CPU is holding at a steady 200% (task is CPU-bound), but it is not showing in the graph. Why not?
I have a lambda that accesses EC2. I want to assign it to a VPC for security purposes, but when I do boto just stops working. Here's a minimal example:
ec2 = boto3.resource('ec2', region_name='eu-west-2')
instances = ec2.instances.filter(Filters=[
{
'Name': 'vpc-id',
'Values': [vpc_id]
}
])
for instance in instances:
# function hangs here
print(instance)
The Lambda's role has the neccessary permissions on ec2, and works fine outside the VPC. When I put the lambda in the VPC (in a security group that allows all outbound traffic), it hangs. What do I need to do?
I want my S3 bucket to be accessible in two ways:
- Via the console when I'm logged in, so I can modify files
- Via EC2 instances in a certain VPC (IAM roles are set up correctly for this)
Here's the bucket policy I'm using:
{
"Version": "2012-10-17",
"Id": "Policy1415115909152",
"Statement": [
{
"Sid": "Principal-Access",
"Effect": "Allow",
"Principal": {
"CanonicalUser": "<my c_id>"
},
"Action": "s3:*",
"Resource": [
"arn:aws:s3:::my-keys",
"arn:aws:s3:::my-keys/*"
]
},
{
"Sid": "Access-to-specific-VPCE-only",
"Action": "s3:*",
"Effect": "Deny",
"Resource": [
"arn:aws:s3:::my-keys",
"arn:aws:s3:::my-keys/*"
],
"Condition": {
"StringNotEquals": {
"aws:sourceVpce": "vpce-<my_vpce_id>"
}
},
"Principal": "*"
}
]
}
This works for access from the VPC, but not for me logged in at the console. Obviously I can remove the bucket policy, make changes, then reapply it, but I'd rather not...
I woke up this morning to a notification from uptimerobot that a site was down. I checked it myself, and it was not.
I ssh'd in and checked the server logs, and while normal requests were being dealt with fine, uptimerobot's were looking like this:
1.2.3.4 - - [23/Oct/2015:06:41:06 +0000] "GET / HTTP/1.1" 499 0 "-" "Mozilla/5.0+(compatible; UptimeRobot/2.0; http://www.uptimerobot.com/)"
1.2.3.4 - - [23/Oct/2015:06:41:36 +0000] "GET / HTTP/1.1" 301 5 "-" "Mozilla/5.0+(compatible; UptimeRobot/2.0; http://www.uptimerobot.com/)"
1.2.3.4 - - [23/Oct/2015:06:42:06 +0000] "GET / HTTP/1.1" 499 0 "-" "Mozilla/5.0+(compatible; UptimeRobot/2.0; http://www.uptimerobot.com/)"
1.2.3.4 - - [23/Oct/2015:06:42:36 +0000] "GET / HTTP/1.1" 301 5 "-" "Mozilla/5.0+(compatible; UptimeRobot/2.0; http://www.uptimerobot.com/)"
1.2.3.4 - - [23/Oct/2015:06:43:07 +0000] "GET / HTTP/1.1" 499 0 "-" "Mozilla/5.0+(compatible; UptimeRobot/2.0; http://www.uptimerobot.com/)"
499 is an nginx response:
Th 301's are redirects from https to http that uptimerobot is unable to remember (I've updated uptimerobot's settings now, the problem persists). For reference, here is what the log looked like an hour ago:
1.2.3.4 - - [23/Oct/2015:05:43:07 +0000] "HEAD / HTTP/1.1" 301 0 "-" "Mozilla/5.0+(compatible; UptimeRobot/2.0; http://www.uptimerobot.com/)"
1.2.3.4 - - [23/Oct/2015:05:43:09 +0000] "GET / HTTP/1.1" 200 20564 "-" "Mozilla/5.0+(compatible; UptimeRobot/2.0; http://www.uptimerobot.com/)"
1.2.3.4 - - [23/Oct/2015:05:48:07 +0000] "HEAD / HTTP/1.1" 301 0 "-" "Mozilla/5.0+(compatible; UptimeRobot/2.0; http://www.uptimerobot.com/)"
1.2.3.4 - - [23/Oct/2015:05:48:09 +0000] "GET / HTTP/1.1" 200 20564 "-" "Mozilla/5.0+(compatible; UptimeRobot/2.0; http://www.uptimerobot.com/)"
1.2.3.4 - - [23/Oct/2015:05:53:07 +0000] "HEAD / HTTP/1.1" 301 0 "-" "Mozilla/5.0+(compatible; UptimeRobot/2.0; http://www.uptimerobot.com/)"
1.2.3.4 - - [23/Oct/2015:05:53:09 +0000] "GET / HTTP/1.1" 200 20564 "-" "Mozilla/5.0+(compatible; UptimeRobot/2.0; http://www.uptimerobot.com/)"
Nobody has touched the server in that time. The requests (that return 499) are being routed through to the underlying server (django) ok.
Is this something wrong on my server, or is this uptimerobot's problem? It's not happening for any other sites I'm monitoring with them, which have the same setups.
When I try to restart MySQL using restart mysql I get
restart: Rejected send message, 1 matched rules;
type="method_call", sender=":1.7" (uid=1000 pid=18869 comm="restart mysql ")
interface="com.ubuntu.Upstart0_6.Job" member="Restart" error name="(unset)"
requested_reply="0" destination="com.ubuntu.Upstart" (uid=0 pid=1 comm="/sbin/init")
What's going on? This is Ubuntu 12.10.
I host my site at domain.com.
My DNS entries in Route53 are as follows:
domain.com A xxx.xxx.xxx.xxx 300
domain.com NS stuff.awsdns-47.org 172800
domain.com SOA stuff.awsdns-47.org 900
I would like to redirect traffic from www.domain.com to domain.com, as currently this just returns a 404. This question on SO suggested a PTR record, and I added that:
www.domain.com PTR domain.com 300
but it didn't work. What should I be doing?
Mac OS X Snow Leopard cannot bind to my Active Directory (Tiger, Lion can with no problem). I go to Accounts > Login Options, click Join and enter the details. Upon entering the correct FQDN (domain.int) I get an Active Directory Settings dropdown, into which I enter the correct admin credentials.
I then get an error dropdown which says:
The plugin encountered an error processing request. (10001)
In the Console I have the error:
System Preferences[55582] -[ODCAddServerSheetController handleOtherActionError: gotError: Error Domain=com.apple.OpenDirectory Code=4200 UserInfo=0x2003db6e0 "Custom call 202 to LDAPv3 failed.", An invalid attribute type was provided.
The output of dig -t _ldap._tcp.dc._msdcs.domain.int is:
; <<>> DiG 9.6-ESV-R4-P3 <<>> -t SRV _ldap._tcp.dc._msdcs.domain.int
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27437
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; QUESTION SECTION:
;_ldap._tcp.dc._msdcs.domain.int. IN SRV
;; ANSWER SECTION:
_ldap._tcp.dc._msdcs.domain.int. 600 IN SRV 0 100 389 sv1.domain.int.
;; ADDITIONAL SECTION:
sv1.domain.int. 3600 IN A 192.168.0.109
;; Query time: 9 msec
;; SERVER: 192.168.0.109#53(192.168.0.109)
;; WHEN: Tue Jan 31 14:18:33 2012
;; MSG SIZE rcvd: 101
I have tried this on two Snow Leopard machines connected to the same network, I get the exact same results with both of them.