Authordsezen

Playing with AWS Autoscale Lifecycle Hooks, triggering Lambda function

Facebooktwittergoogle_pluslinkedinmailby feather

Honestly, i was not aware that terminating an instance at AWS is equal to unplugging the server cable. That’s why, i lost so much time trying to trigger a custom code before the instance shutdown using init levels. But i failed!!! Why, because when you unplug the electric cable, there is no init process!! 🙂

Later on, i found the AWS lifecycle hooks. Autoscale group triggers an SNS which them invokes a Lambda function and the basic requirement “revoking IP from Security Group” can be done. Here is the related node.js but still it is missing to parse the incoming SNS (The IP is static)

[snippet id=”26″]

Scripted monitoring on NewRelic with Javascript

Facebooktwittergoogle_pluslinkedinmailby feather

By the help of the latest requirements on customers, i am getting more familiar with node.js and getting more used to be a node.js developer:)

Here is the one of the javascript code, which parses the output of a HTML and checks if a specific result is there or no. If not, NewRelic gives alarm:

 

[snippet id=”25″]

MongoDB given “not master” error after creating AWS Cloudformation template

Facebooktwittergoogle_pluslinkedinmailby feather

AWS has cool documentation but sometimes not guiding you practical solutions. If you have intended you use the following mongodb Cloudformation template:

https://aws.amazon.com/blogs/aws/mongodb-on-the-aws-cloud-new-quick-start-reference-deployment/

You will notice that, mongo is not operable. In order to achieve that you need to ssh and enter to mongo console by typing mongo:

When you check the repliaction set status you will see:

> rs.status ()
{
        "info" : "run rs.initiate(…) if not yet done for the set",
        "ok" : 0,
        "errmsg" : "no replset config has been received",
        "code" : 94

initiate the replica with:

> rs.initiate()
{
        "info2" : "no configuration explicitly specified — making one",
        "me" : "ip-10-0-2-241:27017",
        "ok" : 1
}
 
You can now check the status again:
 
s-1:PRIMARY> rs.status()
{
        "set" : "s-1",
        "date" : ISODate("2016-03-23T16:00:30.805Z"),
        "myState" : 1,
        "members" : [
                {
                        "_id" : 0,
                        "name" : "ip-10-0-2-241:27017",
                        "health" : 1,
                        "state" : 1,
                        "stateStr" : "PRIMARY",
                        "uptime" : 13924,
                        "optime" : Timestamp(1458748644, 1),
                        "optimeDate" : ISODate("2016-03-23T15:57:24Z"),
                        "electionTime" : Timestamp(1458748644, 2),
                        "electionDate" : ISODate("2016-03-23T15:57:24Z"),
                        "configVersion" : 1,
                        "self" : true
                }
        ],
        "ok" : 1
}

How to add a specific IP to your RDS security group on command line

Facebooktwittergoogle_pluslinkedinmailby feather

 

If you go towards DevOps, automated provisioning, you definetely will need to do things in automation.

 

Here is the command line, in case you need the new automated provisioned server to be added in your RDS security group:

aws rds rds-authorize-db-security-group-ingress –db-security-group-name mydbsecuritygroup –cidrip 192.168.1.10/27

How to block an IP on AWS?

Facebooktwittergoogle_pluslinkedinmailby feather

 

Security Groups on AWS by default blocks all, so you can just define what you allow. As a result, you cannot block an IP using Security Group, e.g. to prevent a specific IP to access to your web port

ACL is right there for that need. You need to define the IP/IPs which you want to block and remember to keep the rule 100 always in place:)

AWS ACL

AWS Elasticbeanstalk NewRelic agent installation

Facebooktwittergoogle_pluslinkedinmailby feather

Credits for @umitunal_

packages:
  yum:
    newrelic-sysmond: []
  rpm:
    newrelic: http://yum.newrelic.com/pub/newrelic/el5/x86_64/newrelic-repo-5-3.noarch.rpm
  commands:
    "01":
      command: nrsysmond-config –set license_key=xxxxxxxxxxxxxx
    "02":
      command: echo hostname=NameOfYourServer >> /etc/newrelic/nrsysmond.cfg
    "03":
      command: /etc/init.d/newrelic-sysmond start

AWS SSL Certificate cannot be added

Facebooktwittergoogle_pluslinkedinmailby feather

Although the private and public keys are valid (Already tested on another platform), AWS Web Console is giving error while i am trying to define under ELB Listeners.

In order to debug the situtation, the following command line will be helpful:

aws iam upload-server-certificate –server-certificate-name my-server-cert –certificate-body file://my-certificate.pem –private-key file://my-private-key.pem –certificate-chain file://my-certificate-chain.pem –debug

AWS instance metadata

Facebooktwittergoogle_pluslinkedinmailby feather

Just a simple best-practice for you to know in case you need to get instance related data during automation:

curl http://169.254.169.254/latest/meta-data/

For example, if you want to use the hostname in your automation, just use the output:

$ curl http://169.254.169.254/latest/meta-data/hostname

WordPress and CloudFront Access-Control-Allow-Origin problem a.k.a. CORS

Facebooktwittergoogle_pluslinkedinmailby feather

You may be having the following type of error after you enable CDN on your WordPress:

Font from origin 'http://xxxxxxx.cloudfront.net' has been blocked from loading by Cross-Origin Resource Sharing policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://www.domain.com' is therefore not allowed access.

That's because you do not have the "Access-Control-Allow-Origin" header set by the web-server of the origin, which is Apache or Amazon S3.

You can verify this with the following command and you will not see the header:

curl -I -s -X GET -H "Origin: www.domain.com" http://xxxxxx.cloudfront.net/yyy.png

1- With S3: In order to set that header in S3, refer to the AWS Documentation.

2- Without S3: 

2-a: CloudFront:

– Edit Behaviors

– Change "Allowed HTTP Methods" to GET, HEAD, OPTIONS, PUT, POST, PATCH, DELETE

– Change "Forward Forward" headers to "Whitelist"

– Add "origin" to Whitelist headers

2-b: Apache

You need to You just need the following to be added under the Document section in your httpd.conf:

Header set Access-Control-Allow-Origin "*"

and gracefuly restart your http server:

apachectl -k graceful

Check if the header appeared with the "curl" command previously we used.

 

HTTP/1.0 200 OK

Content-Type: image/png

Content-Length: 299245

Date: Wed, 16 Dec 2015 22:28:00 GMT

Server: Apache

X-Frame-Options: SAMEORIGIN

Last-Modified: Wed, 09 Dec 2015 15:07:22 GMT

ETag: "490ed-52678727d1480"

Accept-Ranges: bytes

Access-Control-Allow-Origin: *

X-Cache: Miss from cloudfront

X-Amz-Cf-Id: e14A-xV0D-ajm0S7wLe696YombjT8zKCmbr0LL8NmqlMarArJo1jnw==

X-Cache: MISS from 213.155.126.5

X-Cache-Lookup: MISS from 213.155.126.5:3128

Via: 1.1 cxxxxxx4.cloudfront.net (CloudFront), 1.0 213.155.126.5 (squid/3.1.23)

Connection: keep-alive

Building Microservices

Facebooktwittergoogle_pluslinkedinmailby feather

I have recently finished reading Sam Newman's "Building Microservices" book, from which i learned so many topics that were questions in my mind towards building micro services.

Micro Services

Although there are so many lessons i learned, but the most remarkable ones are:

– Services are communicated between each other on service-level rather than via DB

– Although there is no restriction, but having seperate DB for each/set of services is ok

– Service orchestration and scaling

– Breaking monolith into pieces

 

 

 

© 2018 Derya Sezen

Theme by Anders NorénUp ↑


visited 27 states (12%)
Create your own visited map of The World