itsecureadmin.com

Category: configuration management

  • IMDSv2 Calls w/ Older Boto3

    I had a recent problem where I needed to disable IMDSv1 on an older application that could not be upgraded. The boto3 version was 1.8.9 and would require significant changes to support IMDSv2. Instead of upgrading, I was able to set the AWS config and credentials using puppet, using the EC2 instance profile role. This…

  • AccessDenied: User: is not authorized to perform: elasticloadbalancing:AddTags on resource

    I recently updated a deployed helm chart’s ingress definition to add an SSL redirect on port 80 and was surprised to find that the operation also resulted in the removal of several listener rules from my ALB and a failure to update the SSL redirect. I pulled the logs from the AWS LoadBalancer Controller pods…

  • EFS Volume Fails to Mount on Kubernetes Pod

    I was migrating a site from AWS ECS to AWS EKS recently, using the bitnami/wordpress helm chart and came across the following error: I spent quite a while troubleshooting this error, and the result was actually not related to this output at all. This output was due to the wordpress pod coming online before the…

  • AWS LoadBalancer SSL Redirect with Bitnami Helm Chart(s)

    First of all, thank you to Bitnami for providing such valuable helm charts to the community. What a great resource! Why doesn’t Bitnami support adding an SSL redirect for AWS LoadBalancing in their helm charts? I have worked with several lately where the templates baked into the helm charts will not allow the addition of…

  • Find Windows Server Version from the Command Line

    Here is a useful command that will show which Windows Version is installed: systeminfo | findstr /B /C:”OS Name” /C:”OS Version”

  • SSH in a for loop is a solution…

    I just read an article by Jay Valentine on LinkedIn where he talks about Puppet and how they were not profitable, and also noted that Chef is not, and has never been, profitable. That got me to thinking, why are IT professionals investing in these technologies (time, knowledge, effort…). As an IT pro, it’s tempting…

  • Standalone puppet with hiera 5 error…

    With puppet moving more and more away from supporting a standalone model, it’s somewhat difficult to get puppet standalone working. I recently got bit by a hiera update that caused my puppet standalone deployments to stop interacting with hiera the way that I had deployed it. Affected versions: puppet 4.10.10 hiera 3.4.3 The error that…

  • Adding Global Environment Variables to Jenkins via puppet…

    When using Jenkins in any environment, it’s useful to have variables related to that environment available to Jenkins jobs. I recently worked on a project where I used puppet to deploy global environment variables to Jenkins for use with AWS commands — typically to execute the awscli, one must have knowledge of the region, account,…

  • Retrieving puppet facts from AWS System Manager

    AWS System Manager makes it easy to store and retrieve parameters for use across servers, services, and applications in AWS. One great benefit is storing secrets for use, as needed. I recently needed to retrieve some parameters to place in a configuration file via puppet and wrote a short script to retrieve these values as…

  • Running Apache 2 under Ubuntu 16.04 on Docker

    I recently wanted to setup a new Ubuntu 16.04 host running Apache under Docker for some AWS ECS/Fargate testing I was doing and encountered the following error: docker run -p 8085:80 aws-ecr-hello-world:v0.5 [Thu Mar 15 00:11:31.074011 2018] [core:warn] [pid 1] AH00111: Config variable ${APACHE_LOCK_DIR} is not defined [Thu Mar 15 00:11:31.074576 2018] [core:warn] [pid 1]…