I spent a week trying to set up Safe-guard and Openshift in docker-container and completely torn apart...
I am working at a project where I plan to have clients, who can be given access to only those indices. X-pack, Safe-guard enterprise work perfectly - unfortunately until I get any clients I cannot pay yearly fees of several thousands $.
I tried to setup Safe-guard, turn off enterprise mode and then install openshift-elasticsearch-plugin
If I install them both after many tunings - I got an error that you cannot enable functionality in openshift that already enabled by safeguard.
When I install only openshift-elasticsearch-plugin and set all settings - it says "Failed authentication for null".
Here is the repository https://github.com/SvitlanaShepitsena/Lana
I have a small issue (somehow sleep does not work) so in order to start the cluster you need:
docker-compose up
docker ps
docker exec [container-id] -it /bin/bash
./sgadmin.sh
After 1 week of work I am desperate and beg for help :-).
The openshift-elasticsearch-plugin is designed to add specific features to the openshift logging stack. It, among other things, provides dynamic ACLs for users based on their openshift permissions. I would suggest containerizing an Elasticsearch image and adding the Searchguard plugins directly. Alternatively, versions of Elasticsearch later then the the one the plugin is designed for (2.4.4) are able to utilize XPACK that provides similar security.
Its preinstalled https://hub.docker.com/r/elastic/elasticsearch and can be configured as described https://www.elastic.co/guide/en/elasticsearch/reference/current/docker.html
Related
Using HyperLedger Composer 0.19.1, I can't find a way to undeploy my business network. I don't necessarily want to upgrade to a newer version each time, but rather replacing the one deployed with a fix in the JS code for instance. Any replacement for the undeploy command that existed before?
There is no replacement for the old undeploy command, and in fact it it not really undeploy - merely hiding the old network.
Be aware that everytime you upgrade a network it creates a new Docker Image and Container so you may want to tidy these up periodically. (You could also try to delete the BNA from the Peer servers but these are very small in comparison to the docker images.)
It might not help your situation, but if you are rapidly developing and iterating you could try this in the online Playground or local Playground with the Web profile - this is fast and does not create any new images/containers.
I am trying to do the MSI web deployment with chef. I have about 400 web servers with same configuration. We will do deployment in two slots with 200 servers each.
I will follow below steps for new release,
1) Increase the cookbook version.
2) Upload the cookbook to server.
3) Update the cookbook version to role and run list.
I will do lot of steps from cookbook like install 7 msi, update IIS settings, update web.configure file and add registry entry. Once deployment is done we need to update testing team, so that they can start the testing. My question is how could I ensure deployment is done in all the machines successfully? How could I find if one MSI is not installed in one machine or one web.config file is not updated properly?
My understanding is chef client will run every 30 Mins default, so I have wait for next 30 mins to complete the deployment. Is there any other way with push (I can’t use push job, since chef is removed push job support from chef High Availability servers) like knife chef client from workstation?
It would be fine, If anyone share their experience who is using chef in large scale windows deployment.
Thanks in advance.
I personnaly use rundeck to trigger on demand chef runs.
According to your description, I would use 2 prod env, one for each group where you'll bump the cookbook version limitation for each group separately.
For the reporting, at this scale consider buying a license to get chef-manage and chef-reporting so you'll have a complete overview, next option is to use a handler to report the run status and send a mail if there was an error during the run.
Nothing in here is specific to Windows, so more you are asking how to use Chef in a high-churn environment. I would highly recommend checking out the new Policyfile workflow, we've had a lot of success with it though it has some sharp limitations. I've got a guide up at https://yolover.poise.io/. Another solution on the cookbook/data release side is to move a lot of your tunables (eg. versions of things to deploy) out of the cookbook and in to a little web service somewhere, than have your recipe code read from that to get their tuning data. As for the push vs. pull question, most people end up with a hybrid. As #Tensibai mentioned, RunDeck is a popular push-based option. Usually you still leave background interval runs on a longer cycle time (maybe 1 or 2 hours) to catch config drift and use the push system for more specific deploy tasks. Beyond RunDeck you can also check out Fabric, Capistrano, MCollective, and SaltStack (you can use its remote execution layer without the CM stuffs). Chef also has its own Push Jobs project but I think I can safely say you should avoid it at this point, it never got enough community momentum to really go anywhere.
Now i'm working on RESTfull API on go, using Windows and goclipse.
Testing environemnt consists of few VMs managed by Vagrant. These machines contain nginx, PostgreSQL etc. The app should be deployed into Docker on the separated VM.
There is no problem to deploy app on first time using guide like here: https://blog.golang.org/docker. I've read a lot of information and guides but still totally confused how to automate deploying process and update go app in docker after some changes in code done. On the current stage changes in code done very often, so deploying should be fast.
Could you please advise me with correct way to setup some kind of local CI for such case? What approach will be better?
Thanks a lot.
We're hosting on EC2. I've read this article here for provisioning tentacles. Is there a script which will then tell that provisioned server to grab the latest packages (from the latest release of the environment it's provisioned for)?
Skip actions are step related, however I've just traced the POST request and there's a field SpecificMachineIds - So you CAN deploy to a specific machine.
It feels a bit smelly, but you'd have to get the new Id of the machine from the API, and then use that in your deployment request.
EDIT
A quick google on SpecificMachineIds and I have just come across this which is probably what you need
Octopus Deploy Support Question
I've upgraded to Elasticsearch 1.3.x and by default dynamic scripting is disabled for security reasons. The advice is now to place any used scripts as a file in config/scripts directory. My question is how to integrate this into a multi-user production environment? Each developer needs to have it installed, the circleci needs it, I have to ensure the search cluster connected to Heroku has it. Is there anyway I can integrate this into our git workflow? (Info on the new security setup: http://www.elasticsearch.org/blog/scripting-security/)