Re: Discovery on EC2 - unicast, separate VPCs, public IPs

2015-02-08 Thread Ivan G 
It will work for sure, I was using this approach on some use cases

The point is that if this server is not going to be running usually, aws
will continue charging you for the elastic ip even if no instance is up in
that IP, but for the cost it is, I think it represents, the elastic ip is
the best option.
That said you can write your own script that register as A record the
current public IP of the instance and avoid use elastic ip's.


--

*Iván González Valiente*

Senior Systems Developer

Tel.  +34  675 962 588





2015-02-08 9:20 GMT+01:00 Norberto Meijome :

> Sure...the interesting point in the OP is the fact both servers are in
> different VPCs - not sure if it should be possible to resolve across vpcs
> ...
> On 08/02/2015 7:04 pm, "Ivan G"  wrote:
>
>>
>> DNS queries inside  vpc are resolved to the internal IP by aws servers.
>>
>> One simple way is to use elastic IP for this computer and then point A
>> register to that IP.
>> El 07/02/2015 23:43, "Eugen Paraschiv"  escribió:
>>
>>> Hi,
>>> I have the following simple EC2 topology:
>>> - a VPC with my entire cluster, running in a public subnet
>>> - a new slave in another VPC (also a public subnet)
>>> - I'm using unicast - the slave has the following config:
>>> discovery.zen.ping.multicast.enabled: false
>>> discovery.zen.ping.unicast.hosts: ["master_elastic_ip:9300"]
>>> So - the slave points to the public IP of the master - not the private
>>> one.
>>>
>>> However - this new slave tries to connect to the master on the private
>>> IP instead of the public one - and I'm getting:
>>> org.elasticsearch.common.netty.channel.ConnectTimeoutException:
>>> connection timed out: /172.61.51.253:9300
>>> Where 172.61.51.253 is the private IP.
>>> Not sure what that is - do I need to configure anything on the slave to
>>> make sure it uses the public IP to reach the master?
>>> Thanks,
>>> Eugen.
>>>
>>> --
>>> You received this message because you are subscribed to the Google
>>> Groups "elasticsearch" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to elasticsearch+unsubscr...@googlegroups.com.
>>> To view this discussion on the web visit
>>> https://groups.google.com/d/msgid/elasticsearch/026f6d30-d496-4905-a5f9-80c6be82669b%40googlegroups.com
>>> <https://groups.google.com/d/msgid/elasticsearch/026f6d30-d496-4905-a5f9-80c6be82669b%40googlegroups.com?utm_medium=email&utm_source=footer>
>>> .
>>> For more options, visit https://groups.google.com/d/optout.
>>>
>>  --
>> You received this message because you are subscribed to the Google Groups
>> "elasticsearch" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to elasticsearch+unsubscr...@googlegroups.com.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/elasticsearch/CA%2BjeyjOO6tU3qEsyf3xcD7QgZD_e-CM_g-oM9%2BRt%2B3LpBWPwUg%40mail.gmail.com
>> <https://groups.google.com/d/msgid/elasticsearch/CA%2BjeyjOO6tU3qEsyf3xcD7QgZD_e-CM_g-oM9%2BRt%2B3LpBWPwUg%40mail.gmail.com?utm_medium=email&utm_source=footer>
>> .
>> For more options, visit https://groups.google.com/d/optout.
>>
>  --
> You received this message because you are subscribed to the Google Groups
> "elasticsearch" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to elasticsearch+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/elasticsearch/CACj2-4LNYv%2BrZZcZOt8rJTU6QcA1qAVdHNJzCutFzWwx%2B32Eew%40mail.gmail.com
> <https://groups.google.com/d/msgid/elasticsearch/CACj2-4LNYv%2BrZZcZOt8rJTU6QcA1qAVdHNJzCutFzWwx%2B32Eew%40mail.gmail.com?utm_medium=email&utm_source=footer>
> .
>
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to elasticsearch+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/elasticsearch/CA%2BjeyjNZn2Auv60V9L-gL%2BzJcJDB4%2Bwb4B%2BTkqX0oXNOADaoew%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: Discovery on EC2 - unicast, separate VPCs, public IPs

2015-02-08 Thread Ivan G 
DNS queries inside  vpc are resolved to the internal IP by aws servers.

One simple way is to use elastic IP for this computer and then point A
register to that IP.
El 07/02/2015 23:43, "Eugen Paraschiv"  escribió:

> Hi,
> I have the following simple EC2 topology:
> - a VPC with my entire cluster, running in a public subnet
> - a new slave in another VPC (also a public subnet)
> - I'm using unicast - the slave has the following config:
> discovery.zen.ping.multicast.enabled: false
> discovery.zen.ping.unicast.hosts: ["master_elastic_ip:9300"]
> So - the slave points to the public IP of the master - not the private
> one.
>
> However - this new slave tries to connect to the master on the private IP
> instead of the public one - and I'm getting:
> org.elasticsearch.common.netty.channel.ConnectTimeoutException: connection
> timed out: /172.61.51.253:9300
> Where 172.61.51.253 is the private IP.
> Not sure what that is - do I need to configure anything on the slave to
> make sure it uses the public IP to reach the master?
> Thanks,
> Eugen.
>
> --
> You received this message because you are subscribed to the Google Groups
> "elasticsearch" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to elasticsearch+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/elasticsearch/026f6d30-d496-4905-a5f9-80c6be82669b%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to elasticsearch+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/elasticsearch/CA%2BjeyjOO6tU3qEsyf3xcD7QgZD_e-CM_g-oM9%2BRt%2B3LpBWPwUg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: ES security measures?

2014-11-27 Thread Ivan G 
I have all my clusters behind the amazon's VPC segurity groups, but this
week we're facing the need to let frontend clients (javascript) to access
the ES indexes.

There is an auth plugins (https://github.com/codelibs/elasticsearch-auth)
which seems insteresting.
It lets to limit the access to data limiting by user, pass, role, protocol
and index (does not mention anything about types).

I've not tested yet, but want to share because maybe is it useful for
someone more.



--

*Iván González Valiente*

Systems programmer



2014-11-27 13:23 GMT+01:00 joergpra...@gmail.com :

> It is no difference to other distributed software.
>
> There are many facets of security.
>
> If you want authorized access, add a system which authenticates users and
> manages roles. Elasticsearch does not do this for you.
>
> If you want others to not read the Elasticsearch data traffic, set up a
> private network http://en.wikipedia.org/wiki/Private_network with your
> own gateway/router plus a reverse proxy for internet access.
>
> If you want to trust in your Elasticsearch cluster and keep others from
> tampering your data, then set up all the hardware and the network
> connection by yourself and lock others out from physical access to the
> facility.
>
> You can wait for the Elasticsearch security extension which has been
> announced.
>
> Jörg
>
>
> On Thu, Nov 27, 2014 at 6:39 AM, Siddharth Trikha <
> siddharthtrik...@gmail.com> wrote:
>
>> I have set up my ELK stack on a single server and tested it on a very
>> small setup to get a hands-down on ELK.
>> I want to use ELK for my system logs analysis.
>>
>> Now, I have been reading about ES that it has no security. Also read
>> something like this:
>> "DO NOT have ES publicly accessible. That's the equivalent of making your
>> Wordpress MySQL database accessible to the world. ES is a REST accessible
>> DB which means that anyone can delete all of your data with access to the
>> endpoint."
>>
>> I am a noob in this. So this means if I put my logs in ES will they be
>> accessible to everyone (which is scary) ??
>>
>> Please guide me with what all security measures must be taken ?? Please
>> suggest some links so that I can ensure security.
>> How to keep my ES cluster private ??
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "elasticsearch" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to elasticsearch+unsubscr...@googlegroups.com.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/elasticsearch/236c0359-46cb-4359-8484-c311fb102db2%40googlegroups.com
>> 
>> .
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>  --
> You received this message because you are subscribed to the Google Groups
> "elasticsearch" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to elasticsearch+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/elasticsearch/CAKdsXoH2D6qpQubeceKoz0N67RFTD9HWW%2BK4Dk1Q7b1%3DUgJzdw%40mail.gmail.com
> 
> .
>
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to elasticsearch+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/elasticsearch/CA%2BjeyjNnJQ3AJPzn6%3Dc8c%2Bd127r%2BeF4NTJM_Zy_DN%2BMW%3D7qW7A%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.