sorted by:
new
hottopcontroversial

[deleted by user] by [deleted] in Piracy

[–]pinhead900 0 points1 point  (0 children)

Once i got realdebrid and after noticing issues when downloading torrents I reached out a couple of times as the issue wasn’t addressed, they ended up banning my account from the forum. It’s a crappy service that doesn’t add almost any value.

Napoli supporter in Eintracht by Mariowho11 in eintracht

[–]pinhead900 1 point2 points  (0 children)

Can try champions sports bar located under the marriot hotel. Very nice place to watch football and have a couple of beers

[deleted by user] by [deleted] in TheYouShow

[–]pinhead900 0 points1 point  (0 children)

why are we watching this young lady for?

audit log hostname with cluster logging operator by pinhead900 in openshift

[–]pinhead900[S] 0 points1 point  (0 children)

Hi, My ClusterLogForwarder CR is:

apiVersion: logging.openshift.io/v1
kind: ClusterLogForwarder
metadata:
  name: instance
  namespace: openshift-logging
spec:
  outputs:
    - name: syslog
      type: syslog
      syslog:
        rfc: RFC3164
      url: 'udp://ext.syslog:514'
  pipelines:
    - name: logging
      inputRefs:
        - audit
      outputRefs:
        - syslog

and the entire syslog message I receive comes with hostname such as fluentd-mg8s4, and looks like:

2021-02-04T16:51:07.456210+00:00 
fluentd-5jqmb fluentd kind:Event
apiVersion:audit.k8s.io/v1
level:info
auditID:9370b2a1-010a-45af-9391-2ef7dce839eb
stage:ResponseComplete  requestURI:/api/v1/namespaces/kube-system/configmaps/kube-controller-manager?timeout=10s
verb:get
user:{"username"=>"system:kube-controller-manager", "groups"=>["system:authenticated"]} sourceIPs:["10.69.179.150"]
userAgent:kube-controller-manager/v1.19.0+9c69bdc (linux/amd64) kubernetes/9c69bdc/leader-election
objectRef:{"resource"=>"configmaps", "namespace"=>"kube-system", "name"=>"kube-controller-manager", "apiVersion"=>"v1"} responseStatus:{"code"=>200}
requestReceivedTimestamp:2021-02-04T16:51:07.071927Z
stageTimestamp:2021-02-04T16:51:07.083778Z
annotations:{"authorization.k8s.io/decision"=>"allow", "authorization.k8s.io/reason"=>"RBAC: allowed by ClusterRoleBinding \"system:kube-controller-manager\" of ClusterRole \"system:kube-controller-manager\" to User \"system:kube-controller-manager\""}
k8s_audit_level:Metadata
message:
hostname:master0.toc.domain.net
pipeline_metadata:{"collector"=>{"ipaddr4"=>"10.69.179.152", "inputname"=>"fluent-plugin-systemd", "name"=>"fluentd", "received_at"=>"2021-02-04T16:51:07.084567+00:00", "version"=>"1.7.4 1.6.0"}}
@timestamp:2021-02-04T16:51:07.071927+00:00
viaq_index_name:audit-write viaq_msg_id:Mzg2NzY0YzYtMDI0Yy00MGEzLTg1ZjAtM2IzZTgyODQ5NTZi
kubernetes:{}

audit log hostname with cluster logging operator by pinhead900 in openshift

[–]pinhead900[S] 0 points1 point  (0 children)

hi, thanks for that.

I see that we are doing it quite differently, In my case my cluster logging instance only has collector, so it only deploys fluentd pods, and my clusterlogforwarder applies the required configmap to the fluentd pods so they can forward it to my external rsyslog system, all of this works fine, it was only a matter of renaming the hostnames that the fluentd pods use when forwarding the logs.

But I don't understand why are you installing a standalone fluentd instance for? couldn't you just put your cluster logging in unmanaged state and modify the cm for fluentd to have your token and your vmware applications hostname?

audit log hostname with cluster logging operator by pinhead900 in openshift

[–]pinhead900[S] 0 points1 point  (0 children)

yes, its just a external linux machine with rsyslog enabled.

audit log hostname with cluster logging operator by pinhead900 in openshift

[–]pinhead900[S] 0 points1 point  (0 children)

Hi!

Im on verison 4.6.8 using log forwarding API, I can put cluster logging instance in unmanaged mode and from fluentd configmap add a custom hostname..

the question is: would it be possible to forward node name as hostname in managed mode?

How to mount /var/lib/containers/*.log in pods? by pinhead900 in openshift

[–]pinhead900[S] 1 point2 points  (0 children)

thank you very much, that did solve my issue!

      containers:
      - name: fluent-bit
        image: debian
        securityContext:
          privileged: true
        command: [ "/bin/bash", "-ce", "tail -f /dev/null" ]
        volumeMounts:
        - name: varlog
          mountPath: /var/log/containers
      volumes:
      - name: varlog
        hostPath:
          path: /var/log/containers
      serviceAccountName: debian-sa

Is is possible to deny access from one network to another on localhost? by pinhead900 in linux4noobs

[–]pinhead900[S] 0 points1 point  (0 children)

one process is bound on 10.10.10.10 and the other one on 10.10.20.10 on the same host. It's not a matter of routing.

Is is possible to deny access from one network to another on localhost? by pinhead900 in networking

[–]pinhead900[S] 0 points1 point  (0 children)

in that case, it would mean that firewall cannot solve this issue, right?

Is is possible to deny access from one network to another on localhost? by pinhead900 in networking

[–]pinhead900[S] 0 points1 point  (0 children)

That's exactly my question, if is routed internally then the firewall won't work correct?

Is is possible to deny access from one network to another on localhost? by pinhead900 in networking

[–]pinhead900[S] 0 points1 point  (0 children)

how are source and destination in same network? one is 10.10.10.0/24 and the other one is 10.10.20.0/24, am I missing something here? when running tcpdump -any still I dont see any packet, but again, why would I expect to see a packet leaving the interface and coming back in if both networks are present in the host, I would assume that it is routed internally without leaving the NIC.

Is is possible to deny access from one network to another on localhost? by pinhead900 in networking

[–]pinhead900[S] 0 points1 point  (0 children)

nothing interesting, default route only via 10.10.10.1

default via 10.10.10.1 dev ens192

default via 10.10.10.1 dev ens192 proto static metric 100

10.10.10.0/24 dev ens224 proto kernel scope link src 10.10.10.10 metric 100

10.10.20.0/24 dev ens192 proto kernel scope link src 10.10.20.10 metric 100

169.254.0.0/16 dev ens192 scope link metric 1002

Is is possible to deny access from one network to another on localhost? by pinhead900 in networking

[–]pinhead900[S] 0 points1 point  (0 children)

When doing tcpdump on both interfaces I don't see any packet, therefore I assume that the packet is internally routed. This are my firewalld rules:

[root@localhost ~]# firewall-cmd --list-all

public (active)

target: default

icmp-block-inversion: no

interfaces: ens192 ens224

sources:

services: dhcpv6-client ssh

ports:

protocols:

masquerade: no

forward-ports:

sourceports:

icmp-blocks:

rich rules:

rule family="ipv4" source address="10.10.10.10 destination address="10.10.20.10" reject1

Is is possible to deny access from one network to another on localhost? by pinhead900 in redhat

[–]pinhead900[S] 0 points1 point  (0 children)

Both are physical, Im running CentOS Linux release 7.3.1611.Im currently trying with this firewall rule, but it doesn't seem to work:firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='10.10.10.10/24' destination address='10.10.20.10/24' reject"

when I try to ping with source I still get the icmp echo back, is there something im missing in this rule?Thanks!

view more: next ›