The latest articles on DEV Community by Vasiliy (@webchi). https://dev.to/webchi https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F247747%2F95c630d5-7e9f-44aa-b26a-baf0e4c35fa6.jpg https://dev.to/webchi en Vasiliy Sun, 08 Jan 2023 21:16:59 +0000 https://dev.to/webchi/deploy-stratagies-5ben https://dev.to/webchi/deploy-stratagies-5ben <ul> <li>Green/Blue deployment - PFFFFFFFFffffffffffffff 👎</li> <li>Red deployment - KBG officer orders you to deploy NOW!</li> </ul> serverless cloud database aws Vasiliy Mon, 29 Mar 2021 08:00:53 +0000 https://dev.to/webchi/docker-installation-nopubkey-error-on-ubuntu-focal-14ln https://dev.to/webchi/docker-installation-nopubkey-error-on-ubuntu-focal-14ln <p>If you try to complete <a href="https://docs.docker.com/engine/install/ubuntu">official docker</a> installation manual and get this error on ubuntu 20 focal distro:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>GPG error: https://download.docker.com/linux/ubuntu focal InRelease: The following signatures couldn<span class="s1">'t be verified because the public key is not available: NO_PUBKEY 7EA0A9C3F273FCD8 </span></code></pre> </div> <p>You could better try <a href="https://www.digitalocean.com/community/tutorials/how-to-install-and-use-docker-on-ubuntu-20-04">Digital Ocean manual</a> with such way of adding docker gpg key and repo:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Add key</span> curl <span class="nt">-fsSL</span> https://download.docker.com/linux/ubuntu/gpg | <span class="nb">sudo </span>apt-key add - <span class="c"># Add repo</span> <span class="nb">sudo </span>add-apt-repository <span class="s2">"deb [arch=amd64] https://download.docker.com/linux/ubuntu focal stable"</span> </code></pre> </div> docker ubuntu Vasiliy Tue, 14 Jul 2020 15:54:13 +0000 https://dev.to/webchi/first-steps-after-hashicorp-vault-production-deploy-312f https://dev.to/webchi/first-steps-after-hashicorp-vault-production-deploy-312f <p>For ones who happy after production Hashicorp Vault deploy and a little confused about what to do next ... because all youtube and article guides are happyending on vault deploy.</p> <p>Here the plan:</p> <ol> <li> <p>Use your root token you've got after <code>vault init</code> to login the Vault:<br> </p> <pre class="highlight shell"><code><span class="nv">$ </span>vault login &lt;root token here&gt; </code></pre> </li> <li><p>Create base <a href="https://learn.hashicorp.com/vault/identity-access-management/iam-policies">policies</a> with different permissions (admin, provisioner) And write them down</p></li> <li> <p>Generate tokens for each policy<br> </p> <pre class="highlight shell"><code><span class="nv">$ </span>vault token create <span class="nt">-policy</span><span class="o">=</span><span class="s2">"admin"</span> <span class="nv">$ </span>vault token create <span class="nt">-policy</span><span class="o">=</span><span class="s2">"provisioner"</span> </code></pre> </li> <li> <p>Create and attach kv storage engine<br> </p> <pre class="highlight shell"><code><span class="nv">$ </span>vault secrets <span class="nb">enable</span> <span class="nt">-path</span><span class="o">=</span>secret kv-v2 </code></pre> </li> <li> <p>Login under you "provisioner" user and check secret creation<br> </p> <pre class="highlight shell"><code><span class="nv">$ </span>vault login &lt;provisioner token here&gt; <span class="nv">$ </span>vault kv put secret/foo <span class="nv">bar</span><span class="o">=</span>baz Key Value <span class="nt">---</span> <span class="nt">-----</span> created_time 2020-07-14T15:41:52.080464762Z deletion_time n/a destroyed <span class="nb">false </span>version 1 </code></pre> </li> <li> <p>Now you can get the key! 💥🍾🎉<br> </p> <pre class="highlight shell"><code><span class="nv">$ </span>vault kv get secret/foo <span class="o">======</span> Metadata <span class="o">======</span> Key Value <span class="nt">---</span> <span class="nt">-----</span> created_time 2020-07-14T15:41:52.080464762Z deletion_time n/a destroyed <span class="nb">false </span>version 1 <span class="o">===</span> Data <span class="o">===</span> Key Value <span class="nt">---</span> <span class="nt">-----</span> bar baz </code></pre> </li> </ol> devops Vasiliy Wed, 13 Nov 2019 18:46:16 +0000 https://dev.to/webchi/real-amazon-ecr-repository-policy-4l31 https://dev.to/webchi/real-amazon-ecr-repository-policy-4l31 <p>Unfortunately <a href="https://docs.aws.amazon.com/en_us/AmazonECR/latest/userguide/RepositoryPolicyExamples.html">AWS documentation</a> doesn't give us full permission settings to pull images from ECR. And if you'll use only<br> </p> <div class="highlight"><pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"Version"</span><span class="p">:</span><span class="w"> </span><span class="s2">"2008-10-17"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Statement"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"Sid"</span><span class="p">:</span><span class="w"> </span><span class="s2">"AllowPull"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Effect"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Allow"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Principal"</span><span class="p">:</span><span class="w"> </span><span class="s2">"*"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Action"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"ecr:GetDownloadUrlForLayer"</span><span class="p">,</span><span class="w"> </span><span class="s2">"ecr:BatchGetImage"</span><span class="p">,</span><span class="w"> </span><span class="s2">"ecr:BatchCheckLayerAvailability"</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre></div> <p>... you'll get <br> <code><br> iam-role/long-strange-number is not authorized to perform: ecr:GetAuthorizationToken on resource: * status code: 400<br> </code></p> <p>And what you really need is to set up ecr:GetAuthorizationToken rights to * resource. So full policy will be:<br> </p> <div class="highlight"><pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"Version"</span><span class="p">:</span><span class="w"> </span><span class="s2">"2012-10-17"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Statement"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"Sid"</span><span class="p">:</span><span class="w"> </span><span class="s2">""</span><span class="p">,</span><span class="w"> </span><span class="nl">"Effect"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Allow"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Action"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"ecr:GetDownloadUrlForLayer"</span><span class="p">,</span><span class="w"> </span><span class="s2">"ecr:BatchGetImage"</span><span class="p">,</span><span class="w"> </span><span class="s2">"ecr:BatchCheckLayerAvailability"</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"Resource"</span><span class="p">:</span><span class="w"> </span><span class="s2">"arn:aws:ecr:eu-central-1:*:repository/*"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"Sid"</span><span class="p">:</span><span class="w"> </span><span class="s2">""</span><span class="p">,</span><span class="w"> </span><span class="nl">"Effect"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Allow"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Action"</span><span class="p">:</span><span class="w"> </span><span class="s2">"ecr:GetAuthorizationToken"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Resource"</span><span class="p">:</span><span class="w"> </span><span class="s2">"*"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre></div> note devops aws ecr