1

elasticsearch 8.x configure roles and users for stack monitoring

A lot of changes were made with elasticsearch 8.0 release but the main one that affected me the most was the ability to use the default elastic(superuser role) to access system indices. According to https://www.elastic.co/guide/en/elasticsearch/reference/current/release-highlights.html#_better_protection_for_system_indices we no longer have write access to system indices with the superuser role. When configuring stack monitoring using metricbeats this is an issue if you’ve been just using the elastic user to configure the monitoring. You can add allow_restricted_indices to the role to enable it back however its the lazy and insecure method. I’ve summarized the creation of roles and users for metricbeats and filebeats… Continue Reading

0

How to run setup for various beats(filebeat, metricbeat, & more) in kubernetes to load dashboards and more

Whenever you install beats or update beats its best if you run the setup so that the setup will update your index templates, ILM, visualizations, etc. I found that its always best before installing or upgrading to use a seed host to just run the setup before deploying or updating across your environment and to turn off template updates and dashboard loading on the beats locally so that your elasticsearch cluster is not flooded. In a baremetal environment this is easy to do but in docker and in kubernetes it gets a bit difficult. Sure you can setup a initContainer… Continue Reading

1

ECE(elastic cloud enterprise) snapshot repository using object storage(minio) with self-signed TLS

Just FYI this is a complete rewrite of the previous article. It should be better organized and more closely align with real world situations. We will stand up a minio server with self-signed or internally signed SSL certificate that is not publicly trusted. This guide will work with any s3 compliant object storage not just minio. The certificate that we will create will be for internal use but you can and should create a more secure certificate to be used in your environment. If you have s3 compliant object storage with publicly trusted signed SSL certificate then all you would… Continue Reading

0

Creating a custom CA and certificates with SAN signed by the CA for testing

There are endless guides on the internet that uses endless methods to generate certificates and CA but I have not found one that is simple to use to create a custom CA and CA signed certificate with SAN (Subject Alternative Name) to perform some testing. So I created simple set of steps: Create a ca.key ❯ openssl genrsa -out ca.key 2048 Generating RSA private key, 2048 bit long modulus …………………………………………………………………………….+++ …………….+++ e is 65537 (0x10001) ❯ ls ca.key ❯ cat ca.key —–BEGIN RSA PRIVATE KEY—– MIIEowIBAAKCAQEArTBn8M9NBHmmVKOCcKl75EYZqv2LvNvNQjSJ0YDHLrXt2CpL x3N7IDgriLU4TbFVb13yQCPXESQOOBuzNJMqG8Ca5K56RYNBY6QP5k8z195385Qd QJODgut3A+ACjkWB9iVMHuN+KVXyEcPhl4/UFvYW6+ybvSSmUgfZJ/u3fCh6YaWN 15nVWRI40yDAgvM8EKuPew734ENF1GdSVF+S+m2QhDKR2gn8NkpdvYjKDtKFN2Rh VjREEb3TuQqttZNykkCira93dr3/ILdTGVxOIkXhdESFdiRMZ9dXOUqozQSALGfw cXKY2MlrkN+20F/ojoh3IqZs2gJS05udJOaarQIDAQABAoIBADdnBckmN6gX1lq7 F848mZJzzmBBzcLzuZzVO8VWYeGSd2ywUx+R1LCA54RLHKDV+tOuhQF5taIZG6dd TR2jelP4cFR5cEnubCuY3zE44wfKdiroldcDmY13D9KghZDHsYRxeAFlmwVUJiUC uZcHfrx9quV8AnImWEJjmldNEexYa94tLM+SahbNEG3H6s2hQE+GvshoVp+IoPPg sIVZo7AyEj/Z6sdY67YX92aNHeFr1TvSO/knxAryBW1knui8ZlmpFIroEZ8eR/Cn 1SYIWaJZpzz5pmbKIOWHc2uM7rUJzW3Rm8hFzjOCiUgmmYjQROVvLKFMTtiV6mcl IATnsqECgYEA0pR5fjqdf9NG3C+k8bh/PxKX2MzBmaFMjMdini081l9oN6D1Hjiz Pw3NZ0iVb+pQceeVLss8v/mX/zhkQ0P+rbiz4Lh191few5/uAxhqVJUVbMPjCYMz qxTTK3pcpui4PPM8pfFOBFbuXc4QqUf5HYW6HUq0eWWy86U9cB0W0wUCgYEA0otU r8LlxclOYZkcxqbYe+0/8xxCXaYw5slTbyxlh40wX2vgjmSkeOli8peGfMD07Cfm… Continue Reading

0

Rescuing pods from CrashLoopBackOff

When pods behave badly in your cluster, looping over and over, it is known as CrashLoopBackOff. If the pod contains important data or you just need to edit something on the pod to get it fixed like running some checker on a program installed on the pod or moving things around or whatever the reason is but you need to get into the pod to fix it but there is no way you can just kubectl -n namespace exec -it name bash to it then what do you do? dang you CrashLoopBackOff!! initContainer method Advantage: the pod runs before the… Continue Reading

0

Generate test data using elastic’s makelogs

Updated 5/11/2023 When I am testing for various issues I find that I need to create some test data. The built in sample data is great but sometimes you need to keep ingesting data or ingest some older data to reproduce issues. I found this repo and it was the answers to my issue. I did not want to install this and wanted to containerize it so that I can leave my system clean yet be able to use this and re-use it again. makelogs runs fine as it is however if your ES endpoint is secured with TLS and… Continue Reading

0

ESXi 7.x NutClient to query upsmon on Synology

After my last move I consolidated my home setup and now I am down to one synology for storage and one ESXi 7.x (currently 7.0u2d) host. I do have these two devices connected to a UPS but since UPS only has 1 USB port I needed a way to signal my two devices to power off in case of power outage. I plugged in the USB cable from the UPS to my synology NAS and configured the UPS. In the UI of synology goto Control Panel -> Hardware & Power -> UPS. Click on Enable UPS support and click on… Continue Reading

1

Update ESXi 7.x using esxcli

I run ESXi at home for my VMs. Since I only need and have 1 ESXi host I had no need to install vCenter to manage my ESXi host, however I do want to keep it updated and current. To follow all the updates for ESXi please view VMware KB 2143832 Below are the steps to take to keep your ESXi updated Turn off VMs and put ESXi into maintenance mode Reboot – OPTIONAL – this is an optional step but it never hurts to reboot before upgrading to clear things up. Enable ssh service – you will need to… Continue Reading

0

Install and configure vaultwarden – Migrated to a new server 4 of 4

This is the third section in the 4 part series of migrating my server Install and configure the host machine Install and configure a database and webserver Install and configure a mailserver Install and configure vaultwarden – we are here Tie everything back to 1. for backups, misc, etc Tie everything back to 1. for backups, misc, etc Dockerized vaultwarden I been a bitwarden user for a long time ever since Lastpass changed it policies. I wanted to run my own instance of bitwarden but the setup is a mess and it requires a lot of resources to run. I… Continue Reading