Since AWS has replaced ElasticSearch with OpenSearch, some clients have issues connecting to the OpenSearch Service.
To avoid that, we can enable compatibility mode during the cluster creation.
Certain Elasticsearch OSS clients, such as Logstash, check the cluster
version before connecting. Compatibility mode sets OpenSearch to
report its version as 7.10 so that these clients continue to work with
the service.
I'm trying to use CloudFormation to create a cluster using AWS::OpenSearchService::Domain instead of AWS::Elasticsearch::Domain but I can't see a way to enable compatibility mode.
To do this in terraform use the config
resource "aws_elasticsearch_domain" "search" {
domain_name = "search"
advanced_options = {
"override_main_response_version" = "true"
}
}
docs can be found can be found here https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/elasticsearch_domain
The AWS::OpenSearchService::Domain CloudFormation resource has a property called AdvancedOptions.
As per documentation, you should pass override_main_response_version to the advanced options to enable compatibility mode.
Example:
Resources:
OpenSearchServiceDomain:
Type: AWS::OpenSearchService::Domain
Properties:
DomainName: 'test'
EngineVersion: 'OpenSearch_1.0'
AdvancedOptions:
override_main_response_version: true
You can add this in the advanced section tab AdvancedOptions.
Example:
Resources:
OpenSearchServiceDomain:
Type: AWS::OpenSearchService::Domain
Properties:
AdvancedOptions:
override_main_response_version: true
Related
Mongodb driver need connection string by spring.data.mongodb.uri and you can't set it by single properties.
When you call actuator info or env, it show all secrets data for mongodb as username,password, host,...
Exists a workaround to hide specific properties for info in this case spring.data.mongodb.uri ?
Thanks a lot.
Yes, exposing env and info endpoints can be a costly security mistake.
You can either disable the endpoints if not needed or turn on authentication and access control for certain endpoints.
the solution is to use
management:
endpoint:
info:
enabled: true
keys-to-sanitize: # Hide secrets data for cybersecurity
spring.data.mongodb.uri,.*password*.,.*secret.*,.*key.*,.*token.*,.*credentials.*
env:
enabled: true
keys-to-sanitize: # Hide secrets data for cybersecurity
spring.data.mongodb.uri,.*password*.,.*secret.*,.*key.*,.*token.*,.*credentials.*
I have installed a Ceph cluster V15 (Octopus). Following the general setup guide a Grafana Dashboard is installed during bootstrapping the cluster. This is a nice feature.
But the dashboard can be access on port :3000 from anonymous without authentication.
I guess this is because of the configuration of the anonymous mode in /etc/grafana/grafana.ini:
[auth.anonymous]
enabled = true
How can I disable this mode?
There are several 'ceph dashboard' commands available but I can't figure out how to tweek the default grafana.ini file
There's an instance of the grafana.ini file on the grafana host:
/var/lib/ceph/<UUID>/grafana.host1/etc/grafana/grafana.ini
You can edit that file and set the option auth.anonymous.enabled to 'false'
...
[auth.anonymous]
enabled = false
org_name = 'My Org.'
org_role = 'Viewer'
...
restart the container with
# ceph orch restart grafana
now your changes should be applied. You can login now with the default user/password 'admin' / 'admin'
Description:
I've already add the
[message_builder]
json = "org.apache.synapse.commons.json.JsonStreamBuilder"
in the deployment.toml of the Gateway config chart.
But I do not understand the meaning of "maintain the standard builders on the API Dev portal node. "It's from https://apim.docs.wso2.com/en/latest/learn/api-gateway/response-caching/#response-caching
What does it mean and how to make this work?
Suggested Labels:
Response Caching
**Affected Product Version: wso2am-3.1.0
**OS, DB, other environment details and versions: kubernetes centOS mysql
APIM has Default message builders and message formatters.
You need to configure them on devportal node like this.
I am using kubespray for the deployment of a kubernetes cluster and
want to set some API Server parameters for the deployment. In specific I want to configure the authentication via OpenID Connect (e.g set the oidc-issuer-url parameter). I saw that kubespray has some vars to set (https://github.com/kubernetes-sigs/kubespray/blob/master/docs/vars.md), but not the ones I am looking for.
Is there a way to set these parameters via kubespray? I don't want to configure each master manually (e.g by editing the /etc/kubernetes/manifests/kube-apiserver.yaml files).
Thanks for your help
On the bottom of the page you are referring to there is description how to define custom flags for various components of k8s:
kubelet_custom_flags:
- "--eviction-hard=memory.available<100Mi"
- "--eviction-soft-grace-period=memory.available=30s"
- "--eviction-soft=memory.available<300Mi"
The possible vars are:
apiserver_custom_flags
controller_mgr_custom_flags
scheduler_custom_flags
kubelet_custom_flags
kubelet_node_custom_flags
The k8s-cluster.yml file has some parameters which allow to set the OID configuration:
kube_oidc_auth: true
...
kube_oidc_url: https:// ...
kube_oidc_client_id: kubernetes
kube_oidc_ca_file: "{{ kube_cert_dir }}/ca.pem"
kube_oidc_username_claim: sub
kube_oidc_username_prefix: oidc:
kube_oidc_groups_claim: groups
kube_oidc_groups_prefix: oidc:
These parameters are the counter parts to the oidc api server parameters
I created a spring project in AWS codestar.
I would like to pass environment properties to my application (e.g. DATA_SOURCE_URL). I can do it in elastic beanstalk in "Configuration" -> "Software" "modify" and adding the properties. But whenever a new deployment is triggered this configuration gets reseted.
I was wondering what is the way of setting environment properties when using AWS codestar.
As it may help other people that search a solution
I finally get it to work by using the Saved Configuration function in Beanstalk, and calling it via the cloud formation template.yml : EBConfigurationTemplate (from the autogenerated template.yml by codestar)
EBConfigurationTemplate:
[...]
SourceConfiguration:
ApplicationName: !Ref 'EBApplication'
TemplateName: "Saved Configuration Name"
After that my django application was able to read the os.environ['ENV_VAR_NAME']
as well as django.config that was able to connect to an RDS (Non-managed by beanstalk) to do the migration as a container_command