Forcing https with wordpress on dreamhost

In order to be able to force the http to https redirection when using wordpress in dreamhost use the following (taken from https://help.dreamhost.com/hc/en-us/articles/215747758-Force-your-site-to-load-securely-with-an-htaccess-file) :

RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301,NE]
Header always set Content-Security-Policy "upgrade-insecure-requests;"

# BEGIN WordPress
.....
# END WordPress

Using port number in Terraform output

Problem

You would like to output some additional information (ie port number) in addition to the variable provided by Terraform.

Solution

Use interpolation of the Terraform variable using ${var} together with the rest of the string you would like to output, like:

output "kibana_endpoint" {
  value       = "http://${aws_instance.elasticsearch.public_ip}:5601"
  description = "The Kibana endpoint"
}

More information about the language https://learn.hashicorp.com/tutorials/terraform/outputs?in=terraform/configuration-language

Creating two types of IAM users in AWS using the CLI

To create a user in AWS IAM using the CLI (after you have configured it), use the following:

Create a user with programmatic access (access key ID and secret access key):

$ aws iam create-user \
  --user-name User_Prog_Access

Response: 
{
    "User": {
        "Path": "/",
        "UserName": "User_Prog_Access",
        "UserId": "AIDExampleUserId",
        "Arn": "arn:aws:iam::123333333:user/User_Prog_Access",
        "CreateDate": "2021-01-29T12:20:43+00:00"
    }
}

$ aws iam create-access-key \
  --user-name User_Prog_Access

Response:
{
    "AccessKey": {
        "UserName": "User_Prog_Access",
        "AccessKeyId": "AKIExampleAccessKeyID",
        "Status": "Active",
        "SecretAccessKey": "ttExampleSecretAccessKey",
        "CreateDate": "2021-01-29T12:21:22+00:00"
    }
}

And for a user with console access:

$ aws iam create-user \
  --user-name User_Console_Access

Response:
{
    "User": {
        "Path": "/",
        "UserName": "User_Console_Access",
        "UserId": "AIExampleUserId",
        "Arn": "arn:aws:iam::933323111111:user/User_Console_Access",
        "CreateDate": "2021-01-29T12:31:46+00:00"
    }
}

$ aws iam create-login-profile \
  --user-name User_Console_Access \
  --password Temp_Password4 \
  --password-reset-required

Response:
{
    "LoginProfile": {
        "UserName": "User_Console_Access",
        "CreateDate": "2021-01-29T12:35:28+00:00",
        "PasswordResetRequired": true
    }
}

Failed to start docker.service: Unit is masked

Problem

Trying to start the docker service after some upgrades fails with the following message:

Failed to start docker.service: Unit is masked.

Solution

It turns out that after upgrading or more specifically removing and then upgrading the docker installation in ubuntu (in this particular case in raspberry 4 with Ubuntu 20.04 installed), results in this error.

A search brings up the following:

https://forums.docker.com/t/failed-to-start-docker-service-unit-is-masked/67413

and from that the following bug post:

https://bugs.launchpad.net/ubuntu/+source/docker.io/+bug/1844894

So the solution is to run the following to be able to start the docker service (described in the first link above):

sudo systemctl unmask docker
sudo systemctl start docker

Find the current AMI image (i.e. Ubuntu 16.04) in AWS using command line

If you would like to programatically find the current image of a specific distribution in AWS for your region, with the use of the aws cli, use the following (in this example looking for Ubuntu 16.04).

aws ec2 describe-images \
    --owners 099720109477 \
    --filters "Name=name,Values=ubuntu/images/hvm-ssd/ubuntu-xenial-16.04-amd64-server-????????" "Name=state,Values=available" \
    --query "reverse(sort_by(Images, &CreationDate))[:1].ImageId" \
    --output text

Or for 18.04

aws ec2 describe-images \
    --owners 099720109477 \
    --filters "Name=name,Values=ubuntu/images/hvm-ssd/ubuntu-bionic-18.04-amd64-server-????????" "Name=state,Values=available" \
    --query "reverse(sort_by(Images, &CreationDate))[:1].ImageId" \
    --output text

This is from the examples in the documentation here: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/finding-an-ami.html

Getting detailed information about your Linux distribution

To be able to get a more detailed information about your current linux distribution, including the code names use the following:

kosmas:$ cat /etc/os-release
NAME="Ubuntu"
VERSION="18.04.5 LTS (Bionic Beaver)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 18.04.5 LTS"
VERSION_ID="18.04"
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
VERSION_CODENAME=bionic
UBUNTU_CODENAME=bionic

Using strace for analyzing performance

There is a very nice example on the O’reilly ‘Linux Under The Hood’ training about using strace to compare performance of two commands that provide the same output but with different calls. The two different commands were: ls and echo *, that they both provide the listing of the current directory.

First using the strace with ls:

kosmas:$ strace -c ls
abi-4.13.0-45-generic      config-4.4.0-31-generic        initrd.img-4.4.0-31-generic   System.map-4.15.0-123-generic         vmlinuz-4.15.0-123-generic
abi-4.13.0-46-generic      efi                            memtest86+.bin                System.map-4.15.0-124-generic         vmlinuz-4.15.0-124-generic
abi-4.4.0-31-generic       grub                           memtest86+.elf                System.map-4.15.0-126-generic         vmlinuz-4.15.0-126-generic
config-4.13.0-45-generic   initrd.img-4.13.0-45-generic   memtest86+_multiboot.bin      System.map-4.4.0-31-generic           vmlinuz-4.4.0-31-generic
config-4.13.0-46-generic   initrd.img-4.13.0-46-generic   retpoline-4.13.0-45-generic   vmlinuz-4.13.0-45-generic             vmlinuz-4.4.0-31-generic.efi.signed
config-4.15.0-123-generic  initrd.img-4.15.0-123-generic  retpoline-4.13.0-46-generic   vmlinuz-4.13.0-45-generic.efi.signed
config-4.15.0-124-generic  initrd.img-4.15.0-124-generic  System.map-4.13.0-45-generic  vmlinuz-4.13.0-46-generic
config-4.15.0-126-generic  initrd.img-4.15.0-126-generic  System.map-4.13.0-46-generic  vmlinuz-4.13.0-46-generic.efi.signed
% time     seconds  usecs/call     calls    errors syscall
------ ----------- ----------- --------- --------- ----------------
 15.81    0.000095          12         8           write
 14.64    0.000088           7        12           mprotect
 13.48    0.000081           5        17           mmap
  9.98    0.000060           7         9           openat
  7.82    0.000047           4        11           close
  7.32    0.000044          22         2           getdents
  6.82    0.000041           6         7           read
  5.66    0.000034           3        10           fstat
  4.99    0.000030           4         8         8 access
  3.16    0.000019          10         2         2 statfs
  2.00    0.000012          12         1           munmap
  1.83    0.000011           4         3           brk
  1.66    0.000010           5         2           ioctl
  1.50    0.000009           5         2           rt_sigaction
  0.67    0.000004           4         1           rt_sigprocmask
  0.67    0.000004           4         1           arch_prctl
  0.67    0.000004           4         1           set_tid_address
  0.67    0.000004           4         1           set_robust_list
  0.67    0.000004           4         1           prlimit64
  0.00    0.000000           0         1           execve
------ ----------- ----------- --------- --------- ----------------
100.00    0.000601                   100        10 total

And using the same with echo *

kosmas:$ strace -c echo *
abi-4.13.0-45-generic abi-4.13.0-46-generic abi-4.4.0-31-generic config-4.13.0-45-generic config-4.13.0-46-generic config-4.15.0-123-generic config-4.15.0-124-generic config-4.15.0-126-generic config-4.4.0-31-generic efi grub initrd.img-4.13.0-45-generic initrd.img-4.13.0-46-generic initrd.img-4.15.0-123-generic initrd.img-4.15.0-124-generic initrd.img-4.15.0-126-generic initrd.img-4.4.0-31-generic memtest86+.bin memtest86+.elf memtest86+_multiboot.bin retpoline-4.13.0-45-generic retpoline-4.13.0-46-generic System.map-4.13.0-45-generic System.map-4.13.0-46-generic System.map-4.15.0-123-generic System.map-4.15.0-124-generic System.map-4.15.0-126-generic System.map-4.4.0-31-generic vmlinuz-4.13.0-45-generic vmlinuz-4.13.0-45-generic.efi.signed vmlinuz-4.13.0-46-generic vmlinuz-4.13.0-46-generic.efi.signed vmlinuz-4.15.0-123-generic vmlinuz-4.15.0-124-generic vmlinuz-4.15.0-126-generic vmlinuz-4.4.0-31-generic vmlinuz-4.4.0-31-generic.efi.signed
% time     seconds  usecs/call     calls    errors syscall
------ ----------- ----------- --------- --------- ----------------
  0.00    0.000000           0         1           read
  0.00    0.000000           0         1           write
  0.00    0.000000           0         5           close
  0.00    0.000000           0         4           fstat
  0.00    0.000000           0         6           mmap
  0.00    0.000000           0         4           mprotect
  0.00    0.000000           0         1           munmap
  0.00    0.000000           0         3           brk
  0.00    0.000000           0         3         3 access
  0.00    0.000000           0         1           execve
  0.00    0.000000           0         1           arch_prctl
  0.00    0.000000           0         3           openat
------ ----------- ----------- --------- --------- ----------------
100.00    0.000000                    33         3 total

So the difference in time is 0.00000 for the echo and 0.000601 for the ls.

Similarly the number of calls for the echo is 33, but ls is using 100.