miércoles, 17 de abril de 2019

[EN] Setting open descriptors on Ubuntu18.04

Hello! this is a tricky question; many times you are used to do something in an special way but suddenly, one day it doesn't work. That's what happened to me with open file descriptors on Ubuntu 18.04.
 By default this Ubuntu release has

esther@host:~# sudo ulimit -n
1024
esther@host:~#

which may be very little if you plan to run, for example, an nginx server. If you want to change that value, you have to

1) edit /etc/sysctl.conf and add

fs.file-max = 65535
fs.nr_open = 65535


at the end of the file

2) edit /etc/security/limits.conf and add at the end

* soft     nproc          65535   
* hard     nproc          65535  
* soft     nofile         65535  
* hard     nofile         65535
root soft     nproc          65535   
root hard     nproc          65535  
root soft     nofile         65535  
root hard     nofile         65535

3) check that 
/etc/pam.d/common-session 
/etc/pam.d/common-session-noninteractive 
contain

session    required    pam_unix.so

which is the default configuration for the pam.d service; if you need to update any of those two files, restart the pam.d service.

If you have done all of those changes, reload them and check if still have the same values

esther@host:~# sudo sysctl -p
esther@host:~# sudo ulimit -n

shows the default value, make one last change on /etc/systemd/user.conf and set

DefaultLimitNOFILE=65535

Save and restart... and check it again ;)

miércoles, 10 de abril de 2019

[EN] AWS - An UnauthorizedOperation and encrypted message

Have you ever tried to perform a change from the aws command-line and all you got was an error like

"An error occurred (UnauthorizedOperation) when calling the XXXXXX operation: You are not authorized to perform this operation. Encoded authorization failure message"

and an encrypted string afterwards? Well, don't panic. It's just a "normal" error, but in this case the output is encrypted for security; aws api does so becasue it throws some sensible information and they don't want anyone else but you to get it. 



How to decrypt that info? Easy; you need an allow policy on STS for the action DecodeAuthorizationMessage. If you already got permission, you don't need to create the policy, but if you need to just copy and paste it


{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": "sts:DecodeAuthorizationMessage",
            "Resource": "*"
        }
    ]
}

Once the policy has been applied, you can decrypt the error with

> aws sts decode-authorization-message --encoded-message Error_Message_Encrypted_String --output table

where Error_Message_Encrypted_String would be the message you got.




Hope that helps!

martes, 2 de abril de 2019

[EN] rc.local on Ubuntu 18.x

On Ubuntu 18.04/18.10 I have missed the rc.local file that had helped me a few (thousand) times. Have you missed it too? By default, the file does not exit, but the service behind is present, so not everything is lost.
If you want to enable this feature on your Ubuntu, you are just few steps away.

First of all, let's create the file and set the correct perms

> touch /etc/rc.local
> chmod +x /etc/rc.local

and then let's give it the correct format


> echo "#!/bin/bash
exit 0" > /etc/rc.local


and it will work. You can check the state of the service as well with


> systemctl status rc-local

and start/stop it if you want to make any test.