Archive

  • Building an automatic backup verification pipeline: Elasticsearch edition

    If you don’t restore and verify your backups, you don’t know that they’ll actually work when the time comes. Doing this manually is time consuming, easily forgotten and a great candidate for being automated. I’m sure you can imagine that we’d normally be talking about backups for a database or perhaps some archived Elasticsearch indices, but even your local GitLab...

    Read more
  • Debugging incorrect timestamps in the unified CloudWatch Agent

    Logs are unhelpful at best and thoroughly misleading at worst if not stored with the correct timestamp. A few seconds off is most likely good-enough, but if your log shipping fails for a period of time or you’re trying to make sense of the order of a number of events that happen in quick succession, any inaccuracy is incredibly frustrating....

    Read more
  • Visualising ALB logs with Elasticsearch and Kibana

    Having the raw logs from our AWS Application Load Balancer can be really helpful for debugging, especially when the service that you’re load balancing may not have logged a message if it times out or otherwise errors. If you’ve spent any time writing NodeJS services with Express and Promises, I’m sure you’ll have run into the controller or middleware that...

    Read more
  • Providing secure, authenticated access to an internal service running in ECS

    Gone are the days where every employee sits in an office cubicle from 9AM to 5:30PM, Monday to Friday. Having a physical location with the blinking lights of a VPN appliance or whining server is no longer a given and thus the ‘traditional’ approach of whitelisting company IPs and having your colleagues VPN in to the corporate network just isn’t...

    Read more
  • Load balancing GRPC services in the Elastic Container Service with Traefik

    Despite the popularity of Kubernetes, AWS’s Elastic Container Service (ECS) offering is fantastic for many containerised workloads and avoids a lot of the complexity that comes from using and operating a full-blown container orchestration platform. Add in Fargate with its attractive pricing and low management overhead and you have a great way to easily host containers. One challenge of using...

    Read more
  • Securing private docs with CloudFront & Lambda@Edge

    In a previous article, we looked at a method of restricting access to a CloudFront distribution with the use of a CloudFront private key that could sign cookies granting access to private files or even a static website. With AWS Lambda@Edge, we can remove a few of the steps in that article and replace them with a Lambda function that...

    Read more
  • Badges for AWS CodeBuild & CodePipeline with CloudWatch and Lambda

    Most build systems have a built-in method of producing status badges or a plugin that will create them. With CodeBuild, we can use CloudWatch Events and a Lambda function to generate a badge when our build succeeds or fails, upload it to S3 and then display it in our README. To get started, the following JSON is a shortened example...

    Read more
  • Mutual auth with GRPC & Node: start to finish

    Setting up mutual authentication can be a little daunting, especially when the docs for a library you’re using don’t always have a good example. Top it off with having to make your own certificates, and the whole process can be a real PITA! To make it easier, we’re going to be using a tool from the great people at Square,...

    Read more
  • Providing password-based access to a private S3 bucket with Lambda and CloudFront

    Amazon’s Simple Storage Service doesn’t natively support password-protected access, however we can use a CloudFront distribution and private ACL to control access to the bucket and then use Lambda to issue signed cookies after validating a password. via GIPHY How it works A user visits the CloudFront distribution. This could either be directly to the abcde.cloudfront.net hostname or a CNAME....

    Read more
  • Want faster Ansible runs? Try enabling pipelining!

    I’ve always wondered if there’s a way to speed up Ansible executions as creating a new SSH connection for each command seemed excessive. However, I’d never looked for a solution until today when I discovered a very neat feature that shares SSH connections called pipelining. Enabling it as simple as adding the following to an ansible.cfg file located somewhere it...

    Read more
  • Finding a connection leak, the easy way

    Finding a connection or memory leak can be difficult at the best of times and near-impossible without good visibility of what your application is doing. To make things worse, it’s easy to end up in production with something leaking that you may not have existing monitoring or metrics for. Adding this to the code might not be an option and...

    Read more
  • Note to self: if you want PostgreSQL to accept your non-lowercase database name, enclosure its name with quotes

    The following creates the database frustratingerror: CREATE DATABASE FrustratingError; The following creates the database FrustratingError: CREATE DATABASE "FrustratingError";

    Read more
  • Configuring ConfigServer Firewall (CSF) for Docker (Debian 8)

    By default, the Docker daemon will automatically configure iptables rules that allow communication with containers and, additionally, the outside world through the use of exposed ports. If you’re like me and using ConfigServer Firewall, this may not be desirable as these rules will bypass the firewall configuration and let anyone access the exposed container ports. To get around this, it’s...

    Read more
  • Installing RancherOS on OpenNebula

    At the time of writing, Rancher does not publish VM images that are not aimed at a particular cloud provider and I therefore set about installing RancherOS with just the provided ISO. Step 1: Download and import images To begin, download the RancherOS ISO and then upload it into OpenNebula’s image system. sudo -u oneadmin -i cd /tmp wget https://releases.rancher.com/os/latest/rancheros.iso...

    Read more
  • Adding a grub menu option to reboot to the BIOS / UEFI settings on CentOS

    I recently played around with a few Linux distros and ended up keeping CentOS as my daily driver. One thing I missed, however, was having the “System settings” option on the grub menu that would reboot the computer into the BIOS / UEFI options (present in Ubuntu & Debian). To add this option on CentOS, create the following file and...

    Read more
  • Compiling a custom FreeBSD kernel to enable VNET support for jails

    One issue I had while replacing FreeNAS with FreeBSD was that, by defualt, vnet support isn’t enabled in the kernel. To resolve this, I compiled a custom kernel as follows: Step 1 - download the kernel sources Change the FreeBSD version, as appropriate. pkg install subversion svn checkout http://svn.freebsd.org/base/release/10.2.0/ /usr/src Step 2 - create a custom config cd /usr/src/sys/amd64/conf #...

    Read more
  • Setting up the discovery of a network share / server with Avahi

    I recently replaced FreeNAS with FreeBSD after installing even basic tools in the main OS (without first using a jail) became tedious and I wanted to explore how each of the components (e.g sharing & plugins) were implemented. Below is a service description file that Avahi will use to broadcast the server’s share capabilities. It allows an easy one-click to...

    Read more
  • Installing f.lux on CentOS

    When working late at night, I enjoy using the excellent f.lux app. Unfortunately, setting it up on CentOS wasn’t as easy as I’d hoped. Below are the steps I took to get it working. Step 1 - install dependencies sudo pip install pexpect sudo yum install gnome-python2-gconf pyxdg python-appindicator Step 2 - install f.lux git clone https://github.com/Kilian/f.lux-indicator-applet.git cd f.lux-indicator-applet sudo...

    Read more

Subscribe via RSS.