job launched gets eternal and the CPU load gets so high that almost reaches the moon while you try to fix it with no luck at all.

In that moment, a good idea may be clean old jobs and update your Jenkins.

For cleaning old builds
  • find out which is your jenkins home (you can get it from "Manage Jenkins" -> "Configure System" -> "Home Directory")
  • navigate to that directory, and then move inside the 'jobs' folder. Those are your jobs, and inside each of them there is a "builds" folder that keeps the builds. Delete as much as you want, let's say leaving just one month.
  • after that, reload your configuration; you can restart your container

  •   > docker container restart jenkins

    or just reload the configuration from "Manage Jenkins" -> "Reload Configuration from Disk" 

For updating your Jenkins (using Docker)
  • First of all, copy the war URL to download it; you can copy it from your Jenkins. To get it, go to "Manage Jenkins" and scroll to the top of the page; there is a warning if there are new available versions, and you can copy the link from there
  • Once you have your link, you have to download the war inside the container and move it instead the current; so lets get inside it using
  • > docker container exec -u 0 -it jenkins bash ##important you use "-u 0" option to force the user; otherwise bash may crash or have other issues
    >> cd /usr/share/jenkins
    >> mv jenkins.war jenkins-OLD.war
    >> wget ## in your case, the URL you got on the previous step   
    >> chown jenkins:jenkins jenkins.war
    >> exit

  • now let's restart the container using

    > docker container restart jenkins

    log on on your Jenkins again, and check your installed plugins; some of them may be outdated and you'll have to make some adjustments.

miércoles, 20 de febrero de 2019

Pinceladas de git

Hoy traigo otra cheat sheet, esta vez se trata de una chuleta de comandos git. Para el que haya llegado aquí por casualidad, git es un software de control de versiones muy utilizado no sólo por equipos de desarrollo sino por cualquiera que prefiera trabajar con un repositorio seguro.

En este caso, quiero que le echéis un ojo a esta chuleta; las hay mucho más completas con miles de comandos, pero esta me gusta porque es muy simple y sencilla, y para alguien que está empezando o que sólo hace tareas más básicas, es genial.

No dispongo de la fuente original, ya que esto lo saqué de Pinterest, de una cuenta que sigo, pero si alguien la conoce, que me lo haga llegar y prometo actualizar el post.

Muchas gracias!