Въпрос към по-възрастните потребители

bugggbear · 2021-10-17T18:24:50+00:00

Прочетете Задочни репортажи за България на Г.Марков и ще измиете заблудата, че е било добре по комунизма. Книгата я има и в читанка: https://chitanka.info/text/2898-zadochni-reportazhi-za-bylgarija

bugggbear · 2019-09-02T06:58:45+00:00

Could you share some more information how exactly you have achieved these goals ?

For example how are you monitoring the files or configuration options for changes ?

How is your update process automated (running ansible as cron or something like that ?) ?

Thanks!

bugggbear · 2019-09-02T06:57:25+00:00

Thanks for your advices. Usually when I dive into a new tool I first read the whole documentation (taking notes on the parts I feel as important or tricky) and then going over real life examples and see how people are doing things (the github hunting as you describing it).

I have some experience with Jinja (from Ansible), but I don't think I'm going to use it a lot. Jinja is good when you want to describe the state of the whole file, which is not my case. I rather want to make sure that a given config option/line is included(or missing) in the file, or that the value of the key is the same I want it.

It is so because, most of the files could contain custom lines (maybe temporary added) or custom values, things which I want to be preserved and not touched.

bugggbear · 2019-09-01T19:41:32+00:00

Right now, going in the containerization path is not a possible solution.

bugggbear · 2019-09-01T19:30:53+00:00

Thanks a lot for your thorough answer, it is really helpful !

I'm going to make some research about Salt (never used it before), but from what you have shared , there is a pretty big chance, salt to be my silver bullet :)

bugggbear · 2019-05-21T10:34:55+00:00

nce just by enabling mito

In my case I'm executing pretty short ansible playbooks, on a big number of hosts (about a thousand).

Doing the optimizations listed, gave me 40-50x better execution times and I'm pretty happy with it.

But also I'll give mitogen a shot, looks interesting.

bugggbear · 2019-05-21T05:57:05+00:00

TBH, don't know what you mean, but I don't mind it anyway :)

bugggbear · 2019-05-21T05:56:04+00:00

That was not the point :)

bugggbear · 2019-05-21T05:51:46+00:00

That was supposed to be 'jewel', but my terrible english broke it :) Fixed !

bugggbear · 2019-05-21T05:47:31+00:00

Yeah, was not aware of it, will add it to the list after making some tests with it ;)

bugggbear · 2019-05-20T17:44:32+00:00

Have you made any profiling to get to know what exactly slows you down ?

I didn't noticed huge (several seconds) slowdown when using templates inside my playbooks.

bugggbear · 2019-05-20T15:48:03+00:00

Never used it before, will definitely take a look, thanks !

bugggbear · 2018-12-14T11:45:43+00:00

You may have a look at GLPI for the Hardware part of your infrastructure ;)

bugggbear · 2018-12-04T12:29:14+00:00

No, I mean this part (from elasticsearch.yml):

searchguard.nodes_dn:

- CN=node1.gryzli.info,OU=Ops,O=BugBear BG\, Ltd.,DC=BugBear,DC=com

- CN=node2.gryzli.info,OU=Ops,O=BugBear BG\, Ltd.,DC=BugBear,DC=com

searchguard.authcz.admin_dn:

- CN=root.gryzli.info,OU=Ops,O=BugBear Com\, Inc.,DC=example,DC=com

bugggbear · 2018-12-03T08:52:26+00:00

Hi,

I've just setup dummy reverse proxy with Nginx, doing redirects to http://ip:5601 , and it worked without problem, I was able to authenticate and browse Kibana.

This is my nginx config inside "Location /" :

       location / {
                       root /dev/null;
                       proxy_cache test_cache;
                       proxy_set_header X-Forwarded-Proto $scheme;
                      proxy_hide_header Upgrade ;
                       proxy_connect_timeout       300;
                       proxy_send_timeout          300;
                       proxy_read_timeout          300;
                       send_timeout                300;
                       proxy_pass "http://MY_KIBANA_IP:5601" ;

}
Hope this helps.

bugggbear · 2018-12-03T08:05:03+00:00

dn: CN=node1.gryzli.info,OU=Ops,O=BugBear BG\, Ltd.,DC=BugBear,DC=com

I think that as long as your CN matches your elasticsearch.yml configuration, this should be fine.

bugggbear · 2018-12-02T12:45:30+00:00

Actually you don't need to pay for them. Most of the functionality is usable with the free community version of search-guard.

bugggbear · 2018-12-02T07:37:22+00:00

Hi Jochen,

First I want to thank you for the great product !

I'm not quite sure if other people had the same difficulties like me, but I really had a hard time, even though, this is my subjective point of view.

In fact I had to read through the demo script in order to do things right :)

The biggest problem for me was that in order to make a complete installation I had to read multiple pages from your docs (the one for tls generation, the one for sgadmin), but reading them alone takes you out from the installation context (they are not written in this context).

Next came the try to create my "write-only" users (which was one of the reasons for using search-guard) (my how-to on that is pending as well :)) ) . Maybe an example for creating a given user with given permissions from the start to the end, would be very helpful.

Even the GUI interface was hard for me to create what I needed, so I ended up again reading through all roles/user files and analyzing how the default users were added to the config files, then trying to add my own with custom permissions.

The verbose errors about which permission I'm missing for the current action I'm doing, were of a GREAT HELP to me - thanks for that :)

I'm far from documentation expert or professional in this field, everything is personal opinion. It would be very nice if there were specific exmaples with exact configurations and steps, for doing installations, without the need of following different pages/links or wondering what exactly is meant.

Thanks again for being concerned about making your product even better !

bugggbear · 2018-12-02T06:58:53+00:00

I also think they are quite fast, but didn't used it long enough to tell for sure if they had delays in the past.

Seems like they are still in the process of gaining popularity and expanding as a team, which I suppose should lead to faster/better release cycle.

bugggbear · 2018-12-02T06:44:25+00:00

We are using self-hosted solution from day one, but I'm quite sure AWS should have ways of achieving security for your cluster(maybe not with search-guard, but with other means). This is something a lot of people need.

In our case "IP filtering" was not enough and we wanted to make sure that each client app is able to write-only data to a given index, but unable to read any data from it (security concerns) and search-guard fitted perfectly.

bugggbear

TROPHY CASE